A

Foreign.

B

Welcome to Coruscant Technologies, home of the Digital Executive podcast. Welcome to the Digital Executive. Today's guest is Valentina Flores. Valentina Flores is a recognized leader in modern cybersecurity and inclusive tech leadership. She is the CEO and co founder of Red Century, a proactive cybersecurity company that breaks into your network so hackers never get the chance. Before working to help protect companies, she served as a detective on joint federal task forces tracking cybercriminals across digital back alleys. Now a public speaker on hacker psychology, a two time award winning cybersecurity leader, and a fierce advocate for women in tech, Valentina is redefining what leadership looks like in the industry, championing smarter and more accessible security for all. Well, good afternoon, Valentina. Welcome to the show.

A

Thanks for having me, Brian.

B

Absolutely, my friend. I appreciate it. And you're hailing out of that Fort Lauderdale area, beautiful area, our corporate headquarters. One of the companies I worked at was out there and it's always great to visit. So I appreciate you making the time getting on a podcast with me. So, Valentina, if you don't mind, I'm going to jump into your first question. Your journey from tracking cybercriminals on federal task forces to founding Red Century is remarkable. What lessons from law enforcement have most influenced how you lead a cybersecurity company today?

A

You know, there's so much more overlap than I even realized and it took me years to draw some of the parallels. The first being in law enforcement, there's obviously life threatening need to anticipate threats, act quickly, and that's basically what I'm doing in cybersecurity. Just less fear of getting shot at from the computer. But with AI, you know, you never know, maybe one day there's this other aspect of trying to protect people from attacks. And that's what I was doing in law enforcement and it's what I'm doing now. And I think a big part of why I was successful as an investigator was because I could so easily get into the mind of a criminal and figure out what those next steps are. And on the proactive side of cybersecurity, pen testing, that's basically what we're doing every day, is we're getting into the criminal mindset, figuring out how they will attack this company and then showing that company where the vulnerabilities are. And then I think there's this last element of anyone that's worked in the public sector really understands doing what you can with no resources, no budget, just getting the job Done. And so I think, you know, as an entrepreneur, when I came into the startup world, that chaos that everyone talks about is really where I thrived. And it also helps me talk to companies because I hate when someone's talking to an SMB and they suggest this $500,000 security revamped. That's just not realistic. So, you know, I love meeting companies where they are figuring out their resources, figuring out what's that next baby step they can do, and just making it realistic for people.

B

Thank you. I appreciate that. Like some of the analogies there, there were some overlapping similarities within law enforcement and cybersecurity, protecting people and property. Right. I like how you try to get inside of the criminal mind to figure out their next move, their next strategy. I think that's really great and love the cybersecurity space. I work in that space as well. What I really liked out of the whole conversation we just had is part of your success as an entrepreneur is you really thrive in that chaotic environment. You can actually navigate through that and be successful. So I appreciate the insights on that. Valentina. Red Century's model is we break into your network so hackers never get the chance. Can you explain how your proactive approach differs from traditional cybersecurity solutions and why it's especially effective?

A

Yeah, I mean, traditional cybersecurity is focused on checkboxes, annual tests, compliance reports, static scans, and again, that's realistic. A lot of companies start cybersecurity because someone told them they had to, which is fine. But the problem is attackers don't look at soft two controls to figure out where they're going to attack you next. And the good and the bad thing about security frameworks is they really leave it up to the experts to determine how the test is done. So the traditional model of just kind of doing these superficial scans or giving a report with 200 findings that are never going to be actually checked, it's just outdated. So what we do is, yes, we're checking boxes, we're doing, we do a lot of compliance pen testing. But while we're doing that, our model is a lot more real world based. So we simulate real world attacks in real time with human testers who think creatively like hackers do. Our testers live on the dark web. They're monitoring all the forums that hackers use, they're researching their tools. And the result is that you're not just getting a report, you're getting this living collaboration that actually helps your team fix findings. So, yes, we're checking a box but at the same time, we're doing a lot more than that. And we're actually improving your security posture, which seems like it should be obvious, but unfortunately it's not really the standard.

B

Yeah, and we see a lot of that. There's a big push to spend some dollars on cybersecurity. And so there's, I've seen just in the last five years, the space is kind of crowded and everybody's doing it. And you're right, I've been through those exercises where it's checking the box. Okay, you feel better, but I like how you're diving a little bit deeper. Your team's real smart and they are simulating real world scenarios. They're engaged in the dark web to see what's going on, what's in the minds, what are people talking about in those forums, et cetera. So I really appreciate the share and if I can.

