How AI Can Accelerate Cybersecurity

Malcolm Gladwell

Hello.

Jason Kelly

Hello. Welcome to Smart Talks with IBM, a podcast from Pushkin Industries, iHeartRadio and IBM. I'm Malcolm Gladwell. This season, we're diving back into the world of artificial intelligence, but with a focus on the powerful concept of open its possibilities, implications and misconceptions. We'll look at openness from a variety of angles and explore how the concept is already reshaping industries, ways of doing business, and our very notion of what's possible. On today's episode, I'm joined by Jason Kelly, the global Managing Partner for IBM Strategic Partners and Ecosystems, and by Christy Fredericks, the Senior Vice President and Chief Partnership Officer at Palo Alto Networks. We discussed how their partnership in the cybersecurity space helps strengthen enterprises by focusing on seamless cybersecurity solutions tailored to meet the evolving threat landscape. By leveraging AI and automation, this collaboration aims to modernize security programs, improve response times and reduce risks. Jason and Christy both bring a tremendous amount of experience and expertise to the subject. I think you're really going to enjoy this one. Jason Christie, welcome to Smart Talks with IBM. Thank you for joining me.

Christy Fredericks

Thank you.

Malcolm Gladwell

It's great to be here.

Jason Kelly

We are here to discuss cybersecurity and the partnership between IBM and Palo Alto Networks. But before we get there, I wanted you guys to tell me a little bit about yourself. Jason, let's start with you. I see on your resume West Point, which makes me think there's some interesting things going on there. How did you get to West Point?

Christy Fredericks

West Point? West Point was a decision first. It was affordable back in the day, but I had a sense of service. My father was a World War II vet, so I grew up on the weekends watching World War II video.

Jason Kelly

Was he Army?

Christy Fredericks

He's army as well. And so I thought, oh, that'd be exciting, and thought I'd do some type of service. Went there and now I have the biggest family extended family I could ever have. So it was very exciting. Played football, lucked out. Meaning I wasn't recruited. I walked on and that kept me there because it gave me something, an outlet with all the other pressures that are there.

Jason Kelly

What position did you play?

Christy Fredericks

Defensive back. I was. I was great at knocking the ball down. Not the best at catching it.

Jason Kelly

Yeah, yeah. And then you were a Ranger?

Christy Fredericks

I was. I was privileged to be a US Army Airborne Ranger Station, but did most of my time in Northern Italy. We were part of the 82nd Airborne hardship post. Oh, yeah, right. That's what people say. Seriously, like, you know, you were. You were in Northern. You were Drinking wine and having bread, you know. But no, we. It was a. We were part of a NATO force there at the time.

Jason Kelly

Yeah, yeah.

Christy Fredericks

So exciting.

Jason Kelly

How did you get from there to IBM?

Christy Fredericks

A long path. As I came out of the military, I started manufacturing retail housing and did a quick stand, took a leave of absence from industry and did a stint of, yet again public service in the state of Tennessee with economic development and got a whiff of how fun it could be to do things around data and media. Started a small media firm, what we would now call a digital firm. Sold it and said I wanted to go do it again somewhere, but I wanted to go to a big company. And the family at IBM brought me in and have yet to let me go.

Jason Kelly

That was how many years ago?

Christy Fredericks

Two decades.

Jason Kelly

Oh, wow. Yeah.

Christy Fredericks

So I know I look amazingly young.

Jason Kelly

But yes, I was gonna say you must have.

Christy Fredericks

IBM was my fifth career and I've enjoyed it since. And that's what I, what I do there. I build teams, grow new parts of the company, and get to work with some of the most brilliant people on the face of the planet, as well as partners like Christie that just keep it exciting.

Jason Kelly

Christy, I was delighted to learn that you are Canadian.

Malcolm Gladwell

Yes, from Toronto.

Jason Kelly

I'm happier. So you were a consultant for a long time at Bain?

