Debbie Reynolds “The Data Diva” talks to Stefanie Drysdale, Vice President, Cyber at Prescient. We discuss her career that led to Prescient, the risk of people at high levels who delegate tasks, digital impersonation risks, you have an online identity that must be protected, her current privacy concerns, use of security for children to open too many doors, false sense of technological security, preying on people’s vulnerability in applying pressure to act, vulnerability through social media, lack of awareness and action on privacy, the need to fight the idea that achieving privacy is futile, different levels of privacy may be achieved, the increasing prevalence of deep fakes, Open Source Intelligence (OSINT), and her hope for Data Privacy in the future.
Support the show
people, cyber, privacy, breached, point, important, person, impersonating, information, social media, business, happening, fakes, understand, individuals, agree, encryption, emotion, digital, disinformation
Debbie Reynolds, Stefanie Drysdale
Debbie Reynolds 00:00
Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations.
Hello, my name is Debbie Reynolds. They call me "The Data Diva". This is "The Data Diva" Talks Privacy podcast where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. I have a special guest, a fellow Chicagoan, Stefanie Drysdale. She is the vice president of cyber at Prescient. Hello.
Stefanie Drysdale 00:38
Hi, how are you?
Debbie Reynolds 00:40
It's great to have you here. So this is a funny story. Stefanie, I didn't know, I was actually upset because there's this wonderful cyber woman in Chicago that I had no idea of. Ivan Savov, who is the head of the European Risk Institute. And every year he comes out with a list of the top 20 or top 30 cyber risk communicators. And I always look at that list. I'm happy to have a lot of friends, people that I know on that list. But you were someone I didn't know. And then when I saw you, and you were from Chicago, I was like, oh my God, why don't we know each other? So I have to call you up like, hey, why don't we know each other? We need to talk?
Stefanie Drysdale 01:27
I'm glad you did. I'm glad you did. Ivan is great. And he's been extremely helpful. I think for so many people just giving us a pool of resources. I mean, there are a lot of great compiled lists of cyber experts with various leanings and specialties. But yeah, his list is great. Just to help all of us be like, okay, who else can we learn from?
Debbie Reynolds 01:51
Yeah, that's wonderful. This is amazing. So I want to Europe can connect people who are in the United States actually in the same town? I thought that was funny. Yeah, absolutely. Absolutely. Well, tell me about your journey in cyber and how you came to press.
Stefanie Drysdale 02:08
So yes, it was quite by accident. You know, I was on LinkedIn, I had been in commercial real estate in Kansas City, and had recently made a move to Chicago and was was working in both cities. And at that point, had been reached out to by a recruiter or headhunter, who had asked me if I would be interested in interviewing with this company, and he said great things about them. And so I said, I would talk to them and just fell in love with them, what they were doing, and the people involved and how smart they were, and how passionate they were. And initially, cyber wasn't even on anyone's radar at that point, so much. So started working with them. And as their business grew and evolved as a startup, I grew and evolved with them until we acquired some cyber capabilities, and started building out that team and those processes and our capabilities. And it kind of ended up where we are today with a thriving cyber practice and some really, really brilliant people that I get to hang out with every day.
Debbie Reynolds 03:17
So what is it that got you interested in cyber to begin with? What made you decide this is the way that you want to go with your career?
Stefanie Drysdale 03:26
Yeah, so I think that, Prescient having four practices, so we have like a due diligence practice, which is super cool, and very important, but not super sexy. You have investigations, which again, really important and everything, but we have people from various backgrounds there, which I did not share their practitioner background. Intel, again, people from the intelligence community and all of those agencies did not share that background but but was still equall, impressed with what they did, cyber, where I didn't have the capability because it is such an evolving industry. And there's never a dull moment. And there's always a new fraud, a new scam, a new something. It was an industry that was really easy to basically get in on a ground floor of just understanding how it plays into other things, and to keep up with it. If you're passionate about learning, and if you're passionate about this, just the cyber world and how it interacts with the digital world and the convergence of the two. And what really, really appealed to me is how it constantly changed and how it constantly evolved and how I could participate in that without having all of those backgrounds.
