2837: Beyond the Firewall: A New Era of Cybersecurity with Lucid

[00:00:00] Welcome back to another episode of The Tech Talks Daily Podcast where every day we explore

[00:00:06] the cutting edge of technology and its implications for business and society at large.

[00:00:12] I'm your host Neil C. Hughes and today we're going to be delving into the complex world

[00:00:17] of cybersecurity, a field that has never been more critical as we navigate through an

[00:00:22] era of digital transformation and increasing amount of breaches.

[00:00:27] Joining me today is David Torgerson, VP of Technology and Security at Lucid Software.

[00:00:35] And he's going to be sharing his insights on the evolving landscape of cyber threats,

[00:00:40] the pivotal role of communication in cybersecurity which is a subject very close to my heart

[00:00:45] and also how AI is helping shape the future of this vital sector.

[00:00:51] Because if we look back to last year I think companies face significant cyber security

[00:00:55] challenges from sophisticated fishing attacks to ransomware with the common denominator

[00:01:00] after being being just a breakdown in communication.

[00:01:04] So I've invited David on to discuss how clear, effective communication within organisations

[00:01:10] is not just beneficial but essential for cybersecurity.

[00:01:14] We'll also touch on the expected shift in cyber attacks this year.

[00:01:18] Oh we've already seen in January the Mother of All Breaches set a harrowing precedent

[00:01:23] with 26 billion records leaked and there was also a cyber hack that exposed 750 million

[00:01:31] Indian telecom users, not to mention the Bank of America breaks.

[00:01:34] There's so much going on in this field but it's going to be especially because financial

[00:01:39] gain is now the prominent motive for attackers.

[00:01:43] And another question I want to explore is AI, a double ed sword in cybersecurity serving

[00:01:48] both as a tool for attackers and a powerful ally for defence strategies.

[00:01:53] But as we do look ahead David's going to provide valuable insights into how companies

[00:01:57] can adopt AI securely, also emphasise the importance of freeing up human talent.

[00:02:02] This is a good thing so let's dive into a conversation that promises to be both enlightening

[00:02:07] and thought provoking.

[00:02:09] But before we get today's guest on I need to pay the bills we've got a huge podcast hosting

[00:02:14] feed to pay for when we're releasing 30 episodes a month and this month I've partnered

[00:02:19] with a company called Kiteworks.

[00:02:21] Now legacy MFT tools are dated and lack the security that today's remote workforce demands

[00:02:27] so companies that continue relying on outdated technology though they put their sensitive

[00:02:32] data at risk, while enter Kiteworks, the beacon of security and efficiency in managed file

[00:02:37] transfer, and Kiteworks isn't just any MFT solution.

[00:02:41] So it's FedRAMP Modra Authorisation awarded by the Department of Defence since 2017.

[00:02:47] Kiteworks sets a new standard for security and this certification is not just a badge

[00:02:52] it's a promise of unparalleled protection for your data.

[00:02:56] So please step into the future of managed file transfer with Kiteworks you can find out

[00:03:00] more information at kiteworks.com to get started that's kiteworks.com to get you started

[00:03:07] today.

[00:03:08] So buckle up and hold on tight as I beam your ears all the way to Arkansas where David

[00:03:13] is waiting to join us today.

[00:03:16] So a massive warm welcome to the show David can you tell me what I'm listening a little

[00:03:20] about who you are and what you do?

[00:03:23] I am thrilled to be here on a Friday morning.

[00:03:26] I am the VP of Technology and Security here at Lucid Software.

[00:03:31] I am responsible for really all internal technology which includes our financial systems

[00:03:35] all the way to our go-to market systems.

[00:03:38] I have been at Lucid for about 11 years and has been able to be part of the growth of

[00:03:48] 20 people in the office with really scrapped these systems to the product that we have today

[00:03:55] and it's absolutely been a blast.

[00:03:57] Well it's an absolute pleasure to have you on here.

