Between Two Nerds: The 800 pound gorilla - Risky Bulletin

Summary5 min read

Risky Bulletin: Episode Summary - "Between Two Nerds: The 800 Pound Gorilla"

Release Date: March 31, 2025

In this engaging episode of Risky Bulletin, host Tommy Wren and co-host Grok delve deep into the intriguing discourse surrounding the United States' (US) standing in global cybersecurity. Titled "Between Two Nerds: The 800 Pound Gorilla," the conversation challenges the prevalent notion that the US, particularly entities like the NSA, reign supreme in the cyber domain.

1. Perception vs. Reality of US Cyber Dominance

Tommy Wren introduces the topic by questioning the widespread belief that the NSA or the US leads the world in cyber capabilities. Grok counters this by highlighting the inherent bias in rankings produced by US-centric reports, often placing the US at the top without substantial evidence to back such claims.

[00:35] Grok: "Well, the rankings, which are produced by the us, they always come out on top. So, I mean, case closed, right? That's."

[00:43] Tommy Wren: "Yeah. So there's that, and there's also that there's actually very little, like, evidence in terms of the hacking us, the visible hacking that the US does to indicate that they would be number one."

2. Flaws in Cyberpower Rankings

The duo critiques the methodologies behind cyberpower rankings, emphasizing that metrics often favor the US due to its transparency compared to other nations like North Korea, China, or Russia, which are more secretive about their cyber doctrines.

[02:14] Tommy Wren: "Partly because the US is a bit more transparent than a lot of other countries."

[02:34] Tommy Wren: "So when you've got that as a metric, that's sort of artificially boosts the US based on something kind of."

[02:43] Grok: "Irrelevant, I think the methodology is going to skew the results..."

3. The Halo Effect of Leaked Information

Tommy and Grok discuss how high-profile leaks, such as those by Snowden and the earlier Echelon disclosures, have created a lasting "halo effect" around US cyber capabilities. These leaks, often presenting the NSA in an overly optimistic light without addressing limitations, have reinforced the myth of US supremacy in cybersecurity.

[05:32] Tommy Wren: "So I guess what I'm hearing you say is that there is kind of a long lasting halo effect from the."

[05:42] Grok: "Yeah, yeah."

[06:04] Grok: "There's been a commercial interest in keeping up that. I'm going to call it a mythology..."

4. Competence and Resources: The Backbone of US Cyber Strength

Grok emphasizes the sheer number of skilled professionals within US cyber agencies, such as the NSA and Cyber Command, arguing that the volume of competent personnel inherently boosts the US's cyber capabilities. They also touch upon the historical investment dating back to World War II, which has provided the US with structural advantages in intelligence and cybersecurity.

[03:21] Grok: "I haven't met people who I've got like, oh my, like, Jesus, how did he get a job?"

[04:07] Tommy Wren: "Yeah. So the numbers, roughly 30,000 at NSA, I think at last I checked, was 6,000 at Cyber Command. So that's like. Right, that's a lot of people."

[07:04] Grok: "More resources available and they have for decades. That's the sort of thing that just compounds."

5. Comparative Analysis with Other Nations

The conversation shifts to comparing US cyber capabilities with other countries. Grok contrasts the US's focused and resource-rich approach with nations like Germany, which, despite their resources, lack operational competence due to bureaucratic inefficiencies. They also discuss the rise of other cyber powers like China, Russia, and Israel, acknowledging their strengths but maintaining that the US holds a significant edge.

[11:28] Grok: "So I, I'd say I'd compare it to like the, the German military in a way where like you can just."

[12:10] Grok: "The French know what they want. They want this expeditionary force..."

6. Evidence of Advanced Cyber Operations

Through examples like GCHQ's advancements in public key cryptography and the infamous Stuxnet operation, the hosts illustrate the depth of US cyber expertise. They argue that while some operations may not always be publicized, the underlying competence remains formidable.

[14:26] Grok: "Yeah, here's some busy work, you know, work on this just to sort of wet your appetite..."

