Exploring the World of Identity in Government Service

Christine Owen:
Hi there. Thank you for joining us in another installment of Identiholics. My name is Christine Owen, and I am your host today. And today we have an amazing person. I'm so excited that we have him with us. We have Ross Ford who recently retired from 15 years, is that right, of service with the government or is it longer Ross?

Ross Ford:
Well, including the time in the Navy, it was just about 20 years.

Christine Owen:
Wow. Just about 20 years. That's amazing. And during those 20 years, you've actually done really quite amazing things. And I actually went to LinkedIn and I saw your retirement posts, and I saw you had over 188 comments. Wow. So one of the things that I want to talk about today is all of the really cool things that you got to do that were impactful with the government, because I think that government service is really important. And people need to understand all the things that one can do with the government. And how you can actually make quite a big ripple and impact, which you absolutely have done. So let's start off by how did you end up in the identity realm?

Ross Ford:
I kind of ended up in the identity realm as I entered the third career in my life. So I had started out as a submariner. I learned nuclear engineering and worked on a submarine. That took me to work in a manufacturing environment where they allowed me to get, I worked shift work and I got a computer engineering and electrical engineering degree. So I was hired by a telecommunications company who was just moving from analog to digital in the late nineties. And they asked me to stand up a knowledge management portal for them. And so I did that, Netscape Publisher was the first system that you could actually publish web content on. And so I put tens of thousands of engineering documents that documented their digital systems on that site. And then I went to the program manager, I'm like, "Okay, so who do you want me to give access to this stuff?"

And he was like, "Oh, no, we just want to publish it on the web." And I said, "Now you don't understand, if you publish this information on the web anybody can get to it. I mean anybody, it's just published." So we worked on, how do you do that? You got to be given LDAP and you put some reserve. You have to give people passwords, they're going to log in. And so at that point in time, that's when I realized that, you know what, people really don't understand the impact of these web technologies. And so I tried ever since then, that was probably 1998, tried to focus on identity technologies as much as I could. But early, that was a little difficult to do. Not a lot of places were really doing identity and access management. Most enterprises are doing some kind of authentication anyway using passwords. But that's how I initially got into the identity and access management space.

Christine Owen:
That's pretty amazing because now I understand why Shawn Frazier, because he was around Netscape back then. I mean, besides the fact it's Shawn Frazier and it's you, but that's really funny. And then you ended up, I know that you went in and out of the government, so you went in once and then you left a little bit and then you went back in. So what were you doing the first time around?

Ross Ford:
So the first time I joined the government, and I think I'll give a little bit of this story, because it helps people understand how you really need to be persistent when you're trying to get a government job. After I left that job at Motorola, I worked for what would be considered a cloud company, right? So it was Usinternetworking was the name of the company. They were an application service provider. And that was in 2000, so really early building some web-based business applications and everything. Well, they went bankrupt. And I was living in Chicago. That company was out of Annapolis, but I was actually running their Midwest business. And so I decided to come back to D.C. area where my family's from, where I was born anyway. So when I got here, I applied for a job. People wanted me to do this. It was an identity access manager thing for something that CBP was doing to modernize one of their big systems.

And I went and interviewed and I thought everything went really well. And then I didn't hear anything for the very long time, and I kind of figured, well, I guess I didn't make the cut on that. So I was working on another project that one company had. And I got a call on the phone and it's like, "Mr. Ford, I wanted to let you know your background investigation was completed." And I'm like, "What?" "Yeah, do you remember meeting..." And they named the guy and the place. And I said, "Yeah, that was about a year ago." And they said, "Well, your background investigation got completed and now you can come work here as a contractor." And I was really surprised that it took a year for me to get through that. And it was fortunate that I was actually available then, the project I was working on was coming to an end.

So that's how I started. I started as a contractor working for CBP. And then I ended up working at ICE. And ICE it was a really big deal for me, because ICE was considered the SSO steward for DHS. So there was this thing in that era, that was like 2007, 2008, E-authentication was the thing that the government is trying to do. It was a federation capability. And so at ICE we were the SSO steward, and we helped the agency as the steward implement single sign-on. And then I moved from there. Well, actually the principals that were working there, I moved to another agency. And so they asked me to become a govie, and I happily did that. I worked at ICE for a while. And then that whole capability, because it was successful, it moved to DHS headquarters to manage.
And I moved over there as the first DHS ICAM Architect at DHS. Which was really, that was a great time. I had really enjoyed doing that and had a good impact. DHS is a great agency to work for. And then we were kind of complete with that mission. So the single sign-on it was a system we called AppAuth, is what we were using. And so we were pretty much mission complete, that DHS was completing, implementing HSPD-12, the smart card across DHS. And that SSO service helped people to log into the network with that. There wasn't any activities that they were funded. So I went ahead and went out to the industry for a while, worked for a couple of organizations, most notably for Oracle for a while.