Malcolm Gladwell

Yes, Yeah, I joined Bain Consulting intending to spend a couple years there, learn the ropes, and then go get my first real job. But the value personally to my growth and development and then that we were able to bring our clients. I ended up there for 16 years and then post Bain went on to another my first product company, a new relic. And then it's come full circle at Palo Alto Networks. But at Bain, it was all about bringing expertise across different industries to help our clients improve whatever they needed to improve, and bringing that expertise to bear. And then you have the product lines and you think, okay, we're going to build the absolute best product to help our customers do what they need to get done. And then I joined Palo Alto about six, seven months ago in a partnerships role. And I'm delighted to be able to work with amazing consulting companies like IBM, where we bring both to bear.

Jason Kelly

How long have IBM and Palo Alto Networks been partners?

Christy Fredericks

Is it a long time? We've been working together for quite a long time, but we made it official, meaning we got married as strategic partners last year.

Jason Kelly

Oh, I see. So what is it that each of you bring to the table? What's each side specialty?

Christy Fredericks

So it's great that you asked that because about a decade ago, Our now CEO Arvind Krishna says, wouldn't it be great if we just had this one Focus? What does IBM do? And you have this whole list. And he says, let's make it simple. We are a multi cloud, hybrid cloud AI company. And so when you say that, it sounds very simple, but then people, what the hell does that, your hybrid cloud? Well, both of those two things have a lot of data involved. And a lot of those mean that that data is going to sit in multiple places in distributed environments. Well, if you're able to tie those things together with multiple partners, you also have to make sure that it's secure. Because in the direction that we're going, where data is now being consumed in many different places and it is the fuel behind AI, as we know, then you say, oh, well, who does that? Well, and who does it in a way that's, that's getting rid of seams, the seams that could be across multiple products, multiple product sets even. And that's where Paolo comes in.

Malcolm Gladwell

I think that the conventional wisdom in cybersecurity was always, you need all the new tools, right? You need a. Every threat, it's like whack a mole. Every threat that pops up, you get the tool that's purpose built for that specific thing. Well, fast forward to, you know, the RSA conference this year. There were 4,000 vendors on the floor. You look at an average company, there's hundreds of cybersecurity tools. It introduces a level of complexity that is really hard to manage. You as a user query, an application, right? That query can go through a bunch of different. It pings from one cloud to the next. It goes into and out of a SaaS application. It may be running along a network. You may be accessing it from your phone, which is an unmanaged device. It's got to go in and out. And if you say, okay, I've got to secure that phone, I've got to secure the network, I've got it, then all of a sudden you've got sort of firewalls, software and hardware firewalls popping up everywhere. You've got cloud security. And you've probably heard of this concept of zero trust, which is every time you have to check and say, are you allowed in here? Are you allowed in here? The number of places that can fall down, it just becomes overwhelming. So you end up with either alerts firing, you know, every two seconds that you have to then go investigate. And most of which are false positives or you miss something, right? And so that was the conventional Wisdom was we've got to buy all these tools and now you've got overwhelmed CIOs and CISOs with hundreds of tools. And Palo Alto strategy has been, look, we're going to create a platform where everything can be stitched together, everything can speak the same language and we can sort of manage throughout the architecture. And watch, you know, this call as it's, as it's passing through all these different checkpoints. And we can do it in a way that you still have the confidence that it's best to breed. Right. So you're not making any, any trade offs. But it's not so simple just to get from the spaghetti to the seamless architecture. You need oftentimes to reengineer your business processes, you have to re architect your digital environment. And so that's where we partner with a company like IBM to bring that expertise and say we're going to help you not just deploy the best cybersecurity architecture, but really get your environment ready to have this zero test as well.

