A

This is Scott Becker with the Becker Business and the Becker Private Equity Podcast. We're thrilled today to be joined by a brilliant leader, a leader who's the founder and CEO of Cyber Catch. We're with today Cy Huda. And Cy works at sort of the intersection of cybersecurity and AI, and really an area that's evolving very quickly, both from the threat perspective in the defense perspective. We're going to talk today to Cy about leadership impact, how we views the world today, trends and so forth, and a lot more. Cy, can I ask you, before we get started to take a moment to introduce yourself and just maybe tell us a bit about your book, Next Level Cybersecurity, as well.

B

Thank you so much, Scott, for having me on the podcast. Great to be with you. Yes. So I have the privilege of founding Cyber Catch, and we'll talk a little bit more about that. But you know what really drove this was an event that happened when I had sold my other company, compliance coach to FIS, a Fortune 500 company. And one of the large clients of ours was a government agency, and they had a data breach. And unfortunately, my security clearance information and a copy of my fingerprints were breached. And I was shocked. And so I left to write a book called Next Level Cybersecurity, which became an Amazon bestseller. And what I did was I researched all these cases, like, why do these attacks continue to be successful, and how do these bad actors do it, and is there anything that can be done about it? And what I discovered is that they follow a certain pattern and that there are signals that, if detected in time, can stop the attack. And so that was the foundation of the book. And then, of course, that led to founding Cyber Catch. But great to be with you, Scott.

A

Thank you so much. And we look at cybersecurity and artificial intelligence. How do you see that evolving? What do you see there? And what are some of the big opportunities that you see currently in sort of the AI cybersecurity landscape?

B

No, thank you. AI already is beginning to transform not only our personal lives, but also the business world. And cybersecurity is a great use case for AI. Over 150 billion is spent every year on cyber security. This year, it'll probably be around 200 billion, maybe more. But yet bad actors are just about every day succeeding in stealing data, installing ransomware, and causing damage. So there are tremendous opportunities to use AI to improve the defense significantly, because today it's not working and put a dent in the opponent's offense. And as I've outlined my book Next level cyber security. Every single cyber attack follows a pattern. First there's reconnaissance by the bad actor, then intrusion, then lateral movement, then command and control, communication, and finally exfiltration of the data and ransomware. So in each stage there's tremendous opportunity to use AI to either prevent, detect or respond more effectively than today to mitigate cyber risk.

A

Tell us again, Sai, just give me a moment on those five different stages that you look at and how you categorize that and then also tell us if you're industry agnostic or industry specific or where do you and cyber Catch do most of your work?

B

We are industry agnostic and we are focused on really addressing the root cause. But we do have a concentration of customers in the regulated sectors like the defense sector, manufacturing, health care, and some of the other sort of, you know, NGO and government agencies who are high value targets. So we do have a concentration of customers, but we're really industry agnostic because just about every single business is digital these days. Like who doesn't have a website, who doesn't use email, who doesn't, you know, use some web app, you know, who doesn't have a vpn. And because of that the business is digital and can be if they will intruded from thousands of miles away. And so cyber risk is really a top risk and should be top of mind for every business.

A

Thank you and talk for a second. I'm going to ask you again through the five different, you know, from, from sort of breach to infiltration to command and control. Just give me those five again and talk for a second about how has AI changed your product roadmap or the way you think about delivering value to clients.

