Podcasts about business continuity plan

במציאות הישראלית, אירועי קיצון הם לא תרחיש תיאורטי. בתקופות כאלה, ההשפעה ניכרת לא רק ברמה האישית והמשפחתית, אלא גם על הסטארטאפ שאנחנו בונים. לכן השבוע אנחנו חוזרים לפרק חשוב ששודר לראשונה ביוני 2024, והוקלט מיד אחרי מתקפת טילים על ישראל, פרק שמוקדש כולו לתוכנית ההמשכיות העסקית של מאנדיי. תוכנית המשכיות עסקית (Business Continuity Plan – BCP) מבטיחה שלחברה יש דרך ברורה להמשיך לפעול גם תחת לחץ, מול אסונות טבע, מתקפות סייבר - או מלחמה. בפרק דריה ורטהיים משוחחת עם ערן זינמן, Co-Founder ו-Co-CEO במאנדיי, ועם אוריאל וייס, VP Operations, על איך נראתה התוכנית המקורית של מאנדיי מ-2018, איך הקורונה שינתה אותה, ואיך 7 באוקטובר אילץ את החברה לחשוב מחדש על הכל, כולל הקמת חמ״ל עצמאי שיודע להחזיק את החברה באוויר גם בלי תשתיות המדינה. פרק שכל חברה, קטנה כגדולה, תצא ממנו עם חומר למחשבה.See omnystudio.com/listener for privacy information.

In this episode, we're tackling a mission-critical topic that too many mid-market companies overlook—Business Continuity Planning (BCP). Whether you're leading a $50M company or approaching $500M in annual revenue, disruptions can strike without warning—from cyberattacks and natural disasters to supply chain failures and major IT outages.Join us as we break down:What a Business Continuity Plan is (and what it isn't)Why mid-market CEOs must prioritize BCP as part of strategic planningHow to protect your company's operations, people, and reputation in a crisisReal-world examples of business disruptions—and their consequencesA step-by-step framework to start building or refreshing your business continuity plan today.If your company doesn't have a business continuity plan—or if your current plan hasn't been updated or tested—this is your opportunity to build resilience into your business strategy. Need help getting started? Connect with us for a BCP assessment or strategy session.Get connected:Email Brian at brianm@scaleocityworks.comConnect on LinkedIn: https://www.linkedin.com/in/brianmontes/Subscribe, rate, and review the podcast on Apple, Spotify, or wherever you listen. Remember to share this episode with your leadership team—it just might be the conversation that saves your business.

Wednesday 11/20/24

From natural disasters to Wi-Fi outages, a business continuity plan (BCP) is an important tool to keep organizations functioning during difficult situations. In this episode, we cover what BCPs cover and how to set one up so you're prepared when things go wrong. Payroll + HR + Benefits in an all-in-one solution. Request a BerniePortal demo today!https://www.bernieportal.com/get-a-demo/Find us at https://www.bernieportal.com/hr-party...BerniePortal: The all-in-one HRIS that makes building a business & managing its people easy. http://bit.ly/2NEQ5QbWhat is an HRIS?https://www.bernieportal.com/hris/BernieU: Your free one-stop shop for compelling, convenient, and comprehensive HR training and courses that will keep you up-to-date on all things human resources. Approved for SHRM & HRCI recertification credit hours. Enroll today!https://www.bernieportal.com/bernieu/Join the HR Party of One Community!https://hubs.ly/Q02mNML90▬ Episode Resources & Links ▬▬▬▬▬▬▬▬▬▬How Succession Planning Can Simplify Replacement Hiring and Aid Retention

There have been a reported 9,478 publicly disclosed data incidents in 2024 alone, with that amounting to over 35 million known records breached. It has become clear in recent years that information security isn't just a ‘nice to have', it's a necessity to ensure you and your client's data are protected. Which is especially the case for those processing personal and financial data, such as today's guest, Mintago. In this episode, Tom Catnach, Head of Product and Information Security Officer for Mintago, explains their journey towards ISO 27001, the challenges faced and benefits felt from certification to the leading Information Security Standard. You'll learn ·      Who are Mintago? ·      Who is Tom Catnach? ·      What was the main driver behind achieving ISO 27001? ·      What was the biggest ‘gap' identified in the Gap Analysis? ·      What have they learned from the experience? ·      What are the benefits of certification to ISO 27001? ·      What does the threat horizon for information security look like?   Resources ·      Mintago ·      Isologyhub     In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:15] Episode summary: Today we welcome guest Tom Catnach from Mintago to discuss their journey towards ISO 27001 certification. [02:20] Who are Mintago? – Mintago are an employee benefits company, who work with companies to help their employees be financially better off. They do this in a number of ways, including: ·      Finding lost pension pots ·      Help to save money through finding discounts ·      Retirement planning ·      Offering various salary sacrifice products ·      Helping companies to be more financially efficient with pension salary sacrifice or other national insurance savings ·      Helping people to be more financially literate [05:10] Who is Tom Catnach?: Tom has a split role at Mintago, his primary role being Head of Product and secondary being Information Security Officer. Through both roles he looks after all the products and offerings as well as the information security across the business, he was also the driving force behind achieving ISO 27001. Outside of work, Tom likes to travel via motorbike, preferring to stay away from the screens and enjoying the sights. [06:30] What was Mintago's main driver to Implement ISO 27001?: Mintago, and most other businesses by their nature, are required to hold a lot of sensitive data and so have a responsibility to their clients and employees to ensure it's security. Mintago were looking for a robust framework to base their Information Security around, and what better option that the leading Information Security Standard, ISO 27001. ISO 27001 also offers the assessment of general business practice, and allows for growth and scaling. As a start-up, they wanted to have a solid base for policies, training ect to roll out to new hires as they expand. [08:30] Aligning Standards with core values: Trust is one of Mintago's core values and they want to give their clients the assurance that they can be trusted to protect their data. ISO 27001 can be compared to the likes of Bcorp as it's an on-going process. It doesn't just stop at getting the certificate, you have annual surveillance to ensure you are still compliant year on year. [10:15] What was the scope of Mintago's certification?: For the initial implementation, Mintago opted to just scope in Product and Customer Service. This was because all of the sensitive data is handled in those departments and they don't allow access to any other teams, so it made sense to start there with a view to expand the scope after certification. That being said, they still rolled out Information Security training to all staff, and everything has been set-up to allow for an easy business wide roll-out when they're ready. [11:50] How long was Mintago's certification journey?: They started their journey in September 2023, in fact it was Tom's first project with Mintago! Mintago enlisted Blackmores help to implement ISO 27001, and after nine months they have been successfully certified. Tom attributes their ease of implementation to the fact that they are currently a small business, citing that it's an advantage to implement ISO Standards early while your agile so that your management system grows with you.   [14:25] What was the biggest ‘gap' identified at the Gap Analysis?  Mintago are lucky in the fact that they are a new business so are using modern tech, and don't have the burden a larger site or other physical elements such as rack mounted servers. However, policy, procedure and evidence to ensure they were doing the right thing were lacking at the start of their journey. They did have a good 70% in place and that last 30% was mostly down to having the ability to evidence their compliance. There was also some additional work to do to improve existing policies and procedures. One example of this was having a solid Business Continuity Plan in place. [16:35] Did Mintago experience any significant barriers in addressing identified gaps?  Being a smaller business, they were able to adapt a lot quicker than a larger organisation may have been able to. One of the biggest struggles for Tom was getting the necessary technology to aid with Information Security. They needed to show that they had a competent Mobile Device Management Solution (MDM), antivirus and anti-phishing in place. When trying to buy some software solutions, Tom encountered a lot of companies simply not replying to his requests due to Mintago's size. Many organisations sadly prioritize bigger potential clients, and so it took a while to finally get all the required software. [18:45] Engagement is key -  Getting everyone involved with the management system is critically important. Especially with information security as the people most often targeted are frontline workers, so they need to be actively engaged in security. Mintago also has the advantage of being a smaller business, so getting communication out isn't a hardship and resulted in high engagement. This was benefitted from a top-down initiative via their ‘C-Suite'. Tom also states that you can make any necessary training more lighthearted, team based or interactive, as that's something that people would want to engage in.   It's also important to stress that any information security training can be beneficial for personal use too to avoid being a victim of fraud or a scam. It can be something people take away to their family members to ensure they stay safe online. [23:10] Did the adoption of ISO 27001 highlight any issues not already considered by Mintago? -  The biggest thing was how their internal process could be improved. For example, looking at the scenario of ‘what if our back-ups don't work?', ISO 27001 drilled down to ask specifics such as: ·      How do we recover from that scenario? ·      Are we 100% confident in our back-ups? ·      Will they work near instantaneously? ·      What's Mintago's availability like in that scenario? ·      How do we prevent disruption to our clients during that scenario? So, while they did have back-ups they weren't necessarily considering the whole scenario, especially if those back-ups were to fail. ISO 27001 ultimately helped to flesh out existing plans to make a much more robust system. In regards to threat horizons, Mintago do practice OWASP and keep the team informed via e-mail, newsletters and GitHub repositories. [25:00] Internal Auditing – A beneficial tool -  Tom found the internal auditing process to be very beneficial for Mintago, currently they do a few monthly on average. Blackmores assisted with the audits during implementation to ensure they were in the right place for assessment. Of course, the Certification Body audits were a bit more nerve wracking for Stage 1 and 2 as they would determine if they would be certified. Mintago passed their Stage 1 (documentary review) with flying colours, their Stage 2 (evidence checking) highlighted a few non-conformities that were quickly addressed. Following the Stage 2, they were recommended for ISO 27001 certification. [27:20] Minor Non-conformities aren't the end of the line – There's a common misconception that getting a certain number of minor non-conformities during a Stage 2 assessment means you can't be certified, but that's simply not true! If an Assessor is comfortable that you are in a good position for certification, they will recommend you. ISO Standards are all about continual Improvement, which is something Mintago are embracing as they continue to address issues raised at audits. [29:00] Benefits of ISO 27001 certification – Benefits Mintago are already experiencing include: Internal Stakeholders – The Team worked hard to achieve the Standard and have embraced it's core qualities to the benefit of their own Information Security practices. Positive Market Response – Much larger clients who are also ISO 27001 certified now have a mutual understanding of each other's commitment to information security. Gaining certification early – As a start-up, Mintago are agile and will be able to develop and mature their ISMS (Information Security Management System) as they grow. [31:10] Any concerns on the threat horizon?:  As the Information Security Officer, Tom is concerned about new emerging trends in AI led scams. They're going to be a lot more sophisticated and harder to spot and deal with. Thankfully, even if they are impacted, it will be rather isolated. Tom raises concerns for vital services such as Air Traffic Control which could have dire consequences if they were to be affected by a data incident. However, with ISO 27001 Mintago are in a good place to keep on-top of their threat horizon and have the processes in place to mitigate potential incidents and continually improve their own security. [34:30] In Summary: Mintago are a shining example of gaining certification for the right reasons. It's not just about getting a badge, they have truly embraced a culture of continual improvement and are utilising ISO 27001 to ensure they have a robust information security management system in place. If you would like to learn more about Mintago and their financial services, check out their website.   We'd love to hear your views and comments about the ISO Show, here's how: ●     Share the ISO Show on Twitter or Linkedin ●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one. Subscribe to keep up-to-date with our latest episodes: Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List

