What if the cybersecurity industry has spent decades fighting the wrong battle?
In this episode of Tech Talks Daily, I sat down with Benny Czarny, founder and CEO of OPSWAT, to discuss why he believes the traditional "detect and respond" model is no longer enough in a world where AI is accelerating cyber threats faster than security teams can react.

Benny joined me to discuss his new book, Cybersecurity Upside Down, which combines personal stories from building OPSWAT with a bold argument for rethinking how organizations approach cyber defense altogether. His central belief is simple but provocative: detection-based security has trapped the industry in a losing cycle in which attackers need to succeed only once, while defenders are forced into a constant state of reaction.
During our conversation, Benny explained how his thinking evolved after realizing that even layering dozens of antivirus engines and sandboxing technologies still failed to stop malicious files reliably. That realization ultimately pushed him toward a prevention-first philosophy built around Deep Content Disarm and Reconstruction, or CDR. Rather than trying to determine whether a file is malicious, the approach assumes files may already be dangerous and regenerates clean, safe versions before they ever reach users or systems.
We also explored how generative AI is changing the cybersecurity landscape in ways many organizations still underestimate. Benny shared why AI is dramatically reducing the time required to create malware, weaponize exploits, and scale attacks, effectively giving even inexperienced attackers capabilities once reserved for nation states or advanced cybercriminal groups. He also raised concerns that AI data lakes could become contaminated with malicious content, creating entirely new risks for organizations rushing to deploy large language models without securing the data feeding them.
One of the most fascinating aspects of the discussion was the psychology and culture within cybersecurity teams. Benny argued that the industry often celebrates visible incident response activity while undervaluing quiet prevention. In a world dominated by alerts, dashboards, and SOC metrics, truly preventing attacks can almost appear invisible, despite potentially delivering far greater security outcomes.
We also talked about the sectors Benny believes are most exposed today, including energy, manufacturing, and critical infrastructure operators that still rely heavily on reactive security models while facing growing operational and regulatory complexity. He explained why some industries are advancing faster than others and why compliance mandates could become a major catalyst for broader prevention-first adoption.
Beyond cybersecurity itself, this episode also offered a fascinating look into Benny's entrepreneurial journey, what he learned building OPSWAT over two decades, how AI helped him research and structure his book, and why he is now even producing a cybersecurity-focused TV series called Into the Breach, designed to make complex security concepts easier for wider audiences to understand.
This conversation challenges many of the assumptions the cybersecurity industry has normalized for years. Whether you work in security, IT leadership, compliance, or want to understand how AI is reshaping digital risk, this episode offers a very different perspective on what modern cyber resilience could look like in practice.
Useful Links
Please check the partners of the Tech Tech Talks Network
Learn more about the NordLayer Browser

[00:00:00] - [Speaker 0]
So a huge thanks to Denodo for supporting the Tech Talks Network, helping us produce more than 60 interviews a month. And when it comes to trusted data products, it all starts with the right foundation. And trusted data products start with Denodo because they can help you create, manage, and deliver business ready data products faster with secure real time access across all of your data sources. And you can learn more by simply visiting donodo.com. What if the biggest weakness in cybersecurity is that assumption that we can spot every single threat before it causes damage?
[00:00:43] - [Speaker 0]
Well, today, I'm joined by the founder and CEO of a company called Opswat, and he's also the author of Cybersecurity Upside Down. And Benny has spent decades protecting some of the world's most sensitive environments from energy and manufacturing to finance and defense and even national infrastructure. And his argument is refreshingly direct. Detection has taken us a long way, but attackers are now moving faster than many systems can respond. But in his new book, Benny challenges security leaders to rethink the way that they treat files, trust, resilience.
[00:01:24] - [Speaker 0]
So instead of asking whether a file appears safe, he makes a case for assuming every file is suspicious and rebuilding it in a clean and secure form before it can do any harm. And we'll also talk about the philosophy behind prevention first cybersecurity, why AI is changing the balance between attackers and defenders, and what critical infrastructure operators should be worried about, and why true cyber resilience might depend on preventing attacks that no one ever sees. So my question to you is, are you ready to turn cybersecurity upside down? If you are, good, because I got the perfect guest lined up for you. So let me introduce you to him now.
[00:02:08] - [Speaker 0]
So thank you for joining me on the podcast today. A real pleasure to have you join me. For everyone listening, can you tell everyone a little about who you are and what you do?
[00:02:20] - [Speaker 1]
Neil, thank you so much for having me. My name is Benny Cianni. I'm the CEO and founder of Opswort. Opswort is a cybersecurity company. We focus on protecting the world critical infrastructure.
