#311 Wes Kussmaul on Building a Trustworthy Digital World

Mehmet: Hello and welcome back to a new episode of the CTO show with Mehmet. Today I'm very pleased joining me Wes Kussmaul. Wes, thank you very much for joining me. The way I love to do it is, I like my guests to introduce themselves. But by the way, I'm going to give a hint to [00:01:00] the audience. Wes is like, Someone who is a, is an icon in, in the IT field and the security field.

Mehmet: But I love him to tell us more about, you know, his history and his background. 

Wes: Sure. Well, I, I'm, I'm, I'm an old dude. So where, where shall I start? Uh, you know, I, um, learned programming in the air force in the. Uh, the sixties and seventies, um, went to, uh, uh, did some coding for an insurance company in the, uh, in the seventies and then went into marketing, um, or graphics, uh, products and software.

Wes: Then in, uh, 1981, I, uh, decided that, uh, I wanted to go off on my own. So I created the world's first. Online encyclopedia, um, and [00:02:00] that turned out to be a terrible business plan. Uh, but fortunately we added social features, uh, fairly quickly. And by 1982, 83, um, uh, the encyclopedia had become just a menu item on a.

Wes: Social Men, a social network. So we were in social media starting in 1982. We sold that business to, uh, Rupert Murdoch's News America Corporation in 93. I retained a license to some of the host technology, and we created a second business that I sold, uh, to I I merged with another company and sold the, the combined business to NTT Verio in 1998.

Wes: So suddenly I found myself with time on my hands and Decided that I needed to, uh, write a book about, [00:03:00] um, bringing accountability back to social media because the web transformation of social media, uh, meant that anyone can claim to be anyone and, and, uh, results were, and still are disastrous, uh, back when we, the early days of social media, not just my own Delphi.

Wes: Uh, but all of them, uh, you had accountable anonymity. No one got to know anything about you unless you told them, um, or unless you had transgressed in some way, uh, had defrauded someone or defamed them or, uh, sometimes dealt drugs online, in which case, uh, if, uh, the offended party got a court order, um, then we would disclose.

Wes: Your identity to the, uh, the person presenting the court order. But otherwise you are accountably [00:04:00] anonymous. You are accountable for what you did, but as long as you didn't step over the line, you were anonymous. So that's what this book is that you see behind me. Where is it? Right over here. Quiet enjoyment.

Wes: I started writing quiet enjoyment in 1998. My daughter, uh, encouraged me to and convinced me that the solution was, would be based on PKI. So I started, so the book basically is about, uh, uh, a global PKI providing accountable anonymity to not just social media users, but to be used in commerce. Um, Some people at the ITU learned that I was writing this book and they were developing an actual global PKI called [00:05:00] the World eTrust Initiative.

Wes: So they, uh, invited me to come work with them, which I did, um, from about 2002 to, uh, early 2005. Um, But when they rolled the product out, the system out, the World E Trust Initiative, the member states of the ITU, which of course is a unit of the United Nations, the member states felt that that was a threat to their sovereignty, so they voted to have us pull the plug on the whole system.

Wes: So the leadership of the World E Trust Initiative Asked if I could take it on and I said, yes, I'd like to to change its nature a bit bit and and presented as an online municipality. But yes, so that's what we did on March 7th, [00:06:00] 2005 at ITU headquarters in Geneva. We chartered the city of Osmeo. which is a new certification authority, global certification authority, uh, attesting only to identities.

Wes: We only do identity certificates. We don't do web server certificates. We don't do, uh, code signing certificates, et cetera. Uh, because we feel as though the missing element in all of, uh, these it problems is, uh, measurably reliable identities. So that's what we've been building the quiet enjoyment infrastructure.

Wes: Um, ever since then,

Mehmet: absolutely fantastic history. I would say West. Now I'm going to start by asking you something. You know, the issue with the Internet, you know, and you know, the identity. [00:07:00] Uh, problems within the cyber security space is something that has been with us for a long time now Every time you know, I kept asking this question because I've sit on the other side of the table I would say I was you know on on the client side as they would call it.

Mehmet: I sit on the consultant side I sit on the vendor side a lot of people, you know, I talk to they said we have five Failed in, you know, coming up with a technology that provide the ultimate security when it comes to identity First of all, do you agree with this Wes and if so, why? We have failed till now to get the ultimate, you know security for our digital identities 

Wes: Identity is costly measurably reliable identity is costly and and It is it's costly because it involves a labor intensive process You know, we call, [00:08:00] uh, we refer to identity verification.

