A

From the CISO series, it's Cybersecurity headlines. Welcome, welcome, welcome to the Department of Know youw Monday Cybersecurity Standup. I'm Rich Strofalino, your intrepid host in this endeavor and this is where we kick off the week by looking at the stories, the trends and the issues that should be on your radar as a security professional. Think of this as your Virtual Monday strategy meeting. We're here to help you start your week informed and and ready. And we couldn't be doing it without our two fantastic guests today. First up, we have Bill Harmer, operating partner and CISO at Craft Ventures. And Sasha Pereira, the CISO at Wash. Thank you both so much for being here. Proud veterans of our, of our, of our dear departed week in review, helping us ring in the Department of know. Thank you both so much for being here. This is awesome.

B

Pleased to be here.

A

Same here and thanks also to our sponsor for today, Conveyor. Find calm in every security review. Now if you're watching live on YouTube, drop your thoughts in that chat. I already see we have some first timers in the chat. I see some of our regulars from some of our other shows like Darius Young in there. Find the True two is getting in there. Kevin Farrell, one of our regulars. Yes, happy Monday indeed, Kevin. It is great to see you here. So get your comments in throughout the show. We will do our best to address them. Be chatting along with you. The big BO man, David Spark is also in the chat as well. That is going to be a key part of the show and it's going to be a lot of fun. Now if you're listening to this as a podcast, remember you can join us live every Monday at 4pm Eastern. Go to the CISO series.com hit the events dropdown and look for the Department of no to find the link and bookmark it. Remind yourself. I don't know how all the mechanisms of YouTube work. It is a complex platform and if you have any feedback, good old asynchronous snail mail feedback@csoseries.com. i'm calling email snail mail from now on and I'm going to call regular mail legacy email from now on. That's, that's the new tier structure that we've got going on here. Much like my opinions on mail, the opinions of our guests, just a quick reminder, are in fact their own and not necessarily those of their employer. I don't know what David Spark wants to call email. If he wants to call it snail mail, I have no idea. We've got about 30 minutes though, so let's get into it here. First up, I thought we could start up the department of know, kind of thinking about the news, but I want to know, Bill, what is on your mind? It's the start of the week. What's top of mind? What are your priorities as a security professional? Kind of as we're heading into the.

B

Week here, for me it's automation. I've been doing a lot of work with Supabase the last couple months, and for me, I'm just about automating everything, which I think leads into some of our stories later on.

A

Yes, Automate. I just see you automate all the things. You are the meme. Someone make it, send it to us. We will share it on the screen when Bill's not here to enjoy it. Actually, bad idea. Don't do that. Sasha, I got to know what is top of mind for you as we start out the week or where are your priorities at?

C

I think without going to jumping into buzzwords too much, I think for me it's more Genai security. It's more like revisiting where we were. I think genaisecurity hit things about maybe a year and a half to two years ago where people were taking it sort of seriously, but I feel it's time to revisit it. Just a lot has changed in the last six months, and policies and things that we put in place need to be revisited at this point in time.

A

In some ways, it does remind me of when smartphones kind of blew up, you know, in like, you know, late 2000s, early 2000s, where we got so comfortable with them so quickly. Right. It's easy to forget how quick one, how quickly they're advancing and just how they're just. It's like water, right? It's seeping into like every crevice that you don't even realize. And all of a sudden your back wall's like soaking wet for no reason. I haven't had a flooded basement. Don't ask me how I know, but I love that. Keeping it. Yeah, don't get comfortable with it. Let's, let's, let's stay secure with it. I love this. I love this. All right, we're going to. Now that we know where our minds are at. Okay. We're thinking about automation, Gen AI security, easy things to solve for. No worries. We're going to get into our first segment here. We get a lot of news, so we have to kind of get through some of these news stories. We need to Know what are the ones that we need to be paying attention to? It's a little segment we like to call no or no. Thank you. Thank you, Darth. I appreciate that so much. So much. All right, so you're going to tell me, is this something security professionals need to know about or is it more noise than signal? Noise has the word no in it. So I'm counting that as working with the theme of this segment. First up here, one of the big stories in the past week here, AWS outage crashes, Amazon, you would understand. Prime Video, Fortnite, the perplexity and more. It came, it went. A few big names are inaccessible for a while. Bill, I gotta ask. No or no no.

