44:21

SUMMARY KEYWORDS

people, privacy, cyber, systems, vendor, cybersecurity, organization, attorneys, case, talking, supply chain, questionnaires, kinds, thought, thoughts, data, necessarily, insider threats, threats, solarwinds

SPEAKERS

Debbie reynolds, Debbie Reynolds, Victoria Beckman

Debbie Reynolds 00:00

Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, my name is Debbie Reynolds; they call me "The Data Diva". This is "The Data Diva" Talks Privacy podcast where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. Our very special guest on the show is Victoria Beckman; she is the Associate General Counsel, Security, and Privacy at Shopify. Hello.

Victoria Beckman 00:41

Hi, Debbie. Thanks for the invitation. It's a pleasure to finally make it here.

Debbie reynolds 00:47

Yeah, well, you're fascinating. I've followed you for many years, I followed your trajectory for many years from your time being at law firms, I think you were at Frost Brown, your time at Microsoft. And now at Shopify, you're always putting out very helpful information around cyber and privacy; you have a very unique background, in my view, because you've dealt in the past with things like cybercrime and stuff like that. So I think you have a very interesting lens that you look through. Also, you and I have the pleasure of being on a list. I think it’s 2022 The Top 50 Cyber Influencers. People throw me into cyber, for some reason, a lot of times, but why don't you tell us? Why this career path for you? And how did you come to be where you are right now? It's just interesting to me.

Victoria Beckman 01:43

Well, thanks for all those words, nice words. And I also don't like the word influencer; by the way, I don't think I'm an influencer or anything. But I, it was kind of luck and circumstances. Before being an attorney, I was an engineer. And I like the technical aspect of systems. And I did a minor in information systems. So it's something that I liked. When I was in law school, I wanted to be a public defender, and my heart was into being a public defender. And after law school, I went to do that, I loved it. And I thought I was going to be doing that for the rest of my life. But then life happened, then I got married, and I moved to Ohio with my family. And there, I had to go back to private practice because there weren't any jobs as a public defender; it wasn't really even by choice. So I went back to a firm. And the first firm that I went to was very small; there were only five or six attorneys, and a case that was conflicted out of a big firm came in, I mean, involved a hacker and money and funds that had been transferred to China. But the case was already in the kind of late stages. So all the forensics, everything had been done. And they thought, oh, you're an engineer; you will understand this. They gave me the case, I didn't understand absolutely anything. But I really liked the topic. And I thought, if I'm going to be at a firm, this is something that I can actually enjoy, and that I can learn more about. So I decided to just start reading about it, start looking into any classes or conferences and things like that. And then it became kind of organic, that people said, oh, well, you knout about cyber or privacy, and they started giving me cases. And that became my practice.

Debbie Reynolds 03:55

Wow, that's interesting. I think there's a theme here when I see people who have very unique career paths, they find something really interesting. And they go out of their way to really pursue that. And then you basically made a name for yourself in that area, which is amazing. Thank you for that. How is it that you found yourself going from law firms to corporations?

Victoria Beckman 04:23

It was also luck, like pretty much everything I feel in my life. I was not looking for a job. And I didn't think I could move from Ohio because of our family situation. So I was working at the firm, and a recruiter from Microsoft approached me. Initially, they told me the job has to be done. The person has to move to Florida, and I say, well, thanks for nothing. And then a few months later, they reach out and said we're looking for a very specific profile because, in that particular position, they wanted somebody who was bilingual in Spanish and English because I was covering the Americas who had JD and a license in the United States because historically, they had foreign-trained attorneys doing that. And they knew about cyber. And that's not necessarily an easy combination to find. So we started talking, and they said, well, you don't have to move right away. And we were in the middle of the pandemic and everything. And finally, when I accepted the job, I said, okay, fine, I'll move. I ended up moving to Florida right away. But that's really how it came about.

Debbie reynolds 05:47

Oh, my goodness, well, I'm sure they saw what we saw. See, you're incredibly helpful, incredibly well-versed in these areas. And I think you communicate really well in terms of being able to send that message to all types of audiences. Because you're not just talking to legal people, you're talking to business people and trying to understand how your expertise fits within a business. So I think that's really cool. What's happening in privacy or cyber right now that's concerning? What are you seeing? Maybe in the news or something, you're saying, oh, wow, I don't like the direction this could go?