Debbie Reynolds 04:46
Yeah, I follow you on LinkedIn. Now. I read all your stuff. One thing that you do that is so unique, and I love for you to talk about it. And one reason why I want to talk I was because this is something that I've touched on over the years by people, it's about the risk, the cyber risks that people have when they're either high level executives high net worth individuals, especially if they're not really cyber-savvy, so people can really take advantage of that. So you do work in that area. And before I let you start, I just want to just tell you what I tell people, right? So when I talk with people about cyber threats within organizations, what I see is people, companies, they really push cyber training and stuff like that on low level individuals. And the risk is at the high level, the people who don't want to go to cyber training, the people who have secretaries that are doing things on their calendar for them, those are people I run into a lot of times these people, they move up within organizations, and instead of their access getting changed, it just gets added on to so they just have more access than they should have to stuff. And so I thought you just really hit that point really well was what you're doing in your cyber advisory work. But tell me about this space, what people don't understand about cyber risk in that area.
Stefanie Drysdale 06:23
So the thing that you're referring to, that we talk about so much is what we call executive digital protection. It's a phrase that we coined early on, it started off as an investigation for us with an identity theft, where someone had been notified that they owned a couple of vehicles that they were unaware about. So once we looked into it, we found out how that came to be and all the private information and PII that was exposed online, for this individual. And from the reverse engineering standpoint, how could that have been prevented, and then basically just started talking to my clients, some of the most respected CISOs and CSOs in the business and getting them to just help us understand how we can best tailor this for them. And just really looking at the online footprint of someone and like you said, an executive, is used to just quickly getting things done, the conciseness, the brevity of what decisions they need made quickly, is such a pivotal part of what they do, which means there are there's room for error, when people are doing things very quickly, and when there's some pressure for an admin to just agree. So, we would look at what that looked like and what their inner circle looked like and what vulnerabilities they were putting out there and that others were sharing on their behalf that could be exploited. And then to go into a remediation and removal of that information to restore that privacy. And to also let them as a subject know, and their security stakeholders know where the weaknesses lie that they can fortify. And that they can anticipate and that may be something to your point. It could be reputational, it could be something that they're doing to themselves that they're putting information out there that could be misused or abused. So just to monitor for that, that we know what's going on. And any new breaches, compromises, chatter, any kind of Doxing threats, any kind of dark web kind of form discussions that might involve selling of credentials that relate to the company or the executives or their travel. It just became very, very important that they had the finger on the pulse of what was being said about them and how it could be abused and weaponized.
Debbie Reynolds 08:52
Well, I love this story. This is crazy. So a friend of mine, he's a high net worth individual, had a brick and mortar business for many years. And he was very shy about getting into the digital domain and stuff. And so once he started looking into maybe having things on the Internet, we found out that there was another company impersonating his company on the Internet. Yes, basically, like tape sending business to this other company. That's the reason why he wanted to start, he's like, well, I'm losing business, I found out that this person was impersonating them, and actually had to contact Facebook. And it was insane. Because you think places like Google or Facebook, there's kind of a free utility or something that you use on the Internet, but in order to regain his business, take his business name back, he had to send their bank statements and all types of stuff to prove his identity. And it was a mess.
Stefanie Drysdale 09:58
Yeah, and it became really, really common in the crypto space right now. So there are a lot of crypto, either wallets or exchanges that are impersonating others or slandering others. So you’ve got to be really, really careful when you're interacting. Because there you don't have protections like a bank, but you're putting in money, just the same. So the impersonator accounts are something that throughout our processes that we look for, just to make sure I had a situation a while back where retired general had been notified that someone had a Facebook impersonator account about him, that was soliciting funds for a specific cause, that the cause was not real, the account was not real, but people were associating it with him, and therefore trying to rally behind something that you know, if someone that they respect, so definitely, definitely important to know what's being said, and how you're being looped into the discussion with or without your consent.
Debbie Reynolds 11:03
Part of it, though, too, is about your identity online. So you have an identity online, wherever you want to or not. So whether you want to participate or not, you have an identity. And if you don't want someone to steal your identity, just like you say about this general, if he had, for example, his own social media accounts that had his own logo, something that someone can say, okay, I know, I trust this person, because this is the way that they present themselves kind of all over the Internet, and then I can be sure that they are who they say they are. So I think a lot of cybercriminals are taking advantage of the gaps and people's social media presence, and it's tough because I think a lot of people think that they don't have to engage in that way. But in some ways, you do because it's like squatters, rights. Because the person who gets there first, that someone wants to create a fake Facebook business in your name, they can do it, right? There. If you haven't done it already, they can do it. So tell me a little bit about that.
