Making your data watertight with GRC best practices
39:36 Share

Welcome to today's episode of Lexicon. I'm Christopher McFadden, contributing writer for Interest in Engineering. Today, we sit down with Andrei Rokotu Malala, a cybersecurity and compliance expert, to explore how GRC, government risk and compliance, helps organizations protect data, mitigate risks, adapt to an evolving cybersecurity landscape.

Andri, thanks for joining us. How are you today? I am doing fantastic, Christopher. Good to be here with you. How are you? I'm very well, thank you. Thanks for asking. For our audience's benefit, can you tell us a little bit about yourself and what you do? Yeah, sure thing. So my name is Andri. I live here in Los Angeles. I am a GRC professional.

that's governance risk and compliance. I have about 10 years in the tech space. I've touched a lot of different elements of cybersecurity. I see GRC as one of the areas that's going to have a big boom, especially in 2025. So that's my background in about less than 30 seconds. Brilliant. Elevator pitch. Great. Nice to see. So

Many of our audience might not know what GRC means. Are you able to give us a brief overview, if possible? Sure. So GRC stands for Governance, Risk, and Compliance. Essentially, what GRC people do is we look at the different regulations that the cybersecurity industry and the different governments require different companies to have, and we make sure that the companies are in compliance with all of those.

The risk part of it means looking at the vulnerabilities of the company and then saying, hey, which of these risks do you want to address according to the company's goals? It's very cross-departmental. We work with IT, security, legal, especially, as well as the data team, because really GRC is about data and making sure we're protecting data, if that makes sense. It does, yeah. So it's not specifically just the software industry. It can apply to any industry, really.

No, it applies. Yeah, that's a very good point. It applies to all industries. So every industry does have a regulation set. If you think of restaurants, they have food regulations, right? And then if you look at automotive, they have regulations how they have to build a car. Same thing with both these in terms of compliance when it comes to cybersecurity. I'll talk a bit more about it, but all of these companies hold data and that data does need to be protected because at the end of the day,

GRC is under the cybersecurity practice and cybersecurity is about protecting people, places, and things. So those things would be the people's contact information. Of course, yeah. And any other sensitive data that could be used, right, to kind of clone their identity or whatever, commit fraud and stuff like that, right? My understanding currently. Oh yeah, 100%. What you're specifically talking about is called PII. It stands for Personally Identifiable Information.

And that's something that makes it unique, such as my social security number, your email, your home address. Those are things that cybersecurity professionals are trying to protect. But it's not just that. They're also trying to protect valuable company assets, right? So financials, maybe products. They're trying to protect anything that threat actors could leverage to cause disruption or gain a financial advantage.

Makes sense. In that case then, so why is understanding GRC essential, do you think, for software professionals today? You've done a cover of it.

Yeah, the answer to this question, I think, is multifaceted because when it comes to software and when it comes to software professionals, a lot of times the entire goal is to put something out quickly, like a good product quickly, and they skip over the important pieces of secure code. Part of these regulations means looking at software engineers and saying, hey, are you building your code with security in mind?

Security does fall under GRC because organizations need to understand that if they get breached, they're not just going to lose their data. They're not just going to lose their reputation, but they also might lose a lot of what I call their trustworthiness, right? GRC helps lower the likelihood of a hack or an incident.

and it also lowers the impact of it. We have a saying in cybersecurity that it's not just about if you get hacked, it's when you get hacked. And so the...

concept of GRC is to put safeguards and controls in place in order to lower the likelihood of an event happening. And if the event does happen, it has a smaller impact, which I'll talk about later. So GRC is essentially, it gives you a guide on how to be more secure overall. Hopefully that answers your question. Yeah, it does. Yeah. Like the minimum, at least do this

to kind of cover yourself. And like you say, most people think of it more like a data breach, stealing financial information. But like you say, a risk to your reputation as a business is probably more serious that could put you out of business.

Yeah, 100%. I mean, there are countless hacks out there like there's SolarWinds, Target, LastPass, all of these. If they get into the news, they get a major reputational downfall back in 2017, I believe, or 2013 or so when Target lost.

like they leaked a bunch of credit card data, a lot of people were very wary about shopping that target. Now that's since been forgotten and people don't really care about it anymore, right? But it does bring into point that if they had the correct GRC things in place, it would have lowered that likelihood and wouldn't have had such a big impact. Yep, agreed to. So GRC, is it a set of kind of standards, international standards or a mixture of that national ones or...

