1 00:00:18,827 --> 00:00:21,947 S1: So here we are at the house. It is after RSA. 2 00:00:22,107 --> 00:00:25,387 S1: It's been a crazy week and a half. Um, what's 3 00:00:25,387 --> 00:00:29,947 S1: on your mind? What's the takeaway? We probably have several. Yeah. 4 00:00:30,267 --> 00:00:33,107 S2: Yeah. I mean, uh, I feel like this week there 5 00:00:33,107 --> 00:00:35,507 S2: was a lot of fun, but also, you and I 6 00:00:35,507 --> 00:00:37,907 S2: had the opportunity to go to quite a few events, 7 00:00:38,507 --> 00:00:41,387 S2: and there was less FUD at those events, I feel like. 8 00:00:41,427 --> 00:00:44,907 S2: And some real innovation that we saw, uh, which surprisingly 9 00:00:44,906 --> 00:00:47,266 S2: was off the RSA show floor, I think. Right. 10 00:00:47,307 --> 00:00:49,547 S1: Yeah. And it seems like that's like the big lesson 11 00:00:49,547 --> 00:00:51,346 S1: we learned is like, how do we figure out how 12 00:00:51,346 --> 00:00:52,707 S1: to do more of that next year? 13 00:00:52,747 --> 00:00:53,787 S2: Yeah. Exactly. 14 00:00:53,787 --> 00:00:57,547 S1: Yeah. And and less of like the I feel like, 15 00:00:58,187 --> 00:01:00,067 S1: how long have we been doing this? Like 15 years 16 00:01:00,067 --> 00:01:03,627 S1: or something. Yeah, yeah. And, um, at first it's like, 17 00:01:03,627 --> 00:01:05,987 S1: how do you get into the we're not going to 18 00:01:05,987 --> 00:01:08,147 S1: name vendors, but how do you get into the big 19 00:01:08,147 --> 00:01:11,947 S1: vendor conference that has, like the best music and the best. 20 00:01:12,187 --> 00:01:13,066 S2: Big parties and stuff? 21 00:01:13,067 --> 00:01:14,107 S1: Yeah, the big party. 22 00:01:14,267 --> 00:01:14,786 S2: Yeah. 23 00:01:15,307 --> 00:01:18,417 S1: And now we're just like, how can we see our 24 00:01:18,417 --> 00:01:23,257 S1: friends go to like, an event that's like smaller? Um, 25 00:01:24,177 --> 00:01:27,017 S1: I don't know. It's not necessarily that it's harder to 26 00:01:27,017 --> 00:01:29,017 S1: get into, but it seems like that's where the better 27 00:01:29,017 --> 00:01:30,177 S1: conversations happen. 28 00:01:30,737 --> 00:01:34,057 S2: Yeah. I mean, well, I mean, RSA is like everybody 29 00:01:34,217 --> 00:01:37,617 S2: trying to grab like a mic, right? And scream as 30 00:01:37,617 --> 00:01:40,737 S2: loud as they can and get people to listen to whatever. 31 00:01:40,777 --> 00:01:44,857 S2: And the parties are a mechanism for that. The advertising 32 00:01:44,857 --> 00:01:46,737 S2: on the show floor of the booth and everything. But 33 00:01:46,737 --> 00:01:49,857 S2: I think that more and more as we go on, 34 00:01:49,897 --> 00:01:54,097 S2: there's satellite events which aren't at Moscone, and they're usually 35 00:01:54,097 --> 00:01:58,017 S2: held at like companies offices if they have the space or, um, 36 00:01:58,057 --> 00:02:01,217 S2: or like an Airbnb or like some kind of rental thing. 37 00:02:01,617 --> 00:02:05,297 S2: And uh, and they're very on, you know, specific topics. 38 00:02:05,297 --> 00:02:08,137 S2: They're not generalized. They're very specialized usually. And so we 39 00:02:08,177 --> 00:02:10,697 S2: went to quite a few of those this week. Um, 40 00:02:11,017 --> 00:02:12,737 S2: and that ended up being, at least for me, it 41 00:02:12,737 --> 00:02:16,527 S2: ended up being like like the kind of jewel of 42 00:02:16,526 --> 00:02:18,087 S2: the week, right? Like, I did a ton of speaking 43 00:02:18,087 --> 00:02:21,966 S2: and stuff, but, um, I learned the most, and I felt, uh, 44 00:02:21,966 --> 00:02:24,286 S2: I felt the most impressed and kind of, like, hopeful 45 00:02:24,287 --> 00:02:26,767 S2: from from those those events. Yeah. 46 00:02:26,806 --> 00:02:30,406 S1: Yeah. Yeah. So we both did a bunch of, like, 47 00:02:30,447 --> 00:02:33,647 S1: talks and panels and stuff like that. Um, I went 48 00:02:33,647 --> 00:02:39,126 S1: to three of yours. Um, yeah, some really, really good stuff. 49 00:02:39,126 --> 00:02:40,727 S1: And that was, that was a pretty new talk that 50 00:02:40,727 --> 00:02:43,847 S1: you put together about the methodology stuff. That was really cool. 51 00:02:43,927 --> 00:02:44,367 S2: Yeah. 52 00:02:44,406 --> 00:02:48,327 S1: Yeah. And then, um, I would say that the, the 53 00:02:48,367 --> 00:02:50,246 S1: big thing was yesterday. Right? 54 00:02:50,487 --> 00:02:51,087 S2: Yeah. Yeah. 55 00:02:51,087 --> 00:02:53,406 S1: So that was like the funnest thing to do. 56 00:02:53,447 --> 00:02:56,887 S2: Oh yeah. By far. So yesterday was the, uh, OpenAI 57 00:02:57,727 --> 00:03:01,647 S2: security research conference, their first ever one. Uh, and there's 58 00:03:01,647 --> 00:03:05,647 S2: about a hundred hundred people there, I would say. And, um, 59 00:03:06,607 --> 00:03:12,726 S2: talking about everything from, you know, protecting AI, AI agents 60 00:03:12,846 --> 00:03:18,596 S2: from attack to automating security workflows with AI. And this 61 00:03:18,596 --> 00:03:21,357 S2: was like no BS, right? I mean, this is like, yeah, 62 00:03:21,797 --> 00:03:24,516 S2: this is like, you know, academics talking about things that 63 00:03:24,517 --> 00:03:27,556 S2: were brand new, you know, new new methodologies, new ways 64 00:03:27,556 --> 00:03:30,397 S2: to train agents, new evals, new everything new. I mean, 65 00:03:30,436 --> 00:03:32,637 S2: we saw some new models dropped in that in that thing. 66 00:03:32,637 --> 00:03:35,517 S2: We can't really talk about them. But, um, yeah, we 67 00:03:35,517 --> 00:03:38,557 S2: saw some really cool stuff. And then, uh, also just 68 00:03:38,597 --> 00:03:40,757 S2: like it was kind of crazy who was in that room. 69 00:03:40,797 --> 00:03:42,397 S2: And we got to sit like a couple feet away 70 00:03:42,397 --> 00:03:45,796 S2: from Sam Altman and ask him questions. He did a Q&A. Um, 71 00:03:45,917 --> 00:03:49,717 S2: you know, Matt Knight, the CISO of OpenAI, was answering questions. Ian, 72 00:03:49,757 --> 00:03:53,957 S2: who's a good friend of ours, ours was opening questions. Yeah. Uh, so, yeah, 73 00:03:53,957 --> 00:03:57,117 S2: it was really, um, you know, open in feeling and 74 00:03:57,117 --> 00:03:59,637 S2: in kind of like crowd. Everybody was like, having good 75 00:03:59,637 --> 00:04:02,117 S2: conversations around it. And I felt like I learned a 76 00:04:02,117 --> 00:04:04,077 S2: ton from that. That content specific. 77 00:04:04,597 --> 00:04:07,277 S1: Yeah. More than, like, the whole week and a half before. Yeah. 78 00:04:07,317 --> 00:04:09,077 S2: Yeah. It was. Yeah. I mean, I had a really 79 00:04:09,077 --> 00:04:11,877 S2: good one that was like secondary to that, which was 80 00:04:12,227 --> 00:04:16,307 S2: I went to I went to Airbnb's off site, I, um, 81 00:04:16,627 --> 00:04:19,467 S2: thing and uh, so they did it one day at 82 00:04:19,507 --> 00:04:22,587 S2: their offices where they brought in speakers and a mutual 83 00:04:22,587 --> 00:04:26,267 S2: acquaintance of ours. Keith spoke there on a panel about, um, 84 00:04:26,267 --> 00:04:28,947 S2: AI and security. And that one was interesting because you 85 00:04:28,947 --> 00:04:31,947 S2: get the I felt like you got at the OpenAI thing. 86 00:04:31,947 --> 00:04:34,947 S2: You were at the cutting edge of research and at 87 00:04:34,947 --> 00:04:37,827 S2: the Airbnb one, I felt like I was at the 88 00:04:37,827 --> 00:04:42,827 S2: cutting edge of implementation from a point of view of like, businesses. Right. 89 00:04:42,867 --> 00:04:46,067 S2: Because like at the academic level, at the OpenAI one, um, 90 00:04:46,107 --> 00:04:48,907 S2: and even the enterprises there, the people who are talking 91 00:04:48,907 --> 00:04:51,387 S2: about are at the cutting edge and they're also well 92 00:04:51,427 --> 00:04:56,147 S2: funded and they're incentivized to do some really cool research. Right. 93 00:04:56,187 --> 00:04:59,467 S2: At the Airbnb one, it was more companies talking about 94 00:04:59,467 --> 00:05:02,707 S2: their implementation workflows. You know, how they were using AI 95 00:05:02,747 --> 00:05:03,027 S2: in the. 96 00:05:03,147 --> 00:05:03,827 S1: Like on the ground? 97 00:05:03,867 --> 00:05:06,867 S2: Yeah, on the ground. Yeah. So it was a different view. Um, 98 00:05:07,107 --> 00:05:09,147 S2: but I thought it was really cool. Like Adobe talked 99 00:05:09,147 --> 00:05:12,827 S2: about like their architecture for their agent based security vulnerability 100 00:05:12,827 --> 00:05:15,987 S2: management system. Um, you know, Google was there talking about 101 00:05:15,987 --> 00:05:18,547 S2: some stuff, and it was just it was it was 102 00:05:18,547 --> 00:05:19,507 S2: really cool. So. 103 00:05:19,867 --> 00:05:22,507 S1: Yeah. So you you gave the talk at open AI 104 00:05:22,547 --> 00:05:25,827 S1: as well. So just, just give it like an overview 105 00:05:25,827 --> 00:05:28,547 S1: of like the talk like the methodology and stuff. 106 00:05:28,707 --> 00:05:32,227 S2: Yeah. So I do this class called uh attacking AI 107 00:05:32,267 --> 00:05:34,947 S2: which you've been to. And um, the whole class is 108 00:05:34,947 --> 00:05:39,347 S2: basically it's my methodology for AI Pentesting. And when I 109 00:05:39,347 --> 00:05:42,467 S2: say I pentesting, people are like, oh, you mean AI 110 00:05:42,507 --> 00:05:45,827 S2: red teaming? And I actually don't. So what I find 111 00:05:45,867 --> 00:05:49,827 S2: at least visiting and talking to other experts, is that 112 00:05:49,867 --> 00:05:52,027 S2: AI red teaming has been around for a long time, 113 00:05:52,027 --> 00:05:55,187 S2: and they have cemented that term. And that is usually 114 00:05:55,187 --> 00:05:58,467 S2: about attacking the model, right? Like the model in place 115 00:05:58,787 --> 00:06:01,467 S2: can speak harm, can speak bias. It can tell you 116 00:06:01,467 --> 00:06:04,507 S2: how to cook meth, you know, and that is that 117 00:06:04,507 --> 00:06:06,827 S2: is stuff that happens in, you know, this one vertical 118 00:06:06,827 --> 00:06:09,857 S2: of attacking AI, which is the model, When you do 119 00:06:09,857 --> 00:06:11,897 S2: an AI pen test, you not only have to assess 120 00:06:11,897 --> 00:06:13,457 S2: the model and what it will say to your users, 121 00:06:13,457 --> 00:06:15,817 S2: but you have to assess the implementation of the model. 122 00:06:15,857 --> 00:06:18,697 S2: You have to assess, um, everything else that's hooked up 123 00:06:18,697 --> 00:06:21,577 S2: to like all of the DevSecOps tools that do logging 124 00:06:21,577 --> 00:06:25,217 S2: and observability and all this other stuff around it. Um, 125 00:06:25,257 --> 00:06:28,857 S2: and so it ends up being, uh, a hybrid web test, 126 00:06:28,857 --> 00:06:32,017 S2: an API test, and then also AI red teaming, and 127 00:06:32,017 --> 00:06:34,457 S2: then also now you have in order to get these 128 00:06:34,457 --> 00:06:37,657 S2: systems to do things for you, like agents that are 129 00:06:37,657 --> 00:06:39,856 S2: hooked up to tools and APIs and stuff like that, 130 00:06:39,857 --> 00:06:42,817 S2: you also have to get them to, um, accept prompt 131 00:06:42,817 --> 00:06:47,177 S2: injection through security gates, which is like classifiers and guardrails. 132 00:06:47,177 --> 00:06:49,577 S2: So the talk was basically our methodology at a high 133 00:06:49,577 --> 00:06:52,857 S2: level on the whole pen testing process, um, which has 134 00:06:52,857 --> 00:06:55,856 S2: seven steps. And then the second part was our prompt 135 00:06:55,857 --> 00:07:00,177 S2: injection taxonomy, which is really like a taxonomy to sneak 136 00:07:00,737 --> 00:07:04,577 S2: attacks through classifiers and guardrails. Um, and so we open 137 00:07:04,577 --> 00:07:07,297 S2: sourced a tool about a month ago. It's called the 138 00:07:07,297 --> 00:07:09,967 S2: Arcanum Prompt Injection taxonomy. And it goes through all of 139 00:07:09,967 --> 00:07:12,567 S2: these tips and tricks to do that. And so we 140 00:07:12,567 --> 00:07:15,687 S2: split it up into four levels. One is um, or 141 00:07:15,687 --> 00:07:18,407 S2: we call them for prompt injection primitives. One is um, 142 00:07:18,847 --> 00:07:21,567 S2: your intent, like what you're trying to do to the 143 00:07:21,567 --> 00:07:23,487 S2: AI system, is it, you know, get it to do 144 00:07:23,487 --> 00:07:25,247 S2: some of those red teaming things like speak harm and 145 00:07:25,247 --> 00:07:27,807 S2: bias or is it like get it to leak its 146 00:07:27,807 --> 00:07:29,687 S2: system prompt, or do you want to jailbreak it entirely, 147 00:07:29,687 --> 00:07:31,487 S2: or do you want to do something completely different? Right. 148 00:07:31,847 --> 00:07:35,727 S2: And then we have three other sections. We have, uh, techniques. Um, 149 00:07:35,727 --> 00:07:38,167 S2: is one of our primitives and techniques is how you 150 00:07:38,167 --> 00:07:41,207 S2: execute the attack. There's a framing. You can do narrative injection, 151 00:07:41,207 --> 00:07:43,327 S2: you can do all this kind of crazy stuff. And 152 00:07:43,327 --> 00:07:47,047 S2: then we have evasions, which are, um, the idea of like, 153 00:07:47,047 --> 00:07:48,847 S2: it kind of feels like WAF bypass, right? Where we 154 00:07:48,847 --> 00:07:50,847 S2: do a lot of tricky encoding. But there's even more 155 00:07:50,847 --> 00:07:53,887 S2: in the prompt injection world than WAF bypass. And these 156 00:07:53,887 --> 00:07:57,287 S2: get you past the security products like, um, classifiers and guardrails. 157 00:07:57,287 --> 00:07:59,487 S2: And so we talked about we talked about all of 158 00:07:59,487 --> 00:08:01,447 S2: those and utilities we had made. And that was the talk. 159 00:08:01,487 --> 00:08:04,727 S1: So yeah, it's it's really good. And I've been watching 160 00:08:04,727 --> 00:08:08,717 S1: all these and It's absolutely the best. Thanks, man. Yeah, 161 00:08:09,117 --> 00:08:12,117 S1: and it's like it's presented really well as well. Um, 162 00:08:12,117 --> 00:08:13,237 S1: and by the way, I'm going to talk to the 163 00:08:13,237 --> 00:08:16,037 S1: camera here for a second. So on the way up here, 164 00:08:16,557 --> 00:08:19,197 S1: we were like, we're just going to have a conversation. Yeah. Yeah. 165 00:08:19,237 --> 00:08:22,237 S1: You know what's hilarious? We sat down and became podcasters. 166 00:08:22,277 --> 00:08:22,957 S2: I know right. 167 00:08:24,997 --> 00:08:27,917 S1: We're like. We're like, all right, let's talk about the content. 168 00:08:27,957 --> 00:08:29,957 S1: And like, so I don't know how we break out 169 00:08:29,997 --> 00:08:30,837 S1: of that because it's just. 170 00:08:31,317 --> 00:08:32,916 S2: I think we can I think we can. 171 00:08:32,957 --> 00:08:37,756 S1: Well, we'll just let it run and hopefully we, uh, like, relax. Um, yeah. 172 00:08:38,837 --> 00:08:42,277 S1: So what else? Um, what else should we cover? 173 00:08:42,797 --> 00:08:44,837 S2: So I had a whole bunch of notes on my phone, 174 00:08:44,837 --> 00:08:46,916 S2: and then my phone battery died. In fact, we were 175 00:08:46,957 --> 00:08:48,797 S2: we were trying to set up with, uh, my new 176 00:08:48,797 --> 00:08:51,797 S2: DJI setup, which I like, which Julia got me for Christmas. 177 00:08:51,837 --> 00:08:54,077 S2: A friend of ours, Ron Foster, recommended the whole stack, 178 00:08:54,117 --> 00:08:56,997 S2: like the DJI camera and DJI wireless mic, so I 179 00:08:56,997 --> 00:08:59,756 S2: could go to like conferences and have quick interviews with people. 180 00:08:59,756 --> 00:09:02,477 S2: And of course one couldn't set it up right. And 181 00:09:02,477 --> 00:09:05,506 S2: then two, um, phone ran out of battery. 182 00:09:05,506 --> 00:09:07,426 S1: Almost has it set up. Phone dies. 183 00:09:07,707 --> 00:09:09,307 S3: Almost haven't set up. The thing dies. 184 00:09:09,307 --> 00:09:11,146 S2: So. So we're going to come in recording in the 185 00:09:11,426 --> 00:09:14,146 S2: in the command center for you. But um, but yeah. 186 00:09:14,146 --> 00:09:16,987 S2: So I had some notes on my phone and, uh, 187 00:09:16,987 --> 00:09:21,267 S2: the notes are just like how at least I felt 188 00:09:21,266 --> 00:09:22,747 S2: on the floor. You got to walk the floor, right? 189 00:09:23,026 --> 00:09:24,027 S1: Yeah, a little bit. Yeah. 190 00:09:24,026 --> 00:09:25,906 S2: So we didn't sync up till later in the week, right. Like, 191 00:09:25,947 --> 00:09:27,747 S2: we mostly had our own stuff in the beginning and 192 00:09:27,747 --> 00:09:30,946 S2: then we synced up later. Um, but, uh, I don't 193 00:09:30,947 --> 00:09:32,307 S2: want to note on my phone on how the floor 194 00:09:32,307 --> 00:09:34,546 S2: was very funny this year. Right. Like. And also, I 195 00:09:34,546 --> 00:09:39,347 S2: had these weird moments of, like, justification. It was like, um, like, 196 00:09:39,386 --> 00:09:41,867 S2: everyone last year said they were going to completely automate 197 00:09:42,187 --> 00:09:45,826 S2: all these security workflows. Right? And I distinctly remember, like, 198 00:09:45,827 --> 00:09:48,427 S2: writing these notes last year. And then this year I 199 00:09:48,426 --> 00:09:51,587 S2: walked the floor and everybody has changed their tune. It's like, oh, 200 00:09:51,627 --> 00:09:55,307 S2: I assisted like, you know, power your people, scale your team, 201 00:09:55,347 --> 00:09:55,867 S2: you know? And it's. 202 00:09:55,867 --> 00:09:56,026 S3: Like. 203 00:09:56,067 --> 00:09:57,227 S1: Turns out that was harder than we. 204 00:09:57,227 --> 00:09:57,627 S3: Thought. Yeah. 205 00:09:57,666 --> 00:10:00,187 S2: Turns out turns out not possible. And I think I 206 00:10:00,187 --> 00:10:02,307 S2: had this conversation with you on the drive and it 207 00:10:02,307 --> 00:10:05,416 S2: was like even you and I have friends who are 208 00:10:05,416 --> 00:10:07,457 S2: starting companies who were trying to do that, they're trying 209 00:10:07,497 --> 00:10:09,937 S2: to automate a workflow. And we saw it at the 210 00:10:09,937 --> 00:10:12,977 S2: OpenAI thing, too. People are like, yeah, we're not close 211 00:10:12,977 --> 00:10:15,777 S2: to full automation yet, and we're very far away from 212 00:10:15,776 --> 00:10:17,617 S2: a place where the models can do full automation. Even 213 00:10:17,617 --> 00:10:21,817 S2: the people in the FTC competition who are going for 214 00:10:21,817 --> 00:10:24,696 S2: those cyber reasoning systems at Defcon, like they were like, yeah, 215 00:10:24,737 --> 00:10:28,536 S2: like a lot of this is still algorithmic. Um, you know, 216 00:10:28,577 --> 00:10:31,937 S2: tool based automation, but with like a lot of AI 217 00:10:31,977 --> 00:10:35,497 S2: glue at the I think they said like the framework level. Yeah. 218 00:10:35,536 --> 00:10:38,456 S2: And the, um, the framework and the organization levels are 219 00:10:38,457 --> 00:10:41,897 S2: the parts where I actually like, really helps them. But, um, 220 00:10:42,256 --> 00:10:44,217 S2: hearing that from or like seeing that on the floor 221 00:10:44,217 --> 00:10:46,256 S2: and then also hearing it from the people at OpenAI, 222 00:10:46,296 --> 00:10:48,297 S2: just like kind of cemented we're pretty far away from 223 00:10:48,296 --> 00:10:51,416 S2: fully autonomous systems anywhere. Um, you know, I was really 224 00:10:51,416 --> 00:10:53,296 S2: impressed by I don't want to name any vendors or whatever, 225 00:10:53,296 --> 00:10:56,297 S2: but like, there were some demos at OpenAI thing that 226 00:10:56,296 --> 00:10:58,697 S2: were pretty, pretty sick in the web testing world. 227 00:10:58,737 --> 00:10:59,416 S1: Um, yeah. 228 00:10:59,536 --> 00:11:01,536 S2: And so that was the one I was like, oh, okay. 229 00:11:01,687 --> 00:11:04,727 S2: Like like they're getting close. And I think you and I. 230 00:11:04,847 --> 00:11:05,847 S1: At least in that one domain. 