Jack in the Box (12:20)

What's the best time of day to get a deal? All day with Jack in the Box's all day big deal meal. You get to choose from four entrees like the supreme croissant and five tasty sides plus a drink starting at $5. So hurry in or take your time. You've got all day at Jack. Every bite's a big deal.

Dave Bittner (12:46)

Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can Keep your company safe and compliant. Joe Gillespie is senior Vice President at Booz Allen. In today's sponsored Industry Voices segment, we discuss cyber AI.

Joe Gillespie (14:47)

I would say, first and foremost, it's been fast, right? That's the thing that I think has surprised me more than anything else about sort of the rate of adoption and the rate of change when it comes to AI and how it's being applied in the cyber fight on both sides. You know, that from, from academia and from, you know, a lot of the folks who are leading fundamental research in AI, things are just evolving so quickly. What large language models are capable of doing, the amount of content that they're amassing and what they're able to produce, that's accelerated tremendously. And we've seen adoption in really interesting ways from, you know, assistive technology to, from, you know, for analysts. So whether they're in a SOC and they're, you know, trying to work an alert and conduct an investigation, you know, having the equivalent of a chatbot there with them, that will help prompt them and point them in the right direction, that's been really effective, you know, running sides have with a human, but all the way up through fully autonomous capabilities, things that are able to, you know, identify new threats and help, you know, thwart them in real time. And then on the threat actor side, automatically generating exploits against things that are discovered and even discovering new vulnerabilities in the wild. It's been really fascinating and really moving at a frenetic pace.

Dave Bittner (16:17)

Well, can we dig into some of the challenges that you all see the cyber defenders facing out there, you and your colleagues at Booz Allen? What sort of things are on your radar?

Joe Gillespie (16:28)

Yeah, certainly. I mean, as I mentioned, with threat actors, adversaries well funded, having access to these same generative AI capabilities that have been emerging rapidly, it's just changing the way that we need to think about defense. The variety and the volume of attacks that come and the evolution of threat techniques. It's really, really accelerated. And so we're having to deal with adversaries who are, on the one hand, you're seeing just an uptick in just anomalous activity or some of the less sophisticated actions, because people, it's easy to sort of have an unrestricted large language model, something that you're hosting locally. It's not hosted by one of the big tech providers. You know, they don't typically have guardrails on them, so you can get them to script something up for you, and you can just sort of launch attacks relatively easily. So there's that and there are even models that are optimized for threat actor behavior. So the script kitty type activity, we've seen some of that, but that's a little easier to defend. A lot of that is about known vulnerabilities. And so if we're doing our hygiene things correctly, a lot of our clients are able to thwart those pretty easily. But we've also seen an uptick in sophisticated nation state level APT activity and a lot of them have been in the news. So none of this will be a surprise. But you know, the, whether you look at sort of Volt Typhoon, Salt Typhoon, how they have, you know, tunneled into critical infrastructure, you know, in a really stealthy way, and they've just lived there, right? Using living off the land techniques, flying really low and slow. You know, these are, these are hard to detect, hard to thwart. And so AI is the answer to these. While it is driving some of the problems. Problems and what our adversaries are doing, it's an arms race, right. So our ability to wield that on the defensive side is how we undermine these threats we're seeing emerge.

Dave Bittner (18:38)

You know, I think it's fair to say a lot of us feel kind of oversaturated when it comes to the marketing messages with artificial intelligence. I think to the point that there's a lot of eye rolling and I think that makes it a challenge to separate that marketing side from the reality and the, the actual impact that AI can have on missions. What are you seeing when it comes to that? I mean, what is the reality of the impact that you're seeing when applying AI to the mission?

