It does. It absolutely does. Like I said, critical infrastructure can be tied to almost anybody. And so, you know, as you as you all probably no, any kind of cyber attack against anything in our environment in our world, can be an attack against us, there are ripple effects that always happen based on one attack. So you know, it was like, say attack against one of us is an attack against all of us. So I take every entity out there as critical infrastructure in the way I view it. And not when we talk about this isn't their remote vulnerability, they prioritize those with things based on their if they are critical infrastructure, like if they're critical manufacturing, if they're wet water, wastewater, if their electrical utility. If their school district if their elections office, they get prioritized, obviously, based on the impact in the environment, I don't prioritize them that way, I basically prioritize and based on my schedule, when can I get to it and have a pretty have a fair and flexible schedule. So I can do these things with you. So some other resources. So remember, I said on these assessments, you can do them yourself, there is a free tool called the cyber security Valuation Tool, the CSET, simply go to ces.gov and type in CSAT. And you can download this tool that not only has all the assessments we do, but it has a ton of other ones and industry related assessments. And they are they're just really good evaluations that you can do on your own. Now I've had several customers say I'd rather have them guided with somebody that works in the industry and knows how to do these, at least for the first one, and then they'll follow up and they'll do them on their own later, which is better a good technique people have used working with to some electric powers, one of my, one of my people I'm working with and they're their cyber supervisor went and tried to do the CIS assessment. And he said that it's just too involved. So he's gonna have me come in and do it for them. And then they'll do all their follow ups once they learn how to do them. But you're welcome to do any of these, I encourage you to have any of your IT or cyber people download the tool, look at it, look at the assessments, understand which ones make sense, and attempt them if you'd like. And then if you or you can go through them and say, Okay, no, this would be wonderful to have Jerry come in and help us with and I'll be there for you. So it's you know, some of the some of like, the ransom ransomware readiness assessment, and Incident Management Review are built right in there. So you can go and do the assessment yourself. You don't need me, you guys can do them yourself and kind of walk through that at your leisure. That's the nice thing about doing them yourself as you can, you can spend an hour and do part of it and then come back to it next week and do another part of it. You can you can you can pace yourself through the tool. Whereas if I come on site, we're going to try to bang it all out in one shot. So that's the big difference. Now we're analysis. So if you do find yourself with malware and you want a software analysis of that, you go to our website, upload the malware and they will give you a run through a software analysis piece and it will let you know what it was who it was what they were attempting to do all that stuff. So that's a handy tool to have and Then we also do tabletops. And I listed a couple here. And there's one that I'm actually not really listing but is real is, I will, I will create tabletop exercises for you and facilitate them for your entity. tabletops are really important, they're usually the last ditch effort, people don't like to consider them. But if you have a plan, and you have a team that you don't practice it with, in the event of any event, that's not the time to practice that time is to practice in a, in a controlled environment. So everybody knows who does what, when, and where and why. And that's what the tabletops are really good for, we can do large scale ones to our national planning team, we have a regional planning team out of Oakland that will come in and do those for you, or you have me locally that will take care of those as well, I can do them remotely or on site once again. And then you also can just go to this as a website and download a template and do one yourself. There's tons of them out there. And you can build your own one. And entities like to do that initially, just to get a feel for what's what's a tabletop look like, who gets involved and walk through them. And then if but somebody still has to facilitate, I offer the advantage where I will come in, and I will do all the injects I will do all the tabletop and I will facilitate it so everybody in your entity can play. So that's the advantage that we have there. So, you know, again, if you don't test it, running around with your hair on fire is not an incident response. Having a response plan, and having it tested is very, very valuable. And then Information Sharing and Analysis. So there's an ISAC for pretty much everything out there. So we have the EIA sec, which is the elections infrastructure, there's a hospitalized sack, there's an electrical ISAC. So they're usually Information Sharing and Analysis Center and ISAC that you can sign up for that would be related to your industry, those are very valuable and free. And it's a subcomponent says A funds, the MSI sec. So that's the MultiState iSeq. It's a It's funded by CISM. So they're a partner of ours. And they offer information sharing, which is, again, you know, if somebody gets something and alerts them, they can alert everybody at the same time. And that's very helpful. So we can try to keep in front of some of these bad actors. Couple websites I highlight, yet somebody saved them. Okay. So we have stopped, they connect, which is an educational resource, the stop ransomware, all all things ransomware. It's a good site to go to cyber protective visit. That's why I mentioned you call me in and I can kind of go through these things in greater detail with your organization, we come up with the cyber plan to help bring some of this stuff online and talk about some of these things. We also have a physical protective visit. So we have to physical security advisors here in Arizona, that will actually come and do a walk through I went through cap water with them earlier this week. And next week, we're gonna go on to a pumping station. So kind of do the physical where we look at, you know, if you've got, you know, if you have ramming issues, or you have, you want to do a active shooter presentation, in your site, all that stuff, and then they walk through, look at your cameras, camera locations, blind spots, door access, and all those other things. So take certainly take advantage of that I can put you in touch with a physical adviser. And then since that got my warning on this one is, since the.gov is like, it's like YouTube for cat videos, once you go on, it's just got all kinds of stuff that you can squirrel and you look up and oh, geez, I just wasted two hours. Susan's like, says that guns like that it's a huge catalog of resources and a lot of great resources, but it will squirrel you. So if you go in without an intent, you're gonna get lost. And so I recommend using scissors that gub when you come up with somebody say, hey, I want to know how to do this, I want to research this, I want to address this problem, go to ces.gov and use this search engine. Because if you just simply go there to see what it's all about, you may find yourself lost. I'm sure some people like it, it's ever been to our website, we'll probably affirm that that is that's a challenge. So moving on here, assessments. So kind of, you know, the high level, you know, you can't protect what you don't know needs protecting, you can't fix if you don't know what's wrong, right? Um, so assess these assessments are very valuable to everyone. And I also like to highlight, we are a government agency. And so if your private sector you're like, I don't want the government getting my information because we are a republic. We're voidable if that's what you're gonna word, but we do put your data under a law called PCI, which protects your data against stuff. FOIA requests. can't disclose anything publicly. And Kenny your data cannot be used in civil litigations already. regulatory processes. We are not regulatory, we don't report to anybody. So people get concerned like, well, if you got all this information, do you have to report that to an inch to our insurance company? No, I don't And I won't, my job is to help you become more secure. And if I share your information out, you're not going to trust me anymore. And your cyber information is very, very important because that gets in the hands of the wrong people, game over. And so we collect this information and we do hold it very close hold, I don't even share. If I get information about an entity, I don't even I'm not even at liberty to share it with another scissor employee, unless you instruct me to. So it's yours and yours alone. And so just be aware of that. So then, these are just some of the different reviews this is the big one I talked about comes out with a scorecard. There's 11 of the NIST domains, it's covered in that one, that's a big one that one takes, that's a full day engagement, 300 and some odd questions. So it takes some time. But here's the output, so you can basically get a report card. And what's nice about these assessments is they tell you where you need to focus your time, resources and money. If you've got a green bar going all the way across that report, don't spend any time there, it means you're doing good as it pertains to NIST standards or best practices. But if you see red all the way across, that might be something you should be taking a look at, spend your time working in the red and yellow areas and ignore the green areas that helps you focus your resources and time. Especially if you don't necessarily know where you really need to begin. And then the external dependency thing, it's the same thing I already covered that they come up with a scorecard. And you can use this information to bring back to your finance or your legal department and make sure that these things are held in your boilerplate and your T's and C's to make sure that your best interest is covered.