April 21, 2025 • 37 mins
In this episode, Richard Stiennon makes some bold predictions about the future of AI in Cybersecurity. Artificial intelligence is transforming cybersecurity at an unprecedented pace, with large language models increasing in intelligence tenfold every 12 months and reaching a potential critical mass by 2027.
• SOC automation represents the most immediate and profound application of AI in cybersecurity
• Approximately 15 startups are developing AI solutions to replace tier-one SOC analysts
• AI will eventually enable 100% automated triage of security alerts
• The shift from tactical to strategic skills will be critical for cybersecurity professionals
• As defensive AI improves, cybercrime may dramatically decrease, forcing attackers to use more expensive human-based methods
• Major industry consolidation will likely occur as AI solutions demonstrate overwhelming effectiveness
• Nation-states will remain the primary threat actors as they can afford to develop counter-AI attack capabilities
Richard's LinkedIn
Check out Josh's new book "The Close Line" available as an e-book on Amazon now, with paperback and hardcover versions coming soon. Check out IT-Harvest for a free demo.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
All right, let's get started, richard Steenan.
Welcome back to Cybernomics andthank you for listening to this
episode of Cybernomics.
Every week, richard and I gothrough the security market.
You can call it a market watch,if you like.
You can even call it securitymarket watch, which is a
throwback to what this show wascalled before Cybernomics.
(00:21):
So I guess now it's a segment.
So, richard, welcome.
I'm so excited to talk to youtoday about AI and you're going
to make some predictions.
Prognosticator ofprognosticators.
How's life?
Speaker 2 (00:34):
I'm doing awesome.
I am at a stage of myunderstanding and people always
think I come out of left fieldwith some bizarre prediction
about the direction of the world, especially in cybersecurity,
and it's not true.
It takes me years, but when ithappens, it happens and it's
pretty overwhelming.
So that's what I hope we get totalk about today.
(00:58):
And I want to you know stagesetting.
Take you back to 1992 when I wasreading an article in something
called Midnight Engineer andthe editor of that magazine was
interviewing somebody who had aside project that was the
midnight engineering part and heasked what's the most critical
(01:23):
thing that helped your business?
And the guy answered theinternet.
And I remember scratching myhead going huh, what's that?
And within six months I hadbecome an internet convert and
had started Rustat and ISP andthat was my full-time job.
I dropped all the automotiveengineering I was doing and just
(01:43):
went full in.
This was going to change theworld and I knew it.
And it was clear as anythingthat this was the biggest thing
of my life technologically.
So that is what I've had thefeeling of ever since ChatGPT
came out.
I've written that.
If you're a reader of mySubstack, I'll say how important
(02:06):
this is, and everybody shouldpay attention to it, etc.
It's only been with us sincewhat?
November 30th of 2022.
So it's still not three yearsold that we've had large
language models that do whatthey do, and they have been
increasing, and I've known thisbecause I've written about this
(02:28):
as well.
They increase in intelligence10x every 12 months, which is
pretty phenomenal.
That alone is enough for you togo huh.
I should pay attention to this.
If there's something that Iwant to do with AI but it's not
ready, well, try it again in 12months, because it'll be 10
times more intelligent.
Speaker 1 (02:47):
So try it again in three weeks three weeks in some
cases.
Speaker 2 (02:50):
Yeah, yeah, cause it could be that jump of 10, 10 X
that happened in that threeweeks.
So keep your eye on it.
Well, um, I finally becameaware of something that was
published way back April 8th, so10 days before we recorded this
, and it comes out of, you know,one of the rationalist society
(03:12):
thinkers, and they put togethera scenario using tried and true
scenario planning techniques andbacking it up with all the
graphs and probabilities and allthe rest of that.
But anyway, some super, superintelligent people got together,
looked at where AI had comefrom in such a short period of
time and where it was going, andcame up with AI 2027.
(03:36):
So their prediction for thenext two years, two and a half
years, and it's prettymind-blowing when you look at it
, to the point where you maydismiss it because they take it
to its logical extension.
You know things like the humanrace being wiped out by the AIs,
which I know is a big fearamongst AI researchers,
(03:58):
especially in California, ifthey think that way.
I don't think that way, but Ihaven't read about that yet.
But what I did absorb was whatthey base their prediction on,
and here it is plain and simple.
The large foundational modelcompanies OpenAI, xai, google
(04:18):
Anthropic Tencent, googleAnthropic Tencent are today
using large language models tohelp them code and come up with
their strategies for what totrain and how to train and what
data sets to use and all therest of that stuff.
They're using AI today.
Of course, everybody whotouches code should be using AI
(04:43):
today, but they're using itsignificantly already and I've
seen stats, you know, up to 50%for some researchers.
So what is going to happen isthey are going to train AI
researchers to replace the AIresearchers that we have I'm
sorry, the human researchersthat we have, and that will
(05:06):
occur throughout 2026.
By the end of 2026, they willhave accomplished that.
So large language modeldevelopers like OpenAI will have
automated AI bots that aredoing the work and then it just
takes off right Because now theycan iterate.
They work 24-7.
They can have a million workersdoing this work, trying
(05:28):
different scenarios, trying tocome up with innovations.
Maybe they'll come up with thenext transforms, who knows?
Speaker 1 (05:35):
Would it be fair to call that critical mass?
Speaker 2 (05:38):
Would you have hit critical mass?
Speaker 1 (05:40):
at that point?
And can we also use the S word,the singularity?
Speaker 2 (05:45):
Yeah, we try not to.
Yeah, these guys are basicallybackfilling into the singularity
.
That's correct.
Speaker 1 (05:52):
Yeah, maybe it's the beginning of the singularity.
Yeah, I've got to get RayKurzweil on this podcast?
Yeah, we really should.
Yeah.
Speaker 2 (06:02):
So they give a nod to Ray Kurzweil and there's a
excellent podcasts with um, thetwo of the authors of AI 2027.
Um, one you'll you know you'llrecognize the story Daniel uh
Coca, todd Todd Tyo.
Um, who was at open AI in thesafety side of things.
(06:25):
He didn't like what was goingon, didn't think that they were
going to do a proper job ofthinking about safety, so he
quit and then, when presentedwith the non-disparagement
agreement that all the employeesgot when they quit, which
basically says if you disparageus, you don't get your options,
(06:47):
we claw them back.
So, in other words, you know,if you say anything bad about us
, we're going to.
You know, take hundreds ofmillions of dollars from you,
right, which is how valuablethat stuff is.
So, but he made the consciousdecision to go okay, I'm sorry,
but I'm not going to sign it.
Made the conscious decision togo okay, I'm sorry, but I'm not
going to sign it.
(07:07):
And luckily, you know, ai, oropen AI, backed down and now
that clause and that practicehas been absolved.
So he's still got his optionsand now he's a free thinker,
he's independently wealthy and,you know, he's in pretty good
shape.
So he's one of the authors andhe's on this amazing podcast, um
, and then, amazingly, scottAlexander is on the podcast.
(07:33):
Scott Alexander is known toevery techie.
He's the author of the AstralCodex 10 blog and he covered his
wide gamut of technology andpsychology.
He is a psychologist.
Um Seems fairly young to mehe's probably older than you but
he's been around blogging for along time and is obviously
(07:57):
super, super smart.
And he's never been on apodcast before.
So I'm writing this up and youcan follow the link from my
Substack post to this three-hourpodcast.
It'll blow your mind the depthat which they go, this
three-hour podcast.
It'll blow your mind the depthat which they go.
But anyways, long story short,I decided to take their
assumptions, ignore theirconclusions about what happens
(08:19):
after 2027, but for now, taketheir assumptions and apply them
to what's going on incybersecurity.
So that's why I'm so excited totalk today.
Speaker 1 (08:28):
Awesome.
A lot to unpack, especiallywhen it comes to cybersecurity.
How does that affect thecybersecurity market and how do
we go forward?
Do we step carefully?
Do we, you know, go all in andput all our eggs in the AI
basket?
We'll find out.
So when I think about AI, thefirst thing that comes to mind
(08:50):
is what's going to happen tojobs, what will happen to
people's jobs, especially whenit comes to the SOC?
