1
00:00:00,230 --> 00:00:02,960
S1: All right, Christine, welcome to unsupervised Learning.

2
00:00:03,950 --> 00:00:05,060
S2: Thank you for having me.

3
00:00:06,440 --> 00:00:09,170
S1: All right. We're going to, uh, we're going to jump

4
00:00:09,170 --> 00:00:11,930
S1: into some stuff, uh, pretty quick here. Uh, start with

5
00:00:11,930 --> 00:00:17,300
S1: the easy stuff. Um, I. So, uh, the cybersecurity industry

6
00:00:17,300 --> 00:00:21,890
S1: has made a lot of, I guess, hubbub about AI

7
00:00:21,890 --> 00:00:24,829
S1: and basically how big it's getting. And I'm wondering, just

8
00:00:24,829 --> 00:00:29,590
S1: what are you hearing about? Like the contrast between is

9
00:00:29,590 --> 00:00:32,500
S1: it is it hype? Is it really happening? Is it really,

10
00:00:32,500 --> 00:00:35,229
S1: really happening? Like how much of it is like potential

11
00:00:35,229 --> 00:00:38,920
S1: energy versus kinetic energy. Like what are you seeing and hearing.

12
00:00:39,820 --> 00:00:43,479
S2: So that's a great question to start. Um, it you know,

13
00:00:43,479 --> 00:00:45,880
S2: I guess I'll, I'll start with your first ask, which

14
00:00:45,880 --> 00:00:49,150
S2: is is it real? Uh, absolutely. It's real. I think

15
00:00:49,150 --> 00:00:52,870
S2: that when you look at the security industry as a whole, um,

16
00:00:52,870 --> 00:00:55,490
S2: when you look at the the places that we have

17
00:00:55,490 --> 00:00:58,370
S2: to focus most of our time and energy as leaders or,

18
00:00:58,370 --> 00:01:01,490
S2: you know, budget or, you know, actually just doing pure

19
00:01:01,520 --> 00:01:04,880
S2: security work, um, you know, you can't help but miss

20
00:01:04,880 --> 00:01:08,480
S2: things like incident response, threat hunting, you know, looking at

21
00:01:08,480 --> 00:01:12,290
S2: indications of compromise, because that's kind of where it all starts. Uh,

22
00:01:12,290 --> 00:01:16,730
S2: and I has a beautiful ability, um, in my opinion, to,

23
00:01:16,730 --> 00:01:22,140
S2: you know, empower smarter decisions, um, quicker, more accurate assessments,

24
00:01:22,140 --> 00:01:25,860
S2: especially when looking at indicators of compromise. Um, within your

25
00:01:25,860 --> 00:01:28,229
S2: incident response team, which again, takes to, you know, tends

26
00:01:28,230 --> 00:01:30,480
S2: to be one of the most critical functions in any

27
00:01:30,480 --> 00:01:33,810
S2: security team, uh, and also one of the hardest to

28
00:01:33,810 --> 00:01:38,580
S2: staff and most costly. Um, so I think that there,

29
00:01:38,580 --> 00:01:41,990
S2: you know, it's definitely real and there's lot of opportunity

30
00:01:41,990 --> 00:01:47,120
S2: to take that and make it, um, much more intelligent. Uh,

31
00:01:47,120 --> 00:01:49,610
S2: you know, it's a battlefield. So as we get smarter,

32
00:01:49,610 --> 00:01:51,980
S2: our adversaries get smarter. So I think there's also a

33
00:01:51,980 --> 00:01:53,510
S2: kind of a give and take of almost that you

34
00:01:53,510 --> 00:01:56,450
S2: have to pay attention. Um, because if you're not paying attention,

35
00:01:56,450 --> 00:01:59,090
S2: obviously your enemies are. Yeah.

36
00:02:00,110 --> 00:02:03,770
S1: Yeah, that makes sense. So you mentioned incident response. So

37
00:02:03,770 --> 00:02:06,630
S1: what are some other areas that, um, seem pretty ripe

38
00:02:06,630 --> 00:02:07,410
S1: for you?

39
00:02:08,040 --> 00:02:10,950
S2: Yeah. Well, I mean, the entire security program and it's

40
00:02:10,950 --> 00:02:15,960
S2: in in its functions and roles are all right for automation. Um,

41
00:02:15,960 --> 00:02:18,240
S2: and I think that companies that are really on the

42
00:02:18,240 --> 00:02:21,720
S2: forefront of this technology are doing things like, you know,

43
00:02:21,720 --> 00:02:24,570
S2: sandboxing their own data lakes and then using AI to

44
00:02:24,570 --> 00:02:28,440
S2: really plug into that to make really great automated decisions. Uh,

45
00:02:28,440 --> 00:02:31,450
S2: I mean, there's definitely a ton of power in that. Um,

46
00:02:31,450 --> 00:02:33,429
S2: if you're a bigger company and have a lot of data,

47
00:02:33,460 --> 00:02:34,810
S2: you know, that's kind of the way to go. But

48
00:02:34,810 --> 00:02:36,790
S2: I think it's really important to to look at the

49
00:02:36,790 --> 00:02:40,630
S2: types of industries and companies that really need to be

50
00:02:40,630 --> 00:02:43,750
S2: focusing on AI. And I think there's a difference between,

51
00:02:43,750 --> 00:02:47,470
S2: you know, I use this example when I'm speaking to

52
00:02:47,470 --> 00:02:49,930
S2: others in the industry, if you are a, you know,

53
00:02:49,930 --> 00:02:52,929
S2: a company that, uh, is a, um, I don't know,

54
00:02:52,930 --> 00:02:56,310
S2: a lumber distributor, you know, you're, you're building boards that

55
00:02:56,310 --> 00:02:58,889
S2: are going to go build somebody's houses. Your attack surface

56
00:02:58,919 --> 00:03:04,590
S2: is absolutely not the same as a company developing security software, right?

57
00:03:04,590 --> 00:03:07,830
S2: You know, the the company that is, you know, maybe

58
00:03:07,830 --> 00:03:11,010
S2: not publicly traded also and doesn't really have that that

59
00:03:11,010 --> 00:03:15,690
S2: risk from, um, customer information might be worried about protecting

60
00:03:15,690 --> 00:03:19,420
S2: maybe their financial data, or maybe their even their company

61
00:03:19,419 --> 00:03:22,870
S2: trade secrets. But a secure software developer who has a

62
00:03:22,870 --> 00:03:27,070
S2: product they're actually selling into, you know, the highly regulated environment,

63
00:03:27,070 --> 00:03:30,130
S2: who inherits their attack surface and becomes part of their

64
00:03:30,130 --> 00:03:33,850
S2: supply chain. You know, that's a more a different role

65
00:03:33,850 --> 00:03:38,080
S2: for AI, right? So I think it's also imperative that

66
00:03:38,080 --> 00:03:41,400
S2: we balance kind of the need for that. And and

67
00:03:41,400 --> 00:03:43,620
S2: you know, where you're going to to invest, so to

68
00:03:43,620 --> 00:03:47,010
S2: speak for that. You know, that latter example of, you know,

69
00:03:47,010 --> 00:03:50,100
S2: companies like ours that are selling, you know, security software

70
00:03:50,100 --> 00:03:53,790
S2: into highly regulated environments. It's we, you know, it's table stakes.

71
00:03:53,790 --> 00:03:57,930
S2: We have to understand that landscape, um, and automation and

72
00:03:57,930 --> 00:04:01,320
S2: AI driven, you know, response really is the value. I mean,

73
00:04:01,320 --> 00:04:03,660
S2: there's lots of value in AI, but that's definitely where

74
00:04:03,660 --> 00:04:07,390
S2: I see the, the most value because you're, you know,

75
00:04:07,390 --> 00:04:10,720
S2: you're you're hitting in so many areas. Um, not only

76
00:04:10,720 --> 00:04:13,810
S2: are you able to look at indicators of compromise and

77
00:04:13,810 --> 00:04:18,010
S2: make quicker, faster decisions, but you can look at hypothesis

78
00:04:18,010 --> 00:04:21,070
S2: driven decisions that have already been proven, which is, you know,

79
00:04:21,070 --> 00:04:24,880
S2: really brings on to the intelligence. So, um, it's kind

80
00:04:24,880 --> 00:04:27,490
S2: of like driving a car from 1986 and driving the

81
00:04:27,490 --> 00:04:30,890
S2: space shuttle. You know, there's just so much more, um,

82
00:04:31,070 --> 00:04:36,830
S2: overwhelming capability. But, you know, of course, that also comes with, uh, responsibility. Um,

83
00:04:36,830 --> 00:04:40,250
S2: but that's, you know, definitely an area I see, um,

84
00:04:40,250 --> 00:04:42,080
S2: disrupting the industry for sure.

85
00:04:42,950 --> 00:04:46,400
S1: Yeah. And you're the VP of product security over there

86
00:04:46,400 --> 00:04:50,539
S1: at BlackBerry. So how are you seeing it in your products?

87
00:04:50,930 --> 00:04:55,479
S2: Well, I think probably the biggest, um, impact we're seeing

88
00:04:55,480 --> 00:04:58,180
S2: in our products is actually the services we're offering with

89
00:04:58,180 --> 00:05:01,930
S2: the AI, you know, included in it. So, you know,

90
00:05:01,930 --> 00:05:05,560
S2: our guard team has, uh, which is professional services that does,

91
00:05:05,560 --> 00:05:08,890
S2: you know, incident response for these, these mid to smaller

92
00:05:08,890 --> 00:05:11,650
S2: enterprise companies or any company for that matter. But where

93
00:05:11,650 --> 00:05:15,610
S2: I really see the pain from this is coming from

94
00:05:15,610 --> 00:05:19,219
S2: these you know many companies that just don't have the

95
00:05:19,220 --> 00:05:22,580
S2: ability to scale this fast enough. Um, you know, attackers

96
00:05:22,580 --> 00:05:26,330
S2: are getting smarter and it takes time. Um, staffing challenges,

97
00:05:26,330 --> 00:05:29,660
S2: all of that great stuff to really scale to that.

