July 14, 2025 • 49 mins
Aksa Taylor shares her journey from electrical engineering to cybersecurity, highlighting how curiosity and focused passion can open unexpected career doors in the security industry.
• Finding specific interests within cybersecurity rather than trying to "get into security" broadly
• Building a personal brand through knowledge sharing and community contributions
• Quantum computing's progression from theoretical to practical applications in security
• The challenges posed by unrealistic job descriptions and automated filtering systems
• How AI capabilities create both opportunities and new risks for security teams
• Weighing the tradeoffs between established security vendors and innovative startups
• The critical importance of customer support quality when evaluating security solutions
• Community-building as a foundational element of the security profession
Abstract Security recently published a free community resource book called "Applied Security Data Strategy" for those interested in security data operations.
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
Cool.
How's it going, aksa, it'sgreat to get you back on the
podcast.
I'm really excited for ourconversation today.
Speaker 2 (00:08):
I'm loving it, thank you.
Thank you for having me backand I'm super excited for our
talk today.
Speaker 1 (00:13):
Yeah, yeah, absolutely.
So you know why don't we startwith how you got into IT?
What made you want to go downthat path?
Was that always like a passionof yours?
Did you study it in university,or you know what does that look
like?
Speaker 2 (00:29):
Yeah, I kind of mentioned this story a couple
times at other places, but Ididn't really study IT or
cybersecurity.
I was electrical andengineering graduate and I came
I was doing my master's atUniversity of Texas in San
Antonio and I had to take acourse that's outside of my core
subject, which is electronicsand communication, and I there
(00:52):
was a new course on cloudcomputing.
I took it and then that kind oflike shifted my entire focus
and that led to my first jobwith Twistlock, the first
container security solution thatwas available back then, and
then that led to Twistlock beingacquired by Palo Alto Networks,
which really put me in theproduct management track, and
from there I realized thatstartups is my thing.
(01:17):
So I've continued my journeyand now I'm with Abstract
Security, who is more of thedata operations, security
operations world.
So it's kind of a shift fromthe container security world
into this and definitely a shiftfrom the electrical and
communications engineering worldto cybersecurity.
One of the things that kind ofintroduced the cybersecurity
(01:38):
world to my life was I was doinga paper during my master's
thesis on securing cloudcontainers using quantum, a QK
quantum key distribution andthat kind of introduced me to
Twistlaw because I was talkingto people who are doing
cybersecurity, because I waslike I don't know what container
security is.
(01:58):
I know a little bit what Ithink I understand about quantum
, which is like juxtaposingitself.
That's what led me to Twistlawagain what I think.
Speaker 1 (02:05):
I understand about quantum, which is like
juxtaposing itself.
Yeah.
Speaker 2 (02:07):
That's what led me to TwistLog, and the rest is
history.
And that's how I got here.
Speaker 1 (02:13):
Yeah, it's a.
It's an interesting path, youknow, because, like I tell
everyone in security, right, oreveryone trying to get into
security or thinking about it,right, you have to be curious.
You know, like that's likenumber one above everything else
.
Like you have to be so curiousthat it's like embarrassing to
be that curious.
(02:34):
You know, and there's somethingabout it too, because I've seen
other people, you know, thateven like, get into security and
they get bored, you know, andlike maybe it's the role right,
so they change roles and they goto a new place and they get
bored.
You know, and they and likemaybe it's the role right, so
they change roles and they go toa new place and they're like no
, this is, you know, this justisn't for me, and for me, like,
I don't have that problem at all.
It's like, you know, I have awhole list of things and it's
(02:56):
going to take me, like beyond myentire career to get through
them all.
And, I'm sure, as new things popup I'm going to be diving into
those right?
Speaker 2 (03:07):
Yeah, what were you going to say?
I was just going to add on towhat you're saying that people
outside it may look like aglamorous role, like, oh,
cybersecurity, I get to likestop the hackers, stop the bad
guys.
But there's a lot of nuanceswithin cybersecurity, like what
kind of a track?
What track do you want to take?
Are you going to be inapplications?
Are you going to be in auditingand governance?
(03:30):
And if you're not in the rightplace, you'll end up in a boring
job that you don't really like.
So I think it's reallyimportant to, instead of
thinking about like I want toget into cybersecurity, think
about what topic really excitesyou.
Is it AI?
That's the buzzword right now.
We want to know what are thebest practices and security for
AI.
Then just do the research andthe opportunities will come to
(03:52):
you automatically, right?
You do the research, you learnabout it, you talk about it, and
then people who are looking forroles to fill are going to
eventually find you if you arein the same.
And that's kind of what happenedto me.
Like I wasn't looking for a jobin cybersecurity per se.
I was just trying to finish mythesis and a major part of it
was the security role, the cloudcontainers, container security
(04:15):
or cloud security.
So I had to do research, I hadto learn all about it, and I
mean all the timing by God'sgrace that it worked out where
they were looking for someone,and this was new.
And all things work togetherfor my good.
But I think if I set out aftermy master's thinking that I want
to get a job in cybersecurity,I won't say it's impossible, but
(04:36):
it's difficult, because so manyjob descriptions out there say
you must have experience in XYZ,you must have experience in
that.
How are you going to getexperience if you don't get the
opportunity?
And so I think the focus shouldbe on the topic that makes you
passionate yeah, yeah, that's areally good point.
Speaker 1 (04:55):
You know it's crazy because there's there's been so
many people in the industry thatcomplained consistently about
these stupid job descriptions.
You know, and like the, the,maybe the biggest one that like
stood out to me was when thecreator of Kubernetes, right,
like this guy, literally createdthe container framework.
(05:18):
You know, yeah, he, he, he sawa job posting that required, you
know, 10 or 12 years ofexperience, and this is like
eight years into you knowKubernetes existing and they
declined him and he's like I'mon the paper that like started
it.
You know, like it's so crazy.
(05:40):
You know, and people have suchunrealistic expectations of what
that experience even means orbrings to the table that you
know they're taking I feel likethey're taking, you know this,
this like 10 years of experience, as like a broad.
Okay, you're a senior, you're alead.
You know we're going to applythat insecurity.
Speaker 2 (06:00):
It's like no, that, that that isn't how that works
at all you put it into an AI LLMand you get this really nice,
curated thing with all the rightbuzzwords, but then you may not
(06:32):
get the person that you wantedfor the role.
I think we should really getaway from the applications and
just be like, hey, let's talk Ifyou have what it needs and you
have the experience.
Just bullet, point what you'vedone facts and let's get into it
.
But instead it's all about thebuzzwords, the years and, yeah,
it's, it's been hard yeah, maybethe most frustrating part for
(06:53):
me is, you know, like I like.
Speaker 1 (06:56):
So I have two little kids, I'm getting my PhD, you
know I do consulting on the sideand I have a nine to five right
, so I don't have the time tomodify my resume.
You know, for 10 different jobsit's like here's my resume.
If it looks interesting, callme.
Right, like that's what it is.
But to these like filters andeverything, you basically have
(07:19):
to rewrite your resume for everysingle application you submit
to even have a chance.
You know, and I recently wentthrough a round of like
interviewing, looking for a newjob and everything, and I barely
got any hits and I think it'skind of twofold right, like the
job market is in a weird placeright now where you know when a
(07:42):
role goes up on LinkedIn, rightwithin two hours it has over 100
people applying to it.
I don't know if they're bots, Idon't know if they're real
people, right, like maybethey're all fake or something
like that.
But how am I ever going to getrecognized for any position in
that situation, let alone nowI'm formatting my resume to fit
(08:05):
something that I'm not evengoing to get recognized within
right?
So like it's this crazyconundrum.
Speaker 2 (08:11):
And sometimes you don't even get to the stage
where you can talk to a person.
You're just automaticallydeclined based on some keywords.
Speaker 1 (08:18):
Yeah, yeah, that's the craziest thing.
Maybe my most successful roleseven, I think, have been from
hiring managers that watch thepodcast.
They heard me talk about atopic and they're like, oh, I
need a guy in cloud security.
I like, I like his personality,I like how he thinks his
(08:39):
skillset is there.
Right, cause I'm not justtalking to anyone right, like
I've had on, like yourself I'vehad on, you know, ai security
experts from NVIDIA that areover here talking about, like
tiered architecture for AImodels that you know I'm over
here like trying to just keep up.
Like I feel like I'm barelyable to read.
(09:00):
You know what this guy'sputting down right, but having
that broad range of experienceopens you up to hiring managers.
You know what this guy'sputting down right, but having
that broad range of experienceopens you up to hiring managers.
You know a little bit moreright, and getting out there and
talking about it, reallybuilding a brand for yourself.
Speaker 2 (09:16):
Right, I think also.
I see a lot of knowledge sharingand people who do a lot of
knowledge sharing and I thinkthat's so important for our
community our defenders,security defenders, community to
share that knowledge moreoutside of just talking about
our products and platforms right, and that's why I love podcasts
(09:39):
like these, where we can justhave an open conversation about
things going on and, of coursecourse, highlight innovations
that people are doing withintheir company and what what the
product is doing.
But it's also important to justtalk about, I think, things
outside of work related stuff.
I don't know there's a thinline on LinkedIn on how much you
(10:00):
can post about versus.
I'm definitely not an expert onthat, but I like knowing like,
hey, you're a person behind thecorporate mask, right, and you
have your own life and you haveyour own story and how you got
to where you are, and that'sinspiring to me.
Just going reading stories ofpeople, how they got there, and
(10:21):
I think that affects our work aswell.
If I see someone who's gonethrough a similar work track and
that I'm trying to get into, itopens up different ways of
thinking and how to think aboutcareer and just our own personal
journey as well.
So I think we need more of thatas a community that don't treat
(10:41):
people like oh it's a sales guy,I'm not going to reply to him.
Oh, it's a CISO'm not going toreply to him.
