Cyber Risk Meets Deal Risk: Vulnerabilities that Derail M&A

Rajeev Raghunarayan: Wonderful. Hey, welcome, everyone. Thank you for joining us. Today's session is called Cyber Risk Meets Deal Risk, Security in M&A. I'm Rajeev Raghunarayan, I lead go-to-market at Averlon, and I'll be facilitating the session today. A couple of quick housekeeping items before we get started. We will be recording this webinar We will not be taking live questions, but you're welcome to add questions to the Q&A panel, and time permitting, we'll obviously get to them. And last but not the least, we're always learning. So if there's any feedback, please give us the feedback, and we'd obviously strive to get better. So, getting to topic at hand.

Mergers and acquisitions. Exciting topic, can be an incredible opportunity for growth. But they're also an incredible opportunity where risk comes into play.

A missed vulnerability here, an unresolved security issue there, can derail all integration plans, reduce your enterprise value, and potentially damage customer trust. At Averlon, we focus on how leaders can not just identify those risks, but also ensure that the critical ones get fixed. And that's why we are actually excited today to be joined by Jason James, or JJ, as he's called. JJ is currently the CIO of Aptos, with more than 20 years of experience, playing leadership roles in IT and cybersecurity across retail, healthcare, data analytics. He's had multiple cyber transactions, or M&A transactions, rather, at companies NetHealth, Optima, EarthLink and more - as an acquirer and a target. So, he's someone who can actually speak from both ends of the journey. Welcome, JJ. Excited to have you on today.

Jason James: Yeah, thanks for having me. Excited to be here.

Rajeev Raghunarayan: Let's kick this off with something straightforward, JJ. You've had… you've led technology, you've had led cybersecurity in healthcare and retail, as I just discussed. before becoming CIO at Aptos. In fact, many of the companies you worked with went through acquisitions themselves, or acquired other companies. I'd love to kick this off by asking you a little bit about your journey, How has it shaped your view of security, both as a safeguard or as a driver of business growth?

Jason James: Yeah, I think, first of all, let's level set. Acquisitions are only exciting for those doing the acquiring, It's a fearful exercise if you're being acquired. And so, as a result, there's so much scrutiny today, especially when we talk about acquisitions of software companies, especially in the cybersecurity realm. if you think about software companies, you're not only acquiring intellectual property, you're acquiring the risk that goes along with that intellectual property. So, prior to acquisition, you're going to do code scanning, you're going to check to see if critical high vulnerabilities have been remediated, you're going to see what form of open source software is being used to create the software, but a lot of diligence is spent, because it can affect not only the outcome of the deal, but the deal value itself.

Prime example of that, if you go back and you look at the acquisition of Yahoo by Verizon, during the acquisition, it came up that there were, a hack that occurred, and that almost torpedoed the entire deal. But what happened is they came back and adjusted the deal, and what they knew, meaning Verizon going into it, is that the cost to remediate would be extraneous, and so it brought down the overall value of the deal. That really was the shot across the bow. Every software company after that took a step back and said, hey, if we're going to acquire a company. especially a software company, we're gonna make sure scrutiny is built around the deal. And so, for my journey, I've been doing that now for 15 plus years, over 20 deals in the last decade, if not more. So much time being spent, not only in looking for synergies, meaning cost savings after the deal closed. But what does the risk profile look of the company we're acquiring? After we acquire them, what investments are we going to have to make in terms of software, hardware, infrastructure? after we do the acquisition, what… what talent will come on board? And so, what talent will have to be let go as part of Synergy targets? It's always exciting, but it's always a challenge. I think when you think about, level set with the AI world in hand, I think when we fast-forward to deal-making the next two years, you're going to see a lot of scrutiny around how AI was used at an organization, because that, too, will also come under the purview.

Rajeev Raghunarayan: That's a great point, yes. What gets out on AI could also be a risk that.

Jason James: For example, if you're acquiring a software company, you want to make sure that all of a sudden your developers didn't load up everything into a Chinese, hosted version of DeepSeek, and now all your intellectual property's gone. And so that could affect the deal, and so you're going to see a lot of scrutiny around what was your data loss prevention What was blocked? What was allowed to be there? Did you have any AI governance in place? All that will be considered as part of future deal making.

