💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. Apples, Apples, and Frauds - The $9 Billion Block

2. Dark Partners and Crypto Heists: When Digital Wallets are Out of Pocket

3. Staying Cyber Sane: The UK’s New Cyber Resilience Bill

4. The Pickle Predicament: How AI’s Sweet Spot Became Cyber's Sour Touch

5. Silent Ransom Group Unmasked: Legal Firms in the Crosshairs

6. Windows Wants to Be Your IT Guy—And Update Everything

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Apples, Apples, and Frauds - The $9 Billion Block

_Fraudsters beware: You shall not pass Apple’s mighty gates of security._

What You Need to Know

The latest report unveils Apple’s robust countermeasures that have thwarted over $9 billion in fraud activities on its App Store since 2020. As alarming as it is enlightening, this revelation is a clarion call for organizations to assess and strengthen their digital security infrastructures to mitigate exposure to cyber threats. Executive management is expected to review current cybersecurity policies and invest in advanced fraud detection technologies to enhance consumer trust and safeguard assets.

CISO Focus: App Fraud Prevention and Security Enhancements

Sentiment: Positive

Time to Impact: Immediate

*

Apples, Apples, and Frauds - The $9 Billion Block

In a steadfast defense against treachery lurking in the digital marketplace, Apple has reportedly nipped over $9 billion worth of App Store frauds in the bud since 2020. This triumphant figure, disclosed in a comprehensive report, highlights the tech giant's relentless endeavor to secure its ecosystem, ensuring a sanctuary-like digital shopping experience for its billions of patrons.

Anti-Fraud Force: Apple’s Vigilant Stand

The report showcases a meticulous account of thwarted fraudulent transactions and malicious activities, a testament to Apple's robust security protocols and advanced fraud detection technology. Deceptive schemes ranging from identity theft to credit card fraud were intercepted, reflecting Apple’s stringent scrutiny over its diverse array of apps and services.

Identity Verification: Apple’s rigorous verification requirements have played a pivotal role in minimizing fraudulent developer accounts, directly affecting the ecosystem’s health and reliability.

App Review Process: Meticulous app review systems ensure that every new and updated app adheres to Apple's standards, effectively precluding nefarious software infiltration.

User Protection: Through proactive user security measures and enhanced privacy provisions, Apple has reinforced consumer protection against phishing attempts and suited scams.

The Battle Against Fraud: Eternal Vigilance

Fraud in digital domains is a persistent threat, continuously evolving with an ever-expansive arsenal of techniques. However, Apple's feat reiterates the quintessence of digital vigilance, affirming that consistent investment in cybersecurity talent, state-of-the-art technology, and strategic foresight is indispensable.

AI and Machine Learning: Cutting-edge algorithms have proved instrumental in analyzing vast datasets to discern and anticipate irregular patterns that signal potential threats.

Cross-Platform Vigilance: A seamless integration of security frameworks across all Apple devices and services confers a consolidated protective shield for consumers.

A Positive Sentiment with Immediate Impact

Beyond safeguarding finances, Apple's anti-fraud measures bolster user trust, reflecting positively on the company’s reputation. The sentiment emanating from this disclosure is overwhelmingly positive, with an immediate impact on investor confidence and consumer assurance.

Where Do We Go from Here?

Apple's journey doesn't end at blocking fraud. Continuous refinement of detection technologies, combined with an unwavering commitment to transparency in security protocols, lays the groundwork for sustained success in digital fraud prevention.

A future-focused vision will necessitate:

Partnerships for Security Innovation: Collaborations with cybersecurity firms to harness the best of innovation and broaden the defensive perimeter.

Regulatory Compliance and Leadership: Maintaining leadership in setting and adhering to industry standards for privacy and security.

Consumer Education Initiatives: Empowering users with knowledge and tools to identify and respond to potential scams.

*

Vendor Diligence Questions

1. What measures does the vendor employ to authenticate the legitimacy of app developers on their platform?

2. How frequently is their application's security review process audited and updated?

3. What proactive steps does the vendor take to educate consumers on fraud mitigation and scam recognition?

Action Plan for the CISO Team

Assess Current Security Measures: Conduct a comprehensive audit of existing anti-fraud frameworks.