Christy Fredericks

As all of those players that cross that spaghetti. Because when you start thinking about all the other partners that you work with, if you think of an industry perspective, you're going to have an erp, it could be an Oracle, it could be an SAP. You're not going to have one cloud, as I mentioned, it's going to be possibly multiple clouds. You'll have some aws, maybe Microsoft Azure and then even some Google in there and then your own that you've built in your private over there, some IBM, some in IBM cloud. You'll have those multiple clouds and then you also will have, you know, fit for purpose. Oh, I need a, I need a salesforce in there for, you know, my customer focusing. I need, I'm doing some graphics so I have Adobe, so I just, as I, I can name, name, name all of those then have to be re engineered. Seriously, I mean, come on, Malcolm, are you going to sit there, you think how long that would take? So if you haven't done that before, you're gonna have to go to each one of those individually or you can work with a company that can tie those things together because we are also strategic partners with them. So that's where you start to say, okay, I see how this comes together. You have to make sure that your ecosystem is going to be stronger than your competitor's ecosystem and you have to be secure in what you're doing because as you add more players or products, you create seams and you want to make sure there's Fewer seams and that there's zero trust across that capability you're building. And that's why the complement between the two companies.

Jason Kelly

Take a step back for a moment before we sort of launch once again into the specifics of what you guys are doing. I'm curious at this moment, in 2024, how nervous should we be about cybersecurity? So Compare it to five years ago or 10 years ago. Are you less nervous than you were five years ago or more nervous? Are all the changes going on right now increasing vulnerability or decreasing it?

Christy Fredericks

I would say. Chrissy, also, I think we share the point of view is that it's not necessarily being more nervous. I think you should be more prepared because the amounts of threats is increasing based on our dependence upon data. And that's where I think the attention should be placed. Is that more and more, especially with the importance of AI, that you say, okay, then what's under all that? And it's the data, as I said. So knowing that you should be more concerned.

Jason Kelly

Does the advent of AI and the its rapid evolution help defense more or offense more?

Malcolm Gladwell

I think it's like any megatrend that we've witnessed both. Right. So you think about AI, it's 99% great in terms of what it's going to unlock for productivity, for humanity. But it also makes it a whole lot easier to build ransomware. It's a whole lot easier to test different ways into a system. Right. But I think that's true if you think about the rise of the Internet. All of a sudden, everyone was putting their data online and you had to think of new ways to stay ahead and keep that secure. And I don't think AI is any different. You've got companies like Palo Alto, partnerships like Palo and IBM that are constantly scanning the landscape for not only the current threats, but what's next, what's coming around the corner, what's after AI. And so I think taking it seriously and being prepared is probably the right way of looking at it as opposed to. Because if you think about it too hard, you'll just want to crawl into a corner and stuff everything under the mattress.

Jason Kelly

Let me give you a hypothetical. I am the CEO of a regional hospital chain, big distributed healthcare system. So ton of data. The consequences of being hacked and held for ransom are life and death. Life and death, literally. When you come. So you come down, you sit down with me and you chat with me, walk me through the kinds of things you would tell me about what I need to get safer. For example, let's start with one. Is it likely that I'm spending too little or am I spending money in the wrong place?

Malcolm Gladwell

It's a great question. It depends how you've broken it out. If you are distributing all of your dollars across a whole bunch of different tools, it's likely you're just spending the wrong money. And in fact, you know, putting it all in one place is a way of potentially saving money, but keeping your security actually higher. And I'd love to hear, Jason, how you would approach it. How we would approach it, of course, is by saying, you know, what, what does your environment look like? You know, are, do you have the connected medical devices into your emr? Are your respirators and ventilators all online? Right. And so we would talk about, okay, here's how you get coverage and how the coverage of both the firewalls as well as the detectors all feed back into your security operations center and you can manage it and do your learning with AI and keep yourself secure and safe.

