RSA Conference 2024 | Ryan Hebert | NYSE

Clips
News
More from RSA Conference 2024

Ryan Hebert

Head of Cyber Assurance

ICE

Unlocking cybersecurity excellence: The BISO’s vital role in safeguarding enterprises

For enhanced cyber threat protection, the role of a business information security officer has become essential in the modern era. A BISO acts as the link between operation and security teams.By connecting the dots between business and cybersecurity functions, a BISO enhances data loss prevention, risk assessment and compliance, according to Ryan Hebert (pictured), business information security officer, New York Stock Exchange and Fixed Income and Data Services business units, at Intercontinental Exchange Inc.“We acquired the New York Stock Exchange in 2013, and then we got really into the mortgage technology space,” Hebert said

play_circle_outline The Crucial Role of the Business Information Security Officer: Challenges, Responsibilities, and Collaboration in Organizations

play_circle_outline Mention of IBM's BISO model and patterned approach with Chief Data Officers

Info

Ryan Hebert | NYSE

Ryan Hebert

Head of Cyber Assurance ICE

search

Shelly Kramer

>> Hello and welcome back to the live coverage of theCUBE here at RSAC, happening in San Francisco. All things cyber security is top of mind today, and we are so excited to be joined... Actually, I'm here with my colleague Dave Vellante. Also David Linthicum, who's not at the table today, but he's here covering this event with us and we are so excited today to be joined by Ryan Herbert, who's the BISO of the New York Stock Exchange Fixed Income and Data Services. Ryan, welcome. It's so glad to have you.

Ryan Hebert

>> Thanks for having me. This is great. I'm really excited to be a part of it. Thank you so much.

Shelly Kramer

>> We're going to start off with, I just called you a title that I've not heard before, a BISO. Talk with us a little bit about, I know that we're seeing a rise in the use of this role within organizations. Tell us what it is.

Ryan Hebert

>> Yeah, we've got an amazing Chief Information Security Officer, he's been with us for about two years. But we found that the traditional Deputy CISO role just doesn't really work. It kind of just compounds the issue of still having not enough sprawl to support all the businesses. And we've been going very horizontal over the last five to 10 years. We acquired the New York Stock Exchange in 2013, and then we got really into the mortgage technology space. We made four major acquisitions and we built some things around it to add that same transparency that we have in the New York Stock Exchange and our other derivatives markets, but doing it on the mortgage side. So what that brought about is a whole set of availability issues from a cyber perspective. So I have a peer who runs the mortgage technology side as a BISO. I have another one who does our traditional brick and-mortar derivatives, clearing, our bread and butter, which started the company. And then I've got the crunchy center, which is the New York Stock Exchange Fixed Income, so our securities, bonds, things of that nature. And then the data services piece. So all the information that's coming from all those different products that we provide our customers, we can provide to you through a data services.

>> So it's a business alignment initiative, right?

Ryan Hebert

>> Exactly. So I am able to be more available for those three businesses, whereas our poor dear Steve can't be at all 62 businesses at once. So it's more of a business alignment.

Shelly Kramer

>> And it's smart.

Ryan Hebert

>> IBM has a BISO, a dimple, and they have multiple BISOs. And they were telling me that they sort of patterned after, they did this with the Chief Data Officer, they did put the Chief Data Officers in each of the lines of business, which makes sense. Why have a deputy when you can actually align with the business. So it makes a lot of sense, and that way I'm more familiar with the developers. I'm going to be asking them to do remedial activities and fixing things. And I'm also going to be hearing about which changes we're going to be doing to the product set. So if I'm in a room with folks like y'all or other people that are going to be listening with the company, I'll have more context on those specific businesses.

>> And you can bring them ideas as well.

Ryan Hebert

>> Right, knowledge share is always a big thing. Yeah.

>> Cool.

Shelly Kramer

>> So tell me, you've spent the last couple of days here, you've been talking, you've been walking the floor, you've been talking with customers, all that sort of thing. What kind of vibe are you picking up from this show and how is it different than the experience that you had maybe last year?

