A

Welcome to to the Point Cybersecurity Podcast. Each week, join Vince Spina and Rachel Lyon to explore the latest in global cybersecurity news, trending topics and cyber industry initiatives impacting businesses, governments and our way of life. Now, let's get to the Point. Hello, everyone. Welcome to this week's episode of to the Point podcast. I'm Rachel Lyon, here with my co host, Vince Fina. Vince, welcome to the podcast. After a little hiatus.

B

Yes, Rachel.

A

Yeah. You ready for some fun?

B

I am. I'm very excited about this. Thanks for. Thanks for letting me be in the chair next to you.

A

Absolutely. All right, so I am so excited. Your first guest is going to be Yasser Ali. He is the founder and CEO of Polymer, which is no code DLP for SaaS applications. But really, Yasser, you are a man that wears many hats and I'd love for you to share a little bit more about your background with our listeners.

C

Sure thing. So, yes, we are a data security platform for the modern business application stack listed on the cloud, SaaS and AI. Basically my background, I'm a developer by training, focusing on data. So training in building mortgage models first, training those models to arbitrage the market actually based on those analysis at hedge funds and various investment banks for a few years. Wow. And started a consulting business after the financial crisis, focusing on data governance, data privacy, intersection of technology and privacy. And just kind of like the security aspect of things at large investment banks. And that kind of got me into this space more directly. And we started this company, me and Usman, in 2020, focusing on data security, geared towards kind of the CISO. ICP.

A

Nice. Wow. So you kind of touched on my very first question. Because we're always so fascinated here on the podcast. It's like the road to cybersecurity for many can be a winding path. I mean, we've had someone who was like medieval studies, PhD is somehow a CISO.

B

Right.

A

You know what I mean? So just kind of fascinating. Like, how did you know young Yasser, when you're starting out? I mean, how did you find your way on this pathway to being a developer and then ultimately to where you are today?

C

You know, I think people have a tendency of like backfilling story of their lives in terms of it's all planned. Reality is a lot of these things just happen. Right place, right time, or wrong place, right time, whatever you want to call it. And I would say that, you know, in the recent kind of with the product launch, which we did in 2020, which led to Polymer kind Of getting started, focus was just understanding data flows. That was a construct which comes from the world of IT development. What information do I have, where is it stored and how is it moving around in my environment? And that was the initial thesis of the product. And we kind of stumbled upon this data loss prevention use case specifically based on what we heard in the market when we first unveiled the product on an MVP basis. And so it was kind of happenstance, kind of by luck, by chance. I never been in security per se specifically, so I'm a newbie, I'm still learning. And yeah, it's been fun.

A

I bet. I love it. What I love about cybersecurity is there's always that opportunity to find that thing that's not being addressed right. And if you have the resources, the knowledge, the wherewithal, you know, you could take a, you know, you could go address that for people and really make a difference in businesses and people's lives. It's just why cybersecurity is so much fun. But as I, as I digress, with cybersecurity being such an interesting dynamic industry, like what trends are you most excited about as you look ahead? Like, what's going to have the greatest impact on the industry as we look to 2025?