[00:04:00] Over the years I think we've had a few people from Lucid on here.

[00:04:03] One was Brian Stollings.

[00:04:06] Is he still there?

[00:04:07] He is.

[00:04:08] Brian and I worked together fairly regularly.

[00:04:10] We're not in the same department but yeah Brian is a great great guy.

[00:04:15] Well so it's a pleasure to have you join me today and just to set the scene for our conversation.

[00:04:21] Can you just explain the main communication barriers companies face last year regarding

[00:04:26] cyber security and why really?

[00:04:29] Communication is so vital in this context.

[00:04:33] That's a great question and in order to really answer that there's an important component

[00:04:38] that I think is important to call out.

[00:04:41] One of the challenges that organizations face today is that communication is difficult

[00:04:48] and what I mean by that is depending on your background, a given phrase or a given word

[00:04:53] is going to carry different meaning.

[00:04:56] For example if I'm talking to my network team and I say termination they're going to

[00:05:01] think network traffic termination SSL termination routers switches etc.

[00:05:05] They're just going to think about that.

[00:05:07] If I say termination to my people ops team, they have a different emotional reaction to

[00:05:12] that phrase.

[00:05:14] To answer your question why that matters in security when we start talking about risk

[00:05:18] or we start talking about breach or attack or fishing.

[00:05:24] Those words carry different meaning to my legal team or to my security team or to

[00:05:28] individuals and the goal that I have is to try to get everybody on the same page in understanding

[00:05:37] what it is we're trying to accomplish.

[00:05:39] For those that are less familiar with those attacks demystifying what a fishing attack

[00:05:44] means.

[00:05:46] For individuals and security helping them recognize that while something might be super

[00:05:51] secure we still have to run a successful business and sometimes those protections are at odds

[00:05:57] with the actual solutions that we put in place.

[00:06:01] To further answer your question what's different about last year to this year?

[00:06:06] The attacks are more sophisticated than they have ever been especially with the production

[00:06:11] of AI and large language models.

[00:06:15] The ability to do emotional impersonation of urgency from the attacker's perspective has

[00:06:23] greatly increased which means that it is more important than ever to help employees really

[00:06:30] understand the risk and the goal of what it is we're trying to protect and how we intend

[00:06:34] to protect it.

[00:06:35] I'm so glad you brought up the communication part of this.

[00:06:40] I think that's often missed and traditionally there has been a few arguments around whether

[00:06:43] the board understood the business value.

[00:06:46] I think that is changing the sheer number of breaches we've already seen in 2024 is quite

[00:06:51] alarming where the mother of all breaches so not 26 billion affected there.

[00:06:56] Also we got that annual compliance that many organisations force every employee from

[00:07:03] every department to go through but hey they just hit next next next until they get the compliance

[00:07:08] tick and then they forget about it for another 12 months.

[00:07:12] How can organisations better align their cybersecurity strategies with the overall business goals?

[00:07:17] Anything you're saying about this?

[00:07:19] Well so this is my opinion but my opinion is that it's really difficult to prove the

[00:07:26] value of security training.

[00:07:29] Hey, you're absolutely correct people get through it as quickly as possible because they

[00:07:35] have work that they need to do.

[00:07:38] The compliance and security training is preventing them from getting to the work that they need

[00:07:42] to do.

[00:07:44] Compliance and security training is often boring like I understand what it is and I don't

[00:07:49] leave thinking bad that was awesome I want to do it again so A, it's boring nobody wants

[00:07:55] to do it.

[00:07:56] B, just because somebody goes through it doesn't guarantee that they're not going to fall

[00:08:00] victim to an attack and if you add that up you could say well it's because the training

[00:08:07] was then valuable.

[00:08:10] Maybe maybe not.

[00:08:11] You could also say well the fishing attack was just way more sophisticated than the training

[00:08:15] was prepared for.

[00:08:17] Maybe maybe not.