Ryan Hebert

>> So I used to spend all the time on the floor talking with the different companies, and it's been a great experience. Every I get to go see what's coming out with them. But we've also been doing some interviews ourselves at our office. We actually have an options trading floor here in San Francisco right down the street. So we've been spending time in here with our customers, but also asking them to come to us. And the reason we do that is because we've got 2,400 listed companies. And 80%, 80 plus percent per year of IT spend at the enterprise level comes from those partners. So we're really interested in seeing what technology's coming out and if we can do any sort of help and connectivity between our friends that are listed with the Exchange and also these new companies that are building amazing things. Obviously AI is the thing that everyone's talking about. It's the topic of mind, and we're hitting it from three different angles. We're partnering with companies that are building things. We're building our own and our own AI experience that we've built through at NYSC, which we can probably talk about a little more. And then we're also true blue finding vendors that are doing solution sets within that space that we need to work with. So three different tranches of AI. So it's a lot of talk in that space.

>> And you announced the AI Center of Excellence, and I want to ask you about that, but were you here last year?

Ryan Hebert

>> I was here last year.

>> So one of the big changes between this year and last year, I wonder if you've noticed it as well, was last year we were talking about Gen AI. Of course everybody was chattering about it and the bad guys are going to use AI to write better phishing emails. But eventually the defenders are... You've heard that narrative. What's different this year is wow, natural language processing Gen AI is different. We have to think differently about securing it. It's just like cloud created the API seams, LLMs are creating new vulnerabilities. Have you heard that? Do you see that? How does that fit into the center of Excellence?

Ryan Hebert

>> Yeah, absolutely. So several different ways you can slice it. So you've got machine learning, you've got large language models, and you're also building a model where you either inform with customer data or you don't. It depends on them. Are you going to hand them a model that's already informed? How are you going to keep it trained? So it's really a privacy concern in terms of what data's going to go in, who can see it. Role-based access control of access to the query output is really big for us. There's a lot of companies that are talking about how they're going to make solutions for that. I'm listening to that intently because I have to think about customers for me are internal users, but I'm also thinking about customers of the products that we serve to our customers. So really concerned about privacy, really concerned about encryption of the data as it moves through that process. And understanding how we can only provide a source valuable to the end querier that will also not give them more data than they're supposed to see, right.

>> Do you feel like, does it require different processes, different technologies, or is it just a different emphasis?

Ryan Hebert

>> I started out learning about this thinking it's just going to be the same thing as a VM or living on a web application or a SaaS. And it's simply not. It isn't, because the implications of what you can do with them or how you're going to train them, just revolutionize, change that. It's not the same security approach. You have to take a completely different tact. So you have to understand which people in the company, am I going to be allowed to use the outside non-enterprise versions that are out on the internet? And then if you look at it like five or six years ago, I kind of likened it to the data loss prevention issues that you would have with concerning yourself with opening up Dropbox or Box. And no offense to those companies, it's amazing tool sets, but we couldn't rightfully allow internal use of them because we're not sure what data might leave the house, right?

Shelly Kramer

>> Yeah.

Ryan Hebert

>> Similar to that, but the security around how you do it is far different. That's three bucket. Yeah, you're not just dropping a DNS rule and blocking people from hitting it on their laptop, right? It's totally different.

Shelly Kramer

>> A lot of the conversations that we've been having today and leading up to this event are all around permissioning and the strategy by which people approach that. And a lot of the common theme that I'm hearing is you start with zero access-

Ryan Hebert

>> Start with zero.

Shelly Kramer

>> And we're not accustomed to doing that in many situations. So it is a very hot topic-

Ryan Hebert

>> Yeah. I find the most, yeah, sorry, I didn't mean to interrupt.

Shelly Kramer

>> No, you're fine.