Christine Owen:
And then after that, you came back in CISA, right?

Ross Ford:
I did. So I'll tell you a little story about how that happened. I went to an identity management conference, I can't remember which one it was, and I guess it was in 2015. And I saw a mentor of mine, Jim Quinn, who really had been the person that had been mentoring me all the time at DHS. And he was talking to DHS, and it was after the OPM breach, and the government knew they needed to do something to really keep that kind of event from happening again. And I didn't know exactly what they were going to do, but I told Jim, I said, "Look, I would come back to the government to help solve that problem, right? To keep that from happening again."

And a couple of months later, he said, "Hey, there's a job posting you might be interested in." And I went ahead and went to USA Jobs, did the thing, did the posting. CISA called, they actually interviewed me for one position first that I wasn't a great fit for. And then finally they interviewed me for the ICAM position on what they called phase two at CDM. And I was a great fit for that. And I came back in and worked with CDM. The whole time I've been at CISA from, that was March of 2016 till now, I've been supporting CDM. But it's been progressing. So CDM was the first place I worked, and then we formed a larger group at CISA called the Architecture and Engineering Center of Excellence. And that's, when I retired, that's where I was working for Bronco-Bogen at the COE.

Christine Owen:
So let me ask you, when you got into the government the first time versus the second, was it faster to get in? Because CISA had different hiring allowances then, right?

Ross Ford:
It was faster for me to get in the second time than the first, because I had already, they had to do the gap between when I left the government, you know. But I'd been working in regulated industry, so I had a pretty, they could look things up, always doing secret stuff and everything. So it wasn't that hard. It took me a few months and then I got in. They would've liked to had me in even faster, because they really had a couple of task orders that were ready to go, the credit management and the proof management task orders. But hey, it was just a few months, and that's really lightning speed in the federal space.

Christine Owen:
Yeah. And it's really good. And it's a credit too, I really do feel like a lot of that, they figured out how to fix that after the OPM breach. So before it would take at least a year for anyone to try to get into government from time of application to start date. And then they realize like, oh, cybersecurity is important. So they kind of started fast tracking cyber jobs, which has been very helpful. And they do a decent job of attempting to match salaries when you're coming in from outside, as well as they can within the GS scale.

Ross Ford:
Yeah, I was fortunate. And I don't think it was a small thing that, I may have come back anyway, but I knew that CISA had some incentives, right? Retention and hiring incentives and so I took advantage of those. And CISA's really one of the, DHS and CISA both are leading and trying to modernize the workforce, the type of workforce, how we hire, how we retain people, really to get the best folks. And I think it's working for them. Yep.

Christine Owen:
Yeah, I think so too. So the CDM program was a really big program. It still is. Even though we're getting into the smaller agencies, I actually think CDM is going to be pretty amazing for them, once it really starts helping with the small and the micro growth agencies. But what do you think, because it did change the way that agencies contracted with products, especially cybersecurity and ICAM products. So what do you think was one of the biggest impacts and the biggest takeaways from that program when you were there?

Ross Ford:
There's really a number of different things that I want to call out. The first is just that trying to help agencies across the federal realm, focus on important themes, is really important. And some of it's really hard to do. So CDM first starting, they were trying to help people get a handle on their assets and their environment. And it was more difficult for agencies to understand what assets they actually had on the network than one might think. Some agencies were reporting through Cyberscope, they had this number of assets. And then when CDM put some tools in to actually scan the network and look for them, they might've had 50%, they might've been known about 50% of them, right? So it was really important to get in and using the network itself to understand what is on the network. I think similar to understanding the network posture for assets like devices, understanding the humans on the network are really important too.