Christy Fredericks

Yeah, And I would say Christy and I would go to the same point because if you get under what she was just asking, it's is your data on prem? And when it's on prem, how active is it across the enterprise? And so that begins the basis for the start. And then often you're going to say, well, we actually take in data from outside. And then we also have the circumstances, there's a lot of pii. And so that personal is the personal information that you're saying, okay, now how are we securing that and where are we securing it? And so you have to start really thinking about the different areas within that hospital chain. Are you sharing that amongst your hospitals? And now you start to think of if I'm saying no to a lot of that, it's like, well then are you as efficient as you want to be? So there is that trade off of am I so tightly walled that I'm not productive? And so that's where we would start to say, what's the outcome that you're trying to get to? Maybe you're good, maybe you're good with your five locations and you don't need to go any further, but maybe you want to expand to 50. And by the way, you're going to go cross border, you're going to be in Toronto and in New York. Okay, well then how do you do that? And so I think that it's very easy to start jumping into any of this typical situations. But the first question that you have to ask you as the hospital CEO Is what's your objective? What are you trying to do? Because too often what we see is that there's some bright new shiny thing that everybody wants to put in play. It's a sandwich looking for lunch. And you go, oh, but what is it that you want to do as this hospital? Are you doing research? Are you a research hospital? Are you more consumer oriented? So those are the questions you start to ask because they start to then tell a story in line with what Christie questions. And I think that that's where the again the compliment is that instead of just saying, oh well that's, thanks for telling me all this, Malcolm. Here's your 10 page strategy now go find somebody. We have the benefit and IBM and it's probably why I'm still there is, you know, we're very unique. We're the only company on the planet that has a consulting business at scale inside of a technology company. And so we have, you know, the left brain, right brain, we're able to do that and then we're able to say, okay, now which partners are going to be most valuable for our clients? What's going to work for you isn't going to work for the manufacturer down the road, isn't going to work for the consumer or CPG company across the river. Those things are very specific. The threats and the scenes that I was talking about are very specific. So that's where it becomes very valuable to make sure that I'm not just giving you some strategy that's generic, but everything.

Jason Kelly

As a healthcare CEO, everything I have done, almost everything I've done over the last 10 years hasn't had the effect of increasing my vulnerability. I want to digitize data within the hospital used to be on pieces of paper. I want doctors to go home and to be able to seamlessly hook into stuff at work because they got to do all their paperwork. I want to make sure the diabetes people are speaking to the organ transplant people. And so I'm, you know, isn't that everything I have done to kind of keep up with the revolution in healthcare? Isn't that also making me more and more vulnerable to a bad actor?

Malcolm Gladwell

It's such a great question because think about the quality of healthcare delivery, right? So now doctors aren't filling out forms, they're spending time with patients. And so the quality of care is improving and the vulnerability is improving. Right. And so I think that's where having a strong cybersecurity strategy actually enables all of that. One of our products is our SASE product and we tested it with some business applications. And oftentimes the wrap is, oh, security is going to slow you down. Right. Like, you have to add a firewall, you have to add checkpoints. Our product actually increases the velocity of your ability to use that application because of the way that it is queried through our system as opposed to just through the regular network. So it doesn't slow it down and in fact, it makes it run more efficiently. Yeah, that's just one minor example. But back to the healthcare question. I, as a patient, want my doctors accessing all the technology and talking to each other and connecting the dots behind the scenes. I also want my data to stay private. And so having both a consulting partner who understands how to ask questions of the environment and of the applications you're using and who understands the industry inside and out, and a technology partner that builds and stays ahead of all of the different threats come together and advise you, I think is super important. When you bring in a partner like IBM with a platform like Palo Alto that covers all the different parts of your environment, you're able to say, look, where, where are the vulnerabilities in the system? Where are the different endpoints that we need to have covered? And then just make sure you get that breadth of coverage, and then you're better able to. So, yes, you've increased the risk, but then you've mitigated it.

Jason Kelly

So to give. So before I retire my healthcare analogy, because I was thinking about trying to understand the importance of this, of this idea of having a single platform. So if this model healthcare network is typical, I've acquired a whole series of. Over the last 10 years, I bought a hospital over here, some. I got some physicians. Things that I snapped up over here. I bought a diagnostics company. And so I have all of these legacy systems, and I have, like you said, maybe I got some stuff in the cloud with one company, some stuff with the cloud. And what you're saying is the first step is to kind of rationalize that, put it on a single platform so you understand where your points of weakness are, as opposed to being blind to your points of weakness.