231 00:11:05,847 --> 00:11:08,646 S2: In that one domain. Yeah. Web testing. And then you 232 00:11:08,646 --> 00:11:09,967 S2: and I were looking at some friends who were in 233 00:11:09,967 --> 00:11:11,367 S2: that room, and I think they were a little crestfallen 234 00:11:11,367 --> 00:11:13,487 S2: to see how far that one place had gotten with 235 00:11:13,487 --> 00:11:14,207 S2: autonomous testing. 236 00:11:14,247 --> 00:11:17,406 S1: They were there live learning how far their competitors were. 237 00:11:17,447 --> 00:11:17,727 S2: So. 238 00:11:17,727 --> 00:11:20,727 S1: Bad. They're just like, oh, I'm excited. Oh, yeah. 239 00:11:20,886 --> 00:11:24,247 S2: Yeah, yeah. Um, but that was that was cool. You know, 240 00:11:24,286 --> 00:11:31,087 S2: it was cool to, um, get to ask Q&A of, uh, Altman. Um, and, uh, uh, 241 00:11:31,166 --> 00:11:32,727 S2: you know, so we, you know, it wasn't like we 242 00:11:32,727 --> 00:11:34,046 S2: got one on one time with them, right? It was 243 00:11:34,046 --> 00:11:35,166 S2: just like, we just. We got. We were. 244 00:11:35,166 --> 00:11:35,327 S1: In the. 245 00:11:35,327 --> 00:11:37,367 S2: Front row, though. Yeah, I snagged a seat, so I 246 00:11:37,367 --> 00:11:37,766 S2: was I was. 247 00:11:37,766 --> 00:11:38,006 S1: Yeah, that. 248 00:11:38,006 --> 00:11:39,527 S2: Was good. I left lunch early to get a seat 249 00:11:39,567 --> 00:11:42,806 S2: right in front, but, um, so. Yeah. So we're, we're 250 00:11:42,807 --> 00:11:46,007 S2: in the front row. And one of the questions to, uh, 251 00:11:46,006 --> 00:11:48,567 S2: Sam Altman, if you don't know that, uh, head of 252 00:11:48,567 --> 00:11:52,767 S2: OpenAI CEO and, uh, they were one of the questions 253 00:11:52,766 --> 00:11:55,847 S2: was like, what do you, uh, like, what is the 254 00:11:55,847 --> 00:11:58,006 S2: security thing that you worry about? Right? And Sam is 255 00:11:58,046 --> 00:12:01,196 S2: the CEO. He's the CEO, right. So he's not in 256 00:12:01,197 --> 00:12:03,917 S2: security every day. But he's a smart dude. Yeah, yeah. And, um. 257 00:12:04,676 --> 00:12:08,237 S2: And he was talking about, uh, he was like. Like 258 00:12:08,237 --> 00:12:11,357 S2: he starts launching into his answer, presupposing he's like, yeah. 259 00:12:11,357 --> 00:12:13,917 S2: So when we get these, like, you know, fully context 260 00:12:13,957 --> 00:12:17,077 S2: aware agents, that has everything about my life, like written down, 261 00:12:17,276 --> 00:12:19,517 S2: you know, and has all this information and can make 262 00:12:19,516 --> 00:12:23,036 S2: these really great intuitive decisions for me and stuff like that. 263 00:12:23,036 --> 00:12:25,877 S2: Like what happens when that gets hacked, your whole ethos, 264 00:12:25,877 --> 00:12:28,837 S2: your whole stack of who you are as a person, 265 00:12:28,837 --> 00:12:30,516 S2: what you like to use, what you like to watch, 266 00:12:30,516 --> 00:12:32,117 S2: what you like to hear, what you like to eat. 267 00:12:32,156 --> 00:12:34,757 S2: And so many things can be intuited from that as 268 00:12:34,756 --> 00:12:38,477 S2: well about you as a person. What happens when that leaks? Right. 269 00:12:38,516 --> 00:12:41,677 S2: And I'm just there and I'm like, hitting you. I'm like, Dan, Dan. 270 00:12:41,756 --> 00:12:42,397 S1: Grabs my leg. 271 00:12:42,396 --> 00:12:44,276 S2: Yeah, yeah. Like grabbing his leg because. Because you've been 272 00:12:44,276 --> 00:12:46,276 S2: talking about this for like ten years, right? Like, I 273 00:12:46,276 --> 00:12:50,156 S2: remember the first few blogs about the first iterations of, like, 274 00:12:50,156 --> 00:12:53,317 S2: kind of unified context or context about your life, right? 275 00:12:53,357 --> 00:12:56,316 S2: And then you do it with your tlos files as 276 00:12:56,317 --> 00:12:59,987 S2: a person, and you also do it for companies to 277 00:13:00,067 --> 00:13:03,026 S2: understand the ethos of the company. And Sam just launched 278 00:13:03,026 --> 00:13:05,546 S2: right into that. Yeah, and it was like presupposed. And 279 00:13:05,546 --> 00:13:07,867 S2: I'm like, you motherfucker. Like. 280 00:13:08,187 --> 00:13:10,827 S1: Yeah, I was so excited. I'm like, can I start talking? 281 00:13:10,906 --> 00:13:12,787 S2: Like, yeah, yeah that's great. Yeah, it was great. But 282 00:13:12,786 --> 00:13:15,546 S2: he also he said the the risk is that, you know, 283 00:13:15,587 --> 00:13:18,026 S2: I guess in your analogy, the teller's file gets leaked 284 00:13:18,026 --> 00:13:21,826 S2: right somehow. And then people know, like what you're about 285 00:13:21,867 --> 00:13:27,987 S2: and how they can specifically adversarially market to you, influence you. Yeah. 286 00:13:28,026 --> 00:13:31,066 S2: You know, and if you're really open with your personal 287 00:13:31,067 --> 00:13:34,227 S2: assistant or, or your, um, you know, whatever ends up 288 00:13:34,426 --> 00:13:37,107 S2: collecting that information, you're really open to that, like some 289 00:13:37,107 --> 00:13:40,227 S2: of your, like, idiosyncrasies, some of your, like psychological stuff. 290 00:13:40,266 --> 00:13:44,627 S1: Well, it's just like, you know, I think the most powerful, 291 00:13:45,026 --> 00:13:48,027 S1: powerful version of this is like, you have your, um, 292 00:13:48,146 --> 00:13:51,266 S1: your journal in there. Yeah. And you're just constantly complaining 293 00:13:51,266 --> 00:13:55,066 S1: about your mother in law, right? Yeah. And that gets hacked. 294 00:13:55,067 --> 00:13:55,987 S1: And so now my mother. 295 00:13:55,987 --> 00:13:56,667 S2: In law's great, by. 296 00:13:56,666 --> 00:14:01,027 S1: The way. And now now that becomes a, um, it 297 00:14:01,026 --> 00:14:04,947 S1: becomes like a an extortion email. Yeah, right. Someone could 298 00:14:04,947 --> 00:14:06,186 S1: just be like, do you want me to send this 299 00:14:06,187 --> 00:14:08,627 S1: to your mother in law or just send me, you know, 300 00:14:08,666 --> 00:14:11,546 S1: $20 or whatever? And it's like, that's worth it. I 301 00:14:11,546 --> 00:14:13,067 S1: don't want to. I don't want to have that fight 302 00:14:13,107 --> 00:14:13,547 S1: at dinner. 303 00:14:13,587 --> 00:14:14,906 S2: Yeah, that's. I mean, $20. 304 00:14:14,906 --> 00:14:15,786 S1: Seems like a good. 305 00:14:15,987 --> 00:14:19,467 S2: Ransomware price, right? Like ransomware operators are listening. Like, I'll 306 00:14:19,467 --> 00:14:20,747 S2: pay 28 bucks. That's cool. 307 00:14:21,267 --> 00:14:23,347 S1: Yeah, yeah. But but to your point, it's like your 308 00:14:23,347 --> 00:14:26,947 S1: entire personality. It's like your entire soul. So that's. Yeah, 309 00:14:26,947 --> 00:14:29,147 S1: that's a lot of content to lose. 310 00:14:29,467 --> 00:14:30,707 S2: Yeah. One of the things we're talking about in the 311 00:14:30,707 --> 00:14:34,227 S2: car was how we saw so many. And it sucks. 312 00:14:34,227 --> 00:14:37,706 S2: But like friends, colleagues working for these places, hanging their 313 00:14:37,707 --> 00:14:40,987 S2: hats on these AI features or even companies that are 314 00:14:40,987 --> 00:14:45,507 S2: completely based around AI, and there's no there's no moat 315 00:14:45,507 --> 00:14:47,946 S2: for them, like it is going to be disrupted either 316 00:14:47,947 --> 00:14:50,707 S2: by because we then we went to the OpenAI thing, 317 00:14:50,827 --> 00:14:51,907 S2: saw what they're doing. 318 00:14:51,947 --> 00:14:53,747 S1: Yeah. And destroying moats. 319 00:14:53,787 --> 00:14:56,657 S2: Yeah. Destroying moats basically. Right. Like whole companies are going 320 00:14:56,657 --> 00:14:58,217 S2: to go down because they had this premise of, oh, 321 00:14:58,217 --> 00:15:00,696 S2: we'll use AI to do this thing. Now it's just 322 00:15:00,697 --> 00:15:02,857 S2: going to become part of the model, or they're going 323 00:15:02,857 --> 00:15:05,017 S2: to be just trampled by one of the big data 324 00:15:05,057 --> 00:15:07,537 S2: aggregators who already has all the data to make the 325 00:15:07,537 --> 00:15:10,897 S2: problem set easy to execute, I think, is how I 326 00:15:10,897 --> 00:15:11,537 S2: think of it. 327 00:15:11,577 --> 00:15:15,097 S1: Yeah. Yeah, absolutely. So, so Jason talked about what he 328 00:15:15,097 --> 00:15:19,137 S1: was presenting. Um, so what I was presenting is like 329 00:15:19,137 --> 00:15:23,337 S1: this unified entity context. Yeah. Yeah. So it's like, if 330 00:15:23,337 --> 00:15:25,336 S1: it's an individual, you just get all that stuff that 331 00:15:25,337 --> 00:15:28,657 S1: you already talked about. And then if it's a company 332 00:15:28,657 --> 00:15:31,377 S1: you get all the way from the company goals all 333 00:15:31,377 --> 00:15:34,417 S1: the way to the security goals. But all the HR stuff, 334 00:15:34,457 --> 00:15:37,977 S1: like everything all into one bucket. And then from there 335 00:15:37,977 --> 00:15:41,816 S1: you just ask questions. Yeah. So if you ask HR questions, 336 00:15:42,137 --> 00:15:43,377 S1: is that HR software? 337 00:15:44,417 --> 00:15:46,857 S2: I think it only works with the the data right. 338 00:15:46,897 --> 00:15:48,377 S2: Like yeah data about the people. Yeah. 339 00:15:48,417 --> 00:15:50,977 S1: Yeah. It's like if you have HR data in there, 340 00:15:50,977 --> 00:15:53,936 S1: you have security data in there. And you ask security 341 00:15:53,937 --> 00:15:57,927 S1: questions and HR questions. You have HR software. So I 342 00:15:57,927 --> 00:16:00,047 S1: feel like software verticals just go away. 343 00:16:00,527 --> 00:16:02,207 S2: I mean, I don't think they completely go away, but 344 00:16:02,207 --> 00:16:05,527 S2: I think yeah, a lot of them are are majorly disrupted. Right. 345 00:16:05,567 --> 00:16:08,686 S2: It's like and again, it'll be the big companies that 346 00:16:08,687 --> 00:16:11,247 S2: do this first because they already have that infrastructure like 347 00:16:11,407 --> 00:16:14,207 S2: Microsoft has the whole graph API about, you know, corporate 348 00:16:14,207 --> 00:16:18,367 S2: user data. They have security data. They have God. God 349 00:16:18,367 --> 00:16:20,887 S2: knows what other data. Right. So they're poised to move 350 00:16:20,887 --> 00:16:22,887 S2: quickly in some of these places that you and I 351 00:16:22,887 --> 00:16:25,287 S2: play in. And it's like they will get there first 352 00:16:25,287 --> 00:16:28,247 S2: because they have the the ability to grab everything. And yeah, 353 00:16:28,247 --> 00:16:30,887 S2: I think I think that for your talk, I mean, 354 00:16:30,887 --> 00:16:34,407 S2: you talked about like as a meta thing, you know, 355 00:16:34,407 --> 00:16:36,807 S2: like everybody is focused on, oh, we can build these 356 00:16:36,807 --> 00:16:39,527 S2: agents or, you know, I questions whether you're just using 357 00:16:39,527 --> 00:16:41,447 S2: an API, you're actually using a planning agent or whatever. 358 00:16:41,447 --> 00:16:44,607 S2: It doesn't matter. Like whatever architecture you've chosen, use AI. 359 00:16:44,847 --> 00:16:47,887 S2: And that's the important part. Right. Like prompting it, getting, 360 00:16:47,927 --> 00:16:50,767 S2: you know, you know, rags set up like all this stuff. 361 00:16:50,967 --> 00:16:53,757 S2: And you had that one slide where it was like, okay, 362 00:16:53,797 --> 00:16:55,877 S2: so the agents are the big boxes and we really 363 00:16:55,877 --> 00:16:57,637 S2: care about them right now, right? And then they're attached 364 00:16:57,637 --> 00:16:59,117 S2: to data sets and they're kind of small. And then 365 00:16:59,117 --> 00:17:00,437 S2: you have the other slide. And then it's like, no, 366 00:17:00,437 --> 00:17:03,476 S2: actually the key piece is the data in the middle. 367 00:17:03,517 --> 00:17:05,397 S2: And the thing that validated it for me was you 368 00:17:05,397 --> 00:17:07,477 S2: didn't you were not the OpenAI one. But next year 369 00:17:07,517 --> 00:17:10,037 S2: we got to go and present. But on this topic too, 370 00:17:10,077 --> 00:17:10,677 S2: by the way. 371 00:17:10,717 --> 00:17:11,677 S1: Oh, the Airbnb one. 372 00:17:11,677 --> 00:17:14,597 S2: Yeah. Airbnb one. Airbnb one. Yeah. So, uh, the guy, 373 00:17:14,637 --> 00:17:16,317 S2: one of the guys from Microsoft, I can't remember his name, 374 00:17:16,317 --> 00:17:17,717 S2: but he was talking about kind of the same idea 375 00:17:17,757 --> 00:17:19,476 S2: as he calls it, like Golden Data Lake or something 376 00:17:19,477 --> 00:17:21,837 S2: like that. But it was the exact same thing. He's like, hey, 377 00:17:22,077 --> 00:17:23,677 S2: you know, like the models are going to get so 378 00:17:23,677 --> 00:17:27,437 S2: good that they are general software products themselves. Right? And 379 00:17:27,476 --> 00:17:30,117 S2: so it's that's not the thing you should be focusing 380 00:17:30,117 --> 00:17:34,157 S2: your development on. Your development or either systems architecture revamp 381 00:17:34,157 --> 00:17:37,037 S2: or whatever should be on collecting the contextual data. That's 382 00:17:37,037 --> 00:17:38,917 S2: going to help you answer the questions. Right. And so 383 00:17:38,917 --> 00:17:40,996 S2: in your slide you had like an image where the 384 00:17:40,997 --> 00:17:43,476 S2: agents were really big and they were the important question. 385 00:17:43,476 --> 00:17:45,517 S2: And then then it's like the next slide is like 386 00:17:45,557 --> 00:17:47,196 S2: actually the most important thing is the model. And the 387 00:17:47,196 --> 00:17:49,276 S2: agents just live on the side a small little thing. 388 00:17:49,317 --> 00:17:54,427 S1: So yeah yeah yeah Yeah. So so yeah. So what 389 00:17:54,427 --> 00:17:58,946 S1: I have was like cybersecurity with AI around it versus 390 00:17:58,986 --> 00:18:03,427 S1: AI in the middle and then cybersecurity and HR and productivity. Yeah, 391 00:18:03,466 --> 00:18:06,307 S1: the software verticals are kind of like rotating around it. 392 00:18:06,347 --> 00:18:06,827 S2: Yeah. 393 00:18:06,867 --> 00:18:10,507 S1: Yeah yeah. Because yeah I think you just you just 394 00:18:10,507 --> 00:18:13,946 S1: collect all that data and ask the questions and answers it. 395 00:18:14,267 --> 00:18:15,867 S2: Yeah. And I think, you know, on my phone I 396 00:18:15,867 --> 00:18:19,787 S2: had some notes too, that um, a common theme I saw. 397 00:18:19,827 --> 00:18:21,507 S2: We're going to talk a lot about AI. Sorry. I mean, 398 00:18:21,507 --> 00:18:22,827 S2: like a lot of, you know, I know people want 399 00:18:22,827 --> 00:18:25,267 S2: to hear about security stuff, too, but, um, a lot 400 00:18:25,267 --> 00:18:30,786 S2: of this stuff in architecture, of these systems, it was 401 00:18:30,787 --> 00:18:33,587 S2: it had to be more compartmentalized than, I think even 402 00:18:33,587 --> 00:18:36,867 S2: some of the architectures I was thinking of meaning that, um, 403 00:18:36,907 --> 00:18:38,987 S2: where I thought I could ask a bunch of questions 404 00:18:38,986 --> 00:18:41,667 S2: of an, you know, an AI model and stuff it 405 00:18:41,667 --> 00:18:46,346 S2: all into one masterful system prompt or something, or user prompt. Um, actually, 406 00:18:46,787 --> 00:18:50,657 S2: successful implementations are asking micro questions, kind of like microservices, right? 407 00:18:50,696 --> 00:18:53,936 S2: We are asking one question of the same data of 408 00:18:53,976 --> 00:18:56,576 S2: a data set. Wherever you take it in from the 409 00:18:56,577 --> 00:19:00,657 S2: user or from context somewhere else. And then that's one agent, right? 410 00:19:00,696 --> 00:19:02,777 S2: It's just a one question, one agent that's really good 411 00:19:02,777 --> 00:19:05,696 S2: at doing that one thing. And then you have tens 412 00:19:05,736 --> 00:19:09,097 S2: or hundreds of those because, you know, at least from 413 00:19:09,097 --> 00:19:12,057 S2: the people I was talking to, they're like, you know, like, uh, 414 00:19:12,097 --> 00:19:14,057 S2: don't try to stuff it all into, you know, like 415 00:19:14,097 --> 00:19:18,536 S2: one process because it can confuse, you know, different models 416 00:19:18,537 --> 00:19:20,216 S2: and stuff like that. So some of the ones I 417 00:19:20,216 --> 00:19:22,057 S2: saw had up to like ten agents to like action 418 00:19:22,057 --> 00:19:25,857 S2: one workflow, right? Asking individual questions and then stitching together 419 00:19:25,857 --> 00:19:26,696 S2: the output of that. 420 00:19:26,736 --> 00:19:30,897 S1: So interesting. Yeah. Yeah I, I don't know I, I 421 00:19:31,177 --> 00:19:36,017 S1: feel slightly different there. I feel like all the data 422 00:19:36,017 --> 00:19:38,417 S1: in one place is good. And so you just ask 423 00:19:38,417 --> 00:19:43,216 S1: the questions. Um, but where I do see what you're saying. 424 00:19:43,617 --> 00:19:48,536 S1: The AI, uh, x that stuff was fascinating. Oh, yeah. Oh, 425 00:19:48,617 --> 00:19:52,446 S1: you know, what I really loved about that was the 426 00:19:52,446 --> 00:19:56,447 S1: conversation of like, does the model matter more, or does 427 00:19:56,446 --> 00:19:58,807 S1: the architecture of the system matter more? 428 00:19:58,847 --> 00:20:00,967 S2: So before we go into this, because that whole panel 429 00:20:00,966 --> 00:20:04,247 S2: and the two talks were awesome. Yeah, they were great. 430 00:20:04,247 --> 00:20:05,767 S2: But I don't think everybody knows what the I. 431 00:20:05,927 --> 00:20:07,087 S1: ZK yeah, yeah yeah. 432 00:20:07,127 --> 00:20:10,527 S2: Go ahead. Okay. So the Acsc is this competition run 433 00:20:10,527 --> 00:20:14,006 S2: by DARPA. Um, and the whole idea is that, uh, 434 00:20:14,047 --> 00:20:16,687 S2: you build what's called a cyber reasoning system. And so 435 00:20:17,047 --> 00:20:20,967 S2: there are both academic teams who are mostly CTF teams 436 00:20:20,966 --> 00:20:23,606 S2: from the Defcon CTF kind of ecosystem. And then there 437 00:20:23,607 --> 00:20:25,887 S2: are also companies who have come who have come to 438 00:20:25,927 --> 00:20:28,686 S2: compete in this contest. And the goal is to build 439 00:20:28,686 --> 00:20:33,327 S2: a system that is AI enabled that can go from, um, 440 00:20:33,446 --> 00:20:37,367 S2: taking an open source project repo with a vulnerability in it, 441 00:20:37,407 --> 00:20:41,686 S2: finding the vulnerability through static analysis, building an exploit, testing 442 00:20:41,686 --> 00:20:43,767 S2: the exploit to see if it works in the wild, 443 00:20:44,087 --> 00:20:47,477 S2: patching the exploit and keeping the service up and running. Yeah. 444 00:20:47,517 --> 00:20:50,637 S2: So it's got to do both offense and defense. Um, 445 00:20:50,797 --> 00:20:54,797 S2: and they get scored on multiple different facets of that. And, um, 446 00:20:54,797 --> 00:20:56,877 S2: I think Dan Guido from Trail of Bits was telling 447 00:20:56,877 --> 00:20:59,597 S2: us this night the top like the the they've been 448 00:20:59,597 --> 00:21:02,157 S2: giving out prizes every year. So last year was the 449 00:21:02,157 --> 00:21:05,197 S2: semifinal rounds and five teams made it to the semifinals. 450 00:21:05,397 --> 00:21:07,956 S2: It's like three teams and two companies of which Trail 451 00:21:07,956 --> 00:21:10,157 S2: of Bits is one. And my alma mater, uh, shellfish 452 00:21:10,157 --> 00:21:13,677 S2: is one. And then, um, now I think grand prize 453 00:21:13,677 --> 00:21:16,557 S2: will be he said, like five, three, 2 million. So 454 00:21:16,557 --> 00:21:18,476 S2: 5 million, 3 million, 2 million or something like that 455 00:21:18,476 --> 00:21:18,677 S2: might be. 456 00:21:18,716 --> 00:21:19,037 S1: Four, three. 