[00:08:18] What I want to focus on and what we have been focusing on here at Lucid is instead of

[00:08:24] teaching people exactly what to look for in a sophisticated fishing attack which would

[00:08:30] require years and years of expertise.

[00:08:33] What we focus on is what are the processes that you can follow when you get a request for

[00:08:39] information to make sure that the request is valid and that includes not sending sensitive

[00:08:47] content through email always sharing the content through a different mechanism validating

[00:08:53] requests that are for information of a higher criticality level.

[00:09:00] Meaning have you checked with your manager to make sure the request is valid?

[00:09:03] Have you actually checked with the CFO through internal communication that they want a list

[00:09:11] of all of our customer information.

[00:09:14] Things like that those processes enable employees to have the guardrails where they don't

[00:09:19] have to be experts in identifying a malicious AI generated fishing attack.

[00:09:25] Instead they can have some simple rules that they just follow and if they follow those

[00:09:30] it eliminates the possibility for a lot of those attacks to be successful.

[00:09:34] Completely agree with you and we mentioned the mother of all breaches attack in January

[00:09:39] of the scale of that and towards the end of last year there was of course the move IT

[00:09:44] each impacting.

[00:09:45] I think it's about 60 million users or 62 million users, 2000 organisations, a cost of something

[00:09:51] like 10 billion dollars which is just phenomenal and when you highlight that along with recent

[00:09:57] cyber breaches and the financial and operational stakes etc we're seeing more sophisticated

[00:10:03] fishing and cloud account takeovers all in a straightening the complexity of some of these

[00:10:08] cyber attacks.

[00:10:09] So would the evolution of all this alongside ransomware tactics?

[00:10:14] What steps can companies take to maybe better protect themselves against these increasingly

[00:10:19] sophisticated attacks because they're actually on the increase, they're not on the decline

[00:10:23] right?

[00:10:24] Absolutely and I'm not sure if you have seen the attack that somebody used an actual video

[00:10:31] call with AI generated person that resulted in a loss of like 23 million dollars to

[00:10:39] one company.

[00:10:41] So the attacks are for sure becoming more sophisticated more difficult to protect against.

[00:10:47] One of the important things to call out is I live in Arkansas, you don't have to know

[00:10:54] where that is but what's important about it is there's a lot of windy curvy roads and

[00:11:00] the speed limits are fairly high here so you can be going 55 miles an hour and then

[00:11:05] hit a very sharp turn.

[00:11:07] There are very few signs that say sharp turn ahead I've thought about that and I don't

[00:11:13] know if this is the official answer or not but let's say that they put a sign on 9

[00:11:18] of the 10 sharp turns.

[00:11:22] The likelihood that people would run off the road on that 10th turn is very high because

[00:11:27] they're used to seeing a pattern of what is safe.

[00:11:31] The reason I mentioned that organization should absolutely put in their fishing protection

[00:11:36] software.

[00:11:37] They should absolutely put in their DLP protection software.

[00:11:40] They should put in these components and these industry standard tools.

[00:11:43] The problem is what if a fishing attack or a ransomware attack makes it through those?

[00:11:52] There's an inverse training that we're doing subconsciously with employees.

[00:11:55] If teaching them, if it's in your inbox it's safe.

[00:12:01] That is where things get really dangerous.

[00:12:05] I am of the firm belief that you like table stakes you have to have those tools but if

[00:12:11] you're communicating to your employees that you have those tools for their safety we've

[00:12:16] got to be really careful about what that's actually conveying.

[00:12:19] The real message we want employees to hear is validate everything because things are

[00:12:27] going to get through.

[00:12:29] Yeah, such a great point.

[00:12:31] A great analogy to bringing it to life as well.

[00:12:34] We might break a record here because I think we're going close to 15 minutes without mentioning

[00:12:38] AI on the tech podcast but I'm going to go in there now.

[00:12:42] I've got to ask how do you see AI transforming the field of cybersecurity and the months

[00:12:48] ahead?