B

Sure. So the, the bad actors, the first step they will do is they will do reconnaissance of a target or targets and depending on who they are, they could be one of the big four nation state, you know, bad actors like China, Russia, North Korea and Iran. Those are the four primarily or criminal gangs. A lot of times they're independent, but a lot of times they're actually funded by these nation states. But either way they'll identify a target and then they'll do reconnaissance. So they'll do some scans of the dark web, they'll look at social media, they'll look at anything that's Internet facing for that attack target, if you will, like a website or any databases or servers that have Internet exposure. And so they're planning, they're doing reconnaissance. That's the first step. Then the second step is then based on that, the game plan they will execute to intrude. And so they'll come in either by exploiting a vulnerability on some web application or website, or they use, use social engineering to fool an employee and use their credentials to get in. So that's intrusion. And then once they're in, then they'll move around the network, lateral movement, and they're looking for databases and data and they're looking for obviously also endpoints where they could shut down. So lateral movement is the third step. And then once they've identified that, and let's say they've identified a database that they will then essentially try to break in, they'll do brute force like, you know, crack the password in nanosecond, get in, and then they will then do verification that they're able to exfiltrate the data with what's called command and control communication. But they'll have their own server somewhere and they'll do a, you know, just a sample communication to see if they're able to know, get away without being detected by exfiltrating a file. And once they've done that, then they'll exfiltrate the data and then they will nowadays install ransomware also. So it's double dipping. So those are the five steps. And each of these steps are opportunities for the defense to prevent, detect or respond. And AI can do things that a human cannot. So for example, AI can be used to analyze lots of data very quickly and really sift through the noise and eliminate false positives of potential lateral movement or command and control or exfiltration and then immediately detect it and stop it. So that's for example, example, specific example of a use case looking at and understanding how the attacks happen.

A

100% no, thank you. It's incredible the level of expertise in what you do. Talk a bit about from sort of an investment perspective, a diligence perspective. How do firms assess cyber resilience and just cybersecurity when looking at portfolio companies or potential investments? And what role does AI play in sort of today's world of cyber security and diligence?

B

No, great, great question, Scott. I think, you know, from an investment perspective one has to realize cyber risk is at forefront because as I mentioned, every single business is digital and has cyber risk. So every single portfolio company should be viewing this as a mission critical risk to mitigate. And therefore an investor should be evaluating the level of cyber risk that this portfolio company or this potential investment represents. And AI can be used to evaluate cyber risk. So for example, Cyber Catch, we have a solution that assesses the level of Cyber risk in a company and we provide a cyber risk score. And really, in a way, in a simple way, every investor should be asking these three key questions in assessment of cyber risk. First, is the portfolio company compliant with the cybersecurity standard or requirement, such as NIST, CSF 2.0, NIST 800, 171, or CMMC? These are federal standards and mandates. And so the question is, well, is this organization, you know, adequately have a defense in place? And one of the ways is to see if they're benchmarking to these standards or requirements. And so are all the controls in place or not? So that's the first question. Second question is, does the portfolio company have a written incident response plan? Because it's not a question of if, but when a cyber incident will happen. So they should have an incident response plan. Because what's the old saying, you know, failing to plan is planning to fail. So they gotta have a plan. And there has to be a tabletop exercise performed to assess cyber incident preparedness and cyber resiliency. So that's the second question. The third is, does the portfolio company perform periodic pen tests mimicking a cyber attacker to test the defense thoroughly? So therefore, weaknesses and blind spots are identified and eliminated before the attacker finds them and exploits them. So those are three questions that I would say and recommend to any investor to be asking.

A

Thank you very, very much. And so you've had this brilliant leadership career. You've led Cyber Catch through a variety of intense innovation cycles. What sort of leadership lessons could you share and what advice could you give about managing teams at this intersection of AI, technology and security? You know, both what lessons have you learned and you advise and mentor a ton of people in the industry. What advice would you give to young professionals in this area too in AI and cybersecurity?

B

Sure, Scott, let me address the first one. Yeah, absolutely. You know, every day is a learning experience as a leader. And my comments are the following. AI is a two sided coin. One has a sunny side with absolutely amazing, tremendous business benefits, and we're seeing many of that. But the other side is a dark side with risks. And so use of AI creates shadow risk, hallucination, data poisoning, data theft. And one has to understand that and recognize it and must mitigate that with what I call safe and responsible use of AI. And one of the key ways is to set up a safe and responsible AI use policy in the company and then educate everyone so that everyone understands that the two sides to the coin and that everyone should practice safe and responsible Use of AI. So that's why, like at Cyber Catch, what we've done is we've created safe and responsible use of AI learning modules and we apply it to our customers so that they can use it to educate everyone in the business. For example, the first module is about the benefits and risk of AI. And then the second one is on the unique cyber threats to AI. And the third one is five best practices that everyone can exercise every single day for safe and responsible use of AI. So you know, as a leader, one has to recognize this and one has to look ahead. And the key is to identify a big problem, solve and then lead the team to create innovative solutions using AI to solve the problem better than anyone else. Now on this journey there will be challenges and setbacks. That is just life.