B

You gotta know this stuff. This is, you know, we are. Everybody's built off Amazon, right? And they made one little DNS entry and it's always DNS that gets you one little DNS mistake. And they were back up when they fixed it within I don't know what was like an hour, hour and a half. But the domino effect was massive. And then that tidal wave of retry, retry, retry was just murdering all sorts of services. So this is something you got to know. This is part of resiliency.

A

Death by a billion F5s. We'll take anybody down. Sasha? No or no AWS outage?

C

Definitely no. And it's funny you said F5 and what I kind of mentioned is F5 Networks was one of those people in that list, which many people may not know, including, and also abnormal AI. And those are really important ones. FI Networks has a lot of web application firewalls that were down and abnormal AI is email security. So, you know, I think it's extremely important. And again, talking a little what Bill mentioned about, I was there when godaddy DNS went down years ago and took down almost, you know, half the Internet. And that was just taking down web services. But in this case, from a security standpoint, it is extremely critical. Like not having email, like, you know, not having your email security working for you. I mean, thank. Hopefully you have more than one. So in our case we have primary backups and you know, abnormal AI being down was a huge, was a huge bad thing for us for 15 hours not having one of our email security vendors offline. You know, even though this might initially seem as, oh, AWS is down and canva Fortnite perplexity. Canva. A lot of, a lot of applications are down, but a lot of security tools are down as well. And that's why you definitely need to.

B

Know I couldn't log into my bed.

A

I mean, luckily Darius Young in our chat here, Amazon packages delivered on time during the AWS outage. Listen, they may be legacy mail, but neither rain nor sleet will stop your Rivian van from delivering your Amazon package, it turns out here. All right, next up here, no or no recent Windows updates cause login issues on some PCs. Microsoft says the Windows update released in August, late August, was breaking logins on systems with duplicate security identifiers. Microsoft recommends rebuilding affected systems or contacting support for a temporary group policy fix. Sasha, I'm going to come to you first. No or no?

C

It's a light no for me and again it's for me specifically and I would say for my company. We just have to know how, how much the has spread. So you know, confirming to see which were Windows 11 installations were affected was really key. Thankfully we have a really good understanding of what we have deployed and it was a very small subset that were on specific strain of Windows 11 and once we identified what it was, it was a really small. It wasn't something that was affecting a lot of employees so we were able to contain it. But again, it was, I want to say a light no in that sense, but we did take it as seriously when we first got it.

A

All right, Bill, we have a light no no or no for you?

B

Hard no as the Canadians would say. I couldn't care less. Microsoft screwing something up again. It's par for the course. And I don't use Windows. I am thankful for that. I'm a full Mac shop. I've been Mac for 22 years. 25 years now.

A

Wow, must be nice as the guy with the Ubuntu tablet right in front of him here. All right, story our third nowhere no meta launches new anti scam tools for WhatsApp and messenger. WhatsApp already kind of came up a little bit. This will red flag or this will flag suspicious chats and suggest actions like blocking and reporting senders. It's all about, you know, stopping fraud and all that kind of stuff. So Bill no or no no.

B

If they're in there able to check out for scams, that means they're in there reading what's going on. So you're fully encrypted. End to end WhatsApp message is no longer secure, or maybe it never was. That Meta is trying to dissuade scams I find interesting. I'm thankful that they're trying to do it because they should. They're one of the biggest platforms for it But I want to know way more about how they're doing this in a fully encrypted end to end or maybe just everybody go to signal.

A

Exactly.

B

Is that my outside voice?

A

Meredith Whitaker is secretly in the chat waving some pom poms here. Sasha, no or no for meta that's.

C

Going to be a hard no for me. And it's a no. Many reasons I can try to trace back. The best I would say was first of all meta. I mean when something comes with meta and that's an immediately a no to me. Also we, we do not, you know, we, at least from our perspective or perspective we do block and we don't support any meta product, including WhatsApp. So for me it's, you know, a hard no in that sense for sure.