C

I mean, I'm biased here obviously, it's data. Data is the frontier that has been unsolved in cybersecurity, partly because it's been a mind the gap, who owns it, who manages it. We went through a trend in the last decade of chief data officers getting hired in large organizations. Like, we're going to make it into a data specific kind of like a department focusing on data. They'll be your data czars. And that kind of failed in many ways because you could come up with the best sort of controls on a spreadsheet. But day one of them going live, they go stale unless someone is absolutely like managing it kind of on a manual basis. And then we've kind of like now in an interesting space where data is back in vogue. And just stepping back in the last 30 years, why data has been unsolved is partly because the old data control product was DLP sitting at your firewall at the email junction, emails was being transacted but monitored. And you might get an alert saying, you cannot send this because this attachment contains, I mean I used to be at various banks of forcepoint where you'd send me an email. Semantic would be like, hey, you can't send this because there's some headers found in this Excel file containing sensitive data. And once things move to the cloud, obviously the endpoints have dramatically expanded. It's no longer just an email, it's no longer just an attachment that's being said. I can send a link, I can write a chat, I can write a ticket, I can upload, download, take a picture, so and so forth. So, and the buyers though, in general, the security officers of folks who have been in cybersecurity for the past 10, 20 years, they bought CASB in the past life, they bought dlp. And it's been one of those for at least for financial services. Check the box, exercise and move on. We're not going to measure the efficacy of it, but that's kind of changing very rapidly with the adoption of AI. Obviously it all comes down to when you look at the NIST AI risks, okay, and LLM risks data is like 50% or 60% of those items basically is where things are being identified to be in. It's very. Just forget all the technical mumbo jumbo here. But when you think about AI models, what data is going in, who has access to it, who has access to the output, what can be put in by the prompt. It's all data related. And right now, the maturity in our market in general, it's still pretty low on the curve. Most organizations do not understand what data they contain and where it is, let alone figuring out who should have access to it and how is it being transacted internally or externally.

B

Yeah, sir, I'll jump in there. First of all, you made me smile when you said mind the gap. I know you're from New York, but kind of threw that British London tube reference in there. And it's kind of funny because here at forcepoint, we have turned our roadmap into the London tube. And at the end of the last stop is a full solution. But along the way there's various components that are being built out and we use that term quite a bit. Mind the gap, couple interdependencies along the way. So I'm gonna steal that one. That was pretty good. You're talking about data and listen, you're speaking our language. That's certainly kind of the way we look at it. It's all about the data that is today's oil, if you will. And what comes out of that. And you spoke about AI and that's probably the biggest thing that's on CISOs and CIOs mind today. And some of it is positive and some of it, quite frankly scares the heck out of them. But what that gets to now is you've got data, you got to know where it is, all that. But how do you govern that and especially how do you govern data in this new AI world, this 20 year old new AI world if you will. But just wanted to get your perspective on what you think the key principles an organization should prioritize when establishing an AI data governance framework.

C

Yeah, I've been advising our customers and just in general for me the best kind of the recipe roadmap or the framework is looking at what master data management has been over the years like. Master data management is a process that's been around for 15, 20 years. IBM and a lot of old organizations still do it. It's a big part of a lot of heavily governed organizations like healthcare, financial services, government. Having those controls, at least on paper has always been around. And let's just dive into what is the master data management program, what does that look like? So I'm an organization, I want to have some sense of access to information and how do I build it up. So first thing I'm going to do is I'm going to scan my database environment, look for the column names, maybe do some random sampling of the values themselves and see what do these columns contain and organizations that have been around for 20, 30, 40 or more. What you notice is there's no standardization. There's been so many different iterations of teams that have worked on data assets or data infrastructure over time. Just getting a sense of where things are, what is inside different kind of your blob stores, your databases, your file storage. That alone is a challenge which hard to grapple around. So what we did when we starting to prioritize from a master data management perspective was okay, what is the biggest bang for the buck, the 80, 20 rule databases, transaction databases. And what helped me also do is if I'm able to get the sense of what my transaction which is affecting my front office on a day to day basis right now, not the legacy of what's happened in 10 years. That can also help me build a data analytics layer, you know, a data warehouse. That was one of the reasons why master data management was around. I want to think about what do I store in this data lake. I'm going to abstract out raw database environments, raw infrastructure environments, put it all in, no matter. It's a mainframe, It's a database, DB2, Sybase, Oracle, whatever, throw all the data in one common format, text files or whatever it is in a lake. It could be S3, it could be anything really. And Hadoop clusters, so and so forth. And from there on I'm going to create a set of ETLs that's going to run end of day, throughout the day and be able to create some warehouses which are much faster transactions to come in. Obviously with Snowflake coming in, some of these things kind of started evolving where leave the data where it is, we're going to put in the warehouse right where it is on top of it. And we'll also by the way, classify the information for you all in one shot. Just start using us as a managed service, as a database. And Snowflake did pretty well doing just that. So when you kind of like learn those kind of like things in master data management, many organizations the first step they were doing and they never got to the data warehouse end state, they're still in this journey of understanding what is where. And usually you would then use a governance tool like a big id, maybe a security AI. You might use a data classification product like an elation or other kind of products out there, databases themselves have classification tools, discovery tools out there, sniffers and so and so forth. And you basically then put this in this glorified spreadsheet at this column. This is considered to be sensitive or not, yes or no. I have some sense of the values, maybe not and these people should have access to it or there should be this change management process around this set of data assets. And what failed in those kind of master data management from an operational long term perspective was I put the spreadsheet out, I stored the spreadsheet in a, let's say an application or whatever Excel sheet. And day two, as the new databases got formed, new data started coming in, this information set got stale and operationally it was very hard to keep up with the realities of the business which kept evolving all the time and dropping tables and creating new environments. Moving to the cloud, which is still ongoing for a lot of that is basically was one of the reasons why it kept getting stale. So when you think about data kind of moving around in a large organization, then AI is no different from a master data management kind of problems or a set of issues that we ran into why master data management failed. And AI is the same way you're looking at what assets do I have, what should I be putting in my LLM model? I need to understand that. And number one, and a lot of organizations, what they're doing is. And I can go into deep end with this very quickly, but let me just like not do that just yet, but. And then the other aspect of this is who's asking for information, who's putting more information in at the problem, and if it's a third party service like OpenAI, ChatGPT, Copilot, whatever, then there's obvious filtration events and stuff. Assuming it's all you trust the service even then there's a risk of stuff coming out, hallucinations and all sorts. So there's one aspect of it which is the data that goes in the input and the other one is the output which is very dependent on who's asking the question. So when you think about your iam, you think about your ed, your role, your roles in organization, your groups within an organization that we feel is the, one of the highways to be able to kind of solve this problem a little bit scalably and sustainably. Yeah.