Joe Gillespie (19:10)

Yeah, that's a great point. So it comes in a couple forms and I totally agree with you about sort of the marketing and the rhetoric because, you know, chat interfaces are so accessible, you know, executives and leaders tend to lean on that and say, well, I was able to ask this question and it gave me an answer. Those are effective, as I mentioned before, in sort of the assistive capacity if there's a lack of knowledge. So it helps from like training and up armoring humans if we just want them to be a little more effective in their job. But when we want real efficiency gains and we're trying to be able to fight at the speed of AI, that's where the marketing material kind of falls away. And there's this emerging field of agentic AI where agents can be constructed backed by these large language models. And when you pair them together and you're able to compose them into workflows to accomplish Business processes at the end of the day, there's some process we're trying to execute, there's something we're trying to conduct, there's some data, and then we're trying to conduct some kind of process or algorithm against it, whether it's a decision making thing, visualizing it, et cetera, and then there's some output that we want to produce from that. So when we can construct agentic workflows that are optimized against the business processes and the business outcomes that we want to achieve from a cyber perspective, then we're able to unleash the potential. And that's what I've seen over the last several months, where we've seen a surge in truly business and mission impact from a cyber perspective is injecting these agents that can really work at the speed of AI.

Dave Bittner (20:54)

You've mentioned a couple times the speed, the pacing, the velocity of this threat. What is the reality there? I mean, when you look at the challenges that government faces, the challenges that industry faces, it seems to me like this velocity issue really kind of supercharges the challenges.

Joe Gillespie (21:15)

It certainly does, yeah. And the pace is there in two ways. On the one hand, it's the pace of evolution of AI. So there's just constant changes. And I mean every week there are new announcements that are just groundbreaking new releases that come out from big tech providers, from open source startups, just from across the board, we just see tremendous a pace and a change. And so when we are doing our best to keep keep our clients up to speed, and it's really, really challenging because if you keep your head down in mission for just a week or two, something revolutionary has happened. And so staying abreast and being able to wield the latest, especially in missions of national importance, where there are a lot of regulations and there are limitations and guardrails for what you're allowed to employ, that's certainly a challenge and a pacing issue. The rate of evolution and can we inject it into our most sensitive missions fast enough? On the flip side, when I talk about pace and sort of the speed of AI, there's also sort of the speed of machines as AI comes closer and closer to being able to truly approximate and emulate decisions humans would make. And I would argue when you string many of these models together that are optimized for making little decisions across an entire business process, we're there, we are there. Now we can make end to end decisions and we can check the decisions that are made and we can basically we make decisions that are as good or better as humans, but because we're doing it inside of machines, it's easier to parallelize that and we can apply more and more processing power to it. And when you add the power of sort of infinite cloud computing, it's just tremendous how fast we can make these decisions. And that's the true power here. Especially on the defensive side, you know, when we can have the equivalent of, you know, millions of brains all working together as one to address a problem and look in the nooks and crannies, we're able to find threats that would just be much harder to do at scale and impossible for a human to do at scale.

Dave Bittner (23:41)

Well, let's talk about the signal to noise issue. You know, that we often hear, you know, the analyst who's sitting there getting a fire hose of information and the capability of AI to generate tons and tons of good information. Are we in a situation where the AI can actually contribute to reducing that fire hose of information to pre filter all of the stuff that's coming from all those incoming signals?

Joe Gillespie (24:15)

Yes, but I would even reframe it a step further. I think where we've had the most success, right, in sort of the evolution of cyber defense, you know, we've had a lot of success as we move toward sort of proactive threat hunting. And most of the most insidious threats are not caught because some alert was splashed on a dashboard and then someone found it. It was found by a proactive threat hunter who had a hypothesis about how an adversary, what TTP they might employ against, you know, a given target. They hunted for that. They found it. So I, I, the, the beauty of employing these large language models and, and composing them into these agentic workflows is that you can actually, there's this old adage, right, in order to get a better answer, you need to ask a better question. So rather than having the AI models sift through the haystack and find the needles, what, what we found has been very effective for our clients is if you instead spend time and help them this, this agentic system. Understand the system in question first and contextualize it, understand its purpose, its nature, understand the state of the system, and then you start to do this hypothesis driven threat hunting. And rather than only being able to do what a human threat hunter can do, because you're using the power of AI and super scaled processing, you can now threat hunt all your hypotheses, everything that a threat actor might conceivably do and get very predictive, but proactive with those predictions. Now you're able to spearfish or hunt through all these different hypothesized threat hunting scenarios. And that's where we've been super successful in detecting threat adversary behavior while generating very minimal false positives. We recently conducted a prototype effort with a high priority client on the US government side. And we did exactly what I just described. We used AI and these large language models to construct a set of agents that first introspected the system, understood its accreditation status, but also its live running status. And then after developing hypotheses, these agents then said, okay, we want to look for these things. And they tailored a set of hunt analytics. We were able to find, as I mentioned before, these living off the land, these slow and low techniques by real threat actors moving in the environment. And then we were able to thwart them in real time. And we generated almost no false positive. So I do believe that this is the antidote to that. You know, the screen sort of just the decay and the weariness of too many alerts, too much data streaming by. Instead, you know, let's swarm tackle it with AI, ask better questions, and then the answers we get back will have far more precision.