Right, when I think of anapplication that is ripe for AI
not necessarily the coding.
So the coding.
Obviously there are lots ofcybersecurity companies that are
going to be using AI to writetheir code and all that stuff.
(09:11):
Let's set that aside for asecond.
But when it comes to the heartof security operations, the SOC
if you don't know what that isis the Security Operations
Center.
That's kind of the lifeblood ofcybersecurity.
When you hear cybersecurity,most people think of someone in
a room full of computers andthey're looking at stuff on
screen logs that are popping upand there's an alert that comes
(09:34):
up and says intruder, intruder.
That's not the way it reallyhappens.
The SOC analysts are oftengoing cross-eyed looking at the
logs and they'll see somethingthat's anomalous and they'll
report it and it goes up thechain and if it's bad enough, it
gets to the CISO and then, ifit's really bad, there's someone
in the system, then thesecurity team takes action.
(09:56):
As you might imagine, thatprocess takes a lot of manual
effort and it's really easy forhumans to miss an event right.
So in the SOC we're seeing AIbeing used as a way to not miss
anything, basically, and AI haskind of been in the SOC for a
(10:18):
long time when it comes totrying to do false positives,
false negatives, correct errors,when it comes to flagging
things, because oftentimes thesystem might flag something
that's not bad or it might misssomething that is bad.
But now we're seeing a newiteration where the SOC analyst
is getting the support that theyneed.
(10:40):
Where do you see the SOC goingforward with AI?
Is it going to replace the SOCanalyst?
Is it going to replace the SOCanalyst, or do you think that
they're going to be SOCtechnologies and SOC vendors
that are completely humanless ornearly humanless?
I mean, how far can?
Speaker 2 (11:05):
we go and where is what is the logical end of this
technology?
Yes, I take it to its logicalconclusion and that the SOCs
will be unmanned, unpersoned.
I guess we should say they willbe fully automated and starting
with the, you know the triage.
So we already have account 15startup vendors, most of them by
far less than two years old,who are working on this and able
(11:30):
to demonstrate in some way thatthey've got something right.
But they're very, very small.
You know, the biggest one isExaForce, with 46 people.
So they're not, you know,selling or getting traction.
Yet I am on record saying thatby the end of the year they will
get traction and largeenterprises will start to use
(11:52):
them to alleviate the burdenpressure on the so-called tier
one SOC analysts, the people wholook at this you know giant
list of critical things theyhave to pay attention to and
they quickly go through them.
You know, yes, no, yes, no, yes, no.
Which ones should we look at?
They dig into a few of them.
Some of them they go ooh, thislooks really scary and they
(12:15):
escalate it to the SOC 2 analyst.
So so far, most of the talk andmost of the claims from these
vendors they're not saying youknow they do not go out there
and say this is the end of theworld for SOC analysts.
They say we're augmenting themand we're helping with that
triage problem.
So we're going to and none ofthem even use I'm waiting to
hear it for the first time 100%triage.
That's to me is a game changer,right?
(12:38):
If you could say every singlealert generated by your SIM
which of course, is, you know, acollection point for all
devices that are logging andalerting in alerting, every
single one of them is looked atand, you know, deemed okay, you
know false, positive or normaland not a threat whatever, and
(12:59):
the ones that are actuallythreats are highlighted quickly
and maybe some action is taken.
That is going to be happeningby the end of this year, 2025.
And to the point where some ofthose companies, 15 of which I
can show you on the screen here,are still very small, but at
(13:22):
least one of them, I believe,will be valued at over a billion
dollars before the end of theyear.
Speaker 1 (13:27):
Are you saying that one of them, as in we don't know
which one, or do you have your?
You know, like if you're abetting man, would you?
I do not.
Speaker 2 (13:35):
I do not, though, but let's just look at it, and then
we'll decide how we could cometo that conclusion.
Speaker 1 (13:43):
While you're bringing that up, I have a theory when
it comes to why companies don'tsay that they're 100% unmanned.
I think that the narrativeright now, when I ask anybody
will AI replace your jobs?
The narrative right now is AIwill not replace your jobs.
It will make what your teamdoes more effective.
(14:06):
It's going to help them workfaster, more efficient, be more
productive, so productivity goesup.
So then the vendor coming in isnow seen as a revenue driver,
is going to help you driverevenue right, or cut costs.
Helps what's that?
Or cut costs.
Speaker 2 (14:23):
Or cut costs.
Speaker 1 (14:23):
Exactly so.
At any rate, it makes the valueseem like a value-added
solution, right?
So I think that that's abusiness narrative.
I don't think that that's aprediction of what actually will
happen.
I think you're right.
What's going to happen is it'sgoing to replace a lot of people
, but I'm really interested tosee how the narrative is going
to shift once we cross thatthreshold.
Speaker 2 (14:44):
And all we have to do is ask Gary Kasparov, who I
actually saw speak at a CyberReason conference, of all things
, and I think Cyber Reason verypointedly brought him in as a
speaker, because he's arguablythe first person to lose his job
to AI Right, even though howCould you walk me through that
story?
Speaker 1 (15:03):
I'm not familiar at all.
Speaker 2 (15:05):
Oh, ok.
So over over the years, garyKasparov was the last world
chess champion before AI and youknow, had won multiple years
and stayed the world chesschampion and he was always
willing to go up against thelatest computer.
And finally IBM created DeepBlue or something like that Deep
(15:30):
Blue or something like that andit beat Garry Kasparov in a
chess master kind of playoff.
So, you know, multiple gamesthe computer beat him more times
than he beat the computer.
Computer won, so he's out of ajob.
Right, A computer can beat him.
So what's the point of being thebest in the world at what he
(15:51):
does when a computer can beathim?
So what's the point of beingthe best in the world at what he
does when a computer can beathim?
And then, since then, you know,of course, google has the most
impressive chess bot right nowthat can beat the big blue or
deep blue, whatever it's called,and it's just amazing.
So Gary Kasparov says look at,you know, don't think of it as
me losing my job.
Think of it as now I can playchess and have AI augmentation.
(16:16):
And so in the future you'llhave two chess grandmasters
playing each other and each willhave their own computer model
that they can use to help themchoose the next move.
Speaker 1 (16:27):
That's brilliant because it takes them out of the
seat of a tactician and putsthem squarely in the seat of a
strategist, which is what chessis all about?
Speaker 2 (16:34):
Yeah, totally, except that that never happened.
That does not happen, right.
And yet, you know, after one ofmy favorite movies, the Queen's
Gambit, came out, chess justtook off.
There are more players now thanthere ever have been in history
, and chesscom is continuouslyhas problems keeping their
servers running because there'sso many people playing games.
Speaker 1 (16:57):
So it's so, it's OK.
Does he have his job?
Speaker 2 (16:59):
again, or I don't think.
So I think.
I think he's a political punditnow.
Oh, he's too busy slammingPutin in Russia.
Speaker 1 (17:08):
Instead of pushing chess pieces around now, he's uh
commenting on how world leadersare pushing people around.
Speaker 2 (17:15):
He has direct experience, you know, because he
became grandmaster in thesoviet era and then, you know,
saw the changes.
Speaker 1 (17:22):
Uh, until putin took over is he like on rt or?
Speaker 2 (17:27):
no, he's not.
Um, yeah, he lives in theunited states now.
He's's not welcome in Russia.
He's considered a dissident.
Speaker 1 (17:37):
Oh so yeah, he wouldn't be an RC.
Yeah, they swapped him out withJesse Ventura.
Okay, anyways, what do you gotfor me?
Speaker 2 (17:45):
Okay, so we are looking at search results on
what I call SOC automation,which sounds really boring
compared to the fact that it's apart of the AI security world.
There are 96 companies in AIsecurity.
Most of them do you knowgovernance and guardrails.
You know, essentially, dlp forAI and a few of them like
(18:07):
protect AI and prompt security.
Protect models, which I didn'tthink was a thing.
Right, it's like the models.
The people who create themodels are only like seven
companies that make models.
Boy, was I wrong.
Right, there's over a millionmodels in Hugging Face and
people download them and usethem all the time, and GM alone
(18:28):
supposedly has I don't know 300models that they're using.