Ryan Hebert

>> I find the companies that have the most sound approach that will probably flesh out well are the ones that are doing the flip. Similar to what you said. You look at it like a triangle where the data resides at the bottom, and then you've got a layer between where the infrastructure lives and then you've got a layer on top of that of your internal users, right? Most people with any sort of access control or PAM or IM start at the data and worked their way up. You need to reverse it. You start at the top of the triangle, you determine who in what portion of the business has rights to what sorts of data, classify that data using a tool that you may build yourself or partner with a vendor. And then as you have those roles defined, then you tag those to those data sets. So they can get every use out of a machine learning tool or a large language model that they need to be productive in their role, without seeing the amount of stock that a certain company or a certain person in the company has, or what their social security number is. Things that are coming from the HR side of the fence. And on top of that, with us having NYSE and having our capital markets team, they're privy to a lot of information about our friends here at this conference that may want to go IPO in some day, but they're not supposed to allow other people in the company to see that. So there's a lot of implications with the data that you need to see.

>> So as you were talking, Ryan, I draw a triangle, two-dimensional triangle, data infrastructure users, and then I said, oh, but that triangle's actually three-dimensional now because I've got data everywhere. I've got infrastructure in the cloud. I've not got critical infrastructure now, and I've got users that are all over the place. So it's vastly more complex world than what we live in now.

Ryan Hebert

>> Yeah. I mean, I think the key indicator of success for being comfortable about allowing customers and providing services using this technology to our customers, and when I say customers, I mean internal customers, is really reliant on the encryption of the data, how you encrypt it, and how it's able to stay encrypted as it moves through the process. Some of the companies are doing it at the hardware level. I think that is a so smart of a play. Doing it at runtime, the only way you can get access to that data is if you destroy the GPU, right? So in trying to get to that piece, it would in effect make it null and void. So having the right approach from a technology standpoint to keep the data encrypted while it's going through the flow of query to model, back to the end user for output, is I think going to be the really success story.

>> You'd obviously want to encrypt everything all the time.

Ryan Hebert

>> Not necessarily.

>> Everywhere.

Ryan Hebert

>> Not necessarily.

>> So my question-

Ryan Hebert

>> I'll go with, sorry.

>> My question was going to be, but there's penalties to doing that-

Ryan Hebert

>> Latency.

>> Exactly. So I wanted you to, from a technology standpoint, explain those trade-offs.

Ryan Hebert

>> Yeah. So perfect kind of flowing back to the BISO model and why we do things. So we all have threat objectives. We understand what the bad actor's trying to do to us, and then we will try and tie controls to those things. So my friend in the mortgage technology space, he resides on top of 180 million social security numbers. PII is a huge deal to him. Whereas on the MYSE side, the second the trade executes, it's an order number with two different IDs, and that data is public the second it happens. So I don't really concern myself with encryption at that level at the bottom because I want to get that information out fast. And I want to be able to use it in the data services side to also provide the pieces of information to the ICE data services customers as well. So latency is a huge concern, whereas if you're allowing encryption to not affect that, then we can talk about doing it across the company. But at this point, I'm not there.

>> So two things there. One is sometimes it's not necessary for public data. When it is necessary, let me rephrase. So when it is necessary, presumably you'd want to do it all the time, but there are trade-offs. What are those trade-offs? And is the technology industry essentially compressing those, such that they are now irrelevant, or are they still a consideration for a technologist?

Ryan Hebert

>> Not irrelevant. Still strong consideration needs to be had. And it goes back to the data classification piece. So if you identify and understand where it resides, who needs access to it from an internal and external perspective, then you can rationalize the cost of encrypting across the board. But at this point, it just doesn't make sense for all pieces of the data. So that's just kind of where I am. It's a personal opinion.

>> There's an expense there-

Ryan Hebert

>> Right, there's an expense.

>> That's not worth it at this point in time. But the reason I ask is, there's always a difference between when you talk to a practitioner and you talk to a vendor, there's always a gap. The encryption guys are saying, oh we've eliminated those penalties. They're so infinitesimal that they're de minimis, but that's not the case.