[18:32] Tommy Wren: "Americans are always very careful to say, well, I don't know who did that."

7. Structural Advantages and Feedback Mechanisms

The discussion highlights how intelligence agencies benefit from clear metrics and immediate feedback, allowing for rapid iteration and improvement. This contrasts with other government departments where outcomes are harder to measure, leading to slower adaptations and potential inefficiencies.

[09:19] Grok: "Investing in infrastructure is the sort of thing that pays off in 25 years or not at all."

[10:00] Grok: "Like, you will see that it's not working and you have to fix it because that's just what you do as an organism, as an agency."

8. Conclusion: The US as the "800 Pound Gorilla" in Cybersecurity

Concluding the episode, Tommy and Grok reaffirm their stance that the US's leading position in cybersecurity is a result of sustained investment, a large pool of competent professionals, and structural efficiencies that allow for continuous improvement and adaptability. They contend that the US's dedication and resource allocation have cemented its status as a top-tier cyber power.

[25:03] Tommy Wren: "So in fact what you're saying is that the reason NSA is better than anyone else is because the US just cares more."

[26:20] Grok: "It's more caring. They wanted it more. That's it."

[26:25] Tommy Wren: "That's right."

This episode offers a nuanced exploration of the factors contributing to the US's prominent position in the cybersecurity landscape. By dissecting perceptions, methodologies, and tangible evidence, Tommy Wren and Grok provide listeners with a comprehensive understanding of why the US is often viewed as the "800 pound gorilla" in the cyber domain.