Oh, it's me, so I'm going toreply to him, like that kind of
differentiation based on titlesor vendor names.
We should really try to look atpeople as people and they're
solving problems and we're allhere to protect environments and
organizations in whatever way.
(11:02):
If you are an organization,you're trying to find services
to protect yourself.
So community is key tocybersecurity and I think that
is what also opens doors ofopportunities for people if we
create that bridge and have morecommunity-led projects.
Speaker 1 (11:23):
Yeah, something you said about kind of being more
open.
I've always found it that thesecurity industry overall, right
, at least at least once, you'rethan happy to discuss a new
topic with you.
They're more than happy to talkabout what they're working on,
(11:48):
what they're finding.
All this different stuff, right, which was something that I was
nervous about, you know, goinginto this podcast, right, is
who's going to come on, who'sgoing to even, like, want to
talk to me?
Why would they talk to me,right, all these different
questions that you always, youknow, have pop up in your head
when you're doing something new,something you haven't done
(12:09):
before, or whatnot.
But you know, everyone thatI've had on, right, you know,
but it's like everyone that I'vehad on for the most part, like
they're all very open about it.
You know, and, to be honestwith you, the people that are
there because, like, their prperson put them there and they
don't really want to talk to me,like those episodes don't even
(12:30):
go live.
It's just like, yeah, I'm notgiving you, I'm not giving you
the marketing, you know keepingit real yeah, because I you know
, I I do, I do almost no editingand the editing that I do is
now done by ai, so like.
So you know, I feel like itadds an authenticity to the
podcast, right, when you come onand you tell your story,
(12:52):
they're going to hear your storyfrom you.
I'm not choreographing it.
You know, like you've been onthe podcast twice and I don't
think I've sent you, I don'tthink I've sent you any
questions, like, like nothing.
Speaker 2 (13:06):
In fact, not even today.
I was just like, oh, what arewe going to talk about?
Well, it's Joe, we're justgoing to find something to talk
about.
Speaker 1 (13:13):
Yeah, yeah, we'll figure it out.
You know, that's a good thingabout this space, though, right,
and especially with abackground like yours, right,
where we're talking about, youknow, pqc and containers there's
so much that we can dive intoit.
I was actually thinking aboutthis, you know, last night maybe
I guess I'm a nerd, right so Iwas thinking about like quantum
(13:41):
encryption overall, because Ihave to know, I have to know
like I feel like just enough toget by and not sound stupid and
not insult an expert.
You know, like with withknowing, you know with like
doing my research, right, and soI'm thinking about like how
much I actually like know, um,you know within the space, and
I'm like man, I think I thinkit's like 2%, but I think we
(14:08):
probably also only know maybe40% of what it actually is
overall.
So that takes it down to like0.5, 0.4,.
You know of what my actualknowledge is.
Speaker 2 (14:21):
That's what I was going to say.
Is there truly a full knowledgeof quantum world?
I remember my professor righton day one of the class, when I
I mean day one of me startingthis report with him we had a
one-on-one to discuss what thisis going to be.
He was going to give me booksto read and all those articles,
(14:43):
research material, and he,before giving them all to me, he
said this look, as you startthis journey, just whatever you
know until now, throw it out thewindow.
You're going to relearneverything from this perspective
.
So just come with a completelyopen mind.
Don't bring the laws of physicsor logic into what you're
(15:03):
learning.
Just learn with a completelyopen mind.
And that's key to starting yourquantum learning journey.
And I thought why Everything'sconnected to starting your
quantum learning journey and Ithought why, like everything's
connected.
and then I started reading andall the principles and I was
like this is a lot yeah I seewhat he was saying now and
honestly I am excited about itand I think not think I mean you
(15:26):
already seeing the merge ofquantum in the cloud security or
security world itself, whetherwe talk about cryptography or
whether we talk about securechannels and things like that.
I don't know if we'vecompletely accomplished it, but
I think it's something that weshould talk about because it's
(15:47):
going to impact our world sooneror later.
Speaker 1 (15:50):
Yeah, yeah, you know, I've had on other people and
every time we go down thisrabbit hole, right, it's a weird
situation because we've beentold for so many years I mean a
couple of decades at this point,right, that you know quantum is
(16:10):
right around the corner five,ten years, whatever arbitrary
number is thrown out there.
But recently it's kind of morein front of your face because
now we have this LLM, which isnot an AI, it's not quantum,
right, it's a brand new searchengine that is way better than
(16:31):
Google.
I mean, I use Grok more than Iuse Google now but it's like a
building block for what youwould call you know AI, right,
and AI and quantum are tiedtogether in everyone's heads,
like it's impossible to separatethe two, no matter how much
delineation you break it apart.
Right To separate the two.
No matter how much delineationyou break it apart, right, like
everyone is going to think aboutthe other when you mention you
(16:54):
know AI or quantum, right, andso we're in this weird flux
state right, where it couldliterally happen tomorrow or it
could literally happen in 10years.
Everyone just knows it's goingto happen.
And I was talking to aresearcher based out of Germany
who's actually like doing?
You know this legit quantumresearch with satellites,
(17:15):
launching satellites?
He launched one over theweekend and I mean he literally
told me.
He said you know everyone inthe space, that's anyone that
knows anything.
We're all kind of a little bitnervous right now.
Right, because now everyone ispaying attention to it and you
(17:36):
know, you have Google, you haveMicrosoft, you have Nvidia,
tesla all these companies arebuilding towards, you know, an
AI integrated quantum computer.
Right, because once you give AIthe proper amount of power that
quantum computing unlocks,basically it's pretty much
(17:57):
unstoppable.
There's no dialing it back in,right, and the argument is that
essentially the genie is alreadyout of the bottle and so you're
not going to put the genie backin the bottle, you kind of have
to just go with it at thispoint and hopefully, you know,
the genie doesn't destroy you atthe end of it wow.
Speaker 2 (18:18):
Well, I'm not an expert on quantum, but I'm
definitely looking forward tothat episode of yours yeah
researcher because in I guess,I've been more on the
cybersecurity kind of world.
I've lost touch from the quantumworld ever since I graduated
and AI is definitely somethingthat's on everyone's minds.
I don't know how much I thinkof quantum and I think of AI,
(18:40):
but for sure, from a vendorperspective, from someone
thinking about solutions that wecan solve for clients or
organizations that haven't beensolved before, and how do we
make it better for clients ororganizations that haven't been
solved before.
And how do we make it better.
The problem is there's so muchhype about AI that sometimes the
buzz is greater than the factsand the facts get buried inside.
(19:01):
We were just discussing thisbecause we're going to have a
panel in Pittsburgh about AI andsecurity and just facts from
people actually building itright People from AI companies,
and what are the problemsthey're trying to solve.
How are they solving it.
So what's buzz and what's real?
I think that distinction isstarting to get very blurry.
Speaker 1 (19:23):
Yeah.
Speaker 2 (19:24):
There's so much hype on AI and people say things like
AI will replace XYZ jobs justso plainly.
Speaker 1 (19:31):
Yeah.
Speaker 2 (19:32):
I mean, I don't know if humans can be replaced by
technology perfectly.
And this was an argument that Ihad when I did a talk on
process mining for audits andgovernance and such.
And so there was someone whoasked me like well, if we have
all this automation andeverything in place, then we
don't need auditors, or we don'tneed auditors if we have AI.
And I said no, because there'sgoing to be some exceptions that
(19:55):
you have to manually put ahuman lens and verify if this is
a serious security exception orif this is okay to add and
things like that.
Decisions like that can't bejust zero or one logic.
You need a human perspectiveand the knowledge and experience
that you've gathered over theyears to apply to that kind of
decision making.
(20:16):
If you just put everything inan algorithm and say make your
own decisions, I'm pretty surethe results are not going to be
bad.
Just like if you put one promptand say write me a whole
research on XYZ.
It's going to have a lot ofstuff that I just made up and
you don't want to apply it, justas is to security.
This is why you need humans,just like any machinery right,
(20:37):
you have machines that made ourworld easier, but you still need
humans to develop and guide andgo through that journey with it
.
I think that's what AI is goingto be.
It's going to be a really goodsupport, but not a replacement.
Speaker 1 (20:54):
Yeah, it's so far off to actually be a replacement
and I feel like companies arelike moving too quickly in that
direction.
Where they're?
You know, like, absolutely, Iwon't say where I work right now
, but it's within.
You know the mortgage industry,right, say where I work right
now, but it's within.
You know the mortgage industry,right, and there's huge pushes
(21:15):
for AI to get rid of, like, loanofficers and loan underwriters
just completely.
And you know, like we're allkind of just sitting here.
Like you know, we're moving soquickly towards this.
You're going to eliminate allthese jobs and in five years,
you're going to figure out Ineed double the amount of people
, right, even with this AI ontop of it that is doing whatever
(21:36):
, right, and that's really likethe case for most things.
Now, I do think that there'ssome areas that, like, it'll
offset in the near term, right,like you know, I was reviewing a
contract with a customer ofmine and rather than pay $1,500
(21:57):
to a lawyer to review thecontract and give me their
opinion on it, I'm just going tothrow it into Grok.
See what Grok tells me.
I'm going to review it myself,use my head, google what I need
to Google and put it back intothe document and send it back,
right, I've never had, you know,an actual lawyer, like you know
, receive the document from meand be like this doesn't make
(22:19):
any sense.
This is stupid.
Like he's never, they've nevercalled me out on it at all.
So why would I go and pay theguy that you know I've, I've
used before, right, like, whywould I pay them?
It doesn't make any sense, youknow.
And another thing is probablylike, probably like graphic
design artists, you know, orwhatever, whatever that might be
(22:41):
.
Speaker 2 (22:41):
We're going to have a debate right here.
Speaker 1 (22:43):
Yeah, well, it's a.
It's an interesting debate.