457 00:21:19,037 --> 00:21:21,637 S2: 2432 or something like that. So first place gets 4 million, 458 00:21:21,837 --> 00:21:23,637 S2: you know, second place gets 2 million. And at the 459 00:21:23,637 --> 00:21:26,117 S2: end of the competition they will actually have to open 460 00:21:26,117 --> 00:21:28,757 S2: source their cyber reasoning systems too, which was a really 461 00:21:28,757 --> 00:21:31,316 S2: interesting conversation I had away from the table with with 462 00:21:31,317 --> 00:21:33,356 S2: some people. But okay, so that's that's leading up to it. 463 00:21:33,397 --> 00:21:36,556 S2: So yeah. So there's three talks around that competition. Uh, 464 00:21:36,557 --> 00:21:39,117 S2: there's a panel with a whole bunch of leaders or 465 00:21:39,117 --> 00:21:42,196 S2: people who were associated to the teams. There was, um, 466 00:21:42,196 --> 00:21:45,157 S2: a couple of people who just presented on their kind 467 00:21:45,157 --> 00:21:48,547 S2: of research around their cyber reasoning system. And then, um, 468 00:21:48,547 --> 00:21:51,106 S2: and then there was a talk by the, uh, by 469 00:21:51,107 --> 00:21:54,627 S2: one of DARPA representatives about why they built the competition 470 00:21:54,667 --> 00:21:56,627 S2: and stuff like that. So I just wanted to. Yeah, yeah. 471 00:21:56,627 --> 00:22:00,147 S1: Yeah yeah, yeah. Perfect. Yeah. So the thing I've been 472 00:22:00,147 --> 00:22:05,427 S1: really super excited about is like these generalizations of architectures 473 00:22:05,667 --> 00:22:10,826 S1: specifically generalizing the scientific method. So I love the idea of, 474 00:22:10,867 --> 00:22:14,186 S1: like you have a collection of goals, you have a 475 00:22:14,307 --> 00:22:18,587 S1: testing engine that basically tests, you have a hypothesis, you 476 00:22:18,587 --> 00:22:22,907 S1: have problems, goals, and then the testing engine. And you 477 00:22:22,907 --> 00:22:27,147 S1: can actually combine the ideas as well, like mix them 478 00:22:27,787 --> 00:22:30,987 S1: and like try to find variations that are actually more effective. 479 00:22:31,147 --> 00:22:34,547 S1: But it's just this life cycle of here's a cool idea, 480 00:22:34,946 --> 00:22:38,107 S1: see if it works. Mhm. Um, and so what I 481 00:22:38,147 --> 00:22:41,467 S1: heard listening to them and we're not divulging anything because 482 00:22:41,747 --> 00:22:44,817 S1: they were all competitors. Yeah. On the panel. So nobody 483 00:22:44,817 --> 00:22:46,456 S1: was divulging anything secret. 484 00:22:46,497 --> 00:22:48,016 S2: Well, except for that one guy. The one guy was like, 485 00:22:48,017 --> 00:22:48,377 S2: I don't know. 486 00:22:48,417 --> 00:22:50,936 S1: He's like, screw it. Yeah, yeah, yeah, yeah. But I 487 00:22:50,936 --> 00:22:53,057 S1: just want to make sure we're not disclosing it. Yeah, yeah, 488 00:22:53,097 --> 00:22:57,096 S1: it's it's all open. Um, but but, um, basically the 489 00:22:57,097 --> 00:23:01,297 S1: idea that you could just, like, keep iterating on this 490 00:23:01,297 --> 00:23:03,857 S1: and you can kind of use it for anything. So 491 00:23:04,137 --> 00:23:09,057 S1: what I found is, um, really interesting was they basically 492 00:23:09,057 --> 00:23:12,577 S1: said they spend all their time fixing that system and 493 00:23:12,577 --> 00:23:16,697 S1: that the, the model getting smarter didn't necessarily help as 494 00:23:16,696 --> 00:23:18,857 S1: much as improving the system itself. 495 00:23:18,897 --> 00:23:21,457 S2: That seemed to be what a few of the audience 496 00:23:21,456 --> 00:23:24,097 S2: questions were aimed at is like, well, you know, as 497 00:23:24,097 --> 00:23:27,137 S2: the model gets better, doesn't it make it better for you? Um, 498 00:23:27,456 --> 00:23:29,377 S2: and yeah, like, like you said, some of their answers 499 00:23:29,377 --> 00:23:33,496 S2: were no, uh, that the scaffolding that hooks everything together 500 00:23:33,497 --> 00:23:35,697 S2: was actually the important part that they needed to develop 501 00:23:35,696 --> 00:23:38,857 S2: more than. Yeah, um, the AI models, because they had 502 00:23:38,857 --> 00:23:42,177 S2: scoped the AI models to do certain things. I remember 503 00:23:42,177 --> 00:23:45,777 S2: one of the answers was like, um, you know, one 504 00:23:45,777 --> 00:23:47,337 S2: of the answers for one of the teams was like, 505 00:23:47,377 --> 00:23:50,976 S2: fast iteration of of that model. The scientific model is like, hey, 506 00:23:50,976 --> 00:23:52,337 S2: I think this is a cool idea for like a 507 00:23:52,337 --> 00:23:54,936 S2: single agent to work on, and we're just going to 508 00:23:54,936 --> 00:23:57,137 S2: test it with the limited data sets that we have 509 00:23:57,137 --> 00:23:59,577 S2: and the problems that we have and see if it works. 510 00:23:59,577 --> 00:24:01,016 S2: And he was saying that that was their key to 511 00:24:01,057 --> 00:24:04,736 S2: success is just like trying so many things, um, different 512 00:24:04,736 --> 00:24:09,337 S2: representations of code, different ways to, you know, um, you know, 513 00:24:09,337 --> 00:24:12,577 S2: like make exploits, like, you know, cut it into pieces, 514 00:24:12,617 --> 00:24:14,697 S2: do it all at once, like, and he's just trying 515 00:24:14,696 --> 00:24:16,456 S2: all kinds of stuff and like, you know, some panned out, 516 00:24:16,456 --> 00:24:18,577 S2: some didn't. Yeah. Um, you know, so there's still a 517 00:24:18,577 --> 00:24:21,217 S2: lot of learning to be there. There's also a lot 518 00:24:21,257 --> 00:24:25,377 S2: of talk about how the competition also has, um, or 519 00:24:25,377 --> 00:24:27,536 S2: at least in the first couple rounds, had a ton 520 00:24:27,537 --> 00:24:31,017 S2: of handicaps like they were. Yeah, they couldn't use like 521 00:24:31,177 --> 00:24:33,617 S2: they could only use, like $100 in tokens. Yeah. Only 522 00:24:33,617 --> 00:24:37,817 S2: certain models, um, and only so much output, uh, and context. 523 00:24:37,817 --> 00:24:40,256 S2: And so they were really, they really said that they 524 00:24:40,257 --> 00:24:42,726 S2: had designed those systems to work inside those constraints. And 525 00:24:42,726 --> 00:24:44,167 S2: now in the finals, they don't have any of those 526 00:24:44,167 --> 00:24:47,167 S2: constraints anymore. So it's like it kind of messed them up. Uh, 527 00:24:47,167 --> 00:24:49,086 S2: in systems design because they were like, if we would 528 00:24:49,127 --> 00:24:52,246 S2: have had no restrictions from the beginning, we would we 529 00:24:52,247 --> 00:24:54,087 S2: might have used different models for this, or we might 530 00:24:54,087 --> 00:24:55,487 S2: have done x, Y and Z, you know. 531 00:24:55,527 --> 00:24:58,486 S1: Right, right. Because that was one of my questions of like, what? 532 00:24:58,486 --> 00:25:02,127 S1: Why are you building this ultra specific thing? It seems 533 00:25:02,127 --> 00:25:05,246 S1: less efficient. And they're like, that's because we had so 534 00:25:05,247 --> 00:25:08,847 S1: many limitations. A generic system would not have worked. Yeah. 535 00:25:08,887 --> 00:25:11,647 S1: You had to put all these weird constraints on it. Yeah. 536 00:25:11,686 --> 00:25:13,887 S1: Or because they had weird constraints on them? 537 00:25:13,927 --> 00:25:17,127 S2: Yeah. Yeah. I mean, uh, some of the other things 538 00:25:17,127 --> 00:25:20,647 S2: there too, were that, uh, some of these security tests 539 00:25:20,647 --> 00:25:24,726 S2: end up being structured more like unit tests in software. Right? 540 00:25:24,767 --> 00:25:29,286 S2: And so, um, there are actually libraries out there that, uh, 541 00:25:29,327 --> 00:25:31,167 S2: that do unit testing really well. And people are like, yeah, 542 00:25:31,167 --> 00:25:32,607 S2: we just started using those for. 543 00:25:32,647 --> 00:25:34,567 S1: Oh yeah. The guy mentioned. Yeah. Do you remember that one. 544 00:25:34,726 --> 00:25:36,407 S2: It's like JS something like I don't know, I have 545 00:25:36,407 --> 00:25:37,966 S2: it in my notes, but yeah. Me too. Yeah, I'll 546 00:25:37,966 --> 00:25:39,567 S2: find it. Maybe put it in the show notes. Yeah. 547 00:25:39,567 --> 00:25:42,796 S2: But there was that. And then I thought interesting questions 548 00:25:42,797 --> 00:25:45,076 S2: like how much you know, how much are you spending 549 00:25:45,077 --> 00:25:47,997 S2: on building this system? And that was a really interesting question. 550 00:25:48,277 --> 00:25:50,757 S1: Um, and nobody was building their own models. 551 00:25:50,797 --> 00:25:52,837 S2: Yeah. So you can't. Yeah. It's an option now in 552 00:25:52,837 --> 00:25:55,757 S2: the finals to, to bring your own model. Uh, it 553 00:25:55,757 --> 00:25:58,877 S2: wasn't before. Um, but nobody's doing it because it's. 554 00:25:58,877 --> 00:25:59,077 S1: Much. 555 00:25:59,397 --> 00:26:02,317 S2: Too expensive. Too expensive. And then, you know, like the 556 00:26:02,317 --> 00:26:04,476 S2: consumers of, you know, the people who weren't competing in 557 00:26:04,476 --> 00:26:06,677 S2: the competition were like, why don't you use this one 558 00:26:06,677 --> 00:26:09,077 S2: off hugging face? And like, you don't understand, like, those 559 00:26:09,077 --> 00:26:10,956 S2: things suck. Like they were like all of the open 560 00:26:10,956 --> 00:26:14,437 S2: source models that deal with security data right now are horrible. 561 00:26:14,436 --> 00:26:17,037 S2: And we saw two talked about this week or one 562 00:26:17,037 --> 00:26:20,277 S2: came out yesterday from Cisco. And then one we can't 563 00:26:20,277 --> 00:26:22,877 S2: talk about. Um, but it'll be out at some point. 564 00:26:23,117 --> 00:26:25,397 S2: And they are security trained models. And then we had 565 00:26:25,677 --> 00:26:29,117 S2: Gemini also talked about a couple of weeks ago. And, 566 00:26:29,157 --> 00:26:30,197 S2: you know, none of these are out. So they can't 567 00:26:30,196 --> 00:26:32,476 S2: use them on these teams yet. And so, um, you know, 568 00:26:32,517 --> 00:26:36,277 S2: maybe the next generation of security data trained models will 569 00:26:36,277 --> 00:26:38,716 S2: be good, but, um, they just have to work with 570 00:26:38,787 --> 00:26:40,667 S2: what they've got right now. And they said pretty much 571 00:26:40,667 --> 00:26:43,667 S2: it all sucks. There's also a reoccurring theme of evals 572 00:26:43,706 --> 00:26:48,547 S2: suck right now for security. Um, for security based, uh, training? 573 00:26:48,547 --> 00:26:52,986 S1: Basically, yes. Joel presented on the difficulty of evals. Yeah. 574 00:26:53,027 --> 00:26:54,786 S1: A lot of people were like, evals suck. And a 575 00:26:54,787 --> 00:26:57,307 S1: lot of people were like, these are really, really hard. Yeah, 576 00:26:57,347 --> 00:27:00,027 S1: some people were like, don't. They don't mean what you 577 00:27:00,027 --> 00:27:00,746 S1: think they mean. 578 00:27:00,787 --> 00:27:01,747 S2: Yeah, yeah. 579 00:27:01,787 --> 00:27:04,947 S1: But, um, yeah. To me the eval piece is part 580 00:27:04,946 --> 00:27:07,627 S1: of that testing engine because like, how do you know 581 00:27:07,627 --> 00:27:10,427 S1: if the tests worked unless you have good evals. Um, 582 00:27:10,466 --> 00:27:13,307 S1: but there's like so much hacking of the evals going on. 583 00:27:13,507 --> 00:27:15,187 S2: Yeah. I mean, that was in my notes, too. It's 584 00:27:15,186 --> 00:27:18,707 S2: just it's like there's people who are purposefully building in 585 00:27:19,267 --> 00:27:23,706 S2: either training or, um, logic into some of these things 586 00:27:23,706 --> 00:27:25,107 S2: to score really high on these. 587 00:27:25,147 --> 00:27:26,306 S1: Yeah. They like post train with it. 588 00:27:26,347 --> 00:27:28,186 S2: Yeah. Post train with it. And so they score really 589 00:27:28,186 --> 00:27:30,667 S2: high on these, uh, things that I would look at 590 00:27:30,667 --> 00:27:33,147 S2: as a consumer. Right. And I'm like, oh, okay. So 591 00:27:33,147 --> 00:27:35,306 S2: I'm going to go look at, you know, these, you know, 592 00:27:35,347 --> 00:27:38,017 S2: these evals on hugging face. You know, I forget the 593 00:27:38,057 --> 00:27:41,256 S2: really popular one on hugging face. It's like the chat arena. 594 00:27:41,297 --> 00:27:42,936 S2: Chat arena. And they'd be like, cool. How does it 595 00:27:42,936 --> 00:27:45,177 S2: score on Chat Arena? And it's like, okay, it's really high. Well, 596 00:27:45,417 --> 00:27:47,216 S2: that doesn't mean it doesn't mean anything for for a 597 00:27:47,257 --> 00:27:49,897 S2: domain specific application of an AI, right? Like, you may 598 00:27:49,897 --> 00:27:52,377 S2: not need a model that's really good at on chat 599 00:27:52,377 --> 00:27:57,377 S2: arena for something else. And so one of our longtime friends, 600 00:27:57,377 --> 00:28:00,377 S2: Joel Parrish, former you worked you worked for me at 601 00:28:00,456 --> 00:28:02,817 S2: Deadspin when he first started. I'll tell a funny story here. 602 00:28:02,817 --> 00:28:06,256 S2: So Matt Knight is the CISO of OpenAI and I 603 00:28:06,257 --> 00:28:08,777 S2: don't know, Matt. Super. Well, I know him a little bit. 604 00:28:08,817 --> 00:28:11,696 S2: And I was like, hey, like, I, uh, I was 605 00:28:11,736 --> 00:28:13,897 S2: actually one of the guys who worked with Joel at Deadspin, 606 00:28:13,897 --> 00:28:17,496 S2: our first testing job together a two decades ago. Right. 607 00:28:17,537 --> 00:28:19,737 S2: And then he worked for us at HP or with 608 00:28:19,736 --> 00:28:22,657 S2: us at HP. Then he went to Apple with you, 609 00:28:22,696 --> 00:28:24,856 S2: and then he went to OpenAI with Matt. And so 610 00:28:24,857 --> 00:28:26,137 S2: I told Matt, I said, I think I'm one of 611 00:28:26,137 --> 00:28:28,817 S2: his first LinkedIn recommendations. I don't know if he kept 612 00:28:28,817 --> 00:28:30,137 S2: it on his profile or not, but I called him 613 00:28:30,137 --> 00:28:32,337 S2: the Kobe Bryant of web hacking. Right? Yeah. 614 00:28:32,696 --> 00:28:33,016 S1: Totally. 615 00:28:33,057 --> 00:28:35,737 S2: Yeah, totally. Um, but he does everything now. Anyway, Joel 616 00:28:35,847 --> 00:28:38,647 S2: gave a presentation at this is the Run Sibyl Side event, 617 00:28:38,647 --> 00:28:39,927 S2: which was also really good. 618 00:28:39,967 --> 00:28:40,407 S1: It was. 619 00:28:40,687 --> 00:28:43,527 S2: Great. The run, the run. Sibyl side event. Um, the 620 00:28:43,567 --> 00:28:47,607 S2: Run Sibyl is a company that's doing, um, automated pen 621 00:28:47,607 --> 00:28:52,887 S2: testing and, um, and pen tester assisted AI tools, basically, uh, 622 00:28:52,887 --> 00:28:55,047 S2: led by a friend of ours, Ari. And so I 623 00:28:55,047 --> 00:28:57,047 S2: spoke there, gave my talk there. But Joel was right 624 00:28:57,047 --> 00:29:01,607 S2: before me. And Joel gave a talk called your Eval suck. Um, 625 00:29:01,647 --> 00:29:04,727 S2: and his thing was like, hey, look at all these 626 00:29:05,327 --> 00:29:07,847 S2: evals that, uh, people are using right now. They're written 627 00:29:07,847 --> 00:29:10,607 S2: in the 90s, like stack based overflows, right? Which is 628 00:29:10,607 --> 00:29:14,607 S2: not what we are facing in 2025. Right. And, uh, 629 00:29:14,647 --> 00:29:17,846 S2: he just showed like, multiple examples of, you know, some 630 00:29:17,847 --> 00:29:20,167 S2: of these evals are not even testing exploit generation or 631 00:29:20,167 --> 00:29:22,207 S2: web testing or anything like that. They're testing just like 632 00:29:22,207 --> 00:29:24,566 S2: code quality stuff, which is from the 90s. Right? And 633 00:29:24,567 --> 00:29:28,247 S2: it's like it's like, why are we benchmarking these security 634 00:29:28,447 --> 00:29:32,207 S2: models off of these crazy old evals? Um, and that 635 00:29:32,207 --> 00:29:34,757 S2: was that was the genesis of his talk. What I 636 00:29:34,757 --> 00:29:37,877 S2: was sad about, though, is you left for dinner one 637 00:29:37,917 --> 00:29:40,957 S2: talk after or one talk before it ended. And the 638 00:29:40,957 --> 00:29:43,237 S2: last talk was this guy who basically brought a humanoid 639 00:29:43,237 --> 00:29:46,597 S2: robot like, about this tall and had jailbroken it with 640 00:29:46,597 --> 00:29:49,036 S2: an exploit. He bought it from China and got it 641 00:29:49,037 --> 00:29:51,237 S2: to run around the room, just like screaming at the 642 00:29:51,237 --> 00:29:53,036 S2: top of its lungs with like, a video game track. 643 00:29:53,037 --> 00:29:55,517 S2: It was so cool. Like it was. It was amazing. 644 00:29:55,557 --> 00:29:58,596 S1: Attacking communism. Yeah. As a Chinese robot. Yeah. 645 00:29:58,637 --> 00:30:01,477 S2: So, okay, so out of context, it sounds bad, but 646 00:30:01,477 --> 00:30:04,957 S2: if you've ever played, um, the fallout games, um, there 647 00:30:04,957 --> 00:30:08,997 S2: is like this audio track in, uh, in fallout that, like, 648 00:30:09,037 --> 00:30:12,277 S2: the rhetoric in that game is anti-communism, right? And so, like, 649 00:30:12,517 --> 00:30:15,117 S2: there's like a robot that goes around or like a, 650 00:30:15,477 --> 00:30:18,077 S2: like a character, you know, some of the enforcers run 651 00:30:18,077 --> 00:30:21,597 S2: around all they do for 24 seven just talk about anti-communism. 652 00:30:21,597 --> 00:30:23,437 S2: So if you if you pull down the audio track 653 00:30:23,437 --> 00:30:26,277 S2: for this game, there's a 20 minute rant robot rant 654 00:30:26,277 --> 00:30:29,837 S2: about anti-communism. And so he put it on the jailbroken 655 00:30:29,837 --> 00:30:33,347 S2: robot and it's just running around spouting like, anti-communist and 656 00:30:33,347 --> 00:30:35,467 S2: then like it was so funny because it was it 657 00:30:35,467 --> 00:30:38,067 S2: was it was like it was talking about anti-communism and 658 00:30:38,067 --> 00:30:40,347 S2: it was like it was like possible defector. And then 659 00:30:40,347 --> 00:30:42,947 S2: it ran into this lady's table and spilled her drink 660 00:30:42,947 --> 00:30:44,867 S2: on her, and she thought it was so hilarious. Like, 661 00:30:44,867 --> 00:30:48,347 S2: she was like, this is crazy. It was it was great. Yeah. Yeah. 662 00:30:48,507 --> 00:30:49,867 S1: Yeah. I got to get the video. 663 00:30:50,147 --> 00:30:54,187 S2: Yeah, yeah, yeah. So, um. Yeah. So evals, you know, struggle, 664 00:30:54,267 --> 00:30:58,267 S2: benchmark struggle right now for domain specific applications. Everyone's kind 665 00:30:58,267 --> 00:31:01,227 S2: of figuring it out. And I think I felt like 666 00:31:01,267 --> 00:31:03,147 S2: on the show floor, there was still a lot of 667 00:31:03,147 --> 00:31:06,427 S2: promising of things that when I went to talk to people, 668 00:31:06,427 --> 00:31:10,507 S2: it was not as, um. First of all, no one's 669 00:31:10,507 --> 00:31:11,907 S2: training their own models to do any of this, right. 670 00:31:11,907 --> 00:31:13,467 S2: Like vendors will say, yeah, we have our own model. 671 00:31:13,467 --> 00:31:17,187 S2: They're not like they're using llama for or, you know, 672 00:31:17,227 --> 00:31:20,227 S2: their own keys and yeah, or. Yeah, deep seek or. 673 00:31:20,267 --> 00:31:20,947 S1: Just the cloud ones. 674 00:31:20,947 --> 00:31:23,907 S2: Yeah, just the cloud ones. Anthropic or OpenAI. Right. And 675 00:31:23,907 --> 00:31:26,107 S2: then all of the business logic magic that they promise 676 00:31:26,147 --> 00:31:29,827 S2: you is happening is system prompt based. Like that's, that's 677 00:31:29,827 --> 00:31:33,096 S2: the majority of of all of those products. And the 678 00:31:33,097 --> 00:31:36,096 S2: value prop is no longer automation. The value prop for 679 00:31:36,097 --> 00:31:39,497 S2: them is now, oh, you know, up level or skill 680 00:31:39,537 --> 00:31:43,177 S2: level your people. Right. And um, and that means basically 681 00:31:43,217 --> 00:31:46,137 S2: at least the way I, I, you know, kind of 682 00:31:46,177 --> 00:31:48,217 S2: package that is it's good at the things we already 683 00:31:48,217 --> 00:31:50,177 S2: knew it was good at. Right. It's good at summarization. 