Loading summary

Transcript101 lines

[00:04]
Tommy Wren
Hello, everyone. Welcome to another between two nerds discussion. I'm Tommy Wren and. Hello, Grok.
[00:11]
Grok
Hello, Tom. How are you doing?
[00:13]
Tommy Wren
I'm good. This week's edition is brought to you by Crawl. I have an interview with Ed Curry of Crawl about geolocation hacks and why hacked geolocation data is worrying. So this week, Ruck, we thought we'd talk about this funny phenomena where people think that the NSA or the US is the best at cyber.
[00:36]
Grok
Well, the rankings, which are produced by the us, they always come out on top. So, I mean, case closed, right? That's.
[00:43]
Tommy Wren
Yeah. So there's that, and there's also that there's actually very little, like, evidence in terms of the hacking us, the visible hacking that the US does to indicate that they would be number one.
[00:56]
Grok
They're. They're like martial arts experts who are like, if I actually fought, I would kill people. Trust me, I have, like.
[01:03]
Tommy Wren
Yeah, so we thought we'd tackle this as, why do other people think that? And why. Why do we think that? If we do Right, So are they the best?
[01:16]
Grok
So I, like, I don't. I don't believe that you can do cyberpower rankings in a purely, like, number one, number two, number three, like, I don't think they rank quite like that. I think that there's probably more clusters of skill levels and capabilities. They're absolutely Premier League, top of the league tables. Are they the absolute best? Maybe, yeah.
[01:40]
Tommy Wren
So we've talked a couple of times about the way that think tanks will reproduce these kinds of reports. And. And the one I was involved in, the very short summary, is that we looked at a whole lot of different factors, and it was like the size of organizations, the legislation, the doctrine that had been published. And when you looked at it, in those measures, the US came out on top. The one I was involved in wasn't strictly a cyber power, but the process is the same. You have some sort of measures and you try and rank.
[02:13]
Grok
You have a methodology and a metric.
[02:15]
Tommy Wren
Partly because the US is a bit more transparent than a lot of other countries. Some of the things like publish doctrine. North Korea doesn't publish doctrine. China doesn't publish doctrine. Russia, I don't know, maybe they do a little bit, but the US does.
[02:31]
Grok
They publish it, but they don't read it, so it doesn't matter.
[02:35]
Tommy Wren
And so when you've got that as a metric, that's sort of artificially boosts the US based on something kind of.
[02:43]
Grok
Irrelevant, I think the methodology is going to skew the results in that you have to pick something that you can actually measure. And when you're dealing with secret agencies doing Secret Squirrel stuff, you're looking for proxies. Proxies you can measure because you don't have anything else. And so it's always going to be imperfect in some sense.
[03:03]
Tommy Wren
Yeah. So what's your internal methodology like, what's your biased way of coming to that conclusion?
[03:10]
Grok
Yeah, vibes. Yeah. No, you know, I think, I think the fact that we don't see evidence of their operations is it's a little bit like, you know, one of those pictures of like there are 47 ninjas in this photo.
[03:22]
Tommy Wren
Right.
[03:22]
Grok
And they sort of actually are. Is what it gets. What it gets down. It's like they just. So I, I think that they've been doing it for a long, long time. I think that everyone I've met that has come out of there has been competent. Like, I haven't met people who I've got like, oh my, like, Jesus, how did he get a job? Like, right, right.
[03:44]
Tommy Wren
This person is full of rubbish. They're making stuff up.
[03:48]
Grok
Nothing like that. Even, even if they aren't like the, the absolute brightest spark I've ever met, none of them are dim. They've all struck me as competent. And knowing that there's just thousands of them makes me feel like if we were just ranking by number of competent people working on a thing, I think they would come out on top just on that alone.
[04:08]
Tommy Wren
Yeah. Yeah. So the, the numbers, roughly 30,000 at NSA, I think at last I checked, was 6,000 at Cyber Command. So that's like. Right, that's a lot of people.
[04:19]
Grok
Yep.
[04:19]
Tommy Wren
Now I was wondering if the Snowden leaks and before that there was material leaked, I think they called it Echelon at the time, about far guys collection apparatus also goes into that in that there have been a couple of times.
[04:34]
Grok
Where the curtain was pulled back.
[04:36]
Tommy Wren
Basically some of the material leaked has been received, is pretty sensational.
[04:40]
Grok