B

Yes, sir. So a couple things, what I got out of that was first of all, you referenced databases all the way back to the 90s, so you've been there. When you brought up Sybase, I go, oh my gosh, I remember that. And then you brought it absolutely. And then, you know, all the way to Snowflake and AI. Listen, here's kind of what I heard when I'm thinking of the principles and you were kind of taking us through where this thing started, where it's at. I'm hearing principles like transparency, accountability, fairness. Quite frankly, what we really didn't talk about there, which if you got any opinions on, you hear a lot around AI systems and the ethical considerations and the biases that can be implemented if, if done incorrectly. Any thoughts on that?

C

I look at the AI journey as a Maslow's law of hierarchy. The stuff you're bringing on is much higher on the pyramid. Folks are still at the bottom of like how the hell do I even make AI usable for me?

A

Right, right.

C

Just a simple, let me connect my ticket system and have my customers get to answers faster than having help desk person in the middle.

A

So.

C

So on that front I would say yes, hallucination biases, but we just are not focused on that because I think that's a good quality problem to have once the system is ready. We're still in this early phase of like what is the system? And I'm seeing CISO struggle with we're gonna basically look at it from the perspective of classify the information and start tagging the information. And when the AI model gets built internally, we'll at least have a starting point. I feel that that is good, but that provide that from a security perspective, from a technology perspective, because I'VE built these models in the past. When you start hiding stuff that goes in the model based on columns or values or sensitivity, you start creating holes in the model which can reduce the actual output or the efficacy of the model itself downstream for the users. So it's a very risky path of trying to limit information. You might just have a checkbox exercise. Yeah, we got the AI tool ready Chatbot, but it's not going to have much value. What we are trying to conceptualize in the market and have kind of working towards this. Can we do this at runtime, throw everything in the model, but at runtime have the guardrails to allow certain information to be accessed by an individual. Depending on where this individual comes from, certain teams in the organization should have more access to information versus others. And all that could be done at runtime at the prompt level, rather than having to kind of worry about this whole journey, which could take you 10 years to get there. Still not get there.

B

Interesting. Rachel, jump in.

