WEBVTT - A Conversation with Christine Gadsby from BlackBerry 0:00:00.230 --> 0:00:02.960 All right, Christine, welcome to unsupervised Learning. 0:00:03.950 --> 0:00:05.060 Thank you for having me. 0:00:06.440 --> 0:00:09.170 All right. We're going to, uh, we're going to jump 0:00:09.170 --> 0:00:11.930 into some stuff, uh, pretty quick here. Uh, start with 0:00:11.930 --> 0:00:17.300 the easy stuff. Um, I. So, uh, the cybersecurity industry 0:00:17.300 --> 0:00:21.890 has made a lot of, I guess, hubbub about AI 0:00:21.890 --> 0:00:24.829 and basically how big it's getting. And I'm wondering, just 0:00:24.829 --> 0:00:29.590 what are you hearing about? Like the contrast between is 0:00:29.590 --> 0:00:32.500 it is it hype? Is it really happening? Is it really, 0:00:32.500 --> 0:00:35.229 really happening? Like how much of it is like potential 0:00:35.229 --> 0:00:38.920 energy versus kinetic energy. Like what are you seeing and hearing. 0:00:39.820 --> 0:00:43.479 So that's a great question to start. Um, it you know, 0:00:43.479 --> 0:00:45.880 I guess I'll, I'll start with your first ask, which 0:00:45.880 --> 0:00:49.150 is is it real? Uh, absolutely. It's real. I think 0:00:49.150 --> 0:00:52.870 that when you look at the security industry as a whole, um, 0:00:52.870 --> 0:00:55.490 when you look at the the places that we have 0:00:55.490 --> 0:00:58.370 to focus most of our time and energy as leaders or, 0:00:58.370 --> 0:01:01.490 you know, budget or, you know, actually just doing pure 0:01:01.520 --> 0:01:04.880 security work, um, you know, you can't help but miss 0:01:04.880 --> 0:01:08.480 things like incident response, threat hunting, you know, looking at 0:01:08.480 --> 0:01:12.290 indications of compromise, because that's kind of where it all starts. Uh, 0:01:12.290 --> 0:01:16.730 and I has a beautiful ability, um, in my opinion, to, 0:01:16.730 --> 0:01:22.140 you know, empower smarter decisions, um, quicker, more accurate assessments, 0:01:22.140 --> 0:01:25.860 especially when looking at indicators of compromise. Um, within your 0:01:25.860 --> 0:01:28.229 incident response team, which again, takes to, you know, tends 0:01:28.230 --> 0:01:30.480 to be one of the most critical functions in any 0:01:30.480 --> 0:01:33.810 security team, uh, and also one of the hardest to 0:01:33.810 --> 0:01:38.580 staff and most costly. Um, so I think that there, 0:01:38.580 --> 0:01:41.990 you know, it's definitely real and there's lot of opportunity 0:01:41.990 --> 0:01:47.120 to take that and make it, um, much more intelligent. Uh, 0:01:47.120 --> 0:01:49.610 you know, it's a battlefield. So as we get smarter, 0:01:49.610 --> 0:01:51.980 our adversaries get smarter. So I think there's also a 0:01:51.980 --> 0:01:53.510 kind of a give and take of almost that you 0:01:53.510 --> 0:01:56.450 have to pay attention. Um, because if you're not paying attention, 0:01:56.450 --> 0:01:59.090 obviously your enemies are. Yeah. 0:02:00.110 --> 0:02:03.770 Yeah, that makes sense. So you mentioned incident response. So 0:02:03.770 --> 0:02:06.630 what are some other areas that, um, seem pretty ripe 0:02:06.630 --> 0:02:07.410 for you? 0:02:08.040 --> 0:02:10.950 Yeah. Well, I mean, the entire security program and it's 0:02:10.950 --> 0:02:15.960 in in its functions and roles are all right for automation. Um, 0:02:15.960 --> 0:02:18.240 and I think that companies that are really on the 0:02:18.240 --> 0:02:21.720 forefront of this technology are doing things like, you know, 0:02:21.720 --> 0:02:24.570 sandboxing their own data lakes and then using AI to 0:02:24.570 --> 0:02:28.440 really plug into that to make really great automated decisions. Uh, 0:02:28.440 --> 0:02:31.450 I mean, there's definitely a ton of power in that. Um, 0:02:31.450 --> 0:02:33.429 if you're a bigger company and have a lot of data, 0:02:33.460 --> 0:02:34.810 you know, that's kind of the way to go. But 0:02:34.810 --> 0:02:36.790 I think it's really important to to look at the 0:02:36.790 --> 0:02:40.630 types of industries and companies that really need to be 0:02:40.630 --> 0:02:43.750 focusing on AI. And I think there's a difference between, 0:02:43.750 --> 0:02:47.470 you know, I use this example when I'm speaking to 0:02:47.470 --> 0:02:49.930 others in the industry, if you are a, you know, 0:02:49.930 --> 0:02:52.929 a company that, uh, is a, um, I don't know, 0:02:52.930 --> 0:02:56.310 a lumber distributor, you know, you're, you're building boards that 0:02:56.310 --> 0:02:58.889 are going to go build somebody's houses. Your attack surface 0:02:58.919 --> 0:03:04.590 is absolutely not the same as a company developing security software, right? 0:03:04.590 --> 0:03:07.830 You know, the the company that is, you know, maybe 0:03:07.830 --> 0:03:11.010 not publicly traded also and doesn't really have that that 0:03:11.010 --> 0:03:15.690 risk from, um, customer information might be worried about protecting 0:03:15.690 --> 0:03:19.420 maybe their financial data, or maybe their even their company 0:03:19.419 --> 0:03:22.870 trade secrets. But a secure software developer who has a 0:03:22.870 --> 0:03:27.070 product they're actually selling into, you know, the highly regulated environment, 0:03:27.070 --> 0:03:30.130 who inherits their attack surface and becomes part of their 0:03:30.130 --> 0:03:33.850 supply chain. You know, that's a more a different role 0:03:33.850 --> 0:03:38.080 for AI, right? So I think it's also imperative that 0:03:38.080 --> 0:03:41.400 we balance kind of the need for that. And and 0:03:41.400 --> 0:03:43.620 you know, where you're going to to invest, so to 0:03:43.620 --> 0:03:47.010 speak for that. You know, that latter example of, you know, 0:03:47.010 --> 0:03:50.100 companies like ours that are selling, you know, security software 0:03:50.100 --> 0:03:53.790 into highly regulated environments. It's we, you know, it's table stakes. 0:03:53.790 --> 0:03:57.930 We have to understand that landscape, um, and automation and 0:03:57.930 --> 0:04:01.320 AI driven, you know, response really is the value. I mean, 0:04:01.320 --> 0:04:03.660 there's lots of value in AI, but that's definitely where 0:04:03.660 --> 0:04:07.390 I see the, the most value because you're, you know, 0:04:07.390 --> 0:04:10.720 you're you're hitting in so many areas. Um, not only 0:04:10.720 --> 0:04:13.810 are you able to look at indicators of compromise and 0:04:13.810 --> 0:04:18.010 make quicker, faster decisions, but you can look at hypothesis 0:04:18.010 --> 0:04:21.070 driven decisions that have already been proven, which is, you know, 0:04:21.070 --> 0:04:24.880 really brings on to the intelligence. So, um, it's kind 0:04:24.880 --> 0:04:27.490 of like driving a car from 1986 and driving the 0:04:27.490 --> 0:04:30.890 space shuttle. You know, there's just so much more, um, 0:04:31.070 --> 0:04:36.830 overwhelming capability. But, you know, of course, that also comes with, uh, responsibility. Um, 0:04:36.830 --> 0:04:40.250 but that's, you know, definitely an area I see, um, 0:04:40.250 --> 0:04:42.080 disrupting the industry for sure. 0:04:42.950 --> 0:04:46.400 Yeah. And you're the VP of product security over there 0:04:46.400 --> 0:04:50.539 at BlackBerry. So how are you seeing it in your products? 