Implement Advanced AI Solutions: Explore and integrate AI-driven analytics for preemptive fraud detection.

Enhance Developer Verification: Reinforce processes to ensure only credible developers can access platform resources.

Consumer Partnership: Develop resources and campaigns aimed at boosting consumer awareness on security best practices.

*

Source: Apple blocked over $9 billion in App Store fraud in five years

*

Dark Partners and Crypto Heists: When Digital Wallets are Out of Pocket

_When dark rivers run deep, crypto wallets weep._

What You Need to Know

Cyber intelligence agencies have reported a sharp uptick in cryptocurrency heists orchestrated by the Dark Partners gang. This notorious group has been leveraging advanced hacking techniques to target cryptocurrency exchanges and digital wallets. It's paramount for executive management to bolster their company’s cybersecurity posture and review incident response strategies in light of this threat escalation.

CISO focus: Cybercrime - Cryptocurrency Theft

Sentiment: Negative

Time to Impact: Immediate

*

In the shadowy corners of cyberspace, where anonymity emboldens the ingenious and the illicit alike, the Dark Partners cybercrime gang has emerged as a formidable force. Responsible for a string of high-profile cryptocurrency heists, this group has been siphoning millions from unsuspecting victims, leaving a trail of digital devastation in their wake. Here's how they're pulling it off and what it means for consumers and companies alike.

A Surge in Cybercrime: The Dark Partners Enigma

The Dark Partners, a cybercrime syndicate, have become notorious for their sophisticated hacking tactics specifically targeting the burgeoning cryptocurrency landscape. With the rapid increase in global cryptocurrency adoption, exchanges and digital wallet holders have been increasingly at risk. The adoption of multifaceted attack vectors, which includes phishing campaigns, exploiting software vulnerabilities, and organizing Distributed Denial of Service (DDoS) attacks, reveals the complexity and sophistication of this gang's operations.

Several exchanges have already been compromised, causing industry-wide alarm. For example, earlier this year, a well-established U.S.-based cryptocurrency exchange reported losses in the tens of millions due to a breach linked to the Dark Partners. This attack not only shook investor confidence but also highlighted glaring vulnerabilities in the security frameworks of digital financial platforms.

The Techniques: Hacking, Phishing, and More

* Phishing Campaigns: Dark Partners are adept at deploying personalized phishing scams, often masquerading as legitimate cryptocurrency exchanges or financial institutions. By exploiting human behavior, they trick users into revealing their digital wallet credentials.

* Exploiting Vulnerabilities: They exploit weak spots in software code. Even minor oversights in security patches are leveraged for unauthorized access.

* DDoS Attacks: Frequently used as a diversionary tactic, DDoS attacks overwhelm a service with traffic, distracting security teams while funds are harvested from digital wallets.

Ramifications for Victims

These attacks have severe ramifications—financial losses for individuals and companies can be ruinous. Trust in digital financial systems is severely shaken, thereby stalling the potential growth and mainstream acceptance of cryptocurrency. For businesses, reputational damage is nearly as crippling as financial loss; restoring brand trust in a post-breach reality demands extensive resources and time.

Crisis Management: What's a Cryptospace to Do?

For investors and cryptocurrency companies alike, vigilance is key. Implementing robust security measures such as two-factor authentication (2FA), regular security audits, and user education programs can act as significant barriers against such threats. Moreover, collaboration between firms across the industry can help to stay ahead of criminal ingenuity.

However, it is equally essential for law enforcement agencies globally to strengthen their cybercrime task forces. Cross-border cooperation is paramount; the anonymous and distributed nature of blockchain technology requires an international approach to effectively tackle such crimes.

With the rising tide of cryptocurrency adoption, challenges in digital security continue to evolve. While the Dark Partners’ schemes cast a long shadow, industry vigilance and robust security practices can help light the path towards safer digital asset management.

*

Vendor Diligence Questions

1. What are the specific security protocols in place to prevent cryptocurrency theft by cybercriminal groups like Dark Partners?

2. How frequently are security patches and updates applied to the systems to safeguard against known vulnerabilities?

3. What measures does your organization have to ensure that users are educated on phishing scams and other attack vectors?

Action Plan

1. Immediate Assessment : Conduct an immediate assessment of existing cybersecurity measures specific to cryptocurrency handling.