[00:12:49] I'm not sure if I can talk and hyper around it at the moment but what are the potential

[00:12:52] benefits and risks because it seems a bit of about import right now?

[00:12:57] AI is an amplification of capacity meaning if somebody is a absolute stellar employee

[00:13:09] and they have access to AI it's probably not going to make them a better employee.

[00:13:14] What it's probably going to do is let them get to the end result faster.

[00:13:18] Yeah, because they understand what good looks like they can get to good faster.

[00:13:23] The same is true of a mediocre employer or employee it probably is just going to help

[00:13:28] them get there faster.

[00:13:29] The way that I see AI impacting the industry today and this isn't even future state this

[00:13:34] is just today is a lot of our cyber security tools are leveraging AI to be smarter and

[00:13:43] better about catching the types of attacks that it used to be difficult to identify.

[00:13:50] For example, on a simple fishing attack you might have a role that protects against

[00:13:57] email coming in from an outside source if it has an executive name in it.

[00:14:02] So if it's David Ferguson coming through a really easy way to bypass that would just

[00:14:08] be to misspelled my name.

[00:14:11] And old tools that are just offended on redgex to look for some keywords or some hot topics

[00:14:16] can be easily bypassed by misspellings and what AI is able enabling those cyber protection

[00:14:24] companies to do is to be a little bit smarter to look at the misspelling without that

[00:14:30] thing to explicitly write out every permutation of misspelling of my name to flag that is potentially

[00:14:36] suspicious.

[00:14:37] The inverse of that is also true.

[00:14:40] The attackers are using that to become more and more sophisticated, especially around

[00:14:49] driving to the urgency of emotion.

[00:14:52] People make mistakes when they start going too fast in their in panic mode and they feel

[00:14:56] like they're under pressure and nobody wants to displease their boss.

[00:15:01] Nobody nobody wants to displease their CEO.

[00:15:06] There's no that that's what they feed off of that urgency is is where that can come

[00:15:11] from and and one of the things that the attackers can do is if they could get an employee to

[00:15:16] just respond to an initial email.

[00:15:19] They can take that response and say AI, what was the emotional state of the person that

[00:15:24] wrote this?

[00:15:25] How do you think they responded respond to them in a way that increases that sense of

[00:15:32] urgency?

[00:15:33] So it's no longer one and done with AI and with this automation, they're able to iterate

[00:15:39] very quickly and really pray on those emotions.

[00:15:41] So I think that AI is helping our cyber security platforms increasing capability, but just as

[00:15:49] fast the attacks are also increasing in that complexity and that capability.

[00:15:54] If we look back a few years ago, there was so many companies and startups just putting

[00:15:59] blockchain on the end of everything.

[00:16:01] That was the big buzzword.

[00:16:02] That's what everyone was talking about, even if you didn't have blockchain, they called

[00:16:05] themselves a blockchain company and it feels like we're almost heading into the same

[00:16:09] territory because everyone's excited about AI and a lot of startups and a lot of businesses

[00:16:14] are using the words AI when they don't have AI at all.

[00:16:17] That's a topic for a whole other conversation there, but I'm conscious when so many businesses

[00:16:22] want to adopt AI in their cyber security strategies and doing it securely, they're going

[00:16:27] to be bombarded by so many different companies with so many different claims.

[00:16:32] What would your recommendations be for any company looking to adopt AI in their cyber security

[00:16:38] strategy?

[00:16:39] AI is a tool and just like any tool, there are some great ways to use it and then there's

[00:16:44] some dangerous ways to use it.

[00:16:47] Protecting your internal data is paramount when selecting any AI tool or any AI functionality.

[00:16:54] A very common attack is to trick AI tools into giving you data that has been input by

[00:17:05] a different company.

[00:17:06] If you think about the type of data that employees are probably putting in AI tools, even if they're

[00:17:11] not authorized, it's going to be reports that they just want spell-checking grammar correction

[00:17:17] on.