So, yes, there's a business forprotecting people's large
language models.
Internally, protect AI isundergoing, you know, a rumor
takeover by Palo Alto Networksfor between $600 and $750
(18:49):
million and with only they'vestill got under 50 employees.
So makes my prediction of abillion dollar valuation company
seem a little.
You know, not far stretch bythe end of the year, and yet
nobody else has predicted that.
So it's going to happen If I,as I just did, I sorted on
headcount and as I just did, Isorted on headcount.
(19:11):
So these are the 15 vendorsthat are currently going to
market with.
Hey, we do stock automation,we're creating agents to replace
your tier one agents, andExaForce just announced
yesterday 75 million investmentand I don't know what the
(19:33):
valuation was, but probably nota billion just yet.
Um, they only have 46 peopleand yet they've grown 18 so far
this year, or drop zone, grown34, so they, you know they grew
a third from so far this year doyou think that number is going
to drop or increase, that 46headcount?
oh, it's going to go updramatically, do you think?
Speaker 1 (19:52):
even as they add more agents and robots.
Do you think there's?
Speaker 2 (19:57):
a.
Speaker 1 (19:57):
CEO out there that wants purposely to keep the
headcount low.
Speaker 2 (20:01):
Yeah, so they're going to need the engineers, and
right now they don't havesuperintelligence.
Within a year and a half theywill, and then they can stop
hiring engineers, but right nowthey need salespeople, right?
There's no way you can get to abillion in revenue in 18 months
.
Yeah, you don't do it, whizzedit Right.
Speaker 1 (20:21):
Yeah, unless you have , uh, unless the, the contracts,
the deals are just like massive, um.
But yeah, until then you got apoint and you're going to need
sales guys, massive.
Speaker 2 (20:30):
But yeah, until then, you got a point and you're
going to need sales guys.
You only need $10, $100 billiondeals.
Speaker 1 (20:35):
That's one way of thinking of it.
That's a good way.
Those sales guys are going tobe happy.
Speaker 2 (20:45):
Yes, oh yes, If you're on this bandwagon.
That's one of the few ways Ithink of to profit from all of
this If you're not in a positionto start an AI security company
.
Speaker 1 (20:53):
Just going to sales.
Speaker 2 (20:55):
Be in sales at one of these, because people will just
buy it.
The demo will be so easy.
Hey, give me your SIM, give meAPI access to your SIM and we'll
start solving all your problems.
Speaker 1 (21:08):
Right away.
Time to value Incredible yeahit'll be okay.
Speaker 2 (21:10):
You can't unplug that .
Where do we sign?
Problems Right away, time tovalue Incredible?
Yeah, it'll be okay.
You can't unplug that.
You know where do we sign yeah.
Kind of thing Right, because thevalue is just incredible.
So a lot of cool companies here.
I've only talked to a handfulof them.
Some of these, you know, justhave the right DNA, the right
people, method, security she'sgot people you know from the NSA
(21:34):
working at it.
It's pretty dang cool.
Just awesome stuff.
So that's where I start in mylist of predictions.
And they just keep flowingright and they just keep flowing
right.
So it's based on the idea thatall these companies will be able
(21:57):
to take advantage ofsuperintelligence throughout
this coming life cycle, right Todo what?
exactly.
Yeah, to basically deploy agentsthat can see all you know, see
every single log, every singlealert, and you'll be turning on
all of your alerts that youtuned before, right.
So now you want everything.
You want to know who's gettingemail from where, and you want
(22:20):
all of that and you want it allin one place and the AI will be
able to parse that and determinewhat's going on, determine when
it's an attack of any sort.
You can personally get a feelfor this If you go to ChatGPT
next time you get a phishingemail.
You'll look at the.
You just look at the verbosemode.
You know where you can see allof the HTML that came with the
(22:43):
email.
Cut and paste that into ChatGPTand ask it to analyze it for
you and it will tell youeverything.
Right, like you know, I know afew people who can read that
stuff and tell me why the d markmatters.
Speaker 1 (22:55):
And all these things add up to this is a phishing
attack but john smith andaccounting isn't going to be
able to make sense of it exactlyso.
Speaker 2 (23:03):
But chachi pd, can any of the uh large language
models can do that just soeasily.
Now just imagine that abilityto.
You know, take 20 pages of textand reduce it down to what it
means and apply it to your reamsand reams of logs and alerts
that you're getting so inability.
(23:25):
You know, let's say Gentic, itcan say, hey, I need more data.
I'm going to go out and scanthat endpoint, I'm going to
cross-compare with where was theowner of that endpoint?
You know, was he or she loggedin, were they in the building?
Were they on the road in China?
All those millions and millionsof factors easily taken care of.
(23:45):
And it'll just get better.
You know it's going to be good,good enough to invest, and
you'll be able to logically say,hey, that entry-level person I
got to hire out of school andstart training who will be a
good tier one engineer in twoyears, that person costs $50,000
.
I will pay $50,000 for a singleagent to do that work and it'll
(24:10):
be perfect, right, and it'll be, won't make mistakes, and it'll
be like buying six, because itgives you 24 by seven coverage.
Takes six people in order toaccomplish that right.
So and then, yeah, that's wherethe huge revenue will come from
.
Speaker 1 (24:25):
Let me ask you this, richard.
You obviously understand theISP space really well.
What is this going to do inthat space?
What do you think?
I mean we're stepping away alittle bit from cybersecurity,
but when it comes to telecomsand communication and the
infrastructure, what do youthink?
(24:46):
How is AI going to play a rolein all of that?
Are we going to see, like,faster speeds in our
communications?
Are we going to see more securecommunications?
How does that affect?
Speaker 2 (24:58):
that world.
I think the first tier will becost optimization.
So you know, if you're a largecompany, you've got tons and
tons of MPLS circuits which arepoint to point circuits.
Quite a large company?
You've got tons and tons ofMPLS circuits which are
point-to-point circuits.
Quite a lot of them you don'tneed.
And you kick off a study todayto say you know what, if we just
went to local internet breakout, bought a bunch of Fortinet
(25:19):
gear and connected it to localISPs and then VPNed all over or
used Zscaler or Kato for thatpurpose and you can quickly find
your return on investment fordoing that.
Or if you need all the directcircuits, you could re-home them
.
I've seen that done in the pastand it's quite magical.
When it happens you can save,you know, 50% of your costs.
(25:42):
But don't forget, that's whatall of your network engineers
actually the old guys as old asI am that's all that they're
hired to do in the first place,so they've been around for a
while.
Speaker 1 (25:52):
Are those guys going to be out of a job?
I mean, I think they're alreadybecoming a little.
I've uh, okay, yeah, no, Idon't want to, I don't want to,
like, expose anybody, but I doknow a few of those guys and
companies are really afraid ofthem because they've got the
password to everything and theycan bring down your entire
network, right, and they'reclose to retirement.
(26:12):
So what would AI help companiesreplace them?
Or at least you know, becausethose guys got it.
So it's a huge Absolutely BrainOK, right, right, absolutely
Brain drain, okay.
Speaker 2 (26:26):
Right, right.
So the you know that guy'ssitting in his easy chair behind
his desk and because he knowswhere all the secrets are hidden
and has a picture in his headof a network that he or she
helped build, that person couldbe replaced overnight by AI.
(26:46):
That knowledge base can be, butthe hard thing to replace is
the person who knows whatquestions to ask of an AI, and
you're going to need thosepeople.
Speaker 1 (26:58):
Would that come in the form of a prompt engineer,
like someone who's specializingin prompt engineering, or is it
like a strategic person whoknows how to ask a prompt
engineer what to ask the system?
Speaker 2 (27:07):
Okay, yeah, the strategic engineer.
Okay, so we will see a shift tothe strategic rather than the
tactical.
Speaker 1 (27:16):
That is, I think, the single craziest thing that's
going to happen to the jobmarket.
So a lot of these tactics,because when you go to school
for computer engineering,development, software
engineering, anything like that,they don't really teach you
anything about the business.
And so now you're going to havea whole breed of people who are
(27:36):
just like a chess master, right?