In this special end of summer episode, I sat down with Tyler Adams to talk about being in the trenches during the recent Crowdstrike incident and other interesting stories from the crazy summer. Tyler is an Information Security Analyst for Corewell Health. He works on the Security Business Engagement Team.Talking Points:What was it like being in the trenches during the Crowdstrike incidentHow having a Business Continuity Plan comes in playWhat was the most surprising about the incident?What challenges are stemming from what the business is working on?Getting the business to understand the value of Multi-Factor AuthenticationData 'Cleanliness' is becoming more important

Join me as I talk with renown Crisis Management, Business Continuity, and Resilience expert, Regina Phelps. We talk about the recent Microsoft/CrowdStrike outage that has - and continues to - cripple many organizations and institutions. During our chat we talk about: 1. The outage, 2. Timelines, 3. Who is to blame? 4. The impacts, 5. When is enough, enough? 6. Testing and complacency, 7. What do you do when you have nothing? 8. What's in the Business Continuity Plan? 9. Asking hard questions, 10. How do you deal with data loss? 11. Verifying data integrity...and more. Regina shares what we know about the CrowdStrike outage and some great questions we need to ask ourselves when we find our organizations impacted by such events. You don't want to miss Regina's insights. Enjoy!

Last week, the stock market remained relatively flat despite positive economic signals from FedEx and an expected inflation report. Consumer discretionary spending showed signs of weakness, suggesting potential Fed rate cuts in 2024, though the timing could be influenced by the upcoming election. Energy and Banking sectors outperformed following the debate, while Clean Energy and Cannabis sectors declined. This week, market attention will focus on the employment outlook with key jobs reports, potentially causing volatility due to holiday trading conditions. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week saw a significant trading volume spike due to Friday's “triple witching” event and annual index rebalancing, with $5.5 trillion in options expiring. The S&P 500 advanced 0.6%, setting its 31st record high of 2024, despite modest profit-taking in tech stocks which left the Nasdaq Composite unchanged. Economic indicators painted a picture of a steady but slowing economy, highlighted by soft retail sales, existing home sales, and the Purchasing Managers Index. Notably, a dovish shift in Fed rhetoric emerged, with officials like Neel Kashkari and Adriana Kugler pointing to easing inflation and economic slowdown. This dovish drift aligns with similar moves by foreign central banks, which have either achieved their inflation targets or started easing policies. Looking ahead, the financial markets are keenly anticipating Friday's PCE price index release, a critical inflation gauge favored by the Fed, with expectations of a 2.6% year-over-year increase. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week, mega-cap momentum stocks concealed broader market weakness, with hawkish Federal Reserve comments and disappointing Salesforce results driving declines. However, the week ended positively as the PCE Price Index aligned with a downward inflation trend, although the S&P 500 broke its five-week winning streak. This week, the focus shifts to Friday's May jobs report, the final one before the Federal Reserve's June meeting. Debate continues over potential rate cuts, but resilient economic indicators suggest the Fed may hold rates steady, while the stock market remains capable of performing well without cuts. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week, the S&P 500 extended its rally despite underlying weaknesses across most equity sectors, with notable strength only in mega-cap technology stocks like Nvidia. The broader market saw more declining than advancing issues, with the Dow Jones and small/mid-cap indexes falling while the Nasdaq gained due to strong Nvidia earnings. Hawkish Federal Reserve comments and signs of a slowing economy, evident from major retailer earnings and consumer sentiment data, contributed to the market's mixed performance. This week, attention turns to the personal consumption expenditures price index, with expectations of a modest consumer confidence decline and potential Fed rate hike discussions. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week's market rebound continued for the third consecutive week, nearly recovering April's losses, buoyed by optimistic earnings reports and expectations of 2024 Fed interest rate cuts. Despite some lagging earnings from capital equipment companies, overall composite growth for the first quarter increased, with every industry sector finishing positively. This week, focus shifts to key economic releases, particularly U.S. retail sales and the consumer price index (CPI), alongside earnings reports from major retailers like Walmart and Home Depot. Market activity will likely hinge on any variance from the consensus estimate of a 3.4% rise in the CPI for April, impacting both stock and bond trading. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week, Wall Street saw a positive turn with strong earnings reports, a slightly dovish tone from the Federal Reserve, and softer job data leading to a rally in equity markets. Despite lower-than-expected job gains and a slight increase in unemployment, the overall economic sentiment remained steady, potentially paving the way for lower interest rates. Earnings season continued with notable reports from Amazon and Apple, contributing to a positive market outlook. Looking ahead, with more S&P 500 companies reporting earnings and Fed officials resuming discussions amidst softer economic indicators, market sentiment may fluctuate but could improve over the summer if inflation remains controlled. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week, the market saw a minor pullback rather than a significant correction, with gains in major indices like the S&P 500 and Nasdaq Composite. Small and mid-cap sectors lagged behind due to concerns about economic challenges and interest rate hikes. Economic data hinted at lower-than-expected GDP growth and higher inflation, leading to discussions of potential stagflation. This week, investors are eyeing the Federal Reserve meeting, April jobs report, and corporate earnings, particularly from tech giants like Apple and Amazon. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