684 00:31:50,177 --> 00:31:52,497 S2: It's good at rewriting. It's good at pulling multiple data 685 00:31:52,537 --> 00:31:55,257 S2: sets together and offering, you know, a couple insights here 686 00:31:55,257 --> 00:31:59,657 S2: and there. But the actual automation of things not quite 687 00:31:59,657 --> 00:32:02,617 S2: there yet harder to implement. Architecture is way you need 688 00:32:02,617 --> 00:32:03,937 S2: to invest way more in it. 689 00:32:03,977 --> 00:32:06,537 S1: Yeah, I mean, I think we knew this before going 690 00:32:06,577 --> 00:32:08,897 S1: into RSA just because you and I are actually building 691 00:32:08,897 --> 00:32:12,617 S1: this stuff. It's like the problem with agents and like 692 00:32:12,657 --> 00:32:15,977 S1: pursuing goals is they just get confused, right? They get 693 00:32:15,977 --> 00:32:17,336 S1: confused over scoped. 694 00:32:17,537 --> 00:32:18,057 S2: Scoped. 695 00:32:18,057 --> 00:32:20,977 S1: Yeah. Especially if you have like red teaming for example, 696 00:32:20,977 --> 00:32:23,017 S1: which is the one that all our friends are struggling 697 00:32:23,017 --> 00:32:23,817 S1: with the most. 698 00:32:23,817 --> 00:32:24,137 S2: Yeah. 699 00:32:24,457 --> 00:32:26,537 S1: Because the first step. Cool. I can launch the web 700 00:32:26,537 --> 00:32:29,057 S1: attack second. Okay. I can pivot a little bit. Yeah. 701 00:32:29,097 --> 00:32:31,657 S1: But then it's like, okay, I've got seven more goals 702 00:32:31,657 --> 00:32:34,536 S1: to get. What have I done already? And so it 703 00:32:34,537 --> 00:32:36,777 S1: starts losing context. So I think that's where it's kind 704 00:32:36,777 --> 00:32:39,777 S1: of falling apart. Yeah. The other thing we were talking 705 00:32:39,777 --> 00:32:45,537 S1: about was how, um, the moat situation. Yeah. So, so basically, um, 706 00:32:46,937 --> 00:32:50,417 S1: a lot of these companies that are like, we do 707 00:32:50,417 --> 00:32:55,697 S1: this thing, that's what makes us special. And we're in round, 708 00:32:55,817 --> 00:32:58,617 S1: you know, B or C or whatever. And we've raised 709 00:32:58,617 --> 00:33:02,457 S1: all this money because we do this one thing. It's like, well, 710 00:33:02,457 --> 00:33:05,537 S1: if you have the context, like, uh, I was talking 711 00:33:05,537 --> 00:33:07,737 S1: about this week, if you have that context and you 712 00:33:07,737 --> 00:33:11,737 S1: can ask the questions. The thing that company does is 713 00:33:11,737 --> 00:33:15,657 S1: a feature instead of a company. Yeah. Yeah. And like, 714 00:33:16,217 --> 00:33:19,057 S1: as we would go around and see these different booths. Yeah. 715 00:33:20,097 --> 00:33:20,977 S1: They look like features. 716 00:33:20,977 --> 00:33:22,017 S2: They're gonna get karate kicked. 717 00:33:22,057 --> 00:33:23,097 S1: By by. 718 00:33:23,257 --> 00:33:27,057 S2: Uh, the model vendors and. Yeah, it's, uh. Yeah. I mean, 719 00:33:27,097 --> 00:33:29,007 S2: it sucks because those are some. awesome. It is some 720 00:33:29,007 --> 00:33:30,807 S2: of our friends who are making these companies and it's like, 721 00:33:30,807 --> 00:33:33,007 S2: I don't know. I mean, you can be really good 722 00:33:33,007 --> 00:33:35,207 S2: at a problem and succeed better than a big model 723 00:33:35,207 --> 00:33:37,807 S2: vendor or a big a big company that you know. 724 00:33:37,887 --> 00:33:39,447 S2: But it's got to be really good. 725 00:33:39,487 --> 00:33:42,487 S1: And maybe they just cut through so good with marketing 726 00:33:42,487 --> 00:33:45,767 S1: that they get a big enough market share that they're okay. Yeah. 727 00:33:45,927 --> 00:33:49,286 S1: But the time is like ticking. You just hear the 728 00:33:49,287 --> 00:33:53,527 S1: time ticking down between Google gets there, Microsoft gets there. 729 00:33:53,527 --> 00:33:55,927 S1: One of these big players gets there. Yeah. And then 730 00:33:55,927 --> 00:34:00,127 S1: they just start adding question modules for security or whatever. 731 00:34:00,167 --> 00:34:02,047 S2: I mean maybe that's the golden plan though. Maybe it's 732 00:34:02,047 --> 00:34:05,287 S2: like they're not at the place to stay a long 733 00:34:05,327 --> 00:34:07,687 S2: term viable. Just just get bought by one of the 734 00:34:07,687 --> 00:34:09,286 S2: big companies because they do it really well. Right. Which 735 00:34:09,287 --> 00:34:10,647 S2: is totally a play. Yeah. 736 00:34:10,847 --> 00:34:11,326 S1: Nothing wrong with. 737 00:34:11,327 --> 00:34:21,567 S2: That. Anyone wants to buy. I'm just kidding. Um, yeah. So. Yeah. Um, yeah. 738 00:34:21,567 --> 00:34:24,767 S2: So that could be a play for sure. Yeah. Uh, yeah. 739 00:34:24,807 --> 00:34:28,397 S2: I mean, other than that, though, uh, Again, same vibes 740 00:34:28,397 --> 00:34:31,517 S2: as last year and the year before. I saw some 741 00:34:31,517 --> 00:34:38,637 S2: products that, uh. Besides, I are just abstractions of what 742 00:34:38,677 --> 00:34:41,357 S2: someone else already does, but it's a better visualization and 743 00:34:41,357 --> 00:34:43,157 S2: easier to make it work with. Right. So like the 744 00:34:43,157 --> 00:34:46,277 S2: Amazon ecosystem, if you're an Amazon specialist, that shit's hard 745 00:34:46,277 --> 00:34:48,277 S2: to learn. Like there are so many sub tools and 746 00:34:48,277 --> 00:34:50,357 S2: sub products and it's like and so then like you 747 00:34:50,357 --> 00:34:52,517 S2: see this other company like, yeah, we make this easy, right? 748 00:34:52,557 --> 00:34:56,237 S2: Like here's a nice guy explains everything Wiz. Yeah. Wiz. Right. 749 00:34:56,237 --> 00:34:58,397 S2: And it like does everything that you want it to do. 750 00:34:58,837 --> 00:35:01,197 S2: And I don't think there's a lot of moat around 751 00:35:01,197 --> 00:35:04,117 S2: that either. That's just a UI revamp to a lot 752 00:35:04,117 --> 00:35:06,037 S2: of the core services places. And so I saw a 753 00:35:06,037 --> 00:35:09,117 S2: lot of that. It's like make your SoC easier to 754 00:35:09,117 --> 00:35:12,277 S2: automate or like whatever. And it's like, okay, I get it. 755 00:35:12,277 --> 00:35:14,437 S2: I get why that's attractive right now, because you have 756 00:35:14,437 --> 00:35:16,997 S2: that pain right now as a consumer. But that pain, 757 00:35:16,997 --> 00:35:19,197 S2: I don't know if it'll be there forever once other 758 00:35:19,197 --> 00:35:21,277 S2: people figure out. Although you can also look at case 759 00:35:21,277 --> 00:35:23,397 S2: studies from Google, right? They never fix their UI. And 760 00:35:23,437 --> 00:35:26,387 S2: you know, so like like Gmail could use a refresh. 761 00:35:26,387 --> 00:35:29,067 S2: So yeah, I mean, yeah, um, I saw a lot 762 00:35:29,067 --> 00:35:33,587 S2: of that. Um, was also kind of surprised just at the, 763 00:35:33,627 --> 00:35:35,947 S2: at what I perceived to be the spend at RSA 764 00:35:35,987 --> 00:35:40,027 S2: this year in a time where I know security professionals like, 765 00:35:40,027 --> 00:35:42,387 S2: who are jobless and, and they have been looking for 766 00:35:42,387 --> 00:35:43,547 S2: roles for months. Right. 767 00:35:43,547 --> 00:35:45,427 S1: That's a really good point. I didn't think about that. 768 00:35:45,427 --> 00:35:48,147 S2: And then just the amount of of money on that floor. 769 00:35:48,187 --> 00:35:51,067 S1: It felt like 2018 or 2019. 770 00:35:51,107 --> 00:35:51,827 S2: Yeah, it was crazy. 771 00:35:51,867 --> 00:35:54,107 S1: It was like top of the you know what it 772 00:35:54,107 --> 00:35:57,947 S1: almost felt like it almost felt like. And I hadn't 773 00:35:57,947 --> 00:36:00,107 S1: thought of this until just now when you said this. 774 00:36:00,627 --> 00:36:03,947 S1: It feels like desperation. They're just like, spend all the money. 775 00:36:03,947 --> 00:36:06,587 S1: It's like. It's like our last chance. 776 00:36:06,587 --> 00:36:09,987 S2: Yeah, it definitely felt like that with some vendors for sure. Um, 777 00:36:10,787 --> 00:36:13,867 S2: which maybe goes into that like acquisition play is like, 778 00:36:13,907 --> 00:36:16,547 S2: we just make ourselves seem bigger this year. We'll get 779 00:36:16,547 --> 00:36:18,947 S2: acquired and it won't matter anymore. Right. 780 00:36:18,987 --> 00:36:22,427 S1: Well, so if you take like the macro economy or whatever, 781 00:36:22,627 --> 00:36:25,457 S1: and it's just like things might get bad in the 782 00:36:25,457 --> 00:36:29,097 S1: next six months or a year. Yeah, we're going into RSA. Yeah, 783 00:36:29,257 --> 00:36:32,217 S1: we need to get bought. Yeah, we or we need 784 00:36:32,217 --> 00:36:34,737 S1: to get a bunch of customers. Yeah. Now is not 785 00:36:34,737 --> 00:36:36,057 S1: the time to go small. 786 00:36:36,097 --> 00:36:36,657 S2: Yeah. 787 00:36:36,857 --> 00:36:38,497 S1: So we saw baby goats. 788 00:36:38,537 --> 00:36:41,177 S2: Yeah, we saw goats. We saw puppies. 789 00:36:41,217 --> 00:36:43,097 S1: I didn't see the puppies, but I saw the goats. 790 00:36:43,497 --> 00:36:46,497 S2: There's a monster truck and an F1 formula one car. 791 00:36:46,537 --> 00:36:47,137 S1: 2018? 792 00:36:47,337 --> 00:36:51,137 S2: Yeah. I mean, um, what else? A giant, giant robot, obviously, 793 00:36:51,137 --> 00:36:55,497 S2: at the CrowdStrike booth, like, every year. Giant statue. Um, yeah, 794 00:36:55,497 --> 00:36:58,417 S2: there was I mean, there was usually there's one marquee 795 00:36:58,457 --> 00:37:02,577 S2: party at uh, at or at RSA, right. There's like 796 00:37:02,577 --> 00:37:04,617 S2: one vendor who brings in like a band. So like 797 00:37:04,657 --> 00:37:07,217 S2: last year, I can't remember who I went to Dead 798 00:37:07,257 --> 00:37:10,577 S2: Mouse last year, which is one of my favorites. And then, um, 799 00:37:10,657 --> 00:37:13,377 S2: for like, the rock crowd, they had, um, Incubus, I 800 00:37:13,377 --> 00:37:15,537 S2: think last year or maybe, maybe the year before, I 801 00:37:15,537 --> 00:37:20,297 S2: can't remember this year. Both marshmallow still Premier DJ and 802 00:37:20,297 --> 00:37:23,767 S2: Chainsmokers were performing at different parties on the same night, 803 00:37:24,567 --> 00:37:25,367 S2: which is crazy. 804 00:37:25,447 --> 00:37:27,007 S1: One. Sentinel one, I think. 805 00:37:27,047 --> 00:37:30,207 S2: Yes, I know one was a marshmallow. Yeah. And, uh, 806 00:37:30,247 --> 00:37:33,687 S2: and then, um, I can't remember who did, uh, Chainsmokers, 807 00:37:33,687 --> 00:37:35,847 S2: but yeah, I think it was like chain guard or something. 808 00:37:35,847 --> 00:37:38,407 S2: I can't remember, but, um, but yeah, I mean, that's 809 00:37:38,407 --> 00:37:40,727 S2: a lot of money to, like, you know, buy out 810 00:37:40,727 --> 00:37:43,807 S2: a nightclub for hundreds of people, you know, have, like, 811 00:37:43,807 --> 00:37:46,647 S2: a premier DJ play just for your corporate party. Um, 812 00:37:46,887 --> 00:37:49,127 S2: and so it just it felt like there was a 813 00:37:49,127 --> 00:37:50,527 S2: lot of money spending. And it made me sad a 814 00:37:50,527 --> 00:37:52,607 S2: little bit because, like, I do have friends who have 815 00:37:52,607 --> 00:37:55,367 S2: been struggling to find jobs or have gotten like, um, 816 00:37:55,847 --> 00:37:58,167 S2: work furloughed, you know, a lot of friends getting furloughed 817 00:37:58,207 --> 00:38:01,007 S2: where like, they're like, oh, we can't afford to pay you. 818 00:38:01,047 --> 00:38:03,567 S1: Yeah. We got to cut back on salaries. Yeah, because 819 00:38:03,607 --> 00:38:04,327 S1: money's tight. 820 00:38:04,367 --> 00:38:04,647 S2: Yeah. 821 00:38:05,167 --> 00:38:06,007 S1: But we need goats. 822 00:38:06,047 --> 00:38:08,407 S2: Yeah, we need goats. Yeah, we need goats. So. So 823 00:38:08,407 --> 00:38:10,647 S2: that kind of sucked a little bit. I think that's 824 00:38:10,647 --> 00:38:13,407 S2: a continuing pattern though. Probably that's happened every year a 825 00:38:13,407 --> 00:38:14,807 S2: little bit. But um. 826 00:38:14,847 --> 00:38:18,167 S1: I'm worried about next year that they're just like, well 827 00:38:18,367 --> 00:38:19,287 S1: that didn't work. 828 00:38:19,607 --> 00:38:19,887 S2: Yeah I. 829 00:38:19,887 --> 00:38:20,567 S1: Mean tighten it. 830 00:38:20,567 --> 00:38:23,157 S2: Up. We'll see. I mean, every year you look for 831 00:38:23,157 --> 00:38:25,677 S2: a vendor that you thought was cool last year, and 832 00:38:25,677 --> 00:38:27,997 S2: then they're not there, you know, this year. 833 00:38:28,037 --> 00:38:28,837 S1: Yeah. Isn't that weird? 834 00:38:28,877 --> 00:38:29,357 S2: Yeah. 835 00:38:29,397 --> 00:38:31,557 S1: Someone comes out of nowhere and, like, four of them 836 00:38:31,557 --> 00:38:32,557 S1: just disappear. 837 00:38:32,597 --> 00:38:34,437 S2: Yeah, there was a couple, a couple last year that 838 00:38:34,437 --> 00:38:39,357 S2: was really excited that they were applying AI to document classification. 839 00:38:39,357 --> 00:38:43,437 S2: And I was like, that's a perfect application of AI, actually. Yeah, yeah. Um, 840 00:38:43,437 --> 00:38:45,597 S2: and they were not around this year either they got 841 00:38:45,637 --> 00:38:47,917 S2: gobbled up or they didn't make it. So yeah. 842 00:38:48,437 --> 00:38:50,997 S1: Oh yeah. What's the one I got? A buddy went, oh, 843 00:38:51,037 --> 00:38:53,397 S1: Sierra is the one. Yeah. Doing it now. 844 00:38:53,437 --> 00:38:57,557 S2: Yeah. Um, but yeah, the, uh, I mean, the off 845 00:38:57,597 --> 00:38:59,237 S2: site events are definitely where it's at, I think. I 846 00:38:59,237 --> 00:39:02,917 S2: think if you're coming to RSA next year and we're coming. Right. Yeah, 847 00:39:02,957 --> 00:39:04,837 S2: I'm gonna do a little bit less. Speaking honestly, I 848 00:39:04,877 --> 00:39:10,117 S2: did my thing five times and I was pretty burnt. Um, again, 849 00:39:10,157 --> 00:39:13,157 S2: I guess if I rewind to the beginning of the week, though. Besides, 850 00:39:13,157 --> 00:39:15,477 S2: San Francisco continues to be an A plus con. 851 00:39:15,517 --> 00:39:15,877 S1: Yeah. 852 00:39:15,957 --> 00:39:18,077 S2: Um, I mean, besides San Francisco. 853 00:39:18,197 --> 00:39:19,117 S1: Production quality. 854 00:39:19,117 --> 00:39:20,147 S2: Production quality. 855 00:39:20,187 --> 00:39:21,147 S1: Quality? The content? 856 00:39:21,147 --> 00:39:24,027 S2: Yes. Staff is great. Yeah. You know, the villages there 857 00:39:24,067 --> 00:39:26,947 S2: are cool. Even the vendors set up there is like. 858 00:39:26,987 --> 00:39:29,867 S2: I just feel like it's not as nuts and in 859 00:39:29,867 --> 00:39:32,147 S2: your face. I had a I had a buddy, a 860 00:39:32,147 --> 00:39:35,027 S2: mutual friend of ours. Come this year. He's, you know, 861 00:39:35,067 --> 00:39:37,627 S2: he's a person. He works at a company and I'm 862 00:39:37,627 --> 00:39:38,827 S2: not going to put him on blast. But he's a 863 00:39:38,827 --> 00:39:40,227 S2: person who works in a company. He doesn't have any 864 00:39:40,227 --> 00:39:43,067 S2: purchasing power. But, you know, he put on his RSA 865 00:39:43,107 --> 00:39:45,347 S2: badge the company he worked for. And it's a big company. 866 00:39:45,627 --> 00:39:48,107 S2: And he is getting accosted like he's walking down the 867 00:39:48,107 --> 00:39:50,347 S2: floor and like, you know, like someone out of the 868 00:39:50,347 --> 00:39:51,947 S2: corner of their eye just sees his badge in the 869 00:39:51,947 --> 00:39:55,067 S2: name of his company. And they're like, hey, like, you know, like, 870 00:39:55,107 --> 00:39:57,747 S2: come talk to me. And like, um, it was surreal 871 00:39:57,747 --> 00:40:00,507 S2: for him, even even after he tells them I don't 872 00:40:00,507 --> 00:40:02,907 S2: have any purchasing power, I don't make any decisions. And 873 00:40:02,907 --> 00:40:03,907 S2: they're like, I don't care. 874 00:40:03,947 --> 00:40:04,827 S1: Like, yeah, yeah. 875 00:40:04,827 --> 00:40:08,307 S2: Yeah, uh, but besides, doesn't feel like that. Um, I 876 00:40:08,307 --> 00:40:10,747 S2: think that, uh, a mutual friend of ours, uh, Clint, 877 00:40:10,747 --> 00:40:15,187 S2: gave a talk on vulnerability as people and as infosec 878 00:40:15,187 --> 00:40:19,457 S2: practitioners rather than vulnerabilities as, like, you know, kind of. 879 00:40:19,497 --> 00:40:23,577 S2: We pop bones or security. Security. I really love that talk. 880 00:40:23,617 --> 00:40:25,697 S2: I think it's one of the best keynotes I've seen 881 00:40:26,337 --> 00:40:27,817 S2: in quite a while. It will be up on the 882 00:40:27,857 --> 00:40:30,177 S2: b sides website. You know, they eventually put everything out. 883 00:40:30,177 --> 00:40:32,057 S2: So I highly suggest watching you and I were cameoed 884 00:40:32,057 --> 00:40:32,817 S2: in that talk, actually. 885 00:40:32,857 --> 00:40:33,697 S1: Yeah, absolutely. 886 00:40:33,737 --> 00:40:36,737 S2: Clint, Clint talked about, um, how, you know, you and 887 00:40:36,737 --> 00:40:38,977 S2: I have like this, you know, long friendship because we've 888 00:40:38,977 --> 00:40:41,457 S2: worked together since we were young and we've just kind 889 00:40:41,457 --> 00:40:44,337 S2: of done everything together. Yeah. And, um, he he talked 890 00:40:44,337 --> 00:40:47,017 S2: about how, like, being a friend with you, he, like, 891 00:40:47,057 --> 00:40:49,177 S2: felt like a little bit less than, you know, the 892 00:40:49,177 --> 00:40:51,537 S2: connection we had. And he wanted that with you. Yeah. 893 00:40:51,577 --> 00:40:53,497 S2: And how, like, those things are hard to talk about, right? 894 00:40:53,537 --> 00:40:56,897 S2: It's like, you know, your insecurities, the way you feel. Um, 895 00:40:56,897 --> 00:40:59,577 S2: but eventually, if you confront them or you figure out 896 00:40:59,577 --> 00:41:01,937 S2: ways to help, you know, like, you know, be healthy 897 00:41:01,937 --> 00:41:04,417 S2: about them and have conversations with your friends and say, X, Y, 898 00:41:04,417 --> 00:41:07,817 S2: and Z, it's, um, it really can give you peace 899 00:41:07,817 --> 00:41:11,417 S2: of mind. Superpowers make you feel better. Yeah. And so, like, 900 00:41:11,457 --> 00:41:13,177 S2: you and I were referenced in that that part of 901 00:41:13,217 --> 00:41:15,137 S2: that talk. And I thought that that was it was 902 00:41:15,137 --> 00:41:17,377 S2: really great, actually. I actually like I think I cried 903 00:41:17,377 --> 00:41:18,937 S2: at the end because he had like a couple, like 904 00:41:19,057 --> 00:41:20,097 S2: little messages in there and he. 905 00:41:20,097 --> 00:41:20,537 S1: Was like, yeah. 906 00:41:20,537 --> 00:41:22,457 S2: Yeah. He was like, hey, you're enough, right? Like, what 907 00:41:22,457 --> 00:41:23,817 S2: you're doing is enough and. 908 00:41:23,857 --> 00:41:24,697 S1: All, and it matters. 909 00:41:24,737 --> 00:41:28,377 S2: And it matters. Yeah. And, uh, and all of us, uh, 910 00:41:28,377 --> 00:41:29,897 S2: all of us, you know, are just trying. I feel 911 00:41:29,897 --> 00:41:32,057 S2: like everyone in security has a little bit of, like, 912 00:41:32,097 --> 00:41:35,057 S2: they just want to, like, help the world a little bit, right? Like, 913 00:41:35,097 --> 00:41:37,177 S2: not everyone, but a lot of people. That's why they 914 00:41:37,177 --> 00:41:39,817 S2: get into it. Because it is easy to make that 915 00:41:39,817 --> 00:41:42,217 S2: that line to like, hey, I know this is a 916 00:41:42,217 --> 00:41:45,337 S2: small thing, this computer stuff, but in a way, I 917 00:41:45,377 --> 00:41:48,457 S2: am a superhero trying to help the world. Right? And, um, 918 00:41:48,457 --> 00:41:50,217 S2: but you can get so wrapped up because there's so 919 00:41:50,217 --> 00:41:53,497 S2: much stuff, right? There's so many domains. There's new research 920 00:41:53,497 --> 00:41:56,097 S2: in domains all the time you feel behind on education, 921 00:41:56,457 --> 00:41:59,057 S2: you can start to get that imposter syndrome. And like 922 00:41:59,097 --> 00:42:01,297 S2: at the end, Clint actually gave out cards. 