[00:02:32] - [Speaker 1]
What we do, we have a platform that includes more than 20 products. We have cybersecurity technologies that power this platform, and also we have a training academy. This training academy trains cybersecurity professionals to what is critical infrastructure and how to use our platform and our technology technologies to better protect critical infrastructure around the world. We have we are protecting critical infrastructure in more than 80 countries. We have more than 1,000 employees.
[00:03:04] - [Speaker 1]
And, yeah, we take a lot of pride. We're growing really fast. I'm looking to take the company eventually public. I think we have the the right posture for that. We have a very diverse and growing portfolio.
[00:03:16] - [Speaker 1]
The growth is very impressive. We have even a slight profitable profile. The cool thing about our platform, we have cloud solutions, we have on prem solution, and also we have hardware. So we actually we manufacture hardware like optical files, kiosks, and we do all of that out of Tampa, Florida very soon out of a facility in Europe and out of a facility in Asia.
[00:03:41] - [Speaker 0]
Wow. You're incredibly busy. It feels like a very exciting time for you. And before you join me on the show today, I was doing a little research on you. And one of the things that stood out is I read that you said that the cybersecurity industry is currently trapped in a detect and respond cycle that attackers are now winning.
[00:04:00] - [Speaker 0]
So was there a specific moment in your career when you realized that traditional model was fundamentally broken? And what did you see that maybe others were missing at the time looking back?
[00:04:11] - [Speaker 1]
Yeah. So that that actually that was maybe twelve years ago, maybe more. And that was where kinda the so the the company went through some evolution. So one of the things that I noticed that was maybe twelve, fourteen years ago is that there's a big flood in antiviruses. Actually, initially, it was in antiviruses that antiviruses were never designed to scan a file, all designed to protect the device.
[00:04:38] - [Speaker 1]
And then while pretty much testing that and and building very much, I would call it, file of data, I was trying to create a very deterministic approach to protect organization for the threats within the files. And I really try I took a very extreme kinda I tried to take the most extreme, pretty much, approach to that. I combined all of the antiviruses and sandbox into this approach, try to prevent any threats. Think about that. If you put more than 30 different antivirus engines and sandbox on any data stream, you would expect pretty much nearly zero threats to penetrate that.
[00:05:16] - [Speaker 1]
And I faced with actually different reality. And then while stumbling across that, I realized that and beating myself with a stick, I realized that there's a big flood in the industry. The the industry is is is pretty much in a vicious cycle of detection because think about that. We are like, okay. Let's it could be an antivirus, could be a firewall, could be an IPS.
[00:05:41] - [Speaker 1]
Let's detect a threat. And after we detect a threat, that's gonna create a respond to this specific threat. This it could be an antivirus, it could be a firewall, it could be anything. Now with AI now, it's AI is is pretty much getting everything on steroids, getting everything faster. Right?
[00:05:59] - [Speaker 1]
AI is a great thing. You are now in engineers developing faster. Also, malware writers are writing things faster. Time between an exploit into, like, a malware phone is exploited much, much faster. So what do you do then?
[00:06:14] - [Speaker 1]
So because that was realized, the big moment ahead, this is what what was was about was about that. And the realization was that the prevention could be done not by detection. And maybe a deterministic approach for prevention could be by file regeneration. So assume all of the files are malicious. So instead of cannot get the detection, let's regenerate the files.
[00:06:40] - [Speaker 1]
So think about that. Assume that again. You send me an email, by the way, with a full document. By the way, I this file was deleted. I assume that this file is malicious.
[00:06:49] - [Speaker 1]
And our system regenerate a new file that we generated in a very secure and clean way that look exactly like your new file just with a different hash. However, it was clean because we regenerated the file. The chances for Malware in this specific this specific file is are extremely, extremely, extremely slim. Think about that concept. So that's what's kind of the that's that's the whole kind of concept here, very kind of very, very relevant these days.
[00:07:16] - [Speaker 0]
And one of the reasons I was excited to get you on the podcast with me today today is after looking at your brand new book called cybersecurity upside down. And one of the things that I love about it is I've not seen anything like it because this it's described as part founder story and part industry wake up call, but one thing that stands out straight away is the amount of passion and love you have for this space and everything that you've learned and getting all that out of your head and on paper. But I'm curious, when you look back at that journey building ops, what what were the biggest failures, frustrations, or even hard lessons that maybe helped shape this prevention first philosophy that you have?