And so that was one of the things that we did with the credit management and the proof management part. And I think the most important aspect of that is what we already knew in working with big organizations outside the federal government, is you really need to take an enterprise view of your workforce. You need to know who the people in your organization are. A lot of organizations had many different active directory services running around. The federal government was actually advantaged by the fact that we had the IDMS systems, the systems that the HSPD-12 regime uses to make sure that people get cards and then they know who is authorized to work on this system. But what CDM did with a mass user record is have a place that all those users could be operationally recognized. And so that was really important.

The other thing, and this is directed about the Cybersprint, is privilege users were really needed to have focus on them. And while a lot of agencies were using their PIV cards for some of their privilege users. A lot of places that you want to be able to give privilege access, PIV cards didn't support it. So we were able to bring in some other tools to help agencies bridge that gap, where they can use their smart card to log into the privilege access management tool. And then the privilege access management tool can manage the secret, which is the only thing you can log in, in any of these systems using. And then you can rotate those secrets, so that you don't have static long-lived secrets that pose really a big risk in the environment.

Christine Owen:
So do you think that the rise of, so... You're giving me flashbacks, because I completely forgot, I wasn't even thinking about this. But CDM definitely started when there was a huge push to get PIV cards into federal employees and contractors, mainly because of the OPM breach. And after that, I was helping out GSA at the time. So it was taking a long time for us to convince the agencies. And then they finally started to say, "Okay." But then they said, "Now what do we do with this?"

Ross Ford:
Yep.

Christine Owen:
Do you think that the rise of modern authentication helped PIV card adoption with the way that, basically the allowance of SSO and authentication throughout?

Ross Ford:
It's kind of been a mixed bag. The modern authentication techniques that have been emerging have been coming from people that don't generally utilize smart cards as authentication basis. So we've had to work with industry to realize that if you're working in the federal, we have this smart card. You need to integrate this smart card into your SSO services. But it is definitely true that modern authentication SSO services are superior to the SAML-based authentication services. That really were built, and they were pretty well-built out in some systems, SAML-based services using the smart card. So it's an interesting transition that's occurring from the SAML-based assertion model to what I call a more flexible and authorization-based single sign-on model that OpenIdentity Connect can provide with the OAuth 2.0 underpinnings.

We've just begun to kind of touch on those capabilities. I can see the industry is struggling with it a lot. In that they're trying to figure out how to add authorization into their single sign-on and their identity services as a, particularly for most of the industry as they're trying to deal with partners and citizens coming into their systems. And there's a strong drive in that direction with modern all auth-based authorization claims-based models. With the citizens that involves having consent, and trying to use larger scale login systems like log in with Google or log in with Apple. Those things are what we see emerging in the consumer space. But not so much in the federal space, because we need a higher level of assurance, generally speaking for those. Now those technologies will be beneficial to the enterprise as well.

Christine Owen:
Yeah. No, I agree. I also am now realizing, it was a completely different timeline back when Owen and I met you and I started doing IAM.

Ross Ford:
Yep.

Christine Owen:
But CDM really had a lot of, they had a lot of on-prem solutions. And now I feel like CDM has mostly cloud solutions. And what I'm thinking of is the agencies that I know that have gotten bought from CDM recently, all of those things have been cloud-based solutions. So what do you think about that? Do you think that's helping the cybersecurity posture of the federal government? And how do you think that that's going to impact us as a whole moving forward?

Ross Ford:
I want to talk about a little bit inside baseball at CDM, in that CDM is, it's not only a program that helps deliver services, but it has an acquisition arm. And that acquisition arm is really a brilliant bunch of people. Niki has been able to make sure that as CDM modernizes the way it delivers services to agencies, that the type of services they acquire can meet that modernization. So I'll give you an example, right? So like you said, CDM started out, we're trying to protect agencies. The legacy environment is primarily where those agencies reside. And the things we did are appropriate for that. And then as you move into other types of delivery, and I'll say the first one was these endpoint detection response tools, which are necessarily delivered mostly by the cloud service providers. And we're able to flex into being able to acquire those kind of services for people.

And then just in general, as you see the drive towards zero trust architectures, the delivery model of the services that support zero trust architectures are much greater focused on cloud-based services than on the legacy environment. And CDM all the time continues to modernize their approaches to doing those things to match that kind of system delivery model. And Niki Lane, like I said, she is one of the smartest ladies I've ever met. She is tremendous at helping CDM navigate its way through acquisition processes, which you know they're not always the most advanced things you can do. But I will you that CDM continues to win awards about being on the cutting edge of acquisitions. And they'll continue to do that, because that's where the thread is moving to. And so CDM has to move just to be able to be effective, and they are doing that.