A

Yeah, and you've had great success. You had a great exit at Compliance Coach, you're now building this company. You've done a tremendous job with this. You've written a book on this that's really well received. Talk a bit about what advice would you give to young people pursuing careers in cyber and AI and so forth? What advice to young emerging leaders?

B

Yes. So, you know, one is that AI is bigger than the Internet, it is the future. It will completely transform our lives over the next few years. And so my advice for the young professional is to recognize this is to embrace and to really become subject matter experts in use of AI. So how do you do that? Well, use it personally, start to experiment with all the different AI tools that are out there in your personal life and, but also in business. And then, you know, recognize that cybersecurity is a great use case, as I was mentioning earlier, and that there will be tremendous career opportunities that will emerge. For example, one of the career paths I see emerging will be leadership roles in managing and overseeing AI agents, because AI agents is going to do the work for us. And AI agents, yes, you know, will take up some of the tasks and some of the jobs, but, but they're going to need to be managed just like employees, if you will. And so we're going to need smarter humans to be able to oversee or to be able to manage these AI agents to do the job in a safe and responsible way. So there's lots of exciting opportunities coming ahead. But the key is to recognize this, embrace it and to become subject matter experts.

A

You're right, because it's just like managing employees or outsourcer or managing agents. You got to manage them right to get the results you want and also not to have them go off the rails in different directions. I think that's, that's right on. If you look several years ahead, three to five years ahead, what will success look like for AI and cybersecurity? Can the cybersecurity folks stay ahead of the threat actors? And where do you see Cyber Catch in this whole effort, in this whole story? I assume right in the middle of it with the work you're doing. But talk a bit about what things look like three to five years ahead from now and will it be scary or will we be better off on the cybersecurity side?

B

Sure, Scott. Unfortunately, right now the bad actors are winning the battle, if you will, or the war. And they're winning with successful cyber attacks that involve data thefts and ransomware. For example, in healthcare sector, there are two successful cyber attacks every single day. And we revealed that in a recent Cyber Catch study. This is unacceptable. It's a cyber attack epidemic, frankly. And that can lead to death. In fact, recently one patient's death was attributed because they weren't able to do blood tests timely because of ransomware attack impacting the healthcare organization that this patient was in. This is unacceptable. Success will be when AI is fully maximized to diminish the success of these bad actors drastically. And Cyber Catch, we envision and see, will be a big part of the success by having created a unique solution using AI to solve for the root cause. Because what we do is we first identify what the defense is and then we eliminate the gaps in that organization and then we continuously test to make sure there aren't any gaps and weaknesses that the attacker can exploit. And we have a patented solution. And so we fully maximize users agentic AI today, but in the future, we're evolving very quickly here very soon to use agentic AI, which will give us even more fuel, power, if you will, to mitigate risk more effectively, more efficiently, and we'll be able to make a dent forever. So that's where I see AI going, where we're all going to move from generative AI to agentic AI and Cyber Catch will be at the forefront.

A

Si. It's amazing what you've done with your career and what you're doing at Cyber Catch and your book. Could you give us again the full title of the book for listeners at home that would like to buy the book?

B

Thank you so much. The book is called Next Level Cybersecurity, Detect the Signal, Stop the Hack. And it's available on Amazon and you know, it's a good read. There's an executive summary on after every chapter. And it's a couple years old, but it's still valid because it shows those patterns that the attackers follow and still following. And there's about 15 signals that they'll always throw off. And if one can detect them in time, then one can stop the attack. So it's a really good read. But thank you for, like, enabling me to share that, if you will, with the audience. Thank you.

A

Sai. Just a great pleasure to visit with you. Congratulations on your tremendous success. Again, Sai Huda, chairman, CEO, founder of Cyber Catch and a brilliant author and leader, has had tremendous success. Great to visit with you today. Thank you very much.

B

Thank you, Scott.