A

All right, speaking of companies shoving things that you may or may not want, Microsoft offers Copilot for Exchange Server. They just really want admins to accept Copilot into their lives. They're asking would your organization be comfortable enabling Copilot for Exchange serv if it requires sending some Exchange Server data to the cloud. Sasha, I'm going to start with you. No or no?

C

I would say if I had Exchange on premise, which if I did, it would be a no hard no because I do not want to send Exchange data to train.

A

Why? You have it local, right?

C

Yeah, but yeah, it would be a hard no if I had Exchange Server.

A

On premise build no or no hard no.

B

I ain't sending them anything.

A

Send none of the packets. No packets to anyone is the standing order.

B

Just watch, just watch. Watching the run for they were shoving, I think it was Indo 11. So everybody went to 10. And then when they said that they were going to deprecate 10, the most downloaded package was Windows 7. Their user community is railing against this whole idea.

A

Yeah, yeah, like make it available especially don't touch my start menu. All right. You have one innovation. Microsoft, please don't put it in there. It's so great. And actually we have a great conversation going on in our chat right now talking all about people talking about if they have Windows 10S machines that can't upgrade to Windows 11. Like my beautiful Surface Go tablet that I have in front of me now running Ubuntu because I will not run unsupported OSes. Our last know or no here, Lazarus hackers targeting European defense companies. The Lazarus group is still finding ways to get into defense and other organizations by teasing people with head hunting offers. Do we need to bill, do we need to know about this or is This a big fat no.

B

We need to know about it. They're going after people. It's the usual. It's been happening, but obviously we're either not doing a good enough job of getting people to understand that these job offers are fake, that when they Skip over into WhatsApp, that it is highly probably a scam, but we always need to know when they're going after defense companies because that leads to bigger and badder things.

A

Real quick, glorious producer Steve Prentice is jumping in. What do you got, Steve? Why is it still happening? What's the problem that's making this such a difficult thing?

B

This is generational. I've said this before on the show. I think, you know, training people in the world of cybersecurity. We are professionals. This is our job.

A

Right?

B

You put me in finance, I'm on a pip in two weeks. I'm fired in three because I suck at it and I don't want to be good at it. And most people just want to do their jobs. They don't want to be good at cybersecurity. This is going to be generational. As the next gens, next gens, as people come up and they start to replace, place them in the workforce, they will be more adept, they will have lived on the Internet, they will have never not known an Internet, and they will know these scams better and faster because they grew up through, you know, grade school, high school with their friends pranking them on these things. So I think it's just a generational thing or it's an AI thing where we just let the AI take over completely.

A

All right, Sasha, we're going to get out of this. No or no? For Lazarus hackers targeting defense companies, it.

C

Would be Department of. No. I mean, I would say we should know about it specifically. I think more the reason why it's really important is the way they are actually targeting and the techniques they're using. I think that's what we need to know, you know, specifically this that happened. And the way Lazarus attacked is, you know, getting credentials in, you know, getting credentials to get in, sitting in the network for a while. I mean, just the average time that it would take to detect someone, you know, that you have been in 2025 is nine months. It's literally 258 days is the average detection time. That's a long time, right? I mean, phishing attack duration is. Is closed about 261 days there. All these are like in the 200s. Right? The number of the amount of days it takes to Know that someone's in your network and that's what the way Lazarus trackers are. They get in. They are learning how people are doing business. They're learning Excel sheets are used to track gift cards. It's just the way they are. So even if it does not specifically apply to you, the methods they're using are going to happen to you. Right when bec compromise first started, it started off with different industries, but it slowly trickled down and started hitting others. So even if you aren't in the gift or retail space and you don't have gift cards, you should look at the techniques they're using because they first target obviously the big money. Then it starts going to the next and the next and it will hit your industry at some point.