0:04:50.930 --> 0:04:55.479 Well, I think probably the biggest, um, impact we're seeing 0:04:55.480 --> 0:04:58.180 in our products is actually the services we're offering with 0:04:58.180 --> 0:05:01.930 the AI, you know, included in it. So, you know, 0:05:01.930 --> 0:05:05.560 our guard team has, uh, which is professional services that does, 0:05:05.560 --> 0:05:08.890 you know, incident response for these, these mid to smaller 0:05:08.890 --> 0:05:11.650 enterprise companies or any company for that matter. But where 0:05:11.650 --> 0:05:15.610 I really see the pain from this is coming from 0:05:15.610 --> 0:05:19.219 these you know many companies that just don't have the 0:05:19.220 --> 0:05:22.580 ability to scale this fast enough. Um, you know, attackers 0:05:22.580 --> 0:05:26.330 are getting smarter and it takes time. Um, staffing challenges, 0:05:26.330 --> 0:05:29.660 all of that great stuff to really scale to that. 0:05:29.660 --> 0:05:32.480 And where we're really seeing, I think the most impact 0:05:32.480 --> 0:05:35.510 there is, you know, our services team who has the 0:05:35.510 --> 0:05:38.210 ability to scale for, you know, for the company that 0:05:38.210 --> 0:05:40.369 might not be able to, um, you know, they have 0:05:40.370 --> 0:05:42.720 a dashboard and they can literally hit, you know, a 0:05:42.720 --> 0:05:45.210 help me button, so to speak. And then we have 0:05:45.210 --> 0:05:47.880 a team of people that can run these AI and 0:05:47.880 --> 0:05:50.820 automation driven decisions for them. So I think that that's 0:05:50.820 --> 0:05:54.120 really been one of the bigger things that we've seen. Uh, 0:05:54.120 --> 0:05:58.410 you know, we as a company, historically when we, um, 0:05:58.410 --> 0:06:02.100 purchased silence as a company, you know, brought AI into 0:06:02.100 --> 0:06:05.420 our company long before I was really even talked about. 0:06:05.420 --> 0:06:09.799 So we've we've definitely got the, the historical, um, expertise 0:06:09.800 --> 0:06:13.310 built into, um, to some of that decision making with AI. 0:06:14.900 --> 0:06:17.420 Yeah, that makes sense. I mean, I guess can I 0:06:17.420 --> 0:06:23.150 step back? Um, really interesting. So you have all this 0:06:23.150 --> 0:06:25.729 stuff going on there at BlackBerry. You have. I've talked 0:06:25.730 --> 0:06:29.490 to multiple people over there, uh, through unsupervised learning, and 0:06:29.490 --> 0:06:31.469 it's like you've got a whole bunch of AI research 0:06:31.470 --> 0:06:34.409 going on. You've got your whole team there, you've got 0:06:34.410 --> 0:06:39.780 all these, uh, different service offerings like you mentioned, incident response, like, uh, 0:06:39.779 --> 0:06:43.049 like other players there. And it's like, how often do 0:06:43.050 --> 0:06:45.540 you get the question of like, oh, BlackBerry. Oh, I 0:06:45.540 --> 0:06:47.970 didn't realize they were doing all these elite things. Is 0:06:47.970 --> 0:06:51.539 that pretty much a regular conversation with, uh, outsiders? 0:06:51.540 --> 0:06:53.750 It is. It is because, you know, back from the 0:06:53.750 --> 0:06:56.810 days of the handset, um, you know, I think everybody 0:06:56.810 --> 0:07:00.860 knew and everybody knows that BlackBerry does amazing security things. 0:07:00.860 --> 0:07:03.170 You know, I don't think there's any question the brand 0:07:03.170 --> 0:07:06.230 has has done us well for that over the years. And, and, 0:07:06.230 --> 0:07:09.320 you know, the the unsaid thing is the highly regulated 0:07:09.320 --> 0:07:11.780 and people that really, really, really care. And, you know, again, 0:07:11.780 --> 0:07:14.270 in my example of the lumber manufacturer to a highly 0:07:14.270 --> 0:07:17.520 regulated environment, it's not the same. And BlackBerry has played 0:07:17.520 --> 0:07:20.430 in that highly regulated environment, you know, for a very, very, 0:07:20.430 --> 0:07:24.420 very long time. And so we do understand, uh, the 0:07:24.420 --> 0:07:28.410 importance and the, the just the value of just doing 0:07:28.410 --> 0:07:31.440 pure security work. Um, and that's tough in the industry 0:07:31.440 --> 0:07:34.830 when you're a, a security software vendor because you're, you're, 0:07:34.830 --> 0:07:37.440 you're in security. You're doing security, you have products that 0:07:37.440 --> 0:07:39.900 do security. And then the outcome is security. So it's 0:07:39.900 --> 0:07:43.119 kind of embedded into, you know, everything that you do. Um, 0:07:43.120 --> 0:07:45.310 but I think what's really been cool to see over 0:07:45.310 --> 0:07:48.940 the years has been to watch, um, sort of the, the, 0:07:48.940 --> 0:07:50.650 the things out of the handset that we were really 0:07:50.650 --> 0:07:53.380 good at and to put that into a service. Um, again, 0:07:53.380 --> 0:07:55.540 you know, nowhere is that more applicable than what we're 0:07:55.540 --> 0:07:58.750 talking about today with our acquisition of silence and just running, 0:07:58.840 --> 0:08:02.080 you know, the managed endpoint detection with AI in it 0:08:02.080 --> 0:08:05.790 has been really cool to see us take our really intelligent, 0:08:05.790 --> 0:08:08.400 smart security thinking and sort of turn it and evolve 0:08:08.400 --> 0:08:11.730 into what is the most important thing today. Um, so 0:08:11.730 --> 0:08:14.100 you know that that's been really cool to watch. But yes, 0:08:14.100 --> 0:08:16.530 I run into that. If I had a nickel for 0:08:16.530 --> 0:08:18.240 every time someone asked me if we were going to 0:08:18.240 --> 0:08:22.530 make phones again. Oh my gosh, if we ever, you know, 0:08:22.560 --> 0:08:25.380 we're I'm not saying we're making phones again. We're not. But, 0:08:25.530 --> 0:08:26.790 you know, if we ever were to. 0:08:26.790 --> 0:08:28.440 Do that, you heard it here first. 0:08:29.170 --> 0:08:31.630 If we ever were, if we ever did that again. 0:08:31.630 --> 0:08:33.790 Oh my gosh. Uh, I would have to then go 0:08:33.790 --> 0:08:36.490 change my narrative after changing my narrative after changing it 0:08:36.490 --> 0:08:39.610 one more time. So yes, it is, um, it is 0:08:39.610 --> 0:08:43.300 a complicated world and security, and we definitely play in 0:08:43.300 --> 0:08:45.309 lots of facets in it. So it is we make 0:08:45.309 --> 0:08:46.090 it complicated too. 0:08:46.120 --> 0:08:50.980 So yeah. And now that I'm thinking about it, I'm 0:08:50.980 --> 0:08:54.500 thinking about all the places that the handset had sort 0:08:54.500 --> 0:08:57.320 of penetration. It was it was really big with the 0:08:57.320 --> 0:09:00.140 federal space in the US. And I imagine with governments 0:09:00.140 --> 0:09:02.870 all over the world. So if you have talent and 0:09:02.870 --> 0:09:06.590 you have tech and you get out of a particular market, 0:09:06.590 --> 0:09:09.650 you still have the that talent in tech and you 0:09:09.650 --> 0:09:13.130 still have the relationships. So that's that's seems to be 0:09:13.130 --> 0:09:17.000 why BlackBerry's security has survived and thrived. 0:09:17.020 --> 0:09:20.920 Absolutely, 100%. Um, you know, the one thing over the 0:09:20.920 --> 0:09:26.229 years that I've learned is, is as these, uh, regulated markets, um, 0:09:26.230 --> 0:09:30.340 the wheel just keeps turning, the regulation just keeps getting harder. 0:09:30.340 --> 0:09:33.970 The attackers get smarter, it never stops to evolve. So 0:09:33.970 --> 0:09:36.070 if you think about, like, the crystal, I always talk 0:09:36.070 --> 0:09:37.750 about my crystal ball. Like, you know, we had a 0:09:37.750 --> 0:09:39.610 crystal ball ten years ago, and we were looking at 0:09:39.610 --> 0:09:41.780 this like, you know, hey, these are the things that 0:09:41.780 --> 0:09:43.760 are going to be important coming up in the next, 0:09:43.760 --> 0:09:45.530 you know, ten years. And if you look back at 0:09:45.530 --> 0:09:49.400 that crystal ball, um, you know, we were really highly 0:09:49.400 --> 0:09:51.830 accurate on a lot of things, both in our team 0:09:51.830 --> 0:09:55.069 and in the product teams. Um, and that trust that 0:09:55.070 --> 0:09:57.530 you have with the highly regulated market, whether it's banks 0:09:57.530 --> 0:10:00.890 or medical or, you know, us federal, um, or any 0:10:00.890 --> 0:10:05.210 of the agencies, it's it's really, really, um, important to 0:10:05.230 --> 0:10:08.740 them that they, they can trust their vendors because their 0:10:08.740 --> 0:10:12.790 security is really only as good as their vendor security. Um, 0:10:12.970 --> 0:10:15.610 you know, we can look at, you know, go back 0:10:15.610 --> 0:10:18.460 to just outside of AI and malware, but going back 0:10:18.460 --> 0:10:21.790 to things like, um, you know, log for J, you know, 0:10:21.790 --> 0:10:24.430 just things where it really proved that the supply chain 0:10:24.429 --> 0:10:27.699 was really only as strong