How does it work? Or just go ahead and learn?

Yeah, that's a great question. So when people think of GRC, the way I like to explain it, right, is it's an umbrella term. And underneath that umbrella, there are different standardizations, both given by standardization organizations, as well as the government. A good example is in the EU, there is a standard there called GDPR.

So GDPR is essentially a way for you to

gain some privacy as an end user, right? And it essentially protects you in case of breaches, as well as make sure that companies take better care of your data. That's an EU one, but it does apply to the United States if they have EU contacts. In the United States, there are a bunch of other standardizations that may not be government related, but that are associated, right? Such as CCPA out here in California. So that essentially

essentially does the same thing as GDPR, where it gives control of your data to the end user. So I like to say GRC is kind of a combination. It does have standardizations and guidelines from the government, as well as standardizing bodies of knowledge. Okay. Is it COBIT, is it, or COMBIT? Is that another one? Yes. So COBIT, it stands for the Control Objectives for Information and Regulation of Technologies.

In a mouthful, all it really means is it improves an organization's risk management, right? And it helps them mitigate vulnerabilities. What that means is every organization has vulnerabilities, right? And then those vulnerabilities can be risks because they can be exploited. So COBIT gives you a framework

and a guide to find out what those risks are, what those vulnerabilities are, and then you as an organization can decide how you want to approach it or where you want to focus. There's this concept in GRC called risk appetite. Risk appetite just means how much are you willing, what risk are you willing to take? What risk are you willing to accept? And

And what risks do you want to mitigate? Right. And so COBIT essentially helps you give you a guide on how to find all of that, as well as how to address all of it. Okay. Well, presumably an organization can get accredited to certain standards to show compliance or...

Yes, 130%. Yeah, so there are different accreditations out there you can get. I know you can do one going for ISO 27001, as well as you can do FedRAMP if you're part of the government. I do believe that COVID has one as well. There are a bunch of certifications

and accreditations that you can do, which is why auditing is a part of cybersecurity. And if you're a listener and you're wondering like, oh, what are all these fancy names? I promise you that the most important thing to remember is that in GRC, there are just different bodies and institutions that can give you a check mark if you accomplish all of the goals and controls that they have.

Yeah, it's a third part of it. You need a stamp here. This company knows what they're doing. Exactly, exactly. And that accreditation does several things. It

Kind of legitimizes the business, I guess you could say. And it gives stakeholders, C-suite and end users, like it helps make them feel safer knowing that, hey, we're accredited. We have ISO 27001. We're SOC 1, SOC 2 certified, which means that we really take care of our data, aka you, the end user.

That's right. And also, it depends. Some accreditation companies are better than others, but most of the good ones will guide you through the process as well. So if you're new to it, they can help you through the compliance process, can't they? It's all a bit big read to you.

Yes, very, very much so. So there are a lot of different accreditations out there and you're right that they all vary. Some of them are industry-based. Some of them are not industry-based, which I'm sure we'll talk about later. But they give you the exact things you need to do. They give you the exact controls. For example, there's a concept called access control. Access control is...

making sure that the right person has access to the right things and that the wrong people aren't able to access the wrong things. And access control essentially says, hey, do you have a database of all the users who can access this tool? Do you audit it every year? Do you make sure that they only have access to the only things that they have access to, they need to have access to? That's a concept of least privilege information.

in cybersecurity, meaning that you don't need access to the admin privileges of an IT resource if you're a sales rep, or you don't need access to all of the HR records if, let's say, you work on the marketing team, right? So you only need access to what you need, which is access control. And a lot of these accreditations and certifications kind of focus on that, right, where they detail it out for you. So like firewalling, basically, the data. Yeah.

Exactly. That's very important. Yeah, you wouldn't think about that. That's key. So what do you think are the most effective strategies then for assessing mitigating risks in a software-driven environment?