I'll tell you this, right.
So I recently paid someone tolike create a logo for me and
everything like that right, anew logo.
And did a fantastic job Like nocomplaints, nothing Like I've
used them before, did fantasticwork.
Grok goes and gives me a promptsaying do you want a logo for
(23:09):
this services website thatyou're standing up Like why not?
I already paid this guy Doesn'treally matter.
I'm going to go with that logo,but it would be cool to see
what Grok gives me.
And Grok threw out four draftswithin 30 seconds and all four
(23:29):
were better than what I justpaid for and I'm just sitting
here like this is that's goingto be a problem for a lot of
people.
Speaker 2 (23:39):
I mean competition.
Yes, I think that also makes mecurious what are going to be
the copyrights for images andproducts generated by AI, right,
yeah, do you have thoughts onthat?
Speaker 1 (23:52):
Because these companies like 100% could lay
claim to whatever their AI cooksup.
But that would also open thedoor to like, massive pushback
right From the population that'susing these tools where it's
(24:14):
like, hey, you know, weunderstand our data is, you know
, being sold on the back andyou're making your money somehow
some way, right.
But it would lead to otherthings.
That's the problem.
Like they could 100 do it.
Like they, they could just likecompletely destroy that and rip
that from our hands andeverything.
But that would lead to so manyother negative things for them
(24:37):
in the court that, like I don'tthink anyone would ever do that
yeah, that's definitelysomething to look or think about
.
Speaker 2 (24:45):
Wasn't there a recent discussion about Disney
princesses versus AI?
Because I think Disney is insome discussion about not giving
out its I don't know, I had a.
Speaker 1 (25:00):
Really.
Speaker 2 (25:00):
I wasn't talking about it, but I think cases like
that will come up.
Bi starts generating things offof products that are already
copyrighted, but then it addsits own twist to it.
Now, who really owns it?
Is it a general creator?
We're going in a completeloophole here.
Speaker 1 (25:22):
Yeah.
Speaker 2 (25:23):
When you mentioned that, hey, I replaced my
designer or not replaced, but Icould replace my designer
Augmented.
Could, and that makes me thinklike what's going to be the
originality of stuff.
And what if it creates the samelogo for another user and
nobody has the rights?
So who wins?
Speaker 1 (25:43):
Yeah, yeah, that that is.
That's an interesting conundrum.
You know that that will thatwe're inevitably going to fall
into.
We're probably already in itand we don't know, you know yeah
, I think the same applies tosecurity too.
Speaker 2 (25:59):
When you mentioned earlier that, hey, we're moving
too fast adding AI to securityand products in general, not
security products in general.
We have AI features or AIcapabilities and that can have a
(26:26):
lot of negative impact on whatyou're actually creating with AI
.
For example, if you create aplatform, if you have a platform
that takes a lot of customerdata and you want to add an LLM
or a natural language processingkind of query, people can
create easy policies orconfigurations based on that.
But if you don't control thedataset models and don't have
(26:49):
proper boundaries in place, thenyou're kind of mixing up.
First of all, you could be in aproblem where you mixed up
different customer environmentsor proprietary data from
different customers.
The other thing is how do youavoid LLM poisoning or data
poisoning and LLM hallucinations, right?
How do you control that?
It can make its own stuffSomething as simple as like give
(27:12):
me a summary of my threats thatyou've seen from my environment
and what if it makes stuff upto give you that answer.
But if you completely rely onit and if the creator of that
platform doesn't have propersecurity features in place to
avoid that from happening, thenyou're just prone to so much
more attack surface.
And then there's a whole otherthing about prompt injections
(27:36):
and all those things coming intoplay as well.
So, as companies are running toget or to say that we have AI,
AI something, platform, AIpowered, AI enabled, AI assisted
, it's so important to know orask the right questions, I think
, as a consumer.
But how do you protect againstall these different risks that
(27:58):
AI features can introduce in theenvironment?
Is it keeping my data safe?
Do you have proper boundariesin place?
Is the data set given by thecompany or is it like?
What kind of model are youusing?
Are you using like an openlibrary?
Are you using a control dataset?
How are you controlling thatgovernance piece?
(28:18):
How are you controlling theprivacy piece?
If you don't ask the rightquestions, every platform is
going to use AI in somecapability, but you may expose
yourself to higher threats andhigher risks, and I think that
conversation in itself is awhole entire topic.
You would have an entirepodcast series on that.
Speaker 1 (28:39):
Yeah, I have.
It's a pretty expansive areaoverall and you know, like you
said, I feel like when we weregoing into the cloud, basically
10, 15 years ago at this point,you know, a lot of people didn't
realize the huge risk ofsharing resources of.
(28:59):
You know, hey, I'm gonna throwall this data into this S3 or
this EC2, you know, whatever itmight be, whatever, maybe a
Lambda when they came out andwhatnot.
And surely AWS would never usemy data against me and create a
competing product before me veryconveniently before I launch it
and whatnot.
Or you know, another customerwould never be able to see you
(29:23):
know this data or anything,because when I log in, you know
the portal's right there andit's only my stuff.
But you know, unfortunatelythere's been reports of all of
the big cloud providers actuallylaunching, you know, competing
products conveniently, rightbefore a startup is going live
right, conveniently, rightbefore a startup is going live
(29:43):
right With you know, code that'svery similar, that was built on
their platform, and now theyhave this new product and
there's nothing that you can doabout it, right, because when
you're a startup, I mean you'rekind of going, you know, month
to month, week to week, for theamount of money that's coming in
and whatnot, and when you'reAWS or GCP or you know Azure,
(30:05):
it's like what's a couplemillion dollars that we're going
to waste on this lawsuitcompared to, you know, this
willow chip that we just madeand spent probably like two,
three, four billion dollars onto create over the last 15 years
?
Like what does it matter?
You know.
Speaker 2 (30:20):
Wow, yeah, that's an interesting topic for sure.
Actually, that brings anotherquestion in my mind, so I'd love
to know your thoughts onacquired platforms.
You know these big companies.
They acquire startups andsometimes offer their
capabilities for free, orsometimes might integrate them
(30:42):
in the bigger platform, orsometimes just not use it at all
right, it gets peered.
And then there are startupsthat are innovating so fast and
they are all hands on deck.
They're super focused on whatthey're delivering and it's all
inbuilt and native nativeoffering, right, um, curious.
I have my own opinions about it.
(31:02):
Of course, come, I've been in abigger company, I've been in
smaller companies, so, based onmy experience, I have my own
opinions, but I'm curious whatyou hear and what you think
about that acquired platformsversus native innovative
platform.
Speaker 1 (31:19):
Yeah.
So speaking from an end user,right Like, I've only been an
end user, I've never worked fora, for a vendor.
You know I haven't like soldthe product.
I'm a pretty good salesperson,right From an end user, it's all
.
It always makes me nervous whena product that that I like or
have used gets acquired by, youknow, palo Alto or Cisco or
(31:44):
Microsoft, google, wheneverthey're acquired by any of these
giants.
Yeah, because you're likewhat's going?
Speaker 2 (31:51):
to happen to it.
Speaker 1 (31:53):
Yeah, you know, like the list is pretty extensive of
products that were amazing andthen they get acquired.
And I mean, two years in it's anew product, it's completely
reskinned.
It looks like someone justjacked up the UI.
Completely doesn't operate.
The same.
(32:13):
All of the roadmap items thatwere supposed to take place
never came to fruition for anumber of reasons.
Right, and it destroys products, like typically, right, and
that's why I'm a little bitnervous with Google acquiring
Wiz, because on Wiz, yeah, wizwill protect themselves, right,
(32:34):
they built their product on AWS.
It's also not like, it's notout of the realm of possibility
that someone could recode it.
You know some genius fromGoogle could recode it to run on
GCP, right, like it's not.
It's not rocket science.
And you know, like I've gonethrough the whole thing of
(32:55):
talking to Wiz about it and theyall seem very confident that
nothing's going to happen.
But still, again, you know, likethere was a, there was a
permissions company that wasdoing cloud permissions
completely differently fromeveryone else, and I can't
remember what it was called.
Google bought them and theproduct development stopped when
(33:18):
they bought them.
They bought them seven, eightyears ago and they and they were
five years ahead of everyone.
Google bought them.
I think it was like BeyondSecurity or something like that,
and at first Google just tookthe same name and integrated
them into GCP and it was like,okay, it operates the same and
everything else like that.
(33:38):
Then it just seems like theycompletely forgot that they had
that product Like it's.
You know, now it's lacklusterwhen before it was so far beyond
everyone else, like I wasliterally evaluating it to be
like can I use this thing likeon-prem?
Speaker 2 (33:59):
Because I want to use this everywhere now yeah, yeah,
no-transcript and refine,fine-tune things to make it work
(34:31):
with everyone.
Sometimes, I mean, most of thethings are pretty casual.
They're global, right, but ifthere is a customer using an
integration that's not reallywell popular or they have their
own in-house data source theywant to extract things from,
there's always going to be caseslike that where you need access
(34:53):
to the leadership, theengineering team of the company
that you're working with.
But if you're working with abigger company, what does that
customer support going to looklike?
And I think that's a pretty bigdifferentiator in people think
oh, I'm going to get this XYZthing for free, so I already
(35:13):
have a partnership with this bigcompany and they're going to
throw in this XYZ thing thatthey just acquired for free.
So why can't I just go withthem?
Because they're a brand name,they're a bigger name, they're a
bigger company and logo.
Why would I go with a smallercompany or a smaller startup?
Well, there's a pretty bigdifference there, because, sure,
(35:34):
you're going to go with awell-known brand or logo or
whatever much bigger, billionsof dollars logo, but what is the
compromise you're making andwhat are the pros really
aligning with the cons, and Ithink that's something that
should really stand out forconsumers.
I'm sure, just like you said,you've never been on the vendor
(35:56):
side.