Wes: There's only so much assurance you can get from, uh, you know, basically automated system with a little bit of human intervention involved. What you really need is identity attestation. You need an interview with a qualified and legally liable individual, a notary public, who is criminally and civilly liable for their actions as a notary, and is additionally trained in identity attestation.

Wes: You need them to not just give a thumbs up or a thumbs down, but actually apply a score. Uh, to, um, an identity claim, like the reliability of an identity claim. So, uh, OSMEO uses a system called IDQA, Identity [00:09:00] Quality Assurance, which measures, uh, evidence of identity, EOI, uh, in eight different metrics, and each of those metrics is scored.

Wes: Uh, on a scale of 0 to 9. So you have an aggregate score of 0 to 72. And that tells you the, the relative degree to which you can, um, rely upon an identity. Uh, for business audiences, an important one of those eight scores is, is the, is metric number seven, which is assumption of liability. Which is kind of glossed over, uh, by people, but, um, but it's the most important for business audiences, for instance, for online real estate auctions, if, if someone bids on an 80 million office building and wins the bid, and it turns out they're using, uh, a, a fake ID, um, [00:10:00] that's very costly to the auction house.

Wes: They want to have a bond behind the identity claim. So that if, if they do suffer such an event, the, uh, proceeds of the bond are available to them. But stepping even further back, um, our identity problems in general, um, started with assumptions that go back to when I, when I started in IT. Which, as I say, was the 70s.

Wes: Um, you know, um, As I mentioned, I worked for an insurance company that was actually in the 80s but the phenomenon was so taking root then and the assumption Was IBM was telling us you have to start thinking about it, about security, telling us six, us 20 year olds, [00:11:00] 22, 24 year olds. Um, you got to start thinking about security.

Wes: Now, actually they, they were involving, you know, the older managers who understood security in a physical space. It's not about catching the bad guys. It's about accountability, right? It's like asking your lobby receptionist to get some ID instead of Trying to, instead of asking your lobby receptionist to identify, um, the intentions and character of everyone who walks through the door, which is of course, never going to work.

Wes: Um, you know, if your receptionist is able to catch someone who, uh, you know, shows themselves to be, uh, a thief or someone untrustworthy, you know, They're the amateurs, you know, anyone with any skill is going to, uh, appear to [00:12:00] be, um, you know, reliable. So, but of course, when management came to us young programmers and said, you know, we, IBM tells us we, we need to be thinking about security.

Wes: Tell us about security with these newfangled computers. Remember, we're talking about the eighties now. Um, they knew more about security than we did. Our view of security was what a 20 year old's view of security is. You know, television cop shows and, and, you know, um, these days it'd be world or Warcraft.

Wes: You know, it's, it's the drama of security, whereas, uh, you know, um, accountability based security, uh, is, is much less dramatic. And oh, by the way, that makes [00:13:00] Catch the bad guys. Security is easier to market, right? Because you can use images, guard dogs and razor wire and commando outposts. Um, whereas, you know, using images of a receptionist checking I.

Wes: D. Is just not all marketing needs to talk marketing in order to be successful needs to touch an emotion, touch an emotional nerve, and it's much easier to do that with. Catch the bad guy's security. Catch the bad guy's security. The assumptions, Assumption that that's what security is made of is where we went wrong.

Wes: So I, I, um, I have to do a mea culpa here. It's, it's us young programmers in the 80s that set us on this erroneous course and those managers Who did not [00:14:00] understand computer technology, but knew better than we did what constitutes security in a physical space, that exact same set of assumptions should be applied to digital spaces.

Wes: It's about accountability. It's not about catching the bad guys. And accountability relies upon measurably reliable identities. 

Mehmet: So it's like, it looks to me like we were part of the problem, you know, because you're saying like, it's not about the, uh, catch the bad guys. Of course it's not about the catch the bad guys, but it looks like we did the harm to ourselves by keep focusing.

Mehmet: And by the way, Um, a lot of my guests here on, on, on this podcast, they share the same view with you. They said like, shame on us for 30, 40 years, we're trying to, you know, stop cyber attacks. We were trying to do this. We're trying to do that, but you know, we fail. Because it seems like we [00:15:00] are chasing some mirage, which is, yeah, we can stop the bad guys, which is never going to happen, because the bad guys will always have their ways.