[00:07:57] - [Speaker 1]
So prevention first philosophy is more of a journey, and I try to articulate some of this journey in my book, not all of it. Though I can tell you that I I keep kinda asking, okay. Well, biggest failure at Opsot, well, first, if I'm not making a mistake, then usually, I'm on vacation. Every day, I'm making a mistake. Every day working at Opswort, I'm making a mistake.
[00:08:19] - [Speaker 1]
Could be a prioritization mistake, could be a focused mistake, and then maybe something I make I say or something I don't say. So Yeah. So however, I mean, yeah, I mean, I can we can talk about multiple things. I would say that, yeah, we should move to a CDR approach way faster in the in the life cycle of Ops. So I should have done it in 2004, my only in 2008.
[00:08:43] - [Speaker 1]
Yes. So that would be maybe, you know, something to to whine about. Though yeah. I mean, it's more about the journey. It's a trial and error.
[00:08:49] - [Speaker 1]
I'll just try to to articulate that. Also, life, building a company, building a product, building anything is life is like trial and error. And you try something, you're trying to achieve, you're trying to stay on on on kinda on your cybersecurity mission. And I I think there's one operating principle and and taking a very taking taking taking pride of, and maybe I didn't write about it in the book, is that I was never trying to sell a product. Yeah.
[00:09:22] - [Speaker 1]
I was always trying to deliver security.
[00:09:25] - [Speaker 0]
Mhmm. When you wrote that book, who who did you have it in mind for? Who was it aimed at? Because I love how it's so many different things. I couldn't pigeonhole it and and say, you know, this is just another cybersecurity book because it's so much more than that.
[00:09:38] - [Speaker 1]
But Thank you.
[00:09:39] - [Speaker 0]
Who did you write it for?
[00:09:41] - [Speaker 1]
So I was inspired by several books. So I was inspired by the Code Project. It's the history of encryption. I'm not sure if you read that. So a very visual book is actually more about it's a history book about encryption.
[00:09:51] - [Speaker 1]
However, it's very technical book because actually getting it's delving into the encryption protocol themselves. So it's like it's not really a history book, and also it's not really a technical book. So what is it? Though I what I'd really try to do is I try to make an impact with the book, and that was my operating principle. So initially, when I I tried to when I was I said, yeah, I want to go and make an impact on this book.
[00:10:17] - [Speaker 1]
And by the way, when I you're looking at chapter one. And when I'm I'm writing this scene that I was watching Homeland with my wife, that's a true story. I didn't invent anything. I did watch online with my wife, and there's this really JPEG incidents with Carrie, and she was pretty much downing, and then she she was hit with ransom. And my wife that again, she's actually, she's taking a part.
[00:10:42] - [Speaker 1]
She's designing she's designing things at Opsworth, and she said, can be and said, I'm developing CDR, she is she can't she's telling me, oh, it's it's fiction or something is wrong. I need to do something better than that. So I need to create an impact. So I need to do several. I need to market this technology in a much better way.
[00:11:04] - [Speaker 1]
So I saw that talking to so many different CISOs, onboarding so many employees, speaking in so many conferences. I said, okay, had enough. I need to go and write a book. I need to do by the way, it's not only writing a book. We also have the academy.
[00:11:22] - [Speaker 1]
I'm planning to go and do some many more things around kind of promoting CDR. I need to elevate and increase the visibility of this technology. I need to do something about it. Okay. And then I started with it was more than two or three more more than two years ago, maybe close to three.
[00:11:40] - [Speaker 1]
So I wrote, like, maybe a 100 pages about this technology. And I went to so actually a writer, actually, I mentioned his name in the book. His name is Dan Woods. And I told him, hey, what do you think? He's based in New York.
[00:11:53] - [Speaker 1]
I'm very happy he's based in New York because it's the straight shooter. So, well, it's piece of crap. Nobody's gonna read that because it's too technical. It's just it's a technical book. It's a very, very technical book.
[00:12:04] - [Speaker 1]
It's yeah. If you want to go and get a technical book, it's like, yeah. I mean, it's like a a paper. Do you want I mean, I told him, hey. Yeah.
[00:12:11] - [Speaker 1]
I'm looking for impact here. It's cool. It's the best thing that ever happened to mankind. It's the best technology. It's like, think about that.
[00:12:17] - [Speaker 1]
It can prevent AI born threats. It can prevent tons of threats. It's really good. So I said, well, readers will not be interested about this technology. They will be much more interested about how you came about this technology and your journey.
[00:12:32] - [Speaker 1]
So then this is why it took me much longer to come up with all that. And then then I said, okay. You know, to go and make it visual and and so on. I said, okay. Nobody want to really read much.