You're a consumer, but you'realready thinking that right,
you're already thinking like,hey, how is this going to impact
?
What kind of service am I goingto get?
And not only customer serviceand support for product and
platform, but even beyond that,in terms of innovation At bigger
companies, how many layers ofapproval do you need to go
through to release a feature andyou're going to try to make it
(36:18):
work with the entire ecosystemso that it benefits the bigger
ecosystem.
That may have nothing to dowith the problem that you're
trying to solve, but you'retrying to sell more of your own
bigger services, broaderservices Whereas at a startup
you're kind of straight focusedin your core area the problems
you're trying to solve andyou're vendor neutral because
(36:39):
you don't have expanded libraryof services you're trying to
upgrade the client to or tryingto sell them on.
So you're just going to keepyour focus on what does the
customer actually need in thisspace and how can I make it
better?
And if there's innovation thatneeds to be rolled out, it's
much more faster.
So the pace of innovation ismuch faster as well.
I think that is something thatbroader audiences or customers
(37:02):
should keep in mind when they'rethinking about should I go for
a free version of somethingbecause a bigger company is
offering it, or should I stickwith a company that may be
smaller in size yet reallyexecuting on all fronts and
really delivering results in somany ways?
So glad to hear that, from aconsumer perspective, that
(37:23):
you're already thinking about it, and I'm sure a lot of smart
leaders out there also think.
I hope think the same way.
Speaker 1 (37:30):
Yeah, it's, you know it's become so critical.
I involve it in my like POCcriteria, right, the success
criteria, where it's like, hey,I'm going to cold call your
support, I'm going to just callthem, email them, open a ticket,
whatever it is right, and I'mgoing to grade the level of
support I get, just plain andsimple, right, and so I've been
(37:51):
on the support side and so Iwon't play like a difficult
customer or anything like that.
But I mean I'll act likesomeone that, hey, I just logged
in for the very first time.
This thing isn't working.
I was told I need to go fix it.
What do I need to do?
Right, that's probably like,you know, a softball pitch,
(38:11):
right, like a little soft pitchto any support engineer, like
they should be able to handlethat.
And then, as it goes on, thedifficulty gets ramped up.
Right, I want to see you knowwhen you decide to escalate,
because that matters for me,when I'm trying to get something
resolved and you don't know,within five minutes you should
be escalating.
Right, like immediately.
(38:31):
You should be like, hey, I needan adult over here to help me
on this thing.
You know, let's get through it,because I want to provide that
level of customer support.
And for sure, I mean, like youknow, for those companies that
bought the IAM tool from youknow, before Google bought them,
right, I'm sure they weregetting outstanding support, and
(38:51):
that's what I actually heard inthe industry too, that they
were getting outstanding support.
Go and open a support ticketwith Google, right, like, let's,
let's start there, open asupport ticket with Google and
we'll time them for when theyget back to you and what their
response is and all that sort ofstuff.
Right, like, because thatmatters a whole lot.
(39:13):
Good luck trying to getMicrosoft on the phone.
Microsoft is typically a littlebit better about it, you know,
like they'll put.
They'll throw someone in frontof you with the Microsoft, you
know.
But it's like, ok, I'm like Ijust ran into this random issue.
I'm going to spend the next twoweeks trying to get someone on
the phone.
They're going to have toescalate it five times because
no one knows what they're doingover there.
Right, and this is a one offproblem.
(39:36):
So, like, god forbid me as anend user, I can't solve a
problem in their product beforethey need to solve it.
That's like the literalsituation.
I've been on calls where I'vehad to reverse engineer
(39:59):
someone's product and explain tothe person that's supposed to
be giving me support how theirproduct works, most likely on
the back end for them toescalate it to get someone on
the call that understands whatI'm asking.
And I'm just sitting here likedude.
This was, this is a four hourcall.
Now, this was a five minutequestion.
Right, you should haveescalated at minute 10.
Like, as soon as you didn'tknow what I was saying, you
(40:22):
should have escalated.
You know, and on the flip sideof that too, I have, like, I've
internally experienced where youknow we're, you know,
internally at a company, right,we're evaluating CSPM solutions.
You know only, like, the coreof your cloud security program
(40:43):
kind of an important thing toyou know, have the right one in
place.
Have all of the top competitorsI mean, there's eight or nine
solutions I'm looking at, right,and I'm evaluating them.
I'm nitpicking them becausethat's what I'm supposed to do.
And you know, last minute, avendor that we, we bought
everything that they sellbecause, guess what, they own
(41:06):
the entire space in a categoryand it's like, hey, you're
either going to go with them orgood luck with anyone else.
Very rightly so.
Their product is amazing, Ilove it to this day.
I have used it for years.
Right, they decided, hey, we'regoing to get into the CSPM
space.
Right, like, we're going toplay in this space too.
(41:27):
We heard you guys wanted it.
We'll give it to you for free.
So you know, my VP, my CISO.
Like, they're fully bought intothis company.
Right, because we already havea contract with them and
everything else like that.
We're never going to rip themout, nor should they.
And we get on this demo call.
(41:49):
Demo is in the title of themeeting.
Right, to me, that means we'regoing into a console.
Speaker 2 (41:57):
Yeah.
Speaker 1 (41:57):
Right, we're clicking around, okay, we get on this
call and it's nothing but slides.
For an hour it's nothing butslides and screenshots and
mock-ups.
I'm like, okay, guys, that'sfine.
You know you guys mistitledthis one.
I want to see the tool.
Speaker 2 (42:14):
Yeah.
Speaker 1 (42:14):
Right, put the tool in front of me.
Let's get another hour on onthe clock.
Right.
Next week we get on there demoagain in the title more slides.
And I just go back and I meetwith my cso and I just told them
like hey, they're showing usslides because they don't have a
product.
Like they're giving it to usfor free because they can't
charge us for something theydon't have right, but if we buy
(42:36):
it, they'll build it.
Speaker 2 (42:37):
Basically it's like you're more like a design
partner than a customer yeah,which is it's.
Speaker 1 (42:44):
It's cool for, for.
For me, I guess, if I reallywant to deal with, you know, the
heartburn for a couple years,I'll get the product that I
specifically want, you know, butit's like man, do we really
want that?
Or can we just be moreefficient and go with the market
leader in this space, pay alittle bit extra because they
(43:06):
already did the work?
Some other customer took thebet on them and they built it
around that person already youknow like come on.
Speaker 2 (43:16):
Yeah for sure, yeah, sure, yeah.
I, I can definitely relate tothat yeah, I couldn't.
Speaker 1 (43:22):
I just you know the first call, when it was titled
demo, I was like okay you know,I'll give you a break.
It's fine, someonemiscommunicated, it's all good I
mean I think second call.
Speaker 2 (43:34):
Yeah, I think the moment you see a Figma mock-up
in one of those slides, you knowlike, oh, this is talk.
We're going to talk about whatthe demo will be.
Speaker 1 (43:45):
Yeah, I'm very Now, I'm very sus of any mock-ups
that I see.
I'm just sitting here like, oh,I don't know if this thing is
real.
Yeah, yeah, well, I'm justsitting here like, oh, I don't
know if this thing is real, yeah, yeah.
Well, that's the weird spacethat we're in because, like
security, just security overall,right from the corporate side.
It's so hot.
(44:05):
You know, you got securitycompanies spinning up every day,
basically, and they're going toRSA, right, and by the end of
the year they're dead, they'reno longer a company, and you
know, and these people, I meanno, knock on them.
I've interviewed some of them.
They're just creating thesecompanies to sell them and make
(44:25):
a whole bunch of money.
Hopefully Cisco buys them, hasto deal with that garbage
product, right, and no one'sgoing to buy it from there on,
right.
I mean, that's the situationthat the market is in, because
they see Google spending 34billion on WIZ and it's like I
can build something that WIZwould buy, that they're lacking,
(44:47):
which probably isn't the case,because if you look at their
product suite, they doeverything in the cloud, but
everyone sees that dollar sign.
They're just like, oh yeah, Icould get a couple million here
or there.
You know, it's just we'regetting sidetracked quite a bit
and it's my fault.
I'm supposed to be leading thisthing.
Speaker 2 (45:07):
Yeah, I know I started asking you questions, no
, but I enjoy our conversationand I don't know how we got here
.
Speaker 1 (45:27):
I think it started with my journey and then quantum
, and then I, and then, yeah,start computing companies you
know, and like if you because ifyou look at any sort of stocks
there's like four right that youcan invest in that are related
to quantum, that are likedirectly building a business all
around their quantum computer.
Speaker 2 (45:48):
Yeah, and also there is university investing heavily
in research in that front aswell.
My professor, dr Brian Kellyfrom UTSA I know he's pretty
involved deep into it andthere's independent research
organizations as well that areinvesting in.
I don't think we're really injust theoretical phase for
quantum.
(46:08):
Yes, it's not like the magic.
You're going to see quantumcomputers in every house stage.
But there is more than justtextbook right the quantum key
distribution channel.
Recently I was reading anarticle that there was a longest
practical quantum keydistribution channel established
(46:28):
between two points.
I don't remember exactly theorganization that was associated
with it now, but it's a provenfact, the organization that was
associated with it now, but it'sa proven fact.
So once the channels areestablished, now you're dealing
with other things like thescalability of it and things
like that.
But the fact that these kindsof things are happening is a
proof that it's not just theoryanymore.
(46:50):
It's not magic.
It's not like teleportation atthis instant, but there is
progress in proving out theconcepts of quantum computing.
So I'm sure that we will see agradual progress in that.
It's not like AI that you canjust plug in with code and get
its actual physical equipmentand things needed on top of it,
(47:14):
which makes it a little bit more.
I guess, effort it requires alittle bit more effort.
But yeah, I agree, I don'tthink it's just theory or just
text.