923 00:42:01,977 --> 00:42:02,777 S1: That he had signed. 924 00:42:02,817 --> 00:42:05,017 S2: That he had signed. He had signed hundreds of cards 925 00:42:05,297 --> 00:42:07,457 S2: by hand. And I think I have one in my 926 00:42:07,457 --> 00:42:09,217 S2: wallet and I put mine in my wallet. And it 927 00:42:09,217 --> 00:42:11,377 S2: just like says you are enough signed by Clint. Or like, 928 00:42:11,417 --> 00:42:12,777 S2: you know, some inspiring message. 929 00:42:12,817 --> 00:42:13,257 S1: Yeah. 930 00:42:13,537 --> 00:42:16,807 S2: That was I mean, like, Clint's like amazing person. But 931 00:42:16,847 --> 00:42:17,807 S2: that talk was awesome. 932 00:42:17,847 --> 00:42:21,207 S1: So yeah, and a lot of courage to do a 933 00:42:21,207 --> 00:42:25,087 S1: talk that's about people. Yeah. When like the natural play 934 00:42:25,087 --> 00:42:29,407 S1: is like AI and security V2. Yeah. Which would absolutely 935 00:42:29,407 --> 00:42:31,727 S1: crush it would crush. Yeah, yeah. And he's like, no, 936 00:42:31,727 --> 00:42:33,687 S1: I'm going to do this thing because I think this 937 00:42:33,687 --> 00:42:34,567 S1: message matters. 938 00:42:34,607 --> 00:42:38,607 S2: Yeah, yeah, yeah. Clint's a phenomenal human. And, um, he 939 00:42:38,607 --> 00:42:41,007 S2: did the girlfriend meme of, uh, of you and me. 940 00:42:41,047 --> 00:42:43,727 S2: Like the, like the guys walking down the street, and 941 00:42:43,727 --> 00:42:47,487 S2: he looks at like the like. Like the one girl has, like, 942 00:42:47,527 --> 00:42:49,647 S2: a girlfriend, and the other girlfriend's like, you know, that 943 00:42:49,647 --> 00:42:52,647 S2: meme and I got to be the the hot girl, so. 944 00:42:52,687 --> 00:42:53,407 S1: That's right. You know. 945 00:42:53,527 --> 00:42:56,047 S2: I haven't I've never been the hot girl. So like. 946 00:42:56,447 --> 00:42:56,967 S1: Yeah, yeah. 947 00:42:59,127 --> 00:43:02,687 S2: Yeah. Um. Yeah. So that was cool. Uh, what else 948 00:43:02,687 --> 00:43:03,567 S2: happened this week? 949 00:43:04,607 --> 00:43:07,807 S1: I don't know, what's your big takeaway? I feel like 950 00:43:08,407 --> 00:43:10,607 S1: we talked about this a little bit. I feel like 951 00:43:10,607 --> 00:43:14,437 S1: big takeaway for us. And keep in mind that If 952 00:43:14,437 --> 00:43:18,717 S1: you're coming to this, like brand new, like you don't 953 00:43:18,717 --> 00:43:20,717 S1: necessarily want to do it this way because we're we're 954 00:43:20,757 --> 00:43:23,837 S1: getting lessons after I've done this for a couple of decades, 955 00:43:24,157 --> 00:43:26,877 S1: but we're like more get away from the center of 956 00:43:26,877 --> 00:43:31,397 S1: the mass and move into like the smaller events where 957 00:43:31,397 --> 00:43:33,797 S1: your friends are going to be at to talk more 958 00:43:33,797 --> 00:43:37,077 S1: about the ideas as opposed to like, where can I 959 00:43:37,077 --> 00:43:39,077 S1: get the food? Where can I get the parties and 960 00:43:39,077 --> 00:43:39,877 S1: the music? 961 00:43:40,077 --> 00:43:43,077 S2: Yeah. And that, I mean, this thinking applies to Black 962 00:43:43,077 --> 00:43:43,957 S2: Hat and Def Con, too. 963 00:43:44,117 --> 00:43:44,557 S1: Absolutely. 964 00:43:44,557 --> 00:43:44,677 S2: Yeah. 965 00:43:44,717 --> 00:43:45,677 S1: It's the whole scene. 966 00:43:45,797 --> 00:43:49,837 S2: It's, uh, at first it's cool when you're young and 967 00:43:49,837 --> 00:43:50,757 S2: we're old, so. 968 00:43:50,797 --> 00:43:50,997 S1: Yeah. 969 00:43:50,997 --> 00:43:51,277 S2: Yeah. 970 00:43:51,317 --> 00:43:52,317 S1: Um, to. 971 00:43:52,437 --> 00:43:54,597 S2: To go to the parties and be part of, like, 972 00:43:54,637 --> 00:43:58,197 S2: the loud noises and then now you kind of want to, uh, 973 00:43:58,837 --> 00:44:01,557 S2: ration your time with people who you really want to 974 00:44:01,557 --> 00:44:04,477 S2: spend time with and have conversations with and be in 975 00:44:04,477 --> 00:44:07,317 S2: smaller settings where it's not so loud and like real 976 00:44:07,317 --> 00:44:09,677 S2: research is going on. And, uh, and that was the 977 00:44:09,677 --> 00:44:13,347 S2: dichotomy for me, was like so much of a difference 978 00:44:13,347 --> 00:44:17,107 S2: between what people were saying on the floor about how 979 00:44:17,107 --> 00:44:19,267 S2: things worked with AI. And then when I got to 980 00:44:19,307 --> 00:44:23,027 S2: the Airbnb summit and the OpenAI summit, like, no, these 981 00:44:23,027 --> 00:44:25,147 S2: are real people working on these problems. And here are 982 00:44:25,147 --> 00:44:28,747 S2: the real problems. And yeah, um, and here also there 983 00:44:28,747 --> 00:44:31,467 S2: are success stories, but also their failure stories, like, yeah, 984 00:44:31,467 --> 00:44:33,427 S2: we thought this would work. It totally did not work. 985 00:44:33,467 --> 00:44:37,747 S2: We had to go back to manual process in vulnerability management. 986 00:44:37,747 --> 00:44:41,907 S2: Oh man. The conversation about vulnerability management this week were crazy, um, 987 00:44:41,907 --> 00:44:46,427 S2: about using AI and the predispositions I had about what 988 00:44:46,427 --> 00:44:49,907 S2: I thought was a good AI assisted vulnerability management plot 989 00:44:49,947 --> 00:44:53,987 S2: or not platform, but, you know, like architecture versus what 990 00:44:54,027 --> 00:44:56,627 S2: some people like Google have built and some people like 991 00:44:56,707 --> 00:44:58,347 S2: Adobe did a great talk on it, and then some 992 00:44:58,347 --> 00:45:02,387 S2: people talked about it in the OpenAI, um, conference. Uh, 993 00:45:02,507 --> 00:45:05,227 S2: and so, like, it turns out some of the things 994 00:45:05,227 --> 00:45:06,867 S2: that we thought I would be able to do are 995 00:45:06,867 --> 00:45:10,347 S2: not the force multipliers. It turns out to be sending 996 00:45:10,347 --> 00:45:12,857 S2: emails or like actioning tickets automatically. 997 00:45:12,897 --> 00:45:13,497 S1: Go to where they. 998 00:45:13,497 --> 00:45:15,257 S2: Are. Yeah, yeah, go to where they are. Right. We 999 00:45:15,297 --> 00:45:18,577 S2: talked about this in the car. It's like it's I 1000 00:45:18,617 --> 00:45:21,097 S2: had some assumptions that we'd be able to do like full, 1001 00:45:21,137 --> 00:45:24,457 S2: full stop, you know, full prompts like, you know, uh, 1002 00:45:24,777 --> 00:45:27,617 S2: nuts to bolts send, you know, our vulnerabilities that come 1003 00:45:27,617 --> 00:45:30,857 S2: through a bug bounty or static code analysis or through, um, 1004 00:45:31,697 --> 00:45:34,457 S2: appsec testing or through, you know, any different number of 1005 00:45:34,457 --> 00:45:36,177 S2: where we get vulns. Right. And it would, you know, 1006 00:45:36,177 --> 00:45:39,817 S2: system would work. Uh, the, the, the value of the 1007 00:45:39,817 --> 00:45:43,497 S2: AI would be the rating, the conglomeration of all that 1008 00:45:43,497 --> 00:45:47,457 S2: into tickets. And it turns out that some people, at least, 1009 00:45:47,497 --> 00:45:49,617 S2: who have done it say actually like that doesn't work 1010 00:45:49,617 --> 00:45:53,177 S2: super well. Mhm. Um, they're stripping all of that contextual 1011 00:45:53,177 --> 00:45:57,217 S2: data about ratings making their own rating systems. Yeah. Um, 1012 00:45:57,217 --> 00:46:00,297 S2: and just pulling out the text from the advisories from 1013 00:46:00,297 --> 00:46:02,417 S2: the threat feeds, from the pen test report, from all 1014 00:46:02,417 --> 00:46:06,137 S2: that stuff, rewriting them themselves with custom systems that have 1015 00:46:06,137 --> 00:46:08,297 S2: nothing to do with CWA or CV. 1016 00:46:10,007 --> 00:46:13,287 S1: You know. Yeah. That's the thing. The these rating systems 1017 00:46:13,287 --> 00:46:15,367 S1: are trying to give us the context of the vote. 1018 00:46:15,407 --> 00:46:16,487 S2: They don't have any context or. 1019 00:46:16,567 --> 00:46:17,727 S1: Know anything about. 1020 00:46:17,767 --> 00:46:18,607 S2: Know anything about us. 1021 00:46:18,807 --> 00:46:21,087 S1: So I love this idea. Just strip it out. Yeah. 1022 00:46:21,127 --> 00:46:24,407 S1: And then re-add the context from the company onto the vote. 1023 00:46:24,447 --> 00:46:25,727 S1: And then and that's the priority. 1024 00:46:25,767 --> 00:46:28,167 S2: And then the thing that the Google guy said, I'm 1025 00:46:28,167 --> 00:46:31,047 S2: going to say Google person or guy or whatever, but, uh, 1026 00:46:31,047 --> 00:46:34,287 S2: because I don't remember anybody's names, but, um, uh, he 1027 00:46:34,287 --> 00:46:39,567 S2: was saying that like, uh, so after you do that, um, uh, 1028 00:46:39,927 --> 00:46:44,167 S2: the whole vulnerability management scaled by AI only works if 1029 00:46:44,167 --> 00:46:47,807 S2: you have a really good asset management platform. And we've 1030 00:46:47,807 --> 00:46:48,927 S2: been talking about this for years. 1031 00:46:48,967 --> 00:46:52,087 S1: Like I did that thing in 23 when I was 1032 00:46:52,087 --> 00:46:52,727 S1: at Robinhood. 1033 00:46:52,767 --> 00:46:53,167 S2: Yeah, yeah, yeah. 1034 00:46:53,327 --> 00:46:55,927 S1: Asset management as a center of management. 1035 00:46:55,967 --> 00:46:58,607 S2: Yes, exactly. Yeah, yeah. And that you presented that at 1036 00:46:58,647 --> 00:47:01,806 S2: the Black Hat Summit, right? Yeah. So yeah. And this 1037 00:47:01,807 --> 00:47:03,567 S2: turned out to be true for them. Right. It's like 1038 00:47:03,607 --> 00:47:06,487 S2: it's like this program does not work unless you have, 1039 00:47:06,687 --> 00:47:10,117 S2: you know, had your balanced breakfast of, um, you know, 1040 00:47:10,157 --> 00:47:13,437 S2: consolidating all your data sources where vulnerabilities come in, and 1041 00:47:13,437 --> 00:47:17,837 S2: then having a tremendous asset management program, like knowing where, 1042 00:47:17,877 --> 00:47:20,797 S2: like having, um, you know, for lack of a better word, 1043 00:47:20,837 --> 00:47:24,477 S2: like having knowledge of where all the systems are, you know, 1044 00:47:24,517 --> 00:47:28,277 S2: what they are, who owns them, what teams action them, um, 1045 00:47:28,277 --> 00:47:31,357 S2: where the repos are. And that's not like that. Sounds 1046 00:47:31,357 --> 00:47:33,117 S2: trivial to some companies who are small. Like if you're 1047 00:47:33,117 --> 00:47:34,437 S2: a startup, you're like, yeah, of course I know where 1048 00:47:34,437 --> 00:47:36,277 S2: my repos are and who owns the thing. But when 1049 00:47:36,277 --> 00:47:38,837 S2: you get to a company, that's the scale of Google 1050 00:47:38,957 --> 00:47:41,997 S2: or Apple, right? There are hundreds, if not thousands like 1051 00:47:42,237 --> 00:47:45,157 S2: Ubisoft too. I mean, we had productions which are video 1052 00:47:45,197 --> 00:47:49,677 S2: games everywhere, and it's just not simple anymore. Like you, 1053 00:47:50,197 --> 00:47:52,197 S2: you lose a thread on an app and then it 1054 00:47:52,197 --> 00:47:54,397 S2: just exists out in the wild, and then someone finds 1055 00:47:54,397 --> 00:47:56,117 S2: it via your bug bounty and they're like, hey, I 1056 00:47:56,237 --> 00:47:58,397 S2: read this thing and you're like, I have no idea 1057 00:47:58,397 --> 00:48:00,797 S2: what that is like. It's not. I don't see it anywhere. 1058 00:48:00,797 --> 00:48:02,517 S2: I don't know who owns it. And then you spend 1059 00:48:02,517 --> 00:48:06,757 S2: all of this toil time. That was a reoccurring term toil, right? Oh, yeah. 1060 00:48:07,267 --> 00:48:10,987 S2: You spend all this toil time to, like, figure that out. And, um, 1061 00:48:11,147 --> 00:48:14,107 S2: you should be architecting your program from the beginning with 1062 00:48:14,107 --> 00:48:17,187 S2: really good asset management instead of spending that toil time later. 1063 00:48:17,227 --> 00:48:19,786 S1: Yeah, I love that. I definitely dealt with that at 1064 00:48:19,787 --> 00:48:21,587 S1: Apple because it's like you put out the state of 1065 00:48:21,587 --> 00:48:25,267 S1: the system and a week later it's like, nothing like that. Yeah, yeah. 1066 00:48:25,307 --> 00:48:26,107 S1: That's true. Like that. 1067 00:48:26,147 --> 00:48:28,147 S2: Yeah. Yeah. The question I had for you when we 1068 00:48:28,147 --> 00:48:31,787 S2: were in the car was it's like, okay, so, um, 1069 00:48:31,907 --> 00:48:34,467 S2: so you're really big on capturing context in markdown files, 1070 00:48:34,467 --> 00:48:37,067 S2: which is the telos idea. Mhm. Um, and you can 1071 00:48:37,067 --> 00:48:38,947 S2: do telos for yourself personally as a person. Or you 1072 00:48:38,947 --> 00:48:42,907 S2: could telos as an organization. Right. City country country doesn't matter. Yeah. Yeah. 1073 00:48:42,947 --> 00:48:46,467 S2: Put down your ethos, your goals, your systems, your owners, 1074 00:48:46,507 --> 00:48:48,747 S2: you know, into markdown or maybe JSON or something like that, 1075 00:48:48,747 --> 00:48:49,467 S2: whatever you want to use. 1076 00:48:49,547 --> 00:48:49,987 S1: Whatever. 1077 00:48:50,107 --> 00:48:52,267 S2: Uh, and my question was kind of like, okay, so, 1078 00:48:52,587 --> 00:48:57,147 S2: so Bob, who handles, you know, Celsius app, right. Whatever. Uh, 1079 00:48:57,267 --> 00:48:59,747 S2: you know, he leaves and like, who is responsible for 1080 00:48:59,747 --> 00:49:03,187 S2: updating the context file to include those changes, you know, 1081 00:49:03,187 --> 00:49:06,057 S2: is there a system that you prefer or like a method? 1082 00:49:06,057 --> 00:49:07,897 S2: Or is it just that you have to go in 1083 00:49:07,897 --> 00:49:09,737 S2: there and help them and update that? Or is there like, 1084 00:49:09,937 --> 00:49:11,697 S2: do they have to hire a specific person to run 1085 00:49:11,697 --> 00:49:14,617 S2: the Telos file and make sure everything stays in line 1086 00:49:14,617 --> 00:49:16,817 S2: when they change their company vision or something like that? 1087 00:49:16,857 --> 00:49:20,537 S1: Yeah, yeah. So it's going to depend on the implementation. 1088 00:49:20,537 --> 00:49:22,737 S1: So the way I'm doing it commercially is for this 1089 00:49:22,737 --> 00:49:25,377 S1: thing called same page, which I'll be talking about later. 1090 00:49:25,377 --> 00:49:28,617 S1: But I think the future of this is this. 1091 00:49:28,657 --> 00:49:30,337 S2: Let's talk about it. Let's talk about same page right now. 1092 00:49:30,337 --> 00:49:32,537 S2: Let's heat up. I mean, you might as well. Right? 1093 00:49:33,777 --> 00:49:34,337 S2: Come on. 1094 00:49:34,537 --> 00:49:34,977 S1: No. 1095 00:49:35,017 --> 00:49:36,057 S2: Oh come on. 1096 00:49:36,257 --> 00:49:38,977 S1: No, I mean, it's it's the concept of the talk. 1097 00:49:38,977 --> 00:49:44,017 S1: It's just unified context. Now, I appreciate it, but no, um, um, 1098 00:49:44,777 --> 00:49:48,817 S1: but no, I think just this just becomes a unified, um, 1099 00:49:49,177 --> 00:49:50,937 S1: it product. Okay. 1100 00:49:51,177 --> 00:49:52,017 S2: So it maintains. 1101 00:49:52,017 --> 00:49:56,617 S1: It. So, so I think that anybody who builds anything from, like, 1102 00:49:57,097 --> 00:50:01,177 S1: an ice cream truck business to a security program to 1103 00:50:01,177 --> 00:50:04,217 S1: I want to be a governor, they're going to have 1104 00:50:05,377 --> 00:50:12,217 S1: a core system, which is all assets, all context, all goals, everything. 1105 00:50:12,457 --> 00:50:15,097 S2: So one thing that I didn't realize until starting to 1106 00:50:15,137 --> 00:50:18,697 S2: build very, uh. And I'm not afraid to admit it, 1107 00:50:18,697 --> 00:50:21,817 S2: vibe coded things. Right. Like so I will now have 1108 00:50:21,817 --> 00:50:25,897 S2: superpowers because I understand code, right? I understand architecture of code. 1109 00:50:25,897 --> 00:50:28,457 S2: I understand problems in code, I understand security, but I've 1110 00:50:28,457 --> 00:50:30,697 S2: never been a front end developer. I couldn't sit down 1111 00:50:30,697 --> 00:50:33,217 S2: with react and build a build a pretty website. If 1112 00:50:33,217 --> 00:50:36,137 S2: you put me on a modern development team, I would die. Yeah. 1113 00:50:36,177 --> 00:50:37,057 S1: Same. Same. 1114 00:50:37,097 --> 00:50:40,537 S2: But because I know about code, I know how to script. 1115 00:50:40,537 --> 00:50:43,177 S2: And I know the concept of pretty much every language 1116 00:50:43,177 --> 00:50:46,577 S2: from assessing it in security. I can now build fantastic 1117 00:50:46,577 --> 00:50:49,137 S2: things very quickly. Same. The thing is, is that I 1118 00:50:49,137 --> 00:50:51,897 S2: think I've realized in that world is that prds like 1119 00:50:51,937 --> 00:50:57,217 S2: product requirements documents are necessary for so many more things 1120 00:50:57,457 --> 00:51:01,137 S2: than I ever thought. Right. Like. And so the idea, 1121 00:51:01,177 --> 00:51:03,127 S2: the way it connects to vibe Coding is like whenever 1122 00:51:03,127 --> 00:51:04,927 S2: I do a new project now, the first thing I 1123 00:51:04,927 --> 00:51:08,247 S2: do is I verbally talk to my browser with a 1124 00:51:08,247 --> 00:51:11,207 S2: Chrome extension into an AI model with a whole bunch 1125 00:51:11,207 --> 00:51:13,287 S2: of notes about just kind of what I want the 1126 00:51:13,287 --> 00:51:15,847 S2: system to do, what tools it's tying together, like how 1127 00:51:15,847 --> 00:51:19,007 S2: it's presenting data, why we're even making this, what problem 1128 00:51:19,007 --> 00:51:21,687 S2: it solves. And that's just verbal garbage coming out of 1129 00:51:21,687 --> 00:51:23,407 S2: my mouth, right? Like I'm just having a conversation. I 1130 00:51:23,407 --> 00:51:25,687 S2: could take a podcast like this and like, do that. 1131 00:51:25,687 --> 00:51:27,567 S2: And then I'm feeding into a whole bunch of AIS 1132 00:51:27,607 --> 00:51:31,687 S2: to make a product document with requirements in it. And 1133 00:51:31,687 --> 00:51:34,647 S2: then I'm creating a technical architecture document as well, which 1134 00:51:34,647 --> 00:51:37,687 S2: is why we are choosing the frameworks that we're using, 1135 00:51:37,687 --> 00:51:40,767 S2: why we're choosing the tools. Never deviate from these. And 1136 00:51:40,767 --> 00:51:43,367 S2: so those two things in concert, especially in the vibe 1137 00:51:43,407 --> 00:51:46,607 S2: coding or AI assisted coding world, have helped make my 1138 00:51:46,607 --> 00:51:49,567 S2: software infinitely better and helped the AI. I'd stay on 1139 00:51:49,567 --> 00:51:52,087 S2: track with the mission. With the technology. 1140 00:51:52,087 --> 00:51:54,727 S1: Yeah, because when it loses its context and loses its 1141 00:51:54,727 --> 00:51:57,967 S1: mind and basically gets erased. Yeah, it just goes back 1142 00:51:57,967 --> 00:51:59,007 S1: to that. Starts over. 1143 00:51:59,047 --> 00:52:00,847 S2: Yeah. And in vibe code, you can have such I 1144 00:52:00,847 --> 00:52:02,797 S2: mean we're going off on a rathole now, but I. 1145 00:52:02,797 --> 00:52:03,517 S1: Mean, that's fine. 1146 00:52:03,557 --> 00:52:05,997 S2: In coding, you have that sidebar, right? And that you 1147 00:52:05,997 --> 00:52:08,077 S2: can stay in that conversation for a long time and 1148 00:52:08,277 --> 00:52:11,077 S2: not realize that you're you're hitting the point of where 1149 00:52:11,117 --> 00:52:14,197 S2: needle in the haystack is not you're not getting good value. 