98
00:05:29,660 --> 00:05:32,480
S2: And where we're really seeing, I think the most impact

99
00:05:32,480 --> 00:05:35,510
S2: there is, you know, our services team who has the

100
00:05:35,510 --> 00:05:38,210
S2: ability to scale for, you know, for the company that

101
00:05:38,210 --> 00:05:40,369
S2: might not be able to, um, you know, they have

102
00:05:40,370 --> 00:05:42,720
S2: a dashboard and they can literally hit, you know, a

103
00:05:42,720 --> 00:05:45,210
S2: help me button, so to speak. And then we have

104
00:05:45,210 --> 00:05:47,880
S2: a team of people that can run these AI and

105
00:05:47,880 --> 00:05:50,820
S2: automation driven decisions for them. So I think that that's

106
00:05:50,820 --> 00:05:54,120
S2: really been one of the bigger things that we've seen. Uh,

107
00:05:54,120 --> 00:05:58,410
S2: you know, we as a company, historically when we, um,

108
00:05:58,410 --> 00:06:02,100
S2: purchased silence as a company, you know, brought AI into

109
00:06:02,100 --> 00:06:05,420
S2: our company long before I was really even talked about.

110
00:06:05,420 --> 00:06:09,799
S2: So we've we've definitely got the, the historical, um, expertise

111
00:06:09,800 --> 00:06:13,310
S2: built into, um, to some of that decision making with AI.

112
00:06:14,900 --> 00:06:17,420
S1: Yeah, that makes sense. I mean, I guess can I

113
00:06:17,420 --> 00:06:23,150
S1: step back? Um, really interesting. So you have all this

114
00:06:23,150 --> 00:06:25,729
S1: stuff going on there at BlackBerry. You have. I've talked

115
00:06:25,730 --> 00:06:29,490
S1: to multiple people over there, uh, through unsupervised learning, and

116
00:06:29,490 --> 00:06:31,469
S1: it's like you've got a whole bunch of AI research

117
00:06:31,470 --> 00:06:34,409
S1: going on. You've got your whole team there, you've got

118
00:06:34,410 --> 00:06:39,780
S1: all these, uh, different service offerings like you mentioned, incident response, like, uh,

119
00:06:39,779 --> 00:06:43,049
S1: like other players there. And it's like, how often do

120
00:06:43,050 --> 00:06:45,540
S1: you get the question of like, oh, BlackBerry. Oh, I

121
00:06:45,540 --> 00:06:47,970
S1: didn't realize they were doing all these elite things. Is

122
00:06:47,970 --> 00:06:51,539
S1: that pretty much a regular conversation with, uh, outsiders?

123
00:06:51,540 --> 00:06:53,750
S2: It is. It is because, you know, back from the

124
00:06:53,750 --> 00:06:56,810
S2: days of the handset, um, you know, I think everybody

125
00:06:56,810 --> 00:07:00,860
S2: knew and everybody knows that BlackBerry does amazing security things.

126
00:07:00,860 --> 00:07:03,170
S2: You know, I don't think there's any question the brand

127
00:07:03,170 --> 00:07:06,230
S2: has has done us well for that over the years. And, and,

128
00:07:06,230 --> 00:07:09,320
S2: you know, the the unsaid thing is the highly regulated

129
00:07:09,320 --> 00:07:11,780
S2: and people that really, really, really care. And, you know, again,

130
00:07:11,780 --> 00:07:14,270
S2: in my example of the lumber manufacturer to a highly

131
00:07:14,270 --> 00:07:17,520
S2: regulated environment, it's not the same. And BlackBerry has played

132
00:07:17,520 --> 00:07:20,430
S2: in that highly regulated environment, you know, for a very, very,

133
00:07:20,430 --> 00:07:24,420
S2: very long time. And so we do understand, uh, the

134
00:07:24,420 --> 00:07:28,410
S2: importance and the, the just the value of just doing

135
00:07:28,410 --> 00:07:31,440
S2: pure security work. Um, and that's tough in the industry

136
00:07:31,440 --> 00:07:34,830
S2: when you're a, a security software vendor because you're, you're,

137
00:07:34,830 --> 00:07:37,440
S2: you're in security. You're doing security, you have products that

138
00:07:37,440 --> 00:07:39,900
S2: do security. And then the outcome is security. So it's

139
00:07:39,900 --> 00:07:43,119
S2: kind of embedded into, you know, everything that you do. Um,

140
00:07:43,120 --> 00:07:45,310
S2: but I think what's really been cool to see over

141
00:07:45,310 --> 00:07:48,940
S2: the years has been to watch, um, sort of the, the,

142
00:07:48,940 --> 00:07:50,650
S2: the things out of the handset that we were really

143
00:07:50,650 --> 00:07:53,380
S2: good at and to put that into a service. Um, again,

144
00:07:53,380 --> 00:07:55,540
S2: you know, nowhere is that more applicable than what we're

145
00:07:55,540 --> 00:07:58,750
S2: talking about today with our acquisition of silence and just running,

146
00:07:58,840 --> 00:08:02,080
S2: you know, the managed endpoint detection with AI in it

147
00:08:02,080 --> 00:08:05,790
S2: has been really cool to see us take our really intelligent,

148
00:08:05,790 --> 00:08:08,400
S2: smart security thinking and sort of turn it and evolve

149
00:08:08,400 --> 00:08:11,730
S2: into what is the most important thing today. Um, so

150
00:08:11,730 --> 00:08:14,100
S2: you know that that's been really cool to watch. But yes,

151
00:08:14,100 --> 00:08:16,530
S2: I run into that. If I had a nickel for

152
00:08:16,530 --> 00:08:18,240
S2: every time someone asked me if we were going to

153
00:08:18,240 --> 00:08:22,530
S2: make phones again. Oh my gosh, if we ever, you know,

154
00:08:22,560 --> 00:08:25,380
S2: we're I'm not saying we're making phones again. We're not. But,

155
00:08:25,530 --> 00:08:26,790
S2: you know, if we ever were to.

156
00:08:26,790 --> 00:08:28,440
S1: Do that, you heard it here first.

157
00:08:29,170 --> 00:08:31,630
S2: If we ever were, if we ever did that again.

158
00:08:31,630 --> 00:08:33,790
S2: Oh my gosh. Uh, I would have to then go

159
00:08:33,790 --> 00:08:36,490
S2: change my narrative after changing my narrative after changing it

160
00:08:36,490 --> 00:08:39,610
S2: one more time. So yes, it is, um, it is

161
00:08:39,610 --> 00:08:43,300
S2: a complicated world and security, and we definitely play in

162
00:08:43,300 --> 00:08:45,309
S2: lots of facets in it. So it is we make

163
00:08:45,309 --> 00:08:46,090
S2: it complicated too.

164
00:08:46,120 --> 00:08:50,980
S1: So yeah. And now that I'm thinking about it, I'm

165
00:08:50,980 --> 00:08:54,500
S1: thinking about all the places that the handset had sort

166
00:08:54,500 --> 00:08:57,320
S1: of penetration. It was it was really big with the

167
00:08:57,320 --> 00:09:00,140
S1: federal space in the US. And I imagine with governments

168
00:09:00,140 --> 00:09:02,870
S1: all over the world. So if you have talent and

169
00:09:02,870 --> 00:09:06,590
S1: you have tech and you get out of a particular market,

170
00:09:06,590 --> 00:09:09,650
S1: you still have the that talent in tech and you

171
00:09:09,650 --> 00:09:13,130
S1: still have the relationships. So that's that's seems to be

172
00:09:13,130 --> 00:09:17,000
S1: why BlackBerry's security has survived and thrived.

173
00:09:17,020 --> 00:09:20,920
S2: Absolutely, 100%. Um, you know, the one thing over the

174
00:09:20,920 --> 00:09:26,229
S2: years that I've learned is, is as these, uh, regulated markets, um,

175
00:09:26,230 --> 00:09:30,340
S2: the wheel just keeps turning, the regulation just keeps getting harder.

176
00:09:30,340 --> 00:09:33,970
S2: The attackers get smarter, it never stops to evolve. So

177
00:09:33,970 --> 00:09:36,070
S2: if you think about, like, the crystal, I always talk

178
00:09:36,070 --> 00:09:37,750
S2: about my crystal ball. Like, you know, we had a

179
00:09:37,750 --> 00:09:39,610
S2: crystal ball ten years ago, and we were looking at

180
00:09:39,610 --> 00:09:41,780
S2: this like, you know, hey, these are the things that

181
00:09:41,780 --> 00:09:43,760
S2: are going to be important coming up in the next,

182
00:09:43,760 --> 00:09:45,530
S2: you know, ten years. And if you look back at

183
00:09:45,530 --> 00:09:49,400
S2: that crystal ball, um, you know, we were really highly

184
00:09:49,400 --> 00:09:51,830
S2: accurate on a lot of things, both in our team

185
00:09:51,830 --> 00:09:55,069
S2: and in the product teams. Um, and that trust that

186
00:09:55,070 --> 00:09:57,530
S2: you have with the highly regulated market, whether it's banks

187
00:09:57,530 --> 00:10:00,890
S2: or medical or, you know, us federal, um, or any

188
00:10:00,890 --> 00:10:05,210
S2: of the agencies, it's it's really, really, um, important to

189
00:10:05,230 --> 00:10:08,740
S2: them that they, they can trust their vendors because their

190
00:10:08,740 --> 00:10:12,790
S2: security is really only as good as their vendor security. Um,

191
00:10:12,970 --> 00:10:15,610
S2: you know, we can look at, you know, go back

192
00:10:15,610 --> 00:10:18,460
S2: to just outside of AI and malware, but going back

193
00:10:18,460 --> 00:10:21,790
S2: to things like, um, you know, log for J, you know,

194
00:10:21,790 --> 00:10:24,430
S2: just things where it really proved that the supply chain

195
00:10:24,429 --> 00:10:27,699
S2: was really only as strong as its is its weakest link. Uh,

196
00:10:27,700 --> 00:10:30,650
S2: and so I really think that, you know, vendors that

197
00:10:30,650 --> 00:10:33,199
S2: have that trust built in that, you know, really focus

198
00:10:33,200 --> 00:10:35,750
S2: on this. Um, have, have sort of proven their value

199
00:10:35,750 --> 00:10:37,640
S2: over the years. Yeah.