A

All right, before we move on to our next story here, I want to spend a quick moment and thank our sponsor for today. Conveyor still stuck in security review chaos week after week. You're not the only one. But with conveyor teams finally get to a place of questionnaire Zen. Their AI auto fills answers across any format of questionnaire, even portals. And an enterprise ready trust center keeps documents and policies ready for instant sharing. No more manual copy pasting. No more last minute scrambles. Just calm, clear security reviews that keep deals moving. Find your Zen with conveyor@conveyor.com all right, I just want to give a shout out to Kevin Farrell who's saying you always see folks targeting defense companies, but nobody's targeting offense companies. Kevin, have you seen none of the legislation against NSO Group? They're trying and there's hacker takedowns all the time. Kevin, it's not completely hopeless, just mostly hopeless. Don't worry, Kevin, it's fine. Let's get into some of our discussion stories here. First up here, let me see if we can make the case for some passphrases here. Okay? Hive Solutions has released this 2025 password table, which displays the relative strength and weaknesses of various password types. The company's message is clear. Passphrases like carpet static pretzel invoke work much better. The company is careful to emphasize that no password is fully safe and that techniques such as MFA are still required. Bill, I'm going to start with you here. Do you agree with this or would you rather just move on from passwords? Hey, we got pass keys now, right? Why embrace the past? As strong as a passphrase is, what are your thoughts here?

B

I fully agree with it. They are way stronger, they're easier to remember. But we're going to run into the same problems that we've had throughout it, which is that nobody's going to change the requirements. You're still going to be required to put in a special character, an uppercase, all the garbage that we currently do. And I'm with you. Like, I mean, if we could just get rid of passwords. And again, this is generational. We have spent 20 years hammering how important passwords are to be secure, to make them super long, to get a password manager to have individual ones for every single site that you go to. And now we're going to run out and go, ah, passwords are really nothing. Go to a passphrase. People don't understand the difference in the, just in the pedantic words that are used. But on top of that, then you say, we're going to use pass keys. Now they're just like, pass, pass what? So, you know, if Microsoft would smoke the password requirement to the entire Microsoft platform, the world would follow them. I can guarantee on that side.

A

Noted, noted. Non Microsoft user Bill Harmer. Making some recommendations for Microsoft here. Sasha, I mean, what do you think? Are you, are you in accord here or is there a case to be made here?

C

Yes, I definitely feel like there's a, you know, obviously complex passphrases are great, but if that's what your goal is for the next year, then you are definitely going to be left behind. I think you have to have some kind of combination of things, planning for the, and again, without going into too long thing. I mean, we all, you know, quantum computing has been scaring us a lot and cracking passwords and passphrases is going to be something that happens in a few seconds. So as long as you start to move to a couple layers of protection and I know it really is, you know, it's that seesaw, right? It's like how, how easy is something to access versus how complex it is to get to it. So whether you have MFA as well, and then you create complex, more passphrases, that's great. But I feel like you do need to start having some kind of roadmap plan to get off. Whether it's biometric. We have a bunch of, you know, employees that we are testing out with biometric and using hello, which is a Microsoft product. Right. And specifically going more passwordless authentication. But again, what level do you, you know, there's companies out there that do, you know, take a selfie right now to log in. And so we're exploring some of those, you know, those technologies to see how easy is that to roll out how easy it is to work. But again, complex passwords, I feel that's great, that's something you should be doing immediately. But looking long term vision, it's got to be something more than that.

A

Well, yeah, that's my question is I can see this report gets into the hand of your CEO, someone on the business side, right? And they come to you like, oh, all we need to do is just make it longer, right? And we solved it, right? Like, like, how do you. Like. But I completely get the. We need this layered approach, right? We need to integrate biometrics. There's a, there's a lot of tools in our toolkit here that isn't just more words and copy an xkcd cartoon from 20 years ago or something like that. But like, like, so how do you, how do you have that conversation when the boss comes to you with this report and says, oh, we just need to make it 30 characters.

C

Well, here's the thing. Like the boss came to me with this report about maybe a year ago. I was driving and I get a text message from someone on the C suite saying, hey, I just read in the Wall Street Journal that it's passwordless now, so that means I don't have a password anymore. And I literally was like, is this a one word reply or do I need to park at the side of the road? Right.

B

But you see that there's, there's exactly the problem, right? We've told them about these passwords and now they're like, oh, I don't need my password anymore.

A

Well, that's not exactly how it works.