Mehmet: And instead of focusing on some other root causes, you know, for the cyber attacks, we kept talking about the Yeah, we did this. We can catch the bad guys. We can follow them in the dark web. We can do this. We can do that. So that resonates a lot with, you know, some thought leaders into the domain, but let me, I'm not kind of a skeptical guy, but maybe someone would say, yeah, what you're saying is right, Wes.

Mehmet: But now coming to the infrastructure that we can build to have the accountable uh, security and accountable. Um, you know, uh, identity management. So someone might say how we make sure that this, uh, this infrastructure itself, it can provide this. [00:16:00] I would say balance between being secure and at the same time doing the anonymity that you just also talked about.

Wes: So in other words, uh, respecting privacy and ensuring privacy at the same time you're making people accountable. Um, And the first thing I would say is, PKI is an infrastructure that was, uh, invented back in the 70s and it is good stuff. It works well. Um, We should not be using it to identify, um, for instance, in code signing, we shouldn't be using it to identify that a department of a company that produces code, but rather there should be an individual professionally licensed.

Wes: code signer, uh, who takes legal responsibility for, [00:17:00] um, the, um, integrity of the code. That means that they're going to apply a lot more diligence to that assurance. If the department signs a bunch of code, well, no one, no one is on the hook. Stepping back from that a little bit, uh, assuring that that PKI identity certificate makes a person accountable and yet respects their privacy and, and, uh, and limits the trackability.

Wes: Think about your car's license plate. Anyone can see it. It makes you accountable for what happens on public roadways, but no one gets to know the identity of the driver or owner unless there's been an incident. Uh, there's been an accident or if the, uh, The cops feel, uh, as though there's evidence that you're [00:18:00] transporting something illegal.

Wes: Um, so that's, that's how our identity certificate is built. Uh, we have accountable anonymity. We use the, we call it a license plate certificate. Um, and, uh, uh, it makes you accountable without disclosing your identity. We have two other methods in our, uh, PKI to ensure, uh, uh, privacy. Um, one is that our CA or certification authority database does not actually have identity information in it.

Wes: Rather, it has a certificate serial number and public key, of course, um, but it also has your identity quality score, identity reliability score. And it has the address of the attestation officer who was [00:19:00] responsible for setting your identity reliability score. Um, so that if, uh, if, if for instance, uh, a dictator comes to the operator of the certification authority and says, I need to know the name of this person who's been critical of my regime.

Wes: Uh, the answer is I, we can't do that. Do we, there's, we don't have that information. That information is available. Only from the attestation officer, he or she, an individual will need a court order, and then we'll decide whether it's a legitimate court order. Um, so there, those are, uh, two methods, uh, by which we assure the, uh, uh, assure your privacy.

Wes: Also, our CA is in, uh, is in Geneva. So the user has the benefit of Swiss privacy laws. [00:20:00] 

Mehmet: That's, that's, you know, good to hear. Now, the question also that comes to mind Wes, is Now, I understand, you know, this is, um, you know, a very robust, secure way, uh, and it applies the accountable security, which also applies the privacy.

Mehmet: Just out of curiosity, would that also help us in, because, you know, what's happening now with all, you know, this, uh, AI age and you know, the, the, the bad guys, which we mentioned, like, uh, the cast, the bad guys methodology was all about them. So now we are told that these bad guys actually, they can use these methodologies and actually leverage the security measures and technologies to again, do something [00:21:00] bad.

Mehmet: So is there a way where, you know, we can prevent the bad guys from leveraging. You know, the anonymity and, you know, the security of this system, uh, from using it for, for something bad. Is that something possible? 

Wes: Absolutely. I think what you're describing, um, is, is blockchain. Um, the original blockchain, of course, um, was presented to the world, um, along with Bitcoin.

Wes: Uh, Bitcoin is a truly decentralized. system where anyone can run a node, um, and which not only means it's horribly inefficient, but it's also a gift to criminals. It, they're both, both PKI. And blockchain are built on the same asymmetric cryptography construction materials. We call them construction materials because we [00:22:00] think that's what they are.

Wes: Um, in the case of blockchain, the whole point is to, um, is to erase accountability. Um, and the point of P. K. I. Is to use asymmetric cryptography in a way that enhances accountability. It's the polar opposites. So I think that especially when you adopt the principle and assumption that there's no such thing as a certificate, a digital certificate, X 509 certificate, whatever you want to call it.