200
00:10:38,240 --> 00:10:41,450
S1: This is actually what I'm most excited about with AI is, um,

201
00:10:41,750 --> 00:10:44,360
S1: what what I call like the mini AIS or whatever

202
00:10:44,360 --> 00:10:47,689
S1: it was stolen from open source. But if you look

203
00:10:47,690 --> 00:10:51,620
S1: at how many, uh, contracts are coming through or like, vendors. Um,

204
00:10:51,620 --> 00:10:55,020
S1: and then supply chain relationships. How complex and like web

205
00:10:55,020 --> 00:10:57,480
S1: do they are. And then you have like this team

206
00:10:57,480 --> 00:11:00,150
S1: of four people or whatever for most companies, or let's

207
00:11:00,150 --> 00:11:03,990
S1: say it's 14 people. Like if you're super lucky, you

208
00:11:03,990 --> 00:11:08,460
S1: might be looking at tens of thousands of connections and

209
00:11:08,460 --> 00:11:11,790
S1: then secondary connections on top of that for like all

210
00:11:11,790 --> 00:11:14,430
S1: this different stuff. And then you're looking at billions of

211
00:11:14,429 --> 00:11:18,500
S1: log events per day or whatever. And it kind of

212
00:11:18,500 --> 00:11:22,160
S1: reminds me of, um, a lot of people don't know

213
00:11:22,160 --> 00:11:26,090
S1: that when you're watching, uh, asteroids or meteors in the sky,

214
00:11:26,090 --> 00:11:31,520
S1: it's actually not NASA. It's backyard people with telescopes. Right?

215
00:11:31,760 --> 00:11:35,810
S1: And there simply aren't enough eyes to watch everything that

216
00:11:35,809 --> 00:11:39,140
S1: we have to watch for. And so I really love

217
00:11:39,140 --> 00:11:41,819
S1: the fact that we can very soon we're going to

218
00:11:41,820 --> 00:11:45,480
S1: have so many different eyes and they're going to start

219
00:11:45,480 --> 00:11:48,960
S1: as like, you know, lower intern level or whatever. But

220
00:11:48,960 --> 00:11:53,100
S1: people are already saying 2025, those very cheap eyes might

221
00:11:53,100 --> 00:11:57,180
S1: be like PhD level, right? But imagine you have thousands

222
00:11:57,179 --> 00:12:01,439
S1: of them or millions of them. It's just bottom line.

223
00:12:01,440 --> 00:12:04,800
S1: It's more coverage. It's more coverage of things in security.

224
00:12:04,800 --> 00:12:07,730
S1: And there's many of them that don't have enough people

225
00:12:07,730 --> 00:12:08,690
S1: looking at them.

226
00:12:08,809 --> 00:12:12,560
S2: Yeah, yeah. And you know, the truth of the matter is, um,

227
00:12:12,830 --> 00:12:17,540
S2: you know, if, if in your example, which I love, that, uh, if,

228
00:12:17,540 --> 00:12:20,750
S2: if we don't look at it, you know, apt 32

229
00:12:20,780 --> 00:12:24,140
S2: is right. So it doesn't, you know, we we you

230
00:12:24,140 --> 00:12:28,610
S2: almost don't have a choice because as the evolution of technology,

231
00:12:28,610 --> 00:12:31,720
S2: you know, goes forward, our attackers are going to look

232
00:12:31,720 --> 00:12:33,880
S2: at that no matter what. Right? So you almost have

233
00:12:33,880 --> 00:12:36,430
S2: to respond. It is. And it's a it's a game

234
00:12:36,429 --> 00:12:39,160
S2: of cat and mouse. I'm the first one to admit it. Um,

235
00:12:39,160 --> 00:12:42,250
S2: but you know, it is your responsibility, at least from,

236
00:12:42,250 --> 00:12:44,890
S2: you know, from my perspective, to make sure that my

237
00:12:44,890 --> 00:12:47,740
S2: company knows that, that we don't have a choice what

238
00:12:47,740 --> 00:12:50,170
S2: to look at that stuff because they will be. So

239
00:12:50,170 --> 00:12:52,510
S2: if we're going to fight that fire with fire, you know,

240
00:12:52,510 --> 00:12:54,850
S2: the then, you know, we we have to look at

241
00:12:54,850 --> 00:12:58,330
S2: it which, which is always, um, at the purest form

242
00:12:58,330 --> 00:13:01,150
S2: of the security puzzle. Um, you know, that's always the

243
00:13:01,150 --> 00:13:04,270
S2: fun thing is to sort of think about, you know,

244
00:13:04,270 --> 00:13:06,429
S2: what are their next moves going to be and what

245
00:13:06,429 --> 00:13:08,260
S2: are they going to use, and how do we get

246
00:13:08,260 --> 00:13:10,630
S2: in front of that? And how do we think faster, smarter,

247
00:13:10,630 --> 00:13:15,160
S2: you know, cheaper, better, more efficient? Um, but staffing is

248
00:13:15,160 --> 00:13:21,030
S2: absolutely hands down a challenge. Um, and again, what I

249
00:13:21,030 --> 00:13:28,440
S2: see in the staffing challenge of this is as companies evolve, technically,

250
00:13:28,440 --> 00:13:31,319
S2: it gets harder and harder to understand the technical landscape,

251
00:13:31,320 --> 00:13:33,210
S2: let alone know who to hire, to look at the

252
00:13:33,210 --> 00:13:36,750
S2: technical landscape. So I think you have a few challenges in,

253
00:13:36,750 --> 00:13:39,240
S2: in that area that are making it tough for companies

254
00:13:39,240 --> 00:13:40,590
S2: to scale 100%.

255
00:13:41,620 --> 00:13:46,390
S1: Yeah. Okay. Let's talk about that. Um, a lot a

256
00:13:46,390 --> 00:13:49,210
S1: lot of hiring managers say they can't find people, and

257
00:13:49,210 --> 00:13:52,390
S1: people say they can't find jobs. So what do you

258
00:13:52,390 --> 00:13:53,829
S1: think the disconnect is?

259
00:13:54,250 --> 00:13:58,150
S2: Well, you know, I just read something somewhere. I believe

260
00:13:58,150 --> 00:14:00,040
S2: it was a Gartner. Maybe it was a Gartner report

261
00:14:00,040 --> 00:14:01,960
S2: that said something like, and I might butcher this, and

262
00:14:01,960 --> 00:14:04,420
S2: I apologize if I do, but it was something like,

263
00:14:04,420 --> 00:14:09,330
S2: you know, in the next year, 25% will change jobs, 25%

264
00:14:09,330 --> 00:14:12,540
S2: of of of security staff will change jobs. That's crazy

265
00:14:12,540 --> 00:14:15,390
S2: to me. Like, yeah, just start with that data point.

266
00:14:15,390 --> 00:14:18,870
S2: That's that's insane. That's a quarter of the workforce. I

267
00:14:18,870 --> 00:14:21,450
S2: haven't dug into that enough to know what where the

268
00:14:21,450 --> 00:14:23,850
S2: data came from. But if that's really true, that means

269
00:14:23,850 --> 00:14:27,480
S2: a lot of things. So number one, you know, as

270
00:14:27,480 --> 00:14:30,730
S2: a as a leader that hires and runs a team,

271
00:14:30,730 --> 00:14:32,920
S2: you know, I think are my people. I hear about

272
00:14:32,920 --> 00:14:34,840
S2: the burnout, I get it. I you know what? We're

273
00:14:34,840 --> 00:14:36,910
S2: fighting a war. A virtual war is being fought every

274
00:14:36,910 --> 00:14:39,310
S2: day with these teams. We all know that, right? But,

275
00:14:39,310 --> 00:14:41,710
S2: you know, the burnout factor is real. And I and

276
00:14:41,710 --> 00:14:45,550
S2: I see that. But but also are you know, I

277
00:14:45,550 --> 00:14:48,880
S2: think about things like do we do we understand that

278
00:14:48,880 --> 00:14:51,370
S2: technical landscape enough to be hiring people for the right roles?

279
00:14:51,370 --> 00:14:54,770
S2: Why are people burning out? Um, you know, is it

280
00:14:54,770 --> 00:14:57,410
S2: is it this tug of war of people aren't happy

281
00:14:57,410 --> 00:14:59,930
S2: because the jobs are so hard, and because they're evolving

282
00:14:59,930 --> 00:15:03,620
S2: so fast that we we aren't keeping up or, you know,

283
00:15:03,620 --> 00:15:06,140
S2: is it the tug of war of there's a greener

284
00:15:06,140 --> 00:15:08,540
S2: pasture somewhere else? And then people are finding out that

285
00:15:08,540 --> 00:15:11,510
S2: it's really not I'm not really sure where the, the

286
00:15:11,510 --> 00:15:14,240
S2: balance of of why those numbers are the way they are,

287
00:15:14,240 --> 00:15:18,280
S2: but that was really over overwhelming to me. Um, yeah.

288
00:15:18,280 --> 00:15:21,940
S2: You know, and I and I and there is some

289
00:15:21,940 --> 00:15:24,670
S2: interesting research coming out that I just got a preview of.

290
00:15:24,670 --> 00:15:27,430
S2: That kind of blew me away, too. And it was

291
00:15:27,430 --> 00:15:30,160
S2: the where do you see your the question was, where

292
00:15:30,160 --> 00:15:34,000
S2: do you see your hiring challenges in security. And it

293
00:15:34,000 --> 00:15:38,650
S2: was it wasn't necessarily the staff as it was the

294
00:15:38,650 --> 00:15:43,400
S2: technical complication. Like it was almost like how the question was,

295
00:15:43,400 --> 00:15:45,920
S2: was put out there was we don't understand or we're

296
00:15:45,920 --> 00:15:51,050
S2: having problems scaling our environments technically, let alone hiring staff

297
00:15:51,050 --> 00:15:53,450
S2: to to run that. So it was almost like an

298
00:15:53,450 --> 00:15:55,460
S2: after effect of, you know, we we don't know what

299
00:15:55,460 --> 00:15:57,890
S2: tools to use. We we aren't really sure how to

300
00:15:57,890 --> 00:16:00,560
S2: plug in the right efficiency models. And so because we

301
00:16:00,560 --> 00:16:03,650
S2: can't grasp our technical environment, we're really struggling to hire

302
00:16:03,650 --> 00:16:05,610
S2: people because we don't even know what to ask for.