[00:12:43] - [Speaker 1]
So and I also want to I want to make it super visual. So you you saw the how of the visual arts there. So I'm a partner with Surge based in The UK, really cool designer art visual also for you to get some visuals like that and so on. So because I'm I try to make the the book also fun. Another operating principle set for the book is that I I built in, like, three layers.
[00:13:07] - [Speaker 1]
I mean, one layer, like, super simple because, again, my my goal is impact that everybody gets what is CDR, why this technology is so key and so important to and could be so impactful for cybersecurity and IT. One is a bit more technical for any IT, and one is even more technical for the folks that would like to question and would might be even more interested about more and maybe a deeper a deeper technical kinda delve into the into the a bit more into kinda getting into the weeds about this technology. So that's kinda a bit about the book and philosophy about the book. So the the goal is impact. In chapter six is I took the liberty and also talked about my vision about this technology.
[00:13:55] - [Speaker 1]
One of them is I read all of the Homeland Security executive orders, and I came up with one I didn't like all of them. I I I came with one that is actually ultra specific and very specific to CDR, ready for the president to sign. So I'm I'm hoping that somebody in the White House will take it seriously because I think that it could decrease the cybersecurity attack surface significantly from all of the of our all of our US critical infrastructure and other cybersecurity assets. CDR is being implemented in several countries. We work with them closely.
[00:14:32] - [Speaker 1]
It's a very nice adoption in Australia, Japan, Israel. I'd like the same adoption also to be in to happen in other countries, and hopefully, this book will help accelerate the adoption in other countries as well.
[00:14:46] - [Speaker 0]
One of the things I love about it is it doesn't matter, as you said there, whatever skill set you're at, everybody will be able to pick that book and find something interesting that will impact them or allow them to create an impact as well. And fast forward to present day, right here now in any enterprise right across the landscape, AI is accelerating the speed and scale of cyber threats, and we're seeing attackers generate malware variants and phishing campaigns faster than many security teams can react now. So I'm curious from what you're seeing here, how much has generative AI changed that balance of power between attackers and defenders? And are most organizations guilty of possibly underestimating what's coming next? What are you seeing here?
[00:15:30] - [Speaker 1]
Yeah. So AI is definitely it's like see it as like a double edged sword. And whenever looking at AI, let's look at kinda two attack surface happening that I'd like to maybe to that I I think that can add value on. So number one is attack surface because so if you had ScriptKitties now with LLMs, whether it's public LLMs or on prem LLM, anybody can simply download, you could generate this pretty much document based malware or you can create malware in scale faster. And anybody from their home computer or their kind of modified home computers can act like a superpower.
[00:16:11] - [Speaker 1]
So this is crazy. Insane. Think about the the the the power that every script kit is gonna have is really amazing. Now there's another thing that is that not many are looking at, which is the zero days and the vulnerabilities. I mean, the time to exploit.
[00:16:24] - [Speaker 1]
So if you have a vulnerability, you can pretty much leverage the exploits or any vulnerability to actually to develop exploits using the LLMs, and many of them are file based. Giving you an example. I mean, how do you think a zero a a vulnerability really happens? It's sometimes taking advantage of the viewers of the specific file type. JP, for example, video format, for example.
[00:16:48] - [Speaker 1]
So there's a buffer overflow in the specific viewer, and the exploit will pretty much take advantage of that. With LLM, first, you can find more. Number two, you can write more exploits. Now so that's that's another issue that LLM. So what you can do against it?
[00:17:06] - [Speaker 1]
So you can go and speed up and you can go and the defenders can do that. So yes, you might or then it's a double edged sword. Whenever you go to critical infrastructure, you cannot afford patching a critical infrastructure. Whenever it's offline or whenever you require testing, you have a water pump, you don't expect like, okay, you found a zero day within two seconds to go and patch it because this requires a full rigorous testing of this water pump or this oil pump or this energy facility or this nuclear facility. Whenever it's working offline, it's it requires this IT, like, sometimes weeks or months of testing, original testing before they test it, and all of these months are gonna be exposed to this zero day.
[00:17:50] - [Speaker 1]
Yeah. So yeah. So you have that. And and and another issue that is happening now with LLMs is the more and more investing in LLMs, and the data lakes for the LLMs are another issue. Because if the data lake of the LLM is contained contaminated with malware, then you have a sometimes you have a bigger issue.
[00:18:10] - [Speaker 1]
You have and then this the the data is con con contained, then pretty much everything is generated con contained contaminated with malware. Now they've been public, by the way, even I'm I'm sure if you you follow Entropic, I just did a write up last night, and I provide a bunch of examples, even public examples. I mean, Entropic people use Entropic. Entropic, the safest theoretically AI model, malware writers end up leveraging the cloud version of Entropic to better malware. So so and and then I'm not talking about offline MLM models.
