Newest Ways To Educate In Security

Newest Ways To Educate In Security

Former  Netflix and Palo Alto security leader, Chris Cochran, shares his military transition into private sector industry-creative and launching his media group, Hacker Valley Media.

 Key Topics: 

industry creatives in security, security industry creative talent, influencing creativity in security , educating on security by podcasting, leveraging influence to educate on security, educating on cyber security by podcasting, leveraging podcasting to educate, newest ways to educate in security, leveraging media for cyber education, leveraging media for security education, benefits of subscribing to top cyber security podcasts, best way to explain cyber security, cybersecurity careers for military, how to get into cybersecurity without a degree, new approaches to enter into the cybersecurity field. 

Check out the Video Episode: Coming soon

[00:00:00] Come join us as we dive deeper behind the scenes of security and cybercrime today, interviewing top leaders from around the world and sharing true cybercrime stories to raise awareness. But first, a huge thank you to all of our executive co-producers who subscribed to our Prime membership and fueled our growth.

So please help us keep this going by subscribing for free to our YouTube channel and downloading our episodes. On Apple or Spotify podcast so we can continue to bring you more of what matters. This is Cybercrime Junkies and now the show.

Hey, well welcome everybody to Cybercrime Junkies. I am your host, David Morrow, and very honored in the studio today we've got Chris Kin c e o founder of Hacker Valley Media, [00:01:00] and has got a wonderful story and has got a great, just a great brand and a great message for the cybersecurity community.

Chris, welcome. Thanks. Thanks for having me, David. Hey, I really appreciate you you being on. So for those that may not have, they might be living Under Rock, may not have heard of Hacker Valley Media w walk us through kind of, i, I, I want to hear kind of your backstory and, and how you guys developed this this wonderful platform that, that you guys have.

Yeah. Awesome. Thanks. I started my entire career in cybersecurity. I was at the National Security Agency when I was in the United States Marine Corps, doing technical intelligence. I've gotten to do a lot of really cool things especially in the threat intelligence arena. I've led things like security operations security operations centers, and even detection and engineering.

So I've gotten to do a lot of cool things in cybersecurity. And I would say about 2019, I moved from the East Coast to the West [00:02:00] Coast to take a job at Netflix doing leading the threat intelligence program over there. And at the time my friend Ron Eddings, he was already in Silicon Valley, just changing the game when he was focused on doing educational videos for cybersecurity.

Excellent. And get a little, little teeny tiny studio set up. And one day we just hopped on the mics and had a conversation and that conversation turned into another conversation to spark. Right. It just that you saw the spark there. Yeah. You guys are great. Like we hold you guys up as like the gold standard for what?

What security education and driving awareness through socializing. We, we call it just socializing, cybersecurity. Right. And just bringing it, you know, bringing different aspects to, to the public. Yeah. For, so, so what drove Can I, can I ask, what drove you to, to join the military in the first place? So I was in J R R T C when I was in high school.

Yeah. And I was in my first high school, I was in the, in the Navy JR. R R T C. And then I moved to another high school, which had. [00:03:00] Marine Corps. So I knew a lot of the traditions, I knew a lot of the standards. I knew a lot of the history. And to be honest with you, story is really what got me into the military at all.

My dad was in the army, my mom was in the army, but I never thought of that. That's wonderful. As being a path for me. And I watched the movie in the theaters, it just come out. It was we were soldiers with Mel Gibson. Yep. Fantastic movie, and it was such a hardcore story. And I, and, and walking outta that movie theater, I said, I'm going into the military and it would be a couple years before I actually get got in.

But that's, that was the initial push to get in and let alone the, the stuff that happened for nine 11. Yeah. And I do have a, a huge soft spot in my heart for our country and being a, being a citizen of this, this great nation. And one person. And so to me there's, there's a direct alignment between having a deep love and respect for our country as well as wanting to protect others.

A hundred percent. [00:04:00] You know, sometimes we get wrapped up into technology of cybersecurity, but at the end of the day, we're protecting people and their ability to operate safely on the internet. Yeah, absolutely. And to me it's, it's really not about the technology. Like I really focus on the culture. Right, right.

Just our approach. We're part of InfoGard. We've been running security awareness trainings, live at no cost. We don't talk about our companies, we don't talk about solutions, technologies at all. We just. Educate people on the risks, the TTPs, things like that, and mm-hmm. That way they can just raise awareness.