as its is its weakest link. Uh, 0:10:27.700 --> 0:10:30.650 and so I really think that, you know, vendors that 0:10:30.650 --> 0:10:33.199 have that trust built in that, you know, really focus 0:10:33.200 --> 0:10:35.750 on this. Um, have, have sort of proven their value 0:10:35.750 --> 0:10:37.640 over the years. Yeah. 0:10:38.240 --> 0:10:41.450 This is actually what I'm most excited about with AI is, um, 0:10:41.750 --> 0:10:44.360 what what I call like the mini AIS or whatever 0:10:44.360 --> 0:10:47.689 it was stolen from open source. But if you look 0:10:47.690 --> 0:10:51.620 at how many, uh, contracts are coming through or like, vendors. Um, 0:10:51.620 --> 0:10:55.020 and then supply chain relationships. How complex and like web 0:10:55.020 --> 0:10:57.480 do they are. And then you have like this team 0:10:57.480 --> 0:11:00.150 of four people or whatever for most companies, or let's 0:11:00.150 --> 0:11:03.990 say it's 14 people. Like if you're super lucky, you 0:11:03.990 --> 0:11:08.460 might be looking at tens of thousands of connections and 0:11:08.460 --> 0:11:11.790 then secondary connections on top of that for like all 0:11:11.790 --> 0:11:14.430 this different stuff. And then you're looking at billions of 0:11:14.429 --> 0:11:18.500 log events per day or whatever. And it kind of 0:11:18.500 --> 0:11:22.160 reminds me of, um, a lot of people don't know 0:11:22.160 --> 0:11:26.090 that when you're watching, uh, asteroids or meteors in the sky, 0:11:26.090 --> 0:11:31.520 it's actually not NASA. It's backyard people with telescopes. Right? 0:11:31.760 --> 0:11:35.810 And there simply aren't enough eyes to watch everything that 0:11:35.809 --> 0:11:39.140 we have to watch for. And so I really love 0:11:39.140 --> 0:11:41.819 the fact that we can very soon we're going to 0:11:41.820 --> 0:11:45.480 have so many different eyes and they're going to start 0:11:45.480 --> 0:11:48.960 as like, you know, lower intern level or whatever. But 0:11:48.960 --> 0:11:53.100 people are already saying 2025, those very cheap eyes might 0:11:53.100 --> 0:11:57.180 be like PhD level, right? But imagine you have thousands 0:11:57.179 --> 0:12:01.439 of them or millions of them. It's just bottom line. 0:12:01.440 --> 0:12:04.800 It's more coverage. It's more coverage of things in security. 0:12:04.800 --> 0:12:07.730 And there's many of them that don't have enough people 0:12:07.730 --> 0:12:08.690 looking at them. 0:12:08.809 --> 0:12:12.560 Yeah, yeah. And you know, the truth of the matter is, um, 0:12:12.830 --> 0:12:17.540 you know, if, if in your example, which I love, that, uh, if, 0:12:17.540 --> 0:12:20.750 if we don't look at it, you know, apt 32 0:12:20.780 --> 0:12:24.140 is right. So it doesn't, you know, we we you 0:12:24.140 --> 0:12:28.610 almost don't have a choice because as the evolution of technology, 0:12:28.610 --> 0:12:31.720 you know, goes forward, our attackers are going to look 0:12:31.720 --> 0:12:33.880 at that no matter what. Right? So you almost have 0:12:33.880 --> 0:12:36.430 to respond. It is. And it's a it's a game 0:12:36.429 --> 0:12:39.160 of cat and mouse. I'm the first one to admit it. Um, 0:12:39.160 --> 0:12:42.250 but you know, it is your responsibility, at least from, 0:12:42.250 --> 0:12:44.890 you know, from my perspective, to make sure that my 0:12:44.890 --> 0:12:47.740 company knows that, that we don't have a choice what 0:12:47.740 --> 0:12:50.170 to look at that stuff because they will be. So 0:12:50.170 --> 0:12:52.510 if we're going to fight that fire with fire, you know, 0:12:52.510 --> 0:12:54.850 the then, you know, we we have to look at 0:12:54.850 --> 0:12:58.330 it which, which is always, um, at the purest form 0:12:58.330 --> 0:13:01.150 of the security puzzle. Um, you know, that's always the 0:13:01.150 --> 0:13:04.270 fun thing is to sort of think about, you know, 0:13:04.270 --> 0:13:06.429 what are their next moves going to be and what 0:13:06.429 --> 0:13:08.260 are they going to use, and how do we get 0:13:08.260 --> 0:13:10.630 in front of that? And how do we think faster, smarter, 0:13:10.630 --> 0:13:15.160 you know, cheaper, better, more efficient? Um, but staffing is 0:13:15.160 --> 0:13:21.030 absolutely hands down a challenge. Um, and again, what I 0:13:21.030 --> 0:13:28.440 see in the staffing challenge of this is as companies evolve, technically, 0:13:28.440 --> 0:13:31.319 it gets harder and harder to understand the technical landscape, 0:13:31.320 --> 0:13:33.210 let alone know who to hire, to look at the 0:13:33.210 --> 0:13:36.750 technical landscape. So I think you have a few challenges in, 0:13:36.750 --> 0:13:39.240 in that area that are making it tough for companies 0:13:39.240 --> 0:13:40.590 to scale 100%. 0:13:41.620 --> 0:13:46.390 Yeah. Okay. Let's talk about that. Um, a lot a 0:13:46.390 --> 0:13:49.210 lot of hiring managers say they can't find people, and 0:13:49.210 --> 0:13:52.390 people say they can't find jobs. So what do you 0:13:52.390 --> 0:13:53.829 think the disconnect is? 0:13:54.250 --> 0:13:58.150 Well, you know, I just read something somewhere. I believe 0:13:58.150 --> 0:14:00.040 it was a Gartner. Maybe it was a Gartner report 0:14:00.040 --> 0:14:01.960 that said something like, and I might butcher this, and 0:14:01.960 --> 0:14:04.420 I apologize if I do, but it was something like, 0:14:04.420 --> 0:14:09.330 you know, in the next year, 25% will change jobs, 25% 0:14:09.330 --> 0:14:12.540 of of of security staff will change jobs. That's crazy 0:14:12.540 --> 0:14:15.390 to me. Like, yeah, just start with that data point. 0:14:15.390 --> 0:14:18.870 That's that's insane. That's a quarter of the workforce. I 0:14:18.870 --> 0:14:21.450 haven't dug into that enough to know what where the 0:14:21.450 --> 0:14:23.850 data came from. But if that's really true, that means 0:14:23.850 --> 0:14:27.480 a lot of things. So number one, you know, as 0:14:27.480 --> 0:14:30.730 a as a leader that hires and runs a team, 0:14:30.730 --> 0:14:32.920 you know, I think are my people. I hear about 0:14:32.920 --> 0:14:34.840 the burnout, I get it. I you know what? We're 0:14:34.840 --> 0:14:36.910 fighting a war. A virtual war is being fought every 0:14:36.910 --> 0:14:39.310 day with these teams. We all know that, right? But, 0:14:39.310 --> 0:14:41.710 you know, the burnout factor is real. And I and 0:14:41.710 --> 0:14:45.550 I see that. But but also are you know, I 0:14:45.550 --> 0:14:48.880 think about things like do we do we understand that 0:14:48.880 --> 0:14:51.370 technical landscape enough to be hiring people for the right roles? 0:14:51.370 --> 0:14:54.770 Why are people burning out? Um, you know, is it 0:14:54.770 --> 0:14:57.410 is it this tug of war of people aren't happy 0:14:57.410 --> 0:14:59.930 because the jobs are so hard, and because they're evolving 0:14:59.930 --> 0:15:03.620 so fast that we we aren't keeping up or, you know, 0:15:03.620 --> 0:15:06.140 is it the tug of war of there's a greener 0:15:06.140 --> 0:15:08.540 pasture somewhere else? And then people are finding out that 0:15:08.540 --> 0:15:11.510 it's really not I'm not really sure where the, the 0:15:11.510 --> 0:15:14.240 balance of of why those numbers are the way they are, 0:15:14.240 --> 0:15:18.280 but that was really over overwhelming to me. Um, yeah. 0:15:18.280 --> 0:15:21.940 You know, and I and I and there is some 0:15:21.940 --> 0:15:24.670 interesting research coming out that I just got a preview of. 0:15:24.670 --> 0:15:27.430 That kind of blew me away, too. And it was 0:15:27.430 --> 0:15:30.160 the where do you see your the question was, where 0:15:30.160 --> 0:15:34.000 do you see your hiring challenges in security. And it 0:15:34.000 --> 0:15:38.650 was it wasn't necessarily the staff as it was the 0:15:38.650 --> 0:15:43.400 technical complication. Like it was almost like how the question was, 0:15:43.400 --> 0:15:45.920 was put out there was we don't understand or we're 0:15:45.920 --> 0:15:51.050 having problems scaling our environments technically, let alone hiring staff 0:15:51.050 --> 0:15:53.450 to to run that. So it was almost like an 0:15:53.450 --> 0:15:55.460 after effect of, you know, we we don't know what 0:15:55.460 --> 0:15:57.890 tools to use. We we aren't really sure how to 0:15:57.890 --> 0:16:00.560 plug in the right efficiency models. And so because we 0:16:00.560 --> 0:16:03.650 can't grasp our technical environment, we're really struggling to hire 0:16:03.650 --> 0:16:05.610 people because we don't even know what to ask for. 0:16:05.610 --> 0:16:07.320 It was kind of that string of things, and so 0:16:07.320 --> 0:16:10.170 I wonder how much that weighs into that as well. 0:16:10.530 --> 0:16:16.110 Yeah, I've been pretty skeptical of these things because, like you, 0:16:16.110 --> 0:16:19.230 I've been watching these things for, for years. And so 0:16:19.230 --> 0:16:22.110 one report comes out, it's like we're going to need whatever, 0:16:22.110 --> 0:16:25.560 70 million new cyber jobs within the next few years. 