Rajeev Raghunarayan: Makes total sense, makes total sense. Now, obviously, when it comes to deal-making, there's multiple things that… that happen. I will go back to one of the points that you had made in one of your articles. You hosted a cybersecurity summit. Maybe it was, a year ago or a few months ago. One of the things you highlighted was this notion of shifting from tactical firefighting to more long-term thinking. The reason why I bring that up is you actually spoke about it, if you get acquired in the future, what you do today is going to bite you in the… in… in tomorrow, or two years from now, One of the points you made was moving to that tactical… from the tactical firefighting to that long-term two-year planning. In fact, you also talked about how you align your cybersecurity strategy with business leaders, so it becomes part of driving growth.

Can you lean in a little bit more on that particular piece? And in fact, one of the interesting things that you made in that article, which I'd love to also hear about, if you… the hieroglyphics, tell me something about it, too.

Jason James: Yeah, so this was a couple of years ago. We hosted our Cybersecurity summit in London, because I've got teams all over the world, and I gave a personal walking tour of the British Museum, and in it, basically, what I did was reference Items within the museum, and how they… basically, align with modern cybersecurity banking and frameworks. If you take the Rosetta Stone, the Rosetta Stone… As it was discovered, is the only reason we can decipher hieroglyphics today. Multiple languages on the stone, including Greek and Latin and hieroglyphics. It was able to be used as a cipher, It was a cipher key. That's exactly what's needed today in order to decode messages within a cipher. But again, the whole point of that was to think that, even throughout history. what you record will be viewed by somebody else later in the future.

And so, if you're a software company, what are you doing today that will ultimately set you up Whether you have a new owner. if you're in a private equity bank organization, at some point there's an exit. you're either going to, acquire another company, be acquired by another company, but there's an exit. And so I used that framework from the British Museum to look at all these items through antiquity. and teach the team how to ancient ciphers, reflect modern ciphers? How do we prepare for the future by learning from the past? And so, I think with every merger and acquisition I've done, there's been things I've learned. First thing you learn is don't take everything for face value. somebody can go through the audits, they can go through… third-party verifications, but when you dig in, you may find that, oh, well, their audit didn't have this environment in scope, and this is… this entire environment's critical to what we acquired, and now we're at risk. And so, you cannot take for face value, what's been presented to you. You have to take that data, it becomes a data point, and then dig in, You've got to become your own archaeologist, if you will, to use a reference time by the British Museum. You've got to dig in and determine what is the truth. and there's been plenty of times where I've done an acquisition and looked through a SOC 2 report, and it's oh, this looks good. And you get in there, and it's whoa, whoa, whoa, all these offices weren't in scope? These firewalls haven't been updated. we've got entire environments that haven't even gotten an inventory list, and so now we're stuck with these. What are we doing here? And so, again, you've got to… to quote an old Russian term, trust but verify.

Rajeev Raghunarayan: True, true. In fact, that's one area that I want to actually dig into, trust but verify. Cybersecurity often becomes, a checklist item for a lot of things for the M&A, Oh, yeah, did you done the cyber… did you do the cyber due diligence? Yes, I did. But that actually doesn't always… checklists don't always capture everything, as you… as you and I all know, In your experience, having run through all of these, what are the blind spots that you've seen in due diligence process? Just you've mentioned the office for that office exists,

Jason James: Yeah. It should be executives we should be looking at beyond the obvious. Yeah, number one, send a team out on site. If they have traditional data centers, don't take for granted that everything's been inventoried. Have third parties show up to do the verification, have your own team show up to do the verification, verify, what hardware is there, what systems are there, do you have access to those systems, have those systems been backed up? When's the last time they've been backed up? Have any third-party pen testing? Occurred on those environments, when, what was the results of those? again, you have to verify all that data, because once that deal closes, and you're beyond, the M&A deals of escrow. you're stuck with it, You're the acquirer. At the end of the day, when something happens. you're on the hook, You might have acquired them.