So I think part of it is that the PowerPoint presentations that were leaked were sort of. They're your typical business PowerPoint presentation. It's casting the absolute best possible light on what you're doing. Maybe a little bit stretching of the truth, maybe a little bit excessive. Like these were not the cold, harsh, you know, self reflection, introspective, you know, like, what are our limitations? It wasn't that sort of thing. It's very much like, here's how my team has been exceeding expectations for this quarter and blah, blah, blah. So I think that that helped to a degree not to Downplay the reality. But I think the fact none of that content was like here's how, like here are the limitations that we butt up against. Here are the things that where we're operating at the edge of our capability, we can't push the envelope anymore. We've just sort of hit a wall.
[05:32]
Tommy Wren
Yeah. So I guess what I'm hearing you say is that there is kind of a long lasting halo effect from the.
[05:42]
Grok
Yeah, yeah.
[05:43]
Tommy Wren
From the Snowden leaks that, that give everyone the impression that they can do amazing things. That is partly based on the over enthusiastic PowerPoint work but, but still it's, it's enough to give credibility to the organization. And those leaks are quite old now.
[06:04]
Grok
Yeah, they're over 10 years old. And I was like 2012, it's getting on to 15 years soon.
[06:10]
Tommy Wren
Yeah. And I think those, yeah, those types of leaks. So the echelon ones I remember at the time launched a slew of news stories about omg, NSA can spy anywhere on the planet and do anything.
[06:24]
Grok
Right.
[06:24]
Tommy Wren
And I think Snowden leaks did the same.
[06:27]
Grok
There's been a commercial interest in keeping up that. I'm going to call it a mythology, but that's not right. It's not a myth exactly. But it's, you know, keeping that mystique, that aura of NSA is out to get you with their super awesome, amazing stuff all over the place, all the time, everywhere. Buy our product to get our VPN to protect yourself from nsa. Like it's been reinforced in the public, you know.
[06:51]
Tommy Wren
Yeah. So that's a bit different from the kind of think tank metrics type thing. Now of course, you and I, we're sober individuals and we dissect links.
[07:05]
Grok
I'll do to that.
[07:07]
Tommy Wren
Yeah, we dissect those links with a critical eye. So why do you think that they're if not the best, at least a top tier actor? I think with those that paraphrase what you said earlier, I think they've got.
[07:18]
Grok
More resources available and they have for decades. That's the sort of thing that just compounds. It's very much a sort of compound interest sort of thing. Like if you bank in early and you just start getting those returns on investment early on. The fact that you started 10 years before other people is going to have a big, big payout just by nature of how the, the whole thing works. I think if you've got smart people then you can do smart things.
[07:46]
Tommy Wren
Those organizations. And when I say those organizations, I kind of mean the five eyes ones. They all date back to basically World War II. And so they're forged in this time where getting intelligence and signals intelligence is extremely important. Very, very important. And so they've been doing it ever since then. Yeah, the whole process of collecting and inseminating intelligence has been worked out for like what, 80 years or something like that now?
[08:15]
Grok
Yeah, yeah, very much so. There's that and then there's also the. You know, when I talk to people sort of in general about NSA stuff, the impression I get is always extremely competent and doing maybe not the most interesting stuff because some of it's just routine hacking that they have to do. But it does seem like interesting work. Like they have challenging things to work at and they've just struck me as competent and a well resourced. Large supply of competent people doing stuff for 30 years, 40 years, 50.
[08:50]
Tommy Wren
You know, one of the advantages those intelligence agencies have is it's very easy to tell if you're getting intelligence or you're not. And so if you're not getting it, that means you need to do something else. Like, I think there's a lot of government departments where you're dealing with really complicated policy things where you might have an opinion on what's best, but it's very hard to tell because the timelines are so long or because they're complex social issues. Are we winning or losing? I don't know.
[09:19]
Grok
Yeah. Investing in infrastructure is the sort of thing that pays off in 25 years or not at all.
[09:26]
Tommy Wren
Yeah. And it's very hard to tell what the counter argument would have been or the counterfactual. Whereas you've got an intelligence requirement. I'm meeting it. Yay.
[09:34]
Grok
Right, yeah. Like we're reading their emails or we're not reading their emails.
[09:40]
Tommy Wren
Yes, that's right.
[09:40]
Grok
Very simple metric.
[09:42]
Tommy Wren
Yeah. Yeah. And it forces you to adapt if you're, if you're not doing well. So I think that leads to competence because you can measure it well, you can refine things. People talk about the SIGINT cycle, which is a bit of an idealized view, but it. I think that's one of the reasons why you can iterate and get better.
[10:00]
Grok