0:16:25.560 --> 0:16:28.380 And I'm like, so whatever the number is, 2 million, 0:16:28.380 --> 0:16:31.609 70 million. I'm like, first of all, every report comes out. 0:16:31.610 --> 0:16:34.760 The number is wildly different. Second of all, the numbers 0:16:34.760 --> 0:16:39.290 just seem crazy. And then third, if you look on 0:16:39.290 --> 0:16:42.350 Hacker News, it's like, oh, here's all the cybersecurity people 0:16:42.350 --> 0:16:45.650 who just got laid off. And then you go on 0:16:45.650 --> 0:16:48.170 the Reddit boards and you see a bunch of hiring boards. 0:16:48.170 --> 0:16:50.510 So these are all the people trying to hire. I'm like, okay, 0:16:50.510 --> 0:16:54.510 which one is it? Do we need millions or more people? 0:16:54.510 --> 0:16:57.570 Or are we actually having all these layoffs in cyber? 0:16:57.570 --> 0:17:00.660 And like you said, let's say we trust that number 0:17:00.660 --> 0:17:04.080 of 25% is that people just trading up and they're 0:17:04.080 --> 0:17:10.109 going to a better job. Like it's it's quite confusing. Um, yeah, it. 0:17:10.109 --> 0:17:12.900 Is. And I just found it. So Gartner recently reported 0:17:12.900 --> 0:17:17.160 that by 2025, nearly half of all cybersecurity leaders will 0:17:17.160 --> 0:17:22.470 change jobs. Half and 25% will leave for entirely different roles. So, 0:17:22.470 --> 0:17:26.670 I mean, you know, I, I, I am so fortunate that, 0:17:26.670 --> 0:17:30.570 you know, working for a company that does security. It's 0:17:30.570 --> 0:17:32.939 not really I don't go into work every day and 0:17:32.940 --> 0:17:34.800 have to, you know, defend my position. We take it 0:17:34.800 --> 0:17:37.860 so seriously that it's in every meeting and every discussion. And, 0:17:38.010 --> 0:17:39.449 you know, I don't have to I don't have to 0:17:39.450 --> 0:17:41.550 fight to get air time. It's like, you know, I 0:17:41.550 --> 0:17:44.400 just go in and security is important. It's just table stakes. Right. 0:17:44.400 --> 0:17:47.490 But but many companies, it's not. And and you're seeing 0:17:47.490 --> 0:17:49.800 more and more of the outsourcing too, right. Like you're 0:17:49.800 --> 0:17:51.540 seeing more of these companies just raise their hand and 0:17:51.540 --> 0:17:54.510 be like, you know, I'm tapping out. Just do it. 0:17:54.510 --> 0:17:56.580 I can't I can't scale it. I don't understand it. 0:17:56.580 --> 0:17:58.200 I can't hire the people fast enough. I can't get 0:17:58.200 --> 0:18:01.080 enough automation. I have a budget and I don't know 0:18:01.080 --> 0:18:03.900 where to spend it. I don't know what to prioritize 0:18:03.900 --> 0:18:08.150 because again, you know, the the the evolution of security 0:18:08.150 --> 0:18:10.430 keeps rolling and attackers keep rolling. And so they're just 0:18:10.430 --> 0:18:13.369 constantly on the hamster wheel of spinning, trying to become 0:18:13.369 --> 0:18:15.889 more efficient with less money. And, you know, meanwhile we 0:18:15.890 --> 0:18:18.590 got a board that's, you know, absolutely doing their jobs 0:18:18.590 --> 0:18:21.260 and saying, you know, and this has changed a lot. 0:18:21.260 --> 0:18:23.990 And I feel like what we're not talking about as 0:18:23.990 --> 0:18:26.360 leaders is the role of the board. The role of 0:18:26.359 --> 0:18:29.390 the board. Driving this down has really put a lot 0:18:29.390 --> 0:18:33.240 of pressure on many leaders to really scale with, with 0:18:33.240 --> 0:18:36.629 their budget. So, you know, I do feel like the 0:18:36.630 --> 0:18:39.449 leaders do take a lot. I mean, I know it's stressful. 0:18:39.450 --> 0:18:42.060 I feel it too. But, you know, leadership does take 0:18:42.060 --> 0:18:44.159 the brunt of like do the thing, do all the 0:18:44.160 --> 0:18:46.919 things with this, you know, and that and that bucket 0:18:46.920 --> 0:18:49.080 might be great or it might not be great depending on, 0:18:49.080 --> 0:18:51.420 on the company that you're at or you know, what 0:18:51.420 --> 0:18:54.880 scope you're able to to do. But 25% leaving for 0:18:54.880 --> 0:18:56.619 entirely different roles says a lot. 0:18:57.040 --> 0:19:01.810 Yeah, I really liked your earlier point about maybe people 0:19:01.810 --> 0:19:04.990 just not being able to articulate what they need. Because 0:19:04.990 --> 0:19:08.679 if you think like because the security security group is 0:19:08.680 --> 0:19:13.060 usually just responding to engineering and leadership and engineering and 0:19:13.060 --> 0:19:15.730 leadership are moving according to the market and according to 0:19:15.730 --> 0:19:19.500 whatever drama is happening at the company. So it's like 0:19:19.890 --> 0:19:22.560 security is always having to rehash their goals and everything. 0:19:22.560 --> 0:19:24.480 So it's like, oh, I guess we're not hiring that 0:19:24.480 --> 0:19:26.730 team anymore because that's no longer our focus because we 0:19:26.730 --> 0:19:30.240 got a new CEO. So it's like the faster tech 0:19:30.240 --> 0:19:33.450 moves and the more chaotic a given company is, the 0:19:33.450 --> 0:19:37.410 harder it is to hire for anything really, because things 0:19:37.410 --> 0:19:38.340 aren't static. 0:19:39.180 --> 0:19:44.230 100%. 100%. And as that technology gets smarter, the people 0:19:44.230 --> 0:19:46.060 will have to scale to be the people have to 0:19:46.060 --> 0:19:48.400 be smarter to scale. And where are we training all 0:19:48.400 --> 0:19:52.449 these amazing people? Is is security evolving and training as 0:19:52.450 --> 0:19:56.170 fast as technology is growing? I don't know. That's the reality. 0:19:56.170 --> 0:19:58.390 I don't know and I don't know in security, you know, 0:19:58.390 --> 0:20:00.399 we've always had this challenge. You kind of have to 0:20:00.400 --> 0:20:01.210 be in it and do. 0:20:01.210 --> 0:20:02.230 It to learn. 0:20:02.230 --> 0:20:05.530 It. Right. There's no right. You can't you can't. Even 0:20:05.530 --> 0:20:09.170 with the role of I attack. Scenarios need humans, you know, 0:20:09.170 --> 0:20:12.199 it's like I will always be great at being hypothesis 0:20:12.200 --> 0:20:14.810 driven and being able to crowdsource brains, but it won't 0:20:14.810 --> 0:20:17.419 tell you if it's raining on Thursday right now. You 0:20:17.420 --> 0:20:20.000 know it won't. It won't take into account your environmental stuff. 0:20:20.000 --> 0:20:21.949 It won't. It won't say, oh, the wind's blowing at 0:20:21.950 --> 0:20:24.110 15 degrees. We better not land this plane over here 0:20:24.109 --> 0:20:25.850 where it's 70 degrees. I mean, it's never going to 0:20:25.850 --> 0:20:29.330 be that that agile. It's always going to be a 0:20:29.330 --> 0:20:32.740 thinking brain. Right. So so in order to to really 0:20:32.740 --> 0:20:35.320 use that to its firepower, we have to have humans 0:20:35.320 --> 0:20:37.419 in front of it that know how to execute with it. 0:20:37.420 --> 0:20:40.060 And that to me is what I'm seeing is sort 0:20:40.060 --> 0:20:43.780 of like the big challenges. We're driving a space shuttle, right? 