The one that instead of playingchess, you are telling the
model and directing the model ata strategic level on how to
play and to beat your opponent.
And so I'm really interested inthat Like that's.
That's what I want to see,because I think there's money to
be made for people like me whoare, you know, we've been in the
(27:57):
industry for like 10 years,right, so you're a senior,
you're in a senior position,right, but you're not a director
, you're not a CISO, you're nota business business leader yet.
But if you've got the strategicchops and you understand enough
of how the business works andyou know enough about the
technology to be dangerous, Ithink there are going to be a
(28:18):
lot of people who are going tostart their own businesses, and
that's just going torevolutionize the way that we do
this whole entrepreneur thing.
You're going to have a wholebreed of entrepreneurs and
there's a whole lot of money tobe made in that space.
Speaker 2 (28:32):
Totally agree, and they will be able to convince
their current employer.
If you're going to ever do that, strike out on your own.
The number one way to successis get your current employer to
hire you as a consultant.
So strike out on your own.
Don't do it like I did, whichis just completely shift my
career.
Do something different.
That way lies poverty for mostof your life.
Speaker 1 (28:57):
A friend of mine is going through this shift herself
.
She started her own consultingcompany helping let's just call
them legacy users at thesecompanies mid-sized companies,
companies use AI and leverage AI.
But then she's like Josh, youknow, like, uh, don't put it out
on the internet that we didthis podcast.
Like you know, you can post theclips on your page, but I won't
(29:19):
be able to post it on minebecause I don't want my employer
to know.
But I'm like you shouldposition, you should help your
employer.
They should empower you to dothis because, number one, they
can get you for cheap, becauseinstead of paying you $200,000 a
year, they can pay you $70,000a year as a consultant.
The only caveat is that youhave other clients, which is not
(29:40):
a problem because you're an AImaster and you're super
efficient.
Oh yeah.
Speaker 2 (29:45):
Yeah, yeah, yeah, yeah, yeah, yeah.
My daughter got a job atMichigan State and because her
brothers and a little bit herfather are involved in AI, she's
like all over it and she's, inparticular, with the challenges
that academia has with AIs.
Right, they're very resistantto the whole concept.
(30:05):
Right, they're just against it.
The whole concept, right,they're just getting it.
And so even the people thatwere supposed to be the academic
experts on AI within the stateschool system don't want to
tarnish the reputation by sayingit's good or that we should do
it or anything like that.
Speaker 1 (30:22):
So, all of a sudden, my daughter, who lives in the
world of IT she's in theirdepartment has become the go-to
person if you got questionsabout ai and she's just having
time of her life going aroundand training people and yeah
showing them what they can doand talking them off a off a
cliff when they say that, oh mygod, my students cheat yeah yeah
(30:43):
, honestly, those of us who'vebeen in AI for like, from the
beginning I was with Chad GPTfrom literally like Chad GPT
version one and I I love like Iremember back then blowing
people's minds and we're havinga field day.
These people that are like havebeen doing it for a long time
because now we can say, yeah, Iremember three years ago when
(31:05):
you said I was crazy forsuggesting that a robot is going
to be able to help your kidwith their homework, and you
know they're like, you knowthey're not really going to
replace a real tutor.
It's like, yeah, yeah, downloadchat GPT, it will run circles
around any tutor.
So now we're having a field day, now that we've been proven
(31:26):
right and in some cases, tooright.
So let's wrap up with this goodsegue.
What are the dangers of thistechnology?
Once we hit critical mass andthe robots start to um, when we
hit super intelligence, as we'recalling, what are some of the
(31:47):
dangers of that?
Speaker 2 (31:58):
You know I don't want to go beyond the impact on the
cybersecurity industry, but Ihave thought about that, right,
so we are going to get reallygood at stopping cyber attacks.
In other words, it's going towork for once and there will be
a reduction in overall cybercrime and a dramatic reduction,
to the point where there aren'tas many cyber criminals anymore.
The low-hanging fruit that theygo after today, those that just
(32:21):
don't do anything and haven'tdone anything that's going to
shrink and shrink and shrinkbecause there'll be service
providers that can say hey, youknow, just give it to us, we'll
take care of all of your attacksand stop them in the tracks.
That is super dramatic.
It's going to decimate thecybersecurity industry.
There won't be as many vendorsas the year before.
(32:43):
There will be consolidation.
You know you still needfirewalls.
So Palo Alto and Fortinet arestill going to sell firewalls,
um.
You still need multi-factorauthentication.
You still need sensors all overthe place, um, but there won't
be cyber crime.
There won't be news everysingle day of another breach, uh
(33:05):
, and that's going to have a bigimpact on the growth of the
industry, thank God.
Do you think that there's goingto have a big impact on the
growth of the industry?
Speaker 1 (33:09):
Thank God.
Do you think that there's goingto be a consolidation Once that
happens?
Speaker 2 (33:15):
consolidation will be there, right yeah.
Speaker 1 (33:19):
So the cybersecurity?
Speaker 2 (33:20):
Buy one of everything and you just, you know, get
your credit card and you'll haveeverything you need.
Speaker 1 (33:26):
So if you were to start a cybersecurity company
today let's think of services,solutions, technologies, tools,
swiss Army knife, you name itwhat would you do?
Speaker 2 (33:40):
for longevity.
Yeah, I would create thesensors and any data efficiency
that you can bring to the world,because that'll just lower
costs for the users of AI, socautomation, and yeah, that's
(34:01):
what.
Speaker 1 (34:01):
I do.
So your thesis is basicallythat the just to sum this all up
the best application for AI andwhere we're seeing everything
moving, it would be the SOC,correct, okay, and your
prediction is that the SOC willget so efficient that we will
(34:23):
see a reduction to cybersecurityattacks to near zero, like
we'll patch all the holes.
Well, what's going to happenwith the hackers?
What if they have super AI?
Speaker 2 (34:35):
Right, so they will have to have it.
Question is, can they afford itand is it worth the investment?
Because that's, don't forget,this battle, this 25 year battle
we've had, is to raise the costto the point where it's not
worth it for the attacker yeah,right, yeah and we've never
gotten there, because, you know,we thought we were getting
there and then bitcoin comesalong and, all of a sudden,
(34:55):
ransomware is possible so theycan go after individuals and um,
so we never got there?
Uh, but now this is our chance,so that the only attackers will
be the ones that can outspendus, and those are going to be
nation states, and it'll becheaper.
Rather than come up with a newattack against somebody
protected by AI, they'll have tohire a spy or bribe somebody or
(35:20):
kidnap their family in order toget what they want, which is
extremely expensive and risky,right, very, very expensive,
right Millions of dollarsinvested to do an operation like
that.
So it'll be a long time beforeAI is better than that.
Speaker 1 (35:36):
So we'll come back basically down to the human
element.
Like it's going to be, if youwant to break in, you're going
to have to trick somebody,you're going to have to James
Bond your way into thatorganization and you're going to
ask them if it's like theirmartini shaken or stirred and
(35:57):
then wind up in somebody's bed,probably, and then get the
nuclear codes.
Speaker 2 (35:59):
That way, good old fashioned police work yeah.
Speaker 1 (36:01):
Yeah.
Speaker 2 (36:01):
Yeah, good old fashioned.
Speaker 1 (36:02):
OK, all right, richard, great stuff.
I mean, we've got somepredictions here and I I'm gonna
hang my hat and bet with you,right, not real money, because
I'm not a betting man, but if Iwere I would bet that you're
correct, that, um, it's, it'sgonna be an interesting five
(36:23):
years down down the line, um anduh, and we will be covering it
here on cybernomics.
And so, richard, if people wantto find you, how can they find
you?
Speaker 2 (36:34):
Yeah, head on over to it-harvestcom and you'll see
all the contact forms and allthe rest.
Or find me on LinkedIn.
I'm there all the time.
Speaker 1 (36:44):
Yeah, richard's always posting good stuff on
linkedin and I always see peopleeat it up, and for good reason.
It's always really goodinformation, very timely stuff,
and sometimes you post stuffright out of it harvest, which,
right you know, bodes well forwhat you guys are doing over
there.
So if you want to find me, youcan find me also on linkedin.