For sure, interesting,interesting for sure.
Well, thank you for having me.
I know we're almost out of time.
Speaker 1 (47:34):
Sorry.
Speaker 2 (47:35):
No, no, no.
I truly appreciate theopportunity to be here again and
just speaking candidly aboutall these topics.
I'm looking forward tofollowing more of your podcasts
and discussions with all ofthese people and see where
things are going.
Thank you, yeah, absolutely.
(48:07):
Well, before I let you go, howabout you tell my audience where
they could find you if theywanted to?
You know, connect with you andreach out, and you know probably
even like you know, you weren'there on is Aksa Taylor.
You can also find abstractsecurity on LinkedIn.
We recently published a bookApplied Security Data Strategy.
If you want, and that's freelyavailable.
It's a community resource.
(48:27):
We talked about it.
We're doing anothercommunity-led event and that's
going to be in Pittsburgh.
So if you're in Pittsburgh,please come say hi to me in
person.
It's going to be my Pittsburgh,so if you're in Pittsburgh,
please come say hi to me inperson.
It's going to be my firsttravel after my maternity break,
so I'm pretty excited.
Speaker 1 (48:41):
Awesome, awesome.
Well, looking forward to it,I'm sure I'll you know, see a
recording of what you guys aredoing in Pittsburgh, and we'll
definitely be in touch.
Speaker 2 (48:50):
Thank you, thank you, I look forward to it.
Speaker 1 (48:52):
Awesome.
Cool.
How's it going, aksa, it'sgreat to get you back on the
podcast.
I'm really excited for ourconversation today.
Speaker 2 (00:08):
I'm loving it, thank you.
Thank you for having me backand I'm super excited for our
talk today.
Speaker 1 (00:13):
Yeah, yeah, absolutely.
So you know why don't we startwith how you got into IT?
What made you want to go downthat path?
Was that always like a passionof yours?
Did you study it in university,or you know what does that look
like?
Speaker 2 (00:29):
Yeah, I kind of mentioned this story a couple
times at other places, but Ididn't really study IT or
cybersecurity.
I was electrical andengineering graduate and I came
I was doing my master's atUniversity of Texas in San
Antonio and I had to take acourse that's outside of my core
subject, which is electronicsand communication, and I there
(00:52):
was a new course on cloudcomputing.
I took it and then that kind oflike shifted my entire focus
and that led to my first jobwith Twistlock, the first
container security solution thatwas available back then, and
then that led to Twistlock beingacquired by Palo Alto Networks,
which really put me in theproduct management track, and
from there I realized thatstartups is my thing.
(01:17):
So I've continued my journeyand now I'm with Abstract
Security, who is more of thedata operations, security
operations world.
So it's kind of a shift fromthe container security world
into this and definitely a shiftfrom the electrical and
communications engineering worldto cybersecurity.
One of the things that kind ofintroduced the cybersecurity
(01:38):
world to my life was I was doinga paper during my master's
thesis on securing cloudcontainers using quantum, a QK
quantum key distribution andthat kind of introduced me to
Twistlaw because I was talkingto people who are doing
cybersecurity, because I waslike I don't know what container
security is.
(01:58):
I know a little bit what Ithink I understand about quantum
, which is like juxtaposingitself.
That's what led me to Twistlawagain what I think.
Speaker 1 (02:05):
I understand about quantum, which is like
juxtaposing itself.
Yeah.
Speaker 2 (02:07):
That's what led me to TwistLog, and the rest is
history.
And that's how I got here.
Speaker 1 (02:13):
Yeah, it's a.
It's an interesting path, youknow, because, like I tell
everyone in security, right, oreveryone trying to get into
security or thinking about it,right, you have to be curious.
You know, like that's likenumber one above everything else
.
Like you have to be so curiousthat it's like embarrassing to
be that curious.
(02:34):
You know, and there's somethingabout it too, because I've seen
other people, you know, thateven like, get into security and
they get bored, you know, andlike maybe it's the role right,
so they change roles and they goto a new place and they get
bored.
You know, and they and likemaybe it's the role right, so
they change roles and they go toa new place and they're like no
, this is, you know, this justisn't for me, and for me, like,
I don't have that problem at all.
It's like, you know, I have awhole list of things and it's
(02:56):
going to take me, like beyond myentire career to get through
them all.
And, I'm sure, as new things popup I'm going to be diving into
those right?
Speaker 2 (03:07):
Yeah, what were you going to say?
I was just going to add on towhat you're saying that people
outside it may look like aglamorous role, like, oh,
cybersecurity, I get to likestop the hackers, stop the bad
guys.
But there's a lot of nuanceswithin cybersecurity, like what
kind of a track?
What track do you want to take?
Are you going to be inapplications?
Are you going to be in auditingand governance?
(03:30):
And if you're not in the rightplace, you'll end up in a boring
job that you don't really like.
So I think it's reallyimportant to, instead of
thinking about like I want toget into cybersecurity, think
about what topic really excitesyou.
Is it AI?
That's the buzzword right now.
We want to know what are thebest practices and security for
AI.
Then just do the research andthe opportunities will come to
(03:52):
you automatically, right?
You do the research, you learnabout it, you talk about it, and
then people who are looking forroles to fill are going to
eventually find you if you arein the same.
And that's kind of what happenedto me.
Like I wasn't looking for a jobin cybersecurity per se.
I was just trying to finish mythesis and a major part of it
was the security role, the cloudcontainers, container security
(04:15):
or cloud security.
So I had to do research, I hadto learn all about it, and I
mean all the timing by God'sgrace that it worked out where
they were looking for someone,and this was new.
And all things work togetherfor my good.
But I think if I set out aftermy master's thinking that I want
to get a job in cybersecurity,I won't say it's impossible, but
(04:36):
it's difficult, because so manyjob descriptions out there say
you must have experience in XYZ,you must have experience in
that.
How are you going to getexperience if you don't get the
opportunity?
And so I think the focus shouldbe on the topic that makes you
passionate yeah, yeah, that's areally good point.
Speaker 1 (04:55):
You know it's crazy because there's there's been so
many people in the industry thatcomplained consistently about
these stupid job descriptions.
You know, and like the, the,maybe the biggest one that like
stood out to me was when thecreator of Kubernetes, right,
like this guy, literally createdthe container framework.
(05:18):
You know, yeah, he, he, he sawa job posting that required, you
know, 10 or 12 years ofexperience, and this is like
eight years into you knowKubernetes existing and they
declined him and he's like I'mon the paper that like started
it.
You know, like it's so crazy.
(05:40):
You know, and people have suchunrealistic expectations of what
that experience even means orbrings to the table that you
know they're taking I feel likethey're taking, you know this,
this like 10 years of experience, as like a broad.
Okay, you're a senior, you're alead.
You know we're going to applythat insecurity.
Speaker 2 (06:00):
It's like no, that, that that isn't how that works
at all you put it into an AI LLMand you get this really nice,
curated thing with all the rightbuzzwords, but then you may not
(06:32):
get the person that you wantedfor the role.
I think we should really getaway from the applications and
just be like, hey, let's talk Ifyou have what it needs and you
have the experience.
Just bullet, point what you'vedone facts and let's get into it
.
But instead it's all about thebuzzwords, the years and, yeah,
it's, it's been hard yeah, maybethe most frustrating part for
(06:53):
me is, you know, like I like.
Speaker 1 (06:56):
So I have two little kids, I'm getting my PhD, you
know I do consulting on the sideand I have a nine to five right
, so I don't have the time tomodify my resume.
You know, for 10 different jobsit's like here's my resume.
If it looks interesting, callme.
Right, like that's what it is.
But to these like filters andeverything, you basically have
(07:19):
to rewrite your resume for everysingle application you submit
to even have a chance.
You know, and I recently wentthrough a round of like
interviewing, looking for a newjob and everything, and I barely
got any hits and I think it'skind of twofold right, like the
job market is in a weird placeright now where you know when a
(07:42):
role goes up on LinkedIn, rightwithin two hours it has over 100
people applying to it.
I don't know if they're bots, Idon't know if they're real
people, right, like maybethey're all fake or something
like that.
But how am I ever going to getrecognized for any position in
that situation, let alone nowI'm formatting my resume to fit
(08:05):
something that I'm not evengoing to get recognized within
right?
So like it's this crazyconundrum.
Speaker 2 (08:11):
And sometimes you don't even get to the stage
where you can talk to a person.
You're just automaticallydeclined based on some keywords.
Speaker 1 (08:18):
Yeah, yeah, that's the craziest thing.
Maybe my most successful roleseven, I think, have been from
hiring managers that watch thepodcast.
They heard me talk about atopic and they're like, oh, I
need a guy in cloud security.
I like, I like his personality,I like how he thinks his
(08:39):
skillset is there.
Right, cause I'm not justtalking to anyone right, like
I've had on, like yourself I'vehad on, you know, ai security
experts from NVIDIA that areover here talking about, like
tiered architecture for AImodels that you know I'm over
here like trying to just keep up.
Like I feel like I'm barelyable to read.
(09:00):
You know what this guy'sputting down right, but having
that broad range of experienceopens you up to hiring managers.
You know what this guy'sputting down right, but having
that broad range of experienceopens you up to hiring managers.
You know a little bit moreright, and getting out there and
talking about it, reallybuilding a brand for yourself.
Speaker 2 (09:16):
Right, I think also.
I see a lot of knowledge sharingand people who do a lot of
knowledge sharing and I thinkthat's so important for our
community our defenders,security defenders, community to
share that knowledge moreoutside of just talking about
our products and platforms right, and that's why I love podcasts
(09:39):
like these, where we can justhave an open conversation about
things going on and, of coursecourse, highlight innovations
that people are doing withintheir company and what what the
product is doing.
But it's also important to justtalk about, I think, things
outside of work related stuff.