Malcolm Gladwell

There's. Yes. Although anyone who's done any kind of M and A knows that that's a long journey. Right. So I think the first step is just understanding where everything is. And then you get on a path and you say, where's the biggest risk? Let's. Let's neutralize or mitigate that risk one at a time. The thing about open and secure, you know, Palo Alto, we, We keep touting the benefits of the platform, everything. On Palo Alto, your risk is going to be mitigated and you're going to have the full visibility, but you can't get there overnight. And so we've got, you know, thousands of integrations with other technology companies, including our partners, to make sure that we can capture and have visibility into those, those endpoints and those systems as well. And so I think step one is just figure out where everything is. Just get the scan. So Palo Alto has a couple products where you can kind of deploy and get a view of your attack surface. I love the analogy. Just like a digital environment is a house. Right. And so like you have your front door lock, of course, because probably they're going to try the front door first. But that's not all you're going to do. Right. You're going to make sure the whole, you know, the windows are locked and there's an alarm system and all of that. And, and I think that's how you have to think about it is just how do we cover the whole service?

Jason Kelly

So everyone lay. People like me have been bombarded over, it seems like, over the last year with one thing, another about how quickly AI is moving forward and how big of a deal it is. Suddenly it's going to be in the economy. What is the impact of that dramatic change in AI's capabilities on the cybersecurity question? So what does it mean if you're defending somebody, that you now have these sophisticated AI tools at your disposal?

Christy Fredericks

I think that AI becomes the force multiplier for cyber to think about cyber. Before, it was just locking your doors, locking the windows. And if you were really good, you had an alarm system. Now with AI, you can say, well, I can predict what's going to happen. I can see around the corner, I know I can leave my windows open upstairs and it's fine and it's okay.

Jason Kelly

I mean, because the AI, why? Because the AI is running a million simulations.

Christy Fredericks

It can, and that's exactly it. It becomes the intelligent part of that AI. It's not artificial, it's augmented. So you now have this new capability to see around corners. And so you're able to do the jobs of yesterday more effectively and the queries that you were doing, and that's all you're really doing now, you're doing them faster, you're able to access even more data and you're able to then make it more secure. So that's why AI becomes a force multiplier.

Jason Kelly

Yeah, and let's talk about the faster part. What does Faster mean in practical terms, if you're trying to defend an enterprise against a cyber attack, what does speed matter in that environment?

Christy Fredericks

You're always trying to find a place through. I go back to you, we brought up the army, you always, how do you break the line? How do you find a penetration point? And when you think about, you know, pen testing, penetration testing, where are those? So if you're able to do that faster than the bad guys, and not only faster, but you're picking more probable points, this is back to the intelligence. I could waste time doing penetration testing someplace where. That's why I mentioned if they can't get in the second story windows, why are you spending time trying to. So that becomes more effective. So that's when I think of speed. That's what I think of. Because with not just speed, I think it's also what's effective just to put.

Malcolm Gladwell

A fine point on it. So I found a way in. Okay, now what? I don't know where the jewelry is, so I have to look around and see if there's any hidden gems and try to find my way. That used to take a week, two weeks, or seven to 14 days. Now it's hours, right? So they're in and they can actually exfiltrate data within less than a day. The metric we use in the security operations center is mean time to detect. So to see anyone's there, mean time to respond and remediate to get them out. Right. That used to be also, you know, seven, eight, nine, 10 days. Now it needs to be less than an hour. And with our AI based security operations platform, it is. Now you've got one tool that's whether, whether it's all peloton networks or whether it's just, you know, hoovering in data from other places, then you're able to see it all together. So you actually get fewer alerts. So you get from thousands of alerts down to a hundred alerts. Right? And you can investigate them and you investigate them using AI too. And AI is, is today, it's today's thread. But it's, you know, you think about threat and opportunity, you think about what's next. You always have to be kind of.