2. Enhance Monitoring : Deploy advanced threat detection and monitoring systems that provide real-time alerts on unusual activities.

3. User Education : Develop a robust user education program highlighting the dangers of phishing and the importance of security hygiene.

4. Collaboration and Reporting : Engage in industry-wide initiatives for knowledge sharing about emerging threats and trends related to digital asset security.

*

Source:

Dark Partners cybercrime gang fuels large-scale crypto heists. BleepingComputer. Retrieved from Dark Partners cybercrime gang fuels large-scale crypto heists.

*

Staying Cyber Sane: The UK’s New Cyber Resilience Bill

_Cyber Resilience: New Regs, New Headaches_

What You Need to Know

As the UK introduces the new Cyber Resilience Bill, businesses are required to reevaluate their cybersecurity strategies. The legislation seeks to enforce stricter controls on the collection and storage of data, alongside new responsibilities for managing cyber risks. Businesses must act now to comply with these regulations, avoid penalties, and protect their customers' data.

CISO focus: Regulatory Compliance, Data Privacy, Risk Management

Sentiment: Neutral

Time to Impact: Short (3-18 months)

*

In an era where cyber threats are as common as afternoon tea, the UK’s latest Cyber Resilience Bill is setting the table for a robust defense against digital malfeasance. As businesses reel from a fast-paced wave of digital transformation, this new legislation insists on more robust cybersecurity practices that could make or break organisational efforts to safeguard their operations and reputations.

Raise Your Shields: What the Bill Entails

The UK’s Cyber Resilience Bill intends to arm organizations with necessary legal requirements for implementing strong cybersecurity measures. Organizations are mandated to adopt risk-based approaches to secure themselves against cyber threats. Failure to comply could result in not just regulatory fines but also reputational damage which is often a corporation’s worst nightmare.

A few cornerstones of the new legislation are:

Data Protection Strengthened: Businesses must enhance their strategies for data encryption and access control, ensuring personal data is adequately protected from unauthorized breaches.

Incident Reporting: Organizations are required to promptly report significant cyber incidents, thus enabling faster responses and remedies at the national level.

Risk Management Framework: A structured approach to identifying, assessing, and mitigating risks should be established, with executive management playing a central role in governance.

The Serious Business of Compliance

Companies, both big and small, are now facing a pressing imperative to align with the Cyber Resilience Bill. Leaders need to have a firm grasp of how their existing data protection policies measure against the new regulations. Information is king, and its protection is now not just best practice but legally mandated practice.

Organizations should focus on the following tactics to ensure compliance:

Audit and Overhaul: Conduct detailed audits to identify areas where current practices fall short.

Training and Awareness: Implement comprehensive training programs to ensure that all employees are aware of their roles in securing company data.

Technology Investment: Adoption of new technologies that protect against the latest threats should be prioritized, where necessary.

Navigating the Details with a Cyber Compass

The intricacies of the Cyber Resilience Bill may seem overwhelming, but businesses can navigate this labyrinth with a steadfast approach.

Engage External Expertise: Consulting cybersecurity experts can provide an external perspective and ensure that no stone is left unturned in achieving compliance.

Regular Reviews: Keep regulatory achievements fresh by scheduling frequent checks of cybersecurity processes and updating these according to the latest threats and technological advances.

Stakeholder Involvement: Ensure that investors, board members, and customers are confident about the company’s commitment to cybersecurity by communicating the steps taken.

Stiff Upper Lips and Sturdy Cyber Defenses

While the road to compliance with the Cyber Resilience Bill requires considerable groundwork, it is essential for businesses determined not to become the next headline-grabbing data breach victim. The legislation not only helps protect individual companies but serves to bolster the national digital economy by fostering collective security resilience.

As organizations in the UK adjust to the rules and nuances of the new law, the emphasis must remain on proactive and resilient security strategies—because, in the world of cyber threats, it’s always better safe than sorry.

*

Vendor Diligence Questions

1. How do your current services align with the latest requirements set out by the UK's Cyber Resilience Bill?

2. Can you provide documented evidence of your alignment with best practices for data encryption and incident reporting as stipulated in the bill?

3. What new cybersecurity measures have you implemented in response to these regulations, and how do they enhance your existing risk management framework?