Shelly Kramer

>> Well, and you have to also think about the employee experience. And if you ratchet things down so much that just the process of trying to do your job is so really frustrating, then we don't make any forward progress. So I think that-

Ryan Hebert

>> That's a major focus point for us this year is user experience, for both customer and internal customer. So finding the easiest way to perform menial day-to-day tasks using AI, but not ratcheting it down so much that it becomes unusable, right?

>> That's an ongoing balance, isn't it?

Ryan Hebert

>> It's always going to, you want to put the handcuffs on, but then again, you got to take the handcuffs off to allow business flexibility and, you nailed it.

Shelly Kramer

>> So before we wrap our conversation, I think you had some news around Launchpad, and I know that you announced Launchpad in the fall of 2023. But I think your news is maybe kind of exciting.

Ryan Hebert

>> Yeah, so we've been talking about doing Launchpad for quite some time. We really wanted to showcase the fact that we're a technology company. Obviously we provide a traditional 234 year old company in the New York Stock Exchange. But at the root of it, we're building technology to support our customers, and we want to influence what their decisions may be in the right way. So we built an instance of a cloud-provided service. I won't name them because they're not a part of it in fulsome, but we're using our VC friends and my ability to go out and just find tech that I think is interesting and cool. And we found a company named Oasis. They do non-human accounts, and we've already put it out on the Launchpad. So now everyone within the company can go access, see this tool, see what it does, find use cases, provide knowledge share, give it back to that company as well to improve upon it. And now, every time that I'm talking to these VCs or these folks that have their nice booths in here, I go, do you have a problem with non-human accounts? We do. Have you talked to Oasis? You need to talk to those guys. It's just a good way to start seeding that conversation with our listed companies and with our own internal users as well.

Shelly Kramer

>> And Oasis is the first?

Ryan Hebert

>> That's the first. We've got about 50 or so in the queue that aren't public information but we-

>> 50?

Ryan Hebert

>> 50.

>> Ah, okay. Busy.

Shelly Kramer

>> Yeah.

Ryan Hebert

>> Yeah.

Shelly Kramer

>> Well, this has been great, Ryan. Thank you so much for spending time with us today. So Ryan Herbert, the BISO of New York Stock Exchange, Fixed Income and Data Services. And for me, Shelly Kramer, Dave Vellante and David Linthicum, and our team here at theCUBE, coming to you live from RSAC conference in San Francisco, where the focus and all the conversations are on security and AI and compliance and everything we need to know. So anyway, you keep it right here on theCUBE, and we'll see you again later today.

Ryan Hebert | NYSE

search

Shelly Kramer

>> Hello and welcome back to the live coverage of theCUBE here at RSAC, happening in San Francisco. All things cyber security is top of mind today, and we are so excited to be joined... Actually, I'm here with my colleague Dave Vellante. Also David Linthicum, who's not at the table today, but he's here covering this event with us and we are so excited today to be joined by Ryan Herbert, who's the BISO of the New York Stock Exchange Fixed Income and Data Services. Ryan, welcome. It's so glad to have you.

Ryan Hebert

>> Thanks for having me. This is great. I'm really excited to be a part of it. Thank you so much.

Shelly Kramer

>> We're going to start off with, I just called you a title that I've not heard before, a BISO. Talk with us a little bit about, I know that we're seeing a rise in the use of this role within organizations. Tell us what it is.

Ryan Hebert

>> Yeah, we've got an amazing Chief Information Security Officer, he's been with us for about two years. But we found that the traditional Deputy CISO role just doesn't really work. It kind of just compounds the issue of still having not enough sprawl to support all the businesses. And we've been going very horizontal over the last five to 10 years. We acquired the New York Stock Exchange in 2013, and then we got really into the mortgage technology space. We made four major acquisitions and we built some things around it to add that same transparency that we have in the New York Stock Exchange and our other derivatives markets, but doing it on the mortgage side. So what that brought about is a whole set of availability issues from a cyber perspective. So I have a peer who runs the mortgage technology side as a BISO. I have another one who does our traditional brick and-mortar derivatives, clearing, our bread and butter, which started the company. And then I've got the crunchy center, which is the New York Stock Exchange Fixed Income, so our securities, bonds, things of that nature. And then the data services piece. So all the information that's coming from all those different products that we provide our customers, we can provide to you through a data services.