0:20:43.780 --> 0:20:46.090 It's not the 86 Camry. We're driving a space shuttle. 0:20:46.090 --> 0:20:48.159 And in order to do that, you got to have 0:20:48.160 --> 0:20:51.670 really qualified people on the front end of those space 0:20:51.670 --> 0:20:53.650 shuttles to make sure that they get to the right places, 0:20:53.650 --> 0:20:56.600 or you know that all the functionality is used. You 0:20:56.600 --> 0:20:58.520 know that you're making those right decisions, and it's a 0:20:58.520 --> 0:21:02.390 split second in time that I will just always sort 0:21:02.390 --> 0:21:06.080 of have that, that it is like giving you a 0:21:06.080 --> 0:21:08.120 space shuttle. You still got to know how to drive it, right? 0:21:08.119 --> 0:21:09.470 You still got to know how to take off and 0:21:09.470 --> 0:21:11.450 you still got to know how to land. And so 0:21:11.450 --> 0:21:14.420 I see that as a big challenge. You could peanut 0:21:14.420 --> 0:21:17.330 butter that story sort of across all of technology right 0:21:17.330 --> 0:21:20.130 now in security, it's only going to be as good 0:21:20.130 --> 0:21:22.530 as the people leading it. Mhm. 0:21:23.220 --> 0:21:26.490 Yeah I do think AI is going to fill in 0:21:26.490 --> 0:21:29.609 some of those gaps. Most importantly the one that you mentioned, 0:21:29.609 --> 0:21:34.410 which is um adding context. I think that'll get easier. 0:21:34.410 --> 0:21:37.620 But ultimately you still, like you said, got to have 0:21:37.619 --> 0:21:42.830 humans running the show at some level. Yeah. The other 0:21:42.830 --> 0:21:46.070 problem with the the talent thing, I think, is we 0:21:46.070 --> 0:21:48.710 don't really have what the military has, which is, um, 0:21:48.710 --> 0:21:52.760 you start at E-1 and you must do E-1 things 0:21:52.760 --> 0:21:55.939 before you become an E-2, and you have this pipeline, 0:21:55.940 --> 0:21:59.300 and the pipeline is a talent pipeline, and it's also 0:21:59.450 --> 0:22:03.469 a maturity pipeline. So and they watch very carefully how 0:22:03.470 --> 0:22:05.909 many e-1's do we have? How many e2's do we 0:22:05.910 --> 0:22:11.130 have enough e2's to keep the pipeline healthy for e-3s 0:22:11.130 --> 0:22:15.570 and same for officers and whatever. So the thing that 0:22:15.570 --> 0:22:19.590 we don't have here and actually gets worse with AI 0:22:19.619 --> 0:22:25.199 if you start automating away tier one SoC analysts, okay, 0:22:25.200 --> 0:22:28.050 so the tier one goes away, how you're going to 0:22:28.050 --> 0:22:30.860 go from 0 to 2 or 0 to 3, that's 0:22:30.859 --> 0:22:32.030 going to be messed up. 0:22:32.090 --> 0:22:36.530 Hundred percent agree with you. And this is again where 0:22:36.560 --> 0:22:40.669 silence guard. You know our our service that really is 0:22:40.670 --> 0:22:45.740 SOC as a service. This is an absolutely why the 0:22:45.740 --> 0:22:47.659 people that I talk to and you know I do 0:22:47.660 --> 0:22:50.030 I talk to our customers and I ask them questions. 0:22:50.030 --> 0:22:53.780 And I want to learn more about why they came 0:22:53.780 --> 0:22:56.760 to us for help. This is their reason. They can't. 0:22:56.760 --> 0:22:59.580 So you look at the big 70,000 person company. They've 0:22:59.580 --> 0:23:01.830 got that pipeline, they've got the e-1s sitting there getting 0:23:01.830 --> 0:23:06.030 trained right. And they know their progression through the system. Yes. 0:23:06.030 --> 0:23:09.300 Mid to smaller enterprise companies don't have the staff to 0:23:09.300 --> 0:23:12.780 do that. They don't have the luxury to build that firepower. Right. 0:23:12.780 --> 0:23:16.500 And so they're constantly hamster wheel chasing the evolvement of 0:23:16.500 --> 0:23:20.170 this technology with being able to hire and keep the 0:23:20.170 --> 0:23:22.720 senior or senior enough people to be able to make 0:23:22.720 --> 0:23:25.420 good decisions. And how do you you know and and 0:23:25.420 --> 0:23:26.800 you know this as well as I do, how do 0:23:26.800 --> 0:23:28.690 you take one person and scale all of that? When 0:23:28.690 --> 0:23:31.210 you're a small company? The answer is you don't. You can't. 0:23:31.210 --> 0:23:34.119 There's no way you're either going to have to hire 0:23:34.119 --> 0:23:37.510 somebody so senior that, you know, they they can do 0:23:37.510 --> 0:23:39.669 all of the things. And then does the senior person 0:23:39.670 --> 0:23:41.710 want to do that stuff anymore in their career? Right. 0:23:41.710 --> 0:23:44.580 This is why we we can't have nice things in security, right? 0:23:44.580 --> 0:23:48.540 We we have all these really amazingly intelligent people. But 0:23:48.540 --> 0:23:52.109 then the the work, the actual analyst level work that 0:23:52.109 --> 0:23:56.550 needs to happen, you know, it's it's hard. It's it's 0:23:56.550 --> 0:23:59.190 a grind. Right. And this is again AI is going 0:23:59.190 --> 0:24:01.409 to come in and make smarter decisions. But you still 0:24:01.410 --> 0:24:03.960 got to have someone at the dashboard right. Yeah. 0:24:03.960 --> 0:24:07.419 And yeah. And maybe that senior person comes in, finds 0:24:07.420 --> 0:24:09.520 out they have to do tier one, tier two and 0:24:09.520 --> 0:24:12.580 tier three, and they become part of your 25% who 0:24:12.580 --> 0:24:15.010 jumps jobs? Right, right. Yeah. 0:24:15.220 --> 0:24:17.439 Or with half. It's actually that number was half. 0:24:17.650 --> 0:24:18.910 That was half. It was. 0:24:18.910 --> 0:24:21.910 Half. The leaders are leaving and then 25% are getting 0:24:21.910 --> 0:24:24.730 out of or completely doing different jobs. Didn't say they're 0:24:24.730 --> 0:24:26.110 out of getting out of I have to go back. 0:24:26.109 --> 0:24:28.330 I didn't say that they were getting out of security, 0:24:28.330 --> 0:24:31.790 but they're going to do completely different jobs, which is crazy. 0:24:31.790 --> 0:24:35.060 That just says they're entirely different roles is what is 0:24:35.060 --> 0:24:37.760 what the report says. So I mean, that just says that, 0:24:37.760 --> 0:24:39.890 you know, like, uh. 0:24:40.430 --> 0:24:42.830 I think they weren't happy for some reason. 0:24:42.830 --> 0:24:46.580 Right. And I think that the pressure cooker that the 0:24:46.580 --> 0:24:51.590 other side is facing that companies are facing is, you know, 0:24:51.590 --> 0:24:56.590 the evolvement of things like reporting, you know, reporting requirements, um, 0:24:57.430 --> 0:25:00.970 the evolvement of breaches that are happening, all of these things, 0:25:00.970 --> 0:25:03.340 and they're costing more money. And then you have all 0:25:03.340 --> 0:25:05.679 this regulation coming in on top of it, which is 0:25:05.680 --> 0:25:08.380 just creating so much more of a pressure cooker for 0:25:08.380 --> 0:25:11.560 companies to operate in. Um, you know, and they're worried 0:25:11.560 --> 0:25:16.000 about reputational damage. So, you know, that's something that, you know, 0:25:16.180 --> 0:25:19.340 before what I don't know, maybe three, 4 or 5 0:25:19.340 --> 0:25:22.159 years ago, we all knew, I mean, you know, our brand, 0:25:22.160 --> 0:25:23.720 of course, you know, we talk about it all the time, 0:25:23.720 --> 0:25:26.720 but but, you know, other companies really didn't I didn't 0:25:26.720 --> 0:25:28.520 have any peers in the industry where this was a 0:25:28.520 --> 0:25:31.760 huge concern for them. And now it's a concern for everybody, 0:25:31.760 --> 0:25:34.790 which is the reporting requirements, your air and your dirty 0:25:34.790 --> 0:25:37.430 laundry no matter what. Right. So you're going to have 0:25:37.430 --> 0:25:40.490 to take into account with the board, you know, the 0:25:40.490 --> 0:25:42.639 damage that it could happen to your brand. So I 0:25:42.640 --> 0:25:45.280 think there is so much more of a, of a, 0:25:45.280 --> 0:25:47.920 of a willingness for so many more CISOs to sort 0:25:47.920 --> 0:25:49.810 of raise their hand and be like, you know, hey, 0:25:49.810 --> 0:25:52.419 I'm tapping out. I got to hire a service to 0:25:52.420 --> 0:25:53.920 do this. I have to go to a third party. 