On today's episode we are talking about how not having a strong business continuity plan might be killing your company.Patrick Hardy helps individuals and organizations prevent disruptions from ever becoming a disaster. Drawing on his world-class expertise in disaster preparedness & response, he distills memorable lessons audiences can use to break the Crisis Creation Chain and transform every disruption into an opportunity for learning.Episode Highlights:Importance of Disaster Recovery and Business Continuity: Emphasizes the critical nature of disaster recovery and business continuity planning, highlighting the risk of business closure without a solid plan, as demonstrated by the study following the 1993 World Trade Center bombings.Employee Empowerment and Communication: Effective disaster recovery plans involve empowering employees and maintaining clear communication channels. Employees need to understand their roles and responsibilities in times of crisis to ensure a smooth recovery process.Adaptation and Engagement: It's not just about having a plan on paper; it's about understanding the needs and dynamics of the people who will execute it, whether they're oyster fishermen in Alabama or tech workers in Silicon Valley.Insurance Company Ambiguity: Insurance companies may officially claim to be agnostic regarding whether businesses should resume operations or accept payouts after a disaster. However, there might be internal considerations where companies prefer not to insure certain high-risk areas, especially prone to natural disasters like flooding, hurricanes, or wildfires.Understanding Insurance Policies: Business owners need to thoroughly understand their insurance policies, including coverage limitations and exceptions. Misunderstandings often arise when policies are not carefully reviewed, leading to denied claims, particularly in cases like pandemics or cyber attacks where specific provisions may be required for coverage.Empowerment and Decision-Making: In disaster scenarios, clear lines of authority are crucial. Businesses must empower employees at all levels to make informed judgment calls during emergencies, especially when management or key decision-makers are unavailable. Top 3 Takeaways for the Audience:Disaster preparedness can be empowering and strengthen you in the long run, rather than just doom and gloom.When creating a disaster plan, focus on empowering those around you, whether it's for your family, pets, or business.Dependency on other institutions can exacerbate disasters. Always have backup plans and diversify your resources to ensure true resilience and emerge stronger after the crisis.How to Connect with Patrick:Website: https://disasterpatrick.com/LinkedIn: https://www.linkedin.com/in/disasterpatrick/

Last week, the stock market faced significant pressure, with the S&P 500 extending its losing streak to six days, leading to its worst weekly performance in over a year and entering correction territory. Geopolitical concerns and disappointing earnings, particularly in the Tech and Health Care sectors, contributed to the downturn. However, the Financials sector saw positive earnings growth, with banking stocks like Bank of America and JPMorgan Chase showing promise. This week, attention turns to earnings reports from major companies like Meta Platforms, Microsoft, and Alphabet, alongside economic data releases such as the personal consumption expenditure price index, which could influence market movements amid inflation concerns. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Last week, amidst Wall Street's worst performance since October, gold emerged as a refuge, historically attracting investors during crises. The market downturn stemmed from a hotter-than-expected CPI report and geopolitical tensions, compounded by cautionary remarks from JPMorgan's CEO. Equities plummeted across sectors, while bond yields surged, reflecting market uncertainty. Despite positive earnings, concerns lingered about economic downturn risks, geopolitical unrest, and Federal Reserve policies. This week, earnings season intensifies with notable companies reporting, alongside key economic data releases and continued geopolitical scrutiny post-Iran's attack on Israel. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Investors faced a challenging start in April, marked by market declines driven by strong economic data and Fed's stance on interest rates. Energy price spikes and bond market turbulence added to inflation concerns. Despite positive economic indicators, expectations for Fed rate cuts in June diminished, impacting market performance negatively, with small caps hit hardest. Looking ahead, upcoming earnings reports and CPI data release will influence market sentiment and Fed's policy decisions. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

In March, Wall Street witnessed a bullish run with record highs in the S&P 500, supported by small and mid-cap stock outperformance, marking a strong end to the first quarter. Investors are encouraged to consider small-cap allocations due to potential benefits from Fed rate cuts, driving lower yields and higher stock prices. Additionally, U.S. consumer sentiment rose unexpectedly in March, while inflation remained in check. Looking ahead, focus remains on the BLS jobs report for March, with expectations of moderate job additions, and stable estimates for S&P 500 earnings growth during the upcoming earnings season. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Investors celebrated as the market rebounded strongly, led by Nvidia's optimistic forecast and the Federal Reserve's indication of maintaining interest rates. The S&P 500 surged by 2.3%, its best performance of the year, with other indices also posting significant gains. Treasury yields dipped, while the dollar strengthened, and commodities markets remained stable. Fed Chairman Jerome Powell's comments on the need for interest rate cuts to align with real interest rates were echoed, suggesting potential positive effects on stock prices, particularly for small-cap companies. Looking ahead, the focus will stay on monetary policy, with key economic data releases and Powell's participation in a Fed conference at the end of the week, while the college basketball championship also garners attention. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity. Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2 Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9 Chapters 00:00 Introduction 01:44 Discussion on Software Supply Chain Security 02:33 Insights into Secure Development Life Cycle 03:20 Understanding the Importance of Supplier Landscape 05:09 The Role of Security in Software Supply Chain 07:29 The Impact of Vulnerabilities in Software Supply Chain 09:06 The Importance of Secure Software Development Life Cycle 14:13 The Role of Frameworks and Standards in Software Supply Chain Security 17:39 Understanding the Importance of Business Continuity Plan 20:53 The Importance of Security in Agile Development 24:01 Understanding OWASP and Secure Coding 24:20 The Importance of API Security 24:50 The Concept of Shift Left in Software Development 25:20 The Role of Culture in Software Development 25:52 Exploring Different Source Code Types 26:19 The Rise of Low Code, No Code Platforms 28:53 The Potential Risks of Generative AI Source Code 34:24 Understanding Software Bill of Materials (SBOM) 41:07 The Challenge of Spotting Counterfeit Software 41:36 The Importance of Integrity Checks in Software Development 45:45 Closing Thoughts and the Importance of Cybersecurity Awareness

March came in like a bull for the stock market, with the S&P 500 and Nasdaq reaching record highs fueled by tech stocks and consumer-related issues, driven partly by declining Treasury yields and better-than-expected corporate earnings. Despite troubles at New York Community Bancorp, the regional bank index remained steady. Small caps led the market during the week, with the Russell 2000 surging 2.9%, while trading volume was heavy and advancing issues outnumbered declining ones. Looking ahead, upcoming earnings reports from companies like Target, Kroger, and Costco will offer insight into the health of the U.S. consumer, and the BLS jobs report for February may provide further indicators for the Federal Reserve's rate decisions. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900

Nvidia's impressive quarterly earnings and robust guidance led to record highs in major indices, driven by "insatiable demand" for its AI chips, briefly pushing the company's valuation above $2 trillion. Despite concerns from the last FOMC meeting minutes, tech stocks surged while the Russell 2000 declined. The economic calendar highlights include data on new home sales and durable orders, with focus on the core PCE number for potential impact on 2024 interest rate cuts. Additionally, the blog discusses upcoming corporate earnings reports and the historical changes in the Dow Jones Industrial Index, signaling Amazon's inclusion and Walgreens Boots Alliance's exclusion. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900