Yeah. This is something we've talked about before, I think, is that it's very similar to offensive cyber in that your exploit works or it doesn't work. You get that very rapid feedback. It's a tactical problem, it's something that you address right now and it proves itself or it doesn't. And you can iterate very, very rapidly just because you have that fast feedback when you're combining intelligence and offensive cyber. That's sort of like the best of both worlds in terms of being able to get rapid feedback and adjusting to the environment in which you operate to make sure that you're actually doing what you think you're doing. Right. Like you will see that it's not working and you have to fix it because that's just what you do as an organism, as an agency. You need to do this thing to stay alive, otherwise you will lose your funding because you're useless.
[10:54]
Tommy Wren
Yeah, yeah, yeah. So I, I'm kind of hearing two different things from you. One of them is part of it is stuff you've heard, like the Snowden Leaks. Part of it is the vibe the people you've met who have worked there give off most of competence. And you know that there's a lot of them. So that is consistent. Yeah, yeah. And then there's also, what we've just talked about is structural functions, logic for why they would be good rather than sort of observable. It's a kind of in your head kind of thing.
[11:29]
Grok
So I, I'd say I'd compare it to like the, the German military in a way where like you can just. With the German military, you can pour resources in, but they're set up in such a bad way that it doesn't result in them having a competent military.
[11:43]
Tommy Wren
Why is that?
[11:44]
Grok
Well, you, if you don't use your military and you don't have a clear enemy or a clear idea of what you need to do with your military, you can spend three years deciding on whether you want to like buy the gold plated tank or the platinum plated tank. That's sort of how they squander their time, their money. They've just got bureaucracy, you know, and it's.
[12:06]
Tommy Wren
That sounds just like the Australian Defense Force.
[12:10]
Grok
Yeah. And I'd say, I think the, the difference there is that if you're looking so like the French know what they want. They want this expeditionary force that they can send to Africa and keep their finger in their post colonial non empire. Like they know what they need it for, they know what they want to do. So when they're spending money, it's very focused. Like we need a thing that will do this for us. We need forces that can do this specific thing so that they know what they're looking for and it's much easier for them to focus. And I think in the US you rock up, you say like, we want tanks and jets and rockets and cannons. And the vendor says how many? And they just go, yes, I think that that's sort of the other side is like, maybe if you do have more money than God, it does work out.
[13:02]
Tommy Wren
And so this is another appeal to logic that they've just got more resources. There's that story that NSA used to hire more mathematicians than anywhere else in the world or something like that. I can't remember what the exact story was, but the point was that they were getting up all the talent. I don't think that's true anymore because of the rise of tech giants.
[13:21]
Grok
Yeah, quants and AI and all this other stuff. But yeah, I mean, if you graduated with a theoretical math degree in like 97, I don't think there were a lot of options for you for your, you know, your PhD was sort of quite limited in what you can do.
[13:39]
Tommy Wren
So speaking of other evidence, there's occasionally you'll hear stories that the state of the art at NSA or at the five eyes was years ahead of the outside world. So the example I'm thinking of here is both Diffie Hellman and rsa, which are public key cryptography. And it turns out that gchq, they were discovered, I think three or four years ahead of the public discovery. If I remember one of the GCHQ stories is that they had this theoretical problem and they gave it to an intern and he solved it in the first afternoon. It was like, oh, yeah, that was a really interesting problem. I guess they just give it to interns to see if you can figure it out.
[14:27]
Grok
Yeah, here's some busy work, you know, work on this just to sort of wet your appetite, get into the feel of things, you know.
[14:34]
Tommy Wren
And so I guess if you've got a particular interest that's relevant to cyber. Well, back in those days, signals intelligence, you've got this whole pool of people who are possibly years ahead of the public knowledge and they're also incorporating the best people they can find and adding to that. So there's, I mean, who knows? I don't know whether that is accumulative and gets you more and more advantage over time or whether that erodes over time. I would guess that in the last 15 years it's eroded because of the rise of competitive, you know, other places for those people to go.
[15:10]
Grok
