Cyber Crime Junkies

How AI will Effect Cyber Security. New insights from Cyber Security Think Tank.

April 09, 2023 Cyber Crime Junkies-David Mauro Season 2 Episode 15
Cyber Crime Junkies
How AI will Effect Cyber Security. New insights from Cyber Security Think Tank.
Show Notes Transcript

FULL VIDEO EPISODE:       We discuss How AI will Effect Cyber Security. New insights from Cyber Security Think Tank with founder, Carlo Brayda.

We covered topics with the founder of this Silicon Valley Think Tank like new policies for security in light of artificial intelligence, how to protect security of organizations with artificial intelligence, new artificial intelligence us regulations, how will the us regulate artificial intelligence, new ISAO info gathering on artificial intelligence, artificial intelligence ISAO info gathering and their new ai isao.
  Founder and Executive Chairman of The SILCON VALLEY BASED GLOBAL THINK TANK…Tortora Brayda™ Partnership Excellence™, mission to improve the effectiveness of partnerships in the private and public sectors. Carlo is a member of the Forbes Technology Council and has served as CEO of Gorilla Corporation, founded back in 1992. A leading global partner marketing and strategy agency for the technology sector. Carlo has been a special constituent for the World Economic Forum, and an expert contributor to the G20.

VIDEO Episode Link: 👩‍💻

/LETS CONNECT/ We Really want people to be able to Watch and Listen and we would love your help.

📲 📲 PLEASE CONSIDER SUBSCRIBING. It's FREE and it will help us to help others.

📲 📲 Our Channel @Cybercrimejunkiespodcast


📲 DAVID MAURO Linkedin:
📲 Cyber Crime Junkies Linkedin:
📲 Cyber Crime Junkies Facebook: 
🔔 Site, Research and

Try KiteWorks today at

Don't Miss our Video on this Exciting KiteWorks Offer!

Try KiteWorks today at

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 

Get Aura today! Complete Online Safety from friends at Cyber Threat Group. 

New insight from Cyber Security Think Tank with Carlo Brayda

[00:00:00] Discussion New insight from Cyber Security Think Tank with Carlo Brayda. We covered topics like new policies for security in light of artificial intelligence, how to protect security of organizations with artificial intelligence, new artificial intelligence us regulations, how will the us regulate artificial intelligence, new ISAO info gathering on artificial intelligence, artificial intelligence ISAO info gathering and their new ai isao.

Founder and Executive Chairman of The SILCON VALLEY BASED GLOBAL THINK TANK…Tortora Brayda™ Partnership Excellence™, mission to improve the effectiveness of partnerships in the private and public sectors. Carlo is a member of the Forbes Technology Council and has served as CEO of Gorilla Corporation, founded back in 1992.

A leading global partner marketing and strategy agency for the technology sector. Carlo has been a special constituent for the World Economic Forum, and an expert contributor to the G20.

[00:01:00] It's always in the news. Cyber criminals attacking great organizations wreaking havoc on the trust of their brand. We socialized cybersecurity for you to raise awareness. Interviewing leaders who built and protect great brands. We help talented people enter into this incredible field, and we share our research in Blockbuster True Cybercrime stories.

This is Cybercrime Junkies, and now the show.

All right, well, welcome everybody to cybercrime Junkies. Good morning. I am your host, David Mauro in the studio today, we have two illustrious gentlemen, but first and foremost, I have my always positive sidekick and business partner. Mark the Mark Mosher. Mark, how are you this morning? Good morning.

Thank you, [00:02:00] David. No, I'm excited. We've got some great guests today. This is gonna be a fantastic episode. Ready to jump. Yeah, we have some, we have some significant leaders today, which is great. So Car LaBrea joins us. He's the founder and executive chairman of the Silicon Valley based global think tank Torturo Brayda Partnership Excellence, which we are fortunate to be, partners of and have attended several of them.

Clearly, we are not the smartest people in those rooms. It's always, always a learning experience whenever we attend those think tank sessions. The Think Tank has a mission to improve the effectiveness of partnerships in the private and public sectors. Carlos, a members, member of the Forbes Technology Council and has served as CEO of Guerrilla Corporation, which was founded back in the early nineties, 1992 as I recall, which is a leading global partner marketing and strategy agency for the technology sector.

Carlo has been a special constituent to the World Economic Forum and an. Contributor to the [00:03:00] G 20. Also joined is Gilles Esposito. Mr. Esposito is an expert in adversary emulation and breach and attack simulation, enabling red, blue, and purple teams to build and emulate real world adversarial campaigns.

He's had a long career in cybersecurity, having served in leadership, currently with Skype, and also previous. Edge and Hitachi. So gentlemen, thank you so much for joining. We look forward to speaking. Thank you very much. We absolutely sure to, to to be here with you, David. And, and Mark. . Excellent. Yeah.

And I'm happy to, join all of your future meetings and introduce you guys like that. , like you could just, you just have me. Yeah. Every, every meeting will play a little video intro and just like introduce you. Yeah. What, what an intro. Exactly. . No, I really, look, I was looking forward to to this, episode together.

 I'm a subscriber of cyber crime junk use, and I think, you, you put out some excellent product. And I learn, every time [00:04:00] I listen one of your podcasts. So I'm, I'm really very, very proud to, to be on one, frankly. Well, thank you. Wow. We didn't even like know you were gonna say that or pay you for that, but thank you very much for that endorsement.