Josh bruning, b-r-u-y-n-i-n-g.
(37:07):
Quick announcement my book, theClothesline, is on Amazon, so
you can get the e-book on Amazonright now.
Paperback and hardcover will beavailable later.
Ing and keep following us atCybernomics, and so we'll have
(37:34):
an episode with Richard doingour security market watch every
Monday and for interviews andconversations with CISOs and
vendors and founders, check usout every Wednesday at 7 am.
Richard, good to see you again.
Thanks, thanks, chuck.
All right, thanks for listening.
Bye.
All right, let's get started, richard Steenan.
Welcome back to Cybernomics andthank you for listening to this
episode of Cybernomics.
Every week, richard and I gothrough the security market.
You can call it a market watch,if you like.
You can even call it securitymarket watch, which is a
throwback to what this show wascalled before Cybernomics.
(00:21):
So I guess now it's a segment.
So, richard, welcome.
I'm so excited to talk to youtoday about AI and you're going
to make some predictions.
Prognosticator ofprognosticators.
How's life?
Speaker 2 (00:34):
I'm doing awesome.
I am at a stage of myunderstanding and people always
think I come out of left fieldwith some bizarre prediction
about the direction of the world, especially in cybersecurity,
and it's not true.
It takes me years, but when ithappens, it happens and it's
pretty overwhelming.
So that's what I hope we get totalk about today.
(00:58):
And I want to you know stagesetting.
Take you back to 1992 when I wasreading an article in something
called Midnight Engineer andthe editor of that magazine was
interviewing somebody who had aside project that was the
midnight engineering part and heasked what's the most critical
(01:23):
thing that helped your business?
And the guy answered theinternet.
And I remember scratching myhead going huh, what's that?
And within six months I hadbecome an internet convert and
had started Rustat and ISP andthat was my full-time job.
I dropped all the automotiveengineering I was doing and just
(01:43):
went full in.
This was going to change theworld and I knew it.
And it was clear as anythingthat this was the biggest thing
of my life technologically.
So that is what I've had thefeeling of ever since ChatGPT
came out.
I've written that.
If you're a reader of mySubstack, I'll say how important
(02:06):
this is, and everybody shouldpay attention to it, etc.
It's only been with us sincewhat?
November 30th of 2022.
So it's still not three yearsold that we've had large
language models that do whatthey do, and they have been
increasing, and I've known thisbecause I've written about this
(02:28):
as well.
They increase in intelligence10x every 12 months, which is
pretty phenomenal.
That alone is enough for you togo huh.
I should pay attention to this.
If there's something that Iwant to do with AI but it's not
ready, well, try it again in 12months, because it'll be 10
times more intelligent.
Speaker 1 (02:47):
So try it again in three weeks three weeks in some
cases.
Speaker 2 (02:50):
Yeah, yeah, cause it could be that jump of 10, 10 X
that happened in that threeweeks.
So keep your eye on it.
Well, um, I finally becameaware of something that was
published way back April 8th, so10 days before we recorded this
, and it comes out of, you know,one of the rationalist society
(03:12):
thinkers, and they put togethera scenario using tried and true
scenario planning techniques andbacking it up with all the
graphs and probabilities and allthe rest of that.
But anyway, some super, superintelligent people got together,
looked at where AI had comefrom in such a short period of
time and where it was going, andcame up with AI 2027.
(03:36):
So their prediction for thenext two years, two and a half
years, and it's prettymind-blowing when you look at it
, to the point where you maydismiss it because they take it
to its logical extension.
You know things like the humanrace being wiped out by the AIs,
which I know is a big fearamongst AI researchers,
(03:58):
especially in California, ifthey think that way.
I don't think that way, but Ihaven't read about that yet.
But what I did absorb was whatthey base their prediction on,
and here it is plain and simple.
The large foundational modelcompanies OpenAI, xai, google
(04:18):
Anthropic Tencent, googleAnthropic Tencent are today
using large language models tohelp them code and come up with
their strategies for what totrain and how to train and what
data sets to use and all therest of that stuff.
They're using AI today.
Of course, everybody whotouches code should be using AI
(04:43):
today, but they're using itsignificantly already and I've
seen stats, you know, up to 50%for some researchers.
So what is going to happen isthey are going to train AI
researchers to replace the AIresearchers that we have I'm
sorry, the human researchersthat we have, and that will
(05:06):
occur throughout 2026.
By the end of 2026, they willhave accomplished that.
So large language modeldevelopers like OpenAI will have
automated AI bots that aredoing the work and then it just
takes off right Because now theycan iterate.
They work 24-7.
They can have a million workersdoing this work, trying
(05:28):
different scenarios, trying tocome up with innovations.
Maybe they'll come up with thenext transforms, who knows?
Speaker 1 (05:35):
Would it be fair to call that critical mass?
Speaker 2 (05:38):
Would you have hit critical mass?
Speaker 1 (05:40):
at that point?
And can we also use the S word,the singularity?
Speaker 2 (05:45):
Yeah, we try not to.
Yeah, these guys are basicallybackfilling into the singularity
.
That's correct.
Speaker 1 (05:52):
Yeah, maybe it's the beginning of the singularity.
Yeah, I've got to get RayKurzweil on this podcast?
Yeah, we really should.
Yeah.
Speaker 2 (06:02):
So they give a nod to Ray Kurzweil and there's a
excellent podcasts with um, thetwo of the authors of AI 2027.
Um, one you'll you know you'llrecognize the story Daniel uh
Coca, todd Todd Tyo.
Um, who was at open AI in thesafety side of things.
(06:25):
He didn't like what was goingon, didn't think that they were
going to do a proper job ofthinking about safety, so he
quit and then, when presentedwith the non-disparagement
agreement that all the employeesgot when they quit, which
basically says if you disparageus, you don't get your options,
(06:47):
we claw them back.
So, in other words, you know,if you say anything bad about us
, we're going to.
You know, take hundreds ofmillions of dollars from you,
right, which is how valuablethat stuff is.
So, but he made the consciousdecision to go okay, I'm sorry,
but I'm not going to sign it.
Made the conscious decision togo okay, I'm sorry, but I'm not
going to sign it.
(07:07):
And luckily, you know, ai, oropen AI, backed down and now
that clause and that practicehas been absolved.
So he's still got his optionsand now he's a free thinker,
he's independently wealthy and,you know, he's in pretty good
shape.
So he's one of the authors andhe's on this amazing podcast, um
, and then, amazingly, scottAlexander is on the podcast.
(07:33):
Scott Alexander is known toevery techie.
He's the author of the AstralCodex 10 blog and he covered his
wide gamut of technology andpsychology.
He is a psychologist.
Um Seems fairly young to mehe's probably older than you but
he's been around blogging for along time and is obviously
(07:57):
super, super smart.
And he's never been on apodcast before.
So I'm writing this up and youcan follow the link from my
Substack post to this three-hourpodcast.
It'll blow your mind the depthat which they go, this
three-hour podcast.
It'll blow your mind the depthat which they go.
But anyways, long story short,I decided to take their
assumptions, ignore theirconclusions about what happens
(08:19):
after 2027, but for now, taketheir assumptions and apply them
to what's going on incybersecurity.
So that's why I'm so excited totalk today.
Speaker 1 (08:28):
Awesome.
A lot to unpack, especiallywhen it comes to cybersecurity.
How does that affect thecybersecurity market and how do
we go forward?
Do we step carefully?
Do we, you know, go all in andput all our eggs in the AI
basket?
We'll find out.
So when I think about AI, thefirst thing that comes to mind
(08:50):
is what's going to happen tojobs, what will happen to
people's jobs, especially whenit comes to the SOC?
Right, when I think of anapplication that is ripe for AI
not necessarily the coding.
So the coding.
Obviously there are lots ofcybersecurity companies that are
going to be using AI to writetheir code and all that stuff.
(09:11):
Let's set that aside for asecond.
But when it comes to the heartof security operations, the SOC
if you don't know what that isis the Security Operations
Center.
That's kind of the lifeblood ofcybersecurity.
When you hear cybersecurity,most people think of someone in
a room full of computers andthey're looking at stuff on
screen logs that are popping upand there's an alert that comes
(09:34):
up and says intruder, intruder.