C

Correct. Right. And so it's, it's tricky, right? It's about how do you get. So in one hand, you know, it help helps me get budget for something like that, right? Because now I've got the attention of the C suite who's talking about passwordless. But on the other hand, it's also like, wait a minute, you can't, this is not something I can flip a switch on, right? So you have to balance it out a little bit. And I feel these reports are all really good. It's helping us, but it's really the job, our job in that sense to kind of like tell the story correctly and to build a plan on how to get there at the end, right. And again it goes back to, you know, CISO 101. It's like, what assets are you protecting and how are you protecting them and what tools are you using to protect them? Because as you mentioned, there's A ton of different tools, different ways you can approach it. I mean, there's ways people will find a way around. I mean, what is it like maybe five years ago where a network security engineer outsourced his job and shipped his VPN key to China? So, you know, that's one of those things that people will find ways around things. You just have to find the best combination. Right. Because you could put in seven layers of security and then people can do their job.

A

So, Steve, get in there. I know the story spoke to you. I'm just looking forward to when you get that email that says now you've got to change your password to this four word thing. Click here to let me help you do it. Open doors real quick. When I worked at a job where we had to change our password every three weeks, I would just take three objects and set them on my desk and be like, that's the password, right? It's like stapler, coffee mug, pen, or whatever, like that. And then I got married, went in the honeymoon, and then my password reset and someone had moved everything on my desk because they had used it for storage while I was gone. I was like, I have no idea what my password was. My foolproof system fell apart.

C

Yeah, it's like the previous firm I was at, you know, we, this was a long, it was probably 10 years ago and we noticed about 10 people had the same password. And we were like, how is that even possible? And then we realized people were, because we had a, you know, 90 day policy, people were changing it by the season. And so everyone picked the same way to season and capitalize and use the year. And so that's when we realized, like, that doesn't work either. So it's just one of those things. And everyone's password expired at the same time. So they all change the password at the same time.

A

We have one of our longtime viewers joining in the chat. CCL here talking with Darius Young. They both kind of recommend passwords or passkeys. Another layer, but not a replacement. And make sure the passkey is not exportable. Some good thoughts there from the chat as well. Our next story here. Jingle Thief hackers steal millions in gift cards by exploiting cloud infrastructure. Oh, that darn cloud infrastructure. Palo Alto Networks unit 42 is warning of this group that is specifically targeting cloud environments associated with retail and consumer service organizations using phishing and smishing techniques to steal credentials in order to compromise organizations that issue gift cards. The Jingle Thief group is considered somewhat dangerous since it maintains footholds within compromised organizations for Extended periods, conducting extensive reconnaissance to map the cloud environment, moving laterally across the cloud, taking steps to sidestep detection, et cetera, Other horrible things that will keep you up. Sasha, it looks like they kind of buried the lead here to me. It's, it's. I mean, yes, the gift cards are major things here, but it appears to be about establishing that long term presence like we were talking about. You know, these dwell times can, can go on to almost absurd lengths here. I'm curious, what's your take on this?

C

I think it's really key for me. I've always feel like identity is one of those things that was, I mean, now it's come in the limelight a lot with the recent hacks in the last couple of years. But I feel like that, that first step when people get in is really, really important. All these phishing, smishing campaigns, the goal is for them is to basically get identity or credentials and then do rogue attacks and try to register devices. We actually put a honeypot out a while ago and we watched hackers come in, seal credentials and just watching the way they were working, like registering a device in authenticator to bypass our mfa and it was really, you know, watching them do it. And we actually had about four or five different hits to our honeypot and we saw them doing the exact same thing. So, you know, we planned our strategy going forward based on that and how they actually do that. So it's really important to study these sort of attacks to understand how they're actually, you know, what tools they're using and what's the sequence of events. Because once they learn a certain sequence, they tend to apply that to, you know, multiple different attacks or. So how this, you know, unit 52 discovered that they were getting in, I feel like those are things we already had in place in terms of conditional access or, you know, just making sure that you can't laterally move once you get in.

A

Yeah, I mean, Bill, is the value of these kinds of stories, you know, being able to have that checklist to kind of go against, right, and to be able to say, like, hey, if the exact same thing happened, like, how screwed would we be?

B

Oh, absolutely. Like, I mean, you know, the target could be gift cards or the target could be, I'm decrypting nuclear codes and you don't want me to, you know.

A

But if it's a target gift card, that'd be even worse. There you go. Yeah, it's.