0:25:53.920 --> 0:25:56.440 I just can't it's not it's not helping me drive 0:25:56.440 --> 0:25:59.320 my business forward. I have to just have other other 0:25:59.320 --> 0:26:03.190 companies and other other, you know, technologies help me with this. 0:26:03.190 --> 0:26:06.410 So it is a really interesting evolvement. Um, in, in 0:26:06.410 --> 0:26:10.100 the the pressure cooker of the Y, I guess I 0:26:10.100 --> 0:26:13.520 is so needed is is definitely interesting, especially over the 0:26:13.520 --> 0:26:15.409 last year. Yeah. 0:26:16.430 --> 0:26:20.929 So here's, uh, something I didn't plan on saying in 2024, but, um, 0:26:20.930 --> 0:26:23.810 it seems like crypto is coming back. Um, or at 0:26:23.810 --> 0:26:26.540 least the interest is I, I haven't been tracking it closely, 0:26:26.540 --> 0:26:29.750 but it seems like the attacks are coming with it. 0:26:29.760 --> 0:26:33.180 Are you all seeing a lot more attacks inside of crypto? 0:26:33.600 --> 0:26:36.810 Yeah, I mean, I think I think you're right. I 0:26:36.810 --> 0:26:40.950 think it is interesting how crypto and crypto mining specifically 0:26:40.950 --> 0:26:43.410 has sort of done this. I think it hit like 0:26:43.410 --> 0:26:45.570 this really. I think when crypto was kind of new, 0:26:45.570 --> 0:26:48.330 it hit like this. Wow, you can mine. And then 0:26:48.330 --> 0:26:50.070 I think it went kind of quiet for a while 0:26:50.070 --> 0:26:53.040 and I didn't hear a lot more about it. But again, 0:26:53.040 --> 0:26:56.690 you know, going back to something like apt 32 where, 0:26:56.690 --> 0:26:59.540 you know, that is like kind of their common theme 0:26:59.540 --> 0:27:05.150 and they're really, really. So, I mean, right, as security professionals, 0:27:05.150 --> 0:27:07.220 we got to respect the fine art. The fine art 0:27:07.220 --> 0:27:08.750 might not be what we want to see every day, 0:27:08.750 --> 0:27:11.480 but we do have to respect the fine art of, 0:27:11.510 --> 0:27:14.149 you know, what they do, you know, and, and and 0:27:14.150 --> 0:27:17.630 what we see as far as in its simplest form, um, 0:27:17.630 --> 0:27:20.070 you know, of using a computer to do a lot 0:27:20.070 --> 0:27:23.010 of really hard math problems, you know, to make money. Great. Okay. 0:27:23.010 --> 0:27:26.879 But when you have a group like apt 32, that is, 0:27:26.880 --> 0:27:31.590 you know, from writing their own custom spyware, um, you know, 0:27:31.590 --> 0:27:36.060 or Mac OS malware that's using, you know, double extension, uh, 0:27:36.060 --> 0:27:39.480 techniques written in Perl. That's crazy to me, all the 0:27:39.480 --> 0:27:42.650 way to going on Facebook and getting people to click 0:27:42.650 --> 0:27:47.750 phishing links, which in it's also simplest form is the 0:27:47.750 --> 0:27:52.490 need to train employees. Right? So, you know, when you 0:27:52.490 --> 0:27:54.410 get in the leadership level of talking about this stuff, 0:27:54.410 --> 0:27:56.630 you know as well as I do, you know, the 0:27:56.900 --> 0:27:59.210 CEO is always want to know, okay, how do I 0:27:59.240 --> 0:28:02.330 how do I stop this. How do I how do 0:28:02.330 --> 0:28:05.119 I do how do I deal with things like, um, 0:28:05.119 --> 0:28:07.710 crypto mining and how do we protect ourselves from stuff 0:28:07.710 --> 0:28:09.000 like this? And it all comes back to kind of 0:28:09.000 --> 0:28:11.310 the same thing, right? It's all, you know, training your 0:28:11.310 --> 0:28:15.629 employees to not click on, you know, links in emails 0:28:15.630 --> 0:28:19.110 or here or there. But again, AI is making that 0:28:19.109 --> 0:28:22.380 so hard to detect that that is becoming a, you know, 0:28:22.380 --> 0:28:24.629 kind of a huge arms race is who's going to 0:28:24.630 --> 0:28:26.520 be faster at that, you know, are we going to 0:28:26.520 --> 0:28:30.670 train our employees faster? Are we going to, um, you know, 0:28:30.670 --> 0:28:32.560 or are we going to let AI sort of take 0:28:32.560 --> 0:28:35.949 over that, that, uh, you know, that space and let 0:28:35.950 --> 0:28:39.220 it become even even more relevant to crypto mining and 0:28:39.220 --> 0:28:40.390 all things malware? 0:28:41.290 --> 0:28:43.930 Yeah, that makes sense. And I guess these names here 0:28:43.930 --> 0:28:48.700 are cryptojacking. Is that really just stealing crypto? Yeah. And then, uh, 0:28:48.700 --> 0:28:52.900 crypto mining is just, uh, taking control of a resource, uh, 0:28:52.900 --> 0:28:55.620 someone else's resource and using that to mine, right? 0:28:55.620 --> 0:28:59.580 Yeah, yeah. And with crypto mining, it's really interesting because, 0:28:59.580 --> 0:29:02.370 you know, again, back in the day when it was 0:29:02.370 --> 0:29:05.160 sort of up and coming, it was such a big surprise. 0:29:05.160 --> 0:29:07.920 I feel like we almost got to a point where 0:29:07.920 --> 0:29:10.650 we got overloaded on it and became so common. But 0:29:10.650 --> 0:29:15.210 the thing with crypto mining is that most I would 0:29:15.210 --> 0:29:17.850 say I'll go on a limb and say most, most 0:29:17.860 --> 0:29:21.310 companies that aren't really looking for that sort of traffic 0:29:21.310 --> 0:29:24.670 don't really know that adversaries are using their systems to 0:29:24.670 --> 0:29:28.540 do crypto mining until they get the hide power bill, 0:29:28.540 --> 0:29:31.990 or they experience a lag, you know, a systems lag where, 0:29:31.990 --> 0:29:34.900 you know, hey, how come this, you know, application is 0:29:34.900 --> 0:29:38.890 taking so long to load or you know, or why 0:29:38.890 --> 0:29:41.440 why is this system running so slow or it just 0:29:41.440 --> 0:29:44.060 took four minutes to download this one, you know, web 0:29:44.060 --> 0:29:46.760 page or whatever. You know, they're having some sort of 0:29:46.760 --> 0:29:50.060 indicator that they don't even really know as an indicator. Right? 0:29:50.060 --> 0:29:53.150 So I think that that is the beauty in its 0:29:53.150 --> 0:29:56.510 simplest form of a system being taken over to do 0:29:56.510 --> 0:29:58.820 those hard math problems as it takes resources to do 0:29:58.820 --> 0:30:02.900 the math problems. Right. Um, you know, criminal scan machines 0:30:02.900 --> 0:30:04.910 for ones they can, you know, they can penetrate and 0:30:04.910 --> 0:30:07.660 get into and then they're in and they're in the 0:30:07.660 --> 0:30:10.090 compromised systems and victims just don't realize it. And they 0:30:10.090 --> 0:30:12.820 don't they don't know they're compromised until they see something. 0:30:12.820 --> 0:30:14.469 And then when they see something, they don't even know, 0:30:14.470 --> 0:30:16.959 that's what it is. Right? So I think that's the 0:30:16.960 --> 0:30:19.540 beauty of it is from an attacker perspective, is they 0:30:19.540 --> 0:30:21.940 can be in there undetected forever. And then until you 0:30:21.940 --> 0:30:24.280 get this really high power bill and someone in procurements 0:30:24.280 --> 0:30:26.890 like something is wrong, I'm paying this bill. It's four 0:30:26.890 --> 0:30:29.560 times the size. We should go look at that. 0:30:30.050 --> 0:30:32.930 Yeah, it reminds me of, uh, Cuckoo's Egg. If you 0:30:32.930 --> 0:30:38.270 remember that book, um, where, um, who was it? Cliff Stoll? Uh, 0:30:38.270 --> 0:30:42.260 I think he was at, um, Lawrence Livermore lab, and 0:30:42.260 --> 0:30:45.350 he was just checking logs and noticed, like, a weird 0:30:45.350 --> 0:30:48.170 spike of, like, someone buying something for, like, $0.02 or 0:30:48.170 --> 0:30:52.520 something and just starts digging and ends up uncovering, like, 0:30:52.520 --> 0:30:57.610 this massive, like, German and Russian, uh, spy operation and everything. 0:30:57.610 --> 0:31:00.340 And as you were saying that I was thinking of like, 0:31:00.340 --> 0:31:04.540 I wonder if really, really smart crypto miners, they throttle 0:31:04.540 --> 0:31:07.660 their stuff to try to fly under the radar, you know, 0:31:07.660 --> 0:31:10.479 because if you just go crazy, you're more likely to 0:31:10.480 --> 0:31:11.260 get caught. 