Right. So, yeah, like we've done, I think we've done everything right. We've done evidence by deduction, which is, you know, based on facts that we know about how the world works. Like if you have smart people, smart stuff happens, done evidence by induction, which is, you know, things that we can observe. So We've seen some of the stuff like Snowden and so on, and like, if they're producing this, they must have smart people doing it. And we've done evidence by abduction. Like, something has to explain what's going on. Like, the most likely explanation is that they're very competent and they have good people. Like, they just, they must be good at what they do, which I think shows up in one of the other ways. And that's the, barring some very famous exceptions when there are like, intelligence comes out saying something from the U.S. like the Russians are going to invade, or when they come out and they make statements, they're quite good at what they do. It doesn't feel like a 50, 50 coin flip that they like.
[16:07]
Tommy Wren
I think a lot of people would actually disagree with you, wouldn't they, based on things like Iraq and the weapons of mass destruction. See, and I think people remember the massive mistakes, so I don't think that.
[16:22]
Grok
That was a, a mistake. So like 9, 11, I'd say counts as a mistake. But it's irrelevant for what we were talking about because it wasn't a cyber collection issue. And I think that the Iraq thing was. It was a political. They knew what they were going to do and they set out to find evidence to support it. And I think that it's unfair to say that the intelligence services are incompetent because when they found what they were told to look for, no matter how thin like it, it turned out to be bunk. But I would say also within the context of this discussion, that sort of pre cyber as well, right, like, that was just pure sigint, pure human, pure, you know, massent and imminent and stuff like that. It didn't have that massive cyber quality that you have in the last, you know, decade or so. Look, if you're looking at only the cases that I cherry pick, they have a very, very good success rate, which, like, yeah, we're just going to know true Scotsman this thing until I'm right. But yeah, very much so. I do think that there's a good track record in recent years of what they've done. And I think that we also see stuff like when it'll leak that the Israelis did some amazing operation and the US will be disparaging about it in a way, like, oh, congratulations on my first hotel TV penetration golf clap. Call me when you're like hacking light bulbs and having them convert vibrations into audio signals that you can pick up. That'll.
[18:13]
Tommy Wren
That's funny. But like, where do you hear that?
[18:16]
Grok
Oh, obviously for the people I talk to, when I talk to, like, Americans, and they're like, oh, yeah, I thought everyone spoke to people who said this sort of thing.
[18:32]
Tommy Wren
Right. So that's again, evidence that what NSA does is above stuff that other people think is amazing.
[18:40]
Grok
Right. At least they believe that what they do is superior. Right. So, you know, there's like, there's stuxnet, which everyone is super impressed by, which.
[18:51]
Tommy Wren
Americans are always very careful to say, well, I don't know who did that.
[18:56]
Grok
Yeah, whoever it was was an absolute genius. Probably, probably handsome as well. Very tall. Right. So, like, I. I think that there have been some clever things, but here's the thing is there's also been clever hacks by other people that just haven't gotten the same coverage because they're clever in ways unlike stuxnet. Like, stuxnet was a very visible, high profile thing because of what it was going after. But I mean, in terms of, like, exciting operations, there's Fred Kaplan's dark territory mentioned, this attack where the Russians were basically, they were supplying all of the USB keys to the kiosks that were operating around, like the embassy and military bases in Kabul in Afghanistan. Right. If you bought a USB key, it was like gently pre owned by the kgb. And it doesn't feel as big as stuxnet. Like, it doesn't feel like it has the same sort of geopolitical gravitas, but I think it's innovative and clever. Like, it's definitely a very competent cyber operation that you would look at and say, yeah, they're good at what they do. Like, they figured out a way to do something and they executed on it.
[20:11]
Tommy Wren
Yeah. I think this gets back to your. There's many different ways to be good, which wasn't the wording you used, but right at the beginning you said it's hard to say that anyone is the. The top.
[20:22]
Grok
Right.
[20:23]
Tommy Wren
Like, so it feels to me that in that example, the sort of stuxnet equivalent would be to sell one USB key but have it be a worm that secretly made its way across all of Afghanistan.
[20:36]
Grok
Right. Well, you sell one usb, but it's to sandisk in Kingston that sort of gets the entire supply chain.
[20:44]
Tommy Wren
It's like the Russian story of the space pen, where I think it's apocryphal, not actually true that the Americans spent millions of dollars coming up with a pen that would write in zero gravity and the Russians used a pencil. Yeah. And you know, the Russian approach is, well, we'll just give out these and that's still Like a lot of work, because you match the brands or whatever, right?
[21:09]
Grok