[00:18:43] - [Speaker 1]
You can go and download, modify, do whatever you want with. Right? So so and, yeah, so and and and METOS, which is available to BioN tropic or the equivalent that you have by OpenAI. You can also build equivalent models by offline models yourself. That's yeah.
[00:19:01] - [Speaker 1]
Maybe they're gonna be as good. Some would argue that yes. Some argue that not. That also could get you the this exploits and also would aggravate this all kinda attack surface that AI can generate to you. So what can you really do?
[00:19:15] - [Speaker 0]
Yeah. And another one of the interesting ideas in your work is this concept of a trust no file. And for listeners who might be listening and are not deeply technical, can you just talk a little about how deep content disarm and reconstruction, how that works in the real world, and why building a a safe file, how actually changes the security equation so dramatically?
[00:19:38] - [Speaker 1]
So the concept is simple. You simply don't justify it. You regenerate it. That's the concept. Right?
[00:19:43] - [Speaker 1]
So it's like, think about, okay, like, okay, you let's say if you want to go camping, you you see you you can buy a stream of water. You want to drink the water. You distill the water, and then you drink the water. You don't test the water. The the antivirus way would be, let's test the water for bacteria.
[00:20:00] - [Speaker 1]
And if I cannot it's safe, then I drink it. However, maybe it's bacteria you don't have a testing for. Distillization would actually guarantee that pretty much the water is safe to drink because you just regenerate the entire water. Right?
[00:20:16] - [Speaker 0]
Probably.
[00:20:18] - [Speaker 1]
So so real distillation, not to the distillation. So that would be the the kind of the, I would say, the equivalent. If you kind of that, I also bring this example in the book, like, don't eat the sheep. You want to eat the sheep, the meat. So you you can either eat the sheep.
[00:20:34] - [Speaker 1]
Or if you're not sure if the the it has a virus or anything like that, you clone the sheep. You take a DNA, clone it in the lab, and you wait. And after that, eat the sheep that you just cloned, and you know it's clean of viruses. Right? So that's another kinda another way to look into that.
[00:20:53] - [Speaker 1]
You just do it super fast. I mean the CDR process is it's almost as fast as an antivirus. It's not like you need to wait a couple of years. So that's kind of another way to look into that. Now the the process itself is not as slam dunk as, oh, let's generate, regenerate the file, and it's it takes some time to to put that together.
[00:21:14] - [Speaker 1]
For example, I go over a simple file format like JPEG or video file or anything like that, and then go over a complex what is a complex file format and what does that entail? Because the regeneration philosophy for this different file format is slightly different. It's like the the content is slightly different, and and the attack surface is slightly different for a simple file format than a complex file format. And the CDR approach is not like an on off. It's not like an antivirus that, oh, there's a virus.
[00:21:45] - [Speaker 1]
There is no virus. With CDR, you because you need to regenerate, you there is slightly more input that usually you configure the system to do, such as how you would like to do CDR. So there's always the default. Though whenever you do CDR, you can do much more because you're looking at the content. For example, whenever you do CDR for, like, Word document, you can say, you know what?
[00:22:11] - [Speaker 1]
I'm I can I want to disable any anything that could be malicious, such as scripts, such as links, such as macros, such as anything, or I'm okay to enable one or two or three elements that will still enable my productivity? Whenever you do it to simple file formats such as JPEG or movie files, you have the liberty to also control some several things. So for example, PII, such as GPS coordinates and so on, that by default we can train or compression algorithms such as JPEG. Do you want to to keep the exact same compression or you have some options to change it? The default would be clean the GPS.
[00:22:55] - [Speaker 1]
You don't want to want to protect privacy and keep the existing compression, though you'll be surprised that sometimes you want to you have options to control these features, for example, in some cases.
[00:23:06] - [Speaker 0]
And we'll also have cybersecurity leaders listening who will already have investments in detection tools, SOC operations, etcetera. If they're listening to you today and agree with everything you're saying philosophically, but maybe their organization is not ready for that mindset or that cultural change. What what's the first practical first step towards shifting from that old detection first mindset to a more of a prevention first strategy and doing it without having to rip everything apart overnight because that that's not gonna work either. But where should they start for anyone listening wanting to follow this philosophy?
[00:23:44] - [Speaker 1]
So number one, chapter chapter five is exactly for you. Actually, I'm talking about the psychology around it because it's very tough. I mean, when was the last day the last time you change your, you know, you change your hairstyle or you have Yeah. Completely or, I don't know, you I don't know, something around you or anything, your your pee or anything like that. People doesn't like to go and change things up, though.