0:31:11.350 --> 0:31:14.980 Yeah, that that is a really, really, really, really good 0:31:15.070 --> 0:31:19.520 good point and good question. And again you know I 0:31:19.520 --> 0:31:22.790 can't I can't just help but use my, my my 0:31:22.790 --> 0:31:26.360 my crystal ball. I mean there will be I that 0:31:26.360 --> 0:31:29.180 will help detect that stuff, right. Like like I'm a 0:31:29.180 --> 0:31:31.760 I'm a criminal. I need to figure out how to 0:31:31.760 --> 0:31:34.040 fly a detector on the radar. Give me all the paths, 0:31:34.040 --> 0:31:37.370 performance issues that have caused, you know, this to be detected. 0:31:37.370 --> 0:31:40.220 They're going to learn from that. Of course they are. 0:31:40.220 --> 0:31:42.900 I gotta learn from that too. Right. So, you know, 0:31:42.900 --> 0:31:46.680 there is as I keeps, criminals are just going to 0:31:46.680 --> 0:31:48.300 get smarter and smarter and smarter. 0:31:49.200 --> 0:31:53.220 Yeah, yeah. The I basically look at the, the legitimate 0:31:53.220 --> 0:31:55.890 load on the system. Although the question is like how 0:31:55.890 --> 0:31:58.980 does it know the difference between legitimate and not. But 0:31:58.980 --> 0:32:00.750 if you if you could look at like what the 0:32:00.750 --> 0:32:03.150 business is supposed to do and see like all the 0:32:03.150 --> 0:32:05.850 different processes running and then it sees, wait a minute, 0:32:05.850 --> 0:32:10.250 what's this weird process that's got, you know, spiked usage? 0:32:10.250 --> 0:32:13.790 Maybe that's worth looking into. Well, um. 0:32:13.790 --> 0:32:16.220 I mean, I don't want to help exploit anything, but 0:32:16.220 --> 0:32:18.410 if this were me, okay, if this were me, I 0:32:18.410 --> 0:32:21.350 would want to know what normal is. Yes. Right. I'd 0:32:21.350 --> 0:32:23.780 want to. I'd want to be there silently looking at normal. 0:32:23.780 --> 0:32:25.880 I'd want to track normal for a very long time, 0:32:25.880 --> 0:32:27.500 and I'd want to set that as a baseline, and 0:32:27.500 --> 0:32:30.239 then I'd want to increase that by 4% and let 0:32:30.240 --> 0:32:33.210 it go. Right. Or whatever your, your throttle looks like. 0:32:33.210 --> 0:32:36.780 But you're absolutely right. I mean, sorry, that was probably 0:32:37.710 --> 0:32:39.720 I want to be helpful to anybody. But that is 0:32:39.720 --> 0:32:43.080 what I absolutely I mean of course. And I can 0:32:43.080 --> 0:32:44.130 provide that. 0:32:44.400 --> 0:32:47.880 Okay. So you mentioned the crystal ball. What is, uh, 0:32:47.880 --> 0:32:51.150 2025 look like for you? What do you, uh, what 0:32:51.150 --> 0:32:54.090 are you anticipating or what might surprise you? What are 0:32:54.090 --> 0:32:54.860 you thinking? 0:32:55.910 --> 0:33:02.480 Um, so, I mean, for the year in for 2025, even. 0:33:02.480 --> 0:33:04.460 What is it, July? So maybe not even the rest 0:33:04.460 --> 0:33:07.730 of the calendar year, but for 2025, I think I, 0:33:07.760 --> 0:33:10.970 you know, the one thing that I'm watching very closely 0:33:10.970 --> 0:33:15.710 is regulation. Um, what how we evolve as a security 0:33:15.710 --> 0:33:19.110 industry is really interesting from the from the very, very, 0:33:19.110 --> 0:33:24.180 very top perspective. What I see is companies being held 0:33:24.180 --> 0:33:28.680 accountable more so than ever. Right. So you see a 0:33:28.680 --> 0:33:33.690 lot of very big companies publicly being held accountable in 0:33:33.690 --> 0:33:36.510 where it's hurting them the most, which is how they 0:33:36.510 --> 0:33:40.050 make money procurement. Right. You see lots of we see 0:33:40.050 --> 0:33:41.670 a lot of government regulation. We see a lot of 0:33:41.670 --> 0:33:45.729 industry regulation. We're seeing that across the board. And it's, 0:33:45.940 --> 0:33:48.220 you know, table stakes for companies like ours where that's 0:33:48.220 --> 0:33:50.560 where we're really selling into those environments a lot the 0:33:50.560 --> 0:33:52.959 highly regulated environments. So we really do have to pay 0:33:52.960 --> 0:33:55.930 attention and understand that. So that's the first thing. I 0:33:55.930 --> 0:33:59.860 think that's where the pressure will come for, for all companies. 0:34:00.010 --> 0:34:02.770 I think the result of that will be you're going 0:34:02.770 --> 0:34:08.370 to see lots of kicking and screaming, lots of, you know, 0:34:08.370 --> 0:34:11.880 translation of things that what I always say internally is 0:34:11.880 --> 0:34:14.280 it defies gravity. There are a lot of really well 0:34:14.280 --> 0:34:16.920 intentioned regulations and things that we have to pay attention 0:34:16.920 --> 0:34:19.950 to as companies or as, you know, as security practitioners 0:34:19.950 --> 0:34:24.300 that don't translate well into reality. Well, and I'll give 0:34:24.300 --> 0:34:29.190 you an example, you need to stop all vulnerabilities, right? 0:34:29.190 --> 0:34:33.850 Said who ever. There can be no vulnerabilities and you 0:34:33.850 --> 0:34:36.910 must respond to everything in four minutes. Well, that's great 0:34:36.910 --> 0:34:39.640 in theory, that's amazing. Right? But but you know as 0:34:39.640 --> 0:34:41.920 well as I do that defies gravity. There's just, you know, 0:34:41.920 --> 0:34:45.129 nobody can do that. So no company it doesn't matter 0:34:45.130 --> 0:34:46.900 how big you are. As a matter of fact, it 0:34:46.900 --> 0:34:50.950 almost becomes more difficult for the bigger companies because their 0:34:50.950 --> 0:34:53.109 surface tends to be so much bigger, right? They have 0:34:53.110 --> 0:34:56.330 so much more to watch than maybe the lumber manufacturer, 0:34:56.330 --> 0:34:59.330 as you know this much. And the huge software producer 0:34:59.330 --> 0:35:04.009 has a supply chain, um, in it. So I think 0:35:04.010 --> 0:35:06.230 that in 2025, we're really going to see a lot 0:35:06.230 --> 0:35:10.610 of pressure on supply chains knowing what's, you know, you're 0:35:10.610 --> 0:35:13.850 a producer, you're a seller, you're a consumer. You wear 0:35:13.850 --> 0:35:15.589 one of three hats. Are you wearing all three hats? 0:35:15.590 --> 0:35:17.060 Are you wearing two of those hats? Are you wearing 0:35:17.060 --> 0:35:19.000 one of those hats? And I think what we'll see 0:35:19.000 --> 0:35:21.430 is a lot of pressure on those roles to know 0:35:21.430 --> 0:35:25.570 where they are. We're going to see a lot more, um, 0:35:25.570 --> 0:35:28.390 arms races and security. And what I mean by arms 0:35:28.390 --> 0:35:34.450 races is how fast can you scale the the technology 0:35:34.450 --> 0:35:38.560 evolvement and the AI machine. It's fighting AI with AI 0:35:38.560 --> 0:35:42.040 and it absolutely is a thing. And, and, you know, uh, 0:35:42.040 --> 0:35:44.149 I do talk to a lot of other CISOs about 0:35:44.150 --> 0:35:46.819 this that, you know, if you sleep on that one, 0:35:46.820 --> 0:35:49.010 you're going to end up getting outpaced faster than you 0:35:49.010 --> 0:35:52.580 can grow. So don't don't, you know, don't think for 0:35:52.580 --> 0:35:54.380 a second that you don't have to worry about it 0:35:54.380 --> 0:35:57.650 because you do. That's you know, I rinse and repeat 0:35:57.650 --> 0:36:00.650 that all the time. Um, the other thing I think 0:36:00.650 --> 0:36:02.390 we're going to see in 25 is a lot more 0:36:02.390 --> 0:36:07.009 companies looking at the liability hot potato. So there's a 0:36:07.010 --> 0:36:10.219 hot potato in all of this. That's a liability right. 0:36:10.219 --> 0:36:14.690 To reporting to a board of directors, to procurement, to 0:36:14.690 --> 0:36:17.240 how we make money and to revenue and to what 0:36:17.239 --> 0:36:20.060 we report publicly. You will see a lot more CISOs 0:36:20.060 --> 0:36:24.170 realize that liability hot potato is something that they need 0:36:24.170 --> 0:36:27.470 to start taking chunks out of that they own. So 0:36:27.469 --> 0:36:30.470 you're going to see a lot more managed services, right? 