Abhishek Dubey: For anybody who's building open-source or a community tool, I think giving back really helps, and it really helps building a unique business if you have a project of passion. On day one you don't have to think about commercialization. If you provide value to others, ideas do follow. Eric Anderson: This is Contributor, a podcast telling the stories behind the best open-source projects and the communities that make them. I'm Eric Anderson. Today with Abhishek Dubey who is one of the creators of CheckPhish and also Bolster. Abhishek, thanks for coming on the show. Abhishek Dubey: Thanks Eric. Glad to be here. It's pretty exciting. Eric Anderson: Oh yeah, totally. Abhishek and I have caught up a couple of times over the years and things are picking up over at Bolster. Today we wanted to talk initially about CheckPhish and how it's kind of evolved into Bolster. Both are active applications, products, maybe Abhishek you could start us off by explaining if we start with CheckPhish. What CheckPhish is? Abhishek Dubey: CheckPhish is simply a URL scanner, which scans a URL in real time and tells you whether it's phishing or a scam site in real time. Eric Anderson: Got it, so input a URL, get back a fraudulent status. Abhishek Dubey: Absolutely. Along with that, what we also do is actually tell you the targeting brand. For example, if you enter a URL, let's say it's a Microsoft phishing, we will tell you that it's a phishing site and it's also targeting Microsoft. We go beyond phishing. That is just one of the kinds of scams you can find on the internet. We can tell you if it's a fake counterfeit site targeting a Nike's Jordan sneakers. We can tell you that level of granularity. Eric Anderson: Got it. We live in a world where the internet is full of these fake sites. You probably have to pitch ready. There's some percentage of sites that are pretending to be other sites in order to capture information from users and CheckPhish allows anyone to throw a URL in. Have you already scanned out? Do you already know all the bad sites out there, or does CheckPhish check them at the time you request? Abhishek Dubey: CheckPhish checks them at the time of the request. Eric Anderson: Got it. Abhishek Dubey: That was the whole innovation that Shashi Prakash, who was my co-founder, and I built. Being in cybersecurity industry for so long, we realized that all the detections are reactive and blacklist driven. That was our first motivation to build CheckPhish. How can we build a system that can tell whether you are a phishing or scam in real time? There is no such thing as a database. We do have a cache. If you delete our cache, we will still work extremely efficiently. Eric Anderson: Yeah. You don't do any homework in advance. You're just a really good test taker. Abhishek Dubey: That's a good analogy. I'll use that next time. Eric Anderson: Okay, there you go. Got it. Tell us a bit about the story. How did you get into this business and how did that lead to the beginning of CheckPhish? You gave us a little bit of a tease here with your co-founder. Abhishek Dubey: My co-founder, Shashi Prakash, and I worked together at Cisco group called Talos. It's the threat intelligence group at Cisco. I joined Cisco in 2011 when Cisco was not known for cybersecurity, and I've been in cybersecurity space for 15 years. My master's was in cybersecurity. Back then, Eric, nobody would give me a job in 2006 because I didn't have a green card. I learned different aspects of vulnerability, reverse engineering, malware reverse engineering. In Cisco, I managed a very large group of threat researchers, machine learning scientist and built a 24x7 support team. The products I was managing was web categorization and web reputation. While Shashi was responsible for building a spam detection system for Cisco's customers. Imagine detecting billions of spams everyday across Cisco's portfolio. From both our perspectives, what we noticed was phishing is a big issue. I was seeing from the web reputation and categorization side of things and he was seeing from the email side of things. Abhishek Dubey: Every time we would come across a customer, because I also built a level one and a level two support teams, customer would say, "Why can't you detect same phishing page which is exactly the same every time? Why can't you?" That was sort of the Genesis of it. Interestingly, Shashi had deep background in machine learning and he was working on it. I picked it up through, there's something called Hacker Dojo and barrier if you know? Eric Anderson: Yeah, totally. Abhishek Dubey: That's where actually I started taking machine learning courses. I've built great friends over there, and that's where my inception of machine learning came into place. I was sort of tired because I started my life writing signatures detections for different kinds. I'm a lazy person. I thought there has to be a better way. I can't be writing signatures for every malware or ransomware that is coming out. Eric Anderson: Laziness is the mother of invention, I believe. Abhishek Dubey: That's exactly the reason was. Over time I ended up building a team for machine learning in Cisco. We both had machine learning expertise and we both had cybersecurity expertise and we believe with the advancement in machine learning, especially deep learning, we could build something proactive. Eric Anderson: Can I take you back real quick, interrupt you, because we've been talking about phishing and you've already pointed out that there's kind of