303
00:16:05,610 --> 00:16:07,320
S2: It was kind of that string of things, and so

304
00:16:07,320 --> 00:16:10,170
S2: I wonder how much that weighs into that as well.

305
00:16:10,530 --> 00:16:16,110
S1: Yeah, I've been pretty skeptical of these things because, like you,

306
00:16:16,110 --> 00:16:19,230
S1: I've been watching these things for, for years. And so

307
00:16:19,230 --> 00:16:22,110
S1: one report comes out, it's like we're going to need whatever,

308
00:16:22,110 --> 00:16:25,560
S1: 70 million new cyber jobs within the next few years.

309
00:16:25,560 --> 00:16:28,380
S1: And I'm like, so whatever the number is, 2 million,

310
00:16:28,380 --> 00:16:31,609
S1: 70 million. I'm like, first of all, every report comes out.

311
00:16:31,610 --> 00:16:34,760
S1: The number is wildly different. Second of all, the numbers

312
00:16:34,760 --> 00:16:39,290
S1: just seem crazy. And then third, if you look on

313
00:16:39,290 --> 00:16:42,350
S1: Hacker News, it's like, oh, here's all the cybersecurity people

314
00:16:42,350 --> 00:16:45,650
S1: who just got laid off. And then you go on

315
00:16:45,650 --> 00:16:48,170
S1: the Reddit boards and you see a bunch of hiring boards.

316
00:16:48,170 --> 00:16:50,510
S1: So these are all the people trying to hire. I'm like, okay,

317
00:16:50,510 --> 00:16:54,510
S1: which one is it? Do we need millions or more people?

318
00:16:54,510 --> 00:16:57,570
S1: Or are we actually having all these layoffs in cyber?

319
00:16:57,570 --> 00:17:00,660
S1: And like you said, let's say we trust that number

320
00:17:00,660 --> 00:17:04,080
S1: of 25% is that people just trading up and they're

321
00:17:04,080 --> 00:17:10,109
S1: going to a better job. Like it's it's quite confusing. Um, yeah, it.

322
00:17:10,109 --> 00:17:12,900
S2: Is. And I just found it. So Gartner recently reported

323
00:17:12,900 --> 00:17:17,160
S2: that by 2025, nearly half of all cybersecurity leaders will

324
00:17:17,160 --> 00:17:22,470
S2: change jobs. Half and 25% will leave for entirely different roles. So,

325
00:17:22,470 --> 00:17:26,670
S2: I mean, you know, I, I, I am so fortunate that,

326
00:17:26,670 --> 00:17:30,570
S2: you know, working for a company that does security. It's

327
00:17:30,570 --> 00:17:32,939
S2: not really I don't go into work every day and

328
00:17:32,940 --> 00:17:34,800
S2: have to, you know, defend my position. We take it

329
00:17:34,800 --> 00:17:37,860
S2: so seriously that it's in every meeting and every discussion. And,

330
00:17:38,010 --> 00:17:39,449
S2: you know, I don't have to I don't have to

331
00:17:39,450 --> 00:17:41,550
S2: fight to get air time. It's like, you know, I

332
00:17:41,550 --> 00:17:44,400
S2: just go in and security is important. It's just table stakes. Right.

333
00:17:44,400 --> 00:17:47,490
S2: But but many companies, it's not. And and you're seeing

334
00:17:47,490 --> 00:17:49,800
S2: more and more of the outsourcing too, right. Like you're

335
00:17:49,800 --> 00:17:51,540
S2: seeing more of these companies just raise their hand and

336
00:17:51,540 --> 00:17:54,510
S2: be like, you know, I'm tapping out. Just do it.

337
00:17:54,510 --> 00:17:56,580
S2: I can't I can't scale it. I don't understand it.

338
00:17:56,580 --> 00:17:58,200
S2: I can't hire the people fast enough. I can't get

339
00:17:58,200 --> 00:18:01,080
S2: enough automation. I have a budget and I don't know

340
00:18:01,080 --> 00:18:03,900
S2: where to spend it. I don't know what to prioritize

341
00:18:03,900 --> 00:18:08,150
S2: because again, you know, the the the evolution of security

342
00:18:08,150 --> 00:18:10,430
S2: keeps rolling and attackers keep rolling. And so they're just

343
00:18:10,430 --> 00:18:13,369
S2: constantly on the hamster wheel of spinning, trying to become

344
00:18:13,369 --> 00:18:15,889
S2: more efficient with less money. And, you know, meanwhile we

345
00:18:15,890 --> 00:18:18,590
S2: got a board that's, you know, absolutely doing their jobs

346
00:18:18,590 --> 00:18:21,260
S2: and saying, you know, and this has changed a lot.

347
00:18:21,260 --> 00:18:23,990
S2: And I feel like what we're not talking about as

348
00:18:23,990 --> 00:18:26,360
S2: leaders is the role of the board. The role of

349
00:18:26,359 --> 00:18:29,390
S2: the board. Driving this down has really put a lot

350
00:18:29,390 --> 00:18:33,240
S2: of pressure on many leaders to really scale with, with

351
00:18:33,240 --> 00:18:36,629
S2: their budget. So, you know, I do feel like the

352
00:18:36,630 --> 00:18:39,449
S2: leaders do take a lot. I mean, I know it's stressful.

353
00:18:39,450 --> 00:18:42,060
S2: I feel it too. But, you know, leadership does take

354
00:18:42,060 --> 00:18:44,159
S2: the brunt of like do the thing, do all the

355
00:18:44,160 --> 00:18:46,919
S2: things with this, you know, and that and that bucket

356
00:18:46,920 --> 00:18:49,080
S2: might be great or it might not be great depending on,

357
00:18:49,080 --> 00:18:51,420
S2: on the company that you're at or you know, what

358
00:18:51,420 --> 00:18:54,880
S2: scope you're able to to do. But 25% leaving for

359
00:18:54,880 --> 00:18:56,619
S2: entirely different roles says a lot.

360
00:18:57,040 --> 00:19:01,810
S1: Yeah, I really liked your earlier point about maybe people

361
00:19:01,810 --> 00:19:04,990
S1: just not being able to articulate what they need. Because

362
00:19:04,990 --> 00:19:08,679
S1: if you think like because the security security group is

363
00:19:08,680 --> 00:19:13,060
S1: usually just responding to engineering and leadership and engineering and

364
00:19:13,060 --> 00:19:15,730
S1: leadership are moving according to the market and according to

365
00:19:15,730 --> 00:19:19,500
S1: whatever drama is happening at the company. So it's like

366
00:19:19,890 --> 00:19:22,560
S1: security is always having to rehash their goals and everything.

367
00:19:22,560 --> 00:19:24,480
S1: So it's like, oh, I guess we're not hiring that

368
00:19:24,480 --> 00:19:26,730
S1: team anymore because that's no longer our focus because we

369
00:19:26,730 --> 00:19:30,240
S1: got a new CEO. So it's like the faster tech

370
00:19:30,240 --> 00:19:33,450
S1: moves and the more chaotic a given company is, the

371
00:19:33,450 --> 00:19:37,410
S1: harder it is to hire for anything really, because things

372
00:19:37,410 --> 00:19:38,340
S1: aren't static.

373
00:19:39,180 --> 00:19:44,230
S2: 100%. 100%. And as that technology gets smarter, the people

374
00:19:44,230 --> 00:19:46,060
S2: will have to scale to be the people have to

375
00:19:46,060 --> 00:19:48,400
S2: be smarter to scale. And where are we training all

376
00:19:48,400 --> 00:19:52,449
S2: these amazing people? Is is security evolving and training as

377
00:19:52,450 --> 00:19:56,170
S2: fast as technology is growing? I don't know. That's the reality.

378
00:19:56,170 --> 00:19:58,390
S2: I don't know and I don't know in security, you know,

379
00:19:58,390 --> 00:20:00,399
S2: we've always had this challenge. You kind of have to

380
00:20:00,400 --> 00:20:01,210
S2: be in it and do.

381
00:20:01,210 --> 00:20:02,230
S3: It to learn.

382
00:20:02,230 --> 00:20:05,530
S2: It. Right. There's no right. You can't you can't. Even

383
00:20:05,530 --> 00:20:09,170
S2: with the role of I attack. Scenarios need humans, you know,

384
00:20:09,170 --> 00:20:12,199
S2: it's like I will always be great at being hypothesis

385
00:20:12,200 --> 00:20:14,810
S2: driven and being able to crowdsource brains, but it won't

386
00:20:14,810 --> 00:20:17,419
S2: tell you if it's raining on Thursday right now. You

387
00:20:17,420 --> 00:20:20,000
S2: know it won't. It won't take into account your environmental stuff.

388
00:20:20,000 --> 00:20:21,949
S2: It won't. It won't say, oh, the wind's blowing at

389
00:20:21,950 --> 00:20:24,110
S2: 15 degrees. We better not land this plane over here

390
00:20:24,109 --> 00:20:25,850
S2: where it's 70 degrees. I mean, it's never going to

391
00:20:25,850 --> 00:20:29,330
S2: be that that agile. It's always going to be a

392
00:20:29,330 --> 00:20:32,740
S2: thinking brain. Right. So so in order to to really

393
00:20:32,740 --> 00:20:35,320
S2: use that to its firepower, we have to have humans

394
00:20:35,320 --> 00:20:37,419
S2: in front of it that know how to execute with it.

395
00:20:37,420 --> 00:20:40,060
S2: And that to me is what I'm seeing is sort

396
00:20:40,060 --> 00:20:43,780
S2: of like the big challenges. We're driving a space shuttle, right?

397
00:20:43,780 --> 00:20:46,090
S2: It's not the 86 Camry. We're driving a space shuttle.