[00:24:05] - [Speaker 1]
Now what's your alternative? Right now, people don't read. There is no really other options right now if people would like to kinda anybody would like to pretty much challenge or anything like that. They would like to pretty much take advantage or to evolve. And I do provide some practical tips to implement that, and some of that is, number one, education, providing examples, educating the team with examples.
[00:24:29] - [Speaker 1]
So pretty much taking it and going to a where for for example, we have free website such such as metadefender.com. You can take, like, the malware, zero day malware for productivity files, upload them, see how CD are doing before and after. There is some fatigue about, oh, you guys are gonna modify my files. The usability is gonna change. People will not be able to recognize that.
[00:24:50] - [Speaker 1]
Yes. Really, take it talk to our over 2,000 customers using it and very happy about it. Some of them are really loud and really happy. So yes. So, of course, we're changing the file.
[00:25:04] - [Speaker 1]
However, the what's the alternative? The alternative, you use the same file. You're gonna be you're not gonna be immune to AI borne threats. You're not you your attack surface will still be kinda out there. So I'm I'm talking about the pro and cons and also to how to go about it.
[00:25:20] - [Speaker 1]
You can start with a small scale. You can show it to your team, build trust within your group as you are deploying it. And a lot of the decision in the cybersecurity market is based on compliance mandates. And I am again, chapter six, I'm touching that. I really believe that if, for example, compliance mandates such as NERC CIP and PCI and GDPR will start mandating that, then I I really believe we're gonna have a safer world.
[00:25:48] - [Speaker 1]
So if anybody in your podcast is in compliance mandate, we'll send them a free copy. Benny.charmi@opso.com. Send me an email. I'll get you a free copy. I'll be happy to go and also present to your Compliance Monday team.
[00:26:02] - [Speaker 1]
I'm really believing in that. It's working in several countries at it's also in really cool places in several countries.
[00:26:09] - [Speaker 0]
Wow. Incredibly generous offer. And you've looking at you, your story there as well, you've also worked closely with governments, critical infrastructure operators, and indeed enterprises for more than two decades now. And I'm I'm curious, when you look out there now from everything that you're seeing, writing about, and hearing, Which industries or sectors do you think are most exposed right now? Because they they still rely too heavily on reactive security models, for example.
[00:26:36] - [Speaker 0]
Are some sectors struggling more than others? What are you seeing there?
[00:26:41] - [Speaker 1]
So I I see all sectors, and then by the way, it really varies between countries. So domestically, US, we Homeland Security defined based on 16 verticals. In other countries, it's structured slightly differently. Whenever you go to some countries, they put the 60 line differently. For example, nuclear is segregated from energy in The US.
[00:27:00] - [Speaker 1]
Also, is yeah, it's also somewhat privatized. My biggest concern domestically is energy. Yeah. I'd like to I would like definitely to see way more CDR adoption domestically, though it's all across the board. I won't say across the critical infrastructure.
[00:27:17] - [Speaker 1]
For some reason, banking is actually adopting that faster than others. And usually, they have well funded team. They have the money. Right? So so they have that.
[00:27:30] - [Speaker 1]
Defense as well, they're more kinda prone to that. Defense and banking, though are a bit more prime for that. Unfortunately, the rest are not because they're not as funded. They are not as they don't have the resources, so they are a bit behind. The energy scares me the most because they have the I I I would say the most at stake.
[00:27:53] - [Speaker 1]
And energy and manufacturing, sometimes it's much more compliance and more checking the box versus making an impact. And, hopefully, with this book and hopefully with some impact, it's not a big kind of financial kind of obligation. I would definitely do a trade off of kind of other technologies to the CDR than to just to make sure that kind of the zero trust philosophy for files is truly implemented.
[00:28:19] - [Speaker 0]
There's also an interesting business and indeed psychological angle here as well because cybersecurity often rewards visibility, dashboards, alerts, even though we're all struggling with alert fatigue and an incident response activity, but prevention can sometimes look almost invisible because nothing happens. So have we unintentionally built an industry where we're just reacting to attacks, firefighting feels more valuable than quietly preventing them, because it certainly feels that way.
[00:28:49] - [Speaker 1]
That's the part of the issue. There is no glory here. Yeah. If it's prevented, you don't even know about it. It's like it's like, you know, double o seven.
[00:28:57] - [Speaker 1]
It's like you just go. You just kind of, you know, destroy the bad guys. Nobody knows about it, and it's just the world is safe. So no raving, nothing. Just kind of and then after that after that, it's like, you know, something kinda something is magically is happening.