That's a, that's an honorable endorsement. So let's talk about the value of partnership. , you know, you both have had pretty storied careers. , let's start with you Carlo, cuz I've known you the longest, if that's okay. Just real briefly, kind of walk us through your trajectory and where you are today and then, , Mr.

Esposito, let's, review the same Well, yeah. So, I'm , I was originally an engineer, , an information systems engineer, focusing on artificial intelligence in the early days of AI , this is going back three decades. and, what, so can I stop you right there? I'm so sorry. I don't mean this to be rude, but what drew you to artificial intelligence like 30 years ago?

Like, was there artificial intelligence? Like apparently there was like, what was it then? Like what did it look like then compared to [00:05:00] now? . It was really primitive, frankly. Frankly. Yeah, it was really primitive. But it was there, it was, , it was already, a science that was studied in, in a, in engineering faculties where I was in London.

I actually had the opportunity to sort of dive into that when I first got, employed at Phillips Electronics. Oh, okay. So Phillips Electronics, had a, a software division that actually eventually span off and became, , known as origin, which then merged with atos and, and then is eventually now atos origin.

In fact, it's, it's now Atos, right? This is integrated. Yeah. So we were the first spin off of, you know, the first, let's say incarnation of atos. But in the earliest days of ai, what I was doing is that I was actually working as a programmer, maintaining an expert. on on default diagnosis for Phillips engineers to be able to more easily query, let's say, a knowledge base essentially, and get to the solution, interactively with the software.

So it [00:06:00] was early days. . It was fun. I was, I was used to programing sea and, and I left that, I , I left that because not really, started You founded your own like software. Didn't, didn't you? And then you, you, you did something back, back for, for the country where you were born. I thought. . Yeah, yeah, yeah.

So super quickly, I mean, I, basically moved within Phillips. They gave me the opportunity to see what marketing and sales was like, and I really found myself, having a lot of fun in marketing and sales and, and so eventually I decided to Let's say pivoted a little bit more towards marketing and sales and and I set up my first company back in November, 1992.

And, in a sense, the rest is history. That was the sort of first incarnation of my current business gorilla. And at the time we were a Pan-European, research company. And, guess what the biggest questions that all hardware and software manufacturers has had for us. Can you please research, the.

Right. Can you [00:07:00] search what kind of partners we ought to have? Yep. For this type of technology, what is the right type of partner and, , what kind of partners should we have in, Algeria or Russia or, Latin America. And so, so our, our company, my, my fledgling company at the time was really engaged in all of these, activities.

And so, I decided to really focus on, on partnerships in, in those early days. And so for the next I don't know, 13 years until 2003 roughly we're really focused on channel development. And we became, in a sense, the first channel development company. ever in the world. Now there, there's quite a lot of channel consultants, channel development agencies.

Mm-hmm. , different sorts and flavors, channel marketing agencies. But we were actually the first ones ever. So, and we're still, still around today. Miraculously, been going through highs and lows. We've been seeing it through recessions, weathering storms. sometimes it's hard and sometimes it's wonderful.

We're still still there to tell [00:08:00] the tale. And then in, in a nutshell, back in 2003, roughly, I sold the business. It was a management buyout. Mm-hmm. and I decided to, take some take some money and go and, give back as they say. I'm half Ethiopian, so I decided to go back to my, it wasn't my native country, but it was a country that I had an affinity towards of course.

Given that the country had just come out of 20 years of draconian, hardline, communism. Yeah. And no private sector, I thought, well, let me go there and see what I can do to, to fix it. Because as I was growing up, my family was saying, Hey car, when you grow up, you're gonna, you're gonna go back and fix it, aren't you?

So that's, I never knew how to fix it, right? Because, you know, I'm not a doctor. I, I'm not a politician. But what I figured was that I had a knack for, entrepreneurship, right? And so, and also I had a sense of, I had a sense of, wanting to give back in a way that is different. You see, there's a lot of, nonprofits and organizations, but they, they, they often.

If they do, grassroots outreach, [00:09:00] programs, they're somewhat patronizing in the sense of, oh, we're going to Ethiopia, so, you know, why don't we, what can they do basket? They can basket weave. Let's, let's create a basket weaving program, right? And let's help sell their baskets on the internet. And I thought, No, no basket weaving.

Why? Why get them to do basket weaving? These are folks that are just as part as you and me in this room. You know, they just haven't Exactly, they just haven't been placed in the scenario in the environment to flourish. Right. So I thought, let's bring the environment to them and it happens. That's great.

Yeah, you've, your, your work there was, was absolutely, remarkable. We had, we've, spoken many times about that in the past. That's, that's, thank you for, for all that you've done there. Like, it's, it's phenomenal. And for the listeners and watchers, you are joining us today from France, so we appreciate it.

It is, definite massive time difference and we appreciate your, dedication here. It's my. Yeah. So Mr. Esposito, tell us about, how you got here today. And [00:10:00] you also have been a, a strong leader in the channel community. So it's, it's mostly the general, so in, in preamble, I'm gonna help you because you keep calling me Mr.

Esposito and that adds like about 20 to 30 years to my already advanced age. Yeah. Because, yeah. Yeah. It's like when people call me Mr. Morrow, I'm always looking for my dad. Right. And, and I, and to be honest and, and complete transparency, I've been saying, cuz I don't know how to pronounce your first name.