I don't know there's a thinline on LinkedIn on how much you
(10:00):
can post about versus.
I'm definitely not an expert onthat, but I like knowing like,
hey, you're a person behind thecorporate mask, right, and you
have your own life and you haveyour own story and how you got
to where you are, and that'sinspiring to me.
Just going reading stories ofpeople, how they got there, and
(10:21):
I think that affects our work aswell.
If I see someone who's gonethrough a similar work track and
that I'm trying to get into, itopens up different ways of
thinking and how to think aboutcareer and just our own personal
journey as well.
So I think we need more of thatas a community that don't treat
(10:41):
people like oh it's a sales guy,I'm not going to reply to him.
Oh, it's a CISO'm not going toreply to him.
Oh, it's me, so I'm going toreply to him, like that kind of
differentiation based on titlesor vendor names.
We should really try to look atpeople as people and they're
solving problems and we're allhere to protect environments and
organizations in whatever way.
(11:02):
If you are an organization,you're trying to find services
to protect yourself.
So community is key tocybersecurity and I think that
is what also opens doors ofopportunities for people if we
create that bridge and have morecommunity-led projects.
Speaker 1 (11:23):
Yeah, something you said about kind of being more
open.
I've always found it that thesecurity industry overall, right
, at least at least once, you'rethan happy to discuss a new
topic with you.
They're more than happy to talkabout what they're working on,
(11:48):
what they're finding.
All this different stuff, right, which was something that I was
nervous about, you know, goinginto this podcast, right, is
who's going to come on, who'sgoing to even, like, want to
talk to me?
Why would they talk to me,right, all these different
questions that you always, youknow, have pop up in your head
when you're doing something new,something you haven't done
(12:09):
before, or whatnot.
But you know, everyone thatI've had on, right, you know,
but it's like everyone that I'vehad on for the most part, like
they're all very open about it.
You know, and, to be honestwith you, the people that are
there because, like, their prperson put them there and they
don't really want to talk to me,like those episodes don't even
(12:30):
go live.
It's just like, yeah, I'm notgiving you, I'm not giving you
the marketing, you know keepingit real yeah, because I you know
, I I do, I do almost no editingand the editing that I do is
now done by ai, so like.
So you know, I feel like itadds an authenticity to the
podcast, right, when you come onand you tell your story,
(12:52):
they're going to hear your storyfrom you.
I'm not choreographing it.
You know, like you've been onthe podcast twice and I don't
think I've sent you, I don'tthink I've sent you any
questions, like, like nothing.
Speaker 2 (13:06):
In fact, not even today.
I was just like, oh, what arewe going to talk about?
Well, it's Joe, we're justgoing to find something to talk
about.
Speaker 1 (13:13):
Yeah, yeah, we'll figure it out.
You know, that's a good thingabout this space, though, right,
and especially with abackground like yours, right,
where we're talking about, youknow, pqc and containers there's
so much that we can dive intoit.
I was actually thinking aboutthis, you know, last night maybe
I guess I'm a nerd, right so Iwas thinking about like quantum
(13:41):
encryption overall, because Ihave to know, I have to know
like I feel like just enough toget by and not sound stupid and
not insult an expert.
You know, like with withknowing, you know with like
doing my research, right, and soI'm thinking about like how
much I actually like know, um,you know within the space, and
I'm like man, I think I thinkit's like 2%, but I think we
(14:08):
probably also only know maybe40% of what it actually is
overall.
So that takes it down to like0.5, 0.4,.
You know of what my actualknowledge is.
Speaker 2 (14:21):
That's what I was going to say.
Is there truly a full knowledgeof quantum world?
I remember my professor righton day one of the class, when I
I mean day one of me startingthis report with him we had a
one-on-one to discuss what thisis going to be.
He was going to give me booksto read and all those articles,
(14:43):
research material, and he,before giving them all to me, he
said this look, as you startthis journey, just whatever you
know until now, throw it out thewindow.
You're going to relearneverything from this perspective
.
So just come with a completelyopen mind.
Don't bring the laws of physicsor logic into what you're
(15:03):
learning.
Just learn with a completelyopen mind.
And that's key to starting yourquantum learning journey.
And I thought why Everything'sconnected to starting your
quantum learning journey and Ithought why, like everything's
connected.
and then I started reading andall the principles and I was
like this is a lot yeah I seewhat he was saying now and
honestly I am excited about itand I think not think I mean you
(15:26):
already seeing the merge ofquantum in the cloud security or
security world itself, whetherwe talk about cryptography or
whether we talk about securechannels and things like that.
I don't know if we'vecompletely accomplished it, but
I think it's something that weshould talk about because it's
(15:47):
going to impact our world sooneror later.
Speaker 1 (15:50):
Yeah, yeah, you know, I've had on other people and
every time we go down thisrabbit hole, right, it's a weird
situation because we've beentold for so many years I mean a
couple of decades at this point,right, that you know quantum is
(16:10):
right around the corner five,ten years, whatever arbitrary
number is thrown out there.
But recently it's kind of morein front of your face because
now we have this LLM, which isnot an AI, it's not quantum,
right, it's a brand new searchengine that is way better than
(16:31):
Google.
I mean, I use Grok more than Iuse Google now but it's like a
building block for what youwould call you know AI, right,
and AI and quantum are tiedtogether in everyone's heads,
like it's impossible to separatethe two, no matter how much
delineation you break it apart.
Right To separate the two.
No matter how much delineationyou break it apart, right, like
everyone is going to think aboutthe other when you mention you
(16:54):
know AI or quantum, right, andso we're in this weird flux
state right, where it couldliterally happen tomorrow or it
could literally happen in 10years.
Everyone just knows it's goingto happen.
And I was talking to aresearcher based out of Germany
who's actually like doing?
You know this legit quantumresearch with satellites,
(17:15):
launching satellites?
He launched one over theweekend and I mean he literally
told me.
He said you know everyone inthe space, that's anyone that
knows anything.
We're all kind of a little bitnervous right now.
Right, because now everyone ispaying attention to it and you
(17:36):
know, you have Google, you haveMicrosoft, you have Nvidia,
tesla all these companies arebuilding towards, you know, an
AI integrated quantum computer.
Right, because once you give AIthe proper amount of power that
quantum computing unlocks,basically it's pretty much
(17:57):
unstoppable.
There's no dialing it back in,right, and the argument is that
essentially the genie is alreadyout of the bottle and so you're
not going to put the genie backin the bottle, you kind of have
to just go with it at thispoint and hopefully, you know,
the genie doesn't destroy you atthe end of it wow.
Speaker 2 (18:18):
Well, I'm not an expert on quantum, but I'm
definitely looking forward tothat episode of yours yeah
researcher because in I guess,I've been more on the
cybersecurity kind of world.
I've lost touch from the quantumworld ever since I graduated
and AI is definitely somethingthat's on everyone's minds.
I don't know how much I thinkof quantum and I think of AI,
(18:40):
but for sure, from a vendorperspective, from someone
thinking about solutions that wecan solve for clients or
organizations that haven't beensolved before, and how do we
make it better for clients ororganizations that haven't been
solved before.
And how do we make it better.
The problem is there's so muchhype about AI that sometimes the
buzz is greater than the factsand the facts get buried inside.
(19:01):
We were just discussing thisbecause we're going to have a
panel in Pittsburgh about AI andsecurity and just facts from
people actually building itright People from AI companies,
and what are the problemsthey're trying to solve.
How are they solving it.
So what's buzz and what's real?
I think that distinction isstarting to get very blurry.
Speaker 1 (19:23):
Yeah.
Speaker 2 (19:24):
There's so much hype on AI and people say things like
AI will replace XYZ jobs justso plainly.
Speaker 1 (19:31):
Yeah.
Speaker 2 (19:32):
I mean, I don't know if humans can be replaced by
technology perfectly.
And this was an argument that Ihad when I did a talk on
process mining for audits andgovernance and such.
And so there was someone whoasked me like well, if we have
all this automation andeverything in place, then we
don't need auditors, or we don'tneed auditors if we have AI.
And I said no, because there'sgoing to be some exceptions that
(19:55):
you have to manually put ahuman lens and verify if this is
a serious security exception orif this is okay to add and
things like that.
Decisions like that can't bejust zero or one logic.
You need a human perspectiveand the knowledge and experience
that you've gathered over theyears to apply to that kind of
decision making.
(20:16):
If you just put everything inan algorithm and say make your
own decisions, I'm pretty surethe results are not going to be
bad.
Just like if you put one promptand say write me a whole
research on XYZ.
It's going to have a lot ofstuff that I just made up and
you don't want to apply it, justas is to security.
This is why you need humans,just like any machinery right,
(20:37):
you have machines that made ourworld easier, but you still need
humans to develop and guide andgo through that journey with it
.
I think that's what AI is goingto be.
It's going to be a really goodsupport, but not a replacement.
Speaker 1 (20:54):
Yeah, it's so far off to actually be a replacement
and I feel like companies arelike moving too quickly in that
direction.
Where they're?
You know, like, absolutely, Iwon't say where I work right now
, but it's within.
You know the mortgage industry,right, say where I work right
now, but it's within.
You know the mortgage industry,right, and there's huge pushes
(21:15):
for AI to get rid of, like, loanofficers and loan underwriters
just completely.
And you know, like we're allkind of just sitting here.
Like you know, we're moving soquickly towards this.
You're going to eliminate allthese jobs and in five years,
you're going to figure out Ineed double the amount of people
, right, even with this AI ontop of it that is doing whatever
(21:36):
, right, and that's really likethe case for most things.
Now, I do think that there'ssome areas that, like, it'll
offset in the near term, right,like you know, I was reviewing a
contract with a customer ofmine and rather than pay $1,500
(21:57):
to a lawyer to review thecontract and give me their
opinion on it, I'm just going tothrow it into Grok.
See what Grok tells me.