Stefanie Drysdale 12:10
Yeah, so a lot of times we'll have someone who even the initiating the discussions around executive digital protection, just say, I'm not on the Internet, I don't really participate in social media, this isn't really my jam, I'm not into it. And we'll say that's great. I'm glad you're not. But part of you not participating leaves the door open for someone else to create an identity for you and impersonate you, or to exploit people who are maybe gullible. I mean, definitely Putin is on social media and online right now. But there are social engineered accounts right now that are reaching out to people sending selfies of Putin trying to solicit funds and pretending to be him, if you don't have a strong verified presence on there. And that doesn't mean you have to be active. But if you don't have some type of footprint, that's that's verified to be you. That is an opening for someone to create it.
Debbie Reynolds 13:13
Right, yeah. And then you also get a lot of these scans, where people take public photos of other people and try to pretend they're that person. And there have been these sad stories about people who lost all this money because they thought they fell in love with this person, they were on the Internet, and they're basically taking photos literally from someone else, they have no idea who it is, and they're kind of impersonating. So, I think it's true. I think the point you're making about having a digital verifiable presence is really important. And like, I agree; also, I tell people, you don't have to be active, right? So even if you, let's say, you have a business, you have a logo, even if you have social media accounts that you don't access, or you decide you don't want to use if you have a social media account that has your logo on it, even that will at least tell someone that that's different than maybe something else or someone else's first name. So you need something to be able to signal to people that this is you, this is your brand because I tell people, you have a brand whether you want to or not. Exactly. So you have to figure out what's the best way to you make sure that you're not impersonated like I've seen people lose so much money from oh, your son is sick, he needs this, just silly things that you just wouldn't even think about because I think the average person doesn't think in nefarious and evil ways. But cybercriminals, that's all they do. That's all they did 24 hours a day, trying to figure out ways to manipulate people.
Stefanie Drysdale 14:50
They do the social engineering thing is very, very much the same as it's always been. It's just find a weakness and hone in on it, and whether or not that exists when you're pickpocketed in a large public venue, or whether or not you're online and someone pretends to be someone that you trust, or someone that you'd like to trust, or whatever, it's all the same. And it's just people taking advantage of human nature. So if you're aware of those things, part of why we share so much online, we have the discussions like you and I are having today is to just create awareness. And I mean, you and I being in the business, we see it often. And so we share what we see so that the people that maybe don't see it so often can still benefit and not necessarily fall victim.
Debbie Reynolds 15:40
What are you seeing right now, in the world in cyber or a privacy or data space that's concerning you, so to say, you look and like, oh, I don't like that. What's happening? What are your thoughts?
Stefanie Drysdale 15:55
There's a lot in it, and it's a total contradiction of itself. Honestly, obviously, we want to see more privacy, and we want to see the protection of that privacy. But in the same turn, I often feel that when we're watching like these, the Senate hearings about social media or secure messaging or cryptocurrency, that leadership doesn't truly understand what this space is, what it's for, who it benefits, who it hurts, how it hurts them, and how to legislate it. I think that some of the blanketed goals that that maybe they have are contrary to what we really need. So I think that when we talk about demonizing social media companies, people forget that you have settings, you have the ability to opt-in, and out to some things, yes, some things are taken as liberty, and those things could be addressed. But they're also things that we take on ourselves. We decide how much we share, whether or not we're putting our location out there, whether or not we're putting our full date of birth, whether or not we're giving everyone access to our friends list. And in responding to every message and publishing our mobile phone number so that we could be SIM swapped. That's up to us, and there's a lot of ownership and agency. I think that we could be taking that sometimes some people are not. So I think that's important—the same thing with encryption. Encryption is incredibly important. There are a lot of things that need to be kept private. And when we talk about data protection, encryption is a huge part of that. But yeah, it does limit the capabilities of law enforcement to access certain communications. So then we have to look at okay; how do we create protections while still protecting that data? And that information? So I think, yeah, we have a lot of things that we just lack understanding of. And maybe the people who are trying to legislate things aren't the best people to speak to this. That's why I love when they bring in the tech experts from the social media companies and for information security. Those are the people that really should be setting the tone and setting the stage for this and really setting up why we do what we do and how to do it better.