I, I know that's what I'm gonna help you with. But it's just like the first name, j i l. Right. And it's been a story for the past 23 years that I've been in the US that I've had probably like two dozen different front in session of my first name. So it's just like Jill, just like this. Good, Jill. Okay. It's fine.

People like to add letters at the end of words to confuse everybody else. Yeah. and we don't pronounce them, so don't, don't worry about it. So, As I'm saying this, I am French originally nothing to do with k being in French right now, but, I moved to the US about 23 years ago now. And after that the story is, so I was [00:11:00] in sales before moving to US and when I came to the us.

 I first of all joined the technology sector. Before that I was in different sectors, but not in direct sales anymore, in channel sales. and from then on it's, it's always gonna be channels. So of course with roles as channel manager at the beginning and then moving, you know, towards. More manager roles or strategic roles and, and so on and so forth.

And, it's been mostly in technology for the past 20 years. With, storage, mostly So Andi. companies and others. I work with distribution. I was with partners and I work with vendors, mostly. And, about, seven, eight years ago, I, I made a switch to, a little bit more than that now, no, seven, eight years ago.

 I switched from the storage industry, which was very static, let's put it this way. Mm-hmm. and, and till today it's still very static, to something that was coming up, which was cyber security, that was becoming more and more popular. Yeah. And so started to work for vendors that [00:12:00] were in identity and access management.

And then, in a very specific sector for a few years, for a company based set up the Netherlands, where I was very involved in cybersecurity, but for a very specific vertical, which was median entertainment. Oh, okay. Interesting. So protecting the feeds of, Disney and Comcast and N b, nbc, cbs bs, and nba, N F, nfl, all those type of things.

Right. And first we actually, we actually started this podcast. Our very first episode was about the Sony breaches. Oh, okay. So like, yeah, we took a deep dive. We talked to people, we talked to federal law enforcement. We did a bunch of research for that. Yeah, extremely interesting. Extremely interesting.

Really interesting. Like it's really the, the, the way cybersecurity plays in the, in the media space is very, because it, because it, there's so many different global elements of free speech and ownership and intellectual property, and it's so. And the do side, the, the parallel economy of this, of [00:13:00] media tenement.

So all the pirate and , and all that kind of stuff is so well organized. Mm-hmm. , you have no idea. I mean, it's like, it's, it's, it's mind blowing to see, criminal organization that are, so detailed, so well prepared, managing things. , we do in the right side of things, right? The exact same way with partnerships and finance departments and this and that.

It's crazy. Crazy, but very interesting. Yeah. And, so moving forward with this, I met Carlo, what was it, like three, four years now? And, and Carlo became, one of my, . helping one of the company for which I was building a partner ecosystem and we didn't have all the resources at the time to do everything I wanted.

So it makes complete sense to go to his organization and leverage his services. And after that, we've been doing this, a few times with, was Carl. As you were mentioning, yes. The last company I was with, I'm no longer with him, but the last company I was with was size. Size is was, funded by a gentleman, who surrounded himself with incredible [00:14:00] experts in the domain adversarial.

Cybersecurity. Right. So yeah. Adversarial emulation like that is so exactly, so important. Yeah. Red team, blue team, purple team. This is the world. It's really interesting where we actually do see a lot of, AI infusions right now, but it's still, as Karl was mentioning, tw 30 years ago.

 It's still very embryonic, right? Yeah. I mean you, you were, you were talking about the origin of AI and all that. I was doing a little bit of research on that a while ago, and, from what I've seen it, it started in, if this is the right date, it's stored in 1951 where the first program was at to it was to emulate a chess player.

Right? So it was the. Yeah, I think I read about that. Yeah. It was like the first machine learning where something like exactly would take it and then it would, it would learn and predict the next step. Yeah. It would learn the moves from other, you know, chess masters and, and start to apply it not to the level that IBM was successfully doing, right.

A decade back or something like this. But it was still, it was the beginning of [00:15:00] it. So that was that was interesting. Combination of human behavior and machine. And I have the second. Try to emulate the first one. So it's, absolutely. Interesting. So that that's, but yes. Channels, channels, partnerships, alliances.

That, that's my thing. And it's so important. Yeah. Yeah. It, it's with go, go ahead. No, no, no. Please go ahead. Finish. No, what I was going to say is with scroll, that's, so with TBI the Tortura Institute and everything, that's really the cornerstone of everything we're doing right. And that's what started it in the sense.

when you look at all the analysis that you can find about business to business, business to consumer, flow of transaction, it's way past 70% that everything is indirect today. Yeah. So, and what we realize is, over the past 23 years there's been a strong evolution of everything. Partnerships, right?

So channel. I'm not talking about merger mergers and acquisition. I'm talking about transactional partnerships and those type of things, and there's [00:16:00] a reason for that is that, you know, when you think about, when was the last time you bought your shirt directly from the vendor or your core directly?

Unless you have a Tesla, but your, your core directly from the vendor and so on, it's, you, you cannot, you don't do that. You always go through somebody that is between the manufacturer and yourself. Mm-hmm. and it's, it's, this is growing and now that technology is going faster and that the, the need of customers is higher and there are demands, there are requirements or more stringent and all those kind of things.

You can't do it. You can't, nobody can do it. That's why you see Absolutely. The Microsoft, the Amazon, the Googles of the words, they have gigantic partnership ecosystems, yet they have gigantic deep pockets that they could do everything by themselves as they wanted to. Well, no, they can't. So, and realizing, well, that's exactly right.