Action Plan

1. Initiate a Compliance Committee: Establish a dedicated team responsible for overseeing alignment with the Cyber Resilience Bill.

2. Risk Assessment: Conduct a comprehensive risk assessment to identify vulnerabilities and determine necessary controls.

3. Enhancement of Incident Response Plans: Update existing cyber incident response plans to ensure they comply with new regulatory requirements.

4. Invest in Cybersecurity Training: Upskill your workforce with focused training sessions that underscore the importance of cyber hygiene and reporting protocols.

5. Engagement with Third-Parties: Review and enhance cybersecurity measures with third-party vendors to ensure aligned compliance.

*

Source: What the UK’s New Cyber Resilience Bill Means for Businesses—and How to Stay Ahead

*

The Pickle Predicament: How AI’s Sweet Spot Became Cyber's Sour Touch

_When the Python tries to Pickle your AI, it might just bite._

What You Need to Know

The cybersecurity industry's radar has caught a significant threat trajectory toward AI and machine learning (ML) models due to vulnerabilities in the widely utilized Pickle file format. Senior figures within the organization should anticipate and strategize for possible disruptions in AI-driven operations due to this emerging vulnerability. Immediate actions and bolstering of security protocols specific to ML architectures are required.

CISO Focus: AI & Machine Learning Security

Sentiment: Negative

Time to Impact: Immediate

*

ReversingLabs, in a detailed exposition, has flagged a burgeoning new threat avenue that targets AI and ML models, particularly leveraging the susceptibility of the Pickle file format—a staple in Python environments. This development arrives as AI becomes the lifeblood of numerous businesses, heightening both opportunities and risks. But, as the usage of AI grows exponentially, so does the attack surface.

A Pickle of a Problem

In a recent blog post, Dhaval Shah, RL's senior director of product management, warns that the Pickle file format poses significant risks. The crux of the issue is Pickle’s capability to serialize and deserialize data—essentially allowing ML models to store and retrieve complex data structures. Unfortunately, this capability can be misused by malicious actors to inject harmful code, particularly if unsanitized inputs are used.

Serialization Risks : The Pickle module allows execution of arbitrary code during deserialization which introduces significant risk when loading data from untrusted sources.

Wide Usage : Prevailing reliance on Pickle files in Python projects, given its simplicity and effectiveness, creates a potential threat vector across multiple domains.

Attack Vector Potential : Malicious inputs during serialization can execute unauthorized commands on the host machine where AI models reside.

The Convergence of AI and Software Supply Chain

As AI increasingly intertwines with enterprise operations, model deployment pipelines become an attractive target for cybercrime. This convergence necessitates a robust understanding of new threat vectors. The Pickle file predicament exemplifies this technological crossroad where AI and traditional software vulnerabilities intersect.

Preparing for the Inevitable

To mitigate potential threats, experts advise:

Enhanced Scrutiny of Dependencies : Regular audits and stringent security controls around open source and third-party software.

Secure Coding Practices : Adoption of safer serialization alternatives and thorough input validation mechanisms.

Continuous Monitoring : Deploy defense mechanisms to detect anomaly behaviors indicative of an exploit in ML operational environments.

Rolling the Ball on PyPI – A Broader Impact

The Python Package Index (PyPI), a repository bustling with Python software, is central to the ecosystem around which these vulnerabilities orbit. The implications of targeting PyPI underscore a wider scope of potential disruption—considering this repository is pivotal for developers globally.

The Pickle threat presents a classic tale of technological growth outpacing security foresight. While AI and ML continue to revolutionize industries, the parallel growth of risks demands an equally aggressive evolution in cybersecurity strategies.

*

Vendor Diligence Questions

1. How does your product address the serialization/deserialization vulnerabilities associated with Pickle files in Python applications?

2. What measures are in place to detect and prevent injections and other forms of code tampering in AI/ML deployments?

3. Can you provide case studies or documentation showing past successes in mitigating supply chain risks associated with AI/ML models?

Action Plan

1. Immediate Audit : Conduct a comprehensive review of ML model deployment practices with an emphasis on identifying reliance on Pickle serialization.

2. Alternative Solutions : Research and implement safer serialization libraries such as `json` or `yaml` for non-circular data structures.