Wes: There's no such thing as a, A digital certificate that is based that identifies only an object, a server, a web server, a mail [00:23:00] server, a bunch of code, a program in our world, we issue identity certificates. And by that, we mean human beings identify a person with a measurably reliable identity. If you want a web certificate, a CER web server certificate, any other certificate, it needs to be digitally signed by someone identified by an identity certificate.

Wes: And the other side of this thing I, I, I, I need to add, because people, a lot of people aren't aware of the fact, unlike a password, uh, or all of our other security measures, the private key never leaves a device. Now, there are PKIs where the, again, to save money, to [00:24:00] enhance profits, the, the key pair is generated on a server and then sent to the user.

Wes: We don't do that. We never do that. That's bad practice. Uh, we generate the key pair on the user's device. We never know the private key. Uh, we call it a PIN, a personal endorsement number, which, uh, You know, our, our PKI terminology is our own because we differentiate an identity only PKI from the way PKIs have been used for everything else.

Wes: We identify only people. So a private key. A pen is a type of private key and a pcn is is the public key is is our version of a public key But they're technologically they're exactly the same 

Mehmet: Absolutely, you know, I got the part and I you know I I like that you did the similarity so people can relate [00:25:00] to you know between the pki and and the the blockchain um now wes if what you're describing I would call it, you know, music to my ears if I was a community You know a leader in cyber security Uh, it would be the for a business owner He would say or she would say oh wow, like this is the ultimate thing that we can have now How we can push this technology to be more Uh in in every business so but i'm sure that there will be some challenges and some hurdles that is Maybe Slowing us from adopting this accountable security and identity Uh in in a world where I know and also describe the internet is is broken, you know Like because a lot of things are going on and we need to to really come up with solutions Like I think you know, we reach a phase and i've seen a a A video that attracted me a couple of, I think it was [00:26:00] last year, you know, where they showed the parents taking the photo of, of, of the child and then the child grows up and they'd say, okay, they stole my identity and now they are using it to, you know, do bad things and so on and so on.

Mehmet: So how we can reach what, what obstacles to, to, to cross, to reach, You know, the safe haven, I would say, that we are aiming for. 

Wes: Well, we've taken a step in the direction with zero trust. You know, obviously, zero trust begs the question, Okay, now you don't trust the person. What's next, you know? And my answer is 20 trust, 30 trust.

Wes: You know, some number on a scale of 0 to 72. which identifies the degree to which you can trust that, uh, identity. But, um, more importantly, people need to be [00:27:00] educated about PKI. We've, we worked hard to create some short videos, and we came up with one two minute video, and it's proven to be very effective, um, in It's showing PKI is about, um, just how it essentially works.

Wes: You have the two very large numbers. Um, uh, we call, uh, PKI puzzle kit infrastructure. We don't refer to the, uh, private key and public key as keys at all. We call them numbers because that's what they are. And we have learned through our own research that the word key confuses people. But the, uh, but when you call it a number, a very large number, uh, mathematically related numbers, people get that people understand that.

Wes: But understanding of PKI is the key. PKI is [00:28:00] amazing stuff. Um, and it's just a lack of knowledge. And I mean, lack of knowledge among CISSPs, you know, security experts. Often, if you ask them to explain PKI. They can't. Um, it's, it's just been a, uh, a subject that's And it's, it's, hi. Hiding in plain sight is a term we use all the time.

Mehmet: Do, do you think that the, the reason for that, because at some stage I was so obsessed in, in reading about cryptography and, you know, cybersecurity in general, and one of the things that I noticed, especially when the chapters were discussing the PKIs and discussing how cryptography work and how certificates work, there's some math involved in this.

Mehmet: Do you think like this is why people try not to focus on these areas and they take it for granted? Oh someone, you know have these [00:29:00] public keys, you know, why I should care about it. Do you think this is part of the problem? 

Wes: Yes Yes, and in fact, I can't tell you how many times When I mention PKI, um, they respond with something about encryption and, um, and, and, yeah, this is one of the things that makes explaining PKI so difficult.

Wes: Yes, encryption is involved in PKI, but it's, It's, it's when, when the need is, so PK is good for three things, basically, authentication, digital signatures, and decryption key management. Now, when you're wanting to encrypt and decrypt a file, asymmetric is only good for [00:30:00] small, very small files like symmetric keys.

Wes: You know, it, it gets. When you, when, when the assumption is that it's about encryption, you get into the weeds quickly. And so you need to avoid Just talk about authentication and digital signatures, digital signatures. Even more than authentication are going to save the world for chaos, digital signatures, everywhere, DSE, and forget encryption.