398
00:20:46,090 --> 00:20:48,159
S2: And in order to do that, you got to have

399
00:20:48,160 --> 00:20:51,670
S2: really qualified people on the front end of those space

400
00:20:51,670 --> 00:20:53,650
S2: shuttles to make sure that they get to the right places,

401
00:20:53,650 --> 00:20:56,600
S2: or you know that all the functionality is used. You

402
00:20:56,600 --> 00:20:58,520
S2: know that you're making those right decisions, and it's a

403
00:20:58,520 --> 00:21:02,390
S2: split second in time that I will just always sort

404
00:21:02,390 --> 00:21:06,080
S2: of have that, that it is like giving you a

405
00:21:06,080 --> 00:21:08,120
S2: space shuttle. You still got to know how to drive it, right?

406
00:21:08,119 --> 00:21:09,470
S2: You still got to know how to take off and

407
00:21:09,470 --> 00:21:11,450
S2: you still got to know how to land. And so

408
00:21:11,450 --> 00:21:14,420
S2: I see that as a big challenge. You could peanut

409
00:21:14,420 --> 00:21:17,330
S2: butter that story sort of across all of technology right

410
00:21:17,330 --> 00:21:20,130
S2: now in security, it's only going to be as good

411
00:21:20,130 --> 00:21:22,530
S2: as the people leading it. Mhm.

412
00:21:23,220 --> 00:21:26,490
S1: Yeah I do think AI is going to fill in

413
00:21:26,490 --> 00:21:29,609
S1: some of those gaps. Most importantly the one that you mentioned,

414
00:21:29,609 --> 00:21:34,410
S1: which is um adding context. I think that'll get easier.

415
00:21:34,410 --> 00:21:37,620
S1: But ultimately you still, like you said, got to have

416
00:21:37,619 --> 00:21:42,830
S1: humans running the show at some level. Yeah. The other

417
00:21:42,830 --> 00:21:46,070
S1: problem with the the talent thing, I think, is we

418
00:21:46,070 --> 00:21:48,710
S1: don't really have what the military has, which is, um,

419
00:21:48,710 --> 00:21:52,760
S1: you start at E-1 and you must do E-1 things

420
00:21:52,760 --> 00:21:55,939
S1: before you become an E-2, and you have this pipeline,

421
00:21:55,940 --> 00:21:59,300
S1: and the pipeline is a talent pipeline, and it's also

422
00:21:59,450 --> 00:22:03,469
S1: a maturity pipeline. So and they watch very carefully how

423
00:22:03,470 --> 00:22:05,909
S1: many e-1's do we have? How many e2's do we

424
00:22:05,910 --> 00:22:11,130
S1: have enough e2's to keep the pipeline healthy for e-3s

425
00:22:11,130 --> 00:22:15,570
S1: and same for officers and whatever. So the thing that

426
00:22:15,570 --> 00:22:19,590
S1: we don't have here and actually gets worse with AI

427
00:22:19,619 --> 00:22:25,199
S1: if you start automating away tier one SoC analysts, okay,

428
00:22:25,200 --> 00:22:28,050
S1: so the tier one goes away, how you're going to

429
00:22:28,050 --> 00:22:30,860
S1: go from 0 to 2 or 0 to 3, that's

430
00:22:30,859 --> 00:22:32,030
S1: going to be messed up.

431
00:22:32,090 --> 00:22:36,530
S2: Hundred percent agree with you. And this is again where

432
00:22:36,560 --> 00:22:40,669
S2: silence guard. You know our our service that really is

433
00:22:40,670 --> 00:22:45,740
S2: SOC as a service. This is an absolutely why the

434
00:22:45,740 --> 00:22:47,659
S2: people that I talk to and you know I do

435
00:22:47,660 --> 00:22:50,030
S2: I talk to our customers and I ask them questions.

436
00:22:50,030 --> 00:22:53,780
S2: And I want to learn more about why they came

437
00:22:53,780 --> 00:22:56,760
S2: to us for help. This is their reason. They can't.

438
00:22:56,760 --> 00:22:59,580
S2: So you look at the big 70,000 person company. They've

439
00:22:59,580 --> 00:23:01,830
S2: got that pipeline, they've got the e-1s sitting there getting

440
00:23:01,830 --> 00:23:06,030
S2: trained right. And they know their progression through the system. Yes.

441
00:23:06,030 --> 00:23:09,300
S2: Mid to smaller enterprise companies don't have the staff to

442
00:23:09,300 --> 00:23:12,780
S2: do that. They don't have the luxury to build that firepower. Right.

443
00:23:12,780 --> 00:23:16,500
S2: And so they're constantly hamster wheel chasing the evolvement of

444
00:23:16,500 --> 00:23:20,170
S2: this technology with being able to hire and keep the

445
00:23:20,170 --> 00:23:22,720
S2: senior or senior enough people to be able to make

446
00:23:22,720 --> 00:23:25,420
S2: good decisions. And how do you you know and and

447
00:23:25,420 --> 00:23:26,800
S2: you know this as well as I do, how do

448
00:23:26,800 --> 00:23:28,690
S2: you take one person and scale all of that? When

449
00:23:28,690 --> 00:23:31,210
S2: you're a small company? The answer is you don't. You can't.

450
00:23:31,210 --> 00:23:34,119
S2: There's no way you're either going to have to hire

451
00:23:34,119 --> 00:23:37,510
S2: somebody so senior that, you know, they they can do

452
00:23:37,510 --> 00:23:39,669
S2: all of the things. And then does the senior person

453
00:23:39,670 --> 00:23:41,710
S2: want to do that stuff anymore in their career? Right.

454
00:23:41,710 --> 00:23:44,580
S2: This is why we we can't have nice things in security, right?

455
00:23:44,580 --> 00:23:48,540
S2: We we have all these really amazingly intelligent people. But

456
00:23:48,540 --> 00:23:52,109
S2: then the the work, the actual analyst level work that

457
00:23:52,109 --> 00:23:56,550
S2: needs to happen, you know, it's it's hard. It's it's

458
00:23:56,550 --> 00:23:59,190
S2: a grind. Right. And this is again AI is going

459
00:23:59,190 --> 00:24:01,409
S2: to come in and make smarter decisions. But you still

460
00:24:01,410 --> 00:24:03,960
S2: got to have someone at the dashboard right. Yeah.

461
00:24:03,960 --> 00:24:07,419
S1: And yeah. And maybe that senior person comes in, finds

462
00:24:07,420 --> 00:24:09,520
S1: out they have to do tier one, tier two and

463
00:24:09,520 --> 00:24:12,580
S1: tier three, and they become part of your 25% who

464
00:24:12,580 --> 00:24:15,010
S1: jumps jobs? Right, right. Yeah.

465
00:24:15,220 --> 00:24:17,439
S2: Or with half. It's actually that number was half.

466
00:24:17,650 --> 00:24:18,910
S1: That was half. It was.

467
00:24:18,910 --> 00:24:21,910
S2: Half. The leaders are leaving and then 25% are getting

468
00:24:21,910 --> 00:24:24,730
S2: out of or completely doing different jobs. Didn't say they're

469
00:24:24,730 --> 00:24:26,110
S2: out of getting out of I have to go back.

470
00:24:26,109 --> 00:24:28,330
S2: I didn't say that they were getting out of security,

471
00:24:28,330 --> 00:24:31,790
S2: but they're going to do completely different jobs, which is crazy.

472
00:24:31,790 --> 00:24:35,060
S2: That just says they're entirely different roles is what is

473
00:24:35,060 --> 00:24:37,760
S2: what the report says. So I mean, that just says that,

474
00:24:37,760 --> 00:24:39,890
S2: you know, like, uh.

475
00:24:40,430 --> 00:24:42,830
S1: I think they weren't happy for some reason.

476
00:24:42,830 --> 00:24:46,580
S2: Right. And I think that the pressure cooker that the

477
00:24:46,580 --> 00:24:51,590
S2: other side is facing that companies are facing is, you know,

478
00:24:51,590 --> 00:24:56,590
S2: the evolvement of things like reporting, you know, reporting requirements, um,

479
00:24:57,430 --> 00:25:00,970
S2: the evolvement of breaches that are happening, all of these things,

480
00:25:00,970 --> 00:25:03,340
S2: and they're costing more money. And then you have all

481
00:25:03,340 --> 00:25:05,679
S2: this regulation coming in on top of it, which is

482
00:25:05,680 --> 00:25:08,380
S2: just creating so much more of a pressure cooker for

483
00:25:08,380 --> 00:25:11,560
S2: companies to operate in. Um, you know, and they're worried

484
00:25:11,560 --> 00:25:16,000
S2: about reputational damage. So, you know, that's something that, you know,

485
00:25:16,180 --> 00:25:19,340
S2: before what I don't know, maybe three, 4 or 5

486
00:25:19,340 --> 00:25:22,159
S2: years ago, we all knew, I mean, you know, our brand,

487
00:25:22,160 --> 00:25:23,720
S2: of course, you know, we talk about it all the time,

488
00:25:23,720 --> 00:25:26,720
S2: but but, you know, other companies really didn't I didn't

489
00:25:26,720 --> 00:25:28,520
S2: have any peers in the industry where this was a

490
00:25:28,520 --> 00:25:31,760
S2: huge concern for them. And now it's a concern for everybody,

491
00:25:31,760 --> 00:25:34,790
S2: which is the reporting requirements, your air and your dirty

492
00:25:34,790 --> 00:25:37,430
S2: laundry no matter what. Right. So you're going to have

493
00:25:37,430 --> 00:25:40,490
S2: to take into account with the board, you know, the

494
00:25:40,490 --> 00:25:42,639
S2: damage that it could happen to your brand. So I

495
00:25:42,640 --> 00:25:45,280
S2: think there is so much more of a, of a,

496
00:25:45,280 --> 00:25:47,920
S2: of a willingness for so many more CISOs to sort

497
00:25:47,920 --> 00:25:49,810
S2: of raise their hand and be like, you know, hey,

498
00:25:49,810 --> 00:25:52,419
S2: I'm tapping out. I got to hire a service to

499
00:25:52,420 --> 00:25:53,920
S2: do this. I have to go to a third party.

500
00:25:53,920 --> 00:25:56,440
S2: I just can't it's not it's not helping me drive

501
00:25:56,440 --> 00:25:59,320
S2: my business forward. I have to just have other other

502
00:25:59,320 --> 00:26:03,190
S2: companies and other other, you know, technologies help me with this.