Inflation data exceeding expectations led to a modest market sell-off, particularly affecting small caps, but bargain hunters stepped in mid-week. Concerns over Federal Reserve interest rate cuts resurfaced after the CPI and PPI reports, reducing odds of a March cut from 63% to 11%. Despite market turbulence, the Russell 2000 ended the week positively, showing resilience. Earnings season continues with notable beats, while attention shifts to upcoming reports from companies like Walmart and NVIDIA, alongside the release of FOMC meeting minutes mid-week. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900

Market participants received encouraging inflation data after the U.S. Bureau of Labor Statistics revised the Consumer Price Index, showing a 0.2% rise in core consumer prices for December. This, along with a resilient economy and strong earnings season, fueled a market rally with major averages marking their fifth consecutive weekly gains. Earnings season continued to surprise positively, with the S&P 500 reporting higher earnings growth for the fourth quarter, especially in sectors like Financials and Industrials. Looking ahead, as earnings growth is expected to accelerate in 2024, upcoming economic releases, including inflation and retail sales reports, could influence interest rate decisions and potentially benefit small caps disproportionately. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900

Corporate earnings and U.S. economic data brought positive news, offset by moderately hawkish comments from Federal Reserve Chairman Powell. Strong performances in Health Care, Information Technology, Energy, Consumer Discretionary, and Communication sectors led to a rise in S&P 500 composite earnings. Meta Platforms Inc, Apple Inc, Microsoft Corp, and Amazon.com Inc were among the standout companies with positive earnings. The Federal Reserve maintained unchanged interest rates, signaling progress in inflation reduction but delaying rate cuts until at least May. Despite initial market fluctuations, the week ended with record-setting highs for the S&P 500. Additionally, North Star expresses optimism for consistently lower interest rates and improved stock prices in small caps in 2024. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900

Investor optimism soared as positive economic data, including a 3.3% growth in the U.S. GDP for Q4 2023, exceeded the expected 2% gain. The core PCE price index rose 0.2% in December, signaling a strong economy with moderate inflation. The S&P 500, Nasdaq Composite, and Russell 2000 all posted gains, with Oil & Gas stocks leading the way. Notable Q4 2023 earnings growth contributors in the S&P 500 were NVIDIA, Amazon.com, Meta Platforms, Alphabet, Microsoft, and Apple, collectively expected to deliver a 53.7% surge, while excluding them indicated a -10.5% decline for the remaining 494 companies. The blog also highlighted the success of the Chicago Maroons in college basketball and anticipated lively market action with the Federal Reserve meeting and earnings reports from major companies, including Apple, Amazon, Microsoft, Alphabet, and Advanced Micro Devices. The energy sector, particularly Exxon Mobil and Chevron, faces challenges with a forecasted 30%+ earnings decline due to lower oil prices. Boeing, dealing with grounded planes and stock prices, is also set to report earnings. The Federal Reserve is expected to keep interest rates steady, but Chairman Powell's comments will be closely scrutinized for hints of potential rate cuts. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

This episode discusses the perplexing contrast between a robust economy and persistently low consumer sentiment over the past 18 months. Recently, the University of Michigan Consumer Sentiment Index showed a significant 13% increase in the first half of January, marking a 29% surge since November – the most substantial two-month rise since 1991. The positive shift is attributed to a decline in gas prices, with the correlation between fuel costs and consumer sentiment highlighted. Investors experienced a positive turn, leading to a 1.2% rise in the S&P 500 and a 2.3% jump in the Nasdaq Composite, reversing losses earlier in the week. The earnings season commenced with a weak start, but expectations are for an improving narrative as more companies release results. Economic focus includes the preliminary Q4 GDP reading in the U.S. and global flash PMIs. The blog also mentions upcoming monetary policy statements and interest rate decisions from major central banks, along with a blackout period for Federal Reserve members ahead of the next FOMC meeting. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

In the past week, stocks saw a modest increase due to lower bond yields driven by tame inflation reports, boosting investor confidence in potential Fed interest rate cuts. The Producer Price Index (PPI) fell 0.1% in December, primarily driven by reduced costs for goods like diesel fuel and food. While the Consumer Price Index (CPI) showed a 0.3% monthly increase, concerns arise about potential overstatement, especially in the "owners' equivalent rent" component. Despite a tepid start to earnings season, major banks reported mixed results, with trends indicating rising credit card delinquencies and commercial real estate losses. Geopolitical tensions and a more hawkish tone from central bankers are dampening investor enthusiasm at the beginning of the week, with attention turning to the Energy sector amid Middle East unrest. The economic calendar for the upcoming week includes retail sales and consumer sentiment reports, supporting a slow and steady narrative. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Investors experienced a post-holiday market correction as the S&P 500 fell 1.5%, Nasdaq Composite dropped 3.2%, and Russell 2000 sank 3.8%. Tech sector woes were exacerbated by Apple's analyst downgrades. The bond market mirrored this trend with the 10-year Treasury yield surging 17 basis points to 4.03%. Despite positive job additions in December, downward revisions and concerns over wage increases hinted at a more nuanced economic picture. Looking ahead, the December CPI report and earnings season will be crucial, while potential government shutdowns and geopolitical tensions add a note of dissonance to an otherwise positive economic outlook for 2024. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Post-Christmas, the S&P 500 rose 0.3%, Nasdaq gained 0.1%, and Russell 2000 slipped 0.3% with a continuing Santa Claus rally. Despite modest gains and lower trading volume, most sectors ended positively, except for Oil & Gas. The 10-year Treasury yield settled at 3.87%, echoing the year's start, following the Federal Reserve's shift in late 2023. North Star plans to challenge emerging consensus views in 2024, expressing confidence in quarterback Justin Fields for the Chicago Bears amidst a Goldilocks economic theme. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Latest economic indicators from the Labor Department reveal a return to normalcy, with U.S. job openings hitting a 2-1/2-year low and a ratio of 1.34 vacancies per unemployed person in October. November saw 199,000 job additions, reducing the unemployment rate to 3.7% and mitigating wage inflation as resignations decrease. Equity markets responded positively, marking the sixth consecutive week of gains. The bond market remained stable, while economic data from China hinted at deepening deflation. The upcoming week includes key events like the Bureau of Labor Statistics consumer price index report and the Federal Reserve's expected decision to maintain interest rates. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

This Thanksgiving-themed blog expresses gratitude for clients and optimism about a stable economic environment. The post highlights a three-week stock market rally driven by declining Treasury yields and underscores the importance of surprisingly low U.S. inflation data. It anticipates a potential shift in the Fed's approach, with the futures market suggesting a move towards rate cuts in early 2024. The blog emphasizes the strength in third-quarter corporate earnings and a favorable Goldilocks scenario, especially benefiting small-cap stocks. The post concludes with insights into upcoming financial market events during the holiday-shortened week, making it a valuable read for those interested in market trends and economic outlooks. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

This week's podcast breaks down how the financial markets have been influenced by factors such as the COVID-19 pandemic, geopolitical tensions, and the Federal Reserve's fluctuating monetary policy. Recent trends in short-term trading were marked by the seesaw effect of the Fed's decisions, causing volatility in stock and bond markets. Despite a strong week for equities, with gains in the Nasdaq Composite and S&P 500, the Russell 2000 and the Oil & Gas sector experienced declines. Challenges in the bond market, highlighted by a poorly received 30-year Treasury bond auction, add uncertainty to the overall financial landscape. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