>> So it's a business alignment initiative, right?

Ryan Hebert

>> Exactly. So I am able to be more available for those three businesses, whereas our poor dear Steve can't be at all 62 businesses at once. So it's more of a business alignment.

Shelly Kramer

>> And it's smart.

Ryan Hebert

>> IBM has a BISO, a dimple, and they have multiple BISOs. And they were telling me that they sort of patterned after, they did this with the Chief Data Officer, they did put the Chief Data Officers in each of the lines of business, which makes sense. Why have a deputy when you can actually align with the business. So it makes a lot of sense, and that way I'm more familiar with the developers. I'm going to be asking them to do remedial activities and fixing things. And I'm also going to be hearing about which changes we're going to be doing to the product set. So if I'm in a room with folks like y'all or other people that are going to be listening with the company, I'll have more context on those specific businesses.

>> And you can bring them ideas as well.

Ryan Hebert

>> Right, knowledge share is always a big thing. Yeah.

>> Cool.

Shelly Kramer

>> So tell me, you've spent the last couple of days here, you've been talking, you've been walking the floor, you've been talking with customers, all that sort of thing. What kind of vibe are you picking up from this show and how is it different than the experience that you had maybe last year?

Ryan Hebert

>> So I used to spend all the time on the floor talking with the different companies, and it's been a great experience. Every I get to go see what's coming out with them. But we've also been doing some interviews ourselves at our office. We actually have an options trading floor here in San Francisco right down the street. So we've been spending time in here with our customers, but also asking them to come to us. And the reason we do that is because we've got 2,400 listed companies. And 80%, 80 plus percent per year of IT spend at the enterprise level comes from those partners. So we're really interested in seeing what technology's coming out and if we can do any sort of help and connectivity between our friends that are listed with the Exchange and also these new companies that are building amazing things. Obviously AI is the thing that everyone's talking about. It's the topic of mind, and we're hitting it from three different angles. We're partnering with companies that are building things. We're building our own and our own AI experience that we've built through at NYSC, which we can probably talk about a little more. And then we're also true blue finding vendors that are doing solution sets within that space that we need to work with. So three different tranches of AI. So it's a lot of talk in that space.

>> And you announced the AI Center of Excellence, and I want to ask you about that, but were you here last year?

Ryan Hebert

>> I was here last year.

>> So one of the big changes between this year and last year, I wonder if you've noticed it as well, was last year we were talking about Gen AI. Of course everybody was chattering about it and the bad guys are going to use AI to write better phishing emails. But eventually the defenders are... You've heard that narrative. What's different this year is wow, natural language processing Gen AI is different. We have to think differently about securing it. It's just like cloud created the API seams, LLMs are creating new vulnerabilities. Have you heard that? Do you see that? How does that fit into the center of Excellence?

Ryan Hebert

>> Yeah, absolutely. So several different ways you can slice it. So you've got machine learning, you've got large language models, and you're also building a model where you either inform with customer data or you don't. It depends on them. Are you going to hand them a model that's already informed? How are you going to keep it trained? So it's really a privacy concern in terms of what data's going to go in, who can see it. Role-based access control of access to the query output is really big for us. There's a lot of companies that are talking about how they're going to make solutions for that. I'm listening to that intently because I have to think about customers for me are internal users, but I'm also thinking about customers of the products that we serve to our customers. So really concerned about privacy, really concerned about encryption of the data as it moves through that process. And understanding how we can only provide a source valuable to the end querier that will also not give them more data than they're supposed to see, right.

>> Do you feel like, does it require different processes, different technologies, or is it just a different emphasis?