I, Hey everyone, as you know, we routinely discuss how risky it is for brands to rely just on passwords or weak old fashioned multifactor authentication systems. It's your brand and we want you to protect it. Today, we're excited to be sponsored by a next generation authentication platform beyond Identity.

Did you know 80% of breaches are the result of stolen credentials? Why does your organization still rely on passwords as part of [00:05:00] your authentication process? Beyond identity enforces continuous risk-based authentication, a fundamental tenet of a zero trust security program. Check the link in our show notes and go to  beyondidentity.com/podcast to get a free demo that's beyondidentity.com/podcast. To get a free demo  beyondidentity.com/podcast  for a free demo today, or simply click the link in our show notes below and now the show.

Lemme ask you this, what's your thought on the reason for studying cyber crime? Like the, the understanding of how cybercrime organizations work, how lock bit works, and how some of these organizations work People. I, I never want anybody to think we're glorifying criminals because that's never the, that's never the, the approach.

But I think that, It's like, [00:06:00] it, it's, it's about awareness and understanding who, who the threat actor is. A hundred percent. It make, it makes it real, right? If you're looking at it from the, the context of a story, right? That that actor is is a character in the story at the end of the day. And when you understand the, the character, when you understand that person mm-hmm.

You can understand the motivations. You might even be able to anticipate next moves based on those mo motivations. I spent a lot of time in threat intelligence, so really understanding like what is driving folks to do some of these crimes, right? Because you have folks that are interested in doing it for criminal activity, right?

Espionage. Mm-hmm. Or even like activism. Like activism from, you know, absolutely fewer and far between these days. But I would say that those are some of the things that are driving folks to, to take these actions and the more you understand that, the more of that story you're able to tell. And then, Base your decisions and actions off that story.

Absolutely. Yeah. And, and to me it's almost like a, like an mo when you study. Mm-hmm. [00:07:00] Crime and criminal behavior, right. You really have to understand the modus operandi. You have to understand the mo meaning do they always come in, let's say they're breaking into a house, like there's a series of break-ins and they're breaking into the house through the laundry room Windows Wednesday morning.

Like, mm-hmm. Then, you know, there's a, there's a, there's a heightened attention for during that timeframe, during that location in the house, and I think that's, it's very similar to studying cybercrime and studying those, those those tactics. And, and, and those, those threat vectors basically. A hundred percent.

So for instance, if you look at the Lazarus group which is tentatively tied to the Bangladesh cyber heist and the Sony 2014 breach, which was our very first episode, because I had this whole, oh, I had this whole, all these questions of was it really lazareth? Could, could, right, could, could it have been somebody from the inside?

How could they have done it? Totally by themselves, like, but You know, we, we, we just kind of opened up [00:08:00] questions and, and had good dialogue there, but Go on. I'm sorry. Yeah. Oh, no. Yeah, just understanding what are those intentions will enable you to, Put in security controls because you know what they're going after, right?

If, right. If the, if the Lazarus group was after money because of their econom economy in their country, you could say that they're probably gonna continue to do these types of operations, right? If it was more targeted just against the swift banking system, it might be really specific to the swift banking system and not necessarily something that everyone needs to be concerned about.

At least, you know, directly. So, I mean, really understanding those motivations is gonna be key for cybersecurity folks. Yeah. And when we think of building operational resilience, right, when we talk about getting prepared, right? Kids in school always do fire drills, right? Mm-hmm. They always do. They always do fire drills.

Yet businesses, especially small, mid-size businesses, they rarely will practice a data breach. What happens? Who knows who? [00:09:00] Who does what? Who does, and and it's the equivalent in my mind to. To simplify things, cuz to me there's great sophistication in simplifying things, right? Mm-hmm. Like I always think of the Dairy Association was going down until they came up with, got milk and then the sales went up.

Yeah. Right? Like simplifying, it doesn't even talk about the product, talks about the absence of the product. But the point is, is that simplifying things really helps people understand and, and it connects, it resonates with people. And when we think of operational resilience and we think of, you're not even practicing fire drills.

Imagine if kids didn't do that, right? Right. A fire would actually happen. They'd be running down the hall, they'd be screaming, nobody would know where to go, right? Like mm-hmm. Small, midsize businesses. I mean, I think EDU enterprise organizations tend to do it more often, but the mm-hmm. But the small midsize businesses really have a need to practice at least annually.