But ultimately, it's your responsibility to make sure that environment is safe post-transaction. And again, I've rarely run a deal where everything was clean. It just doesn't happen. What you'll find is this… there's always this proverbial kitchen drunk drawer. of a system, and you're what is this? And why does everybody have access to it? What's on this system? And what's this data look And who has access to it? oh my god, why does this data have credit card data on it? Or why is there passport images on here? you just never know. I've seen it all, there… with a few beers in me, I could describe some of the horror stories of M&A, but I will say, I'll serve as a warning to others, again, go back and verify. Get people on the ground. If there's traditional data centers, co-location facilities, have people on the ground, have somebody walk through and do an inventory of each system, make sure you can log into each system. Make sure you verify when those backups occurred. What does that data look Because the other thing you find is, in the midst of all these transactions, there's turmoil. Threat actors know that. They will look at press releases, and they will target individuals. These are prime times when organizations are hit with phishing, there's prime instances of ransomware hitting organizations in the midst of all of the transactions, after they close, because, again, you get an email from your new boss. Well, it turns out it's not your boss at all. And you just, set up access to a threat actor, We've seen that occur. there's been countless instances of where threat actors have targeted IT teams post-acquisition, and so be ready for that. And by the way, if you are in a leadership position leading that M&A, that's something you need to train both teams. Both the acquiring team and the acquired team to recognize where the threats could be, because these are prime time that targets… that threat actors target these organizations.

Rajeev Raghunarayan: Makes, makes sense, makes sense. one of the points you make was, essentially, it's a prime time where things go wrong, especially because you advertise so many things. You've not discovered so many things. One of the examples that comes to mind is often Vulnerability scans, for instance, which people run, become just that, you should scan your external attack surface.

Jason James:

Rajeev Raghunarayan: And then you stop at that. But typically, it's not just scan the attack surface, you've got to figure out what needs to be done to fix that, because it's the. Oh, absolutely. reduces the risk.

Jason James: Yeah, yeah. Yeah, scanning it just shows that you've detected the vulnerabilities. What are you doing for the vulnerabilities, if you think about it. You target them… And critical, high, and mediums. That's the order of two target ends. And, pragmatically speaking, you may never get to the lows. They'll age out, or they'll, escalate to mediums, and then you'll resolve it then. you want to hit the most critical items first. It's … it's basically going into your house and making sure the windows and doors are locked. are closed before you even lock them, You gotta start there. And so that's one way to look at it. is the garage up? Is the front window up? Is the back door open, No. Get in there, close the criticals, go after the highs, have a plan on the mediums, As you do acquisitions, you should have a remediation target. what does that target look How are you getting that done?

If you do that, what's the ramifications? Because what you'll find sometimes in software… There's legacy dependencies that if you close one of those vulnerabilities, you may actually block off access, and so you gotta work with the development teams to get maybe a new build out or a new version out to correct that.

Rajeev Raghunarayan: Absolutely, absolutely. The braking change is probably one of those biggest things that pulls people back, You don't want to fix it because you don't know what's going to break, and especially in environments retail, where some of these systems are really old.

Jason James: Oh, absolutely.

Jason James: Yeah, go into a mall, and go to an anchor store, and look how old those point-of-sale systems are. And these aren't our systems, These are… we're talking about, not a next-generation retailer some of our clients, but the larger department stores, and some of those. That's Department stores are finally modernizing, which is good, but a lot of them had been built historically on mainframes. That's… that's very, very true, yeah. still seem windows empty in some places sometimes, Security through antiquity. That's true, that is true. Well, attackers need to know how to attack those systems, too. That's A little bit harder to find those attackers, nobody's cracking COBOL. Exactly, exactly. Well, so, actually, speaking of retail, it's one of those most targeted industries. It's you've also written about it, where a single breach can basically permanently damage

Rajeev Raghunarayan: a retailer's brand loyalty. In fact, the example that comes to mind, is the Marriott Starwood. example, probably maybe a few years ago now, but it's a perfect example where, Starwood discovering a breach hit Marriott after the integration. And essentially cost them about a billion dollars in revenue impact, a 5% stock price drop, etc. Now, M&A is not a daily event, as we've discussed. It's one of those rare events that happens, but what you do every day really counts towards how the.

Rajeev Raghunarayan: long-term happens. So, can you speak a little bit about, how do you focus your day-to-day such that you're really preparing for these big events?

Jason James: Yeah, I think, number one, let's level set. So, if you think about the third most attacked sectors in the United States, they are financial. Threat actors are gonna… they're gonna go after where the money's at. Number two is healthcare and healthcare tech. Number three is retail. Retail is an interesting industry because very rarely can you get to… the source of a transaction. So if you think about a doctor's office, you can't really get to the EMR files, there's a physical desk separating you from an office manager, and then whoever's entering the records could be down the hall in another building or another campus. If you think about a retailer, you can walk up and touch the point-of-sale system. you can walk up and get very close into where the transactions met. there was a recent, discovery by, Georgia authorities in the state of Georgia, Georgia, where they actually,

Rajeev Raghunarayan: Found 40 card-skimming devices connected to retailers. Because again, he can physically get.