Well, it's multifaceted really, but I kind of break it down into steps. So the first thing that you need to do in order to effectively assess it is make sure to get stakeholder and company buy-in. That means talking to the C-suite, talking to your stakeholders, board of directors, and make sure they understand why you need to address the risks and why you need to have a GRC program in place. And then from there, you want to

align it to company goals. The reason why this is important is because if your C-suite and your leadership team says, yeah, we believe in you, let's do this. Well, then now you relate it to a company goal and then you can disseminate that to the rest of the team. Let's say one of your company goals is a lot of clients do this. It's a client centric or customer obsessed, right? In order to be customer obsessed, you have to say, well, we want to protect our customers and

And doing this will essentially help us that, right? Then after you relate to the company goal, you tell the team, you pick a framework or a specific accrediting framework

situate accrediting body. And then from there, that's when you're able to essentially like have that guideline and work through it. Now that's all about assessing it. So you'll have an understanding of your data, where your vulnerabilities are, right? Mitigating the risks back to the concept of risk appetite means making sure that you align with the company in regards to all your risks. There is something called a risk registrar.

And a risk register is something that anyone can do, right? But essentially, you just write a list of all the risks that you have at your company, and then you prioritize it based on what companies typically do is the one that has the most impact, dollar impact, or the one that is going to impact them the most due to like a time constraint, right? So let's say a piece of code isn't complete yet, and they have a deployment in a month. That becomes top priority.

And that risk registrar is an important element of mitigating those risks because then you just have to know, you know what you have to address. They say that half of solving a problem is just writing it down. That just means knowing what it is so that you can address it. I would say that's one of the best ways that you can assess and mitigate risks overall.

Yeah, if you do that successfully, because sometimes these processes can be quite expensive. So it also justifies that to the senior staff, right? Yeah, and to that point, I've had meetings with C-suite who push back saying, oh, we don't need to do this GRC program. We don't need to do this assessment. What I've found is that if you say, yeah, you're right, this is going to cost us maybe...

$50,000 to $100,000 to do, right? I bring up another slide that says, if we don't do this and we have a breach,

This is the impact. And you show them the dollar amount saying, we will have to pay $6 million to this organization. If we breach GDPR and we have EU contacts, we could pay up to 4% of our company's revenue. And once you bring those numbers into play, they say, oh yeah, let's do it. Let's do it. Let's do it. Insurance. Sorry. Think of it as insurance. Exactly. Exactly.

And oftentimes you get some other benefits from going through these kind of systems, kind of improves your internal workflow and how you do things. You find more efficient ways of doing stuff. So it has other health as well, in my experience anyway. How can organizations navigate the complex regulatory landscape and remain compliant across different jurisdictions? Yeah, so...

Yeah, yeah, yeah. Different jurisdictions and different areas. Like, it's interesting because when it comes to GRC and cybersecurity, right, the overall goal is to protect people, places, and things. Now, in different regions, different people take it at a different seriousness level. The EU does a really good job of protecting people.

of protecting their people. And it all is dependent on your industry and your location. So what you first have to understand is you have to break it down. You have to find out what industry you're in. You have to understand what regulations you're going to be held to. And then most importantly, in my opinion, is you have to understand your data.

So what I mean by understanding your data is a lot of companies, they just exist. They don't understand what data they have, how it's being used, how it's being processed. And so understanding your data is a core element to know what kind of certification you'll need. For example, there's one called PCI DSS. So PCI DSS, it's in relation to payment and credit card. If you store credit cards online,

well then you need to be PCI compliant because it essentially makes sure that you handle those credit card transactions securely. So if you don't know that you use that, well then you wouldn't know to use PCI DSS, right? And then if let's say you are a cybersecurity company and you're

you want to really stand out, you can get a SOC 2 certification. It's essentially one where it focuses on managing data to protect privacy and with an emphasis on the clients. As a cybersecurity company, you need to walk the walk and talk, not just talk, talk. So you do need to protect your company. This is just a way to explain that different certifications apply to different organizations.

Obviously, if you don't manage payment information, you don't need PCI DSS. But if you want to, let's say, manage data more securely, you would use something like SOC 2 certification. I will say...

There is this lovely individual who I met on LinkedIn. Her name is Leah. She wrote this wonderful piece about the ultimate list of cybersecurity regulations, and she broke it down by industry. It's very intuitive. It's very well broken down. I'd highly encourage anyone to check that out. The title of it is Ultimate List of Cybersecurity Regulations by Industry, and it was written by Leah Sadoian.

said dolean i believe it is but uh that i think would answer this question greatly because she breaks it down probably in better ways i'm able to explain if you send me the link um we'll copy that in for our audience to to find it easily um so presumably then as long as you got the basic nuts and bolts of the same no matter which accreditation you go for right so but if you're in america um i forgot the name of the one you said it applies in america

The PCI DSS or SOC 2? PII was it or COVID, something like that. PII was... Anyway, if you comply with that, presumably you're more or less fully compliant with the GDPR and say one in, I don't know, in Asia or something. That's a very good question. So yeah, that's mostly correct because...