I'm going to review it myself,use my head, google what I need
to Google and put it back intothe document and send it back,
right, I've never had, you know,an actual lawyer, like you know
, receive the document from meand be like this doesn't make
(22:19):
any sense.
This is stupid.
Like he's never, they've nevercalled me out on it at all.
So why would I go and pay theguy that you know I've, I've
used before, right, like, whywould I pay them?
It doesn't make any sense, youknow.
And another thing is probablylike, probably like graphic
design artists, you know, orwhatever, whatever that might be
(22:41):
.
Speaker 2 (22:41):
We're going to have a debate right here.
Speaker 1 (22:43):
Yeah, well, it's a.
It's an interesting debate.
I'll tell you this, right.
So I recently paid someone tolike create a logo for me and
everything like that right, anew logo.
And did a fantastic job Like nocomplaints, nothing Like I've
used them before, did fantasticwork.
Grok goes and gives me a promptsaying do you want a logo for
(23:09):
this services website thatyou're standing up Like why not?
I already paid this guy Doesn'treally matter.
I'm going to go with that logo,but it would be cool to see
what Grok gives me.
And Grok threw out four draftswithin 30 seconds and all four
(23:29):
were better than what I justpaid for and I'm just sitting
here like this is that's goingto be a problem for a lot of
people.
Speaker 2 (23:39):
I mean competition.
Yes, I think that also makes mecurious what are going to be
the copyrights for images andproducts generated by AI, right,
yeah, do you have thoughts onthat?
Speaker 1 (23:52):
Because these companies like 100% could lay
claim to whatever their AI cooksup.
But that would also open thedoor to like, massive pushback
right From the population that'susing these tools where it's
(24:14):
like, hey, you know, weunderstand our data is, you know
, being sold on the back andyou're making your money somehow
some way, right.
But it would lead to otherthings.
That's the problem.
Like they could 100 do it.
Like they, they could just likecompletely destroy that and rip
that from our hands andeverything.
But that would lead to so manyother negative things for them
(24:37):
in the court that, like I don'tthink anyone would ever do that
yeah, that's definitelysomething to look or think about
.
Speaker 2 (24:45):
Wasn't there a recent discussion about Disney
princesses versus AI?
Because I think Disney is insome discussion about not giving
out its I don't know, I had a.
Speaker 1 (25:00):
Really.
Speaker 2 (25:00):
I wasn't talking about it, but I think cases like
that will come up.
Bi starts generating things offof products that are already
copyrighted, but then it addsits own twist to it.
Now, who really owns it?
Is it a general creator?
We're going in a completeloophole here.
Speaker 1 (25:22):
Yeah.
Speaker 2 (25:23):
When you mentioned that, hey, I replaced my
designer or not replaced, but Icould replace my designer
Augmented.
Could, and that makes me thinklike what's going to be the
originality of stuff.
And what if it creates the samelogo for another user and
nobody has the rights?
So who wins?
Speaker 1 (25:43):
Yeah, yeah, that that is.
That's an interesting conundrum.
You know that that will thatwe're inevitably going to fall
into.
We're probably already in itand we don't know, you know yeah
, I think the same applies tosecurity too.
Speaker 2 (25:59):
When you mentioned earlier that, hey, we're moving
too fast adding AI to securityand products in general, not
security products in general.
We have AI features or AIcapabilities and that can have a
(26:26):
lot of negative impact on whatyou're actually creating with AI
.
For example, if you create aplatform, if you have a platform
that takes a lot of customerdata and you want to add an LLM
or a natural language processingkind of query, people can
create easy policies orconfigurations based on that.
But if you don't control thedataset models and don't have
(26:49):
proper boundaries in place, thenyou're kind of mixing up.
First of all, you could be in aproblem where you mixed up
different customer environmentsor proprietary data from
different customers.
The other thing is how do youavoid LLM poisoning or data
poisoning and LLM hallucinations, right?
How do you control that?
It can make its own stuffSomething as simple as like give
(27:12):
me a summary of my threats thatyou've seen from my environment
and what if it makes stuff upto give you that answer.
But if you completely rely onit and if the creator of that
platform doesn't have propersecurity features in place to
avoid that from happening, thenyou're just prone to so much
more attack surface.
And then there's a whole otherthing about prompt injections
(27:36):
and all those things coming intoplay as well.
So, as companies are running toget or to say that we have AI,
AI something, platform, AIpowered, AI enabled, AI assisted
, it's so important to know orask the right questions, I think
, as a consumer.
But how do you protect againstall these different risks that
(27:58):
AI features can introduce in theenvironment?
Is it keeping my data safe?
Do you have proper boundariesin place?
Is the data set given by thecompany or is it like?
What kind of model are youusing?
Are you using like an openlibrary?
Are you using a control dataset?
How are you controlling thatgovernance piece?
(28:18):
How are you controlling theprivacy piece?
If you don't ask the rightquestions, every platform is
going to use AI in somecapability, but you may expose
yourself to higher threats andhigher risks, and I think that
conversation in itself is awhole entire topic.
You would have an entirepodcast series on that.
Speaker 1 (28:39):
Yeah, I have.
It's a pretty expansive areaoverall and you know, like you
said, I feel like when we weregoing into the cloud, basically
10, 15 years ago at this point,you know, a lot of people didn't
realize the huge risk ofsharing resources of.
(28:59):
You know, hey, I'm gonna throwall this data into this S3 or
this EC2, you know, whatever itmight be, whatever, maybe a
Lambda when they came out andwhatnot.
And surely AWS would never usemy data against me and create a
competing product before me veryconveniently before I launch it
and whatnot.
Or you know, another customerwould never be able to see you
(29:23):
know this data or anything,because when I log in, you know
the portal's right there andit's only my stuff.
But you know, unfortunatelythere's been reports of all of
the big cloud providers actuallylaunching, you know, competing
products conveniently, rightbefore a startup is going live
right, conveniently, rightbefore a startup is going live
(29:43):
right With you know, code that'svery similar, that was built on
their platform, and now theyhave this new product and
there's nothing that you can doabout it, right, because when
you're a startup, I mean you'rekind of going, you know, month
to month, week to week, for theamount of money that's coming in
and whatnot, and when you'reAWS or GCP or you know Azure,
(30:05):
it's like what's a couplemillion dollars that we're going
to waste on this lawsuitcompared to, you know, this
willow chip that we just madeand spent probably like two,
three, four billion dollars onto create over the last 15 years
?
Like what does it matter?
You know.
Speaker 2 (30:20):
Wow, yeah, that's an interesting topic for sure.
Actually, that brings anotherquestion in my mind, so I'd love
to know your thoughts onacquired platforms.
You know these big companies.
They acquire startups andsometimes offer their
capabilities for free, orsometimes might integrate them
(30:42):
in the bigger platform, orsometimes just not use it at all
right, it gets peered.
And then there are startupsthat are innovating so fast and
they are all hands on deck.
They're super focused on whatthey're delivering and it's all
inbuilt and native nativeoffering, right, um, curious.
I have my own opinions about it.
(31:02):
Of course, come, I've been in abigger company, I've been in
smaller companies, so, based onmy experience, I have my own
opinions, but I'm curious whatyou hear and what you think
about that acquired platformsversus native innovative
platform.
Speaker 1 (31:19):
Yeah.
So speaking from an end user,right Like, I've only been an
end user, I've never worked fora, for a vendor.
You know I haven't like soldthe product.
I'm a pretty good salesperson,right From an end user, it's all
.
It always makes me nervous whena product that that I like or
have used gets acquired by, youknow, palo Alto or Cisco or
(31:44):
Microsoft, google, wheneverthey're acquired by any of these
giants.
Yeah, because you're likewhat's going?
Speaker 2 (31:51):
to happen to it.
Speaker 1 (31:53):
Yeah, you know, like the list is pretty extensive of
products that were amazing andthen they get acquired.
And I mean, two years in it's anew product, it's completely
reskinned.
It looks like someone justjacked up the UI.
Completely doesn't operate.
The same.
(32:13):
All of the roadmap items thatwere supposed to take place
never came to fruition for anumber of reasons.
Right, and it destroys products, like typically, right, and
that's why I'm a little bitnervous with Google acquiring
Wiz, because on Wiz, yeah, wizwill protect themselves, right,
(32:34):
they built their product on AWS.
It's also not like, it's notout of the realm of possibility
that someone could recode it.
You know some genius fromGoogle could recode it to run on
GCP, right, like it's not.
It's not rocket science.
And you know, like I've gonethrough the whole thing of
(32:55):
talking to Wiz about it and theyall seem very confident that
nothing's going to happen.
But still, again, you know, likethere was a, there was a
permissions company that wasdoing cloud permissions
completely differently fromeveryone else, and I can't
remember what it was called.
Google bought them and theproduct development stopped when
(33:18):
they bought them.
They bought them seven, eightyears ago and they and they were
five years ahead of everyone.
Google bought them.
I think it was like BeyondSecurity or something like that,
and at first Google just tookthe same name and integrated
them into GCP and it was like,okay, it operates the same and
everything else like that.
(33:38):
Then it just seems like theycompletely forgot that they had
that product Like it's.
You know, now it's lacklusterwhen before it was so far beyond
everyone else, like I wasliterally evaluating it to be
like can I use this thing likeon-prem?
Speaker 2 (33:59):
Because I want to use this everywhere now yeah, yeah,
no-transcript and refine,fine-tune things to make it work
(34:31):
with everyone.
Sometimes, I mean, most of thethings are pretty casual.
They're global, right, but ifthere is a customer using an
integration that's not reallywell popular or they have their
own in-house data source theywant to extract things from,
there's always going to be caseslike that where you need access
(34:53):
to the leadership, theengineering team of the company
that you're working with.
But if you're working with abigger company, what does that
customer support going to looklike?