Jason James: Close to them. And I think you have to think that retail continues to be a target, because it's also a target that people understand. From an early age, consumerism is rampant in the United States, in most countries at this point. And so, the ability to go into the store, to understand how they function… in fact, many people, their first jobs were in retail. And so they understand that, and that's true with some of these threat actors, and so it continues to become a target. I think one of the things you have to think about is the way you secure that data, and the way I'm securing it in retail is no different than I secured it in healthcare. Penalties are very different. Penalties for violating healthcare records with HIPAA are very different than violating PCI data within retail, but… I still take those, best-of-breed approaches to protect that data.

What I have to think about long-term is. How do we empower the business? How do we make sure we can scale the business while still securing the business? the common denominator is the security, And I spend a lot of my time, if I think about my tenets of people, process, technology, is that I focus very heavily on the people. So, we do quarterly cybersecurity AMA Ask Me Anything, where me and the head of security sit down in a podcast webinar, and we talk about what we're seeing in the retail industry, what we're seeing in our industry, what we're doing to protect it. How people should protect their own data, and so the idea is if we can get people to care more about protecting their own data, they're more likely to protect our data. our clients' data. And so, studies have shown if you do annual testing, it's not good enough. And so, what we try to do is make very relevant topics. And there's so many interesting stories out there. Again, I… I just talked about that card-skimming one that hit Georgia last month. That's an interesting story, but, another story that we'll talk about on the next one, I don't know if you saw that, that the Secret Service and the FBI just… cracked a ring of, basically a cell-disrupted tower near the United Nations. That system was set up with so much complexity, it could have shut down the entire cell grid in New York City. And the complexity alone states that it's probably most likely a nation-state attack. Just the complexity, the investment is most likely not a small-time hacker group, but it's incredibly sophisticated, and we'll talk about that, what those ramifications mean, and what people are doing to combat that, but I think… I think when you think about… Any acquisition, any project, when you start with a security mindset, and a security culture mindset, it's… Influences your investments, it influences your projects, and it influences who and how you hire. Makes sense. So, going back to a people, process, technology standpoint, it's all rooted in a base or a culture of cybersecurity.

Rajeev Raghunarayan: Makes total sense, makes total sense. Now, obviously, when you're talking about the people process. one of the big things is getting the people to buy into security. For instance, when you're talking to executives, and there's always the feature rush. I need to win the battle on the features. sometimes you're winning the battle on security, not the features, How do you actually convince them to prioritize? That's one of the biggest challenges I've heard when speaking to people, is the fight between feature and security.

Jason James: Yeah, I think, number one, security becomes the future. So again, if I talk about we're the third most attacked sector in the United States, retail as a whole, then it can't be even a feature, so to speak, it becomes the foundation. And we talk about that, I write about that, we partner with our clients around that, about the importance of security, the importance of the security culture. I think it has to be so critical in what you're doing, regardless of industry, who are kidding? it's… it can't be… a check the box, as you talked about, Rajeev. It has to be something more fundamentally ingrained in the product. Or you'll continue to get disruption, you'll continue to get reputational damage, you'll continue to get breaches. To the point that eventually you'll be out of business. the average organization After a major breach, they're… they're out of business in 5 years. That's true.

you look at the average breach now, it's over $6 million. But it's the loss of Clients is the reputational damage, and so, in order to get people convinced of the importance of technology, you have to constantly politic, if you will. the idea is… How are you supporting their initiatives? How are you looking at technologies in a way to make it as frictionless as possible? with anything, You can add so much security, it becomes unusable. The most secure network in the world is one that's not powered on. Well, that's not useful. but it's secure. Can't do anything with it. But… and so you have to look for that balance, and so that means you've got to constantly… Work with the other department heads, and understand their needs, and how you intend to help support those in needs as well. And so it's a give and take, and it's a constant conversation.