1150 00:52:14,197 --> 00:52:14,957 S2: And you need to. 1151 00:52:14,997 --> 00:52:17,317 S1: And they're also like $15 queries. 1152 00:52:17,357 --> 00:52:18,917 S2: Yeah, exactly. Yeah. 1153 00:52:19,277 --> 00:52:22,557 S1: $15, $24. Okay. Wait a minute. So if I do 1154 00:52:22,597 --> 00:52:24,077 S1: four of these, that's 100 bucks. 1155 00:52:24,117 --> 00:52:25,917 S2: Yeah. Yeah. I mean, I was talking about it with 1156 00:52:25,917 --> 00:52:29,357 S2: some friends, uh, in discord, and it's like or in, 1157 00:52:29,557 --> 00:52:30,797 S2: in a signal chat, and I'm like, how much are 1158 00:52:30,797 --> 00:52:33,277 S2: you guys spending on your AI subscriptions a month? Because 1159 00:52:33,277 --> 00:52:36,517 S2: mine is approaching a car payment, and it's totally. I 1160 00:52:36,517 --> 00:52:38,557 S2: know it's worth it, but it's still kind of painful 1161 00:52:38,557 --> 00:52:40,677 S2: to add another car payment, you know? So, uh, I mean, 1162 00:52:40,677 --> 00:52:44,357 S2: I'm using everything. I'm using Gemini, I'm using OpenAI's ecosystem, 1163 00:52:44,357 --> 00:52:47,797 S2: I'm using Claude's ecosystem. I still have perplexity. I'm a 1164 00:52:47,797 --> 00:52:51,917 S2: really hype user of Manus right now. Um, I love 1165 00:52:51,957 --> 00:52:55,397 S2: Lambda Chat's implementation of deep seq because they host it 1166 00:52:55,397 --> 00:52:59,517 S2: on the internet, and I can scrape it with puppeteer. Playwright. Um, so, yeah, 1167 00:52:59,587 --> 00:53:01,507 S2: I'm just hitting everything for everything. 1168 00:53:01,547 --> 00:53:04,187 S1: Yeah, yeah, I'm doing a lot of na to n, uh, 1169 00:53:04,187 --> 00:53:09,347 S1: for back end and, uh, bedrock, um, still use fabric 1170 00:53:09,387 --> 00:53:11,267 S1: like most of the models. Um. 1171 00:53:11,267 --> 00:53:14,067 S2: Oh, yeah. When I'm on the command line using fabrics. Yeah, yeah. 1172 00:53:14,107 --> 00:53:18,427 S1: Favorite models. Uh, right now, uh, uh, for me, it's, um, 1173 00:53:18,467 --> 00:53:21,467 S1: two five, two five pro for a Gemini. 1174 00:53:21,587 --> 00:53:22,627 S2: Oh, yeah. Gemini is on. 1175 00:53:22,747 --> 00:53:24,147 S1: And then, um, O3. 1176 00:53:24,307 --> 00:53:24,707 S2: Okay. 1177 00:53:24,747 --> 00:53:25,387 S1: With memory. 1178 00:53:25,427 --> 00:53:29,067 S2: With memory. Okay. So I use O3 with memory for 1179 00:53:29,187 --> 00:53:31,387 S2: writing tasks. I think that's really good at writing and 1180 00:53:31,387 --> 00:53:35,027 S2: researching tasks. Um, I actually am one of the believers 1181 00:53:35,027 --> 00:53:37,227 S2: that the biggest deep sea model. It's one of the 1182 00:53:37,227 --> 00:53:40,227 S2: best models that I've ever seen for research tasks, even 1183 00:53:40,227 --> 00:53:42,867 S2: though it doesn't have search enabled. Um, I use it, 1184 00:53:42,867 --> 00:53:46,347 S2: it's exposed for free through Lambda Chat. Um, so you 1185 00:53:46,347 --> 00:53:48,227 S2: can go and so like you have to think about 1186 00:53:48,227 --> 00:53:52,587 S2: there are different releases of R1, deep R1, and most 1187 00:53:52,587 --> 00:53:56,347 S2: of us played with the middle implementations. Uh like the. 1188 00:53:56,627 --> 00:53:56,907 S1: Yeah. 1189 00:53:56,947 --> 00:53:57,427 S2: Yeah. Like the. 1190 00:53:57,587 --> 00:53:57,907 S1: Not the. 1191 00:53:57,937 --> 00:54:01,377 S2: Full, not the full. Six one. 7 billion parameter one. Right. 1192 00:54:01,417 --> 00:54:05,017 S2: They have that hosted on their on their architecture for free. Yeah. 1193 00:54:05,057 --> 00:54:08,497 S2: And it is fantastic to use um, and uh, I 1194 00:54:08,537 --> 00:54:10,697 S2: find that model to be really, really good. 1195 00:54:10,817 --> 00:54:12,217 S1: Let me check real quick. Yeah. 1196 00:54:12,217 --> 00:54:14,297 S2: Let's see what grok is running. I don't think they're 1197 00:54:14,297 --> 00:54:21,777 S2: even running 617. I think he just pulled down right 1198 00:54:21,777 --> 00:54:24,017 S2: there on the compound base mini where it says right there. 1199 00:54:25,017 --> 00:54:25,377 S1: Yeah. 1200 00:54:25,617 --> 00:54:25,937 S2: Oh. 1201 00:54:28,817 --> 00:54:29,417 S1: Oh, here we go. 1202 00:54:29,457 --> 00:54:34,177 S2: Yeah, yeah. See, so they're doing deep seek 77 DB. 1203 00:54:34,337 --> 00:54:35,297 S1: No comparison. 1204 00:54:35,337 --> 00:54:35,536 S2: Yeah. 1205 00:54:35,577 --> 00:54:35,897 S1: No. 1206 00:54:36,057 --> 00:54:41,377 S2: Yeah 601 billion parameters. So um yeah. So I use 1207 00:54:41,377 --> 00:54:43,577 S2: that model. It it's really good research model but it 1208 00:54:43,577 --> 00:54:46,977 S2: doesn't have search enabled. Right. So that's, it's, it's uh 1209 00:54:47,017 --> 00:54:52,497 S2: missing and then so Gemini uh, deep 6617 and then 1210 00:54:52,497 --> 00:54:56,887 S2: I really get a lot out of, um, uh, when 1211 00:54:56,887 --> 00:55:01,087 S2: I code, you know, 3.7 on Claude is really good. Um, 1212 00:55:01,087 --> 00:55:03,407 S2: although it started to go kind of haywire recently, I. 1213 00:55:03,687 --> 00:55:07,207 S1: I switched off. I, I went from 3.5 to 3.7, 1214 00:55:07,207 --> 00:55:10,567 S1: and I liked it a lot, but 2.5 from Gemini 1215 00:55:10,567 --> 00:55:11,447 S1: came right after that. 1216 00:55:11,487 --> 00:55:11,767 S2: It did. 1217 00:55:11,767 --> 00:55:14,047 S1: Yeah. And I was just like, damn, that's really good. 1218 00:55:14,087 --> 00:55:17,407 S1: And then then oh three roughly same time. Yeah. Yeah. 1219 00:55:17,407 --> 00:55:19,767 S1: So I've kind of been messing mostly with those. 1220 00:55:19,807 --> 00:55:23,527 S2: That's the problem is like I want to consolidate subscriptions. 1221 00:55:23,767 --> 00:55:25,407 S2: Like I want to just say, oh, I'm just going 1222 00:55:25,447 --> 00:55:28,047 S2: to stick with this, but I can't, because if you're 1223 00:55:28,047 --> 00:55:30,607 S2: at the cutting edge of using this stuff every day, 1224 00:55:30,607 --> 00:55:33,247 S2: it's like you want the best model for the best 1225 00:55:33,247 --> 00:55:33,847 S2: thing all the time. 1226 00:55:33,887 --> 00:55:36,367 S1: And there's like two releases per week. So you're just like, 1227 00:55:36,407 --> 00:55:36,767 S1: it's not. 1228 00:55:37,087 --> 00:55:39,487 S2: Yeah, yeah, yeah. And so yeah, you end up spending 1229 00:55:39,847 --> 00:55:42,447 S2: somewhere in the order of 400 to $600 a month 1230 00:55:42,447 --> 00:55:46,087 S2: for all your subscriptions, you know, not including your I mean, 1231 00:55:46,087 --> 00:55:49,767 S2: that's including everything that's including your, um, your direct chat 1232 00:55:49,767 --> 00:55:53,207 S2: interfaces that you're paying for, like ChatGPT implementations, but also 1233 00:55:53,487 --> 00:55:58,197 S2: your API calls and then also your subscription to Klein 1234 00:55:58,197 --> 00:56:01,957 S2: or not Klein, but windsurf or um, um, what's the 1235 00:56:01,957 --> 00:56:04,237 S2: other one? I use windsurf, sorry. I always forget the 1236 00:56:04,237 --> 00:56:05,917 S2: name of the other one. Sea. 1237 00:56:06,197 --> 00:56:06,717 S1: Klein. 1238 00:56:06,997 --> 00:56:11,757 S2: No. Oh, yeah. Klein. But. Cursor, cursor. There you go. Cursor. Yeah. Um, 1239 00:56:12,037 --> 00:56:14,117 S2: so you have subscription to one of those two, and 1240 00:56:14,117 --> 00:56:16,957 S2: it's like, okay. Yeah. Now I'm paying quite a bit. 1241 00:56:16,997 --> 00:56:22,237 S1: I just realized, uh, a link between coding and the, um, 1242 00:56:22,357 --> 00:56:28,277 S1: AI competition. Mhm. Which model are you using versus which 1243 00:56:28,277 --> 00:56:31,637 S1: scaffolding do you have in the form of giving that 1244 00:56:31,677 --> 00:56:33,117 S1: cursor rules prompt. 1245 00:56:33,277 --> 00:56:33,517 S2: Yeah. 1246 00:56:33,517 --> 00:56:38,117 S1: Yeah. Right. So it's like I strongly believe and I 1247 00:56:38,157 --> 00:56:42,037 S1: Jason talks about this I forget his name is Jason Wong. 1248 00:56:42,357 --> 00:56:43,237 S1: Is that his name I don't. 1249 00:56:43,237 --> 00:56:44,357 S2: Know but he's brilliant I love that guy. 1250 00:56:44,677 --> 00:56:49,157 S1: Yeah. So he makes like really, really practical videos. Yeah. Um, 1251 00:56:49,157 --> 00:56:53,517 S1: so he basically, um, put out some stuff. Cursor rules, 1252 00:56:53,827 --> 00:56:57,027 S1: like a single prompt that can generate that full PRD 1253 00:56:57,067 --> 00:57:00,147 S1: with a checklist. Yeah. And the model actually goes and 1254 00:57:00,147 --> 00:57:01,787 S1: checks things off the list. 1255 00:57:01,827 --> 00:57:04,827 S2: Yeah, I do the same way. So I use Berman's 1256 00:57:04,827 --> 00:57:07,747 S2: or uh, um, the I got is it Berman I 1257 00:57:07,747 --> 00:57:11,187 S2: can't remember. What is his last name. The AI content creator. 1258 00:57:11,227 --> 00:57:14,107 S2: You were on his show. He talked about fabric. Matt. 1259 00:57:14,147 --> 00:57:14,507 S1: Matthew. 1260 00:57:14,787 --> 00:57:17,787 S2: Matthew. Yeah. Okay, so. So, Matt Berman did a or. 1261 00:57:17,787 --> 00:57:20,587 S2: Matthew Berman did a show on this as well? Yep. 1262 00:57:20,627 --> 00:57:22,947 S2: And he had a set of questions that he put 1263 00:57:22,947 --> 00:57:24,747 S2: in the show. But he never like released a GitHub 1264 00:57:24,747 --> 00:57:25,827 S2: or a gist or anything like that. 1265 00:57:26,227 --> 00:57:29,027 S1: That's the thing I love about AI, JSON. He's like boom, 1266 00:57:29,027 --> 00:57:29,507 S1: it's on GitHub. 1267 00:57:29,507 --> 00:57:31,467 S2: Yeah, it's on GitHub. Right. So I went and grabbed 1268 00:57:31,467 --> 00:57:34,827 S2: Matt Berman's and I tweeted, I just tweeted it out 1269 00:57:34,827 --> 00:57:38,147 S2: like I had. I transcribe and then pull up the questions. 1270 00:57:38,267 --> 00:57:41,027 S2: And then now I in that prompt to the AI 1271 00:57:41,067 --> 00:57:43,707 S2: I'm like, here is a, here is the structure of 1272 00:57:43,707 --> 00:57:45,667 S2: a PRD I want to build. I need you to 1273 00:57:45,667 --> 00:57:47,907 S2: ask me relevant questions to fill in the thing. And 1274 00:57:47,907 --> 00:57:50,427 S2: then I have it ask me the questions and then we're, 1275 00:57:50,427 --> 00:57:51,507 S2: you know, we have a chat. 1276 00:57:51,907 --> 00:57:54,217 S1: So it builds a PRD. Based on your interview? 1277 00:57:54,217 --> 00:57:56,057 S2: Based on my interview, it interviews, I tell it to 1278 00:57:56,057 --> 00:57:56,577 S2: interview me. 1279 00:57:56,617 --> 00:57:56,817 S1: Yeah. 1280 00:57:57,057 --> 00:57:59,657 S2: And then once we're done, then it's like, cool. Do 1281 00:57:59,657 --> 00:58:01,377 S2: you want me to stitch all this together into a 1282 00:58:01,377 --> 00:58:03,177 S2: fully functional PRD? I'm like, yes. And then we move 1283 00:58:03,177 --> 00:58:05,497 S2: on to the architecture section, and then those live as 1284 00:58:05,497 --> 00:58:08,537 S2: markdown files in my project. And so when I need 1285 00:58:08,537 --> 00:58:10,697 S2: to start a new chat, because I know the context 1286 00:58:10,697 --> 00:58:14,177 S2: window is filling up for windsurf, I start a new 1287 00:58:14,177 --> 00:58:16,817 S2: chat and I say reanalyze our, you know, our core, 1288 00:58:17,257 --> 00:58:20,537 S2: our core architecture and our PRD so that you understand 1289 00:58:20,537 --> 00:58:22,737 S2: everything about this project and the readme that we built. Yeah, yeah. 1290 00:58:22,737 --> 00:58:25,257 S2: And then it's like it's like I'm starting again with 1291 00:58:25,257 --> 00:58:27,697 S2: great context. And you know, obviously you need to hook 1292 00:58:27,697 --> 00:58:30,177 S2: it up to version control as well. So if anything 1293 00:58:30,177 --> 00:58:33,537 S2: goes haywire gets deleted, you can snapshot back. But um, 1294 00:58:33,577 --> 00:58:36,097 S2: but those are some pro tips for the coding people 1295 00:58:36,097 --> 00:58:36,617 S2: out there. 1296 00:58:36,657 --> 00:58:40,817 S1: Yeah, yeah I've got a a rule where I basically 1297 00:58:40,817 --> 00:58:43,257 S1: say in the cursor rules. If I say this, it 1298 00:58:43,257 --> 00:58:44,537 S1: means go and review. 1299 00:58:44,817 --> 00:58:45,417 S2: Okay, cool. 1300 00:58:45,457 --> 00:58:47,937 S1: So if I feel like it's going wonky. Yeah, it's 1301 00:58:47,937 --> 00:58:50,537 S1: just like a reset. Yeah. Um, I wanted to mention 1302 00:58:50,537 --> 00:58:50,857 S1: one thing. 1303 00:58:50,857 --> 00:58:52,857 S2: You don't say it like, make it so. Like Picard. 1304 00:58:53,137 --> 00:58:57,737 S1: You could do that. Yeah, absolutely. Um, so I wanted 1305 00:58:57,737 --> 00:59:01,017 S1: to give, uh, a little shout out to, uh, Caleb 1306 00:59:01,057 --> 00:59:05,857 S1: Sima for a post he did before RSA, where he 1307 00:59:05,857 --> 00:59:13,417 S1: was complaining about, um, panels, just like being kind of empty. Yeah. Um, 1308 00:59:13,457 --> 00:59:15,897 S1: and I was just thinking about this. The whole reason, 1309 00:59:15,897 --> 00:59:18,777 S1: these long form conversations. Because we're just riffing. Yeah. And 1310 00:59:18,777 --> 00:59:21,937 S1: we're just thinking of stuff. But ideally, the stuff we're 1311 00:59:21,937 --> 00:59:25,617 S1: thinking of is stuff that was new to us. Therefore, 1312 00:59:25,617 --> 00:59:28,177 S1: it's going to be new to them. Yeah. And what 1313 00:59:28,177 --> 00:59:31,617 S1: happens with so many talks and so many panels? And 1314 00:59:31,617 --> 00:59:33,577 S1: I think this is like a meta conversation that we 1315 00:59:33,577 --> 00:59:36,857 S1: just really need to solve. Um, obviously for us as 1316 00:59:36,857 --> 00:59:39,417 S1: content creators, which I think we do a good job. Yeah. 1317 00:59:39,417 --> 00:59:41,657 S1: But I would say the industry needs to solve this 1318 00:59:41,857 --> 00:59:44,537 S1: is don't just come on and be like, you know, 1319 00:59:44,657 --> 00:59:51,807 S1: here's the thing, Jason. Like, the landscape is changing. You know. Yeah. 1320 00:59:51,847 --> 00:59:54,767 S1: You know, AI is changing everything. It's changing the game. Yeah. 1321 00:59:54,767 --> 00:59:57,127 S1: And you're like, yeah, it's just changing the game. We're like, 1322 00:59:57,127 --> 00:59:58,727 S1: all right, that's all the time we got. Yeah. 1323 00:59:58,767 --> 00:59:59,887 S2: Everybody let's go to lunch. 1324 00:59:59,927 --> 01:00:04,287 S1: Yeah. So it's like two people reflecting backwards or maybe 1325 01:00:04,287 --> 01:00:07,047 S1: a panel of four. Yeah. And they're just reflecting back 1326 01:00:07,047 --> 01:00:09,407 S1: these things that we've heard for the last few months 1327 01:00:09,407 --> 01:00:14,527 S1: or a couple of years. Yeah. It's like, um, was 1328 01:00:14,527 --> 01:00:17,327 S1: it Matt or somebody we know was like, if I 1329 01:00:17,367 --> 01:00:21,487 S1: hear one more person say, um, the attacker only has 1330 01:00:21,487 --> 01:00:24,247 S1: to be right once, and the defender has to be 1331 01:00:24,247 --> 01:00:26,527 S1: right all the time. It's like we learned this ten 1332 01:00:26,527 --> 01:00:28,607 S1: years ago. Yeah. So the first time we heard it, 1333 01:00:28,647 --> 01:00:29,647 S1: it was hella smart. Yeah. 1334 01:00:29,927 --> 01:00:30,447 S2: Yeah. It was great. 1335 01:00:30,447 --> 01:00:33,127 S1: Yeah. And now it's just like so many panels, so 1336 01:00:33,127 --> 01:00:35,487 S1: many conferences, so many talks are just that. 1337 01:00:35,527 --> 01:00:39,607 S2: Yeah, yeah. It's, uh, it's that it's that there's no 1338 01:00:39,607 --> 01:00:43,207 S2: contention anymore on panels like. Yeah. I mean, even the 1339 01:00:43,207 --> 01:00:45,327 S2: ones at OpenAI, when we went to that, there was 1340 01:00:45,367 --> 01:00:47,247 S2: like towards the end, it was a lot of like, yeah, 1341 01:00:47,287 --> 01:00:49,517 S2: yeah we agree. And so I think at the end 1342 01:00:49,557 --> 01:00:50,997 S2: I was like trying to spice it up a little bit. 1343 01:00:51,037 --> 01:00:52,757 S2: Like I wasn't the moderator but I asked a question. 1344 01:00:52,797 --> 01:00:54,917 S2: I'm like, who's your most feared competitor? 1345 01:00:54,957 --> 01:00:55,237 S1: That was. 1346 01:00:55,237 --> 01:00:55,597 S2: Like one. 1347 01:00:55,597 --> 01:00:55,797 S1: Of the. 1348 01:00:55,797 --> 01:00:58,677 S2: Best questions. And everybody was like, oh shit. And then like, 1349 01:00:58,717 --> 01:01:00,957 S2: you know, the, you know, like, uh, the guy at 1350 01:01:00,957 --> 01:01:01,437 S2: the end, that. 1351 01:01:01,437 --> 01:01:02,437 S1: Was one of the best questions. 1352 01:01:02,437 --> 01:01:04,877 S2: It's definitely Dan and Trail of Bits and Trail of 1353 01:01:04,917 --> 01:01:07,357 S2: Bits is like, oh, we're really scared of like whoever 1354 01:01:07,717 --> 01:01:09,117 S2: at the end, he's like, he's like, I don't know, 1355 01:01:09,117 --> 01:01:10,717 S2: I'm just doing my best over here. 1356 01:01:10,757 --> 01:01:12,037 S1: Yeah. Trying to survive. Yeah. 1357 01:01:12,077 --> 01:01:14,837 S2: Try and survive. And, uh, yeah, I wish there was 1358 01:01:14,837 --> 01:01:17,037 S2: a little bit more contentious. And you can you can 1359 01:01:17,037 --> 01:01:19,357 S2: talk about that. I've had interview panelists before or the 1360 01:01:19,397 --> 01:01:22,117 S2: people leading whatever moderators or whatever. Yeah, I've had them 1361 01:01:22,157 --> 01:01:24,117 S2: be like, hey, I'm going to ask this question. And 1362 01:01:24,117 --> 01:01:25,877 S2: if you all answer the same fucking thing, I'm gonna 1363 01:01:25,877 --> 01:01:28,317 S2: put you off the panel. And I love that. I'm like, yeah, yeah. 1364 01:01:28,357 --> 01:01:32,437 S1: So another of our mutual friends actually engineers this into 1365 01:01:32,437 --> 01:01:34,117 S1: the thing. Oh, really? Sasha. 1366 01:01:34,157 --> 01:01:35,237 S2: Oh, yeah. He does. Yeah. 1367 01:01:35,277 --> 01:01:37,597 S1: Sasha is like, look, if I'm going to be on this. 1368 01:01:37,597 --> 01:01:39,437 S2: I didn't get to see Sasha for more than ten minutes. 1369 01:01:39,437 --> 01:01:39,717 S2: This whole. 1370 01:01:39,757 --> 01:01:43,237 S1: Me neither. I just yeah, just like he was a blur. 1371 01:01:43,557 --> 01:01:43,917 S2: A blur. 1372 01:01:43,917 --> 01:01:46,557 S1: Yeah, yeah. But, like, he's like, if I sit on 1373 01:01:46,627 --> 01:01:49,867 S1: this panel, I'm going to engineer a thing. I need 1374 01:01:49,867 --> 01:01:51,667 S1: to know what you all believe. Yeah, so I can 1375 01:01:51,667 --> 01:01:54,307 S1: find something I disagree with. Yeah. Otherwise, this is going 1376 01:01:54,307 --> 01:01:55,547 S1: to be the dumbest panel ever. 1377 01:01:55,587 --> 01:01:58,307 S2: And it and it works on me wonderfully because like, 1378 01:01:58,307 --> 01:02:00,747 S2: when people don't agree with me, I just get angry. Yeah. 1379 01:02:01,387 --> 01:02:02,947 S1: No kidding. Like I'm like, I'm like. 1380 01:02:02,987 --> 01:02:03,467 S2: No, you're. 1381 01:02:03,467 --> 01:02:06,387 S1: Wrong. Like, we're good at this. We're good. We're good 1382 01:02:06,387 --> 01:02:07,707 S1: at having a good, you know? 1383 01:02:07,707 --> 01:02:08,627 S2: Yeah, yeah. No, I. 1384 01:02:08,627 --> 01:02:09,387 S1: Was having a go. 1385 01:02:09,587 --> 01:02:12,347 S2: I was, uh, I mean, while doing RSA, I was 1386 01:02:12,347 --> 01:02:15,267 S2: tweeting a little bit, um, on on Twitter. And I 1387 01:02:15,307 --> 01:02:18,507 S2: happen to have, uh, a friend who was rooming with 1388 01:02:18,507 --> 01:02:21,827 S2: me who was doing security research. So he's he found 1389 01:02:21,827 --> 01:02:24,347 S2: a zero day, basically reported it to the vendor, but 1390 01:02:24,347 --> 01:02:28,707 S2: a whole bunch of individual companies that implemented the software. And, um, 1391 01:02:28,707 --> 01:02:31,067 S2: they have not yet fixed the bug. So he goes 1392 01:02:31,067 --> 01:02:33,027 S2: out to all these bug bounty programs and submits it, 1393 01:02:33,027 --> 01:02:36,307 S2: and also a whole bunch of vulnerability disclosure programs. 