Ideally more, but at least annually, do a run through, spend a couple hours doing a run through who does what, who has to be alerted, who's handling, [00:10:00] watching everything turn white during a ransomware attack? Who's gonna handle the negotiation? Mm-hmm. And that's where understanding how some of the cybercrime gangs and the ransomware as a service model works because you're gonna have to, unlike other attacks and a ransomware attack, You have to deal directly with the criminals.

You'll be communicating directly with them. Mm-hmm. If you don't know anything about them, you're at a severe disadvantage, in my opinion. Huge. Right. Mm-hmm. So, okay, back to what we were talking about. So not a bad transition from military to like working at Netflix and Silicon Valley. Very cool. How did that happen?

Like there's, so we all, we, one of the things we, we try and do, we wanna help people understand how cool cybersecurity is. And there's so many different ways. If you, if you don't know how to code, you're not technical. There's still a place in this field for you, right? Like, but, but. Walk us through that. And we get a lot of people coming from the [00:11:00] military for mm-hmm.

What we talked about earlier, right. That, that vision, that greater vision of, to serve and protect, but also there's some wonderful skill sets that you learn in the military sector that you don't, in the private sector or don't from just go to college and getting a four year degree. Sure. So, so walk us through that.

Like what particular skill sets did you learn in the military, and then how did it come about that you wanted to put Netflix? Yeah, in the military I was at National Security Agency, so I was learning the trade craft of intelligence. Mm-hmm. And intelligence is really glorified storytelling, right? Mm-hmm.

You have to understand the people motivations and yeah. What is the potential impact or what is your assessment as to what could happen in the future, right? Yeah. And you could have your confidence level, high confidence, low confidence, is it likely or unlikely? And that's really what got me first thinking about just.

Intelligence in general. And then I had the opportunity to do digital networks intelligence. I'd always been [00:12:00] fascinated by technology. I, you know, I used, what's the core driver there? We want to really push the boundaries of creativity and cybersecurity. I think there are plenty of creative people in cybersecurity, but I think sometimes we forget that we can use that creativity.

We can use that childlike wonder in our day-to-day jobs. So that's what we're trying to inspire, to inspire people to think differently, to learn not through just like information getting crammed on our throats, but to learn in a, in an entertained way. So we always talk about edutainment, right?

Education and entertainment. And that's what we really are trying to push in cybersecurity. So we do everything from events. We have an internet TV series to podcasts, to even some of the social media stuff that we do. We just wanna make it fun, right? There's a lot of fun fear, uncertainty and doubt in cybersecurity.

And so we want to bring some, some levity to, to our, and I think the, honestly, one of the best ways you can is to take experience di distill it into something that's digestible and make it entertaining. And that's when you have an industry creative. [00:13:00] Absolutely. Yeah. I love that. I mean, because it resonates with people, right?

I mean, think storytelling is one of the most effective ways of communication, right? Mm-hmm. I mean, it's a way that I, that I've, that we, I. Instill values in our kids, right? Like we, we tell 'em stories we're, we're like, okay, well here's why you shouldn't do this. Let me tell you about when I did made the mistake of doing this.

Or when Uncle John made the mistake of doing this and look what happened, right? Mm-hmm. And then they're like, oh, now I see it. And I think that that same thing comes to socializing, cybersecurity. Cuz otherwise people think well it's too technical or I don't understand it, or it. It scares me, so I don't want it.

Right? Mm-hmm. And I just want to grow my business and I just wanna focus on the positive things. Well, cybersecurity can be a positive thing, right? Yeah. To me it's, it, it instills and it fortifies brand growth, right? Like growing a business is all about getting the brand out and, and doing that. Mm-hmm.

And [00:14:00] cybersecurity is that protective layer so that the brand isn't out there for the wrong reasons, right? Correct. Yeah. So that's so cool. So let me ask you, when you were, when you were driving into intelligence, was there a sector of cybersecurity that interested you more? Were you more on the blue teaming side, or did you also learn to code and then also get into the red teaming side?

What, what, what was it? I'm not a huge coder that I, I've dabbled over the years, but I never really had a huge use for it. Mm-hmm. Largely, I've been on the blue side of the house, but I, I have a, a deep, deep affinity for the red side. I used to teach physical red teaming with the core group.