And then Matt House, who, he's the CDM program manager now, Richard Grabowski, the deputy program manager and the lead architect, they both have had a lot of experience with service delivery. Now they've been doing that through, like I mentioned, ADR parts of CDM, network access control parts are moving in that direction. And I'll also say that you mentioned earlier the small agencies. So CDM has been delivering service to small agencies ever since its inception. And it does this in the service delivery model. And that service delivery model has been evolving as the capabilities become more cloud-focused as well. And that is actually a really good place to try a lot of new things out in the small services. And the small agencies need the help, because often they have very small IT teams. And they need to have really good help from competent providers in order to meet their security needs.

Christine Owen:
And what's really interesting that I've seen in the government is some of the small agencies actually have some of the biggest missions that we don't even know about.

Ross Ford:
They do, exactly right. You think they may have really, they're small wings, but they have big mission, and the information they support is really, can be very sensitive, right? Yeah, yeah.

Christine Owen:
Yeah. It's really impressive. So I see some really cool awards behind you. So I see the DHS seal, so I assume that's your retirement seal. And then you have a really cool plaque. What are those? I feel like this is your career in the government as a whole.

Ross Ford:
So the top is, I was a plank owner for the USS Buffalo, which was a submarine. And I'm really proud of that, that was a great place. Actually, the reason I'm a good engineer, if I am that, is because of having been in the Navy. And they taught such quality and excellence in that organization as a submariner. I owe everything to having started my career there. And then DHS gave me opportunity with this SSO stewardship, which is really very unique. And I was recognized by Director Morton and the CIO for having put that SSO thing together for DHS. And I'm really proud of those activities. They were really fundamental to establishing me as an engineer and then as an ICAM engineer. And I want to say that being that ICAM engineer has allowed me to work in so many different areas. I mean, working for the Federal Mobility Group, on the Mobile Security Working Group, to help organizations and agencies understand how mobility is taking the lead in our identity space now.

Just being on the Federal ICAM Subcommittee, because I was pretty smart in this space that when Sisson needed to join that Jen asked me to be that, and I was really happy to be there. I got to say in the industry, my reputation I guess is pretty good, because I was asked to join the FIDO Alliance of Identity Management Working Group. And that was really a great experience too, because all the best vendors that are serving identity in the federal space have been working with ATARC. And ATARC's done a really great job, not only in identity management, the zero-trust working group of bringing industry together, showing how this can be actually implemented. So agencies don't just have to do this as a thought exercise. They can actually look at how some of these systems come together. And none of that would've been possible if I hadn't spent time in the ICAM space, which allows you to get connected to so many different kinds of systems and different themes.

Christine Owen:
Yeah, I think you definitely hit the nail on the head there. Because I'm definitely very active in FIDO and I was active in I-CAMZ when I was a consultant with the government. But what I find is that not just agencies, even companies, they work in silos when it comes to ICAM and identity and access management. And they don't understand that actually if you start talking to your vendors, your vendors probably know other companies or organizations that have had the exact same problem that you have. They can put you, and talk to other people and you can start getting a broader view. Even though you don't have the same systems, you can still start figuring out what is the best way forward.

Just because it worked for that organization doesn't mean it'll work for years, but at least you'll start getting really good ideas to get unstuck. That's what I-CAMZ 100% does, and I think it's really important for the federal government. But you also get that when you are in those other cooperative working groups that are public-private cooperation. Because both sides have seen a lot and learning from each side to be able to bring stronger cybersecurity measures is really important.

Ross Ford:
Yep. Couldn't agree more.

Christine Owen:
Yeah. So, so now this is not the end of your road though. All right. So you're retiring just from the government, you're not fully retiring. So I'm going to start by asking you what's the one thing, or it's probably I, let's try to do a handful of things, because I know a lot of things keep you up at night and it's not just one, but what do you see on the horizon as the next big threats to the US infrastructure?