Debbie Reynolds 18:16
Yeah, I agree with that. I'm very concerned about all of the proposals that have tried to float around encryption. So they allow these issues often are couched around child protection, which is really kind of a veiled attempt to diminish encryption or security. So I think a lot of times, people, I guess, in the fast-paced digital world, sometimes people only hear a soundbite. Right. And they can make a judgment based on that without looking at the full picture. So I think when they're talking about these proposals, of course, we would want to protect children, but are you going to unlock every door in the world? For that? Like is that the right way to handle that issue? I think taking advantage of the naivete of individuals, not really having that full sort of discussion is problematic. Then also, as you said, we need to have more people involved in these policy discussions that really understand the technology, just like you wouldn't ask a lawyer to operate, or you shouldn't have someone who doesn't understand technology trying to really regulate it either.
Stefanie Drysdale 19:39
Exactly, exactly. I mean, that I couldn't agree with you more, and right now, I think that they're doing what they're doing with building this group of people as advisors and all of the SEC contributions and people really giving their feedback on what could be put into legislate nation very soon. I think that's where we need to go, and I see a lot of people who are far, far smarter about this than I am weighing in. And those are the people I want to hear from. It's great that somebody won a local election and that they are representative of their community, and we're grateful for their contribution and their service. However to your point, we're not asking them to operate on us.
Debbie Reynolds 20:27
That's fine. An analogy I like to use a lot because it's true. It's true. I don't know, and this is something that I've seen over the many years that I've worked in technology. And people feel like they understand technology, because they have a mobile phone, or they know how to use the Internet, they know how to do a search, and then now they're going to tell you about technology and how to use it or stuff like that. So I know you're laughing because I'm sure you hear this all the time.
Stefanie Drysdale 20:57
It's that you bring up a can of worms with this one. But the main thing that jumps out to me right now is just disinformation, just so many people quoting disinformation and really relying on their own Google capabilities to tell you about medical treatment and about foreign policy and foreign government. And from where we sit, we see sourcing, right? Where's the source of this article? Where's the source of this author? And often, people internally will think it's a red or blue issue. You know, it's about American politics, because we're, we tend to be very egocentric, right? We think it's all about us. But if we look at the sourcing, it didn't even come from the States, it came from Russia or Iran, or it came from some other place where disinformation originates. And it's meant to sow discord, and it works very effectively, more social engineering at play,
Debbie Reynolds 21:58
I think a thing that people need to be wary of not, especially in kind of misinformation, disinformation, they also kind of in their own personal lives. And this is something that cybercriminals really take advantage of. So they want to tell you something is going to spur you to take action without really thinking right, or it’s the urgency of it that you're not thinking. I think maybe there's a medical term for this, but I think people get into a fog, they go when some emergency thing happens, you go into a different mode of thinking, it's like not your normal mode of thinking, and they really take advantage of that. And what they really want you to do is act, so I always tell people the three keys; typically, if there's some kind of cybercrime, or some serious thing happening, it's like you get, you probably get some communication that you didn't ask for right? Out of the blue, they're going to want you to do something fast. And they're going to; they're asking you to take action of some sort. If you're not taking an action, they're going to get fed up with you and go to the next person. That's really three things they want to happen.
Stefanie Drysdale 23:14
And they want to appeal to your emotions. Right? Right. They're not going to appeal to your logic because your logic is going to be more tempered, and it's going to weigh things. That urgency is meant to tap into an emotion. So whether it's fear or whether it's anger is a great motivator on social media, you don't live with this horrible atrocity. Can you believe this happens? Jump and rally behind this cause share this thing. But fear and anger, and all of those things, are meant to get you to act.
Debbie Reynolds 23:43
Right, a recent thing that I heard about, and it's a very effective scam. So let's say a kid, let's say a teenager or young adult going on a trip and they put them up on social media, hey, I'm going to this trip or whatever. And then based on who they're connected to, on their social media, that person who wants to do something bad or like, okay, they're connected to their mom or connect to their grandma or whatever, let's say contact, this person's grandmother say, hey, John had an accident when he was out of town, so she knows he's out of town, everybody knows he’s out of town. And then you need to wire us this money to help help John out. And so that would get this person in a mode to not really be thinking, right? Like, oh my God, I need to help my grandson or whatever. And they may actually do it. And this is this is literally what some things I've seen people say recently what happened to them,
Stefanie Drysdale 24:48
Those do happen, and then sometimes they are coupled with someone reaching out and saying I lost my Facebook account, and I put you as my recovery person. It's going to send you a code; let me know what that code is. And it's them giving the recovery code for that person's own social media, not for the person who's asking for it. So it just you have to be really, really careful. Even if it's someone that you know and trust in, they send you something, if it's something suspicious or something you're not aware of, reach out to the person through a trusted channel, like text them, call them, say, I just got this email from you is that you? Did you send this to me? And many times, you'll find that the person didn't send you anything, or the person themselves is going through some type of confusing experience that they're like, well, yeah, but someone told me to, or someone told me to share this. And then that's where you can just, to your point, take away that sense of urgency and just pause the process. And step back, use your logic be, taken out of the control of whoever is trying to facilitate what they're trying to accomplish, and reroute it to something that you feel safe with that you trust yourself?