That's not the way it reallyhappens.
The SOC analysts are oftengoing cross-eyed looking at the
logs and they'll see somethingthat's anomalous and they'll
report it and it goes up thechain and if it's bad enough, it
gets to the CISO and then, ifit's really bad, there's someone
in the system, then thesecurity team takes action.
(09:56):
As you might imagine, thatprocess takes a lot of manual
effort and it's really easy forhumans to miss an event right.
So in the SOC we're seeing AIbeing used as a way to not miss
anything, basically, and AI haskind of been in the SOC for a
(10:18):
long time when it comes totrying to do false positives,
false negatives, correct errors,when it comes to flagging
things, because oftentimes thesystem might flag something
that's not bad or it might misssomething that is bad.
But now we're seeing a newiteration where the SOC analyst
is getting the support that theyneed.
(10:40):
Where do you see the SOC goingforward with AI?
Is it going to replace the SOCanalyst?
Is it going to replace the SOCanalyst, or do you think that
they're going to be SOCtechnologies and SOC vendors
that are completely humanless ornearly humanless?
I mean, how far can?
Speaker 2 (11:05):
we go and where is what is the logical end of this
technology?
Yes, I take it to its logicalconclusion and that the SOCs
will be unmanned, unpersoned.
I guess we should say they willbe fully automated and starting
with the, you know the triage.
So we already have account 15startup vendors, most of them by
far less than two years old,who are working on this and able
(11:30):
to demonstrate in some way thatthey've got something right.
But they're very, very small.
You know, the biggest one isExaForce, with 46 people.
So they're not, you know,selling or getting traction.
Yet I am on record saying thatby the end of the year they will
get traction and largeenterprises will start to use
(11:52):
them to alleviate the burdenpressure on the so-called tier
one SOC analysts, the people wholook at this you know giant
list of critical things theyhave to pay attention to and
they quickly go through them.
You know, yes, no, yes, no, yes, no.
Which ones should we look at?
They dig into a few of them.
Some of them they go ooh, thislooks really scary and they
(12:15):
escalate it to the SOC 2 analyst.
So so far, most of the talk andmost of the claims from these
vendors they're not saying youknow they do not go out there
and say this is the end of theworld for SOC analysts.
They say we're augmenting themand we're helping with that
triage problem.
So we're going to and none ofthem even use I'm waiting to
hear it for the first time 100%triage.
That's to me is a game changer,right?
(12:38):
If you could say every singlealert generated by your SIM
which of course, is, you know, acollection point for all
devices that are logging andalerting in alerting, every
single one of them is looked atand, you know, deemed okay, you
know false, positive or normaland not a threat whatever, and
(12:59):
the ones that are actuallythreats are highlighted quickly
and maybe some action is taken.
That is going to be happeningby the end of this year, 2025.
And to the point where some ofthose companies, 15 of which I
can show you on the screen here,are still very small, but at
(13:22):
least one of them, I believe,will be valued at over a billion
dollars before the end of theyear.
Speaker 1 (13:27):
Are you saying that one of them, as in we don't know
which one, or do you have your?
You know, like if you're abetting man, would you?
I do not.
Speaker 2 (13:35):
I do not, though, but let's just look at it, and then
we'll decide how we could cometo that conclusion.
Speaker 1 (13:43):
While you're bringing that up, I have a theory when
it comes to why companies don'tsay that they're 100% unmanned.
I think that the narrativeright now, when I ask anybody
will AI replace your jobs?
The narrative right now is AIwill not replace your jobs.
It will make what your teamdoes more effective.
(14:06):
It's going to help them workfaster, more efficient, be more
productive, so productivity goesup.
So then the vendor coming in isnow seen as a revenue driver,
is going to help you driverevenue right, or cut costs.
Helps what's that?
Or cut costs.
Speaker 2 (14:23):
Or cut costs.
Speaker 1 (14:23):
Exactly so.
At any rate, it makes the valueseem like a value-added
solution, right?
So I think that that's abusiness narrative.
I don't think that that's aprediction of what actually will
happen.
I think you're right.
What's going to happen is it'sgoing to replace a lot of people
, but I'm really interested tosee how the narrative is going
to shift once we cross thatthreshold.
Speaker 2 (14:44):
And all we have to do is ask Gary Kasparov, who I
actually saw speak at a CyberReason conference, of all things
, and I think Cyber Reason verypointedly brought him in as a
speaker, because he's arguablythe first person to lose his job
to AI Right, even though howCould you walk me through that
story?
Speaker 1 (15:03):
I'm not familiar at all.
Speaker 2 (15:05):
Oh, ok.
So over over the years, garyKasparov was the last world
chess champion before AI and youknow, had won multiple years
and stayed the world chesschampion and he was always
willing to go up against thelatest computer.
And finally IBM created DeepBlue or something like that Deep
(15:30):
Blue or something like that andit beat Garry Kasparov in a
chess master kind of playoff.
So, you know, multiple gamesthe computer beat him more times
than he beat the computer.
Computer won, so he's out of ajob.
Right, A computer can beat him.
So what's the point of being thebest in the world at what he
(15:51):
does when a computer can beathim?
So what's the point of beingthe best in the world at what he
does when a computer can beathim?
And then, since then, you know,of course, google has the most
impressive chess bot right nowthat can beat the big blue or
deep blue, whatever it's called,and it's just amazing.
So Gary Kasparov says look at,you know, don't think of it as
me losing my job.
Think of it as now I can playchess and have AI augmentation.
(16:16):
And so in the future you'llhave two chess grandmasters
playing each other and each willhave their own computer model
that they can use to help themchoose the next move.
Speaker 1 (16:27):
That's brilliant because it takes them out of the
seat of a tactician and putsthem squarely in the seat of a
strategist, which is what chessis all about?
Speaker 2 (16:34):
Yeah, totally, except that that never happened.
That does not happen, right.
And yet, you know, after one ofmy favorite movies, the Queen's
Gambit, came out, chess justtook off.
There are more players now thanthere ever have been in history
, and chesscom is continuouslyhas problems keeping their
servers running because there'sso many people playing games.
Speaker 1 (16:57):
So it's so, it's OK.
Does he have his job?
Speaker 2 (16:59):
again, or I don't think.
So I think.
I think he's a political punditnow.
Oh, he's too busy slammingPutin in Russia.
Speaker 1 (17:08):
Instead of pushing chess pieces around now, he's uh
commenting on how world leadersare pushing people around.
Speaker 2 (17:15):
He has direct experience, you know, because he
became grandmaster in thesoviet era and then, you know,
saw the changes.
Speaker 1 (17:22):
Uh, until putin took over is he like on rt or?
Speaker 2 (17:27):
no, he's not.
Um, yeah, he lives in theunited states now.
He's's not welcome in Russia.
He's considered a dissident.
Speaker 1 (17:37):
Oh so yeah, he wouldn't be an RC.
Yeah, they swapped him out withJesse Ventura.
Okay, anyways, what do you gotfor me?
Speaker 2 (17:45):
Okay, so we are looking at search results on
what I call SOC automation,which sounds really boring
compared to the fact that it's apart of the AI security world.
There are 96 companies in AIsecurity.
Most of them do you knowgovernance and guardrails.
You know, essentially, dlp forAI and a few of them like
(18:07):
protect AI and prompt security.
Protect models, which I didn'tthink was a thing.
Right, it's like the models.
The people who create themodels are only like seven
companies that make models.
Boy, was I wrong.
Right, there's over a millionmodels in Hugging Face and
people download them and usethem all the time, and GM alone
(18:28):
supposedly has I don't know 300models that they're using.
So, yes, there's a business forprotecting people's large
language models.
Internally, protect AI isundergoing, you know, a rumor
takeover by Palo Alto Networksfor between $600 and $750
(18:49):
million and with only they'vestill got under 50 employees.
So makes my prediction of abillion dollar valuation company
seem a little.
You know, not far stretch bythe end of the year, and yet
nobody else has predicted that.
So it's going to happen If I,as I just did, I sorted on
headcount and as I just did, Isorted on headcount.