email phishing, which I feel like people are more familiar with than just a web phishing. This fake web idea also goes by the name of phishing, even though it's not on your email, right? Abhishek Dubey: That's a great question, Eric. If you take a web URL, it could target multiple parties. Most people, when we think about enterprise security, we think about employees. But if you take the perspective of a brand or an organization who is doing business with some of our customers like LinkedIn, their customers end up getting these links and giving away credentials, which leads to account takeovers. That's a huge problem across the board, right? You can lose significant amount of money, depending which brand you are. Eric Anderson: Somebody puts up a fake LinkedIn, other people mistakenly log into it, but they're not really logging into LinkedIn, they're just giving their LinkedIn credentials to this party. Abhishek Dubey: It was really happening two to three ways. One is people collecting massive amounts of emails and URLs to breach. Then just brute forcing it on a brand's website. Other ways you are just doing these massive phishing campaigns and collecting credentials, which is a direct hit every time. That's what we're really addressing here at Bolster. Basically that's the problem space we are solving. Our technology can be used by the people who are providing employee phishing protection. You can use this CheckPhish URL scanner and take our APIs to implement that if you would like to, but that's not the product we are selling today. Eric Anderson: Okay. You've clarified the difference between email and kind of just general web phishing. I interrupted your description of you both now knew machine learning and you both had cyber background. One brought the email perspective, one brought the web perspective. Abhishek Dubey: First of all, we decided we have something unique to do here. We figured out how to start a company. Interesting story is Shashi took a mortgage against his home, second mortgage. I borrowed money from my wife. We had tree of friends, family, and fools that we were able to convince to get magic number to start Bolster. That time it was actually called RedMarlin. First thing we wanted to build is just this real time detection. We were basically working out of my garage in Mountain View. We literally started in a garage and built CheckPhish. We were just head down focused for really first two years to building out CheckPhish. I remember first iteration took 45 minutes to do end to end, to scan a URL. We will launch a selenium instance to launch a browser and get the detection. Abhishek Dubey: It was a very long process. Over time, we got it to a few seconds and that was really Genesis of CheckPhish. The goal of CheckPhish and motivation was first of all, to show that there's something real-time can be built. Second thing was with AI systems that we realized we need to own the data sources. There's no data source. Actually, if you go and Google, there's no such datasets that are out there. If you say, "I want a screenshots and texts of phishing pages on the internet," there's nothing there. We had to build that from ground up and we thought the best way is to provide value to the community and get community's input. If they disagree with our detection, they can give us feedback. That was the Genesis. At that time, we didn't know what would be the form factor that we will go to market with. We had some thoughts around taking an API approach, which we can talk about later. We basically use Twitter to basically promote it. Today we have CheckPhish with over 50,000 unique visitors every month. Eric Anderson: Wow. You don't hear security companies touting their web traffic very often. You guys have something special going on there. Abhishek Dubey: More interestingly, Eric, we opened it for everybody. You can use it. My mom can use it, but 99% of our traffic is enterprise traffic. Eric Anderson: In theory, all of us consumers, when we get a funny looking email, we could paste a URL in and check. But really the folks you've captured are actually quite nice for you. There's a high willingness to pay. There's higher risk among enterprise users. They're the ones whose attention you've got. Abhishek Dubey: That's absolutely correct. Initially we were not even collecting emails. We were just very generous or we had no agenda of collecting leads that we learned later on in our business. We were just giving as many URLs as you want to scan. We were able to do a reverse IP lookup and what we found out, which was very interesting, we had a hundred out of Fortune 500 companies using CheckPhish. It was just amazing. Interesting thing point to note over here is all of them can afford multiple security products to protect against phishing. This is still the case, Eric. Eric Anderson: Who are these people? Are these line workers that are worried about this email that came in or clicking on something wrong? Or is this like the CSO or kind of the head of security who's also concerned? Abhishek Dubey: There are lot of different personas who end up using CheckPhish. Because we just very recently started collecting emails, we still don't ask for profiles. We're very liberal with that. We want to have that community aspect to it. But what we understand, there are two primary personas that are accessing CheckPhish. One is security operations group. Second is threat research and threat intel group within these organizations. Eric Anderson: Got it. CheckPhish is in