A

Well, you know, I'm always kind of. I think you're right. I mean, so many are at the beginning of this journey and just trying to wrap their arms around what can we even do with this?

B

It's.

A

It's almost this monolithic being. And how do you tame the beast? And I don't think we can have a podcast without talking about zero trust and how strong data governance can support the principles of zero trust. And what challenges do organizations face in aligning that? Right. And you talk about permissions and other things. Can you expand a little bit on that?

C

Yes. So the, the framework, when organizations think about. When you get onboarded as an employee, you assigned a group, you assigned access to certain databases, certain folders, certain kind of applications, certain kind of like your email groups and so on and so forth. That's a classic. I'm a new employee, I belong in this group. And that's kind of where my access is. We have not evolved as an industry or just in general in terms of looking at, not from the channel perspective, where the data is coming from or what information I should have access to. It's more still on a fixed asset basis, like what access do I have? We feel that the time has come now where access should be. IAM should be driven by what the business context is in the information, wherever that's coming from. And that's for data security to work. That is table stakes going forward because cloud has introduced so many different ways of data coming into me that IAM roles, which static roles for access to information, access to Areas of information there are not as resilient, they are not as scalable and they frankly do not work. Why do you have so many breaches with so much access going in, with one person coming in, hijacking someone's wrong MFA or using that Persona to access your slack, get the credentials from there and log into your database? Why is that happening? Because of we're not being cognizant of the information that is being accessed at a user level, no matter where it's found. So I think there is a, from a zero trust perspective, we need to kind of start going beyond just looking at these fixed assets, but looking at the information that's flowing in and making some determination. Is this person having access to this information in this timeframe, in this bandwidth, in this scale, is that real or not? Or should we have some restriction on that?

A

That's a really good point and I love the lead in too because my other favorite topic is insider risk. And it seems like AI is kind of the boogeyman, right, on how do you get in and out. And so I'd be kind of interested in your perspective. You know, how are insiders, right, using AI to orchestrate attacks from within and how can organizations kind of anticipate where these attacks are going to originate and how do you mitigate them?

C

That's a pretty loaded question. I mean I probably don't have like a very good answer for it, but it's an evolving area. We're on one side of the equation. Yes, you know, writing code has become much easier. I do a lot of like just like playing around with like ask it to write a script on Python to do xyz so it becomes so much easier to write actually injections whenever you're sitting with the browser. So it's. That superpower obviously can be misused, but in general I think inside a threat, just as a macro way, you have to not trust identity or identity is not fixed. So we need to be somewhat more cognizant and look for anomalies of usage and how a person is behaving on a given day within the environment. And the day has come, the time has come, especially with AI, where that is going to become more and more relevant.

A

Yeah, agreed. It's, it's funny that you just this quick sidebar on kind of manipulating the system. We did have a developer here just for funsies on a weekend. He wanted to see if he could get ChatGPT to help him write a zero day, you know, malware. And it did, you know, you just Kind of change up your prompts. And so there's so. And it's human nature you want to do that. You can't help it. You just can't help it. But I mean, it's. How do you put the brakes on that? Because you do want to test the system and what are the limits of the system and what we could actually do with it for positive things. But also then how do you, on the flip side, better mitigate that from happening in the wrong way? And I don't know if there's a clear answer on that just yet.

C

And when you look at the CBEs and vulnerabilities that do get published on a daily basis, their AI, obviously I'm seeing this already being used in terms of processing large amounts of unprocessed data to see, okay, what am I at risk for, based on my environment, based on the CVEs that got published yesterday or something. So there's definitely a lot of good that's coming in from processing semi structured, unstructured data sets. In general, though, in my experience, at least with ChatGPT, the structured data set analysis is still lacking. That is an area where we still have to write the Python script to do the work. ChatGPT cannot just merge columns and transpose properly.

A

Vince, this is a really great setup for you on the next question. Right, so what do we need? We need visibility and control. Right, and what's a good way to do that today? Dspm?