(19:11):
So these are the 15 vendorsthat are currently going to
market with.
Hey, we do stock automation,we're creating agents to replace
your tier one agents, andExaForce just announced
yesterday 75 million investmentand I don't know what the
(19:33):
valuation was, but probably nota billion just yet.
Um, they only have 46 peopleand yet they've grown 18 so far
this year, or drop zone, grown34, so they, you know they grew
a third from so far this year doyou think that number is going
to drop or increase, that 46headcount?
oh, it's going to go updramatically, do you think?
Speaker 1 (19:52):
even as they add more agents and robots.
Do you think there's?
Speaker 2 (19:57):
a.
Speaker 1 (19:57):
CEO out there that wants purposely to keep the
headcount low.
Speaker 2 (20:01):
Yeah, so they're going to need the engineers, and
right now they don't havesuperintelligence.
Within a year and a half theywill, and then they can stop
hiring engineers, but right nowthey need salespeople, right?
There's no way you can get to abillion in revenue in 18 months
.
Yeah, you don't do it, whizzedit Right.
Speaker 1 (20:21):
Yeah, unless you have , uh, unless the, the contracts,
the deals are just like massive, um.
But yeah, until then you got apoint and you're going to need
sales guys, massive.
Speaker 2 (20:30):
But yeah, until then, you got a point and you're
going to need sales guys.
You only need $10, $100 billiondeals.
Speaker 1 (20:35):
That's one way of thinking of it.
That's a good way.
Those sales guys are going tobe happy.
Speaker 2 (20:45):
Yes, oh yes, If you're on this bandwagon.
That's one of the few ways Ithink of to profit from all of
this If you're not in a positionto start an AI security company
.
Speaker 1 (20:53):
Just going to sales.
Speaker 2 (20:55):
Be in sales at one of these, because people will just
buy it.
The demo will be so easy.
Hey, give me your SIM, give meAPI access to your SIM and we'll
start solving all your problems.
Speaker 1 (21:08):
Right away.
Time to value Incredible yeahit'll be okay.
Speaker 2 (21:10):
You can't unplug that .
Where do we sign?
Problems Right away, time tovalue Incredible?
Yeah, it'll be okay.
You can't unplug that.
You know where do we sign yeah.
Kind of thing Right, because thevalue is just incredible.
So a lot of cool companies here.
I've only talked to a handfulof them.
Some of these, you know, justhave the right DNA, the right
people, method, security she'sgot people you know from the NSA
(21:34):
working at it.
It's pretty dang cool.
Just awesome stuff.
So that's where I start in mylist of predictions.
And they just keep flowingright and they just keep flowing
right.
So it's based on the idea thatall these companies will be able
(21:57):
to take advantage ofsuperintelligence throughout
this coming life cycle, right Todo what?
exactly.
Yeah, to basically deploy agentsthat can see all you know, see
every single log, every singlealert, and you'll be turning on
all of your alerts that youtuned before, right.
So now you want everything.
You want to know who's gettingemail from where, and you want
(22:20):
all of that and you want it allin one place and the AI will be
able to parse that and determinewhat's going on, determine when
it's an attack of any sort.
You can personally get a feelfor this If you go to ChatGPT
next time you get a phishingemail.
You'll look at the.
You just look at the verbosemode.
You know where you can see allof the HTML that came with the
(22:43):
email.
Cut and paste that into ChatGPTand ask it to analyze it for
you and it will tell youeverything.
Right, like you know, I know afew people who can read that
stuff and tell me why the d markmatters.
Speaker 1 (22:55):
And all these things add up to this is a phishing
attack but john smith andaccounting isn't going to be
able to make sense of it exactlyso.
Speaker 2 (23:03):
But chachi pd, can any of the uh large language
models can do that just soeasily.
Now just imagine that abilityto.
You know, take 20 pages of textand reduce it down to what it
means and apply it to your reamsand reams of logs and alerts
that you're getting so inability.
(23:25):
You know, let's say Gentic, itcan say, hey, I need more data.
I'm going to go out and scanthat endpoint, I'm going to
cross-compare with where was theowner of that endpoint?
You know, was he or she loggedin, were they in the building?
Were they on the road in China?
All those millions and millionsof factors easily taken care of.
(23:45):
And it'll just get better.
You know it's going to be good,good enough to invest, and
you'll be able to logically say,hey, that entry-level person I
got to hire out of school andstart training who will be a
good tier one engineer in twoyears, that person costs $50,000
.
I will pay $50,000 for a singleagent to do that work and it'll
(24:10):
be perfect, right, and it'll be, won't make mistakes, and it'll
be like buying six, because itgives you 24 by seven coverage.
Takes six people in order toaccomplish that right.
So and then, yeah, that's wherethe huge revenue will come from
.
Speaker 1 (24:25):
Let me ask you this, richard.
You obviously understand theISP space really well.
What is this going to do inthat space?
What do you think?
I mean we're stepping away alittle bit from cybersecurity,
but when it comes to telecomsand communication and the
infrastructure, what do youthink?
(24:46):
How is AI going to play a rolein all of that?
Are we going to see, like,faster speeds in our
communications?
Are we going to see more securecommunications?
How does that affect?
Speaker 2 (24:58):
that world.
I think the first tier will becost optimization.
So you know, if you're a largecompany, you've got tons and
tons of MPLS circuits which arepoint to point circuits.
Quite a large company?
You've got tons and tons ofMPLS circuits which are
point-to-point circuits.
Quite a lot of them you don'tneed.
And you kick off a study todayto say you know what, if we just
went to local internet breakout, bought a bunch of Fortinet
(25:19):
gear and connected it to localISPs and then VPNed all over or
used Zscaler or Kato for thatpurpose and you can quickly find
your return on investment fordoing that.
Or if you need all the directcircuits, you could re-home them
.
I've seen that done in the pastand it's quite magical.
When it happens you can save,you know, 50% of your costs.
(25:42):
But don't forget, that's whatall of your network engineers
actually the old guys as old asI am that's all that they're
hired to do in the first place,so they've been around for a
while.
Speaker 1 (25:52):
Are those guys going to be out of a job?
I mean, I think they're alreadybecoming a little.
I've uh, okay, yeah, no, Idon't want to, I don't want to,
like, expose anybody, but I doknow a few of those guys and
companies are really afraid ofthem because they've got the
password to everything and theycan bring down your entire
network, right, and they'reclose to retirement.
(26:12):
So what would AI help companiesreplace them?
Or at least you know, becausethose guys got it.
So it's a huge Absolutely BrainOK, right, right, absolutely
Brain drain, okay.
Speaker 2 (26:26):
Right, right.
So the you know that guy'ssitting in his easy chair behind
his desk and because he knowswhere all the secrets are hidden
and has a picture in his headof a network that he or she
helped build, that person couldbe replaced overnight by AI.
(26:46):
That knowledge base can be, butthe hard thing to replace is
the person who knows whatquestions to ask of an AI, and
you're going to need thosepeople.
Speaker 1 (26:58):
Would that come in the form of a prompt engineer,
like someone who's specializingin prompt engineering, or is it
like a strategic person whoknows how to ask a prompt
engineer what to ask the system?
Speaker 2 (27:07):
Okay, yeah, the strategic engineer.
Okay, so we will see a shift tothe strategic rather than the
tactical.
Speaker 1 (27:16):
That is, I think, the single craziest thing that's
going to happen to the jobmarket.
So a lot of these tactics,because when you go to school
for computer engineering,development, software
engineering, anything like that,they don't really teach you
anything about the business.
And so now you're going to havea whole breed of people who are
(27:36):
just like a chess master, right?
The one that instead of playingchess, you are telling the
model and directing the model ata strategic level on how to
play and to beat your opponent.
And so I'm really interested inthat Like that's.
That's what I want to see,because I think there's money to
be made for people like me whoare, you know, we've been in the
(27:57):
industry for like 10 years,right, so you're a senior,
you're in a senior position,right, but you're not a director
, you're not a CISO, you're nota business business leader yet.
But if you've got the strategicchops and you understand enough
of how the business works andyou know enough about the
technology to be dangerous, Ithink there are going to be a
(28:18):
lot of people who are going tostart their own businesses, and
that's just going torevolutionize the way that we do
this whole entrepreneur thing.