the wild, doing well, attracting attention. It sounds like at some point Bolster comes along. You realize that there's more you can do here. How does that emerge? Abhishek Dubey: Well, we wanted to make money because [inaudible 00:11:14] wife works. Eric Anderson: You got to get out of the garage somehow, right. Abhishek Dubey: We have a garage. We had to make money to survive. What happened, there's a very interesting story. Let me share this with you. We were at a conference at Fairmont in San Francisco and Shashi was sitting across the director of LinkedIn. This just happens by chance. They started talking about technology's pretty nerdy conference and Shashi shares that, "Oh, we have X number of sites targeting LinkedIn brand." The person says, "It isn't just not possible. We have two vendors taking down these websites on behalf of us." Shashi says, "No, we have just a better technology. We have built detection from the ground up. We can detect more than anybody else." That person got very interested and he said, "Hey, do you do takedowns?" Later, I joined them as well. Abhishek Dubey: We had no idea what to takedown meant like at that point completely blank. Our answer was, "Absolutely, we can do take downs." They said, "Okay, that's great. Why don't you come to our office?" I was like, "Okay, great." Shashi and I go back home, working out of our garage, coded up something with which we thought would work. We go to their office, we talk about it again. They got so excited about what we were able to find that they decided to become a customer without doing a POC. Eric Anderson: Now, when you say he got excited about what you were able to find, you still haven't demonstrated the takedown part, right? Abhishek Dubey: No, we haven't. Eric Anderson: We have takedowns and we're finding really good stuff. Here's a POC. Abhishek Dubey: There was no POC. Eric Anderson: No POC. Here's the money. Here's the order. Abhishek Dubey: Actually money such story is interesting, Eric, because they asked us, "How much money would you charge?" We said $20,000. We thought it was a lot of money for helping them. They went back and said, "Oh, can you add a couple of more things?" Absolutely. Probably we didn't know at this time that we were giving away for free and they decided to skip POC. They became a customer three months later because working on enterprise contracts takes really long time. But LinkedIn was really our first customer for both the platform. Eric Anderson: Got a sweetheart deal apparently. Abhishek Dubey: They did. Eric Anderson: Yeah. This was how Bolster was born. You kind of decided better to create a new brand because we want to keep the CheckPhish free and kind of community feel. Abhishek Dubey: Right. It was something both Shashi and I learned. There's something to give back is very important. If we look at our lives' journey, we were very focused on security. Even in security, fighting malware or spam, there was more of a thing to help others. Personally, I felt connected every time I would write a malware signature, I would end up protecting tens and thousands of people. That was more of an effort that initial at heart was with CheckPhish and it continues to remain that way. Bolster, basically, we landed this LinkedIn then we tried with Uber, same thing. We had data because we proactively found it. Abhishek Dubey: We were scanning bunch of website. It worked and Uber became our next customer. Then Dropbox, we found, "Oh, this is very interesting." At that time we looked at this market and we realized there were only legacy providers who are doing professional services. It was a very deliberate attempt for us to focus on this market with the thesis that we can become a market leader in this space. Worse is us going and trying to find the incumbents in employee phishing market. It was a very deliberate choice that we made. Eric Anderson: Got it. I imagine you have like the kind of perfect setup here, where you've got this captured audience excited about CheckPhish, and now you have a way to monetize that audience through Bolster. You've got the first few logos and people start piling into Bolster, or how do you kind of introduce them to Bolster? Is this a natural selling point? Do they just discover it on their own? Abhishek Dubey: Today they're discovering it on their own, Eric. We were still figuring out how to keep that community aspect and have this very enterprise focus on both because we are very large customers with a fairly large ACVs and CheckPhish community is very different. They're coming for UR: checking, but not necessarily thinking about their customers. Because the audience is so large on CheckPhish, a subset of that is Bolster customer. For sure, this is very large enterprises, but both our customers, we have connected, we have done some work so far to bring them, but we have not actively sort of made it a lead generation for our enterprise sales. There are some plans that are on roadmap to bring it more efficiently where we don't kill the community and make it a lead gen platform. We're very, very conscious about it. Eric Anderson: Great. It makes sense. That's wise a view. It's often overlooked the sensitivity of communities. I wanted to take us back maybe a little bit, because I think there was some interesting discussions to have around technology that we passed initially. You're doing some interesting things, not only on the real-time side, but other aspects, maybe you can tell us some of how this works. How are you able to