So we would go to like black hat, we'd go to the Sands conferences even taught at the Naval Academy lock picking, lock bypassing social engineering, all that good stuff. And I, so I love both. And so my favorite thing to talk about honestly is purple teaming. And. [00:15:00] I think it's getting better.

Some people are like, oh, purple team. What is that? Right. But yeah, you, you guys recently had Merril Vernon on, we, we, we had Merril Vernon on a couple months back too. And I mean, she is like a one person purple team. Like, she, she, she's awesome. Yeah. So well walk, walk us through that. Like what's the benefit to an organization for engaging with purple Team activities?

Yeah, the more you could break down the walls between si silos, the better. Mm-hmm. You have your blue team operating on its own and then the red team's operating on its own and they never have a conversation. You're missing a huge opportunity. The way I ran my first purple team. Was, I, you know what?

I'm gonna bring in a blue teamer and I'm gonna just have them sit as an observer in the red teamer room. Like they won't be able to participate in the actual engagement. But just to sit here and listen to how they're actually strategizing, imagine being able as an intelligence analyst or even as a cybersecurity practitioner, being able to sit in a room with an attacker and just listen to how they think about attacking your organization.[00:16:00] 

I mean, that, it, it, it just gave such. Incredible knowledge that in used for immediate immediately. Mm-hmm. So I, I say that really bringing those two sides together is when you have that inter iterative improvement in your cybersecurity posture. Yeah, yeah, yeah. The inner improvement in the cybersecurity posture is spot on.

I think. I mean, when we think about it provides actionable intelligence, right? Mm-hmm. Like it's not just the. Intelligence gathering and the monitoring that the blue team does, and not just the execution that the red team does, but having that purple team engagement allows 'em to, to actually apply both.

Mm-hmm. A hundred percent. Yeah. That's so cool. That's so, that's so interesting and, and I, I think it's something that a lot of businesses, especially small to mid-sized businesses, don't really even understand what it is. Right? Mm-hmm. So, so kind of like educating them and socializing it in practical examples really helps.

Mm-hmm. Yeah. That's, that's, [00:17:00] that's, that's great. So as people migrate into cybersecurity, and there's, one of the biggest questions is always like, what sort do I start with? Like, where do I, where do I begin? What's the advice that you usually give? Huh I'll try to keep this short. But I created a, a framework called Exists and it, and it's specifically for finding your path and whatever it is, whether you're talking about sports, hobbies, cybersecurity, or career.

And it's an acronym. The EX is explore, right? Dabble in in a bunch of little things. Get exposure, right. I'm Putting my dollar daughter, my middle daughter, through a lot of the exposure. Now when it comes to sports, we've tried a lot of different sports and you know, she's not, she hasn't found that, that thing that just gives her that spark yet.

So we're gonna continue to push into different arenas until she says, this is what I want to do, this is what I want. Right? Something that they're, that they're naturally good at, or something that they're passionate about, as well as something that they enjoy doing. A hundred percent. Yeah. [00:18:00] And then once you find that thing, immerse yourself, right?

So if you're looking in cybersecurity and you're like, you know what, I really wanna get into this red team stuff. Immerse yourself in that world. It's a whole other world that many of us won't even see. There's characters and people and information and communities. Yeah, just sit in the room. You don't even have to do anything, but sit in the room and immerse yourself and you'll start to pick things up even through osmosis.

You go from immersion, which is the I, and you go to s which is the study, that's the practical application of this. Yeah. So get your hands dirty. Do the labs, do the CTFs read the books and study. And then that, that final, that t is that translator transform. And that's when you take all the stuff that you've done, the the practice, the, the learning, the studying and all that stuff.

And you're gonna apply it to either your job, maybe you're gonna teach others, you're gonna teach kids, you're gonna change your organization for the better. That's kind of like the pathway to, to really stand out in cybersecurity. Yeah. That's fantastic. Where'd you come up with the framework exist? I [00:19:00] came up with it during COVID, Ron and I, we do think weeks about twice a year where we kind of disconnect from everything.

We halt production, we just kind of get out of time for critical thinking. Right, like thinking, strategizing. Absolutely. The best ideas come from those times I think. A hundred percent. We were just sitting in my garage just chatting and the whole, the entire framework just popped into my mind because a lot of folks were stuck in their homes.

They, they were like, there's nothing I can do. There's nothing I can do. But in my, I was thinking, there's so many things you can do. Right, right there. There's no great time to learn. It's a great time for professional development. Try different things. Yeah. Get deep into something. You could dance, you could bake bread.