A lot of these accreditations and a lot of these organizations, they coincide. They have some of the same controls, right? So just being compliant with one or two of them already sets you in a good position to be compliant with a bunch of others.

According to GDPR, it has a couple other very specific data security rules, but it never hurts to have another certification to say, hey, I am SOC 2 certified, right? But you are correct that it does overlap and it does make you more secure and able to complete other accreditations and certifications. Yeah, just need to modify a bit more usually. Yeah.

Okay. In what ways can GRC technologies and automation help streamline compliance processes? I think I would say in three easy steps. So with automation and AI moving forward, I think it would just be through just general automating tasks and more efficiency and finally more dashboards. So

AI has been a tool that's been used in cybersecurity for a long time. And there are a lot of things that could be automated. For example, it's checking a system controls. So you could go into each server or each device manually and check to see if they have the right security things in place, if they're right in the right of

AD group or if they have the right access. And that would be manual. So me and you going into each computer, right? Whereas if you use AI, you can say, scan my entire network, find out all the devices and find out what they have access to, which as you can imagine, it saves so many hours of human work time, right? There are tools out there kind of like OneTrust and LogicGate. Those are some common GRC tools, such as also ServiceNow that

essentially are cloud-based and they allow you to leverage AI to automate compliance overall. Now, as you can imagine, GRC involves a lot of data and knowledge, right? Now, AI feeds off of data. And so when you use AI to look at the data and give you a, like a dashboard or like a, just a snapshot of where you stand, it really makes a difference.

Presumably, I don't know if this is possible, can AI periodically test your security, like pretend to be a hacker or something like that?

You can. There are tools out there right now who are automated pen testing kits. So there are some companies where you can purchase them and then on a weekly slash monthly basis or whatever cadence, you can do a one-click test to see how your vulnerabilities stand. I know that that's part of some regulations is automated.

a cadenced or at least regular testing or audit or pen test to make sure that you know where your vulnerabilities lie. But AI does have those tools. Makes sense. And do any organizations sort of recruit a white hat hacker to try and breach them as part of their GRC or am I...

Just thinking pipe dreams. No, no, no. You are absolutely correct because I was actually hired to do that in the past. So I did a lot of things in cybersecurity back in my day. And one of the things I did get asked to do was go on site, pretend to be an employee and essentially see what I could get away with. And I'm not going to lie. It was incredibly fun. I really enjoyed it. But

Companies who care about how their vulnerability stands, they typically do hire some companies to do that. And I know a lot of companies offer those services. Okay, all right. That's an interesting career choice. Anyway, how can companies ensure their GRC practices are consistent with their organizational culture and ethical values? You kind of answered it. I love this question. The reason is because

A lot of organizations and a lot of people tend to think, oh, cybersecurity, it's such a complex thing. And it's something that just the IT and security team have to focus on. But when it comes down to it, cybersecurity is an all-employee thing. It's not just anyone. One of the big reasons is because humans are the biggest weak link when it comes to cybersecurity breaches. About 80% of incidents happen because of a mistake from

human. Maybe they clicked on a phishing email. Maybe they plugged in a USB that they found randomly. Or maybe they were susceptible on their personal devices and they used the same password for their work email as well so that...

that causes an issue too. So the simple way to answer that question is make sure that GRC and the controls that you're going for align with the company values and culture. You want to integrate it with the culture. Part of GRC, like this can be argued, some people disagree, but I believe that part of GRC is cybersecurity awareness and training. So the best way to fight

hackers is to educate your end users and educate your employees. And one of the best ways to do that is through cybersecurity awareness. And so you want to make sure your employees know what to do when something happens, what to avoid, making sure that they understand how to approach different incidences if they were to come out. They're not scared of them. Yeah.

Yeah, essentially, because...