Christy Fredericks

Evolving and you have to think we talk about threat and risk and you know, we didn't talk, you know, what is the cost of cyber? Some type of penetration. It's typical cost is about four, four and a half million dollars and that's just in labor and remediation. If you think about reputational risk as well, our institute for Business Value did a study and found that in 2023, and there were 39 banks that we watched that suffered a reputational risk market value of $130 billion. And so you start to think, wow, that's just reputational risk. So that's what's at stake here. And that is only going to get bigger.

Malcolm Gladwell

So one of the pieces we haven't talked about about AI that I find super interesting because we've been talking essentially about the Terminator, the robots fighting robots, whose robots are quicker. I'm designing attacks and I'm defending against attacks. And I think that's, that's super important. But we recently launched and are working with IBM on our AI security product to actually secure the use of AI, because it also opens up another set of threat vectors. I'll give you an example. I'm a marketing executive now for your hospital. So I work for you and you want to announce the launch of a new center. And so I upload all the information about all the patients and how we do things into ChatGPT to write the PR for me. Well, I've also just uploaded to ChatGPT a whole bunch of secrets, right? So it's how employees are using AI, because I think some companies are sort of building their own language models and their own AI applications that they want to keep secure. Others are just curious about how their employees are using AI applications on the shelf. And so we announced in May a product where you can actually scan and see how AI is being used in your enterprise and within. We made the announcement with the GA was last month, but we made the announcement in May and we had immediately thousands of CIOs signing up because just understanding who's using what, it's another open question because we talk about AI enhancing productivity and all the benefits it's going to bring, but it brings risks not just in how it's being used by the threat actors, but also what other.

Jason Kelly

Vulnerabilities it is the AI that you. Does that system tell you what's a problematic use?

Malcolm Gladwell

It does. So what it does. And you've got to train it right? But what it does is say this is outside of your policy. So CIOs will set policies on here's what is acceptable and not acceptable use. So we'll be able to scan and say these following uses are outside of policy. And then it'll pun and say, I think this is too restrictive, I think this is too permissive. And then you can sort of update your policies from there. That's just Sort of the visibility piece and then there's the runtime piece which will actually stop you from using it. So you go and say, okay, here's all my patients Social Security numbers. I'm going to upload them to ChatGPT to get an understanding of where they all live. I don't know what, why you would possibly do that, but let's say you were. And then you know, it'll note that looks like a Social Security number. You can't upload that into your prompt.

Jason Kelly

And so it will stop you before you. Yeah, thoughtful, thoughtful voice over your shoulder just to remind you not to do something silly.

Malcolm Gladwell

Exactly.

Jason Kelly

But this is just talk a little bit more about adding AI into this mix. You say it's a force multiplier. It's a really interesting. Let's dig into that. What other instances of what that means? How does the balance between AI and human expertise work in the kind of next generation of cybersecurity?

Christy Fredericks

I think the common way to look at it is it back to the force multiplier. It's not going to be is your AI better, but can you use it better? Can you ask your AI the right questions? Are you well trained? So the competition really becomes your use of AI and are you pointing it in the right direction? You have 50 people. Can they do the work of 250 and can they do it in a safe and secure manner so you're not opening up more risk based on or too much risk as your risk tolerance in order to get the outcome. So that's where I think there's the opportunity. And so you see this truly as a force multiplier because the first thing people go, oh, you're going to get rid of people. The people portion is still going to be just as important because they're doing that other piece of work.

Malcolm Gladwell

One of my favorite statistics is that there are now more bank tellers in the US than there were in 1960 before the ATM was invented. Right. But it used to be you would go to your bank because you had to. I remember doing this. You go, you fill out your deposit slip, you hand it to the teller and they give you your cash. And then ATMs were invented. It was like, oh no, what's going to happen to all these jobs? And now there's more. Right. But you're not withdrawing money from a bank teller. You're now doing more sophisticated transactions. So I think it's similar with AI, right? You want people doing things that only people can do.