Yeah. Yeah. Those things should have in should have improved. But the, the rate of failure in partnerships is still the. Not, hasn't unfair, [00:17:00] right? It's still super high. And so we are, we're trying to help with that. That's, that's excellent. Well, and that, that's, that's a great insight too, because when I think about good strategic channel partnerships, right, and when we're talking about the channel, we're talking about the, the channel applies to the, the distribution channel, right?

It's like where they get all of the pieces to make their ultimate offering. Right? It's, it's, it's from a whole myriad of. Partners, right? Every organization has channel partners, whether they formally call it that or not. Absolutely. But and, and to me, when a good partnership makes it, and I'm interested in hearing what you guys think, but to me it's.

Always winds up when it's successful. It winds up being better than the sum of the, of the parts, right? Absolutely. Because, because you've got one partner that's really good at X, Y, Z, you've got another partner that's really good at, at abc, but together it's not just those six elements. They create something like completely new because of the, the strengths they can like, [00:18:00] lean on each other and, and, and, and really go to market with some outstanding results.

Mm. So, real briefly, let's talk about the, the think tank for a while. Carlo, what, what caused you to create it? And can you explain to the listeners what it is and what it's, what it's accomplished? What's, what's coming up in the future? Yeah, yeah. So as you mentioned earlier, one of the big chapters in my life was being a special constituent at the World Economic.

Working on a number of initiatives to do with technology innovations, cybersecurity impact of you know, risk assessment, global risk assessment for the G 20. And that is pretty cool by the way. I just wanna like, let everybody know like that's a big deal. . So anyway, go ahead. It, for me, it was for me because I found myself doing these things kind of it, it was not planned.

It was it just a sequence of events that took me from A to B. And, and then there I was involved in some really interesting [00:19:00] activities with very, very, very interesting people. And one of the things that that I thought was remarkable within the context of the World Economic Forum is. . First of all, I have nothing but respect for it.

It's a fantastic organization and I know that some people criticize it, but it's a fantastic organization. Like I will also say, in my opinion, the United Nations is a fantastic organization. Yeah, exactly. I mean, politics aside, the things that it can accomplish through partnership are amazing. . Exactly. And it does, and it does accomplish things through partnerships and they both do.

You know, the un sometimes has its failings, but generally it's a phenomenal organization and it's there, it's set for the right reasons. That's, that's I think the, you know, when an organization sets forth with very, you know, noble reasons, eh noble objectives, that that's really worth uh, following.

It's, it's worth paying attention now, the world economic. Is a place for dialogue. It's a place for private and public sector to come together and, and, and forge a better vision [00:20:00] and a better path for the future. And I, I thought this was just, just such a fantastic experience, such a fantastic organization that I thought, let, let's see.

When I came over to live in the United States about 12 years ago, I, and, you know, coming into the world of cybersecurity and all that, I, I, I felt that there was a little bit of a disconnect in the sense that private and public sector we're not really. that well. Right. You know, the public sector has its mission strategy, and it follows it.

Private sector is blissfully unaware frequently of what the public sector of, of what government wants, wants to do. Take the US cybersecurity strategy. I, I haven't seen the, the, the latest one, but a few just a few iterations ago it was there was a disjoint. When it comes to, for example, wanting to support the US cybersecurity industry in, in its export potential, not, not only for the economic advantage that it brings back to US companies, but also for the security advantage that it provides to our NATO ally.[00:21:00] 

Countries and, and companies they're in, right? Yeah. What, what wasn't the first national Security Cybersecurity strategy wasn't published like in 2003, one of the last iterations, and it's coming up, or it just passed, I believe it's 20 year mark. We kind of thought we were gonna see it formalized on that date, but I think that data is either imminent or passed slightly.

So it'll, it should be, it should be coming out any day. They, they say that there is a. 13 page document or something that's been circulated. That's, there was one last year they, they released quite a bit of material about that. And so it's, they're, they're, the US government is taking it very seriously now.

Exactly. And they're taking into account the concept of partnering. with private companies and all that. Also extremely seriously, right? Yeah. There's a number of initiatives right now that are taking place by which the. US government is inviting a lot of people around the table. Right. So it's, it's good.

It's, it's that, that disconnect that Carl was mentioning is [00:22:00] narrowing, let's put it, this narrowing. Yeah. Not fully, not fully fixed, I'm sure, but completely narrowing. Yeah, for sure. . It is, it is. And we're seeing the current administration really you know making some great advances. And it's necessary.

It's you know, this is the organization, our ThinkTech, our institute is you know, it's a non-profit. It's non-partisan. And so we're really stay very objective about things. But we like the way things are going right now. And and of course we work. Let's say somehow in lockstep, we try to evolve and to create a round table for these discussions.

And so many of our events that we hold within the institute bring together stakeholders decision makers, thought leaders. From different avenues to talk about issues that are of, of great importance, such as, for example you know, how to mitigate the risk that comes from the talent gap that we have in cybersecurity, right?

Mm-hmm. that, that's, for example, issue. Yeah, you, you, you, you recently held an event with leaders from like every type of organization, and it was, it was [00:23:00] absolutely fascinating to see so many great minds and people in, in, in positions or with authority to actually make a difference really address. , the, that, that talent gap or that, that, that it, it's really not a skills gap, but it's just finding the right people and the right sources, creating that right curriculum to get people trained to, to, to really fill the needs in cybersecurity.