B

Well, I mean, listen, we're a little biased. Oh, by the way, Yasser, this is my first podcast and I was told I can't. I got to take my current company's hat off and try to be unbiased, but somewhat hard to do. But we think, you know, it's about discovering, classifying, monitoring, you know, all those kind of things. And to us it's. And I loved earlier in the podcast you said, hey, you know, data is back in vogue, because data is in vogue. Data protection is also in vogue. And we do believe, you know, the componentry is to have a really strong data security posture model along with a really strong data protection solution, and couple those together to have the whole Data Protection 365VUE solution for our customers. But as our esteemed guests here, what's your thoughts in the world of dspm? First of all, for our audience, not to put you on the spot, but if you had to define dspm, what does that mean to you? And then what does it entail? And what's the good and the hard about it? I guess that's a lot. It's a lot.

C

It's a big question.

B

Take your time.

C

I think if you ask in a room full of 10 people what DSPM means industry experts, you'll get at least five different answers.

B

100%.

C

What you're seeing about in terms of the basic pieces of data protectionistic solution, I 100% agree. So when we kind of thinking about data security which is sustainable, we use the word sustainability a lot because data security by itself is a noisy problem. Even if you get to 95, 99, 98, whatever percentage of accuracy, whatever that means, that's also a moving target in terms of what does accuracy mean or false positive mean. Observability is number one obviously like being somewhat accurate in terms of observability of both data at rest and data at motion. That's step one. Without that you can't govern protect what you don't know. And number two is essentially around protection as you said Vince, like data loss prevention aspect like that is like can we create guardrails optionally for teams to be able to do stuff in line for the business without creating too much friction in the business workflows? How can DLP be somewhat more ingrained in your business workflows? That's how we have to think about that a lot because we're sticking in the business application or the SaaS application stack. So for us being able to isolate incidences within slack and manage them there where it's fully kind of, you don't have to come out of slack to do something with it. So that's like one example of that for you. So that's number two. And the third piece of this tool is human risk management. Obviously 80% I would say there's a couple of stats which we and I'm sure you guys will somewhat agree, 80% of the violations, 80, 85% of the valuations in a large set of environment from a data security side we see is just like sloppy behavior.

B

Folks are like just mistakes. Yeah, mistakes by good people.

C

Exactly. So just in terms of like workflows mechanisms to remind the users, hey, it could be better way the I hate to use the word but big brother watching does help. We've seen repeated incidences. If you do a nudge within 30 minutes or 15 minutes of an event happening to the user, go down by repeat offenses, go down by that user by 40, 50% within days for similar kinds of incidences at least so it does have an effect. And the other stat is 8% of your employee base will be responsible for like 90% of your violation traffic, just by nature of their job, the project manager or controller, whatever it might be. So it's a long tail, but then the 10% is the real risk you still need to watch out for. And so that obviously understanding kind of what your normal flow business is, once that's kind of understood, looking for anomalies in terms of what kind of breaks the model there, you don't want to nudge the user. You want to basically just tell the cso, hey, there could be something going wrong here. So we feel that those three components kind of provide a full maturity cycle depending on wherever you are, on the maturity of your data governance in your organization. You can maybe start with observability first. As you get more mature, maybe you turn on the nudges or humanness management piece second. And then thirdly, DLP controls can be put in place selectively and then over time could be more autonomous. And that has helped CISOs and security teams in general get around that whole thing. I'm going to install the system that's going to break the business flow. I'm going to get screened at, I'm going to switch it off again and then this will be a tool that just sits collecting dust and checking a box. By providing value and helping organizations mature step by step, that I feel is very important because operationally security teams could have the best intentions as an organization. Are you mature enough to even handle these kind of controls?

A

Right. That's a great question. Because right now would you say DSPM is the new and shiny thing? Kid on the block and what's next? As we further wrap our arms around this AI monster, Is it tamable?

C

Yeah. My personal perspective on dspm, just to answer that question more directly, is it's a Gartner category, which is developed for DLP products in general with some shiny things on top of it. But people are taking different approaches. So it's a wild west and no two DSPM tools will look alike. So it's good, interesting for the buyers. They can explore and learn and see what fits them exactly.