Jason Kelly

The human element remains absolutely central in all of this, how do you make sure that your cybersecurity folks are equipped to handle high value tasks, are sort of ready for this increase in responsibility?

Malcolm Gladwell

There's a couple ways to answer this, but I think the more you're able to automate the routine and the mundane tasks, for example, the bulk of cybersecurity happens in the security operations center. There's analysts who are sitting in that center. If they're spending all day either configuring alerts or responding to alerts, they're not able to do the advanced sort of threat hunting and analysis work. And so I think a big chunk of it is just freeing up their time to be able to do the more advanced strategic work. And a lot of the automation tools based on AI, like our Cortex Xim product is it's designed to free up their time in order to be able to do that.

Christy Fredericks

And from our perspective, it's making sure that it's a requirement to make sure that you have the qualifications because people can easily get used to doing what they've always done. I know this and that's what I do. You say, well, no, all the threat actors are learning on the fly. They're trying to always outsmart you. So it's in your best interest, our best interest, our client's best interest and partner's best interest that you are on the front leading edge of that learning capability.

Jason Kelly

If you're talking to a client who wants to develop a kind of unified cybersecurity strategy, what's the best single piece of advice you can give them?

Malcolm Gladwell

You should have a single platform. It's hard not to answer that, but it is true. I mean, all joking aside, having the best of breed solutions that are all talking to each other and able to stitch together and identify threats before a human might be able to, that's number one. And number two is making sure you have visibility on all elements so you're able to cover your whole environment and understand how people are accessing it.

Christy Fredericks

I'd say think like a bad actor. Yeah, always think outside in because you get comfortable the other way around.

Jason Kelly

You guys work together on a, with a Fortune 500 company and I'd love for you to talk a little bit about, do you use that as a kind of case study for what this collaboration between the two, your two companies looks like when you work with a client?

Malcolm Gladwell

It really was, you know, IBM leading on a digital transformation for this client that wanted to move their applications into the cloud. And so you're asking a lot of questions about how does AI increase the risk in the surface area? Those same questions 10 years ago were asked about the cloud. And we're still on the journey where companies are migrating to the cloud. We're not anywhere near finished that yet. And so there's two pieces to a cloud migration. One is just refactoring for the cloud to make sure the application works effectively in the cloud. The second is security. And then you built in security by design, using Palo Alto's Prisma cloud products to make sure that not only did you have the visibility, so our cloud product, you can scan and see where the vulnerabilities are. And then there's also, you know, cloud firewalls, essentially, that that will keep bad actors out and keep the cloud instance secure.

Jason Kelly

If we sit down and have this conversation five years from now, which I actually hope we do, be fun. So let's go. Let's. Let's pretend it's 2029. Tell me, what are you happy about in 2029?

Christy Fredericks

I think 2029, quantum computing is mainstream. I think quantum computing is now quantum safe, where we're using quantum computing to make sure that those bad actors aren't as bad as they used to be back in 2024, and that we're seeing around the corners and that we're empowering our Palo Alto relationship. That in 2029 is the Premier type of capability that people are looking at when they think of what used to be AI and now is quantum capability.

Jason Kelly

Yeah, yeah.

Malcolm Gladwell

I think for AI, everyone's just using it as part of their job. The way email was an innovation in the 90s, the way cloud was an innovation in the 2010s, and we thought, how are we going to use this? What impact is it going to have on productivity? All these people who are spending their days typing up memos, like, what are they going to do? We're going to be past that fear and we're all going to understand that it is this, like, truly positive force multiplier for, you know, every employee is able to do their best work and spend their time on the things that only they can do. And then the AI is doing the rest of that for them. Right.

Christy Fredericks

AI, it's going to enable many things to work together. And it won't be just one language model. We won't even think about. It will be the difference between Malcolm having a fax machine, stereo and a telephone and a memo board. Now it's in your pocket and it's all one thing. And you don't even call that. I said, Walkman to my kids the other day and they're like, what's a Walkman? So I do think it will, it'll be part of the past and it will be this thought of the seamless connection that is secure seamless connection of hr, of finance, of distribution, logistics, of billing. All of those will have a capability to work together.