Debbie Reynolds 26:05
No, I agree. So what are your thoughts about privacy? We're seeing at a Federal level, not a lot of action happening, but it is definitely happening at the state level. But do you feel like people are becoming more aware of what's private and what's not or trying to protect themselves better?
Stefanie Drysdale 26:32
I think it's a spectrum. And I think if we're looking at like a bit of a graph, we can apply the graph to a lot of things in our life, whether it be vaccines, or adopting technology, or caring about privacy, is that you've got the early adopters who there are a few of them, they're super quick to jump in on it and weigh in, and they have really strong opinions, you've got people that are a little slower to adopt, they wait to see other people get on board, other people give them a good case for it. And then eventually, it will taper off into people that are the very last to get on board, the very last to realize that this is a thing. I think privacy is working that way. You've got the people early on that were maybe coming off to some as absolutely paranoid, and we are all like, okay, like this, and you got to calm down. And then, as time went on, and social media and more information started propagating, and breaches and data became that gold standard that was being breached. Then all of a sudden, other people are like, wow, I've suffered an identity theft, or a romance scam or something that you mentioned, because of my information being exposed, or my work, email was hacked into, or my general counsel's emails were intercepted, during, a merger, which is a big deal. So I think that's when other people start getting on board with it. I think that the slower adopters, some of them are the people that say there's nothing we can do about it. The information’s out there, and you can't change it. They are just resolved to defeat, and it is what it is. There's nothing that can be done. And I think that while I understand that perspective, I don't think that the fatalism of it is really found it I think we can do things to limit one what's already been out there, to go back throughput in the time I recommend my executives when I talk to people about their debriefings, just spend a little time, block out an hour or 30 minutes on a Saturday, and be like, okay, this is my Instagram Saturday, I'm going to go back through, I'm going to anonymize my usernames, I'm going to take out any unnecessary information that you don't want there, I'm going to edit out and archive or delete pictures that were perhaps overshared a little bit much, or include people that I didn't really expressly get their permission to share. I'm going to lock down my privacy settings, those kinds of things. And I think we can slowly start to go forward, and when someone says, hey, do you want to sign up for this new rewards card? We can be like, maybe not, maybe saving up 10 cents on a bag of chips isn't really worth my data being in yet another place? You know, maybe it's just not worth it. I love the fact that you address fatalistic folks who were like, oh, privacy is dead and can't do anything about it. You know, my thing is, maybe it won't help me specifically, but maybe it will help someone in the future. We have kids, too, right? Yeah, right. They are growing up in this day and age. They're 10,11, or 12 years old, suffering an identity theft and not realizing that it's happened until they apply, they start filling out applying for student loans, and then they realize they have horrible credit. Well, how did that happen? Well, they were breached as a 12-year-old, but no one was looking at their credit. So like to be able to, as a parent, take that proactive step and lock down their credit early on so that people cannot use their identity if it's somehow breached in some other thing so that they can't reuse it elsewhere and in hurt them going forward. We can be fatalistic for ourselves, but not to the point where we're not being protective.
Debbie Reynolds 30:31, because a lot of times on the tail end of that, as people like, well, I throw my hands up, I can't do anything. So I don't think that's the solution to the problem. I do think there are different grades of privacy, and people have to decide for themselves what they want to do. I tell people to share with the purpose like you said, don't sit, don't, you save money off a bag of chips, it's not worth it like to get your email address and different things. And also, I highly recommend people have different email accounts for different things. So like, if you're using a certain email account for your financial stuff, don't use it to sign up.