Wes: Because when you start talking about encryption, then you have to differentiate between symmetric and asymmetric and you know, and, and, and then the fact that you are using encryption to, to encrypt a key, [00:31:00] an encryption encrypt. An encryption key. You know, um, that becomes that's where that's where understanding of PKI goes off the rails, because it does get complicated, not mathematically complicated.

Wes: But logically complicated, because there are more moving parts than people are expecting. So, if we just focus on authentication and signing, that's the key, and digital signatures. Really, the amount of the, the need for encryption, encryption of files. is dwarfed by the need for digital signatures. And people don't think about digital signatures.

Wes: They, they think they, when they hear PKI and they hear talk about this stuff, they, they relate it to [00:32:00] encryption of files. And, and, and we need to somehow steer people away from that, you know, abyss and get them back to thinking about digital signatures, which are much easier to explain and much more valuable and useful and a bigger part of the solution.

Mehmet: I think you're right 100 percent Wes, because also when I discuss this with people. You know, familiar with the with with the matter as they say, so they forget that you know, you know, usually the first thing when you Someone goes to to learn about security. They tell you about the confident confidentiality of the data Which is encryption does and the integrity which is where you know, I need to know that Is it Wes who sent me this message document, whatever it is So you have your digital signature on it and you need to make sure that it's not forged by someone else So I think people it's mine and I blame the media a little bit [00:33:00] honestly here I blame, you know some you know, uh, I would not say Thought leader or anything like this some people who have kept talking about, you know, they were showing us these screens with you know, these Numbers flipping and the encryption happening in the background while they forget to educate us I mean the general public about you know the importance of the digital identity to your point because I said encryption you it's easy.

Mehmet: You can you don't need a Supercomputer to to encrypt something you can even do it using a Simple Python script, whatever it is, um, but you know, to ensure the digital identity of someone, this is, you know, the more bad now with all what is happening West, like with with evolving. Could I 

Wes: add one thing, one thought to that?

Wes: Sure. The language of PKI. The practitioners have [00:34:00] some practices that just multiply the confusion. And the worst of all is you sign the file with your certificate. No, you don't sign your file with a certificate. And that confuses people because they've also been told that, um, they need to quote unquote keep their certificate absolutely secret.

Wes: Make it secure. And then they're told, send the certificate to, well, you know, the PKI expert understands totally from context, which you're talking about, whether you, you're referring to a private key as a certificate, but the poor uninitiated, it's totally confusing. And that has thrown people off the rails too.

Wes: That, as much as anything, is what has, uh, made PKI this. [00:35:00] mysterious thing hiding in plain sight. We just need to, you know, take these PKI experts aside and say, do not say sign with a certificate. Do not say, keep your certificate secure and then say, send your certificate. You know to your relying parties clean up your language 

Mehmet: Absolutely.

Mehmet: Absolutely now You know like I want to ask you about some, you know As you said you've been here, you know talking about this and practicing this for a long time and all the Great work that you have done In this field. Um, when do you think we can expect a safer, uh, you know, internet safer place where really we can have this accountable, uh, security and identity [00:36:00] applied?

Mehmet: on a large scale, like, and especially, you know, I'm asking you this, do you think like what we are seeing in the emerging technologies space, you mentioned blockchain, people talk about, I know that it's not directly related, but You know, people talks about quantum, people talks about AI, everything is, you know, accelerating now.

Mehmet: Do you think we're going to see an acceleration in the mass adoption of this? So we start to see less CTBG to your point, catch the bad guys?

Wes: Here's the thing, here's the key. When you talk about the internet, it was originally referred to as an information highway or an information superhighway. And it's a very apt metaphor. It works. But what is a highway? It is an outdoor public transport system. How do we typically use highways? [00:37:00] Don't we typically, you, you are sitting in a, uh, a building, and I'm sitting in a building, and typically, we use highways to go from building to building.

Wes: Yes, the outdoors is a wonderful place, and we all would like to find ways to spend more time outdoors. Um, but we don't hold our meetings, keep our files, and let our kids hang out by the side of the highway, right? What do we, what, what do we do when we find ourselves living and working in a cardboard box by the side of the highway?