[00:29:14] - [Speaker 1]
Yeah.
[00:29:16] - [Speaker 0]
Oh, I absolutely love it. And, I mean, your book as well, it also seems to challenge policymakers and regulators alike to essentially rethink cybersecurity standards. And I love this thirst for change here and doing things differently. So if you have the attention of every CIO, every CISO or government policymaker, if you got in a room with them for five minutes, what would you want them to urgently reconsider about the way that we currently measure cyber resilience?
[00:29:44] - [Speaker 1]
So just rethink any file flow within the organization and and pretty much challenge their detection. I mean, detection is pruned for failure. Yeah. How can any system predict whether a file is malicious or not? It's it's pretty it's it's impossible kinda it's an impossible challenge even for the best AI models.
[00:30:08] - [Speaker 1]
And it's like you cannot really deterministically come to a conclusion whether a file is malicious or not. So you have to kind of take a different approach. And a regeneration is extremely deterministic to approach to prevent fire borne threats to any organization. It's and also, it's again, the and and and the the cool thing about what what what what what, again, I'm trying to do here is to take this technology that only, like, okay, just, defense and maybe some big banks are using and making it available to everybody. Now everybody can use it, okay?
[00:30:45] - [Speaker 1]
And we make it simple and affordable. And and you can read about it, and you can hopefully connect to that. And maybe after the book, maybe we'll create a movie about it. I don't know. Something that will be easy to consume, something to kinda to have, you know, that is easy to integrate to.
[00:31:02] - [Speaker 0]
And let's say there was a movie. Who would you want playing you in that movie?
[00:31:05] - [Speaker 1]
Not me. So just kinda again, I'm saying kinda I I there is a TV series. I mean, by the way, not to that. I mean, there's a TV series that I'm producing now. It's called Into the Breach.
[00:31:15] - [Speaker 1]
Yeah. And we're myth busting. We are the we we are taking, like, very complex cybersecurity topics. So I partnered with Carrie Byron for Mythbusters. Oh, sure.
[00:31:24] - [Speaker 1]
You know her? And then I'll I'll kinda as you're gonna be in Denver, though, I'm it's there there's a lot going on there. We we did episode one is ready, and I did air it in several theaters, actually, in several festivals right now. It's about breaking the firewall. I'm working on episode two right now.
[00:31:39] - [Speaker 1]
Eventually, I'll do an episode on detection technologies, so I'll that's gonna be an opportunity for this technology to shine. Though she's gonna host it, I mean, I'm not sure if I have an appearance there or not. So but I'm producing, though I'm not I'm not necessarily acting.
[00:31:54] - [Speaker 0]
Wow, man. This had no end to your talents. Not only you're writing books, you're a t TV producer as well. How are finding that experience? Is how different is that from the world of cybersecurity, from speaking on stage, writing books to producing a TV show?
[00:32:09] - [Speaker 0]
Like, how did you find that?
[00:32:12] - [Speaker 1]
I'm always always a patient to to movie creations. I mean, I'm I'm I'll send you some other stuff. If you can you become friends on Facebook, you'll see something, a movie, quick a short short movie I produced at at middle school. It's called Addicted at the Computer. It's an autobiography.
[00:32:28] - [Speaker 1]
So
[00:32:29] - [Speaker 0]
I will make a promise to everyone listening. There will be a blog post on my website, Tech Talks Network, where I'll always include useful links where they can find the book, etcetera. If you can get me a clip of that video, I will put that in there too. But finally, before I let you go, after spending years building a company, challenging industry assumptions, and now getting all these ideas into a book and even producing a TV show, What do you hope readers and listeners and viewers will genuinely change after hearing this conversation today? What's that mindset shift that you think will have the biggest impact on the future of cybersecurity?
[00:33:06] - [Speaker 1]
So I would say challenge detection and just go to file regeneration. I mean, I really believe that CDR can again, it's not the silver bullet for everything, though anything about file flow, again, for productivity files, not for executables, it can prevent a lot. It can reduce a lot of unnecessary noise in the cybersecurity world. It can prevent many, many AI borne threats. It can also protect a lot of data lakes for LLMs and just give it a chance.
[00:33:41] - [Speaker 1]
I mean, I think that also any readers should and I provide the proofs for that, that antiviruses are doing a good job protecting the device. However, they're not doing a good job scanning a file. It's a big difference between them. So whenever the readers say antivirus is doing an amazing job marketing themselves as protecting the device, and they'll say, oh, we have 99.9% efficacy rate. And there's also confusing in the market.