Stefanie Drysdale 31:12
Please, please don't use your name attributable emails for those right, your first dot last name, or first and last name, or first initial, last name, if those get breached, it's really quick to figure out who's they are, and into a more sensitive point, if you are a grown adult, while within your right as an adult and want to look at adult websites, perhaps don't use your name attributable work email for those websites as well, it's blackmail material. And that's definitely not something we want. We want people to feel like they can navigate but do it somewhat safely. And the caveat is always there that if you don't want someone to find out, don't do it, because there's always a way, a part of our investigations, we find things that people are baffled that someone was able to find a bigdog23 attributed to someone who made a big threat against someone, they think they're really slick. So just know, they're not that slick, but at least don't be the low-hanging fruit. Right? This is a losing battle in some ways. But it also is a battle worth fighting. And criminals are lazy. And you want to definitely take advantage of that by not being the low-hanging fruit. Let them pick an easier target.
Debbie Reynolds 32:30
That's right. That's right. I love your thoughts about deep fakes. So we're seeing a lot of that a lot of times when people think about deep fakes, they think about them in like the romance area, so making like an illicit video of them doing something that you wouldn't want qualifies, but also we're seeing, obviously, because of like Ukraine and things like that there are a lot of fake videos out there about conflicts or propaganda type videos. So just what are your thoughts about that space? I feel like it's really heating up.
Stefanie Drysdale 33:05
Yeah, I think, could you touch on our earlier point of misinformation and disinformation. First of all, you have to that and verify your sources, right? So there's nothing wrong with watching or enjoying news that may be biased toward your own viewpoint where you feel like you can relate to some of the takes on things, but there also should be neutrality, where your sources aren't politicizing facts, and they are checking things. I think that's really important for us to not just regurgitate and repeat things because they get us riled up, but to know where they come from and know that they have been vetted by credible sources. As far as deep fakes. I think they're getting better. The industry as a whole is getting better at creating software that can detect deep fakes. So while we as humans it's becoming harder for us, this software still is doing a fairly good job. And like anything else, just a degree of caution just because you see it and it seems real, and it's trying to evoke an emotion from you, don't automatically swallow it, don't automatically buy into it. Because there should always be a degree of checking the information that you get, even credible news sources can be wrong sometimes. But there are a lot of people out there that are devoted, a lot of other organizations that are devoted to trying to make sure that information matches. So if they're showing photos of something, they're going to compare them with live satellite images, aerial photos. Does this make sense? Does this information add up? Run it through their software? Are we detecting AI in this software? Are we detecting alterations in the photograph? You know, those things I think are really, really important. So if we as consumers of the information, just kind of step back and let those pros kind of vet it for us before we take it for face value. I think we're a lot better off.
Debbie Reynolds 35:11
Yeah, so I guess we'll do a shout-out to Bellingcat. This is not a paid promotion problem is not though no open-source intelligence. I actually have a video I'm doing on that. So people understand sort of what it is and why it's important. I think that area is going to heat up a lot more before I think it's been more in the shadows. And a lot of people don't understand what it is. But I think it's going to become so much more important as we're trying to validate a lot of digital images and videos that come out on the Internet, especially like you said. I love the point that you made about emotions because I guess that's what all these things are trying to do. They're trying to evoke some type of emotion and try to try to make you have either think a certain way or act or behave in a certain way that is probably different than you may have done on your own.
Stefanie Drysdale 36:03
Anything that moves us has the ability to make us act, right. But if we're, if we're neutral for tempered, if we’re logical, that doesn't have the same motivation, the same power. So anytime your emotions are caught up is where you really have to pump the brakes and say, okay, like, what is this? What is this tapping into? And what of this is real and constant? And what if this is evolving and changing? And maybe it might look different? If I were sitting in a different chair on this one?
Debbie Reynolds 36:37
That's true. So what if we did everything you said, what would be your wish for privacy anywhere in the world, whether it be technology, law, people human stuff?
Stefanie Drysdale 36:54
Gosh, I'm such a live and let live that really, I think it's different for different people, some people just have no wish for privacy, they really, super need to put themselves out there and do all that. And other people are incredibly guarded with their privacy. I guess in a perfect world, there would be space for both, and there would be opportunities for both to coexist and act accordingly. And that, obviously, a world where bad guys didn't exist would be kind of cool. But then we'd all just be twiddling our thumbs all day long.
Debbie Reynolds 37:28
So very true. I agree with that. Well, this has been great. Thank you so much for being on the show. Very illuminating We should hang out sometime in the winter in Chicago. It’s great.
Stefanie Drysdale 37:46
Thanks for having me. It's a great city to hang out in for sure. I'm looking forward to it.
Debbie Reynolds 37:51
Excellent. Thank you so much.