503
00:26:03,190 --> 00:26:06,410
S2: So it is a really interesting evolvement. Um, in, in

504
00:26:06,410 --> 00:26:10,100
S2: the the pressure cooker of the Y, I guess I

505
00:26:10,100 --> 00:26:13,520
S2: is so needed is is definitely interesting, especially over the

506
00:26:13,520 --> 00:26:15,409
S2: last year. Yeah.

507
00:26:16,430 --> 00:26:20,929
S1: So here's, uh, something I didn't plan on saying in 2024, but, um,

508
00:26:20,930 --> 00:26:23,810
S1: it seems like crypto is coming back. Um, or at

509
00:26:23,810 --> 00:26:26,540
S1: least the interest is I, I haven't been tracking it closely,

510
00:26:26,540 --> 00:26:29,750
S1: but it seems like the attacks are coming with it.

511
00:26:29,760 --> 00:26:33,180
S1: Are you all seeing a lot more attacks inside of crypto?

512
00:26:33,600 --> 00:26:36,810
S2: Yeah, I mean, I think I think you're right. I

513
00:26:36,810 --> 00:26:40,950
S2: think it is interesting how crypto and crypto mining specifically

514
00:26:40,950 --> 00:26:43,410
S2: has sort of done this. I think it hit like

515
00:26:43,410 --> 00:26:45,570
S2: this really. I think when crypto was kind of new,

516
00:26:45,570 --> 00:26:48,330
S2: it hit like this. Wow, you can mine. And then

517
00:26:48,330 --> 00:26:50,070
S2: I think it went kind of quiet for a while

518
00:26:50,070 --> 00:26:53,040
S2: and I didn't hear a lot more about it. But again,

519
00:26:53,040 --> 00:26:56,690
S2: you know, going back to something like apt 32 where,

520
00:26:56,690 --> 00:26:59,540
S2: you know, that is like kind of their common theme

521
00:26:59,540 --> 00:27:05,150
S2: and they're really, really. So, I mean, right, as security professionals,

522
00:27:05,150 --> 00:27:07,220
S2: we got to respect the fine art. The fine art

523
00:27:07,220 --> 00:27:08,750
S2: might not be what we want to see every day,

524
00:27:08,750 --> 00:27:11,480
S2: but we do have to respect the fine art of,

525
00:27:11,510 --> 00:27:14,149
S2: you know, what they do, you know, and, and and

526
00:27:14,150 --> 00:27:17,630
S2: what we see as far as in its simplest form, um,

527
00:27:17,630 --> 00:27:20,070
S2: you know, of using a computer to do a lot

528
00:27:20,070 --> 00:27:23,010
S2: of really hard math problems, you know, to make money. Great. Okay.

529
00:27:23,010 --> 00:27:26,879
S2: But when you have a group like apt 32, that is,

530
00:27:26,880 --> 00:27:31,590
S2: you know, from writing their own custom spyware, um, you know,

531
00:27:31,590 --> 00:27:36,060
S2: or Mac OS malware that's using, you know, double extension, uh,

532
00:27:36,060 --> 00:27:39,480
S2: techniques written in Perl. That's crazy to me, all the

533
00:27:39,480 --> 00:27:42,650
S2: way to going on Facebook and getting people to click

534
00:27:42,650 --> 00:27:47,750
S2: phishing links, which in it's also simplest form is the

535
00:27:47,750 --> 00:27:52,490
S2: need to train employees. Right? So, you know, when you

536
00:27:52,490 --> 00:27:54,410
S2: get in the leadership level of talking about this stuff,

537
00:27:54,410 --> 00:27:56,630
S2: you know as well as I do, you know, the

538
00:27:56,900 --> 00:27:59,210
S2: CEO is always want to know, okay, how do I

539
00:27:59,240 --> 00:28:02,330
S2: how do I stop this. How do I how do

540
00:28:02,330 --> 00:28:05,119
S2: I do how do I deal with things like, um,

541
00:28:05,119 --> 00:28:07,710
S2: crypto mining and how do we protect ourselves from stuff

542
00:28:07,710 --> 00:28:09,000
S2: like this? And it all comes back to kind of

543
00:28:09,000 --> 00:28:11,310
S2: the same thing, right? It's all, you know, training your

544
00:28:11,310 --> 00:28:15,629
S2: employees to not click on, you know, links in emails

545
00:28:15,630 --> 00:28:19,110
S2: or here or there. But again, AI is making that

546
00:28:19,109 --> 00:28:22,380
S2: so hard to detect that that is becoming a, you know,

547
00:28:22,380 --> 00:28:24,629
S2: kind of a huge arms race is who's going to

548
00:28:24,630 --> 00:28:26,520
S2: be faster at that, you know, are we going to

549
00:28:26,520 --> 00:28:30,670
S2: train our employees faster? Are we going to, um, you know,

550
00:28:30,670 --> 00:28:32,560
S2: or are we going to let AI sort of take

551
00:28:32,560 --> 00:28:35,949
S2: over that, that, uh, you know, that space and let

552
00:28:35,950 --> 00:28:39,220
S2: it become even even more relevant to crypto mining and

553
00:28:39,220 --> 00:28:40,390
S2: all things malware?

554
00:28:41,290 --> 00:28:43,930
S1: Yeah, that makes sense. And I guess these names here

555
00:28:43,930 --> 00:28:48,700
S1: are cryptojacking. Is that really just stealing crypto? Yeah. And then, uh,

556
00:28:48,700 --> 00:28:52,900
S1: crypto mining is just, uh, taking control of a resource, uh,

557
00:28:52,900 --> 00:28:55,620
S1: someone else's resource and using that to mine, right?

558
00:28:55,620 --> 00:28:59,580
S2: Yeah, yeah. And with crypto mining, it's really interesting because,

559
00:28:59,580 --> 00:29:02,370
S2: you know, again, back in the day when it was

560
00:29:02,370 --> 00:29:05,160
S2: sort of up and coming, it was such a big surprise.

561
00:29:05,160 --> 00:29:07,920
S2: I feel like we almost got to a point where

562
00:29:07,920 --> 00:29:10,650
S2: we got overloaded on it and became so common. But

563
00:29:10,650 --> 00:29:15,210
S2: the thing with crypto mining is that most I would

564
00:29:15,210 --> 00:29:17,850
S2: say I'll go on a limb and say most, most

565
00:29:17,860 --> 00:29:21,310
S2: companies that aren't really looking for that sort of traffic

566
00:29:21,310 --> 00:29:24,670
S2: don't really know that adversaries are using their systems to

567
00:29:24,670 --> 00:29:28,540
S2: do crypto mining until they get the hide power bill,

568
00:29:28,540 --> 00:29:31,990
S2: or they experience a lag, you know, a systems lag where,

569
00:29:31,990 --> 00:29:34,900
S2: you know, hey, how come this, you know, application is

570
00:29:34,900 --> 00:29:38,890
S2: taking so long to load or you know, or why

571
00:29:38,890 --> 00:29:41,440
S2: why is this system running so slow or it just

572
00:29:41,440 --> 00:29:44,060
S2: took four minutes to download this one, you know, web

573
00:29:44,060 --> 00:29:46,760
S2: page or whatever. You know, they're having some sort of

574
00:29:46,760 --> 00:29:50,060
S2: indicator that they don't even really know as an indicator. Right?

575
00:29:50,060 --> 00:29:53,150
S2: So I think that that is the beauty in its

576
00:29:53,150 --> 00:29:56,510
S2: simplest form of a system being taken over to do

577
00:29:56,510 --> 00:29:58,820
S2: those hard math problems as it takes resources to do

578
00:29:58,820 --> 00:30:02,900
S2: the math problems. Right. Um, you know, criminal scan machines

579
00:30:02,900 --> 00:30:04,910
S2: for ones they can, you know, they can penetrate and

580
00:30:04,910 --> 00:30:07,660
S2: get into and then they're in and they're in the

581
00:30:07,660 --> 00:30:10,090
S2: compromised systems and victims just don't realize it. And they

582
00:30:10,090 --> 00:30:12,820
S2: don't they don't know they're compromised until they see something.

583
00:30:12,820 --> 00:30:14,469
S2: And then when they see something, they don't even know,

584
00:30:14,470 --> 00:30:16,959
S2: that's what it is. Right? So I think that's the

585
00:30:16,960 --> 00:30:19,540
S2: beauty of it is from an attacker perspective, is they

586
00:30:19,540 --> 00:30:21,940
S2: can be in there undetected forever. And then until you

587
00:30:21,940 --> 00:30:24,280
S2: get this really high power bill and someone in procurements

588
00:30:24,280 --> 00:30:26,890
S2: like something is wrong, I'm paying this bill. It's four

589
00:30:26,890 --> 00:30:29,560
S2: times the size. We should go look at that.

590
00:30:30,050 --> 00:30:32,930
S1: Yeah, it reminds me of, uh, Cuckoo's Egg. If you

591
00:30:32,930 --> 00:30:38,270
S1: remember that book, um, where, um, who was it? Cliff Stoll? Uh,

592
00:30:38,270 --> 00:30:42,260
S1: I think he was at, um, Lawrence Livermore lab, and

593
00:30:42,260 --> 00:30:45,350
S1: he was just checking logs and noticed, like, a weird

594
00:30:45,350 --> 00:30:48,170
S1: spike of, like, someone buying something for, like, $0.02 or

595
00:30:48,170 --> 00:30:52,520
S1: something and just starts digging and ends up uncovering, like,

596
00:30:52,520 --> 00:30:57,610
S1: this massive, like, German and Russian, uh, spy operation and everything.

597
00:30:57,610 --> 00:31:00,340
S1: And as you were saying that I was thinking of like,

598
00:31:00,340 --> 00:31:04,540
S1: I wonder if really, really smart crypto miners, they throttle

599
00:31:04,540 --> 00:31:07,660
S1: their stuff to try to fly under the radar, you know,

600
00:31:07,660 --> 00:31:10,479
S1: because if you just go crazy, you're more likely to

601
00:31:10,480 --> 00:31:11,260
S1: get caught.