It was, it was, yeah, really a remarkable thing that the think tank did. And there, there's, there's a, there's a fact that we're, we are roughly 3 million jobs out. Right? We, we really need a lot, lot more people in order to provide the, the, the, the type of cybersecurity strength that our nation needs.

Absolutely, really it's key. It's really brutally important. And AI will help, but it doesn't help to fill the gap at that, at that in that way. Right. Right. You know, people always say, well, AI will fill in the jobs. Well, no you know, AI supports and it creates a new, new kind of [00:24:00] industry, new kind of service jobs.

But it doesn't really take away jobs at the end of the day. It never has done really, it just creates new opportunities you know, maybe different. Yeah. And w w what are your thoughts? I mean, to me it's not really eliminating a drastic amount of jobs. To me it's almost enhancing people in those roles.

Like they're able to accomplish a lot more faster and speed things up and have more precision. Exactly. Exactly. And we are living in a world which is You know, which is becoming ever more let's say volatile, right? From a conflict perspective, international relations are, are taught, right?

Russia is as it is the relationship with China is as it mm-hmm. . Other countries are pumping a ton of money into research, into into, you know AI into training, people, training in cybersecurity and all that. And, and we in, in the United States need to, need to do better than that.

We need to we need to stay in our position of dominance for the, for our safety overall, really. And, and. For the values that the United [00:25:00] States has, you know, it's a, the value system in the world. The United States plays a very, very important role in my opinion. And so I'm very keen to, to see that stay as it is.

And so our think tank works to try to keep things that way and to improve and to improve things. For instance when it comes to public private partnerships, that's a very important part of what we want to accomplish in our organization. And for instance, right now we're working on a on a.

To support CSA together with the department of Foreign Affairs in Spain and the department of the US Department of lemme just refer to that actually, cuz I was working on it earlier. Yeah. Department of State, the US Department of State, how could I miss it? So and we're, we're looking to provide a, a program to evaluate how to better the best practices for, for private public partnerships from a cyber security standpoint, right? You can imagine how hard it is already to secure.

A corporation, you know, you guys know it's all covered. You have your clients and, you know, creating a [00:26:00] secured Yeah. A cybersecurity posture that is really really tight. It's very, very hard. Very, very hard. And just one company, we know how hard it is when there's a even a supply chain around that, right.

A third price management is really, really, it gets complex. You know, it's ne it's never easy to really say, I've got a hundred percent security. You can't really imagine when you're actually having a multi-stakeholder partner. Where some elements are government organizations, maybe some of them are a little bit ar archaic, right?

Because not all of them are really up to date and modern. Not in all countries. Maybe, maybe in Spain they're, they're, they're not quite as advanced. Maybe they're more advanced, but it's all different. So when things come together like that you know, how do you go about making sure that, that that these partnerships are really.

Is there a framework? Is there a, a codified series of best practices for public-private partnerships? I know that's what you're kind of looking to create with the US government and with cisa. But is there, have there been attempts at that in the [00:27:00] past? So go, go ahead Jill. No, there, so there's a, there's a number of framework out there that.

You know, through our organization, like NIST and, and others of course. Yeah, course. Yeah. We're, we're, yeah, we're familiar with like the NIST standards and things like that. Okay. I just didn't know if they, if they, you know, and we're, we were familiar with C M M C and all, all those elements, all those kind things exist.

I was just curious about like the element of public-private partnering. Like is there anything that's specific? Are there anything. That specifically addresses that or, or is this something you guys are creating? Not to the level of granularity we're talking about when you talk about Nest or tm, M C O, those type of things.

Right. I mean, there's no clear dissociation to say that if you are a private entity versus if you're a public entity, you need to go through those hoops or the, or these hoops, right? Not that I'm aware of. So in, in all disclosure, or there might be something, but I'm not aware of, of such a thing at this point.

Through all the bids and all the thing I. I've gone through in the past. [00:28:00] Requirements are always the same, but the good thing is about NIST and about Cmmc, for example, and others, is that they do. Right over even within within the healthcare industry, right? Mm-hmm. , HEPA is evolving towards those things and all that.

And they have like new regulations coming up regularly for what does security on a piece of software should look like if it is to serve within the healthcare and life sciences industry, right? Right. And so on and so forth. So there are, there are things in the. Right. Is there like the motorable framework that says you up?

No. Absolutely. Right. And, and as I just mentioned with healthcare, for example, if you go to the financial services world is gonna be different and this and that. So there's the, some of them good because they're required to be differences between one vertical versus another. Some of them may be not so good because it's just, you know in the middle of things, right? And then you have private organization that, for security purposes and all that, for partnerships and, and have [00:29:00] dedicated specific teams to work on specific requirements. And, and this, for example if you wanna partner with Ws there are some. You know hoops and filters and things that you need to check and you need to do well before, first of all, you can put your software on their, on, on their, you know, platform on their marketplace or partner with them.

But also if you, if you aim at targeting the federal government, there's a different sets of things that you're gonna have to to abide by and, and or to abide. Sorry. And and, and so on and so on. So this is building, right? Those frameworks. Mm-hmm. are building and there is evolution coming every year, every two years or that kind of thing.

