A (3:39)

Thank you, that's. I really appreciate you highlighting some of that. I think people think that it's still kind of the old way where it's, you know, again, brute force breaches, that sort of thing, which can still happen. But you're absolutely right, it's more of a login. You know, most attacks today just look like regular activity on your network. It's how we trust people. Companies as you mentioned, but they're getting in because of that persistence. And again, we need to move to that zero trust thinking, right, Zero trust architecture, those sorts of things, so that we are always on alert. So I appreciate that, really do. Robbie, you're a strong advocate and practitioner of zero trust architecture, which I just mentioned. What does zero trust done right look like in real enterprise and where do organizations most often get it wrong?

B (4:28)

Oh yeah. Oh yeah. So Zeno trust done right is very uncomfortable, to be honest with you, because it forces organizations to admit that their beliefs are no longer upholded. They're really outdated. It means that really no access is permanent, no identity is simply trusted. And also no network path is considered safe at all, even though it's internal. So every access request, whether it's human request, machine request, API or any workload, it should be evaluated continuously. That could be based on their identity or their behavior or their device health and context. Not just once, not just at the login, but it should be at all the time. So organizations are going mostly wrong in treating zero trust. They treat it as a product, but it's not a product, it's an architecture. So they should not think like they're buying a tool and they're just putting a label on it. They just follow the same old principles like having a flat network, having over privileged roles, or there is no visibility into lateral movement or east west traffic at all. That's not zero trust at all, that's just branding. I would feel so real. Zero trust is a architectural change. It should redesign your access path. It should minimize the blast radius. It should assume the compromises will happen. I feel there is a key point to it. Zero trust isn't about preventing every breach, that's unrealistic. It's about making breaches boring and they should be contained and it should be non catastrophic. So if an attacker gets in and eventually someone Will for sure the damage should be measured in minutes and scoped out. And that's what I feel the zero trust should look like. That's what a real zero trust should be done in such a way that it should be scoped in within minutes or seconds.

A (6:35)

Thank you, really appreciate that. And time is of the essence. You mentioned that minutes, seconds even to minimize that damage. But zero trust architecture is certainly uncomfortable. You talked about that. No longer is an identity, it's not trusted. Right. It's. You got to move into that mindset and people aren't ready for that. But you always have to evaluate this continuously. Security is definitely moving to a different place in time the way we have to move to this zero trust architecture. So I appreciate that. And Robby, you're the inventor on multiple international cybersecurity patents addressing IoT security, dynamic network allocation and real time threat detection. What gaps in existing security tools inspired these innovations?

B (7:22)

Honestly, necessity and frustration. I would say I kept seeing the same failures repeat themselves at scale. That could be different organizations that I work in or I partnered with. I see issues with different industries, different tools, but the pattern was always the same. Many tools that were designed work in silos. For example, network tools don't understand identity and identity systems don't understand behavior. And sometimes IOT and non human devices, they often separately with no visibility. So that fragmentation created a lot of blind spots. And attackers live in blind spots as we know. So I realized that adding more tools wasn't solving the problem. We aren't lacking alerts, we are lacking context. My focus, as I said, shifted to architecture and zero trust. I started designing systems which were accessible based on the adaptability in the real time. I followed the telemetry, I followed the behavior and I understood the risk continuously influence the trust. What I really observed was identity isn't static. You should never think identity stays the same. So we should not give the access and grant them the full access at once. But we need to do is it as a process. The goal was never to block everything. Zero trust is not blocking everything. So over blocking break businesses. Right. So the goal was to earn the trust continuously. So that's what led to my patents. I would say it's not just theoretical invention, it's more of like a practical architecture built to survive real world problems and real challenges. So innovation in security for me isn't about more dashboards or just more alerts. It's assuming fewer stuff and implementing more stuff.

A (9:22)

Thank you. Really appreciate that you talked about you created these innovations and ultimately patents out of the necessity and frustration that you saw across the spectrum here. And that's why you moved into that Zero Trust architecture. And as you mentioned, many of these design tools, they work in silos unfortunately and have created blind spots which obviously created some frustration there. And I'm glad that you did jump in and tackle this and again trying to make the world a better place from your vantage point. So thank you. And Robbie, the last question of the day, looking ahead in the future, how do you see enterprise network security evolving over the next five to 10 years, especially with AI driven threats, cloud, native infrastructure and increasing regulatory pressure?

B (10:10)

Yeah, everything is AI these days, right? So we are moving towards continuous AI assisted trust evaluation. We are seeing AI across users, their workloads, APIs and their devices. So AI will absolutely help us to see the patterns that humans scanned. It will correlate the signals at scale and AI will detect anomalies faster and they will respond more intelligently. But there is a caution to it, right? So AI without architecture just automates the bad decisions faster. We should avoid that. If your access model is broken, AI will reinforce that broken logic at the machine speed. That's why architecture matters more than just the algorithms. So you should understand the architecture in depth. At the same time, regulation is changing the game. So organizations won't be asked if they are secure anymore. They'll be asked to prove resilience. They should be asked to show the containment. That's what they'll do. And they should do the governance. And our architect should show the intent and the design about the trust. So the winners, the winners I would say over the last decade will be the organizations that invest early in identity centric designs and also systems that adapt to resilience and have an adaptive architecture. If you are not following the early trends, you would still do the same patching, you will keep patching the symptoms, you will react instead of being proactive in nature and your cost becomes essential.

A (11:57)

Thank you, really appreciate that. Just to highlight a few things. Obviously AI can be a great game changer, can level the playing field, assist humans with a lot of the mundane and repetitive massive review of data. Right. But as you mentioned, without the frameworks, without the zero trust architecture, AI is really just going to automate those bad decisions faster, as you said, at machine speed. It's important. I did highlight those organizations that adopt identity centric designs early on are going to be more prepared and more apt to succeed in this environment that we live in today. So I appreciate that and all your insights. And Robby, it was such a pleasure having you on today and I look forward to speaking with you real soon.

B (12:40)

Yeah, thank you. I really appreciate the depth of this conversation. I would definitely say that these are the discussions that are needed if security is going towards the right place. As I said, it is not about the tools anymore. We should have these kind of conversations. I enjoyed it very much. Thank you.

A (12:58)

Bye for now.