I'll think a lot of people did that. Yeah. There's so many things that you can explore and like really dive deep and develop an expertise in something relatively quickly if you had that focus on it. Oh, yeah. That's fantastic. I love that. So I'm gonna steal that. Hope you don't mind steal it. That's great.

You know, that's, that's, that's, that's absolutely fantastic. I'm gonna share that with [00:20:00] my, share that with my kids and a couple of clients that yeah. That I, I have in mind. That's fantastic. So, let's talk about I think you guys recently had a Episode on this. We've had several episodes on it too about cybersecurity in small business.

Mm-hmm. Small, mid-sized business. And it's really a challenge, isn't it? I mean, yeah. I mean, what, what, what's, what's your, what's your view on it? What's, what advice can you give? I would say, my view on it right now is that a lot of the big players in cybersecurity, they're really focused on enterprise because Right.

I mean, it makes sense from a business standpoint. If you're going to have a sale and it'd be a multimillion dollar deal, that's a lot of, you're gonna roll out a SIM platform, you're gonna roll out a a E D R platform or whatever you want to go be. Right, right. Yeah. But, but, but there's a, there's a. The vast majority of us businesses are not enterprise, right?

Mm-hmm. Most people do not work for an enterprise. They work for local governments. They work [00:21:00] for small to mid-sized businesses. Yeah. And it, it's, it is hard to scale for those companies like you. It's, it's easier to manage three clients than it is to manage 300 clients, so, right. I understand that from a business perspective, but now there are new companies coming out that are really focused on the s and b market.

Right. And I, I think it's about time. But they're up against they're up against a stack deck. You have new automation for attackers. So now attackers don't necessarily have to manually attack different companies. They can attack everybody at scale, so, So they are getting hit with the same attacks that the, the big folks are getting attacked with.

So I think that's the situation that SMBs are in right now. Oh yeah. I mean, I was, I was talking with John DiMaggio on, on his mm-hmm. Research in lock bit. Yeah. And he's like, yeah, they, they can do spear phishing emails. They can do that, but they don't need to anymore with like lock, bait black.

It'll just go and scan and find the vulnerability and launch. Right. And I'm like, holy cow. It has gotten so [00:22:00] sophisticated now. Mm-hmm. It's easy. It's so forth. So, so, so let, let's break it down. Small, mid-size businesses. First, let's define terms, right? Like, how, how are you, how do you define like a small, mid-size businesses, just so that we're all on the same page.

I would say a small to mid-sized business is anywhere from a company of one all the way up through like maybe a thousand. And I'm sure there's like a, a technical definition of what a SMB is. No, that's how I view it too. Right. Like in anywhere like 250 employee manufacturing company, right. A Right.

700 employee, you know, auto parts maker. Yeah. You know what I mean? Like that. All the way down to the 15 person law firm or the mm-hmm. 25 person medical practice, like things like that. Those are all small businesses. Yep. Right. And, and most of them have no idea about cybersecurity or they get, or they get played by vendors, right?

Mm-hmm. And they have disjointed ad hoc systems [00:23:00] that don't help anybody. Yep. And, and they're trying to meet whatever specifications they, they have to for their contracts. And that, that's about it. Right. Yeah. They want to do the bare minimum because it's not something that they've, that they really think that they're a target.

Right. And what would you say to them? Like say, what would you say to a small MRUs? Cuz I know what I say literally to them, but what? Everyone's a target. Yeah, everyone's a target. If you have money in the bank, if you have data, you're a target. Yeah. And I don't think that they realize that by being small, you could have a huge customer list.

You have intellectual property, you have individual employee information, healthcare finance, HR information, tax information. But there's a lot of small business that we've met that are sitting on a treasure trove of data. Mm-hmm. And, and, and they don't look at data, like data. They look at it like it's just, Words or numbers or codes on an Excel spreadsheet, it has no value.[00:24:00] 

Right? Right. And it's like if you thought about data like it was. Money And money is just the paper reflection of value, right? Like your data has a lot of value. Mm-hmm. It can, it can, it can destroy a brand. It can build up a brand. Like it's, it's so important today. I, I, you know, one, one of the things that we do when we, when we're talking to small business, I wanted to get your take on this, is we really kind of educate people the difference between IT and security.