But, you know, just like Jen Sterly is doing at CISA and all that, you know, she really injected, she's the director. She really injected like a, a, a bunch of new things with our team that makes it more open and, and to this collaboration between private and public sector. Yeah, she's really come out pretty strongly.

Oh yeah. Like [00:30:00] I, I, I really, I, I really am always pleasantly surprised whenever I hear her speak about, you know, the need to drive more engagement and more leadership buy-in, in the private sector and the public sector. Yeah. For cybersecurity, you know, frameworks and, and, and you know, not just in, in mind of compliance.

Right. I mean, there's, there's. You know, there's, there's compliance where they kind of just go through the motions, spend the minimal amount of time, energy, and resources just to check the box, and then there's security where they're really gonna do, sometimes just, you know, compliance almost is like just the evidence that you're taking the right steps, but sometimes you have to take more, right?

You have to, you have, you have, you have to go farther to actually, you. Secure your brand and not that anything can actually secure, but to me it's almost like dials on a board that it's just levels of risk, right? There's different elements you want to just, you know, raise the dial a little bit, you know, depending on, on [00:31:00] what your, what your exposure is, what your vulnerability is for your organization or, or, or the sector from where you guys, I, I'm curious if it's okay to ask what from your perspective and your experience and the people that you guys are, are.

Speaking with on a regular basis, what, is there a, a vertical that you're seeing that is taking security steps in the right direction a little better than other verticals? Like to me, just in the reason, just gimme, let me give you a little context. To me. The, the financial sector has been, Pretty like at the forefront.

Healthcare has been at the forefront. I see. I see. Legal kind of dragging along education, dragging along, like on the scale of maturity basically, but, well, what is your sense? You guys see a lot more than, than, than, what can I do? Start Carlos, on this one, I'll tell me the best and the worst. Best finance.

Worst. Walter, oh [00:32:00] water. Everybody. Just wanted to mention Cybercrime Junkies Prime. We now have a subscription available through our podcast and it offers exclusive content, bonus episodes, and even pre-releases of all of our standard shows. We keep it simple, it's just the cost of one cup of coffee, one time a month, and you can cancel any.

You can subscribe by scanning the QR code next to me in the video or by clicking the link in the show notes. If you select not to subscribe to our Prime membership, please at least consider subscribing to our YouTube channel. It's at Cybercrime Junkies podcast on YouTube, and it's absolutely free. It allows us to bring great guests on the show.

Thank you for your support, and now let's get back to it.

Water. Oh, water. Interesting. Yeah. Oh, that, that's really, really the, the, the amount of yeah. Research around that and, and statements [00:33:00] around water vulnerabilities. I mean, critical infrastructure really needs to be a lot, a lot stronger. Right. water really concerns us a lot because of course we, that's what we rely.

And and it has it, it's very sprawling. It's it's not organized centrally very easily. Right. It's it is, it's organized at the state level at and really at the micro level, right? Like it's, it's, yeah. It's like little organizations, little, you know villages have their own water supplies here and there.

It's, yeah. And those in charged don't really have a cybersecurity. So we should, that worries me a lot. I'm, I'm a big, you know, I'm very, very worried about critical infrastructure in particular, but of all the segments are critical. You know, water is something that concerns me. Jill, what, what, what, what are you gonna say?

No, I'm, I'm I'm, I'm with you, David. When you mentioned financial services, well, banking and financial services is number one, obviously still is. What's interesting is to see the so out of the 16, well, 17 now, create grow infrastructure, cuz we have added the space to the list, [00:34:00] I guess. It's it's, they're really ahead, but e everybody's following suit, right?

And. There is a drive from the US government that says, These are the 16, 17 things that are making the nation stick together and, and, you know everyday life going on as planned if they still are capable of operating as intended, right? Mm-hmm. . So it is important to make sure that all this is working well and despite, but they, they cannot force anybody to do anything yet, right?

There's, there's incentives that are. Starting to be put in place, just like insurance incentive, you know, cyber security insurance and all those type of thing that can make a difference. But financial industry, way ahead, way ahead. When you, when you look at so something we did when you look at the structure of blue and red teams organization within within large corporation, because not everybody's capable of finding the talent, number one, and to financing the talent to build their own red team, right?

A vast majority of the red teams are within big [00:35:00] banks and financial institutions, period. And then you look at healthcare for example, and it's it's about zero. No, there's nothing. Oh, really? So, so whether, I don't know, probably Carlos, right? For me, the, the big culprit of that, of the, the typical critical infrastructure has always been healthcare.

For five years we tried, at the company I was working for in the media and entertainment industry in the Netherlands we tried through a partnership with. To get into bettering the cybersecurity of the healthcare industry, right? And by, mostly by going to manufacturers or device manufacturers and then pharma, and then, you know, hospitals or organization, all that.

And what we've seen is absolutely flab. It's like they, they every time, or most of the time during that five year, 10 year I had there, that they were faced with a investment to make it. [00:36:00] It's always goes to what is going to make us profit, right? It never goes to. What's going to, what is going to prevent us some losses.

Right? Short, short term di yeah. Short term quarterly returns as opposed to long-term sustainability. A a, a. Absolutely. And it, it's, it's changing, right? It's changing through the efforts of, again, you know, you have organization that tried to regulate this and, and their stance on cybersecurity for their constituents, where a member of that sector used to be, you should.