602
00:31:11,350 --> 00:31:14,980
S2: Yeah, that that is a really, really, really, really good

603
00:31:15,070 --> 00:31:19,520
S2: good point and good question. And again you know I

604
00:31:19,520 --> 00:31:22,790
S2: can't I can't just help but use my, my my

605
00:31:22,790 --> 00:31:26,360
S2: my crystal ball. I mean there will be I that

606
00:31:26,360 --> 00:31:29,180
S2: will help detect that stuff, right. Like like I'm a

607
00:31:29,180 --> 00:31:31,760
S2: I'm a criminal. I need to figure out how to

608
00:31:31,760 --> 00:31:34,040
S2: fly a detector on the radar. Give me all the paths,

609
00:31:34,040 --> 00:31:37,370
S2: performance issues that have caused, you know, this to be detected.

610
00:31:37,370 --> 00:31:40,220
S2: They're going to learn from that. Of course they are.

611
00:31:40,220 --> 00:31:42,900
S2: I gotta learn from that too. Right. So, you know,

612
00:31:42,900 --> 00:31:46,680
S2: there is as I keeps, criminals are just going to

613
00:31:46,680 --> 00:31:48,300
S2: get smarter and smarter and smarter.

614
00:31:49,200 --> 00:31:53,220
S1: Yeah, yeah. The I basically look at the, the legitimate

615
00:31:53,220 --> 00:31:55,890
S1: load on the system. Although the question is like how

616
00:31:55,890 --> 00:31:58,980
S1: does it know the difference between legitimate and not. But

617
00:31:58,980 --> 00:32:00,750
S1: if you if you could look at like what the

618
00:32:00,750 --> 00:32:03,150
S1: business is supposed to do and see like all the

619
00:32:03,150 --> 00:32:05,850
S1: different processes running and then it sees, wait a minute,

620
00:32:05,850 --> 00:32:10,250
S1: what's this weird process that's got, you know, spiked usage?

621
00:32:10,250 --> 00:32:13,790
S1: Maybe that's worth looking into. Well, um.

622
00:32:13,790 --> 00:32:16,220
S2: I mean, I don't want to help exploit anything, but

623
00:32:16,220 --> 00:32:18,410
S2: if this were me, okay, if this were me, I

624
00:32:18,410 --> 00:32:21,350
S2: would want to know what normal is. Yes. Right. I'd

625
00:32:21,350 --> 00:32:23,780
S2: want to. I'd want to be there silently looking at normal.

626
00:32:23,780 --> 00:32:25,880
S2: I'd want to track normal for a very long time,

627
00:32:25,880 --> 00:32:27,500
S2: and I'd want to set that as a baseline, and

628
00:32:27,500 --> 00:32:30,239
S2: then I'd want to increase that by 4% and let

629
00:32:30,240 --> 00:32:33,210
S2: it go. Right. Or whatever your, your throttle looks like.

630
00:32:33,210 --> 00:32:36,780
S2: But you're absolutely right. I mean, sorry, that was probably

631
00:32:37,710 --> 00:32:39,720
S2: I want to be helpful to anybody. But that is

632
00:32:39,720 --> 00:32:43,080
S2: what I absolutely I mean of course. And I can

633
00:32:43,080 --> 00:32:44,130
S2: provide that.

634
00:32:44,400 --> 00:32:47,880
S1: Okay. So you mentioned the crystal ball. What is, uh,

635
00:32:47,880 --> 00:32:51,150
S1: 2025 look like for you? What do you, uh, what

636
00:32:51,150 --> 00:32:54,090
S1: are you anticipating or what might surprise you? What are

637
00:32:54,090 --> 00:32:54,860
S1: you thinking?

638
00:32:55,910 --> 00:33:02,480
S2: Um, so, I mean, for the year in for 2025, even.

639
00:33:02,480 --> 00:33:04,460
S2: What is it, July? So maybe not even the rest

640
00:33:04,460 --> 00:33:07,730
S2: of the calendar year, but for 2025, I think I,

641
00:33:07,760 --> 00:33:10,970
S2: you know, the one thing that I'm watching very closely

642
00:33:10,970 --> 00:33:15,710
S2: is regulation. Um, what how we evolve as a security

643
00:33:15,710 --> 00:33:19,110
S2: industry is really interesting from the from the very, very,

644
00:33:19,110 --> 00:33:24,180
S2: very top perspective. What I see is companies being held

645
00:33:24,180 --> 00:33:28,680
S2: accountable more so than ever. Right. So you see a

646
00:33:28,680 --> 00:33:33,690
S2: lot of very big companies publicly being held accountable in

647
00:33:33,690 --> 00:33:36,510
S2: where it's hurting them the most, which is how they

648
00:33:36,510 --> 00:33:40,050
S2: make money procurement. Right. You see lots of we see

649
00:33:40,050 --> 00:33:41,670
S2: a lot of government regulation. We see a lot of

650
00:33:41,670 --> 00:33:45,729
S2: industry regulation. We're seeing that across the board. And it's,

651
00:33:45,940 --> 00:33:48,220
S2: you know, table stakes for companies like ours where that's

652
00:33:48,220 --> 00:33:50,560
S2: where we're really selling into those environments a lot the

653
00:33:50,560 --> 00:33:52,959
S2: highly regulated environments. So we really do have to pay

654
00:33:52,960 --> 00:33:55,930
S2: attention and understand that. So that's the first thing. I

655
00:33:55,930 --> 00:33:59,860
S2: think that's where the pressure will come for, for all companies.

656
00:34:00,010 --> 00:34:02,770
S2: I think the result of that will be you're going

657
00:34:02,770 --> 00:34:08,370
S2: to see lots of kicking and screaming, lots of, you know,

658
00:34:08,370 --> 00:34:11,880
S2: translation of things that what I always say internally is

659
00:34:11,880 --> 00:34:14,280
S2: it defies gravity. There are a lot of really well

660
00:34:14,280 --> 00:34:16,920
S2: intentioned regulations and things that we have to pay attention

661
00:34:16,920 --> 00:34:19,950
S2: to as companies or as, you know, as security practitioners

662
00:34:19,950 --> 00:34:24,300
S2: that don't translate well into reality. Well, and I'll give

663
00:34:24,300 --> 00:34:29,190
S2: you an example, you need to stop all vulnerabilities, right?

664
00:34:29,190 --> 00:34:33,850
S2: Said who ever. There can be no vulnerabilities and you

665
00:34:33,850 --> 00:34:36,910
S2: must respond to everything in four minutes. Well, that's great

666
00:34:36,910 --> 00:34:39,640
S2: in theory, that's amazing. Right? But but you know as

667
00:34:39,640 --> 00:34:41,920
S2: well as I do that defies gravity. There's just, you know,

668
00:34:41,920 --> 00:34:45,129
S2: nobody can do that. So no company it doesn't matter

669
00:34:45,130 --> 00:34:46,900
S2: how big you are. As a matter of fact, it

670
00:34:46,900 --> 00:34:50,950
S2: almost becomes more difficult for the bigger companies because their

671
00:34:50,950 --> 00:34:53,109
S2: surface tends to be so much bigger, right? They have

672
00:34:53,110 --> 00:34:56,330
S2: so much more to watch than maybe the lumber manufacturer,

673
00:34:56,330 --> 00:34:59,330
S2: as you know this much. And the huge software producer

674
00:34:59,330 --> 00:35:04,009
S2: has a supply chain, um, in it. So I think

675
00:35:04,010 --> 00:35:06,230
S2: that in 2025, we're really going to see a lot

676
00:35:06,230 --> 00:35:10,610
S2: of pressure on supply chains knowing what's, you know, you're

677
00:35:10,610 --> 00:35:13,850
S2: a producer, you're a seller, you're a consumer. You wear

678
00:35:13,850 --> 00:35:15,589
S2: one of three hats. Are you wearing all three hats?

679
00:35:15,590 --> 00:35:17,060
S2: Are you wearing two of those hats? Are you wearing

680
00:35:17,060 --> 00:35:19,000
S2: one of those hats? And I think what we'll see

681
00:35:19,000 --> 00:35:21,430
S2: is a lot of pressure on those roles to know

682
00:35:21,430 --> 00:35:25,570
S2: where they are. We're going to see a lot more, um,

683
00:35:25,570 --> 00:35:28,390
S2: arms races and security. And what I mean by arms

684
00:35:28,390 --> 00:35:34,450
S2: races is how fast can you scale the the technology

685
00:35:34,450 --> 00:35:38,560
S2: evolvement and the AI machine. It's fighting AI with AI

686
00:35:38,560 --> 00:35:42,040
S2: and it absolutely is a thing. And, and, you know, uh,

687
00:35:42,040 --> 00:35:44,149
S2: I do talk to a lot of other CISOs about

688
00:35:44,150 --> 00:35:46,819
S2: this that, you know, if you sleep on that one,

689
00:35:46,820 --> 00:35:49,010
S2: you're going to end up getting outpaced faster than you

690
00:35:49,010 --> 00:35:52,580
S2: can grow. So don't don't, you know, don't think for

691
00:35:52,580 --> 00:35:54,380
S2: a second that you don't have to worry about it

692
00:35:54,380 --> 00:35:57,650
S2: because you do. That's you know, I rinse and repeat

693
00:35:57,650 --> 00:36:00,650
S2: that all the time. Um, the other thing I think

694
00:36:00,650 --> 00:36:02,390
S2: we're going to see in 25 is a lot more

695
00:36:02,390 --> 00:36:07,009
S2: companies looking at the liability hot potato. So there's a

696
00:36:07,010 --> 00:36:10,219
S2: hot potato in all of this. That's a liability right.

697
00:36:10,219 --> 00:36:14,690
S2: To reporting to a board of directors, to procurement, to

698
00:36:14,690 --> 00:36:17,240
S2: how we make money and to revenue and to what

699
00:36:17,239 --> 00:36:20,060
S2: we report publicly. You will see a lot more CISOs

700
00:36:20,060 --> 00:36:24,170
S2: realize that liability hot potato is something that they need

701
00:36:24,170 --> 00:36:27,470
S2: to start taking chunks out of that they own. So

702
00:36:27,469 --> 00:36:30,470
S2: you're going to see a lot more managed services, right?

703
00:36:30,469 --> 00:36:32,750
S2: You're going to see a lot more scalability with bigger

704
00:36:32,750 --> 00:36:35,150
S2: vendors where, you know, I can go to a bigger

705
00:36:35,150 --> 00:36:37,610
S2: vendor and they can provide me these services. I can

706
00:36:37,640 --> 00:36:39,800
S2: then check that off my list and not necessarily have

707
00:36:39,800 --> 00:36:40,730
S2: to worry about it.