1394 01:02:36,347 --> 01:02:36,747 S1: Mhm. 1395 01:02:37,227 --> 01:02:40,707 S2: And um, and he submits it to the vulnerability disclosure programs. 1396 01:02:40,707 --> 01:02:42,547 S2: And he comes back to me because, you know, I'm 1397 01:02:42,547 --> 01:02:44,867 S2: a former bug bounty guy. Right. And he's like he's like, yo, 1398 01:02:44,907 --> 01:02:47,337 S2: is it like, you know, like normal? Like the crits 1399 01:02:47,337 --> 01:02:49,617 S2: that I got for people who have bounties? I got 1400 01:02:49,617 --> 01:02:52,177 S2: 50 points on the platform for hacker one, but I 1401 01:02:52,177 --> 01:02:55,777 S2: only get seven for responsibly disclosing it without getting paid. 1402 01:02:55,897 --> 01:02:57,817 S2: He's like, that's weird. So I go and tweet about it. 1403 01:02:57,817 --> 01:03:01,177 S2: And admittedly, I didn't tweet right. I don't think like 1404 01:03:01,177 --> 01:03:03,097 S2: I definitely went out and kind of sensationalized it a 1405 01:03:03,097 --> 01:03:05,137 S2: little bit. I'm like, this sucks. Like, give the guy 1406 01:03:05,177 --> 01:03:07,857 S2: more than seven points, right? But the bug bounty community 1407 01:03:07,857 --> 01:03:10,257 S2: of which are a lot of my homies, like, basically 1408 01:03:10,257 --> 01:03:12,657 S2: jumped on me and and it like got in my 1409 01:03:12,657 --> 01:03:14,337 S2: head a little bit. But then I managed to like 1410 01:03:14,377 --> 01:03:16,377 S2: push it down a little bit, but like, you know, 1411 01:03:16,417 --> 01:03:18,137 S2: the bug bounty. This is a huge thing this week. 1412 01:03:18,137 --> 01:03:20,857 S2: Huge discussion is just like, you know, VDP is evil, 1413 01:03:20,897 --> 01:03:26,017 S2: VDP is labor exploitation, VDP is everything wrong with bug bounty? Jason, 1414 01:03:26,017 --> 01:03:29,417 S2: you're the worst person in the world for um, for 1415 01:03:29,457 --> 01:03:32,217 S2: promoting that. Anyone ever even think about VDP. And so 1416 01:03:32,217 --> 01:03:34,457 S2: then I came out with this post, uh, you know, 1417 01:03:34,497 --> 01:03:35,937 S2: a guy was trying to debate this with me, and 1418 01:03:35,937 --> 01:03:37,897 S2: he's he's a smart dude, smart bug hunter. I have 1419 01:03:37,897 --> 01:03:41,377 S2: respect for him. But he, like, said one sentence and 1420 01:03:41,377 --> 01:03:42,977 S2: it was it felt a little aggressive to me. And 1421 01:03:42,977 --> 01:03:44,287 S2: I was just in that mood and I was like, 1422 01:03:44,327 --> 01:03:47,607 S2: fuck it. Block like. And I just block this dude. And, um. 1423 01:03:47,647 --> 01:03:50,007 S2: And then he, like, went off the deep end and started, like, 1424 01:03:50,047 --> 01:03:52,007 S2: posting more and more and like, you know, I can't 1425 01:03:52,007 --> 01:03:54,167 S2: believe Jason did it. Turned out he had been to 1426 01:03:54,207 --> 01:03:57,007 S2: my class, to which I felt bad about. Oh, um, 1427 01:03:57,207 --> 01:03:59,127 S2: and so I unblocked and tried to have a conversation. 1428 01:03:59,127 --> 01:04:02,287 S2: But just like there's so much vitriol on this topic 1429 01:04:02,487 --> 01:04:05,167 S2: of labor exploitation. So I went out and I said, hey, 1430 01:04:05,487 --> 01:04:08,127 S2: I believe in VDP. Actually, I believe there are plenty 1431 01:04:08,127 --> 01:04:12,207 S2: of companies who on ramp with a VDP and then 1432 01:04:12,207 --> 01:04:14,567 S2: start paying for bugs. I have seen them. I have 1433 01:04:14,567 --> 01:04:17,367 S2: worked at Bugcrowd. This is not a fictional thing, right? Uh, 1434 01:04:17,367 --> 01:04:19,287 S2: some companies are too big that if they were just 1435 01:04:19,287 --> 01:04:21,727 S2: to open up. I mean, Ubisoft was one of these companies, right? 1436 01:04:21,767 --> 01:04:23,327 S2: If you would have opened up a bug bounty for 1437 01:04:23,327 --> 01:04:27,607 S2: everything on Ubisoft, all scope, all all classifications of bugs, 1438 01:04:27,767 --> 01:04:30,087 S2: they would have went bankrupt, right? Yeah. And so they 1439 01:04:30,087 --> 01:04:32,487 S2: had to start with the VDP to burn down a 1440 01:04:32,487 --> 01:04:35,447 S2: little bit of the stuff, incentivize people to come on 1441 01:04:35,447 --> 01:04:37,687 S2: and then eventually move into a paid program. Yeah. And 1442 01:04:37,687 --> 01:04:40,367 S2: then they ended up shutting down the program. Um, but 1443 01:04:40,607 --> 01:04:42,917 S2: a lot of companies work like that, and no one's 1444 01:04:42,917 --> 01:04:45,077 S2: forcing you to work on a PDP, right? Like, I wasn't, 1445 01:04:45,077 --> 01:04:45,437 S2: I wasn't. 1446 01:04:45,837 --> 01:04:48,037 S1: Can you for everyone just give an overview of the 1447 01:04:48,037 --> 01:04:48,957 S1: difference between the two? 1448 01:04:48,997 --> 01:04:51,997 S2: Yes. Okay. So a bug bounty program is a program 1449 01:04:51,997 --> 01:04:54,077 S2: where you pay for bugs, right? Like a researcher on 1450 01:04:54,077 --> 01:04:55,837 S2: the internet comes out and says, I found a web 1451 01:04:55,837 --> 01:04:59,717 S2: application vulnerability with your software and you've said, yes, I'm, 1452 01:04:59,717 --> 01:05:02,237 S2: I'm paying for these usually on a platform like Bugcrowd 1453 01:05:02,237 --> 01:05:05,077 S2: or Hackerone or integrity. And they come in the platform, 1454 01:05:05,077 --> 01:05:07,557 S2: they submit bug, you pay them, right. VDP is called 1455 01:05:07,557 --> 01:05:11,077 S2: a vulnerability disclosure program, where you as a company don't 1456 01:05:11,077 --> 01:05:13,597 S2: have like an email box or anything like that to 1457 01:05:13,637 --> 01:05:17,357 S2: take in vulnerabilities. And so usually the platform handles it 1458 01:05:17,357 --> 01:05:20,277 S2: for you and you show up on their platform as 1459 01:05:20,277 --> 01:05:22,957 S2: a card that says, hey, we do not pay for anything, 1460 01:05:22,957 --> 01:05:26,477 S2: but if you find something, report it to this program. Right. Yeah. Um, 1461 01:05:26,517 --> 01:05:29,997 S2: and we will, uh, give you props, you know, we will. 1462 01:05:30,317 --> 01:05:32,237 S1: Find some kind of reward, but we don't have a 1463 01:05:32,237 --> 01:05:32,797 S1: mountain of cash. 1464 01:05:32,797 --> 01:05:34,357 S2: Yeah, we don't have a mountain of cash. Right? And 1465 01:05:34,357 --> 01:05:37,677 S2: it's just. It feels like bug hunters are, you know? 1466 01:05:38,357 --> 01:05:40,277 S2: You know, this guy was trying to cite, like, he's like, 1467 01:05:40,277 --> 01:05:43,547 S2: no more free bugs thing. And like, you know, like, listen, man, 1468 01:05:43,547 --> 01:05:45,507 S2: I was there when that happened. I mean, I mean, 1469 01:05:45,747 --> 01:05:47,347 S2: I don't know if this guy was even born then, 1470 01:05:47,347 --> 01:05:49,627 S2: but he's citing this. But I was there when no 1471 01:05:49,627 --> 01:05:51,627 S2: more free bugs was happening. And I don't think that 1472 01:05:51,627 --> 01:05:54,507 S2: was the core message completely. I think it was I 1473 01:05:54,507 --> 01:05:55,987 S2: think it was that like, you know, there should be 1474 01:05:55,987 --> 01:05:59,507 S2: fairness in disclosure, there should be fairness in credit of vulnerabilities. 1475 01:05:59,507 --> 01:06:02,387 S2: There shouldn't be people suing each other when vulnerability research 1476 01:06:02,427 --> 01:06:05,867 S2: is discussed. Um, and so I wrote this big long 1477 01:06:05,907 --> 01:06:08,787 S2: thing and I just got railed this week like by the, 1478 01:06:08,827 --> 01:06:10,827 S2: by my own community. And I felt I felt really 1479 01:06:10,827 --> 01:06:12,027 S2: attacked and I was like, fuck it, I'm not going 1480 01:06:12,027 --> 01:06:13,867 S2: to do bug bounty stuff anymore. Like I'm hosting the 1481 01:06:13,867 --> 01:06:16,147 S2: Hong Kong and it's like, it's like you guys are 1482 01:06:16,147 --> 01:06:18,267 S2: some angry people. Like, if you don't want to work 1483 01:06:18,267 --> 01:06:21,027 S2: on Vdps don't work on Vdps, right. But like the 1484 01:06:21,027 --> 01:06:23,787 S2: other thing I didn't say in that thread was that, um, 1485 01:06:24,067 --> 01:06:26,507 S2: was that a lot of people I mentor, they don't 1486 01:06:26,507 --> 01:06:28,347 S2: have their foot in the door yet. They haven't had 1487 01:06:28,347 --> 01:06:31,187 S2: a job yet. Right. And so when they go to interview, 1488 01:06:31,347 --> 01:06:33,867 S2: if they have bug bounty experience, that's awesome. But usually 1489 01:06:33,867 --> 01:06:36,187 S2: when you're starting to find a bug on a bug, 1490 01:06:36,187 --> 01:06:38,627 S2: bounty is much harder than to find a real bug 1491 01:06:38,627 --> 01:06:41,257 S2: on a PDP, right? Because there's so much more scope. 1492 01:06:41,497 --> 01:06:43,977 S2: Not everybody is testing on the vdps there. See something? 1493 01:06:44,017 --> 01:06:45,857 S2: Say something. Right? So if you find something on a 1494 01:06:45,857 --> 01:06:49,017 S2: VDP and you're doing stuff like Portswigger Labs and Hack 1495 01:06:49,057 --> 01:06:51,497 S2: the box and all that stuff, it's like that shows 1496 01:06:51,497 --> 01:06:53,497 S2: me as an employer, well, they've got the skills, right. 1497 01:06:53,537 --> 01:06:55,737 S2: They have the skills. They just need a chance. Right? 1498 01:06:55,937 --> 01:06:57,417 S1: And it's receipts. 1499 01:06:57,457 --> 01:06:57,857 S2: It's like. 1500 01:06:57,897 --> 01:06:58,057 S1: It's. 1501 01:06:58,057 --> 01:07:00,857 S2: Receipts. Yeah. And, you know, I didn't even want to 1502 01:07:00,857 --> 01:07:02,697 S2: go into that part of the argument on Twitter because 1503 01:07:02,977 --> 01:07:05,697 S2: I'll get flamed more. But, um, yeah, I mean, it 1504 01:07:05,697 --> 01:07:08,617 S2: goes to show that like, uh, you know, like I 1505 01:07:08,657 --> 01:07:10,897 S2: drew that corollary from the panel thing you were talking about, right? 1506 01:07:10,937 --> 01:07:14,177 S2: It's like it's like, uh, you can't just agree with everyone. 1507 01:07:14,177 --> 01:07:16,177 S2: You have to have a point of view. Yeah. We're 1508 01:07:16,177 --> 01:07:17,897 S2: talking about this in content creation, right? 1509 01:07:17,937 --> 01:07:18,777 S1: Like, totally. 1510 01:07:18,817 --> 01:07:20,817 S2: So so here's this idea. And this is also off 1511 01:07:20,817 --> 01:07:23,617 S2: the beaten path. But, uh, for the listeners. But Dan 1512 01:07:23,617 --> 01:07:25,977 S2: and I are content creators, right? And, and we are 1513 01:07:25,977 --> 01:07:29,097 S2: lucky enough to have, you know, 25, 30 years in 1514 01:07:29,097 --> 01:07:32,377 S2: the industry, almost like, um, and so, you know, 20 1515 01:07:32,377 --> 01:07:34,097 S2: years for me. Um, and so. 1516 01:07:34,537 --> 01:07:38,127 S1: Can I stop you even before. Yeah. So I have 1517 01:07:38,127 --> 01:07:39,687 S1: like a pre point for this. 1518 01:07:39,727 --> 01:07:40,167 S2: Okay. Go ahead. 1519 01:07:40,367 --> 01:07:43,367 S1: Yeah. So well make sure you keep this thread because 1520 01:07:43,367 --> 01:07:45,727 S1: this is an amazing thread. So I want I want 1521 01:07:45,767 --> 01:07:48,327 S1: to make a quick point I can't believe this is 1522 01:07:48,327 --> 01:07:50,927 S1: going in this direction. But so a lot of young 1523 01:07:50,927 --> 01:07:52,687 S1: people come to us and they're like how do I 1524 01:07:52,727 --> 01:07:55,407 S1: become a YouTuber? Yeah. How do I become a content 1525 01:07:55,407 --> 01:07:58,567 S1: creator on Twitter or whatever? The first thing I tell them, 1526 01:07:58,567 --> 01:08:02,327 S1: which is exactly your point, learn something so that you 1527 01:08:02,327 --> 01:08:07,087 S1: have an opinion about it. Yeah. Because I don't I 1528 01:08:07,487 --> 01:08:10,087 S1: do create content and you create content. But I wouldn't 1529 01:08:10,087 --> 01:08:12,567 S1: say that fundamentally, that's what we are. There are a 1530 01:08:12,567 --> 01:08:16,047 S1: lot of people who are content creators, and I feel 1531 01:08:16,046 --> 01:08:19,326 S1: like that is their actual job. So they are looking 1532 01:08:19,327 --> 01:08:24,006 S1: for content whereas we are building and doing things. Mhm. 1533 01:08:24,407 --> 01:08:26,847 S1: You got a training company, you got a consulting company. 1534 01:08:26,887 --> 01:08:29,727 S1: You're doing that. The content falls out of it. 1535 01:08:29,727 --> 01:08:30,406 S2: Yes. Correct. 1536 01:08:30,447 --> 01:08:32,527 S1: Yeah. Right. And I feel like that is so key 1537 01:08:32,567 --> 01:08:35,927 S1: especially for young people. You have to like get good 1538 01:08:35,927 --> 01:08:36,607 S1: at something. 1539 01:08:36,647 --> 01:08:38,847 S2: Yeah, well, it's not even. It's not that you have 1540 01:08:38,847 --> 01:08:40,407 S2: to get good at something. It's that you have to 1541 01:08:40,447 --> 01:08:41,287 S2: do something. 1542 01:08:41,847 --> 01:08:46,647 S1: Have an opinion, have a path. Try something. Yeah. And 1543 01:08:46,647 --> 01:08:48,327 S1: the content emerges from that. 1544 01:08:48,367 --> 01:08:51,207 S2: Yeah. I mean, one thing. Uh, so, Clint, you know, 1545 01:08:51,247 --> 01:08:53,927 S2: our friend at Semgroup, he did an interview with me 1546 01:08:53,927 --> 01:08:56,527 S2: later this week on the Semgroup blog. That'll come out 1547 01:08:56,527 --> 01:08:58,287 S2: in a week or so, but it was mostly about 1548 01:08:58,287 --> 01:09:01,607 S2: career stuff. And what I was telling him is like, 1549 01:09:01,767 --> 01:09:03,447 S2: it's like when you're new, it's really hard to show 1550 01:09:03,447 --> 01:09:05,487 S2: that portfolio of work, you know, and you can do 1551 01:09:05,487 --> 01:09:07,447 S2: it with Vdps. You can do with Bug Bounty, you 1552 01:09:07,447 --> 01:09:09,647 S2: can do it with CVS. You can do it by 1553 01:09:09,687 --> 01:09:12,367 S2: taking tryhackme and getting certs and stuff like that. But 1554 01:09:12,367 --> 01:09:14,447 S2: some of that stuff is paid work, right? Or it's 1555 01:09:14,447 --> 01:09:16,967 S2: paid like some of that training is paid. And when 1556 01:09:16,967 --> 01:09:18,767 S2: you really have nothing, you're going to have to just 1557 01:09:18,767 --> 01:09:21,847 S2: focus on the free resources. But one of the things 1558 01:09:21,847 --> 01:09:24,047 S2: that you can do with nothing at all is start 1559 01:09:24,047 --> 01:09:27,447 S2: up a blog and talk about your learning experience. And, 1560 01:09:27,687 --> 01:09:30,567 S2: you know, you said, good, I'm going to challenge with you. 1561 01:09:30,567 --> 01:09:33,447 S2: Just have to do something. Yeah, do something and write 1562 01:09:33,447 --> 01:09:35,797 S2: about it and have an opinion and talk about your 1563 01:09:35,797 --> 01:09:37,796 S2: learning experience. And so like when I read a blog about. 1564 01:09:37,837 --> 01:09:38,677 S1: And be vulnerable. 1565 01:09:38,797 --> 01:09:39,397 S2: And be vulnerable. 1566 01:09:39,397 --> 01:09:41,557 S1: Yeah. Like you were saying earlier, talk about the bad, 1567 01:09:41,597 --> 01:09:42,357 S1: talk about the good. 1568 01:09:42,397 --> 01:09:44,397 S2: Yeah, yeah. And you know, so like when I see 1569 01:09:44,397 --> 01:09:47,637 S2: a blog on someone who's writing about their first, first 1570 01:09:47,637 --> 01:09:50,317 S2: usage of using Burp Suite, right? And it's like, yeah, 1571 01:09:50,317 --> 01:09:52,397 S2: I've read that blog 800 times, but I haven't read 1572 01:09:52,397 --> 01:09:52,997 S2: it from you. 1573 01:09:53,037 --> 01:09:53,397 S1: That's right. 1574 01:09:53,437 --> 01:09:56,437 S2: And you're talking about like, your thought process and like, 1575 01:09:56,477 --> 01:09:58,437 S2: you know, learning this tool or you're doing a YouTube 1576 01:09:58,437 --> 01:10:00,797 S2: video on it or something like that, I go look 1577 01:10:00,797 --> 01:10:02,876 S2: at that stuff in the interview pipeline. Right. It's an 1578 01:10:02,877 --> 01:10:05,437 S2: it's an additional thing in your portfolio. And it always 1579 01:10:05,437 --> 01:10:08,277 S2: makes me feel good to watch somebody trying to learn something, 1580 01:10:08,317 --> 01:10:10,477 S2: you know, and, and I feel like. So it's not 1581 01:10:10,477 --> 01:10:11,957 S2: that you have to be good at something. It's just 1582 01:10:11,957 --> 01:10:14,756 S2: you have to do something and and that becomes your content, 1583 01:10:14,757 --> 01:10:15,037 S2: I feel. 1584 01:10:15,077 --> 01:10:17,197 S1: Yeah. And don't worry about overlaps. 1585 01:10:17,237 --> 01:10:17,796 S2: Yeah. Everyone. 1586 01:10:18,197 --> 01:10:21,277 S1: Because Jason and I are so similar. Yeah. If we 1587 01:10:21,277 --> 01:10:23,277 S1: tried to make the same piece of content, we wouldn't. 1588 01:10:23,317 --> 01:10:24,237 S2: And then we get angry at each. 1589 01:10:24,237 --> 01:10:27,597 S1: Other because we have we, we have like the, we 1590 01:10:27,597 --> 01:10:30,876 S1: have very similar. But it's still going to come out different. Yeah. 1591 01:10:30,917 --> 01:10:33,517 S1: In a Jason way. In a Daniel way. Yeah. Yeah. 1592 01:10:33,627 --> 01:10:36,586 S1: And that. So you shouldn't have to worry that someone 1593 01:10:36,587 --> 01:10:38,507 S1: already wrote the burp tutorial. 1594 01:10:38,547 --> 01:10:41,107 S2: Yeah, yeah. Yeah, exactly. So the other one I was 1595 01:10:41,107 --> 01:10:43,587 S2: talking about is, um, I think I was, I was 1596 01:10:43,587 --> 01:10:46,427 S2: trying to explain is that, uh, is that in content 1597 01:10:46,427 --> 01:10:49,627 S2: creation also? I mean, like, I don't know if we 1598 01:10:49,667 --> 01:10:51,467 S2: call ourselves content creators or whatever. 1599 01:10:51,507 --> 01:10:53,667 S1: I mean, we definitely are, but it's not like my 1600 01:10:53,667 --> 01:10:54,627 S1: main identity. 1601 01:10:55,027 --> 01:10:58,267 S2: But I see so many people having like, being content 1602 01:10:58,387 --> 01:11:01,267 S2: creators for the the point of being a content creator 1603 01:11:01,547 --> 01:11:05,347 S2: and struggling to find content because they're not doing work. 1604 01:11:05,427 --> 01:11:08,147 S1: There you go. That's it. That's that's my point. Yeah. 1605 01:11:08,187 --> 01:11:11,506 S2: On top of that, not having an opinion. And I 1606 01:11:11,507 --> 01:11:11,867 S2: think that. 1607 01:11:12,067 --> 01:11:12,787 S1: That's like the worst. 1608 01:11:12,827 --> 01:11:14,467 S2: Yes, I think that that, you know, it goes into 1609 01:11:14,467 --> 01:11:15,987 S2: the panel thing we were talking about. Right. It's like 1610 01:11:16,027 --> 01:11:18,547 S2: you need in this industry, if you're going to be 1611 01:11:18,547 --> 01:11:22,707 S2: doing content in opinion of some sort, you need a voice. Um, 1612 01:11:23,107 --> 01:11:25,227 S2: and it doesn't have to agree with everyone. You could 1613 01:11:25,227 --> 01:11:27,267 S2: be the antithesis. Like if you want to be the 1614 01:11:27,307 --> 01:11:29,947 S2: anti Jay Haddock's guy and say that like, vdps are, 1615 01:11:29,987 --> 01:11:31,947 S2: you know, exploitative work and like, you know. 1616 01:11:32,097 --> 01:11:32,977 S1: At least you're saying something. 1617 01:11:33,017 --> 01:11:34,777 S2: At least you're saying something like, I respect that guy. 1618 01:11:34,817 --> 01:11:37,336 S2: You know, like, right. Like he has an opinion. Hurts 1619 01:11:37,337 --> 01:11:39,217 S2: my feelings a little bit, but he has an opinion, 1620 01:11:39,257 --> 01:11:39,937 S2: you know, and it's like. 1621 01:11:39,977 --> 01:11:42,296 S1: Especially, especially given what you've done for bounty. 