Why potentially the two-person rule makes a lot of sense in some of these very large cavernous data centers because you may have a 400,000, 500,000 square foot data center, and you may be in there by yourself late at night doing work, and then people that are monitoring maybe, 300,000 feet away on the other side of the data center in a secure building environment, a little secure office somewhere, and you're out in the back corner locked in a cage. If there's a fire, and they shoot this gas off into that section of the data center, nobody's getting to you. Nobody is going to come get you in time. Either you're going to put on a breathing mask, or you're going to run away, or you're going to die. So it's very important for you to have somebody with you. Just like when you're scuba diving, or you're out in the ocean swimming or things like that. So if you get into trouble, somebody is going to be there to help you. And that's kind of the two-person rule and why we think about that and why that becomes important. So just reminding us to that, bringing that back and kind of integrating that here. Real smooth how it integrated that and stitched that right into our conversation. So as we think about wrapping up our conversations here and the security operations and administration domain, as we wrap up our conversations, not only in this particular area of our discussion, but overall, throughout the entire breadth and depth of the material in this section, I want to remind you of some of the key themes we've been talking about, some of the key things we've gone through, and obviously just think about how we're going to wrap that up, review and get ready for our next set of conversations. We've been talking a lot about what the mechanisms, what the procedures, the policies and the approaches need to be for you as an SSCP to take on operations in administration from a security standpoint. We've talked about policy, talked about procedure, talked about standards, talked about guidelines, talked about change management, configuration management, availability management, release and deployment management, type out all these different approaches and thought processes, talked about access control, talked about the different mechanisms for access control, talked about confidentiality and integrity models. We've talked about a lot of things and a lot of stuff that you're going to have to keep in mind. We talked about SDLCs. We've talked about making sure that we understand how to not only document but also communicate effectively with security awareness training. These are all themes and ideas that we have to make sure we are thinking about and that we are aware of. And as we wrap up the conversations in this overall domain kind of overview, or wrap up as we continue our conversations here out into other areas, want to look back, want to make sure we think about the fact that as we build knowledge, and as we build the opportunity and the experience to figure out how to operate, how to administer, how to do so securely, we have to follow, not only the best practices, the guidelines, the recommendations that we know make sense, but we have to take on the responsibility as SSCPs. We've talked a little bit about due care and due diligence. We have to take on the responsibility inside the organization of being that voice of reason. We have to make sure that if the organization, if the senior stakeholders, senior leaders in the organization are not thinking clearly about security, are not thinking about the implications of decisions that the business is making, and are potentially opening us up to risk, that we take steps to call that out. We may not be able to change that, and that's okay, but we have to call it out, throw it out there for everybody to see and talk about it, and make sure that people are thinking about it so that maybe that will spur some conversation. Maybe that will spur a difference in approach, in terms of changing direction. Maybe it will spur awareness, and ultimately over time change the direction and the thought process and the approaches that we are using. We have to be willing, in other words. And, indeed, it is our responsibility to make sure that we call out those things that we see that are antithetical, that are the exact opposite of the nature of the systems and the things that we've been talking about. If we allow those to go unchallenged ultimately, we are opening ourselves, and by extension the business, up to all sorts of risks, threats and vulnerabilities that can become very complicated to address, both historically within the flow of just the average everyday things we do, but over time, strategically within the general direction of the business because we may choose to do certain things or not based on decisions that we make every day. And those decisions over time pile up and change direction and change the flow in the thought process that we engage in in the business. As security practitioners, it's our job to focus our direction, our action, our intent on always trying to act honorably, act ethically, as we've talked about, with the code of ethics, but also act responsibly, and act with regard to, not just business alignment, not just awareness of business requirements, but also acknowledgement of common sense and acknowledgement of the most important things that we have to do to ensure safe operation, safe administration of our systems, but also to document ultimately over time what the decisions are we make that may open us up to risk, open us up to concern, and make sure we have a running record of this so that as we revisit them over time, we can choose to perhaps make different decisions and perhaps over time change the direction of the flow of the things that we're engaging in. As we think about wrapping up ultimately and just want to always give you that opportunity to pause, catch your breath a little bit, review what we're doing. Make sure you look back in what is right and take some notes, make sure you've got all those things that you want to get clear in your mind, kind of organized. And once you've done all that, you think you're prepared and you're armored properly to move forward. Then let's go ahead and reconvene. Invite you to come back and join me, and we'll take on our next knowledge area, and begin our discussions in that particular area. And I look forward to seeing you as soon as you're ready.