Victoria Beckman 06:28

Well, I don't think necessarily, I have an opinion as to I don't mind the direction this is going. But we are pretty concerned with AI and the uses and implications of AI in both privacy and cybersecurity. I think any technology is not good or bad. I think there are amazing use cases for AI. I think it's going to help make things efficient; there are a lot of positives. But also because there's new technology. And we don't know what can happen. There are a lot of unintended consequences. And in the same way that it's helping us, for example, do defense of systems, it's also helpful for attackers to use it to attack and to scale their attacks that are to make it a little bit more complex and sophisticated. The fact that there is not much legislation, and that is new, but it is already being used at a massive scale. All of that is very interesting to me. It's just interesting to see what could happen, what we can do to prepare what the legislatures will come up with, knowing that maybe by the end of anyone drafting legislation, probably the technology is already way far advanced from where we started so that topic is something that I'm concerned or interested in learning.

Debbie Reynolds 08:09

Yeah, I share your concern there. We've always seen technology outpacing law and regulation, right, because it tends to be very reactive. But I think the difference now with things like AI is that there's just the exponential growth there of all the use cases, and it's hard to pin that down. So I think that gap between innovation and regulation is getting a lot wider. And it's going a lot faster, I think in the future.

Victoria Beckman 08:42

Right. And it's also accessible to everybody, which I think is a good thing. But obviously, that will also bring consequences. Because when something like that is open for any purpose for people with any intentions or any training. It could be there's a lot of room for error for users that we don't want to be used to. But at the same time, again, I'm a fan of having technology and access to everybody being creative and using technology for good causes.

Debbie Reynolds 09:20

I want your thoughts, just some general executive advice around working with different groups of people, right? Because when you wear a legal hat, if you're in a law firm, your business is law, right, but if you're in a corporation, their businesses, whatever it is that the corporation does, and you're a part of helping them to do that. So how have you found collaboration with groups who are outside of the legal sphere in organizations?

Victoria Beckman 09:59

Well, I think that's something that I was still working on. And that I will probably work for the rest of my career. It was a difficult transition to come from a law firm to a corporation because no one teaches you in law school how to deal with that and what you have to do to get to know your clients, your internal clients, and the organization. To know that you're even there. But in general, my approach to this and everything really is I tried to be as not only approachable but explain things as well, I wouldn't say simple, but in a way that I think the receiver of that message will understand. So when you talk about, for example, the information that I post is really, it came out of the fact that I'm a visual learner, I like charts, I like tables. And so I started doing them for myself, and I figured they are useful to me; maybe they will be useful to other people if they're people who don't find it valuable. That's completely fine. But I learned like that. And so in the same way, I think, when approaching teams in the organization, that way, trying to put myself in their shoes, because that's a huge difference when you're outside counsel, it's a little bit more based on theory. It's kind of the law says this, and you have when you're in a business in real life when you have to consider whether you have the resources, what the consequences for the rest of the business will be, the appetite for risk, and all kinds of considerations. I tried to put myself in their shoes and be creative and say, well, we have to achieve this point; we have to comply by doing x. So if we cannot get there perfectly, what can we do? Where can we meet in the middle? Is there a different option, maybe a temporary option and I think when people know that you're just not an attorney coming to say that you have to do this, they're willing to work with you on collaborating because, at the end of the day, everybody wants to get to this solution. I'm also accustomed to working with engineers, and I think still a lot like an engineer, so I feel I have good skills in being able to interpret or translate for those more technical teams.

Debbie Reynolds 12:49

Right. And then I think, often I think the thing that you're doing that is really bridging the gap is that you understand a lot around the mechanics and operational side of what these teams need to do. So it goes beyond the theory of law, but just trying to think about so how do we achieve this in our organization with people that we have, with tools that we have at our disposal? Right?

Victoria Beckman 13:18

Right? Yeah, I think we have been pretty creative.

Debbie Reynolds 13:24

Let's talk about cyber and privacy. Maybe people in the US confuse it more than most right? I feel like sometimes, even at the policy level, a lot of times when people are talking about cyber, when they give them the detail, oh, that part is privacy, this part is cyber. So tell me your thought about the difference in cyber and privacy and how they interact or intersect.