[00:34:08] - [Speaker 1]
They think that this is the efficacy rate scanning a file. That's incorrect. And they're taking that for the scanning file, and that's the source for many, many breaches. And I really believe that the approach of file regeneration and applying it to the data flow and applying the firewall of data and pretty much for any file download, file upload, attachments, USB or anything that's kind of filed for the organization's file will be regenerated. I think it's going to be a huge impact to the industry.
[00:34:42] - [Speaker 1]
And for the regulations, anybody in regulations, compliance mandates, applying CDR to any compliance mandates could have a huge impact in the Israel. So anybody here in combined, I'm serious about it. I said before, you need a copy, I can send them a copy of whatever they want, get a quick presentation. So happy to support.
[00:35:02] - [Speaker 0]
And I think that is a powerful moment to end on. So cybersecurity upside down is the book. I absolutely love the art on it as well. So kudos to your illustrators. I think they've done a great job of bringing it all to life as well.
[00:35:15] - [Speaker 0]
And just everything about it really is the full package. And as I said at the beginning, it's part personal insights from your own journey as a company founder and also a call to organizations to rethink their cybersecurity strategies. And anybody listening that wants to find out more information about it, get their hands on a copy, or equally find out more about your TV show, the work you're doing, everything you're doing, where would you like me to point everyone listening? Where should they go?
[00:35:40] - [Speaker 1]
First, they can go to oxford.com. I mean, also my LinkedIn, Benny Chani. I mean, everything is there. I'm hoping to have a my personal website is gonna be live soon. So if you kinda just go to my LinkedIn, benny charney, then benny charney ops sort is very easy to go and get my updates.
[00:35:55] - [Speaker 1]
Awesome.
[00:35:57] - [Speaker 0]
Well, I will include links to everything you suggested there. I've I myself just love how you're challenging these long standing assumptions about defending against cyber threats and championing the importance of a prevention first mindset. So forward thinking. The book is incredible. But more than anything, thank you for taking the time to sit down with me and sharing your story, and I'll be looking forward to that TV show too.
[00:36:19] - [Speaker 0]
But thanks for joining me today.
[00:36:21] - [Speaker 1]
Thank you so much, Liam.
[00:36:22] - [Speaker 0]
Big thank you to Benny for joining me today and sharing the thinking behind cybersecurity upside down. I urge you to check the links out and just see for yourself the the cover art, etcetera, just really brings it to life, and, you can see straight away that this isn't just another cybersecurity book. And one of the many things I found compelling about this conversation was the way that Benny challenged a familiar industry habit. Yeah. We often celebrate alerts, dashboards, response times, and recovery plans, but the best security outcomes are often invisible.
[00:36:56] - [Speaker 0]
Yeah. Nothing happens. No breach. No ransom. No disruption.
[00:37:01] - [Speaker 0]
And that might not create the dramatic headlines, but for businesses, governments, hospitals, utilities, and manufacturers, that is the outcome that matters most. And I think Benny's message is simple but powerful. You know, in a world where AI can help attackers move faster, scale malware, and exploit vulnerabilities at alarming speed, organizations should be questioning whether detection alone is enough. And I think this prevention first approach built around content disarm and reconstruction certainly is a big step in asking security teams to treat files with far less trust and far more discipline. So you can find out more about Benny, Opswat, and cybersecurity upside down through the links in today's show notes.
[00:37:48] - [Speaker 0]
But over to you, if prevention is possible, why are so many organizations still waiting to detect the attack first? Let me know. Techtalksnetwork.com. A big thank you to Benny for bringing this to life today. A big thank you to NordLayer for backing the podcast and supporting the kind of real world cybersecurity conversations that we need more of.
[00:38:12] - [Speaker 0]
Because as someone that records 65 plus interviews a month, I've personally seen a huge increase in browser based attacks over the past year, whether that be phishing, malicious extensions, account takeovers, the list is long. And it's all happening where people spend most of their time inside the browser. So NordLayer's new business browser, that's built to address exactly that. It blocks malicious sites before they load. It limits risky behaviors like uncontrolled downloads or data sharing and gives you visibility into how your team interacts with web apps.
[00:38:50] - [Speaker 0]
And it also helps you stay compliant by controlling access and enforcing policies without the need to rely on multiple disconnected tools. So for anyone listening that is thinking seriously about reducing risk in SaaS heavy environments, this feels like a smarter and more focused approach. And you can learn more about it by visiting nordlayer.com/browser. I'm afraid it's time for me to go now, so thank you for listening as always. But I will be back tomorrow.
[00:39:19] - [Speaker 0]
Bye for now.