Yeah. And you can't have mistakes. For example, like they did with the XZ back door. Like, you can't screw it up because once it's on the USB and it's out there, the first guy that plugs it in and it crashes his computer, the entire operation is blown and you lose everything. Right. So there's, like, elements to it that require absolutely decent quality, good, competent work. These elements that require, like, competence and stuff. You do see when you talk to Americans, they do talk about China and Russia as near peers in cyber. Like, they acknowledge that these are very competent. I would say that the US Is also a near peer.
[21:51]
Tommy Wren
Right.
[21:52]
Grok
It might be a first among equals as far as they're concerned.
[21:54]
Tommy Wren
Right.
[21:55]
Grok
Like, if. If our metric is based on how many cyber exchanges have you hacked, like, how much. How much bitcoin have you stolen?
[22:03]
Tommy Wren
How many crypto exchanges? Yeah, right.
[22:08]
Grok
It's. You know, if we're looking at that sort of metric, then obviously the North Koreans are far and ahead the best. Lazarus is very, very good at what they do. But what they do is one tiny thing.
[22:20]
Tommy Wren
But I mean, the types of attacks they use, like the, the techniques you could use anywhere. Right. It's just that they have this particular interest.
[22:29]
Grok
Right. And it's visible, I think, I think this.
[22:31]
Tommy Wren
Yeah, this is.
[22:33]
Grok
This is what I bring up is I think that the. The same forces that apply to SIGINT and offensive cyber that we were talking about, this immediate positive feedback, is the same thing with hacking a crypto exchange or stealing Bitcoin or whatever. Like, you have the bitcoin or you don't. Yeah, it's very binary. Like, that did work or did not work. There's no. You can't be a little bit stolen Bitcoin. And so the other thing is, it's very publicly visible when it happens. So if you. If you think, like, what they were stealing was intelligence collection that was then being processed and turned into intelligence product, that's what you would see if you were on the inside of a SIGID agency doing cyber stuff. Only instead of bitcoin, it would be emails or spreadsheets or, you know, whatever it is, you know, a call log, something like that.
[23:26]
Tommy Wren
Yep, yep.
[23:26]
Grok
So I think that Lazarus, in a way, is a good proxy to show, like, this is what a SIGINT agency looks like when it's operating, even if it's a very small one.
[23:35]
Tommy Wren
Yeah, well, I think the General Reconnaissance Bureau, I thought last time I read it was five or six thousand people. So like not that small I don't think.
[23:46]
Grok
Right, yeah.
[23:47]
Tommy Wren
Okay, so it's not tiny small compared to nsa.
[23:50]
Grok
Right, that's, that's sort of what I was getting at is it's like maybe it's more average size. It's a normal size for a country to have, you know, 5,000 people on cyber, as opposed to 30 or 36 or 40 or 50 or whatever it is.
[24:03]
Tommy Wren
Right. I also think it's interesting they don't have that long, decades long history. Maybe it is decades long now, but it's not 50 years long.
[24:10]
Grok
And when they started out, they were awful. Right. They were an embarrassment. Everyone was making jokes about them, you know, using like reusing PHP scripts from other people, doing these very, very basic embarrassing lame hacks. And 15 years later, who's laughing now? Yeah, it's, it's very much a glow up. And, and what that speaks to is that there's, there's a lot of this mythology about like, oh, there's like we can't get the people or like there's, there's not enough bugs. Like there's just this perception of scarcity around cyber. It's like, look, if a country without Internet access can be a top tier player in less than 20 years, literally anyone can do it. There's no scarcity. There's a lack of political will and that's it. That's my thesis and I'm sticking to it.
[25:04]
Tommy Wren
So in fact what you're saying is that the reason NSA is better than anyone else is because the US just cares more.
[25:11]
Grok
Yeah, like they're more caring. They wanted it more. That's it.
[25:20]
Tommy Wren
I mean, I think that like, just militarily you've got quite a lot of countries who agree that the US is the most powerful. And like, which is why they've got.
[25:30]
Grok
Such a great record of victory over the last 80 years. I mean, look at what they did to Granada.
[25:35]
Tommy Wren
That was a, I guess I was getting at that. There's a lot of public figures, metrics that are publicly available that reinforce that. Right, right. And there's less in the cyber domain. But you do have, I guess, countries like Australia, uk, us, Canada, who would go, okay, yes, the US is better than we are. They wouldn't not say we're better than the nsa. Yeah, but I, I think that would be ludicrous.
[26:04]
Grok
Right, But I think at the same time you wouldn't find them saying because we are less competent at what we do. Right. That's not what they're saying it's just because we have fewer people. It's, you know, like pound for pound where they're equal, but they're an 800 pound gorilla.
[26:20]
Tommy Wren
That's right.
[26:25]
Grok
Thanks a lot, Tom.
[26:27]
Tommy Wren
Thanks, Scott.