Victoria Beckman 13:48

But I think the elevator speech that everybody gives about privacy is about authorized access to information. So you've already collected information, or you're going to collect that information. And you just need to know who can have access to that. And you control that. And cyber is more on our authorized access to information and how you protect that information that you already collected from an outside or even any internal attacker. That's kind of the main difference. And in reality, there is a lot of interaction because for example, a lot of the privacy laws, if not all of them, will say well, you have the obligation to keep this information protected. And so that's where you kind of inject this cyber component saying, in order to keep this protected, we have to have, I don't know, multi factor authentication. We have to have passwords that meet certain requirements. We have to do all of that. So they do work together in our way. But as I often explain within the organization, not every incident that could be considered a cyber incident is necessarily a privacy incident or something that we have to worry about in terms of notifying, or there was personal information because you can be attacked and just not have your systems available without there necessarily being any exfiltration of data. So I think it's normal and understandable for people to get those two confused, but I do see it as a separate thing. In my mind, privacy has the component, a huge component, that is privacy compliance and the laws do you have your data inventories for GDPR? Do you have, do you know how to respond to a data subject request? Do you have those kinds of things that we don't deal with as much in cyber because in cyber, we are concerned with incident response, with whether or not we had the technical requirements that we need to comply with to keep that information secure? But also, sometimes we have contractual obligations to notify within a certain amount of time. So it's all in there.

Debbie Reynolds 15:01

What are your thoughts about security questionnaires or privacy questionnaires to go out to organizations? I feel like with all the new regulations around cyber and privacy that are coming up, well, maybe I can't imagine there'll be more than a 200 on a questionnaire. Maybe we have 50 more questions there. How do you see organizations being able to try to navigate that in terms of figuring out what their third-party risk would be?

Victoria Beckman 17:05

Well, I really can't speak for any organization. But what I see or what I have seen is that we do have, for example, at Shopify, and just let's make clear that I'm not speaking for my employer; it's my own opinion. But we do have a questionnaire. It's not that long. And we really use it to evaluate vendors that we have and how to do the onboarding; it doesn't mean necessarily that we say, oh, no, you don't comply with this. And because there is also not, just like in privacy, there is not a Federal law that certainly that says you have to have this system and this firewall, and this, this and this. So a lot of times, we could just ask were accommodated or something like that. But it is very useful in cases, for example, when we are outsourcing certain functions, and the employees of the third-party company are going to have access to our systems. That's when those questionnaires are critical because we want to ensure that not only do they comply, they have the documentation, and they have, they provide their stock documentation is so, and that they're aligned with our own systems. Because we all know that when it comes to liability, at the end of the day, if there is an attack or something, we can say, oh, no, it wasn't us, it was x vendor that we hired. So I find them useful. I don't necessarily think they have to be that long. Because I think you cover the main areas. And then, depending on the vendor, or the third party, you can emphasize if, for example, you're hiring or getting a vendor for artificial intelligence, you can emphasize whether or not there's going to be information, it's going to be used for the training of their systems, all kinds of very particular things to each vendor.

Debbie Reynolds 19:11

Yeah, I agree with that. I'm hoping to see more common sense in that area because I've seen some questionnaires it just really didn't fit what the third party was actually doing, right? Because, like you said, if you have someone who's doing a critical part or something you're outsourcing, you may have different questions for that company. Other than maybe there's a vendor that supplies you something, they have five employees. Would you ask them for a SOC to audit or something? I mean, I've seen all the spectrum of this, and some of them, it just doesn't make sense in some ways.

Victoria Beckman 19:48

I have a feeling people say that attorneys ruin all the fun, and I have a feeling this is one of those cases where attorneys were like, oh, I sent them 300 questions because we cover ourselves by being able to say later, well, we asked for this and for that, but that doesn't mean that they're necessary or fun to deal with.

Debbie Reynolds 20:11

One trend that I'm seeing, and I'm hoping that I see more of this, I see some corporations that I work with, they're coming up with things like codes of conduct that are saying, this is the way that we handle our systems, you agree that you're going to align with this. So they're not saying, oh, five-person company, you have to have a SOC 2 type 2 audit or something like that. They're saying, hey, this is the realm in which you need to work. This is how we think that you should handle data and stuff like that. What is your thought about using a code of conduct to help in that process?