B

I was gonna ask you, Yasser. So you get to talk to a lot of senior people. I have the privilege of doing the same. I wanted to get a sense of. You threw some numbers out there. When you talk to CISOs or CIOs and they're honest, what percentage do you feel they come back and feel like they really have a handle on what data they have? What, what work stores. It's in data stores and which ones are just, you know, scared to death? Because I'll tell you, DSPM is a very hot topic in our world. Mostly because they're really trying to get their arms around, where is my data? What is that data? Start to classify that data and then be able to take action based on, you know, those. That classification and the users trying to utilize that data. But in your world, what do you see? Like, what percentage of your customers? Like, yeah, we got a pretty good handle on our data.

C

I would say, like less than 10%.

B

Okay, good. That's the same. Yeah.

C

Very, very little. But to your point of three years ago, three, four years ago, when we started the company, folks were like, it's all encrypted traffic. Get the hell out of here. The problem statement now has become in the last 20 months or so, I would say post Uber Reach, that happened at Grand Theft Auto, that happened through Slack, was one of the channels, which was in November 2021 or something, or 2022. That's kind of where we saw a big shift. Okay. Understanding where information is. And guess what? SaaS is everywhere in my organization now. Cloud is everywhere.

A

Yeah.

C

I need to get a handle on it. And it's more around, like, is it number two, number three priority item for me or like, I need to buy something now, right away? So it's. I think we're seeing a big, swell change in the market as we see in the M and A space. Also, a lot of DSPM companies got taken out in the last few months. That is a marker on how hot the space is becoming.

B

Yeah. I just was gonna add, you kind of told us a little bit about your journey and how you got here. And I know you've been in the business a while, and like you said, you're still learning. We're all learning. Like this thing, you know, every time we get the answers to the test, they change the questions on us. Right. This thing is moving. I come from a network background, and now in the cyber world, and in my days, it was all about just building a moat. It was all about perimeter security. And you're. And you know, your network, you knew your network. Today, networks are borderless. It's everywhere and anywhere. And, you know, some of the things that you're talking about, man, the challenges have gone through the roof. So it takes, you know, some of these technologies, like dspm, like dlp, because you're not going to control that data. What you can do is find it, classify. I guess you can control it, but you got to get your arms around it because there are no more walls to organizations today.

C

Right? Yeah. And one thing I kind of like talk about is this idea of it used to be, at least I think it's changing now rapidly from a buyer's perspective, from cybersecurity specifically, it's not a 01 problem. I'm protected. I'm not protected. There is a whole spectrum from between 0 and 1. And it's about reducing your risk profile overall. When you think about a trading book, it's about hedging your book. I'm going to buy some puts to hedge my long position on S and P, for example. And when you think about DSPM in general, or data security kind of more broadly, it's what you're doing by observability, by putting these controls in, by maybe restricting access to certain pieces of information, you are reducing your overall risk profile. If something does happen, the severity of that incident is going to get reduced. And I think that is something which I still feel is lacking in the market, but that's not being talked quantitatively. Hey, if my Slack environment is controlled or my Azure cloud and who has access to it, what information, some basic controls, there could be a game changer in terms of what your liability could be if something does happen. So folks need to think about it. Not as like, okay, I'm protected or not. This is like data ultimately is what the output is of any hack, any breach, and what you're getting on the hook for. So I just don't understand why. I mean, any amount of money you spend on it is like not enough, to be honest, from a cybersecurity side.

B

Yeah, you're hitting on something there. Where did I want to go? Oh, when you're talking about, you know, it's not about ones and zeros. It's not on, off, it's not black, white, it's gray. And you know, we do a lot of assessments for our customers who really want to understand kind of where their data is and what it looks like. What we find, probably the number one surprise for most of our customers is over privileged users, users who have too much access to data that they probably shouldn't have. Like, are you saying that in the market as well? Because, you know, that talks to. When you're talking about assessing risk, it isn't there's no risk, there's full risk, it's somewhere in the middle. We're finding, you know, most of the times it's just, you know, people that can get to, you know, content and data that they probably in Their role shouldn't have access to seeing the same thing 100%.