This podcast episode discusses the recent market correction, with the S&P 500 dropping 10% from its 52-week high, led by losses in various sectors. Despite strong earnings results, concerns arise regarding personal spending relying on savings, and the potential for accelerating earnings growth remains a bullish case for equities. Rising gold prices are attributed to geopolitical turmoil and an increase in U.S. Treasury debt offerings. The post anticipates a volatile week ahead with a focus on the Federal Reserve's policy, employment data, and corporate earnings, all while acknowledging the ongoing impact of global geopolitical events on investor sentiment. The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

The information provided in this commentary is not an offer to sell or the solicitation of an offer to purchase any security, product, or brokerage service. The information is not intended to be used as the basis for investment decisions, nor should the information be construed as advice designed to meet the particular needs of any investor. This commentary is presented to illustrate examples of the securities that North Star Investment Management Corporation and/or its affiliates ("North Star") may have bought for client accounts and the diversity of markets in which North Star Investments may invest, and may not be representative of current or future investments. You should not assume that the future performance of any specific investment, investment strategy, or product made reference to directly or indirectly in this commentary will be profitable or will be equal to any corresponding performance levels that might be indicated. Past performance is no guarantee of future results. Investments in securities involve risks including the possible loss of the principal invested. North Star and others associated with it, including employees, may have positions in and effect transactions in securities of companies mentioned or indirectly referenced in this commentary. North Star may buy, sell or hold these securities in proprietary or client accounts. North Star will not be providing regular updates or advising you of any changes in the views expressed herein. Investors should consider their investment objectives, risk tolerance, and financial situation and needs before investing in any security. Tax considerations, commissions, fees and other costs should be carefully evaluated with one's investment and/or tax advisors. Information provided is obtained from sources deemed to be reliable, but North Star cannot guarantee the accuracy or completeness of the information. This material may not be reproduced, distributed or transmitted to any other person in whole or in part without the prior written consent of North Star. A copy of North Star Investment Management Corporation's Form ADV Brochure, Privacy Notice and Business Continuity Plan summary can be obtained by calling 312-580-0900.