Victoria Beckman 20:51

Well, I am a big proponent of doing anything within the limits of the law and being compliant but doing what works for the organization. Because again, one thing is what the law says, a very different thing is when you are in real life, and you have a limited amount of resources, or you have to deal with all kinds of vendors. So those kinds of conduct may work. It is hard to do them at a scale when you're dealing with different vendors of different organizations and for very different systems. Because in our case, for example, yes, a code of conduct may work. And a lot of the vendors may say yes, you can comply with that. But if you're negotiating with big companies, providers of, I don't know, cloud services, all kinds of things, you're likely going to have to deal with their own terms, and to have any kind of negotiation power is not going to be just a code of conduct that we agree to follow. So that could be I mean, it doesn't have to be black and white, it could be a good solution for certain vendors or in certain areas or certain products, and kind of leave in harmony with other types of agreements.

Debbie Reynolds 22:19

Yeah, I agree with that. That's very common.

Victoria Beckman 22:23

Yeah, because as if you're evaluating, like, I don't know, a vendor that is going to provide the food for your cafeteria or something. It's kind of silly to say, give us your Sunday; give us your best. But then saying you follow kind of this very general parameter, and this is our curriculum. Cool.

Debbie Reynolds 22:45

I want to talk a bit about supply chain, cyber security. There was something you posted about that recently I thought was really cool. But also, I think that there's more talk in just the industry, in general, around the supply chain. And I think maybe some of this came about; maybe it's always been there, right? A lot of people started talking about it more after the SolarWinds hack came because they're like, hey, who are we using? What are they doing? Is it more than third-party risk? So thinking about the supply chain is very different. So are you seeing more people talk about supply chain cybersecurity?

Victoria Beckman 23:26

Yeah, and I think you're right. I mean, obviously, those things existed and have existed for a long time. But I think SolarWinds was a good wake-up call. I also think that things like them call them your pipeline. And even they were in Ukraine, have raised some awareness to the public that those, like the supply chain critical infrastructure, is so important because you can have probably worse consequences sometimes of having an attack to those, as a supply chain attack that attacks multiple critical systems, that even a physical war. So I do think people are talking a little bit more about them because they're seeing the potential consequences of them. And I think I at least assume that intelligent people, I think people are thinking about those, they're trying to set their security systems to avoid those kinds of attacks, but there are fairly sophisticated, and sometimes it's very difficult to have control of everybody involved in the supply chain. And it's costly as well. So yes, I think you've seen an increase in the talk about that, but it's not like people are freaking out. At least I haven't seen it.

Debbie Reynolds 25:00

Yeah, I haven't seen that either. I want your thoughts about this, mind shift, hopefully this mind shift that either is happening or should be happening around cyber. And for me, the mind shift is, in the past, some people thought about cybersecurity, almost like the fire department. So it's like, oh, we don't have to do anything about it until something bad happens. And then people are going to spring into action, right? And then the other one is the idea that somehow your organization is like a castle. And all you're doing is protecting the castle and keeping the threats out of the castle. But we know that threats are in the castle, right? And this, maybe this goes again, to supply chain as well, where you can't just think about the exterior threats; you have to think about the internal threats. And also, I tell people don't think about things and like a Mission Impossible way, like someone's hanging from the ceiling, trying to get to your computer systems threat, whether it's malicious or not, is still a threat. Right? So tell me your thoughts about this mindset of going from a reactive cyber posture to proactive one. Are we getting there?

Victoria Beckman 26:13

Well, first, I think it'd be awesome if there were people dropping from the ceiling, I think that would be a pretty cool job. But I do see a really good trend, a positive trend in that mentality has changed a lot, in the last 10 years. And in the last, I would say maybe four or five years. I think people are getting it. And it is hard for organizations sometimes. Because like all of us humans, we have a tendency to like kind of immediate results. And so it is difficult to explain to a board of directors or to a C-suite that we have to invest a lot of money now to prevent something that may happen in the future. It is kind of one of those things that I feel like all of us learn from our mistakes. And it's one of those things that anyone that has gone through a major incident understands now the importance of being prepared. And they should have done something before. But when it's kind of an abstract concept, it's harder to get your mind into that. Also, I do think, though, that this kind of famous or infamous attack. And the fact that there's been enforcement by the SEC, the FTC, and those kinds of things, has definitely opened the eyes of a lot of world directors, a lot of other more requirements about how the C suites, the board of directors have to be a little bit more savvy to at least, they don't have to go and figure out, and you know, mitigate the actual, at least in the case of a data breach. But they have to be a little bit more savvy as to how this happens; it happens to every organization. These are the consequences, not only the cost but the reputational costs, the fact that your production may be stopped for days and that you may never get the information back. So I do think that is a great shift. There is a lot of work to do. I don't know how to really balance that well because I am not a fan of scaring people to death, and being my goal, you're going to be attacked and this and but also, sometimes I feel like unless people see those crazy scenarios, they don't believe it. So it is kind of a balance that we have to deal with. But I'm pretty optimistic. Well, I'm pretty optimistic in general. But in this case, I'm also pretty optimistic that people are getting there and understanding why we care so much.