No, I don't know. You're absolutely right. Because I'm also a cybersecurity instructor at different universities. And sometimes when I talk about all the threats that exist, there are students who say, I don't want to get on the internet anymore. I don't trust my computer, you know, and that's normal once you learn about it. Right. But the key is balancing it out and helping explain it properly. Right. I'm a partner with a company called Hacker Rangers. And

And they are an education slash cybersecurity awareness platform, but it's gamified, right? So like, it's like a, you're, you can be a gamer. You get certain clients. If you do certain things, they give you a phishing simulation. And if you guess all the reason why it's a phishing email, you get points, you can make it competitive in between departments. That I think is a wonderful example of a good cybersecurity awareness program because it

doesn't scare them, but it helps educate them, right? And if you pair that with in-person cybersecurity awareness, I think that would really ingrain it in the culture and I think would really help with them understanding the ethical values of GRC. And you could integrate into your organization, couldn't you? Lots of financial rewards for finding a phishing email, but some kind of lead charts like, oh, I found 10

Exactly. Exactly. I've seen organizations where they say, hey, whichever department has the highest score in phishing gets like an extra six hours of PTO or something like that. And that gets people going, you know, or they offer like a money bonus or something.

Well, it pays off, right? And so it kind of leads on to this question. What challenges do organizations face when implementing continuous monitoring and reporting within their GRC frameworks?

I would say the very act of monitoring and reporting itself is very difficult, right? The first thing you have to do is you have to get over the hump of becoming compliant, right? That takes, that can take months, maybe even years, right? And then after you do that, making sure that you don't just say, okay, we're accredited, we're in compliance now, now we're good. Some companies just say, okay, we're done with that. But

it becomes difficult to keep monitoring it if you don't keep monitoring and reporting at the very front, right? So,

When you start a project, there should be continual documentation. There should be the end in mind. And you should also say, OK, after we accomplish this, what are things that we can do now to make sure that we keep monitoring it in the future? Right. And so making sure that you said that expectation at the front helps. Why? Because it will impact what tool you decide to use. Maybe it will impact what vendor you go with.

A vendor may say, oh, we'll help you do the compliance, but then we're done. Other vendors will say, okay, we'll help you do compliance, but then we'll monitor it for you and then get you in a good place that when you have to re-get accredited or certified, well, then it's easier because you've done before or we'll do it for you. So the biggest part is just making sure you do it overall and making sure you stick to it with that expectation in mind at the very forefront.

Yeah. And it's a continuous improvement process, right? As much as you can talk to automation, but most of it, it seems like a lot at the start, but you can automate a heck of a load of it really. So it's not too taxing on your staff later down the line, right? A hundred percent. You got it. Yeah. Brilliant. All right. Um,

So how does integrating GLC frameworks contribute to organizations' resilience against evolving cybersecurity threats? So I think we had touched on this before, but the thing with cybersecurity, the reason why this entire job or industry exists is because there is a group of bad actors out there who are trying to get access to things they shouldn't, right? And

That's ever evolving. It's ever changing. It's ever improving. And so with cybersecurity, having controls in place that help protect your organization is crucial and really important to prevent those. I wouldn't. Yeah. To prevent as well as mitigate those. So here's a simple concept.

I know that people are familiar with firewalls, right? And so if you don't know what a firewall is, think of it as a fishnet. In that fishnet, it's a magic fishnet that allows certain fish to go through. But if a shark comes through or a bad fish tries to come through, they'll stop it. It has certain rules and technologies that allow it to do that.

Believe it or not, that's like one of the first layers of defense. Now, let's just say one of the fish is magic as well and manages to get through the fishnet, through the firewall. If they get through the firewall, they get into a network, they can infect one of the computers, right? Right.

But that one computer won't affect any others because of a concept called network segmentation. Network segmentation is putting different departments in different buckets. So you're putting all the computers in different buckets. And it's segmented so that if one of those departments or one of those computers gets infected or there's a threat, they can't get out of that bucket.

They stay there because of the proper tool, the proper control of network segmentation. That's just a really prime example of a GRC control that can protect your organization. The difference between one computer being infected and then let's say like 10,000 computers being affected is a direct explanation of the impact of GRC. GRC puts those controls in place so that if there were to be an incident, the impact would be so much lower than if they didn't.

That's a huge disparity between the two. But in my opinion, those frameworks and GRC certifications and accreditations set those controls and set those tools. The network segmentation is just one example. There are plenty of others out there that essentially talk about the different ways to protect your organization.