A

Brian, you know, I think there's this misconception that you're either checking the box or you're doing this like thorough security. And I think that's completely false. You know, I think compliance and checking the box gets a bad rep. Like, I think the boxes are important. I think the reason these frameworks were developed is because people weren't taking security seriously enough. So I think checking the box is important because it gives you that base level. It's just that while we're checking the box, we can also do more. So I think you can have your cake and eat it too.

B

There's absolutely. Yeah. I would certainly agree with you that you still, there's still a certain process you need to follow. But I like how you take it a step further. Valentina, as a public speaker on hacker psychology, what insights can you share about how attackers think and how companies can use that knowledge to better defend themselves?

A

Yeah, I mean, we still have this mindset that hackers are all guys in hoodies, wearing hoodies in basements. And while sometimes that's true, I think it causes companies to underestimate their skill set a lot. And, and some of these hacking organizations operate like real enterprises. There's some that have HR teams. You know, it's this complex thing where they're looking for automation and scalability. The same things that companies are doing, hackers are doing as well. So I think that's really important for companies to not underestimate them. And I think that guy in the hoodie in the basement tends to do that sometimes. And especially with that scalability. You know, a lot of hackers nowadays are not just spending Years trying to get into the one big huge company, they're realizing that, okay, well, instead of spending years on this one company, I can do a simple attack that breaks into 3,000 law firms all at once because they're all using the same vendors, they all have the same vulnerability. So it's that scalability. You know, they're basically breaking into the SMB market the same way businesses do. So with that, you know, it's really important for companies to understand those motivations and figure out how to build defenses that remove those easy wins for attackers. Hackers are very opportunistic. They're going to find the easiest way in and then they're just going to keep going deeper. They're not looking for the most complicated entry point. They're looking for the easy way in. So removing those easy wins and disrupting that momentum early is really important.

B

Thank you. And I think that's key for people to understand. You know, our listeners, they are looking for that opportunity to get in. You know, I've seen things over the years where, where people plugged into the printer port and they were able to do some things. So you definitely have to be on the lookout. And there is a misconception. I liked how you highlighted companies think, oh, it's just a, a teenager or a hacker in a hoodie in a basement somewhere. But we do know there are advanced complex organizations, teams of people that are well funded, that are looking to take down large financial institutions.

A

So I, well, and that teenager that isn't a hoodie in a basement can disrupt an entire government. You know, so it's, it's both sides. There are these complex organizations and then even that stereotype being true is still way more powerful than we give it credit for sometimes.

B

Absolutely. They're both a threat. Definitely. Agree. Valentina, last question of the day. With threats evolving faster than ever, where do you see the biggest opportunities and vulnerabilities emerging in the next three to five years?

A

I mean, obviously the big one everyone's talking about is AI and it's a double edged sword in cybersecurity. It's making the hackers better and faster and smarter and more convincing. The biggest example is social engineering and phishing. You know, those emails are getting more realistic than ever, but it's also giving defenders and people on the defensive side incredible tools for detecting and automating that response. So as far as AI goes, you know, it's on both sides. I think it's like any other technology, it's advancing, which means both sides, you know, have to evolve to it. But there are some cybersecurity companies now that are taking humans completely out of it and moving to automated scans only. And while I think that could be a reality in the future, I think it's really underestimating that hacker skill and expertise. I think the biggest opportunity is integrating human creativity and then AI precision. So that's kind of where we like to focus, is how to make pen testing faster, more continuous, more accessible to clients, but still keeping that human creativity. The complex vulnerability chaining that human element is really important to us. And that expertise and creativity of our testing team is why our reports are so actionable. So, you know, the biggest vulnerability is going to continue to be the human element. Social engineering isn't going away. So for companies, I think the ones that are going to win and the ones that are going to be truly secure are the companies that combine not only technology, which is where a lot of people put all their focus, but combining that technology with process and with security culture to make security second nature throughout the company. Security should not just be a tech issue. It shouldn't just be something that the CTO is dealing with or the ciso. Security should be ingrained in every single level of an organization. And I think that's really what's missing, and I'm hoping that's where we're evolving over the next three to five years, is making it ubiquitous throughout the company and making it second nature.

B

Absolutely. It's a team effort, and we certainly do that. Obviously, you've got all types of tools and training and security awareness training for your end users to make your team stronger. I like how you highlight. Highlighted AI is making everything better, including the bad guys. Obviously, there's ways that both sides are making strides to either protect or attack in their particular environments. The one thing I did highlight is some companies, and I hadn't seen this, but you said some companies are looking to use AI solely for scanning and monitoring, and I agree with you. We need to keep humans in the loop. I think the strongest teams will leverage both humans and machines together. I don't think we're quite at Skynet yet or the Matrix, but that may be coming down the road. So I appreciate that. And Valentina, it was such a pleasure having you on today, and I look forward to speaking with you real soon.

A

Thank you so much, Brian.

B

Bye for now.