Jess Dodson, Senior Cloud Solution Architect at Microsoft, joins Corey on Screaming in the Cloud to discuss all things security. Corey and Jess discuss the phenomenon of companies that only care about security when reacting to a breach, and Jess highlights how important it is to have both a reactive and a proactive approach to security. Jess also shares her thoughts on why it's valuable to get security and operations working well together, and why getting the basics right in security is still a more pressing priority than solving for level 10 security threats. Jess and Corey also reveal best practices when it comes to monitoring and revoking admin rights and much more. About JessChances are if you've run into “GirlGerms” online, you've spoken to Jess! Based in Brisbane, Jess joined Microsoft in 2019 and is now a Senior Cloud Solution in Cyber Security, after working in a mixture of both government and higher education industries for over 15 years. Jess regards herself as a 'recovering systems administrator' and still wears her operations hat when looking at security - doing REAL SecOps!Outside of work, Jess is mum to a 5 year old daughter, a cat, 4 chickens and a hive of bees. In her downtime, she spends far too many hours building Lego, playing video games or doing random crafty projects.Links Referenced: Twitter: https://twitter.com/girlgerms Mastodon:https://infosec.exchange/@girlgerms DevNxt: https://devnxt.nz/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Do you wish your developers had less permanent access to AWS? Has the complexity of Amazon's reference architecture for temporary elevated access caused you to sob uncontrollably? With Sym, you can protect your cloud infrastructure with customizable, just-in-time access workflows that can be setup in minutes. By automating the access request lifecycle, Sym helps you reduce the scope of default access while keeping your developers moving quickly. Say goodbye to your cloud access woes with Sym. Go to symops.com/corey to learn more. That's S-Y-M-O-P-S.com/coreyCorey: Welcome to Screaming in the Cloud. I'm Corey Quinn. My guest today is Jess Dodson, who's a Senior Cloud Solution Architect at Microsoft. Jess, thank you for joining me. We have been passing like ships in the night on social media for years now. It is so good to finally talk to you.Jess: Lovely to talk to you in person. Thank you for inviting me on.Corey: Well, to be clear, we're talking remotely when we record this. You are presumably Australian, and I'm still operating from a somewhat American-centric viewpoint that more or less everything in Australia is deeply poisonous.Jess: Yeah, that includes me. Yes. So, I am in Australia at the moment. I believe it is the ninth of March for you. It is the 10th of March for me [laugh].Corey: Yes, some of us are living in the future.Jess: The future. So yes, it's about seven o'clock in the morning for me, which is fabulous. I'm awake, I'm awake.Corey: So, let's talk about security. It seems to be top-of-mind and everyone's talking about it. Unfortunately, it seems that they're usually talking about it in the form of an email that starts with, “Your security is extremely important to us,” and then transitions into, “Here's how we dropped the ball on it.” I was once told by an analyst client of mine that I was the only analyst who ever told them that companies don't care about security. Like, “No one says that. Why is that?” And my answer was, “Well, no one will say it out loud, but I ignore what people say, I pay attention to what they do, and where they spend the money, and it is clearly not a priority.”And I would argue that in some ways, that's okay, depending upon context and who you are, and what you do. And in other cases, it is the exact opposite of okay; it is an unmitigated disaster for everyone, just waiting to happen. How do you feel about security?Jess: A very loaded question.Corey: Isn't it though?Jess: [laugh]. [crosstalk 00:02:20]—Corey: “I don't care,” is probably not going to be your answer on this one, I'm just going to assume, but let's go.Jess: No. Don't—well, considering my title, I would hope not, considering the work that I do.Corey: You have words in your title, but none of them are, “Cares about,” so we're good.Jess: That's true. That's true. I do care about security and that's my job. I do agree that organizations probably don't care about security until they do care about security, and by that point, it's probably too late. And that's the issue that we're facing. It's that proactive versus reactive. Reactive is great. Reactive is wonderful. But unless you're doing the proactive and spending the money on the proactive, the reactive is just constantly going to be fighting fires.Corey: It's two classes of problems. My world of cost optimization absolutely is in this world as well. Security is buying fire insurance in case the building burns down. These are all things you should probably do, but you can spend infinite money and effort and time and all of those things and it doesn't get you one iota closer to your business goals, whereas speeding time-to-market, launching into new markets, and being able to ship faster, that is transformative that gets you to your next business milestone. So, companies will overwhelmingly bias towards investing in that and not the other stuff until they're caught flat-footed.Jess: And I'm sure that's wonderful, but my issue when I come in as a security person to an organization is, what if something goes wrong and it's no longer—and I hate using buzzwords, but—when we're thinking about zero trust, one of the principles around zero trust is assuming breach, which is, it's not a matter of if but when, and it's not a matter of when but it's happening right now. Because as blue teamers, which is what I think of myself am, we have to plug all of the holes, we've got to try and patch all of the defenses, we've got to be the ones who are blocking out every attempt. An attacker only has to succeed once. And so, the way that we see it is there is going to be something in your environment, so what are you doing to make sure that that is contained as much as possible? And that's proactive work and that's something I don't think you can skimp on.Corey: It is. And it's defense-in-depth. You can also turn it into business value if you're clever enough. For example, whenever a cloud provider releases a new service that I can't figure out how to configure all I do is, I wind up scoping a security role to just that service and then leaking credentials online. I wait, you know, 20 minutes for someone to exploit it and then configure the thing, presumably to mine Bitcoin. Great. Then I turn off the Bitcoin stuff and I take the config that they've built and there we go. It's how we outsource intelligently on a budget. Uh, professional advice: please don't do that.Jess: [laugh]. I was going to say, that's certainly a unique way of configuring services in the cloud. I'm not sure I would recommend it for everyone, but for you, I can totally see that working [laugh].Corey: Yeah, I learned it from my buddy. He works at a bank. What of it? Yeah, it doesn't go well.Jess: [laugh]. When it comes to all of the stuff—and I think that's probably one of the big issues that we have with the cloud, and I love the fact that the title of this is Screaming in the Cloud because we're looking at all of the stuff that keeps coming out, everything is changing so quickly, how do you secure it when you don't know from one week to the next what new services are going to be included, what changes are going to be made to the services that you are already currently using? How do you keep up to date with that? And I think that is what leads to security being seen as ‘the no people,' which I hate. Security shouldn't be ‘no.' Security should be ‘yes, but.'It also leads to, hopefully, our operations teams being a little bit more on the ball when it comes to that security. Because if they're the ones who are looking at putting these new services or new productivity features in place, they should be vetting them from a security perspective as well. I say should. Maybe not necessarily actually happening and that's a bridge we kind of need to cross at the moment.Corey: A couple of years ago, I looked around the ecosystem, trying to find a weekly AWS-centric security newsletter, and there are some great ones now, don't get me wrong. And some of them might have existed at the time, but I didn't trip over them for one reason or another. And they tended to all fall into two buckets. Either they were security people talking to security people with a bunch of acronyms that I wasn't tracking because I don't eat, sleep, and breathe security most days, and/or they were vendor-captured and everything was, “See how terrible it is. That's why you should buy our widget.” And it almost doesn't matter who the vendor is.So, I started a Thursday issue of the newsletter that I write just for the news that is security-centric for people who don't have the word security in their job title. So, all the DevOps people of the world, the folks who are building applications, the folks who do have to care about this, but they don't have time to filter through all of the noise that everyone's putting out, and what is the stuff I should actually be paying attention to this week? And that seems to have struck a nerve, on some level. The thing I'm continually testing and being pleasantly slash unpleasantly surprised about is that I'm rarely the only person who has a particular problem.Jess: And you're definitely not in that regard. And I think when we look at security and how security is marketed, it is very pushed towards CISOs and security analysts and security operations. I, most of my life, and I still regard myself as, a recovering systems administrator. I'm a sysadmin, at heart, so I come from an operations background. The work that I've done in operations is what feeds the work that I do in security because I knew how worked, I helped build those systems.And I don't see it purely through a security lens; I see it through an operations lens. Security is useless without some form of usability. And I constantly talk about the line that divides security and usability, and where that line gets drawn. And for each organization, it's going to be different depending on their risk, depending on their business profile, what they're actually doing, how big their teams are. And we've got to make sure that we get that line right.And that means getting your operations teams involved because they know how their stuff has to work. They know what they need to be able to make the business run. So, security can't just be constantly saying, “No, you can't do that.” We have to be working with operations teams, and in some cases, taking our lead from operations teams because at the end of the day, they know this stuff better than we do. So, it's us providing advice and then providing their expertise for us to come together to a joint agreement on how to secure the thing. And I don't think that's being done at the moment. I call it the operations sandpit. Everyone needs to play nicely in the sandpit. No one should be fighting over toys. Everyone should be playing with each other with no arguments. We're not there yet.Corey: When I read a lot of security researchers and the stuff that they're focusing on in stupendous depth, or I walk around expo halls at security conferences, making fun of the various vendors there, it seems like so many of them are talking about these incredibly intricate in-depth defenses against attacks that seem relatively esoteric. And then I fly home from the security conference that I'm at and I happened, in the airport lounge, see their CEO who's yelling into a phone, and I know that they're using the same password for work that they are for their personal stuff, and it's ‘kitty.' And I know this because the Post-It note on their laptop says it. And it's, it feels like, yeah, you're selling and solving the problems at, like, level ten for complexity, but you need to effectively handle the problems at level two first and do the easy stuff and the basics before you start getting into the world of imagining that the Mossad is coming for you.Jess: And it's not even level two. I'd say we're almost—we're at level zero for a lot of this stuff. And you're a hundred percent right. A lot of security people and security organizations will be talking up all of these heavy-duty, “This is what we can do to protect you,” without even recognizing the elephant in the room of you're not even using MFA. You're not even looking at securing your administrative accounts. You're not using separate administrative accounts and user accounts, so they are the same person and login to everything and can access the internet while still performing full administrative work using that account, which is just terrifying.Corey: I still get constant notifications of security alerts from various vendors when there's a new TLS policy that should be applied to the load balancer that I'm using with them. And it's, you really think that people decrypting TLS-encrypted traffic somewhere between a user and my web server for a website that has the actual term ‘shitposting' in its domain is my number one priority on these things? It just feels like it's such a—it's this incredible cacophony of noise. And then you completely miss the next email that comes in, “Oh, by the way, you put your credentials up on GitHub. Maybe do something about that.” It just becomes this entire walking modern version of a Nessus Report with the 7000 things you need to fix, and number 3768 is, “Oh, by the way, the kitchen's on fire.” It hides this stuff. And it's awful.Jess: The prioritization of what can be done to fix some of the security holes that we see. It's out of whack, I think is the polite term to use. It's absolutely awful because we are prioritizing things that, yes, they are considered high severity in terms of what could happen, but in probability and likelihood, really, really low. Whereas things like having your password stored on a Post-It note that you have taped to your laptop that you then carry around and everyone can see it and they know who you are, maybe that's a little bit more concerning. So, it's trying to, from a security basics perspective, which I've been, I want to say ‘talking about' but it's not; it's ranting about and screaming about since about 2018.It's about making sure that we get those basics right because without the basics, all you're doing is putting Band-Aids over giant holes and giant leaks that anyone can slip through. And it's a waste of time. So, making sure that we are doing those really small basic things that lets be—we've been talking about them for years. I think I've been screaming about MFA for at least ten years now. We've had this available to us as an option. Why are we not doing it? One of the statistics that I saw recently, inside our cloud provider, only 33% of accounts are protected with MFA. 33%? What's happening with the other 66 because that's just, that's a staggering number of accounts that I would consider unsecure.Corey: On some level, you almost have to put this back on the companies themselves. Our timing is apt on this. Earlier today, GIF-hub—which is, yes, how I pronounce it—announced that starting in a couple of weeks, they're going to require MFA for every contributor on GIF-hub—or GitHub if you want to use the old-school pronunciation—and I think that's great. Everyone is used to MFA, on some level. Mandating it for accounts for which the blast radius is significant goes a long way.And yes, down the road longer-term, passkeys might make this a lot easier or not as necessary and/or better methods of authenticating against an MFA because typing in six-digit codes is annoying and goes out-of-bounds on these things. But I don't think it's necessarily the end of the world to make the sensitive accounts just a little bit harder to access.Jess: I understand that for some folks, MFA, it's that next step, it's that next barrier, it's another thing that they then have to do. It sounds terrible finding what I call silver linings in some of the events that have been happening recently, but if anything, particularly here where I am in my very small, tiny neck of the woods in Australia, some of the recent breaches that we have seen over here have made not just operations and technical people, but end-users, consumers, more aware of the fact that it only takes one slip-up, it only takes one small thing for something bad to happen. And anything that they can do to protect themselves is a good thing. So, we're starting to see a bit of a shift towards an acceptance for some of those trickier things like MFA.It's a pain in the bum. It's not something that is what I would consider user-experience-friendly. We're getting better at it, but it's still an issue when it comes to signing in and having to find your phone, which most of the time you have no idea where it is; you've got to use whatever automation, you have to call your phone to find it to be able to find your code so you can actually log in. It is a pain. But anything that we can do to be able to protect even our personal accounts is something that I consider to be really important.And it's not just for organizations. I've got to admit, I'm still working on my parents. They are of that generation where maybe it's still a little bit of a step too far. But just trying to get people that I know who aren't technical to start looking at things like this because as we move forward, it's going to become the norm and I'd much rather people become comfortable with it now than later when it is forced upon them.Corey: One of the problems that I've got is, we just went through our annual security awareness training that we are contractually obligated to provide to everyone and all the vendors that do this, I have problems with it, in different ways, in different degrees. It's all terrible, on some level. And it's not that these vendors themselves are bad, but it's the state of security for most folks. One thing that gets hammered home in all of these trainings is, “Don't click on the wrong link because if you do that it might destroy the company.” And I can't help but think if someone in the accounting department clicks the wrong link and it destroys the company, I can't really get myself to a point where I blame the accountant for that. I don't feel that's the accountant's job.Jess: That is definitely not the accountants job. And there is no way that a single user or a single device should be able to take out an organization. If that is the case, something has gone [laugh] very badly wrong. And I would say the blame is definitely not on the person who clicked the link. There would be a quite a range of people who would probably be hauled over the coals in regards to that one.Educating users on what to be aware of and what to look out for, and what to not click on versus click on, how to spot scams, all of that is helpful and beneficial, not just for an organization, but I also see it as very useful even in their own personal lives. Because we are seeing ransomware scams targeting individuals, we're seeing some of those awful scams coming from tax departments or coming from anything that's talking about, “You've got to fine. You need to pay this. Please go off and buy Target gift cards.” Those are the kinds of things that we want people to be aware of even in their personal lives.But if an organization can be taken down by one of those emails, then there has been something that hasn't been put in place. I would say ‘something.' A lot of things that haven't been put in place. A lot of the work that we do from a security perspective is to limit what we call a blast radius, to try and reduce the impact an incident will have on an organization. And clicking on an email like that should produce an alert. It should say, “Hey, you probably shouldn't be accessing this website.”Even if they put their username and password in, it's the credentials of that account that have been compromised. That can be reset. If necessary, the account can be rebuilt, but it certainly shouldn't be something that brings down an entire organization. And I think our messaging around that puts the burden on users when it should be on those of us who are technical to have the… not necessarily the accountability, but the responsibility for looking after that and ensuring that that is not the case. And again, that comes back to that, number one basics and making sure we've got the basics right. Because if you're clicking on something like that and it's going to be installing malware, you shouldn't have admin rights on your machine. That's just j—no. Bad. But number two, it means that [crosstalk 00:19:41]—Corey: And as part of that, the software we need to do our jobs should not require admin rights to run.Jess: Oh—Corey: There are certain—a couple of vendors that are hearing their ears burn because I'm thinking about them very hard right now.Jess: Oh, if I have one more piece of software, “I need domain admin rights to be able to run.” “I need global admin rights.” No you don't [laugh]. You really, really don't. You are being lazy, you're taking the piss, you're making it easier for yourself, and causing a massive security hole for your customer. Stop it.Back to my point [laugh]. If our operations folks and our security folks can work well together, we can get around some of that burden that we put on our users to be able to work out what it is from a usability perspective they need while still giving them the security they require. And I think when we're looking at putting security in place, it's that putting security first. It's not an afterthought. It's built into whatever we are doing, whatever processes we have, whatever systems we're bringing in, whatever solutions we're looking at using.It's thought of at the beginning, rather than, “Ah, maybe we should talk to security about that.” That involves a little bit of a culture shift, I realize that's going to take a bit of time [laugh]. I can do technology, people are someone else's problem; that is definitely not me to try and fix, and each organization will have their own battle when it comes to that [laugh].Corey: There's also this idea that—you know, companies figure this out after the first time they get it hilariously wrong—that not every person should have access to everything. I appreciate the idea of transparent culture, don't get me wrong, but if I'm not working with a particular customer, why should I have access to that customer's data, just lying around? It should be something that takes work, that you have to affirmatively say, “Yes, this is what I should be looking at right now.” One of the early things I learned back when I was going through one of the innumerable compliance regimens that I have throughout the course of my career is, it's a heck of a lot easier if you can constrain the regulated or sensitive information to as smallest surface area as possible.Here's the PCI environment where all that stuff lives, and yeah, you turn on all the obnoxious, difficult security things involving that environment, but what that means then is you don't have customer data in staging and development environments to worry about and you can relax a lot of the other controls, just because you don't need to have that high-friction process for people to do things that are completely unrelated to the sensitivity of that data. And that still seems like it's a revelation for some folks.Jess: For a lot of folks. So, the idea of role-based access control and giving people the rights they need to be able to do their job, no more and no less. And again, it's a balancing act of trying to work out what that is. And when it comes to the people who are doing that job, I often find when looking at putting role-based access control in place, it's never end-users that are the problem. Ever. It's always technical people because they need all of the access all of the time. You don't.So, it's working out what they actually need versus what they want [laugh]. And that's an even harder discussion to have. So, I find it's not what access do you need, it's what are you trying to do, and let's work backwards from that. And that's something that I still think a lot of organizations haven't managed to get right. And also from an access perspective, that governance—again, we're getting into process and policy and people—ahh—but it's that access governance lifecycle as well.Just because someone had access doesn't necessarily they need that access going forward. And making sure we're reviewing those levels of access going forward and removing people who don't need that anymore. Normally, when I'm talking about that, people are thinking like IT folks who have lots of privilege or finance people who have lots of privilege. I'll be honest. The worst folks in any organization for access privileges are executive assistants.Those people collect access rights like it's going out of fashion because they never get revoked. And they will move from person to person, from organization to internal organization collecting all of those rights, and they'll maintain them for the entire length of their stay with that company. It's an extraordinary amount of rights.Corey: They're like the human equivalent of the CI/CD server because it has access into every environment, it's generally configured by hand and evolves naturally as bespoke. “Infrastructure as Code for everything except the Jenkins box. We just take a disk snapshot of that and kind of hope for the best if we ever have to rebuild it somehow.” Yeah.Jess: [laugh]. They are. And they want—like, don't get me wrong, they are wonderful folks. If something happens to them, usually the organization is in a lot of trouble. But when they leave, looking at the sheer amount of access they have, the mail permissions they have to be able to send on behalf of so many folks in the organization.And you're like, this is a lot of trust and a lot of responsibility to give to one person. So, making sure that the rights that the folks have in your organization are what they need, they… are checked regularly. And I think that's the part that gets skipped a lot. It's easy to give rights; it's harder to remove them. So, it's making sure that those access reviews are being done to say, “Hey, you're no longer the EA for that person. Maybe you don't need sender's permissions on their mailbox anymore. Maybe you don't need access into their personal files and their calendar to be able to see exactly what's going on and being able to look at that personal folder that contains all of their photos and files of what's going on.” So, making sure that [laugh] you're reducing the risk, not just on the organization, but on those people as well. Because that's a lot of responsibility to have should something go wrong.Corey: That's part of the problem, too, I think, is that the surface areas gotten complex and the sheer number of services that we all use to go about our jobs, regardless of what those jobs might happen to be, is so overwhelmingly massive. I remember going through an acquisition at one point, and we had something like 40 people at the company, and we were well over 800 distinct SaaS products that we were using throughout the entire company for different things. And how many of these are important? How many things are going in other directions? And if we look across the entire surface area of these companies and the things that we're using, no one knows what's going on in their environment and where.Okay, you get access to this? I don't know, there's this ridiculous little thing I used to caption funny pictures. Okay, it's technically a SaaS product, but it's probably not critical path. Oh, here's the system we use to do payroll. Yeah, you probably want to double-check that one. And it all ones have lumped together in the big bucket of, “We have no idea what's in this thing.”Jess: Oh, my God. I need people to understand that documentation is important [laugh] and this is exactly why. Unless it is written down, unless someone has been able to take out of their head a decision that was made about this as a product we are using, this as what it does, this is how critical it is to our organization, unless that is somewhere, you end up in exactly the situation you're talking about. You've got all of these products and you don't know which ones are business-critical. You don't know which ones are considered your primary goals, particularly in the case of a BCP, so a Business Continuity Plan or Disaster Recovery perspective.They're the ones that you want to protect and that should be somewhere. But a lot of people seem to think that documentation is boring and documentation is it's not necessary. It's my head. Why would I need to write any of that down? I know it all.Please make sure you're getting it out of your head, I don't want to have to pilfer through your head to find the stuff. And I know that there's a couple of folks, personally that I know who will feel very attacked by this. Just because it's in your head, just because you know, doesn't mean everybody else knows. And I'm very much of the opinion that if someone asks you a question twice, that is a piece of information that needs to be on a piece of paper somewhere that other people can see.And we don't do that enough. We don't pass on information enough and share information enough. There is very much an information-hoarding mentality for a lot of folk of, “I need to protect this information to be able to keep my job.” And that is just not the case. Because in the case of a disaster, in the case of a merger, where you're trying to work out what is actually needed versus what is not, that information is crucial and it can cost time and a lot of money if you don't know that information, if you don't have someone that has put that down and you can reference it in an easy and quick way.Corey: I really want to thank you for taking the time to go through how you think about these things. If people want to learn more, where's the best place for them to find you? And please don't say Australia.Jess: Well, yes, Australia, but no one wants to come down here because again, we have things that will kill you. I would say Twitter or Mastodon. You can find me as at @girlgerms, if you haven't found me already. I am on InfoSec.exchange as @girlgerms.I will also be speaking at a number of conferences coming up here in Australia. Again, if you want to come to Australia, please do, but I know that recordings of these will be available at some point, so I will be speaking. Luckily, I've been invited to go and speak in New Zealand, which is very exciting. So, I'm going to be speaking at DevNxt in Christchurch on the 21st of April.And I will also be at [unintelligible 00:29:33] between the 9th and 12th of May this year. Again, that's in the future, literally in the future. So, I will be talking about all sorts of things related to operations and security operations, my talk at [unintelligible 00:29:48] actually going to be really interesting. It's talking about using your operations folks and how to get the best out of them from a security perspective, based on my history being an operations person and how I've moved into security and how that can be a real benefit and an asset to an organization.Corey: And we will, of course, put links to that in the [show notes 00:30:08]. Thank you so much for being so generous with your time. I appreciate it.Jess: [No dramas 00:30:12]. Thank you very much for having me.Corey: Jess Dodson, Senior Cloud Solution Architect at Microsoft, I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment that I'll log in as you and delete later because you use the same password for everything you log into. It's ‘poisonouskitty.'Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