C

I think organizations kind of move to the cloud. They started adopting SaaS and now we are kind of going to the maturity cycle of like, okay, let's start creating some guardrails. Historically it was difficult. And when you look at like governance models like CMMC 2.0, like even the new version, whatever that is now some of the other kind of frameworks out there, glbn, all that there are very specific guidelines around access to information. So you need to kind of come down to the atomic level of understanding the data. So to your point, 100%. And it's become, it's, it's, it's no longer. When you. I'm sure I'll put the question back to you. Like when you replay back the results of your assessment, it's becoming less and less surprising for folks like, oh, I didn't know this was there. Yeah, okay, fine. Because you need to do something like I think people are kind of understanding that they have that already. Like used to be a surprise to a lot of folks post assessment. I don't know what you said.

B

Yeah, no, you know, we're finding inside of, you know, security organizations, we're actually giving them the opportunity to be the champion into their business leaders by, you know, by some of these technologies that we're talking about today, dspm, et cetera, and really understanding kind of where your data is, how it's classified, who can get to it, putting that in a beautiful report forum so that that security person who used to be the Department of no, or perceived as the Department of no, is now being looked at as an enabler and more and often getting a chair at the big table because they're enabler to the business. And at the end of the day it's all about the business. Right.

C

And that person should be like, get a much more elevated position if you're understanding the data because that could supercharge your AI journey. That is like, even if you look at it from not like a cost center from a revenue generation or innovation perspective, understanding your data not only can help you protect it, but also help you go faster on your AI journey.

B

Absolutely. Rach. I want to be, I'm looking at time and I want to turn over to my esteemed partner here.

A

I know we are coming up on time so I do have like a final fun question maybe, hopefully. Yasser. We always like to ask folks kind of in the grand scheme of cyber security, what still keeps you up at night, if anything I mean, are we just exhausted that nothing keeps you up at night anymore, or is there anything that's still out there that you're like, man, we really got to get a handle on that.

C

I mean, it's like every year, every month is the scale, the intensity, the frequency of events, breaches. It's scary, to be honest. So obviously you're constantly looking behind your shoulder like, have I done all the controls necessary? And my clients have done all the controls necessary, that at least we're not responsible for it. So I think that is obviously any product company, any product CEO, probably stays up at night because of that, because you still have that iota percentage risk at anyone who's online at this point. So it's definitely scary. But what's interesting, obviously, is that AI is bringing in more thinking around, like, security being an enabler, which we were just discussing. So it's very exciting times, I think, for security professionals in general, where AI can be enabler for their jobs and their jobs can be enabler for the AI journey of the organization itself. So it's pretty exciting times, actually. We see a world merging between CIO, CTOs and CISOs to a certain degree. There's some overlap coming. Less and less of that gap we discussed earlier.

A

Yeah, no, it is exciting. It's almost, what is it, like, phase four, the Industrial Revolution or something like that, where you have these kind of magnificent earthquake moments, and we're just at the beginning of that journey. So I think if we were to connect in a year, revisit the podcast, I think it was going to be a very different landscape and a very different conversation, and in some ways, so. Yasser Ali, you know, founder and CEO of Polymer. Thank you. Thank you. Thank you for joining us today on the podcast. It's been a really insightful conversation.

C

Thanks for having me today. So, Vince, this is amazing.

B

Yeah, awesome.

A

Awesome. And to all of our listeners out there, what do we do? Vince, you gotta smash the subscription button.

B

Smash, smash, smash.

A

And you get a fresh episode directly in your inbox every single Tuesday. So until next time, everybody be safe. Thanks for joining us on the to the Point Cybersecurity podcast, brought to you by forcepoint. For more information and show notes from today's episode, please visit www.ForcePoint.com podcast. And don't forget to subscribe and leave a review on Apple Podcasts or Google Podcasts.

C

Sam.