Ryan Hebert

>> I started out learning about this thinking it's just going to be the same thing as a VM or living on a web application or a SaaS. And it's simply not. It isn't, because the implications of what you can do with them or how you're going to train them, just revolutionize, change that. It's not the same security approach. You have to take a completely different tact. So you have to understand which people in the company, am I going to be allowed to use the outside non-enterprise versions that are out on the internet? And then if you look at it like five or six years ago, I kind of likened it to the data loss prevention issues that you would have with concerning yourself with opening up Dropbox or Box. And no offense to those companies, it's amazing tool sets, but we couldn't rightfully allow internal use of them because we're not sure what data might leave the house, right?

Shelly Kramer

>> Yeah.

Ryan Hebert

>> Similar to that, but the security around how you do it is far different. That's three bucket. Yeah, you're not just dropping a DNS rule and blocking people from hitting it on their laptop, right? It's totally different.

Shelly Kramer

>> A lot of the conversations that we've been having today and leading up to this event are all around permissioning and the strategy by which people approach that. And a lot of the common theme that I'm hearing is you start with zero access-

Ryan Hebert

>> Start with zero.

Shelly Kramer

>> And we're not accustomed to doing that in many situations. So it is a very hot topic-

Ryan Hebert

>> Yeah. I find the most, yeah, sorry, I didn't mean to interrupt.

Shelly Kramer

>> No, you're fine.

Ryan Hebert

>> I find the companies that have the most sound approach that will probably flesh out well are the ones that are doing the flip. Similar to what you said. You look at it like a triangle where the data resides at the bottom, and then you've got a layer between where the infrastructure lives and then you've got a layer on top of that of your internal users, right? Most people with any sort of access control or PAM or IM start at the data and worked their way up. You need to reverse it. You start at the top of the triangle, you determine who in what portion of the business has rights to what sorts of data, classify that data using a tool that you may build yourself or partner with a vendor. And then as you have those roles defined, then you tag those to those data sets. So they can get every use out of a machine learning tool or a large language model that they need to be productive in their role, without seeing the amount of stock that a certain company or a certain person in the company has, or what their social security number is. Things that are coming from the HR side of the fence. And on top of that, with us having NYSE and having our capital markets team, they're privy to a lot of information about our friends here at this conference that may want to go IPO in some day, but they're not supposed to allow other people in the company to see that. So there's a lot of implications with the data that you need to see.

>> So as you were talking, Ryan, I draw a triangle, two-dimensional triangle, data infrastructure users, and then I said, oh, but that triangle's actually three-dimensional now because I've got data everywhere. I've got infrastructure in the cloud. I've not got critical infrastructure now, and I've got users that are all over the place. So it's vastly more complex world than what we live in now.

Ryan Hebert

>> Yeah. I mean, I think the key indicator of success for being comfortable about allowing customers and providing services using this technology to our customers, and when I say customers, I mean internal customers, is really reliant on the encryption of the data, how you encrypt it, and how it's able to stay encrypted as it moves through the process. Some of the companies are doing it at the hardware level. I think that is a so smart of a play. Doing it at runtime, the only way you can get access to that data is if you destroy the GPU, right? So in trying to get to that piece, it would in effect make it null and void. So having the right approach from a technology standpoint to keep the data encrypted while it's going through the flow of query to model, back to the end user for output, is I think going to be the really success story.

>> You'd obviously want to encrypt everything all the time.

Ryan Hebert

>> Not necessarily.

>> Everywhere.

Ryan Hebert

>> Not necessarily.

>> So my question-

Ryan Hebert

>> I'll go with, sorry.

>> My question was going to be, but there's penalties to doing that-

Ryan Hebert

>> Latency.

>> Exactly. So I wanted you to, from a technology standpoint, explain those trade-offs.