[00:17:18] It's going to be performance reviews.

[00:17:20] It's going to be messages that they want to send to their boss asking for a raise.

[00:17:25] It's going to be information that is a gold mine for reconnaissance if you're trying

[00:17:33] to create an emotional response to a message.

[00:17:39] How do you protect yourself against that?

[00:17:41] You make sure that the AI tools that you are using or that your vendors are using do not

[00:17:49] train on any of the data that you provide.

[00:17:52] You make sure that those organizations are properly handling your data correctly, period

[00:17:59] that those employees don't have access to your data because maybe those employees

[00:18:03] are creating a response to you and they'll put that response in AI.

[00:18:07] There's so many ways that data could leak.

[00:18:09] The way the benefits of using it responsibly though, it's an incredibly powerful tool.

[00:18:16] If something is simple as in Lucid, we can use AI to help identify what type of shapes

[00:18:22] are going to be on this diagram.

[00:18:25] Instead of a user having to hunt for those, we can just bring those to the forefront based

[00:18:29] off of the patterns that we understand around when people are creating diagrams.

[00:18:34] There's some really cool things that can come from it.

[00:18:37] Again, going back to my previous statement, I think that it enables employees to get

[00:18:44] to the solution faster.

[00:18:47] But there's certainly risk there and if that risk is in balance, you should just avoid

[00:18:52] it.

[00:18:53] If it is balanced, rate outcomes can happen.

[00:18:57] There are two other ends of the spectrum when we're talking about AI and people especially

[00:19:02] in the world of cybersecurity.

[00:19:03] On one end of this, we've got the huge cybersecurity skills shortage so people need their cybersecurity

[00:19:09] teams to be incredibly focused.

[00:19:12] On the other side, there's this fear that AI is going to come and take away people's

[00:19:16] job.

[00:19:17] Can you discuss how AI can actually reuph some of those resources in cybersecurity and

[00:19:22] the types of solution enable cybersecurity professionals to focus on that may be off

[00:19:28] a more valid doing them?

[00:19:30] That is a scary question to answer because as soon as I answer it, there's going to be

[00:19:35] half the listeners that are completely divided.

[00:19:38] I'm just going to forge forward.

[00:19:41] I hope AI takes away the work that people think is their job.

[00:19:48] What I mean by that, if I look at employees that loosen only and I look at different teams

[00:19:57] whose entire purpose today is to fix data errors that are introduced because of data inconsistencies.

[00:20:06] They don't enjoy that type of work.

[00:20:08] They don't enjoy the interactions that they have when other employees are like, hey, this

[00:20:13] data is incorrect.

[00:20:15] Can you fix it?

[00:20:16] I hope that work goes away and the reason I hope that is that Lucid, we only hire really

[00:20:22] capable people and we can put that to a computer that doesn't care.

[00:20:27] Then we can take our employees that we hired to actually provide innovation and they could

[00:20:32] start providing that innovation and that value and that self-growth etc.

[00:20:36] I don't see AI removing jobs.

[00:20:40] At least at most companies, what I do see is let's throw all the crap work that nobody

[00:20:46] likes about their job anyway to AI.

[00:20:49] Yeah, I can't agree more.

[00:20:52] Work that sucks, get rid of it and get out of here and we can all do something we enjoy

[00:20:56] and there are so many human skills that technology can't replace like creativity, innovation, strategy,

[00:21:02] management, so much that we want to be better focused on.

[00:21:07] For any business leader listening, maybe we've setting off a few light bulb moments in

[00:21:11] our conversation today.

[00:21:12] Maybe that leader wants to improve their organisations, cyber security, posture to give them

[00:21:18] a powerful takeaway.

[00:21:20] What key principles should they be keeping in mind this year?

[00:21:24] We are in an accelerated arms race.

[00:21:27] AI has greatly accelerated the security and productivity arms rates.

[00:21:33] It is more important than ever to make sure that our processes enable employees to do

[00:21:38] the right thing easier.