Ross Ford:
So I want to give a shout-out to Dr. Garfield Jones, Gary Jones who, so last year, Gary used to be the lead engineer at CDM and he's now leads the strategic technologies at the Office of Strategy, Policy, and Plans at DHS. And we kept touch really good friends and colleagues. So he knew I was looking for new challenges. Not that identity is not exciting, but it was only filling up part of my brain and I needed to fill up others. So I got a chance to go work on a detail with Gary last year for about four months. So much ICAM work, I couldn't spend more time in that, but I was able to do that. And there are so many things that I was able to explore when I was working with Gary. First I want to say is, Gary knew that machine learning and artificial intelligence was really important to me.

And when Gary got his doctorate in machine learning a few years ago, we talked a lot about the things he was going through to make sure he put together his thesis properly and defended it well. He's a brilliant guy and I'm really happy about that. So we got a chance, a little bit of chance to talk about ML and AI while I was over there. The other thing that Gary knew I was really interested in is when I was a nuclear engineer, I first became aware of quantum mechanics, because quantum mechanics actually are what make the nuclear reactor work. And so that is way long time ago and then nothing, nothing, nothing. And now quantum mechanics is emerging to become really important, specifically in a sensor technology right now. But everybody's working really hard to build a quantum computer, and I'll say quantum computers of various natures, right?

You have a friend of yours who is building a certain type of quantum computer, trapped atoms computers, or atoms and matrix, which that's one type that is actually easier to control than the ones that've been trying to build for 20 years. So there's a lot of things that are emerging there, but that's probably too far out for me to really worry about doing in my next phase of my life. But one thing that is very interesting is that as these quantum computers emerge, cryptography will probably fall fairly early as they build larger scale quantum computers, because asymmetric cryptography is vulnerable to cryptographically relevant quantum computer is what they call it. And asymmetric cryptography is what we base all of our encryption and our digital signatures on. So there's an immediate need now. And I worked with Gary to help explore what those things are, and that might be some place that would scratch the edge that I have to do things.

But there's others too. I mean, even in the ICAM arena, on CDM we had some agencies asking about non-person entities. So there's a lot of humans that operate on the network, but there's a heck of a lot more non-humans that are doing things in our world. And if we bring in these artificial intelligence agents, there are agents that are operating an ever-increasing responsibility on the network. And I think helping people get a handle on how to identify the workloads that are doing things in their environment, they're not going to be managed the exact same way human identities are. Like identity proofing, yeah, you're going to have to do something different for workloads and machines, but there probably needs to be a corollary to that in the machine space. I really am excited. Justin Richer, who is one of the guys that works with NIST and all that ICAM stuff, he and some other folks like Dean Sachs from the FIDO Alliance and a whole bunch of guys that formed this whimsy group, which is, it's workload identity management.

And so I think that's one of the things that I'm following. One of the challenges when you're in the government, you don't have that much opportunity to participate on so many cool things. I was lucky to be on the FIDO Alliance and ATARC. But this will give me an opportunity to be a little closer to that. And I just want to say that the OpenID Foundation also has initiatives about managing machine and non-human workload identities too. So that's an area of a lot of interest to me. And I think on any given day I can spend 10 minutes thinking about what is cool in this world, and there's just so much stuff that is coming down the pike.

I think our world is going to be changed forever just by the fact that we're living in a digital world. And all the things that we learned, how to live in our physical world together nicely such as it is, will have to be translated into the digital world. And to me that is just really exciting. And I don't know what's going to be next, but I guarantee it's going to be something exciting. And hopefully it'll have really good outcomes.

Christine Owen:
Yeah, I think, first off I think I read this week that the federal government is supposed to be releasing their post-quantum plan soon, within like this summer, definitely by the end of the fiscal year. So I think that that's going to be something that's really important that everyone reads, not just vendors but also implementers, because everybody uses this cryptology. Literally everyone, it's a [inaudible 00:33:46]. It's everywhere. So we have to understand how to go and kind of shore up our systems for post-quantum for sure. What's really interesting is what's keeping me up at night. I know you didn't ask me, Ross, but I'm going to tell you. What I think our biggest threat right now is, is within critical infrastructure.

Ross Ford:
Yep.

Christine Owen:
Just because we have a lot of, critical infrastructure was built around the same time as the government built theirs. But critical infrastructure doesn't always have the same amount of funding that the government has sometimes and sometimes doesn't. And it depends on the year, you know? But I think that it's really important that the federal government really starts to step up and help out the, what is it, I think it's 26 critical infrastructure areas that have been identified by CISA. And I think that that's where I'm most worried about, because attacking, if a bad guy was to attack the federal government, that's obvious. So if I were a bad guy, I'd attack a water system somewhere.