Debbie Reynolds 29:06

I agree. And I think that is a really tough balance because I also don't like to scare people like oh my god, the sky is falling, right, even though the sky could fall. Part of that balance is, in a way, I feel like people who do the scaremongering, they do scaremongering on fringe things, you know what I mean? Like the most extreme, ridiculous scenario, just like the Mission Impossible thing. So you're talking about the Mission Impossible thing. You're not thinking about the person who has their password taped on their monitor, you know, I'm saying where that's probably more likely to happen. And that's like the less sexy threat, right? Because you have even, it's so funny because I do CLE classes with attorneys and stuff like that. And it's so funny because when I do think about insider threats, they almost always talk about a disgruntled employee, I'm like, that's so fringe, right? I may see an article in the newspaper about that. But insider threats mostly are not malicious. They're not like a disgruntled employee or whatever; it's some mistake, maybe they happen. Someone maybe doesn't have the training, maybe they're in some type of gap, the way that you do your system or whatever, and it may not be malicious. So if you're focusing on that scenario, you're missing the majority of what insider threats could be; what are your thoughts?

Victoria Beckman 30:31

Yes, no way, I guess, not to give credit to the bad actors. But yes, I have to give credit that they're pretty good. So when those social engineering, some of those emails, you cannot tell that they are fake, it's impossible. Sometimes people may have the training, but they have their little notebook where they write down every password and everything because they don't. So I do think that they're not to make it at Mission Impossible level, but there are risks that are not as sexy as the other ones. And so people don't really consider them the same way that they don't think that they could be a risk because they're like, well, I'm just, you know, putting my password, doing my job or something like that. And you're right, a lot of it is unintentional. But regardless, the consequences can be very serious, despite the fact that the person may have had the best intentions in the world. So I think the awareness, that's why it's so important, the awareness has to be at all levels, is not just here, CEO of the company, we may be attacked, like SolarWinds is everybody. Think of your personal life, think of what you do, and be aware. Because even in our personal lives, when we're talking about cybersecurity, it affects all of us. So even in your personal life, if someone you know, someone takes advantage of someone else because they take their bank account, they send them some email they do, they sometimes abused elderly people. So I think the awareness has to be for everybody and has to be in a way that they can relate. I cannot relate to an attacker when they steal millions of dollars because I don't have millions of dollars. But if I hear of some kind of scam with something, I don't know, Starbucks, maybe I won't fall for that.

Debbie Reynolds 35:01

Yeah, I agree with that. Talk a little bit about women in tech. I'm very much a proponent of this. I think there are quite a few women in privacy; it's probably more women than men, I think in privacy. But I think that happened because when privacy wasn't a hot issue, a lot of the guys didn't want to do it. So when it became a hot issue, like, hey, here we are, but we definitely need more women, we need more people of color in these areas, we need more people that are visible and can do like us, speaking, being able to share information, because the threats and the problems that we have in society as it relates to privacy and cyber, it impacts all of us. And all of us have a different lens in which to look through. And also, the risks are different for all of us. So what are your thoughts about that?

