you have h.r. data. knowing if someone is on a performance improvement plan or they are at risk of being fire. you also need audit log data. i think organizations get really scared of the edge cases where how would you stop a scenario where i have an employee, his manager is torturing him. there are no hr records of it. he hits the point, that's it, i'm done, i'm going after this guy. he goes and opens up some files and takes pictures on his cell phones. our users are pretty smart. they see cnn and realize you are watching. they tell you, we are watching you. our users know. now, i can go and let's say he takes his phone out and uploads it to wikileaks, how would you detect that? that would be really hard to detect and any ramifications could be big. we can't get hung up in the edge cases. before we can worry about the really, really scary bad stuff, let's solve the 90% of the problems and then we can start to look at the edge cases. like computer network defense, with insider threat, it is not if, it is

data when you show up and when you leave. the sites that who generally when you get to the office h.r. might be aware that you have issues at home or your bullying and employee. if you take all of those factors together and look at them holistic leaf contained it good picture when you could do something. >> that sounds like something i would. in counterintelligence. >> corporations have access to that data that isn't necessarily sensitive. >> do we have a choice not to take those steps? the human element here in cybersecurity is pretty important, is important, isn't it? >> it's very important but i don't think we have struck a balance between the capabilities of technology and what can we do in the policy behind it. i believe right now the capabilities exceed the policy discussion and the assumption that was made around and employers right to monitor people have different legal frameworks around policy. >> we talked earlier about social engineering. would you describe the difference between social engineering and which is prevailing as the tax of choice? >> at drop talks we have half a

data when you show up and when you leave. when you log into computer, the aikido to generally, when you're reaching, when you get to the office. h.r. might be where you have an issue at all or your bowling and a plan. if you take all those factors together and look at the melissa could you can paint a pretty picture when someone is going to do something. >> that's very interested the excels at something i would read in the counterintelligence. >> it's true though. corporations have access to that data does not necessarily sensitive. it's what i think people fall down most is putting altogether. >> to have a choice to not take the steps? human element in cyprus did is pretty important, isn't? >> it is very important i don't think we've struck the balance between the capabilities of technology, but what can we do, the policy behind. i believe the capabilities may exceed a policy discussion, and the assumption that was made about an employer's ultimate right to monitor, that's the necessary something that's held to be true in europe and other countries that have different legal frameworks. >> good point. we talked earlier about socia