And you should do that. Right? And we know where shoot goes. It never goes further than the bottom line . No one ever does. Yeah. It's, it's because, because at the end it's all people, right? Like it's still people, it's still behavioral. Right. And, and not to simplify it, but you know, when somebody says you should do something, it's like parents telling children you should do something.

It's, well, there's that. Okay, but if you're gonna take the car away, if I don't [00:37:00] do it and you're gonna. Not let me back in the house. If I don't come home on time, I'm gonna come home on time and not do it. Cause I want the car. Right. Like it's, if you actually impose, shell do it. Right? As opposed to should do it then then behaviors start ch start to change.

It, it, it starts and it, it's sad that you have to be punitive, right. For, for those kind of things. But it's it's exactly, you, you have a good analogy with kids, right? It's, it's the same thing if, if it doesn't hurt, People are just gonna stick to doing what they were doing. Yeah. But there's hope right now.

The message starts changing. You know, and the message that used to be should starts becoming must. I mean, cyber, cyber crime has grown into that 800 pound gorilla in the room. So it's, it's that, along with the media bringing it to our attention, oh, we look, well, yeah. When we look back, you know, 10, 15 years ago it was, you know, rarely in the media and now it's every single week.

Oh, [00:38:00] absolutely. and it looks like, and, and that helps, right? Mm-hmm. , and that helps with the frequency of it helps as well as you were mentioning. Now it's every time, because before you, you could, you could feel this attitude of, I'm not gonna get hit by lightning, right? Mm-hmm. , it's like, it's us now, we're good.

It's gonna hit the guy next to me and the other one here, but it's not gonna hit me ever. And, and we know. But before that, when you got, when a company got hit or. A hospital got hit or something happened. Right. It was like nobody heard about it. Right Now it's like all over and so it, it doesn't look really good.

Right. So and that goes back to your point earlier, Joe, when you mentioned the increase in complexity of these cyber criminal organizations and their diversification in Departmentalization. And as that increases, and we sit here and we talk about partnerships. It makes me wonder, you know, and, and Carlo, maybe you can touch on this with your [00:39:00] international involvement as well.

Are we currently, or is there an opportunity for nations across the globe to form partnerships? Yeah. To begin to combat this and what does that look like? . So that's, that's really exciting for me and that's really what our think tank is is all about. See, when we talk about our think tank being an institute really focusing on partnerships for cyber security, it means, it means everything.

It means the, it means channel partnerships. Yes. You know, in terms of go, go to market, but it also means alliances between vendors, but it also means partnerships amongst our different sovereign nations that are allied. Right? So one of the things that we do One of the task forces we had, and I think David, you might have been part of that initial discussion with, when we talked about AI in one of the world cafes.

As a result of that, we created a task force to explore the the, the crossroad over between cyber security and ai. As a result of that our, a team of very, very smart members of the institute decided to form together a an is. [00:40:00] So we now have the United States National Artificial Intelligence and Cybersecurity is l which is an initiative at a program of the institute and the executive director of of, of the institute, Michael Tis Myer, who I hope you'll be meeting soon.

Is very much into the cyber diplomacy side of things. So ensuring, for example, that that there is collaboration and, and there is sharing of best practices, not only amongst companies, but also amongst amongst companies and, and organizations like ours and similar. Amongst the different NATO nations.

So not many months ago about, I dunno, five, six months ago I was at a conference, a NATO conference in Riga in Latvia together with Michael Tis Meier. And over there we, we found that there were some NATO member nations and like defense research institutes and organizations that have the same concerns that we have around safeguarding critical infras.

and they have their experiences and we have our experiences, and, but we don't, [00:41:00] we haven't been talking, it hasn't been really kinda a dialogue, right? But now that's what we're trying to do. That's what our institute is very largely about, and particularly the iso. It's about promoting these kind of conversations.

And so right now, and in fact, spending an enormous amount of time with NATO and Riga and and in Estonia to have these conversations. One of the things that we're actually gonna be putting in place as a membership benefit to the members of the ISO right now is also some really interesting technology that I think you'll find absolutely fascinating.

But essentially it's a dark web monitoring of cyber criminal. and Oh yeah. That we, we absolutely love to see that because I mean, if, if you can shed a shine a light on anything that is happening in the dark right. Philosophically, it helps us. You know, it, it, it just helps us understand, I mean, we have to understand the mind of the threat actor, right?

And the motivation of it and their [00:42:00] behavior and the behavioral patterns, cuz that allows us to defend ourselves. Exactly, exactly. You have to know. Right, right. And so and so what, what I've done so we'll be offering that as a service to, to the members of the, is a right on a bureau basis. And that's, that's all been agreed now and I'm really excited about that.

But I Now, when you say is a l can you, for somebody that doesn't know what that is, could you explain that? So, you know, the, the, the, we talk about the critical infrastructure. , yeah. Mm-hmm. . And there are organization that FITT what they're doing and all that from an IT perspective and know more subcate, which we call ISACs.

Right? Right. I, I so do, they're structured by vertical, so you have 17 of them. Right. As simple as that, the ISEO is exactly the same thing, so information sharing and organiz. And I S A O information sharing and analysis organization, right? Yeah. So we federate people and all that to come to talk, but this time it's not specific to a vertical.

It's specific to our horizontal that's different [00:43:00] between an isight and an I a O. And so the vertical that we have is AI and cybersecurity in the sense of. Reinforcing cybersecurity or helping reinforce cyber security, but also the other way around. Mm-hmm. cyber security protect AI because one of the thing you, you, you'll notice when you look at algorithm and all that is that they're great at doing thing except protecting themselves that they Right.