detect sites in real time? I've heard of people using computer vision or other interesting approaches. Abhishek Dubey: Our fundamental way to detect something real-time went back to basics. A security analyst, why they can tell phishing or fake site every time? What are the clues that we take in input as humans versus the traditional way where people are just focused on the URL itself? If URL says abhishekdubey123.com/paymemoney, we will say that this is bad site. It has nothing to do with the content. Humans on the other hand, don't look at the URL. We miss it. We actually look at the content, right. We don't tend to and we teach people to look at the URL before entering the data because bad actors are very good at replicating the sites. Most people counter-intuitively think that the more similar the site is, it's harder to detect for computers. It's actually exactly the opposite. For computers, the more similar it looks, the easier it gets. Eric Anderson: Because you can say, this is pretty much the same thing as this thing. Only one of these things is not real. Abhishek Dubey: We have this foundation knowledge working through machine learning and different aspects of security because you can use fuzzy hashes if it's like slight variances, you can use in machine learning random forest where they're not so many sub trees because it's similar. But similarity only gets you somewhere. We took a very fundamental approach of understanding the context of the page. What the page is saying and what is the visual context? There's a textual context and a visual context. This is something all our customers know and it's public. We actually launched a headless browser in the cloud, and this is all happening in real time. If you go to CheckPhish, you put a URL, you are actually launching headless browser in the cloud. What happens is we take a screenshot and we take the text out of the page. On screenshot, we are doing multiple things. We're doing a fast image matching. Then we are doing logo and object detection on the page. Abhishek Dubey: On the text, what we are doing is we are trying to understand the context of the page. What is it trying to say, whether it's phishing or is it offering $200 discount on Jordans. We combine all these inputs. Basically there's an ensemble classifier, which tells us which brand it's targeting. What is the context? Is it asking for sensitive information? Is it a domain parking page? Once we have this context, we know it's interesting. It doesn't necessarily mean it's bad, right. I'll give you an example. It could be a DHL is a global brand. If you start seeing DHL, you will see DHL hosted across the globe on countries that we don't even know extensions off. Some people will actually mark them as phishing sites. Then we bring our security expertise and security threat intel to combine with the machine learning decisions and then make a disposition that, "Hey, this is actually bad." Abhishek Dubey: Badness is determined towards the end. First is understanding the context and the brand. We're able to do this, Eric, in under 200 milliseconds, all of this. Eric Anderson: That's incredible. CheckPhish allows me to take from a URL to determine good or bad in real time 200 milliseconds using the process you described. As a company, I can then go to Bolster and say, "Here's a URL. Can you help me take it down? This shouldn't exist." Abhishek Dubey: That's exactly right. Eric Anderson: I imagine there are companies that come to you and say, "Can you just do the reverse? Here's my site. Can you tell me all the bad sites that are trying to mimic me?" Abhishek Dubey: That's probably our secret sauce. That's how we get a lot of customers. Not only we are in real time, we are proactively also crawling a lot of URLs. We are collecting sort of our own intel. Unlike other security companies, we own everything within our product. From threat intel that is our own, from detection which is our own. We're in a very good position, Eric, from that perspective. That's how we are able to secure a very large customers very, very quickly. Eric Anderson: Talk to us a little bit about the CheckPhish community. You have these users who come and they've come to rely on you. Is there a community? Can they interact with each other? Abhishek Dubey: We did start a Slack project where we have a Slack community. We're working more on to engage them. That is part of this year to build engagement within the community. So far, we have been interacting on Twitter. That has been a form where they've gotten feedback, but the goal on the product, basically a roadmap now, is creating community to engage more. We do have a Slack CheckPhish community. Anybody who signs up does get an invite to the Slack community. Even if they are completely free and they will probably never become a paid customer, any issues with using our APIs for integrations, we do have a developers responding to it. I'm one of the active person who would respond to their questions. There's a lot of pieces that are built. It's now for us to accelerate them and take it to the next level. Eric Anderson: Yeah. I mean, sadly, it's largely been well focused around enterprise, but you do have some consumers who hang out on CheckPhish on occasion? Abhishek Dubey: Probably they do. That's not been necessarily the focus. Even the community, people are mostly IT security for security operations folks. That's the major audience. We have not done anything to focus on consumers at all. If they come by, it's probably