I don't know why it's come to mind, but I'm thinking of the Titanic. The segmentation would be like the watertight compartments within the hull. That's against actual breaches over the hull. But yeah, you'd have other things like better lookouts, maybe radar technology looking out for the icebergs and then post impact.

mitigation processes, like how do you clean up the damage, stop the ship sinking. That's what GRC is doing, right? Yeah, exactly. You should just start working in GRC, Christopher. I'm obsessed with the Titanic, what can I say? Can you share your perspective on the future of GRC, particularly in the context of technological advancements and automation? Yeah, I mean,

There are a lot of changes that are coming. I have some colleagues that told me about different certifications that might be coming through that might become more important. But in regards to AI, it's going to be a big player in multiple areas. Reason being, there's going to be a lot more automation of compliance. AI tools are just going to get better at automating them. And then there's going to be advanced programming

precision, I think, in risk management. A lot of cybersecurity work can be done by humans, but the humans have a higher error rate, right? So when you use AI, it can be a bit more precise, a bit more accurate. What that does is it can essentially give us, I mentioned dashboards before, it can give us a real-time view of where we stand in compliance in a dashboard because AI is going to be able to

look at the data and be able to explain to us in real time, hey, just so you know, you're in violation because of this new tool that's been added to your network or organization. It does not comply with these different rules. Right. And so,

There are a lot of benefits that AI is going to bring and that automation is going to bring. That being said, though, I would also say that there are some potential drawbacks. The very concept of AI in general has some ethical things to consider, right? So sometimes AI can be biased. It can maybe incorporate unfair or critical decision-making based off of...

the data sets that you give it. And then there's also the concept of data privacy concerns. So because AI leverages a lot of data, well, then it does need to be fed a lot of data in order to, uh, in order to adhere to that. And finally, um, there's also regulatory like, uh,

concerns. Right now, AI is growing. It's starting to get more traction. And so there are most likely to be safeguards that will be put onto AI, which could impact GRC. That being said, in my experience, I think that GRC is more an added bonus and help than it is a

then it is a detriment because if you can save human hours, get more accurate information, automate tasks, as well as get real-time feedback because of improved technology and capturing, I think that's a big positive. So,

The future of GRC is really bright. There are going to be a lot of GRC roles that open up. I'm always a fan of encouraging people to check out GRC and privacy in terms of cybersecurity careers because those are booming. Those do exist. Not all cybersecurity professionals need to know how to hack or know how to code and whatnot. But a technical understanding is so important. But I think that the future of GRC is going to be very tailored to AI.

Okay. Very interesting. Plus AI would never get bored. It's always vigilant. Yeah. It's always watching, I guess you could say. Always watching. Like you say, it's fed on data. Yeah. It would introduce some serious issues potentially. Interesting. All right. Is there anything else you think we should discuss regarding GRC we haven't mentioned already?

Should we wrap up? Yeah. I mean, to wrap up, I think if anyone gets anything from this conversation or this podcast, and if you made it to the end, thank you very much. We very much value your time. I will say that GRC is a practice of putting safeguards and regulations in place by different organizations. They vary based off of different regions, different industries, and different platforms.

I think that the importance of GRC is just helping secure the business more from a regulatory standpoint, right? And part of GRC is just cybersecurity awareness and training, which I think is really, really important to educate the people who are at the end because cybersecurity is not just for IT and the security team, it's for all employees. So I think that that's what I would want to close out with.

Fantastic. Before we go then, is there any social media sites or courses that you'd like to promote? Yeah, definitely. So I am partnered with Hacker Rangers. So I would suggest you check out hackerrangers.com. I also have a cybersecurity course called Cybersecurity Clarity. I do cybersecurity awareness trainings. I also do GRC assessments and do contracting work.

through that. It's at Cybersecurity Clarity on Instagram and TikTok and whatnot. But those are the courses that I have and that I like to teach. I also do mentoring in case anyone is trying to get into the cybersecurity industry. I'm open to doing mentorships as well. Thank you for your time, Andre. That was very interesting. Oh, I'm glad you didn't fall asleep, Christopher. Thanks for having me. Thank you.

That concludes this episode of Lexicon. Thank you all for tuning in and being our guest today. As always, follow our social media channels for the latest science and technology news. Also, don't forget to explore iAcademy for new courses. Goodbye for now.