Because a lot of small business owners don't even understand that. They just think, Bob, my guy, who's a brilliant guy, and Bob is like, don't get me wrong. Bob is brilliant. Bob is excellent, right? He's got me. Mm-hmm. He's got my security, he's got my, he makes sure when we get a new employee that the PC is up and it's imaged and it's working great and everything else.

Bob's, Bob's the guy. What's the, what's the problem with that mob? It's such an obvious question for you and me, but I wanted to ask it for you. No, no, [00:25:00] absolutely. It makes things work. Security makes things safe. Yeah, exactly Right. And they're, they're really different functions, right? Mm-hmm. They're completely, like, when I think about it even my own team members, they're, they're, they're like, explain to me the difference in how I communicate that.

I go think of our own organization we're, I work for a North American M S P, that's also an mssp. Mm-hmm. The engineers in both the ethical hacking group, the soc, they don't sit. Where the knock is and where the other field engineers are, right? Mm-hmm. Like different divisions, different skill sets, different certs, different tracks, everything.

Yep. And so like, think of it like that. Like there's some that are focused on like keeping servers, things like that online, making sure it's healthy, making sure things are productive, making sure that businesses operating right, that technology basic. Garden variety day in and day out [00:26:00] operations doesn't break down.

So it gets in your way. Right. That's, mm-hmm. That's the it part. Right, right. And then security is the other part. Yep. Exactly. Yeah. Yeah. I mean, like, security is like, okay, now that everything's working, let's look for anomalies. Let's look for holy cow. You know, somebody's, somebody's, you know, moving across the network, there's a whole bunch of data.

Being exfiltrated or being moved. Why is that? Right? Is it part of the normal operations of business or is it not? Right. And, and those two teams need to have conversations. I, I was at one place where hell yeah, yeah. I built out a corporate security function and I was like, you gotta bring it to the table.

You gotta bring it and security to the table de-conflict priorities, but work together at the end of the day to, to make everything work. Absolutely. Absolutely. Let me ask you about, I'm, I love just bouncing ideas off. You. Hope it's okay. Do it all day. So pen penetration testing. Mm-hmm. [00:27:00] Like when we think about penetration testing, I see so many different, like the industry, there's so many different penetration tests out there.

Mm-hmm. Like there's the small, again, I it companies, not really security companies, but general garden variety MSPs, that'll, that'll do a penetration test. Mm-hmm. And it's totally different from ethical hacking. Right. That's done right. Like mm-hmm. What's your, walk us through that. Like what, what, what do you see in the, in, in the industry, right?

So you have like a big umbrella of like offensive security, right? Right. And then you have the sub-components where you could look at pen testing, penetration testing. Mm-hmm. And you can look at something like a red teaming. Penetration testing, you're really looking for all of the holes, as many holes as possible for an application, maybe it's for a specific thing, maybe it's a server, maybe it's a device.

Red teaming. You're looking for actions on objective. You're looking for one pathway to get to an objective, just to see if you can do it. [00:28:00] And so I think it's almost like a capture the flag game, right? Exactly. Capture flag game. Yeah. It it, right? Like we have some, here's a, here's a box of intellectual property.

It's housed somewhere. We're not telling you where. See if you can get it. Yep, exactly. You know, and, and, and then they go through and they find it always, and then you're like, wow, we didn't know about that. And that's mm-hmm. That's what, what you were saying about the communication between it and security needs to happen a hundred percent.

So if you, you think about it in a physical sense. Penetration test is someone that's surveying the house to see, all right, where are the holes and how could I get in? And I'm gonna write all those ways down so you can remediate red teamer. They're trying to get to that safe in the middle of the house or the, the down in the basement.

Right. Just see if they can get that action. Yeah. That's a great, that's, that's a great story. Right? That's a, that's, that's, that's a great way of explaining it. Mm-hmm. Okay. So as we're As we begin to wrap up, I want to ask you about ai, right? Let's talk about, you know there's always been [00:29:00] talks about AI for years, everybody's been talking about it, but things really changed a few months ago.

What are you seeing and what do you foresee? Everything is changing so fast. It is absolutely, it's faster than ever before, I think faster than ever before. I would say if I had to guess from a technical perspective. There have been more innovations companies, open source projects and applications altogether that have been created over the last few months than maybe the last two years because of the advent of our artificial intelligence.