Ross Ford:
It's really funny, after I left the Navy and before I worked for that telecommunication company, I worked for seven years where I got my degrees at a manufacturing company. And what we did in those seven years is we modernized from analog technologies to digital technologies. And if you know anything about big industries, that's just from the time I did that in the nineties till now is just about the life cycle of those tools. So they were PLCs, they're digital. And they were not designed to be on a network, but they have become placed on the network over years. And now with advances in the adversaries advances, let's just put that, and the lack of deep inspection of the technologies that we built in the nineties, I'll just say that as the other side of it. You'll see that CISA is a lot of OT vulnerabilities, ICS vulnerabilities all the time.

I don't think that industry is necessarily worse than any other industry. They have longer time frames of their delivery, and many of these technologies were developed for constrained environments. So you had to be really careful about... They just didn't have a lot of processing power. So they built minimal things and the network stacks were built kind of a long time ago and they weren't updated. And all of those things in the OT environment lead to the need to really spend some time. So I think you're right. Critical infrastructure is a really important sector that didn't get a whole lot of attention. Now it is. And I'll just say, look, CISA's really front and center there. My colleague Greg Bastien is out at Idaho National Labs, they're doing a lot of ICS work out there. They actually have training labs that can help people come to learn how to look for cybersecurity weaknesses and how to cover them up out of that lab. CISA really does a yeoman job in so many of these areas.

Christine Owen:
Yeah, I mean there's a White House memo that just came out yesterday about cybersecurity priorities, and the first line of it was really critical of the structure. I think you're right. And I mean, I think part of it is all of the critical infrastructure in the U.S., There's a lot of mainframes in the background, because that's what was built when those companies started. And so we have to figure out the best way to protect them, because it can be scary.

Ross Ford:
And I don't know if things have changed from the nineties when I was involved in, when the Y2K thing was coming along, those mainframes were something that were there then. And I guess, I remember I told you I was working on doing some web things then. So what I would do is I would recommend people find a way to put web front-ends in front of the mainframes, isolate the mainframes behind that, have a Unix LPAR, log in with strong authentication Unix LPAR. And then, because those mainframes they don't generally accept long passwords. You know what I mean? So there are techniques that I don't know if they've changed much, but there are techniques you can use to isolate the mainframes.

To put the dynamic part of your interaction with your users in modern technologies and then allow the mainframes to do what they do best, which is man, they crunch data like nobody's business, and they do it really effectively. I mean, I remember that we used to use the term, they were transaction-safe paths into mainframes. And you could actually make sure that if somebody's doing this transaction, it's going to go to completion and you don't have to worry about anything happening as long as you're taking that transaction set, because it guarantees proper fulfillment.

Christine Owen:
Yeah. No, you're right. All right. Well, I think we are about out of time. So my question for you... Which I love talking to you, of course, I always love talking to you, but my question for you is what is your one final takeaway of leaving the government, getting ready to go back into the private sector and take what you learned from the government to the private sector, what is it that you think your big takeaway is?

Ross Ford:
So I'm going to say that those things help each other, right? I've been moved from private sector to public sector and back to private sector. Each time I'm able to take something. Right now, I'll be taking really deep understanding of what CISA's trying to do to helping organizations modernize. To take what I know is the biggest themes about risk that we've learned. To do things like, you know CISA has the known exploitative vulnerabilities database, for instance. It goes beyond just, we know all the CVEs that are out there. CISA goes deeper and says, okay, but these are the ones we know are being exploited right now. So being able to use all the indicators of operational excellence and make sure you're aligning with that.

The key here is all about having good consciousness about what's going on and the things you do, do with intention. Make sure that you're not just trying to go through some client compliance checklist, that everything you do, you're doing because you know need to do it. There's a risk that you're trying to mitigate. And be very intentional about the risk you're mitigating and then move on to the next risk, right? Take your highest risks and go after them and then go to the next one.

Christine Owen:
Yeah, that actually makes a lot of sense. I love it. Wonderful take away from you. Thank you so much, Ross, for joining us today, and I look forward to seeing you in person soon, hopefully.

Ross Ford:
And I am an Identiholic, so I appreciate you doing this, Christine.

Christine Owen:
Oh thanks, Ross. All right. Thanks a lot and we'll talk soon. Bye.