0:36:30.469 --> 0:36:32.750 You're going to see a lot more scalability with bigger 0:36:32.750 --> 0:36:35.150 vendors where, you know, I can go to a bigger 0:36:35.150 --> 0:36:37.610 vendor and they can provide me these services. I can 0:36:37.640 --> 0:36:39.800 then check that off my list and not necessarily have 0:36:39.800 --> 0:36:40.730 to worry about it. 0:36:40.910 --> 0:36:44.060 And guarantees the bigger ones can provide guarantees. 0:36:44.060 --> 0:36:47.630 Absolutely, absolutely. We just did our own right. We just 0:36:47.630 --> 0:36:49.850 did $1 million guarantee. And so you're going to see 0:36:49.850 --> 0:36:52.130 a lot more CISOs raise their hand and be like, 0:36:52.130 --> 0:36:56.219 are you going to reduce my liability? Not even just security, 0:36:56.219 --> 0:36:58.200 but but how are you going to take the pressure 0:36:58.200 --> 0:37:00.180 off my shoulders so that I can go worry about 0:37:00.180 --> 0:37:02.670 doing other stuff so my company can make money? You're 0:37:02.670 --> 0:37:06.000 going to see that in 2025, really take a much 0:37:06.000 --> 0:37:08.009 more of a balancing act. So I do suspect that 0:37:08.010 --> 0:37:11.310 that companies that offer managed services or that can scale, 0:37:11.640 --> 0:37:15.330 offering more sort of chunks of availability for their their 0:37:15.330 --> 0:37:19.219 customers are really going to start to see, as companies 0:37:19.219 --> 0:37:20.660 wake up and sort of be like, oh, I don't 0:37:20.660 --> 0:37:22.279 have to do that. I can hire someone else to 0:37:22.280 --> 0:37:25.250 do it. Um, you know, and honestly, in my bottom line, 0:37:25.250 --> 0:37:27.980 that saves me 10% because of the staffing issue or 0:37:27.980 --> 0:37:30.920 the technology scalability issue. Um, I think we're going to 0:37:30.920 --> 0:37:32.420 see a lot of that. And that will be a 0:37:32.420 --> 0:37:36.320 combination of regulation, putting pressure on companies to pay attention, 0:37:36.320 --> 0:37:40.850 causing liability. I mean, look at Executive Order 14028. You know, 0:37:40.850 --> 0:37:44.759 CEOs are signing personal attestment. When does that ever happen 0:37:44.760 --> 0:37:45.690 in history? Yeah. 0:37:46.800 --> 0:37:51.239 Yeah. And what about insurance? Insurance probably be more popular 0:37:51.239 --> 0:37:52.080 because of that. 0:37:52.080 --> 0:37:54.780 Well and cyber insurance rates. Right. They're going through the 0:37:54.780 --> 0:37:57.540 roof because there's so you know, if their rates go 0:37:57.540 --> 0:38:00.840 down by 10% and they're saving, you know, you know, 0:38:00.840 --> 0:38:04.560 maybe the managed service that they have costs, you know, 5% more. 0:38:04.560 --> 0:38:07.140 But in reality it would cost them 20% more than 0:38:07.140 --> 0:38:09.540 that to hire the people. And then their cyber insurance 0:38:09.540 --> 0:38:12.000 rates drop by 10%. You're going to see a lot 0:38:12.000 --> 0:38:15.720 more evening of the scale of of how companies look 0:38:15.719 --> 0:38:19.560 at how to manage their, you know, their incident detection response, 0:38:19.560 --> 0:38:23.880 especially especially, um, I think that's just one area that's 0:38:23.880 --> 0:38:24.779 ripe for disruption. 0:38:24.780 --> 0:38:30.089 So yeah, I, I love these three that you mentioned. 0:38:30.090 --> 0:38:33.750 I think you're spot on. Um, I've got a friend named, uh, 0:38:33.750 --> 0:38:38.460 Sasha Ziegler who is talking about basically this big evolution. 0:38:38.550 --> 0:38:44.940 Basically Enron, you had CFOs got woken up, um, right. 0:38:44.940 --> 0:38:49.140 And now, uh, this year and last year, basically, the 0:38:49.140 --> 0:38:52.259 SEC is causing CISOs to wake up. So he's talking 0:38:52.260 --> 0:38:57.100 about cyber CFO. So it's basically this bifurcation where you 0:38:57.100 --> 0:39:03.430 have technical CISOs potentially dropping down to like VP of security. 0:39:04.000 --> 0:39:09.069 And like the the more business oriented move up into 0:39:09.070 --> 0:39:10.450 like head of risk. 0:39:10.570 --> 0:39:13.330 Absolutely. 100%. It's a. 0:39:13.330 --> 0:39:15.880 Business. Yeah, it's a business. 0:39:15.880 --> 0:39:19.620 And it's a costly business to maintain this company, right? 0:39:19.770 --> 0:39:23.009 I mean, the budgets are huge or the, you know, 0:39:23.010 --> 0:39:27.210 the it's a forcing function of. I absolutely think you're right. 0:39:27.210 --> 0:39:30.569 And that person in that role has to balance out 0:39:30.570 --> 0:39:33.870 the ability to generate revenue of a company to the 0:39:33.870 --> 0:39:38.939 liability that that is on that curve of security, because 0:39:38.940 --> 0:39:43.120 you can't, you know, the the awakening of the CISO 0:39:43.120 --> 0:39:46.000 has been, oh, gosh, you know, security is really, really 0:39:46.000 --> 0:39:48.160 important to my company. But if I don't do it, 0:39:48.160 --> 0:39:50.890 if we don't do it, you know, now with the 0:39:50.890 --> 0:39:55.540 evolution of regulation that's happening, the brand is going to 0:39:55.540 --> 0:39:57.340 be toast. So we won't have anything to sell in 0:39:57.340 --> 0:40:00.100 the first place. Right? So no one will trust us. 0:40:00.219 --> 0:40:02.530 So especially if you're in the supply chain, I think 0:40:02.530 --> 0:40:04.690 that role will be very popular if you're in the 0:40:04.690 --> 0:40:08.460 supply chain somewhere. Um, and you actually are selling a 0:40:08.460 --> 0:40:10.229 widget or a part of a widget to another company 0:40:10.230 --> 0:40:11.879 that has to sell a widget, right? And so you're 0:40:11.880 --> 0:40:15.930 buried in there's a liability factor where, you know, the 0:40:15.930 --> 0:40:17.760 company may be selling the end widget is going to, 0:40:17.910 --> 0:40:19.739 because of regulation, are going to turn around and hold 0:40:19.739 --> 0:40:23.070 you accountable. So that is going to be the really 0:40:23.070 --> 0:40:24.690 and I mean, you know, as far as our IoT 0:40:24.690 --> 0:40:28.350 brand with with QNX in vehicles, things like that or 0:40:28.350 --> 0:40:30.799 satellites or anything where they're going to turn around and 0:40:30.800 --> 0:40:34.640 start pointing fingers. You know, that's where that that role, 0:40:34.640 --> 0:40:37.760 I think, is really going to be critical is to 0:40:37.760 --> 0:40:41.870 understand the entire liability to a revenue chain and not 0:40:41.870 --> 0:40:45.440 just a CISO looking at risk to, you know, it's 0:40:45.440 --> 0:40:46.370 a different skill. 0:40:46.700 --> 0:40:51.739 Yeah. Yeah, absolutely. Well, uh, I love these predictions. I 0:40:51.739 --> 0:40:55.160 think you're absolutely right. And perhaps we can revisit, uh, 0:40:55.160 --> 0:40:57.980 here shortly. But, uh, thank you so much for your time. 0:40:57.980 --> 0:40:59.690 Yeah, absolutely. We'd love to. 0:41:00.230 --> 0:41:03.590 All right. Where, um, where can we follow, uh, your work. 0:41:03.590 --> 0:41:05.750 Your team's work? BlackBerry's work. 0:41:05.750 --> 0:41:10.790 Yeah, absolutely. Well, blackberry.com for our external, uh, website. Um, 0:41:10.790 --> 0:41:14.030 you follow me on LinkedIn. I'm Christine Gadsby on LinkedIn, 0:41:14.150 --> 0:41:16.400 and I'll connect. You know, just send me an invite. 0:41:16.400 --> 0:41:19.000 I'll connect and happy to chat. I have lots of 0:41:19.000 --> 0:41:24.130 amazing conversations with other CISOs and other VP of Product Security, 0:41:24.130 --> 0:41:26.260 or even on the network side, just chatting with other 0:41:26.260 --> 0:41:30.129 people around these future future predictions. And I wrote down 0:41:30.130 --> 0:41:31.660 the name that you just gave me. I'm going to 0:41:31.690 --> 0:41:33.580 I'm going to reach out to Sasha to. That's a 0:41:33.580 --> 0:41:36.489 fun conversation. I love having it. Awesome. 0:41:37.600 --> 0:41:38.920 All right. Well, I enjoyed it. 0:41:38.980 --> 0:41:40.780 Awesome. Same. Thank you. Daniel. 0:41:40.810 --> 0:41:41.770 All right. Take care. 0:41:41.770 --> 0:41:42.910 You too. Cheers.