Looking at things building on top of you know, G B T three and four. There are so many applications for AI that it's really mind boggling, and it's to the point where you have folks like Elon Musk saying like, Hey everyone, we need to pause right now before things get really squirrely. Mm-hmm. You literally put out a thing with a signature of a bunch [00:30:00] of other folks that are really, really intelligent saying, we need to stop for a second, right?

Mm-hmm. Cause things are going really fast. Well, yeah. It, it gets into the Yeah, absolutely. I mean, it gets into the we had some people, there's a Silicon Valley think tank that we're part of. And a couple of them were working on a an ISO for mm-hmm. For Congress and for a couple of other countries.

And it really gets into the, we have to set some kind of framework, right? Mm-hmm. Around it, like the, the, because otherwise it could really go into a dark place. Mm-hmm. And it could really be used for harm or just be used incorrectly. Right. Because know you, you have the good folks that are focused on capitalism and, and innovation.

Mm-hmm. But the same technology is also being used for, for evil, for for bad, right? For, for malice. And we might not even be thinking about those applications. We might not even thinking about that stuff. So that's, I think that's what's really, you know, in the back of my mind from that [00:31:00] perspective. Yeah, we really have got to like, have some and, and I'm not, I'm never really in favor of.

A lot of regulations and Right, and, and restricting capitalism in any way. Like I'm absolutely a staunch opponent of that. Yeah. But in cases like this, it's, it's like we need some frameworks. At least we need some guidance and some, some kind of general rules while we're rolling the dice and moving our pieces around the board, we at least have some rules on the back of the box.

Right. That we can at least go, ah, no, you, you gotta go back too. Yeah. If you do that right. Mm-hmm. There's, there's, there's gotta be something, you know, and I, I don't, I mean, there's been AI for a while. I mean, Watson, IBM's Watson, right. We saw that on the Jeopardy. Like, it, it, it got socialized pretty well, but it's never been mainstream.

Mm-hmm. Until like chat G P t when everybody. When every kid is able to just like, get an account and log in, like they're writing their papers through it and [00:32:00] everything. Yeah. It's like teachers are, are, are like, well, I, our software doesn't pick that up. Right, right. Like mm-hmm. You know, I mean that's, that's really, I saw some apps kind of are, are able to, to track some of that, but it's still really hard.

Hard because it's hard. It can be iterated back and forth and I don't know how that gets solved, but what are your thoughts on, you know, there's always a concern that we have listeners oftentimes that, that ask, like, is there gonna be, you know, there's a lot of layoffs right now to begin with.

Is, is AI going to, going, gonna damage that? What are, what are your, what's your thoughts on how AI will affect. Jobs at all. I heard someone put it this way and I thought it was brilliant, is that AI isn't coming for your job. Someone with AI is so, yeah, that's exactly what I heard. And that's kind of the way I look at it.

Yeah. Yeah. It's, it's, it's, AI isn't gonna replace you, but a person that's leveraging ai, if you are not right, we'll have a competitive advantage. Mm-hmm. For [00:33:00] sure. And even in cybersecurity and technology, I think a lot of people are turning a blind eye to things like chat, chat, G B T, because Sure. It, is it perfect in, in its form?

No, it's gonna continue to, to improve. No, there's a lot of bugs in it. There's a lot of errors in it. But for, for ideation, it's fantastic. It is, it's perfect, right? You can throw up your ideas, you can do it like, it just solves a lot of. A lot of, I use it every day. I use that. Mm-hmm. And a couple other things just to idiot bounce off ideas.

I use it when I need to, like structure things. Yeah. Like if I want something like can you remove all duplicates here and do this? Yeah. Cause like word won't do that or whatever the program is like, wouldn't even do that. You can throw it in there in like two seconds. You have it. I'm like, mm-hmm. Whoa. I'm like, whoa.

That is like really helpful. Right? Yep. It's, it's little things like that that speed up your day and you can see like over time how much additional productivity mm-hmm. Is gonna be. That's awesome. [00:34:00] So I wish you guys the best. We'll be following along the way and just keep doing what you're doing.

This is, this is just great, great stuff. I appreciate it, David. Thanks for the time.

Well, that wraps this up. Thanks for joining everybody. Hope you got value outta digging deeper behind the scenes of security and cyber crime today. Please don't forget to help keep this going by subscribing free to our YouTube channel at Cybercrime Junkies podcast and download and enjoy all of our past episodes on.

Apple and Spotify podcast so we can continue to bring you more of what matters. This is Cybercrime Junkies and we thank you for joining us.