Rajeev Raghunarayan: Indeed, indeed. And honestly, you, you rightly said, the… security is… is more about just what you do on a day-to-day basis. In fact, one of the things that I believe one of the CIOs that I was talking to, CISO CIOs, was talking to, he basically said, my job is not just to secure my organization, my job is to actually interface with every person.

Jason James: Absolutely. In the organization.

Rajeev Raghunarayan: Because I need to know where the business is going, so I can influence the directions from a security standpoint. It's that communication that's a very crucial nature. And you made that point earlier, it's about people, process, and one part of the process is the communication.

Jason James: Absolutely. And it may be the most important of it.

Rajeev Raghunarayan: Maybe the most important, that's true. But I want to turn to one other piece, Often there's a long list of issues coming out of these diligence activities in M&A.

Jason James:

Rajeev Raghunarayan: And we discussed this, unless they're resolved. you basically aren't really fixing the problem. That's obviously where Averlon plays, Our strength is moving findings to fix this, but more important from your experience, in integrating these acquisitions. How do you ensure that those uncovered issues are resolved? Especially when there's this pressure of finishing the integration and quickly getting to, upsell revenue.

Jason James: Yeah, I think, number one, there has to be visibility, and there has to be visibility back to the executive team, the ELT, the executive leadership team of what are the major outstanding issues? Where are they tracking? How are you updating those? And anytime I've done an M&A, we've had an M&A SWAT team, if you will, that consists of key stakeholders, key executives, to understand What's being done, when it's being done, what the impact is, what's still remaining, and until those items are resolved, they should stay on that list. And that list gets communicated upward, because what you'll find with that list, it's not just the CIO and the CISO that can resolve it. it could be a process that has to change in HR, it could be a tool that has to change in development and product engineering. It could be a financial report that has to be now issued every quarter out of the finance team.

And so, all of this stuff has to be part of, the post-close deal. And that… those activities have to be transparent, and they have to be available to that larger leadership team.

Rajeev Raghunarayan: Got it, yeah, and so you're basically running, a… regular review with that ELT, or the strategic team, or SWAT team.

Jason James: And some of that's gonna be, how are we retaining key people? how do we re-recruit, if you will? Because there's going to be that period that Especially if you're an acquiring company. Some of that talent's gonna be Now is my time to go. And so… but you don't want to leave, You… you sometimes buy… a company for not only the intellectual property, but some of the talent as well. I'll say that's a bonus. You don't typically buy for that, but it's a big bonus. And so, I've always used it as an opportunity to upskill my own teams, to combine leadership. It just… when you do that, number one, it makes the playing field seem more bubble, because now it's a mixed hierarchy. It's not just my team in charge of everything, it's now my team plus newer members of my team.

Rajeev Raghunarayan: Makes sense, makes sense, yes. So, in some sense, it's basically bringing that back to, finding The team, finding how you train the team, finding how you communicate to the key leaders on a regular basis.

Jason James: Yeah.

Rajeev Raghunarayan: And then, obviously, investing in the tools, technologies, to be able to scale this whole process as you're going through that cycle. Speaking of tools and technologies, I wanted to pivot into a technology evolution, It'd be… it'd be unfair to end this conversation without talking about AI, No one talks about it anyway, but with AI and other emerging technologies that are already reshaping not just the threat landscape. but also the, the defense landscape, so to speak. How do you see the… the diligence process evolving, how should leaders yourself view AI? Is it a risk factor? Is it something that accelerates remediation? Is it that… is it something more…

Jason James: Both. It's… so, if you think about diligence and the order to really get through all of the deluge of data within a data room, That's always a slog. Well, now, with private LLM sitting on top of it, you could be Find me every document pertaining to this client. Find me every… contract related to this client. Find me the last pen test and what the results were. Find me the last 3 SOC 2 reports, and what were any of the critical findings, You could use that you could use AI to just comb through a mountain of data in a very fast way. So that, plays a critical role. Again, to my earliest point, I think when you think about M&A in the future, there's gonna be so much diligence about What tools did you use? How were those tools governed? What data was uploaded to those tools? What data did you prohibit from being uploaded to those tools? What was the outcome of that? What was the value?

Things that. Those are all going to be part of it, but organizations are going to be very concerned about where data was allowed to flow. Especially if it's source code for software.