Victoria Beckman 35:59

Oh, Debbie, we can sit here all day when we're talking about that because I agree. I mean, I think cyber is different in that regard; when we're talking about diversity, cyber is very different than the behavior that we have seen in privacy. And obviously, I 100% think that teams have to be diverse, that there's going to be diversity of gender, diversity of race, of cultures, or all kinds of anyone who benefit from having a diverse team. And historically, it just hasn't been an environment that is very welcoming to women. And so it's not necessarily an easy position to be in; it is very common for me to be in meetings and in rooms where I'm the only woman, let alone the only Latina I can pretty much count them in one hand. And so that's why, at least for me, is very important to be a role model to open doors and to welcome those people into the industry. I feel representation is very important. Number one, if we don't see anyone that looks and sounds like, guess it's going to be very hard for us to imagine that we can become, you know, achieve those roles in higher positions. And also, unless there is somebody that we that is trying to be welcoming in and said, you can sit here and I went to all these obstacles, let's make sure you don't go to those. And you encourage them; we will, if they're more of us that we will make that a collective effort, and people will feel more welcome. So I think it's kind of a snowball effect. In my case, people often ask me my goals or my motivations. And to be honest, my motivation has never been to be this or do this or have this title. But in the last maybe five or six years, I realized the importance of going higher up in that in that corporate ladder because of the importance of that representation and breaking those barriers so that I can welcome other people. But I think it's a workflow that all of us have to do. I mean, it shouldn't be like the burden of the person trying to break into the industry; it should be all of us in the industry. Obviously, men are different people with different backgrounds. And we need it; we definitely need it. It is a given that if you have people with different perspectives, people who have had different experiences are going to think of things that someone else may not. So for example, if I'm not blind, I'm probably not thinking every single day about things that are an obstacle in my life. And I won't bring it up when we're thinking about security or a product. Because it just not something that is constant in my life. But if we have a diverse team and there is someone like that, for example, well, what about if someone is blind? What about someone who says what about if someone doesn't have this experience? So I think I think is important, I think I will say it until I die and on my part, I tried to welcome people and be approachable, and I encouraged him that yes, women, minorities, everybody can be in this in this industry. There is for everybody.

Debbie Reynolds 40:01

That's amazing. Thank you. And I agree with that wholeheartedly, especially as we're moving into a lot of these AI systems; we're seeing problems with AI systems that are developed with a narrow scope of people. And then they tried to push it on other people who don't fit that criteria. And it just doesn't work that way. So I think, especially as we're seeing people trying to use AI for more use cases, that could be harmful. I'm very concerned about that. So it's that diversity of thought and people, and because it impacts all of us, I think we need people in just every area, right? And I want to see people from all walks of life be involved in privacy and involved in cyber. So I think that's really important. So if it were the world according to you, Victoria, and we did everything you said, what would be your wish for either cyber privacy anywhere in the world, whether it be law, technology, or human behavior? What are your thoughts?

Victoria Beckman 41:10

I haven't thought about that. Well, as a segue to this conversation, in my ideal world, we would have a very diverse workforce in privacy and cybersecurity, I mean, everything for that matter, to reflect a little bit better when real life is also in an idea where people will be a little bit more aware of why we care so much about cybersecurity, the potential consequences, the sophistication and power of bad actors. I don't really know, and I haven't thought about it; about legislation, I can't tell you necessarily, I think it'd be nice to have a Federal privacy law in the US, if nothing else, because we don't have to keep track of every State. But I don't know, I just feel like it's like with everything, is a matter of being able to handle and manage things responsibly. So if privacy is a lot about respecting the privacy of the individual and the rights and, and things like that, so in an ideal world, we wouldn't have to follow, you know, the GDPR for companies to be conscious, that is something that needs to be done. And that they need to care about. I also will have probably Cajun home and unlimited coffee. Okay, some things in my ideal world. But those are not relevant to this.

Debbie Reynolds 42:57

Yeah. Oh, wow. Well, it's been fantastic to have you on the show. This is really amazing. And I definitely always support all the stuff that you do and the things you're doing. You're really proud of all your accolades and the recognition that you're receiving. Then also, just, you know, always, so what does Victoria have to say about this? Just to know your point of view is really important to me in my work, so thank you for that.

Victoria Beckman 43:25

Well, thank you. I think the admiration is mutual. You know, I talked about you and I follow you, and you're kind of an icon in the privacy world. And I love it because I think there needs to be more of us. More people like us, women, women of color that have those voices, and I appreciate it. And I definitely appreciate the invitation. This is like as close as I have ever been to being famous.

Debbie Reynolds 43:58

You're definitely famous. Well, I'll definitely talk to you soon, and thank you so much for being on the show.

Victoria Beckman 44:06

Thank you.

Debbie Reynolds 44:07

Okay, bye