3. Training & Awareness: Organize training workshops for developers on secure coding practices with a focus on AI/ML ecosystems.

4. Collaboration with Providers : Engage with primary software package and service providers to enhance security measures around package repositories.

*

Source: <https://www.reversinglabs.com/blog/malicious-attack-method-on-hosted-ml-models-now-targets-pypi>

*

Silent Ransom Group Unmasked: Legal Firms in the Crosshairs

_When lawyers are blindsided by ransomware, it's a case law doesn't quite cover._

What You Need to Know

The Silent Ransom Group (SRG) is actively targeting law firms, seeking to exploit the valuable and sensitive data they house. Executives are urged to bolster cybersecurity defenses and ensure all staff are cognizant of the heightened threat environment. Immediate action to audit and enhance data protection measures is critical. Keeping abreast with prescribed cybersecurity protocols and implementing robust risk management strategies will help in mitigating potential impacts.

CISO Focus: Ransomware Mitigation

Sentiment: Strong Negative

Time to Impact: Immediate

*

Hackers Hit where It Hurts: Law Firms Beware!

In a digital landscape where law firms are guardians of highly sensitive and strategic information, a new threat looms large. The Silent Ransom Group (SRG), as reported by several cybersecurity sources, has cast its net wider and deeper into the world of legal services. These cybercriminals see law firms as ripe targets due to their substantial troves of sensitive data and the pressure they would face from clients and partners alike if such data were breached.

The Attack Plan

According to an alarming report from Databreaches.net, this ransomware syndicate specializes in penetrating legal firms' databases with stealth and precision. The modus operandi begins with phishing attacks—emails designed to bypass minor defenses and gather access due to credulous clicks or misleading information.

* Phishing and Social Engineering : SRG employs sophisticated social engineering tactics to lure unsuspecting employees into downloading malicious payloads. These phishing attempts are finely tailored to fit the culture and operations of their targets.

* Ransomware Deployment : Once inside, SRG locks down vital systems and demands hefty ransoms. These incidences typically involve the encryption of client files, crucial court documents, and more, rendering the firm's operations paralyzed.

The Immediate Threat to Legal Practices

The very nature of law firms, dealing with highly confidential and often legally protected information, makes them bearers of critical data across their communication channels. Cybercriminals have identified such data-rich environments as lucrative targets.

* Potential Repercussions : Beyond financial losses, law firms face severe reputational damage, potential regulatory fines, and client distrust.

* Case Study Continuity : Imagine the havoc of stalled case timelines or the unauthorized exposure of high-stakes legal strategy. In legal operations, trust is paramount; breaches can irreparably harm this foundation.

Defense Strategies

Amplified vigilance and rigorous protocols are the first line of defense against these cyber adversities. Implementing a multi-faceted cybersecurity approach is vital.

* Advanced Threat Detection : Deploy AI and machine learning solutions to identify and neutralize unusual activities swiftly before they escalate into full-scale breaching.

* Data Encryption : Sensitive data should be encrypted both at rest and in transit to mitigate damage from unauthorized access.

* Staff Training : Organizational resilience must be supported by continuous employee education. Employees need training in recognizing phishing scams and adhering to data protection protocols.

Cyber Cats and Laws of the Jungle

Navigating this intricate weave of cyber threats can feel like an unending chase, but staying ahead is a battle law firms must commit to. The stake is not just client confidentiality but the survival of their practice.

*

Vendor Diligence Questions

1. What measures are your services taking to ensure they are resilient against advanced persistent threats such as ransomware?

2. Can you provide information on your process for detecting and responding to phishing attacks?

3. How are you safeguarding sensitive data to comply with emerging data protection standards?

Action Plan

1. Conduct a Cybersecurity Audit : Review and enhance existing security measures across all digital entry points.

2. Employee Training and Phishing Simulations : Implement regular phishing tests and enforce a comprehensive cybersecurity training program.

3. Engage with Law Enforcement and Cybersecurity Experts : Establish channels with local and federal authorities for guidance and support during incidents.