Jason Kelly

Yeah, I have to do some social quick fire questions. You guys ready?

Christy Fredericks

All right.

Jason Kelly

What's the number one thing that people misunderstand about AI?

Christy Fredericks

The reliance on data.

Jason Kelly

What do you mean by that?

Christy Fredericks

I think that it's just assumed that it's happening and it can just go out and grab data anywhere.

Jason Kelly

Oh, I see, yeah. Oh, I see. Yeah, yeah.

Christy Fredericks

You have to have good data, reliable data and access to the data.

Malcolm Gladwell

I think people are too afraid of it.

Jason Kelly

Chat box and image generators are the biggest things in consumer AI right now. What do you think is the next big business application, Jason?

Christy Fredericks

I think it's the tying together of multiple capabilities. I hinted towards this earlier is that I think tying together the disparate systems that sit in different parts of the organization, front office, back office, making it one office, and tying together those different functions, that's it.

Malcolm Gladwell

I mean it's workflow automation. I think back to your point on the reliance on data seems easy. It's a lot harder than you think because you have to have everything set up in exactly the right way to get all of your systems automated and the sort of the more boring jobs taken care of so that humans could do the strategic ones.

Jason Kelly

How are you already using AI in your day to day life?

Malcolm Gladwell

I mean, I use it at work all the time and then I've found right now I go to ChatGPT instead of Google to look things up. I like having a conversation.

Christy Fredericks

We have a wonderful capability in our consulting business called our consulting Assistant and Consulting Advantage is the proper name for it. But I look at it as that assistant. It's a force multiplier for me. So if I need to pull together content proposals with the teams, we go straight to that.

Jason Kelly

We owe one more. We hear so many definitions of open related to technology. How do you define it and how does the concept help you innovate?

Malcolm Gladwell

By definition, in cybersecurity you don't want to be too open. Right. So I think we enable openness with this concept of zero trust and saying everyone's invited in as long as you have the right credentials. Right. So that's one way and then the other way is just making sure you're connected to all the different systems in order to be able to have that visibility and see what's happening. Because if you are blind, that's the minute you have that vulnerability.

Jason Kelly

Yeah.

Christy Fredericks

And I'd say it's moving quickly with security. It sounds contradictory. Open. Oh, then that means you're not safe. No, you are safe and you can move faster.

Jason Kelly

Yeah. Thank you so much. This is fun.

Malcolm Gladwell

Thanks a lot.

Christy Fredericks

Thank you.

Jason Kelly

This is great.

Malcolm Gladwell

We'll see you in five years.

Christy Fredericks

Yeah, five years.

Jason Kelly

See you in five years. Yeah, that's right, man. I'll be old in five years. Thank you to Jason Kelly at IBM and Christy Fredericks at Palo Alto Networks for that fascinating conversation about the threats and opportunities in cybersecurity today. As Jason and Christy stressed, AI can be a force multiplier for enterprise across industries. When you're working with multiple products and have your data in distributed environments, you need technology that will work across your organization. And with Palo Alto Network's platform, you can enhance cyber resiliency and simplify your operations. Through their collaboration, IBM and Palo Alto Networks are charting the future of of fully integrated, open, end to end security solutions. Smart Talks with IBM is produced by Matt Romano, Joey fishground, Amy Gaines McQuaid and Jacob Goldstein were edited by Lydia Jean Cott. Our engineers are Sarah Bruguer and Ben Toliday. Theme song by Gramiscope Special thanks to the eight Bar and IBM teams as well as the Pushkin marketing team. Smart Talks with IBM is a production of Pushkin Industries and ruby studio at iHeartMedia. To find more Pushkin podcasts, listen on the iHeartRadio app, Apple Podcasts or wherever you listen to podcasts. I'm Malcolm Gladwell. This is a paid advertisement from IBM. The conversations on this podcast don't necessarily represent IBM's positions, strategies or opinions.