You're going to have a wholebreed of entrepreneurs and
there's a whole lot of money tobe made in that space.
Speaker 2 (28:32):
Totally agree, and they will be able to convince
their current employer.
If you're going to ever do that, strike out on your own.
The number one way to successis get your current employer to
hire you as a consultant.
So strike out on your own.
Don't do it like I did, whichis just completely shift my
career.
Do something different.
That way lies poverty for mostof your life.
Speaker 1 (28:57):
A friend of mine is going through this shift herself
.
She started her own consultingcompany helping let's just call
them legacy users at thesecompanies mid-sized companies,
companies use AI and leverage AI.
But then she's like Josh, youknow, like, uh, don't put it out
on the internet that we didthis podcast.
Like you know, you can post theclips on your page, but I won't
(29:19):
be able to post it on minebecause I don't want my employer
to know.
But I'm like you shouldposition, you should help your
employer.
They should empower you to dothis because, number one, they
can get you for cheap, becauseinstead of paying you $200,000 a
year, they can pay you $70,000a year as a consultant.
The only caveat is that youhave other clients, which is not
(29:40):
a problem because you're an AImaster and you're super
efficient.
Oh yeah.
Speaker 2 (29:45):
Yeah, yeah, yeah, yeah, yeah, yeah.
My daughter got a job atMichigan State and because her
brothers and a little bit herfather are involved in AI, she's
like all over it and she's, inparticular, with the challenges
that academia has with AIs.
Right, they're very resistantto the whole concept.
(30:05):
Right, they're just against it.
The whole concept, right,they're just getting it.
And so even the people thatwere supposed to be the academic
experts on AI within the stateschool system don't want to
tarnish the reputation by sayingit's good or that we should do
it or anything like that.
Speaker 1 (30:22):
So, all of a sudden, my daughter, who lives in the
world of IT she's in theirdepartment has become the go-to
person if you got questionsabout ai and she's just having
time of her life going aroundand training people and yeah
showing them what they can doand talking them off a off a
cliff when they say that, oh mygod, my students cheat yeah yeah
(30:43):
, honestly, those of us who'vebeen in AI for like, from the
beginning I was with Chad GPTfrom literally like Chad GPT
version one and I I love like Iremember back then blowing
people's minds and we're havinga field day.
These people that are like havebeen doing it for a long time
because now we can say, yeah, Iremember three years ago when
(31:05):
you said I was crazy forsuggesting that a robot is going
to be able to help your kidwith their homework, and you
know they're like, you knowthey're not really going to
replace a real tutor.
It's like, yeah, yeah, downloadchat GPT, it will run circles
around any tutor.
So now we're having a field day, now that we've been proven
(31:26):
right and in some cases, tooright.
So let's wrap up with this goodsegue.
What are the dangers of thistechnology?
Once we hit critical mass andthe robots start to um, when we
hit super intelligence, as we'recalling, what are some of the
(31:47):
dangers of that?
Speaker 2 (31:58):
You know I don't want to go beyond the impact on the
cybersecurity industry, but Ihave thought about that, right,
so we are going to get reallygood at stopping cyber attacks.
In other words, it's going towork for once and there will be
a reduction in overall cybercrime and a dramatic reduction,
to the point where there aren'tas many cyber criminals anymore.
The low-hanging fruit that theygo after today, those that just
(32:21):
don't do anything and haven'tdone anything that's going to
shrink and shrink and shrinkbecause there'll be service
providers that can say hey, youknow, just give it to us, we'll
take care of all of your attacksand stop them in the tracks.
That is super dramatic.
It's going to decimate thecybersecurity industry.
There won't be as many vendorsas the year before.
(32:43):
There will be consolidation.
You know you still needfirewalls.
So Palo Alto and Fortinet arestill going to sell firewalls,
um.
You still need multi-factorauthentication.
You still need sensors all overthe place, um, but there won't
be cyber crime.
There won't be news everysingle day of another breach, uh
(33:05):
, and that's going to have a bigimpact on the growth of the
industry, thank God.
Do you think that there's goingto have a big impact on the
growth of the industry?
Speaker 1 (33:09):
Thank God.
Do you think that there's goingto be a consolidation Once that
happens?
Speaker 2 (33:15):
consolidation will be there, right yeah.
Speaker 1 (33:19):
So the cybersecurity?
Speaker 2 (33:20):
Buy one of everything and you just, you know, get
your credit card and you'll haveeverything you need.
Speaker 1 (33:26):
So if you were to start a cybersecurity company
today let's think of services,solutions, technologies, tools,
swiss Army knife, you name itwhat would you do?
Speaker 2 (33:40):
for longevity.
Yeah, I would create thesensors and any data efficiency
that you can bring to the world,because that'll just lower
costs for the users of AI, socautomation, and yeah, that's
(34:01):
what.
Speaker 1 (34:01):
I do.
So your thesis is basicallythat the just to sum this all up
the best application for AI andwhere we're seeing everything
moving, it would be the SOC,correct, okay, and your
prediction is that the SOC willget so efficient that we will
(34:23):
see a reduction to cybersecurityattacks to near zero, like
we'll patch all the holes.
Well, what's going to happenwith the hackers?
What if they have super AI?
Speaker 2 (34:35):
Right, so they will have to have it.
Question is, can they afford itand is it worth the investment?
Because that's, don't forget,this battle, this 25 year battle
we've had, is to raise the costto the point where it's not
worth it for the attacker yeah,right, yeah and we've never
gotten there, because, you know,we thought we were getting
there and then bitcoin comesalong and, all of a sudden,
(34:55):
ransomware is possible so theycan go after individuals and um,
so we never got there?
Uh, but now this is our chance,so that the only attackers will
be the ones that can outspendus, and those are going to be
nation states, and it'll becheaper.
Rather than come up with a newattack against somebody
protected by AI, they'll have tohire a spy or bribe somebody or
(35:20):
kidnap their family in order toget what they want, which is
extremely expensive and risky,right, very, very expensive,
right Millions of dollarsinvested to do an operation like
that.
So it'll be a long time beforeAI is better than that.
Speaker 1 (35:36):
So we'll come back basically down to the human
element.
Like it's going to be, if youwant to break in, you're going
to have to trick somebody,you're going to have to James
Bond your way into thatorganization and you're going to
ask them if it's like theirmartini shaken or stirred and
(35:57):
then wind up in somebody's bed,probably, and then get the
nuclear codes.
Speaker 2 (35:59):
That way, good old fashioned police work yeah.
Speaker 1 (36:01):
Yeah.
Speaker 2 (36:01):
Yeah, good old fashioned.
Speaker 1 (36:02):
OK, all right, richard, great stuff.
I mean, we've got somepredictions here and I I'm gonna
hang my hat and bet with you,right, not real money, because
I'm not a betting man, but if Iwere I would bet that you're
correct, that, um, it's, it'sgonna be an interesting five
(36:23):
years down down the line, um anduh, and we will be covering it
here on cybernomics.
And so, richard, if people wantto find you, how can they find
you?
Speaker 2 (36:34):
Yeah, head on over to it-harvestcom and you'll see
all the contact forms and allthe rest.
Or find me on LinkedIn.
I'm there all the time.
Speaker 1 (36:44):
Yeah, richard's always posting good stuff on
linkedin and I always see peopleeat it up, and for good reason.
It's always really goodinformation, very timely stuff,
and sometimes you post stuffright out of it harvest, which,
right you know, bodes well forwhat you guys are doing over
there.
So if you want to find me, youcan find me also on linkedin.
Josh bruning, b-r-u-y-n-i-n-g.
(37:07):
Quick announcement my book, theClothesline, is on Amazon, so
you can get the e-book on Amazonright now.
Paperback and hardcover will beavailable later.
Ing and keep following us atCybernomics, and so we'll have
(37:34):
an episode with Richard doingour security market watch every
Monday and for interviews andconversations with CISOs and
vendors and founders, check usout every Wednesday at 7 am.
Richard, good to see you again.
Thanks, thanks, chuck.
All right, thanks for listening.
Bye.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com