4. Review Backup and Recovery Plans : Ensure robust and quick recovery of systems to maintain continuity.

*

Source: Private Industry Notification: Silent Ransom Group Targeting Law Firms**

*

Windows Wants to Be Your IT Guy—And Update Everything

_If you're imagining a world where Microsoft takes charge of updating software for all users, your future may have just been updated itself._

What You Need to Know

Microsoft has unveiled its latest initiative: a Windows update feature aspiring to patch and update all software on users' PCs, not just Microsoft's own. While this ambition aims to streamline software maintenance and enhance security, its implications for control, privacy, and compatibility are significant. Executives must now deliberate on the balance between comprehensive updates and safeguarding organizational autonomy over software management.

CISO Focus: Software Update Management

Sentiment: Neutral

Time to Impact: Short (3-18 months)

*

Microsoft’s All-Encompassing Update Plan: Control, Convenience, or Chaos?

Microsoft recently pulled back the curtain on an ambitious proposal: to expand Windows Update into an all-encompassing tool that would manage updates and patches for all software installed on a user's PC, not just Microsoft applications. This development aims to bring a seamless experience for users by consolidating the complex labyrinth of software updates into a singular, streamlined process. However, it also raises significant questions about user control, privacy, and potential for disruption.

Unpacking the Update Ambition

The Proposal

* Microsoft intends to transform Windows Update from its current state, which primarily focuses on Windows and Microsoft products, to a universal updater capable of managing third-party software updates.

* The plan is in its exploratory phase, and its implementation could redefine how PCs manage software updates, potentially increasing security by ensuring all software is patched promptly.

The Rationale

* Security Enhancement: By regularly updating all software, the scope for vulnerabilities is minimized. This approach aligns with best practices that advocate for up-to-date software to prevent exploitation by threat actors.

* User Convenience: End-users, often overwhelmed by scattered update notifications from various applications, might appreciate a single, centralized system to handle everything.

Potential Pitfalls and Concerns

Loss of Control

* User Autonomy: Many users and organizations prefer controlling their update schedules, particularly for mission-critical applications. A universal update system may override bespoke testing and rollout schedules.

* Compatibility Risks: Updates prompted without consent or comprehensive testing could potentially disrupt system compatibility, causing more harm than the vulnerabilities they're supposed to prevent.

Privacy and Data Considerations

* Consolidating update responsibilities under Microsoft could imply collecting more data about installed software, raising concerns about privacy and data management.

Navigating the Future

Microsoft's Path Ahead

* _Pilot Testing:_ Microsoft will likely embark on pilot tests to gather feedback, assess user acceptance, and identify potential roadblocks in the new update process.

* _Feedback Loop:_ By engaging with users and organizations, Microsoft needs to maintain transparency and adaptability, ensuring the final implementation considers diverse stakeholder needs.

Implications for Organizations

Security and Compliance

* Organizations will need to evaluate how such a change might impact their security posture and whether it complies with industry regulations regarding software management.

* There's a potential shift in resource allocation; IT departments might be relieved of some update management responsibilities, yet will need new strategies for application oversight and control.

Keeping an Eye on Microsoft

The tech behemoth's latest venture represents a noteworthy stride toward cohesive software upkeep, but its success hinges on retaining user trust and relinquishing some degree of control to the tech company renowned for its vision, occasionally dubbed presumptuous.

*

Vendor Diligence Questions

1. How does Microsoft plan to ensure compatibility tests for third-party software updates within this system?

2. What data will Microsoft collect about third-party software, and how will it be used?

3. Will there be an opt-out feature allowing users and enterprises to manage specific updates independently?

Action Plan

1. Review Update Policies: Conduct a review of current update policies within the organization to determine how an all-encompassing update service might align or conflict with existing practices.

2. Engage IT Teams: Prepare IT teams for potential integration or conflicts between existing update systems and Microsoft's new strategy.

3. Security Assessment: Perform an assessment to understand how the proposed update system impacts security and whether it meets compliance requirements unique to the organization.

4. Stakeholder Communication: Facilitate open communication channels with stakeholders to gather feedback and concerns about privacy, control, and update management.

5. Implement Monitoring Systems: Ensure systems that can track the updates performed through this unified update approach while safeguarding against unauthorized changes.

*

Sources:

Bleeping Computer - Microsoft wants Windows to update all software on your PC

Microsoft Tech Blog

Cybersecurity & Infrastructure Security Agency (CISA)

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(