Dave Bittner (27:20)

Is it fair to say that you're, you're kind of taking that velocity problem and turning it on its head, that these systems can go in and do that threat hunting at a scale that humans simply aren't capable of?

Joe Gillespie (27:34)

Absolutely. The fact that adversaries are sort of using the machine speed and their ability to go fast with AI against us, this is how we defend. We use machine speed to defend. And this is what it looks like. We understand their techniques as they evolve and we're proactively hunting for them. And it really is special. We absolutely are doing the mirror image. And it's really about who can employ AI better, faster, apply it to the mission more rapidly. And then on the other side of sort of the accelerated pace, it's who can employ the latest things that have emerged out of academia and operationalize those and use them. Right. So are we more effectively using them on the offensive or defensive side that that's who's going to win that battle. And it's the never ending battle. Right? It's typical for cyber, it's just never ending.

Dave Bittner (28:27)

I'm curious, where do you suppose we're headed here? It strikes me that we are still in early days with these tools. You mentioned that you're doing exploratory things, you're beta testing things, we're checking to see if these things work. How do you Suppose the future is going to look for us here.

Joe Gillespie (28:47)

Yeah, I think the future is ubiquity and I think the only question is how quickly we get there. I think that ultimately we need, especially on the defensive side, we need swarms of agents, swarms of agentic AI systems that are hunting for, identifying and thwarting adversaries as they attempt to move, because the adversary will have swarms of agents. So similar to how others have predicted in the kinetic space that the future is drone versus drone combat, unmanned versus unmanned. I think similar is true in the non kinetic space. The future of sort of this, this combat in the cyber landscape. It is agents fighting agents. And the question is who can construct the better agents and who can employ them more quickly, more rapidly and apply more processing power to them. And I think, you know, as a nation, I think we're, we're in a great place because, you know, we're the thought leaders, we're driving innovation still in the world, right? And we have, we have the compute innovation, you know, the latest that we're seeing in terms of quantum, et cetera. And so as these things continue to emerge, it's just about rapidly applying them to the mission and staying ahead of the fight.

Dave Bittner (30:03)

That's Joe Gillespie, senior Vice president at Booz Allen. And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 24, 7, 365 with Blackcloak. Learn more at blackcloak.IO.

Jack in the Box (31:03)

This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use Indeed's sponsored jobs to hire top talent fast. And even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

Dave Bittner (31:38)

And finally, Jenny Sterle's tenure as Director of the Cybersecurity and Infrastructure Security Agency has been marked by a unique blend of leadership passion and a hacker's mindset. Reflecting on her nearly four years at the helm in an interview with Wired's Lillihy Newman Easterly described her mission as solving the most complicated problems out there while building relationships and fostering a collaborative cyber defense ecosystem. Her Rubik's Cube motto, if you're curious, you will find puzzles, and if you are determined, you will solve them, aptly symbolizes her approach to the complex challenges of cybersecurity. Easterly's efforts have helped CISA grow into a vital agency, tackling threats like China's salt typhoon espionage campaign and ransomware attacks. She championed public private collaboration, urging companies to prioritize collective defense over self preservation. As she noted, we are America's cyber defense agency and the American people are getting an incredible return on investment. However, her departure comes as CISA faces uncertainty under the new administration, with potential budget cuts and reorganization looming. Despite the challenges, Easterly remains optimistic about the agency's legacy, emphasizing the need for continued focus on China's cyber threats and national infrastructure security. Easterly's leadership was driven not just by expertise but but also by a creative spark that made her stand out, whether jamming on her electric guitar, solving Rubik's Cubes, or donning her iconic Dragon embroidered denim as she transitions out, Easterly leaves behind a resilient CISA and a legacy of dedication to securing America's digital future. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapid, rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Heltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. Do take care. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and Data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect Prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at AI.domo.com that's AI.domo.com.