Rajeev Raghunarayan: Yep. Absolutely, absolutely. No, this is… this is great. Let me see if there was any questions in the panel. That may be one last question. If you've got any questions, folks, please throw them in the panel. I'm gonna just give you a second. In the meantime, I'm just gonna see if there's anything else there. I guess one question that I'll ask you there is… that just popped in here, how do you prepare teams for the extra workload while still running everyday operations, especially.

Jason James: Yeah, yeah, you need to be prepared to think and have some bonus targets on top of it. So, it is a lot of work, make no mistake, it's a ton of work, in addition to your day job. So, I often work with teams to make sure there's bonus structures put in place. integration bonuses that have targets in place. These are one-time, these are addition to, annual bonuses. that say, hey, Rajeev, you've, worked an extra 10 hours a week for the last 12 weeks, here's your bonus. I want to thank you for making this possible. without the teams, in order to do that, it just won't happen. And so you need to make sure, you're definitely seeing, You're not only seeing what they're doing, but making sure you… Talk about their contributions, share their contributions, and award their contributions.

Rajeev Raghunarayan: very, very fair. Yeah, and I've gone through a couple of these myself, both as an acquirer and as an acquirer. It does take a mountain of work to get through both ways. There's one more question, and maybe we'll keep this as the last question. Sure. Are you seeing any ISO 42001 requests for AI?

Jason James: Yes, specifically out of Europe. So if you think about ISO 27001, really, that's the gold standard in cybersecurity for an organization. the new bolt-on to that is, especially around artificial intelligence, 42001. you're seeing less, Carlos, of those questions come out of that, out of… the U. S. so far, but where I see the most of those questions getting asked are coming from EU-related organizations, as they come on and bring on a partner, and they'll ask questions, they're are you ISO 27001? Do you have AI as part of your platform? If you have AI as part of your platform, are you ISO 42001? That's where I see it. Are we gonna see it anytime soon out of the U. S? Maybe not this year. I think you're definitely gonna see it more and more out of the EU and Asia over the next year, and Europe is by far more advanced than the United States in terms of regulations and compliance.

There's the EU AI Act, which governs everything from critical use of artificial intelligence to basic literacy training for employees for AI. The U. S. doesn't have that. What we're tasked with now are really competing compliance regulations, but we really… not that I'm very pro-regulation, but it'd be much easier just to focus on one federal standard.

Rajeev Raghunarayan: Versus several states trying to introduce multiple laws, And so… Yep.

Jason James: I think, we're overdue for federal regulation around artificial intelligence. Again, I'm not pro-regulation by any means, but it's a lot easier to manage one than have, 50 other states show up with their own regulations, and you have to meet every one of those, and so…

Rajeev Raghunarayan: of those?

Jason James: I would much rather have one at the federal level, but again, I think, what you're going to see is in Europe and Asia, you're going to start seeing more questions around ISO 42001. And if you're going through your ISO 27001 now, make sure you bolt on the 42001, because chances are, if you're dealing with anything with AI, it will get asked, and so… If you're already going down that certification path, it makes it easier to add that one.

Rajeev Raghunarayan: We'll do it now, yes, absolutely, No, that's, that's fantastic. Jason, any parting thoughts, from… from your side?

Jason James: Yeah, one thing is, you… if… and this is going to be especially true for those in attendance that are at a private equity organization. You don't plan for the day that You don't plan for if an exit will take place, you plan for that it will take place, and so you have to put your foundations in play, your framework's in play, your playbooks at play, ready to make sure your house is in order when that transaction occurs. And it's a lot easier if you do that iteratively than all at the end, The last thing you want to be scrambling is those last a few weeks and months trying to get your house in order when the transaction occurs. If you keep a regular cadence of everything going in place, it makes it Number one, much easier to secure. Number two, much easier when that exit occurs. Very well said.

It's almost what we tell our kids, do your homework every day, so you don't have to cram them during the exam. That's

Rajeev Raghunarayan: Now, Jason, thank you so much. It was a very thoughtful, very engaging conversation. Pretty much a front-row look at how security leaders can operate in M&A environments. And thank you to everyone who joined us live today. Again, at Averlon, we believe fixing what matters is what turns Cyber risk into business resilience. Again, to stay connected, follow us for future events and insights on reducing cyber risk. We look forward to continuing dialogue here. Thank you again, Jason, and thank you, everyone. You have a wonderful rest of the day.

Jason James: Thank you.

Rajeev Raghunarayan: Buh-bye.

‍