their accidental discovery, but it's not our intention at all. I mean, they can absolutely benefit it. I highly encourage anybody listening to the podcast to use it to their advantage. Eric Anderson: Maybe you can share with us what the road in the future looks like for CheckPhish and Bolster. Anything exciting that the community can look forward to? Abhishek Dubey: There are a lot of things planned. I would share probably for the next podcast. Eric Anderson: Yeah, sure. Abhishek Dubey: But what we would see more is more smooth integration between CheckPhish and Bolster. There might be more offerings for Bolster that you may get on CheckPhish and vice versa. Eric Anderson: Fantastic. Quick aside here, Abhishek, anything you'd like to cover that we haven't? Abhishek Dubey: For anybody who's building open-source or community tool, I think giving back really helps. It really helps building a winning business. If you have a project of passion, on day one, you don't have to think about commercialization. If you provide value to others, ideas do follow. Other thing we learned very early on that we wanted to build an API business that we learned through CheckPhish, because we really believe that what we have something is unique. Really there's nothing out there which is doing phishing and scam detection in real time with such low false positive rate. Our false positive rate is one in a hundred thousand. It's truly unique. While we thought API business would be we can scale that business and make it a very big business, what we learned in cybersecurity that most security operations and threat intel folks are not developers. Also, that cybersecurity is so much under pressure that they need products built for them so they can implement it right away. Abhishek Dubey: Unlike there are some very successful API companies like Twilio, where developers are willing to invest. Security teams are under so much pressure, even if the product is simple, it helps them versus rather than them building the building blocks. That was a big learning that we had very early on, where we had to think about building a solution rather than focusing on the basic constructs of CheckPhish, which enables CheckPhish to be so useful. Eric Anderson: Yeah. I wonder how you think about now that CheckPhish is working, it's got a community, and you've got Bolster. I can imagine a lot of your attention goes onto how do we kind of grow Bolster, grow the company. But I also suspect that you're cognizant to think about how we continue to help the CheckPhish community. Do you feel like those are kind of competing interests that is easy to lose track of how CheckPhish is doing and their needs and continue to deliver additional value there? How do you think about that? Abhishek Dubey: That's a great question, Eric. It did happen to us. As a startup, when you're venture capital funded, everything becomes about ARR growth and focus shifts towards that. But what we realize is if you have to build a very large organization, we have to build that community where there is trust. Often what we realized though, even though we never actively focused on CheckPhish, we went to Black Hat and RSA. They didn't know RedMarlin that was our original name, but they said we also built CheckPhish. They would come and take pictures with us and be like people from Australia, "Oh, these are CheckPhish guys." CheckPhish is more known. A lot more people know what CheckPhish is. Even in enterprise sales, what we learned over time, and this was completely random, where we said, "Hey, do you know about CheckPhish?" Like, "Oh, absolutely." Abhishek Dubey: It was CSO who may not know Bolster, but the team who was working on day to day things, it just created immense trust in the security community. From that perspective, as we learn more, now we are focused and that now we have more resources that we will continue to support CheckPhish and deliver more value and have a dedicated team around it. Because if we share resources, partly what is also different is on both sides is a very enterprise sales led motion. CheckPhish, we commercialize it, which we have very recently. We have put a Stripe credit card over there. It's a very product led motion. What my understanding and our team's understanding is taking a sales led enterprise team to do premium only ends up one way. It becomes a lead generation tool for sales led. Abhishek Dubey: As a team collectively we are very focused on building a separate team with the right kind of expertise to who has done that. This is not very common, Eric. I have not seen that personally that happened in cybersecurity. We have to go learn our lessons from Dropbox, Slack, or notions of the world how they did amazing job of building communities. We have to look outside security and apply that to CheckPhish, and we're very cognizant about it. That's the plan. We're working that with an executive sponsor to a very dedicated team, dedicated product manager, dedicated engineering resources, and a dedicated growth product marketing manager. Eric Anderson: You have a growth product manager for CheckPhish. Clearly you're thinking about how we continue to grow CheckPhish. I imagine word of mouth kind of works and maybe that's the vehicle, but how do you think about growing CheckPhish? Do you have metrics around it and are you building features that either satisfy needs that would increase people's likelihood to talk about it or actually help them share with others? Abhishek Dubey: Currently the team totally