I am an optimist. I believe things will work out.  However, when it comes to my business I also know that things can go wrong, and planning is not being negative, it is being prepared. Accidents happen. Even minor mishaps can be major catastrophes for small business owners. Every year, thousands of companies are unprepared for the interruption caused by a minor fire, flood, and burglary or computer meltdown. Creating, and implementing a Business Continuity Plan as part of your overall business plan ensures your business survives any disaster. Are you prepared? I have seen studies which say anywhere from 25 – 75 percent of businesses suffering a disaster fail to reopen or close soon after. While the stats may vary, the general consensus is a well thought out recovery plan matched with appropriate insurance makes the difference between survival and business extinction. What should your disaster planning process include? Computer Backup – For many small business owners, the computer is the heart and soul of the business. Unfortunately computers crash, there are hackers and virus' attack, natural disasters and every user makes mistakes from time to time. The consequences can be disastrous. Rebuilding financial information, contact lists, E-mail records or project files can be time-consuming, expensive and sometimes impossible. Online backups are very affordable. Not sure if you need to spend the money? Ask yourself these questions: If my computer didn't turn on tomorrow: Would I still have a business? Would I lose a significant amount of time, and money rebuilding my data Would I know what to do? Don't like the answers? Then it is time to explore a back up solution. Equipment Replacement – Beyond restoring your data, you need to plan for equipment replacement. Talk to your insurance agent to be sure you have enough coverage to replace furniture, equipment, inventory and other assets. Take the time to inventory all the assets in your building. Have a list of important equipment, serial numbers, purchase date and even photos. This will really simplify the process of filing an insurance claim. Temporary Location – Where will you and your team work if your building is not accessible? Putting systems in place for employees to work remotely is helpful even if it is only a day or two interruptions caused by inclement weather. You just don't want to test those systems for the very first time when something big goes wrong. Funding operations – Disasters have a way of piling up. Not only will you need to deal with the things listed above, you may incur additional expenses for moving or damages caused by missed deadlines. Business continuity insurance will help cover the other unexpected costs. Customer Care – In some cases, you won't be able to complete a project because of a serious interruption to your operations. Having a relationship with another firm who can take care of your customers in the short term will allow you to preserve the customer relationship for the long term. Disaster planning is not a set it and forget it kind of process. If you are smart, you will revisit your crisis plan every year. Why? Because as your business grows, your risks grow as well. You may be lucky and never have a fire, flood, burglary or another disaster. But a little disaster planning now will save you lots of headaches down the road.  