[00:21:42] Nobody wants to do work harder, so if we can make it easy for employees to do the right

[00:21:47] thing, they're going to follow that.

[00:21:50] By implementing verification processes that just happen across all requests that are

[00:21:55] across department, out of order, etc.

[00:21:58] We can likely eliminate most if not all fishing attacks that people are following victim

[00:22:04] to today, which means that there's going to be more and more sophisticated in the

[00:22:08] facts that we'll have to protect against tomorrow.

[00:22:10] But today a lot of the protections that we can implement that are going to be most effective

[00:22:16] is just by having really solid established processes.

[00:22:20] I don't think that's a powerful moment to end on today but obviously sourdough security

[00:22:24] is a very serious subject but we're recording this on Friday so I'm going to try and have

[00:22:28] a little bit of fun with you now.

[00:22:30] And asking to leave everyone listening with the funniest or most interesting story that

[00:22:34] you've had in your career because I suspect out there on the cyber security battlefield,

[00:22:39] you picked up more than a few stories along the way.

[00:22:41] Some good, some bad, some just amusing, some you'll be able to share, some you won't.

[00:22:46] But as a story you'll be able to share today.

[00:22:49] I think I can share this one.

[00:22:50] I'm not going to mention company names but if you look at my background, you can probably

[00:22:54] figure everything out.

[00:22:55] But at a previous organization, I was working for a company and this company was actually

[00:23:04] managing DNS for the United States largest banks, the largest automakers and distributors

[00:23:12] in the United States and other organizations that were of equal size across the United States

[00:23:17] and really across the world.

[00:23:18] A coworker and I were making a change to the servers that were running those DNS and we

[00:23:25] were following the processes exactly what the vendor described and it deleted all of

[00:23:32] the DNS records for all of those companies.

[00:23:37] So if you were part of that and impacted, it would have been years ago and an entire

[00:23:43] organization would have disappeared from the internet.

[00:23:45] The solution that we were using was all built in so the backups were part of that solution

[00:23:51] and this vendor had a bug and it deleted everything.

[00:23:56] That was a pivotal moment in my career.

[00:23:59] I wasn't the lead on it, I was more junior at the time but I was certainly part of it.

[00:24:05] The reason I say it was pivotal is I'm sure that everybody can appreciate the panic

[00:24:11] that instantly said in when you realize what just happened.

[00:24:17] And I remember the more senior person, he stood up and said, I've got to go to the bathroom

[00:24:26] and then he ran away and it's just sitting there.

[00:24:31] And when he came back and it was only like a minute, when he came back, he was calm,

[00:24:36] he was collected, he called up the vendor and said this is what happened.

[00:24:42] My first reaction was we've got to restart, we've got to get it back, we've got to do

[00:24:47] this but he had the foresight take a step back.

[00:24:52] This is bad, don't make it worse.

[00:24:55] We called the vendor, they had their moment of panic and then when they calm down they

[00:25:00] said, okay the running state of this one server is going to have everything we need.

[00:25:08] And we worked with them for the next hour and a half to extract all of the data and then

[00:25:14] recreate the records like we had an hour and a half of downtime and you can imagine the

[00:25:19] phone calls that were coming in during that but we were able to recover everything.

[00:25:26] I learned years ago, it is important to take a step back to not make decisions based

[00:25:33] off of in motion to make sure that you're thinking clearly and you know, I've parked

[00:25:39] a lot on process but the reason is if I had instantly acted based off of the motion

[00:25:46] everything would have been gone.

[00:25:48] We were one command away from losing and not being able to recover any of that data.

[00:25:54] So that's my pivotal moment in my career that's shaped a lot of the decisions that I

[00:26:01] make.