it doesn't exist. There are some resources, I'm the executive sponsor. We do have some resources now because collectively even I'm very fortunate that the executive team we have, even though they come from deep enterprise background, very, very successful companies, they're very forward-looking who understood. It was not hard for me and Shashi to convince our executive team that this is the approach we would take. They've been very supportive and they understand. The whole structure of the team we will form in the coming months. But coming back to your question, how do we plan to grow CheckPhish users? Abhishek Dubey: We are collecting a lot of metrics and how people are using CheckPhish and what use cases and what are the pain points. One thing we do understand is the buying personas, security operations, and threat intel. Great thing for us, Eric, this is the exact same persona that is on Bolster who's the Bolster customer. That's very, very exciting for us. We do have a few things in the pipeline that we are going to release hopefully next 30 days, which will get us one to end users. We are thinking what features we can enable that gets us end users, having a more non-linear adoption of users versus an incremental approach. So far, CheckPhish has been a hundred percent organic. We don't have ads. For signup, it's completely been word of mouth. Now we basically have some product features where we can enable people to invite lot more members of the organization onto the platform, on CheckPhish. Eric Anderson: Yeah, organic is super exciting. At the same time, inorganic is also quite valuable, like to be able to dial up users. As I advise people, there's a lot of push towards organic, which is warranted, but as you're pointing out, it's also nice to be able to have mechanisms in which you can push growth beyond what would normally happen. Abhishek Dubey: That's right, Eric. I think one of the things is what we understood is truly understanding the value metric for the customer and how do we drive that value metrics through our product features. The more usage, more consumption of that value metric and how can we grow exponentially. That is the thought process that we're taking in CheckPhish, even in Bolster platform where we're measuring quite a few things, even on the platform today. When we have an enterprise customer joins, what are the features that they're using most? Abhishek Dubey: We have an internal tool that we have built where we get all the metrics about each of our customers and we collect very detailed metrics around it. Basically building features around those metrics, if they're common across all the customers and it helps our business as well. Eric Anderson: Fantastic. Well, we're glad you're doing it and I'm sure your users are excited. I mean, what's great about all this is all quite so aligned. I mean, you benefit from a better product, the users benefit from a better product. Everybody wins when you build this way. Abhishek Dubey: Yes. Eric, one of the most interesting thing is with these two side, it may seem different to a lot of people, but it is really not. We see as a win-win situation for everybody, whether it's a CheckPhish user or a Bolster enterprise customer, because when a user puts a URL, whether it's a PayPal or any kind of phish. PayPal is not a customer, right. If PayPal people are listening to this, if they were our customer, we would actually do the take down. The next user, whether it's an enterprise or a consumer, it's taken down. When it's coming to the email. It helps everybody, whoever is in this ecosystem would help. Eric Anderson: It's a virtuous cycle to the products. We talked mostly about open-source projects on the past on the show. It's interesting to see the same dynamic here. You're having to make choices. We've got a new feature. Do we push it into the free channel, into the open source project, into CheckPhish, or do we reserve this for Bolster and kind of push it to our paid customers? Do you feel some of that? Is that a question? Do you see that as analogous to open source projects to a degree? Abhishek Dubey: It does. We have to make a lot of these decisions, what we should give to community and what we should have on both the platform. We still have to do how we will figure it out in CheckPhish and Bolster. But what I've learned is the best way to give the experience of premium product is to get full functionality. The most successful products, what I've learned, have full functionality, but they're limited by usage. We don't want to limit the experience of a free customer any more than the paid user. That's just the general thesis we have, I personally have. How do we do that? We will figure that out. There's some thesis which we're developing. We are going to test it out and maybe next time we meet, I'll be able to share that if it worked. Eric Anderson: Great. Abhishek, this has been a lot of fun. Thank you for being our kind of our Guinea pig on doing more community-led work outside of open source. For folks who are new to this topic, they can go find CheckPhish and throw a couple of URLs in and maybe join the Slack group. Is that right? Abhishek Dubey: That's absolutely. That would be great. I'll personally welcome them. Eric Anderson: Yes. They'll find you in Slack. Fantastic. Abhishek Dubey: Thanks for having me Eric. This was really fun. Eric Anderson: You can find today's show notes and past episodes at contributor.fyi. Until next time. I'm Eric Anderson and this has been Contributor.