As appealing as paperless offices are, there are still some industries that require meticulous physical recordkeeping. These types of records must comply with regulatory guidelines to legally operate. This is where a Paper Records Management system can be useful.   A Paper Records Management system links the processes, tools, and people needed to create, name, categorize, store, and purge physical data in an easily accessible, color-coded and organized manner. It also represents one of the seven elements of the Kasennu framework for business infrastructure.   The encore of this storytelling episode features twin sisters, Karen and Sharen Benoit. Their mental rehabilitation facility takes off following a natural disaster. But patients aren't the only people drawn to them. Regulators are too. They can't risk another failed audit. Help comes from a familiar, yet unexpected source who teaches them how to create a Paper Records Management system that's compliant, audit-ready, and keeps the doors to their business open.  

A paperless office comes with many perks. It frees up physical space, removes geographic work restrictions, and makes information accessible from anywhere. But there's a catch.   Without careful organization, adequate security, and an ironclad data backup and recovery plan, there's always the risk of losing electronic records due to manmade or natural disasters.   An Electronic Records Management system specifically links the processes, digital technologies, and people needed to consolidate, organize, backup, and archive digital information in an easy-to-follow, structured manner. It also represents one of the seven elements of the Kasennu framework for business infrastructure.   This encore episode features the story of feuding siblings, Sarah and Steve Reuben. Equally smart and ambitious leaders, they're blind-sided when a malicious virus attacks their furniture store's network. If their customers and vendors find out, it could ruin their family's business and their brand's good name. A consultant implements an Electronic Records Management system as a preemptive strike against future disasters and to ensure business continuity.  

As the calendar turns to 2023, nonprofit leaders embrace the opportunities and confront the challenges of a dynamic, changing landscape. Ted Bilich, author of Managing Your Nonprofit For Resilience, joins the podcast to share insights for leaders as the enhance resilience within their organizations. We discuss an innovative approach to creating a risk inventory, business continuity, and the importance of scenario or action planning. Lots of actionable strategies in this lively discussion! **Bonus Resource fro Risk Alternatives: Download a FREE template for a Business Continuity Plan!**

In business, anything can happen — including bad things. You have two choices: be prepared, or be blindsided.  Rochelle Clarke is an expert in ensuring business longevity through continuity. She helps businesses plan for the worst, so they can bounce back and keep on keeping on. Think of your business like a car; most of […] The post MBA2098 Guest Teacher – Rochelle Clarke – How to Protect Your People, Profits, and Growth From Unplanned Events With a Business Continuity Plan appeared first on The $100 MBA.

In business, anything can happen — including bad things. You have two choices: be prepared, or be blindsided.  Rochelle Clarke is an expert in ensuring business longevity through continuity. She helps businesses plan for the worst, so they can bounce back and keep on keeping on. Think of your business like a car; most of […] The post MBA2098 Guest Teacher – Rochelle Clarke – How to Protect Your People, Profits, and Growth From Unplanned Events With a Business Continuity Plan appeared first on The $100 MBA.