B

But it's, it's the techniques. You know, as Sasha said earlier, these are the same techniques. I mean, whether it's gift cards on the end, your intellectual property, the next marketing plan pii it once in.

C

Right.

B

And this is the thing. I think we've built far too many environments that have that hard candy shell on the outside and they're soft and squishy on the inside because, you know, you look at some of these, these, these attack groups, and once they get in, they are moving very fast laterally. They're finding all different things that they can do, different footholds that they can get. And they're keeping a lot of them quiet. Right. You let them sit, they, they establish, you know, maybe a new user, toss a new user into a company that's hiring a lot of people. It's, it's definitely something that we absolutely have to look at. It may be funny that it's the jingle thieves and, and the way we name these groups is a bit, I think, you know, gratuitous, but.

A

Well, we'll get into that actually, with our next story here, because Jenny called that out at a recent appearance at the Audit Board user conference in San Diego. One of the other things, though, that she was talking about is an sees AI as the end of cybersecurity. Oh, what's that? What's that? Oh, it's feeling, it's feeling celestial up in here. Yeah. Speaking at that conference, she was saying that the threat landscape has never stopped evolving, and if cybercrime was a country, it would be the third biggest in the world, just behind the US And China. She's not the first one reporting those figures, but. But always kind of remarkable, kind of when you think about it in terms of those scales. Ultimately, though, she added, this was all the result. A lot of it is a result of bad software written with vulnerabilities caused by software vendors, prioritization of speed to market and reducing cost over fundamentally safety. Ultimately, she said, if we're able to build and deploy and govern these incredibly powerful technologies in a secure way, I believe it will lead to the end of cybersecurity. Bill, do you agree here? Are we all just developers, like cybersecurity as code, basically? What should CISOs do in response to such a thought? Should we hasten the demise?

B

If we can get there, yes, we should. I get where she's going. I really do get where she's going. The attacks are going to come at machine speed. The defense will be at machine speed. Decisions will be made by artificial intelligence based on our risk posture and our risk profiles. Having said that, and, and I take A little exception to the businesses are consciously making the choice to ignore safety to get to market faster. I don't think that's necessarily the case. As long as humans, as long as anything, as long as it's in this world, it's going to break. There'll be mistakes. There'll also be changes that happen because code with infrastructure, code in isolation may be perfectly safe. Infrastructure in isolation may be perfectly safe. And then you put the two together and that's where you end up with the problems. So there will always be those pieces and there is always a risk acceptance. Right. So you do have to make some of these exceptions where you consciously make the decision to accept the risk. So I don't think cyber itself will go away, but I do believe a good portion of what we do will become automated. Thus is why I said at the beginning of the show, I am after automation, because a lot of what we do is repetitive things like scanning for those vulnerabilities should be automated and it should be every code push has a new scan to see what did that little change. Change to your very complex large environment. So half agree with her?

A

Okay. Yeah. I think in some ways, you know, it's good to have this conversation, right? Like what, what is the end game for cybersecurity? But Sasha, I mean, do you, do you half agree? Do you fully agree? Like, where are you? Like, is this just meant to be a provocative statement from a very public figure here? Or how are you in this?