1622 01:11:42,337 --> 01:11:45,577 S2: Yeah yeah yeah yeah, yeah. Um, but but yeah, having 1623 01:11:45,617 --> 01:11:48,777 S2: having an opinion is is almost more important than content 1624 01:11:48,777 --> 01:11:51,456 S2: these days, I think. I think content comes from your opinion. 1625 01:11:51,497 --> 01:11:55,297 S1: So 100% correct. Another way that gets described is taste. 1626 01:11:55,337 --> 01:11:55,897 S2: Yeah. 1627 01:11:55,977 --> 01:11:58,497 S1: Yeah. So so imagine this I talk about this a lot, 1628 01:11:58,537 --> 01:12:02,217 S1: but it's like a few years from now or maybe months. 1629 01:12:02,217 --> 01:12:04,857 S1: Who knows how fast this stuff is moving. But, um, 1630 01:12:04,857 --> 01:12:07,697 S1: you just like you do with, uh, narration of code, 1631 01:12:07,697 --> 01:12:10,817 S1: you're talking to cursor. And on all these screens, it's 1632 01:12:10,817 --> 01:12:14,057 S1: popping up. You mean like this? You mean like this? 1633 01:12:14,417 --> 01:12:17,777 S1: Or you're having it make you an anime series? Yeah. Or, 1634 01:12:17,977 --> 01:12:20,017 S1: you know, a book or whatever. Do you mean like this? 1635 01:12:20,057 --> 01:12:22,256 S1: And you're just swiping through? No, not like that. Not 1636 01:12:22,257 --> 01:12:23,777 S1: like that. That's the one I like. 1637 01:12:23,777 --> 01:12:24,457 S2: Yeah, that's the one I like. 1638 01:12:24,497 --> 01:12:29,857 S1: Yeah. And that taste. Oh, this reminds me of Rick Rubin, actually. Um, 1639 01:12:29,857 --> 01:12:33,287 S1: so he produced Slayer, a whole bunch of rap albums. 1640 01:12:33,287 --> 01:12:36,447 S1: He's like the most famous producer ever. Okay. Doesn't play 1641 01:12:36,447 --> 01:12:41,047 S1: an instrument. Really can't read music. Plays no instruments. 1642 01:12:41,087 --> 01:12:41,487 S2: Wow. 1643 01:12:41,967 --> 01:12:44,687 S1: And they say, how do you get hired to do this? 1644 01:12:44,687 --> 01:12:46,647 S1: He's like, I know exactly what I like. 1645 01:12:47,527 --> 01:12:48,447 S2: That's amazing. Right? 1646 01:12:48,487 --> 01:12:51,247 S1: Yeah. So to your point, like opinion taste. 1647 01:12:51,287 --> 01:12:53,087 S2: Yeah. I mean, that was we were talking in the 1648 01:12:53,087 --> 01:12:56,887 S2: car about the branding for Arcanum for my thing. And 1649 01:12:57,167 --> 01:13:00,047 S2: one of the most freeing things for me, being the 1650 01:13:00,047 --> 01:13:04,487 S2: CEO of this company now is I have complete control 1651 01:13:04,767 --> 01:13:08,807 S2: over branding, marketing message what we do and do not 1652 01:13:08,807 --> 01:13:12,247 S2: do to enable those things. Right? Like our strategy. I'll 1653 01:13:12,247 --> 01:13:14,567 S2: give you an example. It's a freebie for any company 1654 01:13:14,567 --> 01:13:18,607 S2: out there. Um, but, uh, where all of your marketing 1655 01:13:18,647 --> 01:13:21,727 S2: teams are telling you, like, you should be, you know, chasing, 1656 01:13:22,007 --> 01:13:24,287 S2: you know, inbound leads, and you're going to use BDR 1657 01:13:24,327 --> 01:13:27,927 S2: based marketing and stuff like that. That's that's all dead like, uh, 1658 01:13:27,967 --> 01:13:32,357 S2: if you if you want to be a infosec company 1659 01:13:32,357 --> 01:13:37,477 S2: in 2025, it is influencer marketing and it is especially 1660 01:13:37,517 --> 01:13:40,756 S2: SME based marketing. And this is a lost art. Training 1661 01:13:40,757 --> 01:13:42,837 S2: someone at your company like when your sales engineers or 1662 01:13:42,877 --> 01:13:44,876 S2: maybe you're small enough, it has to be your CTO 1663 01:13:44,877 --> 01:13:47,757 S2: or CEO. But then going to conferences and this is 1664 01:13:47,757 --> 01:13:50,637 S2: what I do, and speaking on topics, not selling anything, 1665 01:13:50,877 --> 01:13:54,437 S2: contributing to the community of security. We get so many 1666 01:13:54,437 --> 01:13:56,477 S2: warm leads from this dude. My talks like I get 1667 01:13:56,477 --> 01:13:58,317 S2: 5 or 6 people right after my talks are like, 1668 01:13:58,317 --> 01:14:00,317 S2: let's work together, give me your card. Like you know. 1669 01:14:00,637 --> 01:14:02,197 S1: And you're not even you're not even saying. 1670 01:14:02,197 --> 01:14:02,836 S2: Not saying anything. 1671 01:14:02,877 --> 01:14:03,517 S1: Julia is. 1672 01:14:03,557 --> 01:14:06,117 S2: Yeah. Julia is. Yeah. Julia. My wife is like, hey, 1673 01:14:06,117 --> 01:14:08,756 S2: we sell things, you know? But but that's that's our 1674 01:14:08,757 --> 01:14:10,836 S2: vibe is we go to conferences. I mean, I'm traveling 1675 01:14:10,877 --> 01:14:12,717 S2: to one a month and it's a lot of travel 1676 01:14:12,717 --> 01:14:15,357 S2: and it's hard, but marketing people have been pushing this 1677 01:14:15,357 --> 01:14:17,237 S2: away like, oh, well, we have to, like, train the 1678 01:14:17,237 --> 01:14:21,397 S2: expert and set up the event, and then we have to, um, 1679 01:14:21,517 --> 01:14:23,197 S2: and then we have to buy a hotel room and 1680 01:14:23,197 --> 01:14:25,277 S2: flights and that's all really expensive. We'd rather spend that 1681 01:14:25,277 --> 01:14:27,357 S2: on like bdrs cold calling people. I'm like, that is 1682 01:14:27,357 --> 01:14:29,267 S2: the opposite way of how this industry works. 1683 01:14:29,307 --> 01:14:31,707 S1: You figured this out really early and you locked on 1684 01:14:31,707 --> 01:14:32,546 S1: and it's working. 1685 01:14:32,587 --> 01:14:35,227 S2: Yeah, I figured this out early and and again, like 1686 01:14:35,227 --> 01:14:37,347 S2: the creative control to for our brand, it looks like 1687 01:14:37,347 --> 01:14:39,546 S2: a metal brand, right. Like our canon font. Looks like 1688 01:14:39,587 --> 01:14:41,427 S2: Metallica font. And the. 1689 01:14:41,427 --> 01:14:41,987 S1: Purple. 1690 01:14:42,027 --> 01:14:45,227 S2: The purple and the Spectre logo and all this stuff 1691 01:14:45,227 --> 01:14:48,387 S2: was like, before I used to have to go in 1692 01:14:48,387 --> 01:14:51,347 S2: front of a, you know, like a panel of people, 1693 01:14:51,347 --> 01:14:54,427 S2: the CEO, the CTO, the, you know, the marketer, the brander, 1694 01:14:54,467 --> 01:14:56,107 S2: and be like, here's my idea for this cool thing. 1695 01:14:56,107 --> 01:14:59,067 S2: I know it'll crush all of our competition. And they'd 1696 01:14:59,067 --> 01:15:01,027 S2: be like, ah, I don't know. I don't like that. 1697 01:15:01,027 --> 01:15:03,546 S2: And I'm like, I know the security industry like, this 1698 01:15:03,547 --> 01:15:06,067 S2: is what they want. Like they want cool shit. Like, 1699 01:15:06,107 --> 01:15:08,307 S2: you know, another example is like when we put our 1700 01:15:08,987 --> 01:15:11,427 S2: our name out there with them, like it looks like 1701 01:15:11,427 --> 01:15:14,467 S2: Metallica font. So it says Arcanum, right? We don't put 1702 01:15:14,467 --> 01:15:17,187 S2: our website, we don't put anything. The goal is for 1703 01:15:17,187 --> 01:15:19,747 S2: you to wear our shirt, that you could just wear 1704 01:15:19,747 --> 01:15:22,227 S2: it out every day. And nobody knows. You're marketing a 1705 01:15:22,227 --> 01:15:24,867 S2: security company and many people are very anti that. They're like, 1706 01:15:24,867 --> 01:15:26,457 S2: you have to have your website, you have to have 1707 01:15:26,457 --> 01:15:28,777 S2: something to tie people back. And I'm like, no, eventually 1708 01:15:28,777 --> 01:15:30,937 S2: someone's going to ask that person, where did you get 1709 01:15:30,937 --> 01:15:33,017 S2: that badass shirt? And they're going to be like, oh, 1710 01:15:33,057 --> 01:15:35,017 S2: I went to a security conference. There's actually this hacking 1711 01:15:35,057 --> 01:15:38,137 S2: outfit that does training called Arcanum. That person works in it. 1712 01:15:38,177 --> 01:15:39,897 S2: They're like, oh, I'll go check that out. And like, 1713 01:15:40,257 --> 01:15:41,537 S2: and it's like word of mouth, basically. 1714 01:15:41,577 --> 01:15:42,857 S1: In the meantime, it just looks cool. 1715 01:15:42,857 --> 01:15:44,457 S2: And it just looks cool. You wear the shirt every day. 1716 01:15:44,457 --> 01:15:45,617 S2: And so like there are a whole bunch of like 1717 01:15:45,617 --> 01:15:50,137 S2: micro tricks like that inside of marketing, branding, having an opinion, 1718 01:15:50,177 --> 01:15:52,697 S2: building a company that I feel like I have just 1719 01:15:52,697 --> 01:15:55,897 S2: seen regular marketing people from other domains just come in 1720 01:15:55,897 --> 01:15:58,376 S2: and not get in the security industry. And so that's 1721 01:15:58,377 --> 01:16:00,456 S2: why it works for us, I feel like. Yeah. 1722 01:16:01,657 --> 01:16:03,577 S1: Well, dude, we finally did it. 1723 01:16:03,617 --> 01:16:05,256 S2: We did we we sat down and did a thing. 1724 01:16:05,297 --> 01:16:07,777 S2: I think three last saw were like, we should just record, 1725 01:16:07,817 --> 01:16:08,497 S2: go up to the room. 1726 01:16:08,497 --> 01:16:11,457 S1: We, we've talked about. So what will happen is we'll 1727 01:16:11,457 --> 01:16:14,657 S1: get on the phone. Yeah. And we'll do exactly this. Yeah. 1728 01:16:15,857 --> 01:16:18,337 S1: We should have recorded. We should have recorded that. 1729 01:16:18,337 --> 01:16:18,977 S2: Yeah. Yeah. 1730 01:16:19,217 --> 01:16:22,297 S1: That's happened 29 times. Yeah, exactly. And then we're like, no, 1731 01:16:22,297 --> 01:16:23,577 S1: we got to get on the mic and we got 1732 01:16:23,617 --> 01:16:25,687 S1: to do it. And it's like never happened. Yeah, we 1733 01:16:25,687 --> 01:16:29,167 S1: did the one for a vendor. Yeah, but that wasn't this. Yeah, yeah. 1734 01:16:29,207 --> 01:16:31,207 S2: Um, okay, I got I got one for you before 1735 01:16:31,207 --> 01:16:36,087 S2: we leave. I got so your opinion on Thunderbolts. We 1736 01:16:36,127 --> 01:16:39,127 S2: went to go see the new Marvel movie, uh, two 1737 01:16:39,127 --> 01:16:39,767 S2: nights ago. 1738 01:16:40,327 --> 01:16:40,967 S1: I'm struggling to. 1739 01:16:40,967 --> 01:16:41,727 S2: Tell the people. Tell the. 1740 01:16:41,727 --> 01:16:43,367 S1: People? I'm struggling. I'm struggling. 1741 01:16:44,007 --> 01:16:45,086 S2: I loved it. 1742 01:16:45,087 --> 01:16:48,847 S1: So I liked the main character. I liked, um, you 1743 01:16:48,847 --> 01:16:50,447 S1: know Johansson's sister? 1744 01:16:50,487 --> 01:16:50,727 S2: Yeah. 1745 01:16:50,727 --> 01:16:54,967 S1: Yeah, yeah. She was like, the strength, um, the father 1746 01:16:54,967 --> 01:16:56,247 S1: daughter thing. The father daughter. 1747 01:16:56,247 --> 01:16:56,887 S2: Thing was strong. 1748 01:16:56,927 --> 01:17:00,487 S1: Yeah, yeah, yeah, I like that a lot. Um, I 1749 01:17:00,487 --> 01:17:04,487 S1: don't know, I just like so many things about the 1750 01:17:04,487 --> 01:17:08,327 S1: old franchise. Yeah, I just feel sad. Yeah, when I 1751 01:17:08,327 --> 01:17:10,647 S1: think that, like, they're not around anymore. 1752 01:17:10,687 --> 01:17:11,126 S2: Yeah. 1753 01:17:11,327 --> 01:17:12,807 S1: First, I have a question. Where'd they go? 1754 01:17:12,927 --> 01:17:13,207 S2: I don't. 1755 01:17:13,247 --> 01:17:14,447 S1: Know. Why can't they come back? 1756 01:17:14,487 --> 01:17:19,006 S2: I think Thor left off planet um, because he has, 1757 01:17:19,007 --> 01:17:20,967 S2: like a daughter now, right? And he's on, like, other planets. 1758 01:17:21,007 --> 01:17:22,527 S2: Like saving them, not Earth. 1759 01:17:22,847 --> 01:17:25,407 S1: The. Okay, so multiverse freaks me out. 1760 01:17:25,447 --> 01:17:28,407 S2: Yeah, the multiverse I was not super down with. Honestly. 1761 01:17:28,447 --> 01:17:31,807 S1: Like, you know, here's my problem with the multiverse it 1762 01:17:31,847 --> 01:17:39,607 S1: invalidates death. It invalidates things you're supposed to care about. Yeah. Sacrifice. Yeah. Yeah. 1763 01:17:39,607 --> 01:17:42,407 S1: If someone can, like, snap and just people come back, 1764 01:17:42,407 --> 01:17:45,407 S1: I'm like, yeah, what are we even doing here? 1765 01:17:45,727 --> 01:17:47,487 S2: Yeah. It's also just hard to keep up all the 1766 01:17:47,487 --> 01:17:50,247 S2: different multiverse plot lines. And, um. 1767 01:17:50,847 --> 01:17:53,206 S1: Is that person alive or dead? Well, not in this universe. 1768 01:17:53,247 --> 01:17:56,527 S2: Yeah, exactly. Yeah. Uh, we were talking about the differences 1769 01:17:56,527 --> 01:18:00,607 S2: between comic, like, adaptations of comics and movies, and then 1770 01:18:00,647 --> 01:18:04,047 S2: what actually happens in the comic books? Pretty much. I 1771 01:18:04,047 --> 01:18:08,206 S2: feel like is universally better in the comics. Uh, except 1772 01:18:08,207 --> 01:18:10,127 S2: for a couple things. Uh, I think that there have 1773 01:18:10,127 --> 01:18:12,447 S2: been a couple of movies that they've done, origin stories 1774 01:18:12,447 --> 01:18:14,607 S2: that were better than the comics, but we were talking 1775 01:18:14,607 --> 01:18:18,246 S2: about Bane and how much different Bane is in comics 1776 01:18:18,247 --> 01:18:22,876 S2: versus Superman two. Yeah. Superman two. Yeah. Um, How different the. 1777 01:18:22,877 --> 01:18:24,997 S2: The death or death of Batman. But the breaking of 1778 01:18:24,997 --> 01:18:27,756 S2: Batman was in the comics with Bane versus the movies, 1779 01:18:27,757 --> 01:18:33,197 S2: and then the death of Superman in pretty much everything. Um, like. 1780 01:18:33,237 --> 01:18:34,357 S2: Like there was a whole bunch of stuff that I 1781 01:18:34,357 --> 01:18:36,637 S2: guess you just don't have time to do, you know, like, uh, 1782 01:18:36,837 --> 01:18:41,197 S2: like basically, like, before doomsday killed Superman in, you know, 1783 01:18:41,237 --> 01:18:41,957 S2: in the comics. 1784 01:18:42,237 --> 01:18:42,837 S1: Spoiler. 1785 01:18:43,197 --> 01:18:44,637 S2: So. Oh, yeah. I mean, if you haven't, you haven't 1786 01:18:44,637 --> 01:18:46,517 S2: read the comics, you should. But, uh, this was when 1787 01:18:46,517 --> 01:18:49,237 S2: I was a kid. I mean, doomsday ran amok on 1788 01:18:49,277 --> 01:18:51,877 S2: the on, like, you know, in America, like. And he 1789 01:18:51,877 --> 01:18:54,876 S2: just he wrecked every single person in the Justice League. Like, just, 1790 01:18:54,877 --> 01:18:57,997 S2: like slapped them down. And so that that, like, builds 1791 01:18:57,997 --> 01:19:00,277 S2: this context of, like, six issues up to the point 1792 01:19:00,277 --> 01:19:02,517 S2: where you're like, oh, man, the only person that's going 1793 01:19:02,517 --> 01:19:03,756 S2: to be able to stop this villain. 1794 01:19:03,797 --> 01:19:04,197 S1: Yup. 1795 01:19:04,437 --> 01:19:06,237 S2: You know, the combined might of the Justice League has 1796 01:19:06,237 --> 01:19:08,997 S2: done nothing. It's only going to be Superman. Yeah. And so, like, 1797 01:19:09,037 --> 01:19:12,237 S2: it breeds this, you know, like up and coming crescendo 1798 01:19:12,237 --> 01:19:14,437 S2: of battle. And then, you know, you have the epic 1799 01:19:14,437 --> 01:19:18,197 S2: battle between Doomsday and Superman and he dies. Um, and, 1800 01:19:18,237 --> 01:19:19,277 S2: you know, one of the things I like to talk 1801 01:19:19,277 --> 01:19:21,267 S2: about is when I was a kid, that issue came 1802 01:19:21,267 --> 01:19:24,067 S2: in a plastic bag with the Superman logo with blood 1803 01:19:24,067 --> 01:19:26,787 S2: dripping down it. No way. And included in the plastic 1804 01:19:26,787 --> 01:19:29,467 S2: bag was the comic of his death. It was all 1805 01:19:29,467 --> 01:19:33,307 S2: about his funeral, him dying the world without Superman. And 1806 01:19:33,307 --> 01:19:35,827 S2: it came with a black armband with the Superman logo 1807 01:19:35,827 --> 01:19:36,307 S2: on it so. 1808 01:19:36,347 --> 01:19:36,506 S1: You. 1809 01:19:36,507 --> 01:19:39,027 S2: Could mourn him. And it was made of, like, vinyl 1810 01:19:39,187 --> 01:19:41,427 S2: and so you could put it on your arm. I 1811 01:19:41,467 --> 01:19:43,627 S2: wore that to school that day when Superman and some 1812 01:19:43,627 --> 01:19:45,187 S2: of my nerd friends did, too. It was. 1813 01:19:45,427 --> 01:19:47,187 S1: And you were Superman in your wedding? 1814 01:19:47,227 --> 01:19:49,227 S2: I was Superman in my wedding. We all wore superhero 1815 01:19:49,227 --> 01:19:52,107 S2: shirts under, uh, under a thing as I was Superman. 1816 01:19:52,107 --> 01:19:53,707 S2: And we were talking. Oh, we watched that video last 1817 01:19:53,707 --> 01:19:55,387 S2: night of, like, the iterations of all the Superman. 1818 01:19:55,427 --> 01:19:55,987 S1: Oh, yeah. Yeah, there. 1819 01:19:55,987 --> 01:19:57,867 S2: Were a couple Superman I've never seen before, by the way. 1820 01:19:57,907 --> 01:19:59,827 S1: Yeah. And you're getting me on the the one that 1821 01:19:59,827 --> 01:20:00,387 S1: you like. 1822 01:20:00,427 --> 01:20:04,187 S2: Yeah. Um. Superman and Lois, uh, the two two season 1823 01:20:04,187 --> 01:20:06,947 S2: one I thought was fantastic. I think he's one of 1824 01:20:06,947 --> 01:20:09,387 S2: the best Superman's I've ever seen. Um, and then I'm 1825 01:20:09,427 --> 01:20:10,947 S2: getting you on arcane, too. 1826 01:20:11,067 --> 01:20:11,187 S1: Yeah. 1827 01:20:11,187 --> 01:20:12,827 S2: That's right, arcane is fantastic. 1828 01:20:12,867 --> 01:20:13,307 S1: Like. 1829 01:20:13,587 --> 01:20:16,187 S2: Like like in a few. Yeah, yeah, yeah. So, um. Yeah, 1830 01:20:16,187 --> 01:20:17,947 S2: I mean, if you wanted some nerd segment that was, 1831 01:20:17,987 --> 01:20:18,427 S2: you know. 1832 01:20:19,217 --> 01:20:21,657 S1: Yeah. And then a week from now, we go on 1833 01:20:21,657 --> 01:20:23,017 S1: our spiritual retreat. 1834 01:20:23,057 --> 01:20:24,177 S2: We do? Yeah. We do. 1835 01:20:24,337 --> 01:20:25,657 S1: And can't wait to see you there. 1836 01:20:25,697 --> 01:20:28,536 S2: Yeah. We, uh, we do EDC every year in Las Vegas. 1837 01:20:28,537 --> 01:20:31,416 S2: It's three days where we try not to talk about work. Yup. 1838 01:20:31,577 --> 01:20:34,296 S2: And just listen to music and be best friends. Outside 1839 01:20:34,297 --> 01:20:36,376 S2: of that, I highly recommend for any of you who have, 1840 01:20:36,977 --> 01:20:39,657 S2: you know, friends, who's who sit in the industry and 1841 01:20:39,657 --> 01:20:40,977 S2: you kind of go and hang out with them, and 1842 01:20:40,977 --> 01:20:42,977 S2: you end up talking a lot about infosec and work 1843 01:20:43,297 --> 01:20:46,217 S2: to plan something that's not work related. Like, you and 1844 01:20:46,217 --> 01:20:48,577 S2: I have EDC, and I'm trying to build something with 1845 01:20:48,577 --> 01:20:51,416 S2: Kev where I go to like a comic con, you know? Yeah. Um, 1846 01:20:51,617 --> 01:20:53,977 S2: and you're more than welcome to come if you want, but, uh. 1847 01:20:54,017 --> 01:20:55,017 S1: I've been once, I think. 1848 01:20:55,057 --> 01:20:56,777 S2: Yeah, I like comic cons a lot, but, um, but 1849 01:20:56,777 --> 01:20:59,537 S2: just that activity of doing something outside of infosec is 1850 01:20:59,537 --> 01:21:00,417 S2: really nice. So. 1851 01:21:00,457 --> 01:21:02,977 S1: Yeah. And then we start with work, but really, it 1852 01:21:02,977 --> 01:21:05,577 S1: ends up being like life plans. Yeah. And how we're 1853 01:21:05,577 --> 01:21:06,296 S1: helping each other. 1854 01:21:06,337 --> 01:21:07,857 S2: Yeah, exactly. Yeah. Yeah. 1855 01:21:07,897 --> 01:21:10,017 S1: So we'll do. This was fantastic. 1856 01:21:10,217 --> 01:21:11,177 S2: Awesome. Yeah. Hopefully. 1857 01:21:11,217 --> 01:21:12,256 S1: Hopefully it was recording. 1858 01:21:12,257 --> 01:21:14,137 S2: Yeah. Hopefully. Yeah. I see the little thing. So. Yeah. 1859 01:21:14,177 --> 01:21:14,657 S2: For sure.