Ryan Hebert

>> Yeah. So perfect kind of flowing back to the BISO model and why we do things. So we all have threat objectives. We understand what the bad actor's trying to do to us, and then we will try and tie controls to those things. So my friend in the mortgage technology space, he resides on top of 180 million social security numbers. PII is a huge deal to him. Whereas on the MYSE side, the second the trade executes, it's an order number with two different IDs, and that data is public the second it happens. So I don't really concern myself with encryption at that level at the bottom because I want to get that information out fast. And I want to be able to use it in the data services side to also provide the pieces of information to the ICE data services customers as well. So latency is a huge concern, whereas if you're allowing encryption to not affect that, then we can talk about doing it across the company. But at this point, I'm not there.

>> So two things there. One is sometimes it's not necessary for public data. When it is necessary, let me rephrase. So when it is necessary, presumably you'd want to do it all the time, but there are trade-offs. What are those trade-offs? And is the technology industry essentially compressing those, such that they are now irrelevant, or are they still a consideration for a technologist?

Ryan Hebert

>> Not irrelevant. Still strong consideration needs to be had. And it goes back to the data classification piece. So if you identify and understand where it resides, who needs access to it from an internal and external perspective, then you can rationalize the cost of encrypting across the board. But at this point, it just doesn't make sense for all pieces of the data. So that's just kind of where I am. It's a personal opinion.

>> There's an expense there-

Ryan Hebert

>> Right, there's an expense.

>> That's not worth it at this point in time. But the reason I ask is, there's always a difference between when you talk to a practitioner and you talk to a vendor, there's always a gap. The encryption guys are saying, oh we've eliminated those penalties. They're so infinitesimal that they're de minimis, but that's not the case.

Shelly Kramer

>> Well, and you have to also think about the employee experience. And if you ratchet things down so much that just the process of trying to do your job is so really frustrating, then we don't make any forward progress. So I think that-

Ryan Hebert

>> That's a major focus point for us this year is user experience, for both customer and internal customer. So finding the easiest way to perform menial day-to-day tasks using AI, but not ratcheting it down so much that it becomes unusable, right?

>> That's an ongoing balance, isn't it?

Ryan Hebert

>> It's always going to, you want to put the handcuffs on, but then again, you got to take the handcuffs off to allow business flexibility and, you nailed it.

Shelly Kramer

>> So before we wrap our conversation, I think you had some news around Launchpad, and I know that you announced Launchpad in the fall of 2023. But I think your news is maybe kind of exciting.

Ryan Hebert

>> Yeah, so we've been talking about doing Launchpad for quite some time. We really wanted to showcase the fact that we're a technology company. Obviously we provide a traditional 234 year old company in the New York Stock Exchange. But at the root of it, we're building technology to support our customers, and we want to influence what their decisions may be in the right way. So we built an instance of a cloud-provided service. I won't name them because they're not a part of it in fulsome, but we're using our VC friends and my ability to go out and just find tech that I think is interesting and cool. And we found a company named Oasis. They do non-human accounts, and we've already put it out on the Launchpad. So now everyone within the company can go access, see this tool, see what it does, find use cases, provide knowledge share, give it back to that company as well to improve upon it. And now, every time that I'm talking to these VCs or these folks that have their nice booths in here, I go, do you have a problem with non-human accounts? We do. Have you talked to Oasis? You need to talk to those guys. It's just a good way to start seeding that conversation with our listed companies and with our own internal users as well.

Shelly Kramer

>> And Oasis is the first?

Ryan Hebert

>> That's the first. We've got about 50 or so in the queue that aren't public information but we-

>> 50?

Ryan Hebert

>> 50.

>> Ah, okay. Busy.

Shelly Kramer

>> Yeah.

Ryan Hebert

>> Yeah.

Shelly Kramer

>> Well, this has been great, Ryan. Thank you so much for spending time with us today. So Ryan Herbert, the BISO of New York Stock Exchange, Fixed Income and Data Services. And for me, Shelly Kramer, Dave Vellante and David Linthicum, and our team here at theCUBE, coming to you live from RSAC conference in San Francisco, where the focus and all the conversations are on security and AI and compliance and everything we need to know. So anyway, you keep it right here on theCUBE, and we'll see you again later today.