C

Yeah, definitely. What you. Just the latter, what you said. I think I would, I would categorize it under age, like milk. Right. I understand the precursors that she mentioned and what Bill mentioned as well, specifically. Right, like, like Bill said, yeah, you know, there's automation and security piece and then. But, but to say the end of cyber security, it's just, you know, it's great. I mean, again, I personally don't agree with it at all, and I think that there's no end of cybersecurity. But, yes, things change. I mean, that. That's dreaming. I think you're moving more into the AI realm. Right. You're moving into a question of how is AI going to change the way we do things? It's going to, it's going to augment what we do. It's not necessarily going to be, oh, wait a minute, it's going to flip a switch and Skynet's going to take over. And now T9 thousands are going to be, you know, killing everyone. So I feel like it's, it's One of the things where you have to be really, you have to acknowledge the fact that yes, the attacks are going to get more sophisticated, but hey, it works from both sides, right? And I give this example of something we tried about a year ago when we were getting much better phishing emails coming in because they were using AI to generate the text, right? So we use it on it. We would use AI to copy paste email and say, hey, is this a phishing email? Right? And it would give you flags and say, hey, yeah, it looks like a phishing email because of xyz. And one of the tools we use for email security does exactly that. So I do feel like, yes, there's definitely a change in the way you look at cybersecurity where it's the same thing where AI is hit in terms of other industries like data, right? Where you don't have data entry staff anymore or those positions are going, but now you have creative thinking or you know, machine learning, people who can actually help between the two. I mean those are areas that are not there. And I feel sometimes even in security, like as much as you can automate, there'll be certain functions that I'm sure Bill will agree with as well as I have within my team that I'm not going to 100% trust, leaving them completely to AI. Right. I mean if you look at it, not just gen AI, but 10, 12 years ago, a really big mortgage company decided to auto approve loans using artificial intelligence and they're bankrupt, right? They went under because they would approve loans without really following all the checks and balances. So there's definitely one of those things where it's not the end of cybersecurity, but it's definitely changing the way everything is. And security is one of the different pieces within it. But I think generally the fact of natural language models is going to change the way business operates.

A

David Spark, notably the owner of a cybersecurity media company. David, is Gendy certainly going to take all our jobs away.

D

Jesus. Not going to take all our jobs away. But I think what's interesting is Jen is smart enough to know that we don't respond to ultimatums like or, or absolutes like the end of cyber security. So she knows what she's doing. And what's quite amusing is someone is as intelligent, as bright as she is that is so incredibly well respected. Making a statement like that is quite astonishing because you know, we get these sort of armageddon statements from loons and we're like, all right, whatever, you know.

B

So wait so I'm alone for saying that I think the CISO title should get killed.

D

It shouldn't get killed because that's, that's not, I don't. That's not an absolute. Because the, the CISO or a security leader will still exist. You know what I mean? Putting an end to something in general.

A

No. What we need to get rid of change. We need AI to get rid of risk. We just need to get rid of risk and then it's way easier. Forget cyber security. Let's just get rid of all.

D

By the way, I'm okay with, with titles changing. I was saying to my kids, you're gonna have a job that doesn't currently exist now. I mean, that's how many of us operate. We have jobs that did not exist when we were born. So that may be the case. But no, I'm just saying that it was definitely poking the bear. There's no question when you make a comment like that, you're gonna get a headline. And she got one and we talked about her on this show.

A

I love this comment from CCL in our chat here saying that AI will not take the job away, but someone with an AI skill definitely will. That is definitely something to keep in mind. Also, good luck feeding with a 1 gigabit per second connection, sending a network log to an LLM. I love the real worldness of that. It makes my networking dork so happy to hear that. Also makes me happy seeing everybody having a lively chat here. Lots going back and forth. We're talking about upgrading to Windows 11, what releases we're on and all that stuff. Some great, great thoughts being shared back and forth. Really, really cool stuff. And I got to give a big thank you to Sasha Pereira, the CISO over at Wash and Bill Harmer, operating partner at Craft Ventures, for helping us out here making the department of NO a smashing success here on our debut. Make sure you are following both of them on the LinkedIn if you want to see what they are up to. Some deep, deep. Some, some deep thinkers here, folks. I'm just saying they don't say it in their bio, but I'm gonna say it for them. Deep thinkers. Thank you both so much for being here. I really appreciate you joining us on this maiden voyage.

C

Thank you.

A

All right, thanks also to our sponsor for today, Conveyor. Find calm in every security review. Thanks to our live audience. Your participation makes the show what it is. Make sure you are joining us next week. Set that recurring calendar reminder to join us each and every Monday at 4pm and if you can't join us. Feedbacksocarian CSO series.com We'll be back next Monday, 4pm Eastern, for another edition of the Department of no Go to the Events page at CISO series.com if you want some more information about that. And if you do need your daily news fix with cybersecurity, you can do so with cybersecurity headlines. Don't forget about it. It's the essential news you need in about six minutes each and every weekday morning. It is a good time. That's just about it for the show. For myself, for Bill Harmer, for Sasha Pereira, for the big boss man David Spark, and our glorious producer Steve Prentice. Indeed, for the entire ciso, here's wishing you and yours to have a super Sparkly day. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.