[00:26:02] What an amazing story and you are talking to an exchange manager so soon as you started

[00:26:07] your sentence with, I was working on a change, oh no, what about backups, rollback plans

[00:26:15] etc but great story, absolutely, that's one that will stay with me long after we finish

[00:26:20] this podcast today but anyone listening just want to find out more about Lucid though

[00:26:25] and exploring some of the topics we talked about today.

[00:26:29] Where would you like to point everyone listening if they want to contact you, you'll

[00:26:31] be able to find out more information?

[00:26:34] Absolutely so our website lucid.co we create visual collaboration software and if you're

[00:26:42] not familiar, think google docs meets visio but even beyond that the ability to have a virtual

[00:26:50] whiteboard and being able to collaborate and communicate across your teams especially

[00:26:54] in a hybrid or fully remote environment, that's how I diagram all of our processes.

[00:26:59] Like I'm talking about processes, I'm a visual thinker, a visual learner, we diagram

[00:27:05] out those processes so that it's easy for people to consume.

[00:27:08] Well, absolutely love chatting with you today and we talked about so much there from

[00:27:12] how companies can expect attackers to increasingly focus on more attacks from money, fishing

[00:27:17] and ransomware will continue to be tactics that will have to change to result to financial

[00:27:23] gain.

[00:27:24] And with AI attackers, we'd be able to create more advanced fishing attacks at our far

[00:27:29] more personal time relevant and time sensitive.

[00:27:31] I've just looked here more about what we can expect this year and how we can counteract some

[00:27:36] of those bad guys and also why we shouldn't be afraid of AI use AI as a friend to cyber

[00:27:41] security it can improve mundane and routine tasks or even get rid of them completely but

[00:27:47] more than anything just thank you for sharing that and the finishing with that amazing

[00:27:51] story as well.

[00:27:52] Thanks for joining me today.

[00:27:54] Excellent, that was a blast.

[00:27:55] Thank you.

[00:27:56] I think today we uncovered the importance of clear communication within organisations to

[00:28:05] effectively combat cyber security threats.

[00:28:07] The changing landscape of cyber attacks with a high and focus on financial gain and the

[00:28:11] transformative role of AI in both enhancing and challenging those cyber security measures

[00:28:17] all top of mind.

[00:28:19] But communication has got to be key here and David's insights reminded me that the battle

[00:28:23] against cyber threats technology is just not enough on its own.

[00:28:28] It's the human element, our ability to communicate, innovate, strategise these are the things

[00:28:32] that truly make a difference and by leveraging AI to automate routine tasks.

[00:28:37] We can then empower cyber security professionals to focus on some of those more strategic initiatives

[00:28:43] improving the overall security posture of organisations in the process.

[00:28:47] And yes, adopting AI securely requires a balanced approach especially if we're going to be protecting

[00:28:53] internal data while harnessing AI's potential to bolster our defenses against these attacks.

[00:28:59] But I think David's experience is from overcoming significant challenges like accidentally deleting

[00:29:04] critical DNS records to implementing processes that simplify secure behaviours, serve as valuable

[00:29:11] lessons for all of us.

[00:29:13] But hey, that's just my takeaways.

[00:29:14] I mean, Sam had a great conversation with David with a few laughs along the way but over

[00:29:19] to you as we all continue to explore the role of technology, how it's shaping our world

[00:29:24] let's keep our conversations going.

[00:29:27] How will your organisation navigate these challenges and opportunities presented by AI in security?

[00:29:33] This is where I put the microphone in front of you, show your thoughts by emailing me

[00:29:37] tech blog writer outlook.com, Twitter, LinkedIn, Instagram, AtNeilCQ's, nice and easy to get

[00:29:42] hold of but that's it for today's episode but I do invite you to join me again tomorrow

[00:29:47] for another episode of Tech Talks daily where we'll try and bring you more insights into

[00:29:52] the ever evolving landscape of technology and its impact on our life, business, world

[00:29:58] and everything that we do.

[00:30:00] But until then, Stakior is staying formed, keep pushing the boundaries of what's possible

[00:30:04] and we'll speak again tomorrow.