Wes: You know, in other words, what do we do when we find ourselves homeless? We find a building, right? We look for an indoor space. Where are the buildings? Where are the buildings, the online buildings? And the fact is, again, PKI is a remarkable construction material for secure [00:38:00] online buildings. Now here's another thing about the building that you and I are both sitting in.

Wes: I understand you're in Dubai. Um, I'm in the U. S. state of New Hampshire. Um, I am 100 percent certain that both of our buildings have occupancy permits. In other words, a licensed, legally liable professional has the rights. declared the buildings that we're in to be habitable. In other words, there are no secret passageways.

Wes: Everything is on the, the drawings and if, if some breach is discovered, some impropriety is discovered, they're legally liable. And if it's truly a case of deception, they'll go to jail, whether in Dubai or in New Hampshire, in the U S there's your answer. There's your answer to that. We don't [00:39:00] fix the highway.

Wes: The highway doesn't need fixing. It does its job well. What we need is buildings. And that's what quiet enjoyment is about. Quiet enjoyment is a real estate term. Quiet enjoyment is, is the summation of a lease in two words. It says, you know, here's what tenant in good standing is entitled to. A in a habitable structure, you know?

Wes: Uh, and it's not just about noise, it's about security. Uh, it's about working elevators. It's about basically a structure that works, a building that, that delivers what a building is supposed to deliver. That's what we need. There's your answer. It's as simple as that. 

Mehmet: I hope, you know, people get it and finally reach with that, um, Wes, any final thought you want to.

Mehmet: Leave us with today. Anything you want to mention to the next generation? [00:40:00] Um, you know, leaders in this domain, uh, you know, out off, you know, years and years of experience that you have. 

Wes: Well, certainly, um,

Wes: The problems that we are facing call for stepping back and reevaluating, questioning the assumptions that we use, not just in security, but in our whole digital infrastructure. We're moving to a digital world, We're living in digital space, and yet there are things that have been learned over not just decades, but centuries about making spaces habitable.

Wes: PKI dates back to the 70s. Occupancy permits are a lot older than that. Um, the solutions that we're looking for [00:41:00] are old. Now it's a habit of of the technology community to always be looking for the new new thing. Um, our solutions are are not You know, aside from identity reliability scores, which basically was, uh, created by the U.

Wes: S. National Institute of Standards and Technology, NIST, they have their own system, um, uh, IDQA I think is, is, is superior. Um, that's new. Identity reliability scoring, evidence of identity, etc. is new. All the rest of it is old, old, old stuff. Um, so look for that which is hiding in plain sight. Understand PKI.

Wes: Um, and go to authentic verse.net, authentic verse.net, [00:42:00] uh, to see how a whole continent can, uh, digital continent can be built. Where, where accountability reigns. Where City Hall dictates the, uh, conditions under which buildings can be built and communities can be organized, uh, but otherwise leaves, uh, you know, leaves people.

Wes: Uh, people free to do their own thing. 

Mehmet: That's great, Wes. And, you know, um, I would highlight one thing you mentioned is we need more education for sure. Like this is something we, uh, all my guests that, that came to the show, especially when we talk about the cyberspace, we, we still have a lot of work to do and it's not, you know, the, the traditional courses that are like short videos that.

Mehmet: No, we need like this to understand, especially the PKI, I believe, you know, what [00:43:00] you, you, you told us today was it, you know, it opened my eyes on many things, honestly, from a personal perspective, although I consider myself someone who has knowledge in, in, in this space, but, you know, looking at things from different perspective and one takeaway from me, which I wish also people would take from you also, Wes, is, you know, Let's stop doing CTBG, you know, I'm 100 percent with you on this one.

Mehmet: Uh, we need to solve the problem, not just, uh, chase some fake things or fake promises, I would call. So this is another one. And regarding the website you mentioned, this would be in the show notes. So for you listeners, if you missed this, you will find the link in Um, to, to the website and the show notes.

Mehmet: Also, you will find, uh, the link to West's website also as well. So if you want to connect with him, you can do so. Wes, thank you very much for, for being with me on the show today. I really enjoyed it. [00:44:00] It's very informative. And, um, again, you know, you took the time. Uh with me today, so thank you and for the audience if you just discovered this podcast.

Mehmet: Thank you for passing by I hope you enjoyed please subscribe. We are available on all the podcasting platforms And if you are one of the loyal followers, thank you very much for keep, you know Sending me your messages and notes and recommendations keep them coming. Thank you very much and we will be Together again very soon.

Mehmet: Thank you. Bye. Bye. Thank you. My met. Thank you