They don't do so if you don't inject cyber security into ai, People are gonna start messing up with your, with your algorithm and your AI is gonna fail or two things that they were not intended to do. So that, that's what an iseo is. It's, it's, you take a theme or something and then it's across all verticals, everything, right?

It's completely a reasonable where an IAC is gonna be. Very vertical like healthcare ISAC space, isac it, isac, blah, blah, blah, those type of things. Yeah. Okay. Good. I, I just wanted, cuz whenever we talk cybersecurity, we throw around a lot of acronyms. I just want anybody that's listening to this while they're driving or working [00:44:00] out or, or have it on at work that sure that they understand the context of what, what, what, what we're talking about.

So, and, and, you know, just, just go, going back on, on that, on, on the idea of dark web monitoring for me mm-hmm. it. Something that should be part of every cybersecurity as. Because how often, too often assessments will really look at your surface attack area. They'll look at the what your perimeter looks like, but they're not monitoring, they're not seeing the dark web chatter around your domain.

And and as I was saying earlier, I decided to take a look at the sectors that are of concern to me, like the critical infrastructure sectors, including healthcare and and it's it's terrifying to. How vulnerable they are and how much criminal activity there is in the otherworld there talking about attacking and trying to figure out ways to, to penetrate defenses of you know necessary organizations.

Yeah, I mean it's, I, I've heard directors of security CISOs say it's kind of like whack-a-mole. Like you're literally trying to figure out where, where they're going to hit next, and having intel on [00:45:00] things like that really lets you know where you, you're able to anticipate where the next, you know, hit is gonna.

One of the, that's exactly what that tool is for. Yep. Yeah, it's exactly 1, 1, 1 of the more fascinating people that we've met with has been John DiMaggio with Analyst one, and he actually he is, he's gonna be on traffic on national Geographic coming up the first week in March. We're actually having him on our show a couple days after that comes up and we he actually spent a year undercover talking with the heads of lock bit three point.

So okay. Pre, pre, pretty great stuff. So, as we wrap up what is next on the agenda for, for, for you Jill and Carlo, like, what's coming up, what's on the horizon? Just share with ladies and gentlemen of the, of the audience. Kind of what what's on the horizon for, for, for, for you guys. Let me, let me kick it off.

I mean, from from my standpoint we're all very excited about the launch of the. National AI and cybersecurity iso, we're putting a lot of effort behind it. We're putting to some [00:46:00] phenomenal offers to, to future members. So including cyber monitoring of of dark web and so on and so forth.

I'm, we're very excited about that. We're of course, always. I'm trying to bring forward the discussion of how do we reduce this cybersecurity talent gap. That's an ongoing thing. We are very excited about this year's focus of sustainability and ai. So for the third year running, working at United Nations program called AI for Good in the United States, and we're putting together a a contest to scout for talent in the United States.

Companies that produce. That actually aligns with any one of the 17 sustainable development goals from the un. And the ones that companies that win this get monetary prizes as well as endorsement from the United Nations system and ability to sell it to the United Nations system.

So that's absolutely huge. Really exciting. That's phenomenal. Yeah, that's. . Yeah. And then of course we're always looking for the next big issue. The next you know mm-hmm. . The next big [00:47:00] problem one of the problems that is still unsolved, that we're really putting a lot of effort on this year is critical infrastructure.

How do we go about securing that? In the US there are about 300,000 companies in critical infrastructure that are that are exposed and that need to be secured better. How do we go about creating. , a program, public private partnership in lockstep with the government to make sure that, that, that critical infrastructure is being looked after.

Because critical infrastructure is not just the big companies. It's not just pg and e, right? Mm-hmm. . It's a, there's a whole pyramid of small players there and and they all need to be secured and, and so we'll be sleeping a lot better in a few years time when we see that as an accomplished Task.

Right. So that's, yeah. We're looking forward to new ideas coming forward from members of the institute. I would, by the way, welcome all the listeners to join the institute. We should make video. We absolutely, we will have links in the show notes in the description for sure. Thank you.

Yeah. Well, thank you both gentlemen. Thank you for all the [00:48:00] work that you do. And thank you for your time today. Absolutely fascinated. Well have to have them back because this, I found myself sitting here taking mental notes of all the things that I was learning. It's new information that you were sharing.

And I know the listeners will find this very valuable as well, so, You know, we, we may have to talk about a part two because there's a whole lot more that I really unpack with you. I'd absolutely love to. Absolutely, and absolutely love to Mark and David. This is this is always good to be able to share with everybody or who wants to listen and generates even more.

Id usually when we get out of the things Carlo and I, so it's it's always very profitable, so I absolutely. Thank you. Absolutely. Thank you. Thank you so much. Thank you, luck. I appreciate it. We will talk soon everybody. Thanks for, thanks for listening and watching. Bye everyone. Bye.

Hey, well that's a wrap. Thank you for listening. Our next episode starts right now. Please be sure to subscribe to our YouTube channel. It's free, and download the podcast [00:49:00] episodes available everywhere you get podcasts. To support our show and get exclusive pre-release episodes and bonus content, please subscribe to Cybercrime Junkies Prime Lincoln, the description and show notes, and thanks for being a cyber crime Chuckie.