708
00:36:40,910 --> 00:36:44,060
S1: And guarantees the bigger ones can provide guarantees.

709
00:36:44,060 --> 00:36:47,630
S2: Absolutely, absolutely. We just did our own right. We just

710
00:36:47,630 --> 00:36:49,850
S2: did $1 million guarantee. And so you're going to see

711
00:36:49,850 --> 00:36:52,130
S2: a lot more CISOs raise their hand and be like,

712
00:36:52,130 --> 00:36:56,219
S2: are you going to reduce my liability? Not even just security,

713
00:36:56,219 --> 00:36:58,200
S2: but but how are you going to take the pressure

714
00:36:58,200 --> 00:37:00,180
S2: off my shoulders so that I can go worry about

715
00:37:00,180 --> 00:37:02,670
S2: doing other stuff so my company can make money? You're

716
00:37:02,670 --> 00:37:06,000
S2: going to see that in 2025, really take a much

717
00:37:06,000 --> 00:37:08,009
S2: more of a balancing act. So I do suspect that

718
00:37:08,010 --> 00:37:11,310
S2: that companies that offer managed services or that can scale,

719
00:37:11,640 --> 00:37:15,330
S2: offering more sort of chunks of availability for their their

720
00:37:15,330 --> 00:37:19,219
S2: customers are really going to start to see, as companies

721
00:37:19,219 --> 00:37:20,660
S2: wake up and sort of be like, oh, I don't

722
00:37:20,660 --> 00:37:22,279
S2: have to do that. I can hire someone else to

723
00:37:22,280 --> 00:37:25,250
S2: do it. Um, you know, and honestly, in my bottom line,

724
00:37:25,250 --> 00:37:27,980
S2: that saves me 10% because of the staffing issue or

725
00:37:27,980 --> 00:37:30,920
S2: the technology scalability issue. Um, I think we're going to

726
00:37:30,920 --> 00:37:32,420
S2: see a lot of that. And that will be a

727
00:37:32,420 --> 00:37:36,320
S2: combination of regulation, putting pressure on companies to pay attention,

728
00:37:36,320 --> 00:37:40,850
S2: causing liability. I mean, look at Executive Order 14028. You know,

729
00:37:40,850 --> 00:37:44,759
S2: CEOs are signing personal attestment. When does that ever happen

730
00:37:44,760 --> 00:37:45,690
S2: in history? Yeah.

731
00:37:46,800 --> 00:37:51,239
S1: Yeah. And what about insurance? Insurance probably be more popular

732
00:37:51,239 --> 00:37:52,080
S1: because of that.

733
00:37:52,080 --> 00:37:54,780
S2: Well and cyber insurance rates. Right. They're going through the

734
00:37:54,780 --> 00:37:57,540
S2: roof because there's so you know, if their rates go

735
00:37:57,540 --> 00:38:00,840
S2: down by 10% and they're saving, you know, you know,

736
00:38:00,840 --> 00:38:04,560
S2: maybe the managed service that they have costs, you know, 5% more.

737
00:38:04,560 --> 00:38:07,140
S2: But in reality it would cost them 20% more than

738
00:38:07,140 --> 00:38:09,540
S2: that to hire the people. And then their cyber insurance

739
00:38:09,540 --> 00:38:12,000
S2: rates drop by 10%. You're going to see a lot

740
00:38:12,000 --> 00:38:15,720
S2: more evening of the scale of of how companies look

741
00:38:15,719 --> 00:38:19,560
S2: at how to manage their, you know, their incident detection response,

742
00:38:19,560 --> 00:38:23,880
S2: especially especially, um, I think that's just one area that's

743
00:38:23,880 --> 00:38:24,779
S2: ripe for disruption.

744
00:38:24,780 --> 00:38:30,089
S1: So yeah, I, I love these three that you mentioned.

745
00:38:30,090 --> 00:38:33,750
S1: I think you're spot on. Um, I've got a friend named, uh,

746
00:38:33,750 --> 00:38:38,460
S1: Sasha Ziegler who is talking about basically this big evolution.

747
00:38:38,550 --> 00:38:44,940
S1: Basically Enron, you had CFOs got woken up, um, right.

748
00:38:44,940 --> 00:38:49,140
S1: And now, uh, this year and last year, basically, the

749
00:38:49,140 --> 00:38:52,259
S1: SEC is causing CISOs to wake up. So he's talking

750
00:38:52,260 --> 00:38:57,100
S1: about cyber CFO. So it's basically this bifurcation where you

751
00:38:57,100 --> 00:39:03,430
S1: have technical CISOs potentially dropping down to like VP of security.

752
00:39:04,000 --> 00:39:09,069
S1: And like the the more business oriented move up into

753
00:39:09,070 --> 00:39:10,450
S1: like head of risk.

754
00:39:10,570 --> 00:39:13,330
S2: Absolutely. 100%. It's a.

755
00:39:13,330 --> 00:39:15,880
S4: Business. Yeah, it's a business.

756
00:39:15,880 --> 00:39:19,620
S2: And it's a costly business to maintain this company, right?

757
00:39:19,770 --> 00:39:23,009
S2: I mean, the budgets are huge or the, you know,

758
00:39:23,010 --> 00:39:27,210
S2: the it's a forcing function of. I absolutely think you're right.

759
00:39:27,210 --> 00:39:30,569
S2: And that person in that role has to balance out

760
00:39:30,570 --> 00:39:33,870
S2: the ability to generate revenue of a company to the

761
00:39:33,870 --> 00:39:38,939
S2: liability that that is on that curve of security, because

762
00:39:38,940 --> 00:39:43,120
S2: you can't, you know, the the awakening of the CISO

763
00:39:43,120 --> 00:39:46,000
S2: has been, oh, gosh, you know, security is really, really

764
00:39:46,000 --> 00:39:48,160
S2: important to my company. But if I don't do it,

765
00:39:48,160 --> 00:39:50,890
S2: if we don't do it, you know, now with the

766
00:39:50,890 --> 00:39:55,540
S2: evolution of regulation that's happening, the brand is going to

767
00:39:55,540 --> 00:39:57,340
S2: be toast. So we won't have anything to sell in

768
00:39:57,340 --> 00:40:00,100
S2: the first place. Right? So no one will trust us.

769
00:40:00,219 --> 00:40:02,530
S2: So especially if you're in the supply chain, I think

770
00:40:02,530 --> 00:40:04,690
S2: that role will be very popular if you're in the

771
00:40:04,690 --> 00:40:08,460
S2: supply chain somewhere. Um, and you actually are selling a

772
00:40:08,460 --> 00:40:10,229
S2: widget or a part of a widget to another company

773
00:40:10,230 --> 00:40:11,879
S2: that has to sell a widget, right? And so you're

774
00:40:11,880 --> 00:40:15,930
S2: buried in there's a liability factor where, you know, the

775
00:40:15,930 --> 00:40:17,760
S2: company may be selling the end widget is going to,

776
00:40:17,910 --> 00:40:19,739
S2: because of regulation, are going to turn around and hold

777
00:40:19,739 --> 00:40:23,070
S2: you accountable. So that is going to be the really

778
00:40:23,070 --> 00:40:24,690
S2: and I mean, you know, as far as our IoT

779
00:40:24,690 --> 00:40:28,350
S2: brand with with QNX in vehicles, things like that or

780
00:40:28,350 --> 00:40:30,799
S2: satellites or anything where they're going to turn around and

781
00:40:30,800 --> 00:40:34,640
S2: start pointing fingers. You know, that's where that that role,

782
00:40:34,640 --> 00:40:37,760
S2: I think, is really going to be critical is to

783
00:40:37,760 --> 00:40:41,870
S2: understand the entire liability to a revenue chain and not

784
00:40:41,870 --> 00:40:45,440
S2: just a CISO looking at risk to, you know, it's

785
00:40:45,440 --> 00:40:46,370
S2: a different skill.

786
00:40:46,700 --> 00:40:51,739
S1: Yeah. Yeah, absolutely. Well, uh, I love these predictions. I

787
00:40:51,739 --> 00:40:55,160
S1: think you're absolutely right. And perhaps we can revisit, uh,

788
00:40:55,160 --> 00:40:57,980
S1: here shortly. But, uh, thank you so much for your time.

789
00:40:57,980 --> 00:40:59,690
S2: Yeah, absolutely. We'd love to.

790
00:41:00,230 --> 00:41:03,590
S1: All right. Where, um, where can we follow, uh, your work.

791
00:41:03,590 --> 00:41:05,750
S1: Your team's work? BlackBerry's work.

792
00:41:05,750 --> 00:41:10,790
S2: Yeah, absolutely. Well, blackberry.com for our external, uh, website. Um,

793
00:41:10,790 --> 00:41:14,030
S2: you follow me on LinkedIn. I'm Christine Gadsby on LinkedIn,

794
00:41:14,150 --> 00:41:16,400
S2: and I'll connect. You know, just send me an invite.

795
00:41:16,400 --> 00:41:19,000
S2: I'll connect and happy to chat. I have lots of

796
00:41:19,000 --> 00:41:24,130
S2: amazing conversations with other CISOs and other VP of Product Security,

797
00:41:24,130 --> 00:41:26,260
S2: or even on the network side, just chatting with other

798
00:41:26,260 --> 00:41:30,129
S2: people around these future future predictions. And I wrote down

799
00:41:30,130 --> 00:41:31,660
S2: the name that you just gave me. I'm going to

800
00:41:31,690 --> 00:41:33,580
S2: I'm going to reach out to Sasha to. That's a

801
00:41:33,580 --> 00:41:36,489
S2: fun conversation. I love having it. Awesome.

802
00:41:37,600 --> 00:41:38,920
S1: All right. Well, I enjoyed it.

803
00:41:38,980 --> 00:41:40,780
S2: Awesome. Same. Thank you. Daniel.

804
00:41:40,810 --> 00:41:41,770
S1: All right. Take care.

805
00:41:41,770 --> 00:41:42,910
S2: You too. Cheers.