And I think that's a pretty bigdifferentiator in people think
oh, I'm going to get this XYZthing for free, so I already
(35:13):
have a partnership with this bigcompany and they're going to
throw in this XYZ thing thatthey just acquired for free.
So why can't I just go withthem?
Because they're a brand name,they're a bigger name, they're a
bigger company and logo.
Why would I go with a smallercompany or a smaller startup?
Well, there's a pretty bigdifference there, because, sure,
(35:34):
you're going to go with awell-known brand or logo or
whatever much bigger, billionsof dollars logo, but what is the
compromise you're making andwhat are the pros really
aligning with the cons, and Ithink that's something that
should really stand out forconsumers.
I'm sure, just like you said,you've never been on the vendor
(35:56):
side.
You're a consumer, but you'realready thinking that right,
you're already thinking like,hey, how is this going to impact
?
What kind of service am I goingto get?
And not only customer serviceand support for product and
platform, but even beyond that,in terms of innovation At bigger
companies, how many layers ofapproval do you need to go
through to release a feature andyou're going to try to make it
(36:18):
work with the entire ecosystemso that it benefits the bigger
ecosystem.
That may have nothing to dowith the problem that you're
trying to solve, but you'retrying to sell more of your own
bigger services, broaderservices Whereas at a startup
you're kind of straight focusedin your core area the problems
you're trying to solve andyou're vendor neutral because
(36:39):
you don't have expanded libraryof services you're trying to
upgrade the client to or tryingto sell them on.
So you're just going to keepyour focus on what does the
customer actually need in thisspace and how can I make it
better?
And if there's innovation thatneeds to be rolled out, it's
much more faster.
So the pace of innovation ismuch faster as well.
I think that is something thatbroader audiences or customers
(37:02):
should keep in mind when they'rethinking about should I go for
a free version of somethingbecause a bigger company is
offering it, or should I stickwith a company that may be
smaller in size yet reallyexecuting on all fronts and
really delivering results in somany ways?
So glad to hear that, from aconsumer perspective, that
(37:23):
you're already thinking about it, and I'm sure a lot of smart
leaders out there also think.
I hope think the same way.
Speaker 1 (37:30):
Yeah, it's, you know it's become so critical.
I involve it in my like POCcriteria, right, the success
criteria, where it's like, hey,I'm going to cold call your
support, I'm going to just callthem, email them, open a ticket,
whatever it is right, and I'mgoing to grade the level of
support I get, just plain andsimple, right, and so I've been
(37:51):
on the support side and so Iwon't play like a difficult
customer or anything like that.
But I mean I'll act likesomeone that, hey, I just logged
in for the very first time.
This thing isn't working.
I was told I need to go fix it.
What do I need to do?
Right, that's probably like,you know, a softball pitch,
(38:11):
right, like a little soft pitchto any support engineer, like
they should be able to handlethat.
And then, as it goes on, thedifficulty gets ramped up.
Right, I want to see you knowwhen you decide to escalate,
because that matters for me,when I'm trying to get something
resolved and you don't know,within five minutes you should
be escalating.
Right, like immediately.
(38:31):
You should be like, hey, I needan adult over here to help me
on this thing.
You know, let's get through it,because I want to provide that
level of customer support.
And for sure, I mean, like youknow, for those companies that
bought the IAM tool from youknow, before Google bought them,
right, I'm sure they weregetting outstanding support, and
(38:51):
that's what I actually heard inthe industry too, that they
were getting outstanding support.
Go and open a support ticketwith Google, right, like, let's,
let's start there, open asupport ticket with Google and
we'll time them for when theyget back to you and what their
response is and all that sort ofstuff.
Right, like, because thatmatters a whole lot.
(39:13):
Good luck trying to getMicrosoft on the phone.
Microsoft is typically a littlebit better about it, you know,
like they'll put.
They'll throw someone in frontof you with the Microsoft, you
know.
But it's like, ok, I'm like Ijust ran into this random issue.
I'm going to spend the next twoweeks trying to get someone on
the phone.
They're going to have toescalate it five times because
no one knows what they're doingover there.
Right, and this is a one offproblem.
(39:36):
So, like, god forbid me as anend user, I can't solve a
problem in their product beforethey need to solve it.
That's like the literalsituation.
I've been on calls where I'vehad to reverse engineer
(39:59):
someone's product and explain tothe person that's supposed to
be giving me support how theirproduct works, most likely on
the back end for them toescalate it to get someone on
the call that understands whatI'm asking.
And I'm just sitting here likedude.
This was, this is a four hourcall.
Now, this was a five minutequestion.
Right, you should haveescalated at minute 10.
Like, as soon as you didn'tknow what I was saying, you
(40:22):
should have escalated.
You know, and on the flip sideof that too, I have, like, I've
internally experienced where youknow we're, you know,
internally at a company, right,we're evaluating CSPM solutions.
You know only, like, the coreof your cloud security program
(40:43):
kind of an important thing toyou know, have the right one in
place.
Have all of the top competitorsI mean, there's eight or nine
solutions I'm looking at, right,and I'm evaluating them.
I'm nitpicking them becausethat's what I'm supposed to do.
And you know, last minute, avendor that we, we bought
everything that they sellbecause, guess what, they own
(41:06):
the entire space in a categoryand it's like, hey, you're
either going to go with them orgood luck with anyone else.
Very rightly so.
Their product is amazing, Ilove it to this day.
I have used it for years.
Right, they decided, hey, we'regoing to get into the CSPM
space.
Right, like, we're going toplay in this space too.
(41:27):
We heard you guys wanted it.
We'll give it to you for free.
So you know, my VP, my CISO.
Like, they're fully bought intothis company.
Right, because we already havea contract with them and
everything else like that.
We're never going to rip themout, nor should they.
And we get on this demo call.
(41:49):
Demo is in the title of themeeting.
Right, to me, that means we'regoing into a console.
Speaker 2 (41:57):
Yeah.
Speaker 1 (41:57):
Right, we're clicking around, okay, we get on this
call and it's nothing but slides.
For an hour it's nothing butslides and screenshots and
mock-ups.
I'm like, okay, guys, that'sfine.
You know you guys mistitledthis one.
I want to see the tool.
Speaker 2 (42:14):
Yeah.
Speaker 1 (42:14):
Right, put the tool in front of me.
Let's get another hour on onthe clock.
Right.
Next week we get on there demoagain in the title more slides.
And I just go back and I meetwith my cso and I just told them
like hey, they're showing usslides because they don't have a
product.
Like they're giving it to usfor free because they can't
charge us for something theydon't have right, but if we buy
(42:36):
it, they'll build it.
Speaker 2 (42:37):
Basically it's like you're more like a design
partner than a customer yeah,which is it's.
Speaker 1 (42:44):
It's cool for, for.
For me, I guess, if I reallywant to deal with, you know, the
heartburn for a couple years,I'll get the product that I
specifically want, you know, butit's like man, do we really
want that?
Or can we just be moreefficient and go with the market
leader in this space, pay alittle bit extra because they
(43:06):
already did the work?
Some other customer took thebet on them and they built it
around that person already youknow like come on.
Speaker 2 (43:16):
Yeah for sure, yeah, sure, yeah.
I, I can definitely relate tothat yeah, I couldn't.
Speaker 1 (43:22):
I just you know the first call, when it was titled
demo, I was like okay you know,I'll give you a break.
It's fine, someonemiscommunicated, it's all good I
mean I think second call.
Speaker 2 (43:34):
Yeah, I think the moment you see a Figma mock-up
in one of those slides, you knowlike, oh, this is talk.
We're going to talk about whatthe demo will be.
Speaker 1 (43:45):
Yeah, I'm very Now, I'm very sus of any mock-ups
that I see.
I'm just sitting here like, oh,I don't know if this thing is
real.
Yeah, yeah, well, I'm justsitting here like, oh, I don't
know if this thing is real, yeah, yeah.
Well, that's the weird spacethat we're in because, like
security, just security overall,right from the corporate side.
It's so hot.
(44:05):
You know, you got securitycompanies spinning up every day,
basically, and they're going toRSA, right, and by the end of
the year they're dead, they'reno longer a company, and you
know, and these people, I meanno, knock on them.
I've interviewed some of them.
They're just creating thesecompanies to sell them and make
(44:25):
a whole bunch of money.
Hopefully Cisco buys them, hasto deal with that garbage
product, right, and no one'sgoing to buy it from there on,
right.
I mean, that's the situationthat the market is in, because
they see Google spending 34billion on WIZ and it's like I
can build something that WIZwould buy, that they're lacking,
(44:47):
which probably isn't the case,because if you look at their
product suite, they doeverything in the cloud, but
everyone sees that dollar sign.
They're just like, oh yeah, Icould get a couple million here
or there.
You know, it's just we'regetting sidetracked quite a bit
and it's my fault.
I'm supposed to be leading thisthing.
Speaker 2 (45:07):
Yeah, I know I started asking you questions, no
, but I enjoy our conversationand I don't know how we got here
.
Speaker 1 (45:27):
I think it started with my journey and then quantum
, and then I, and then, yeah,start computing companies you
know, and like if you because ifyou look at any sort of stocks
there's like four right that youcan invest in that are related
to quantum, that are likedirectly building a business all
around their quantum computer.
Speaker 2 (45:48):
Yeah, and also there is university investing heavily
in research in that front aswell.
My professor, dr Brian Kellyfrom UTSA I know he's pretty
involved deep into it andthere's independent research
organizations as well that areinvesting in.
I don't think we're really injust theoretical phase for
quantum.
(46:08):
Yes, it's not like the magic.
You're going to see quantumcomputers in every house stage.
But there is more than justtextbook right the quantum key
distribution channel.
Recently I was reading anarticle that there was a longest
practical quantum keydistribution channel established
(46:28):
between two points.
I don't remember exactly theorganization that was associated
with it now, but it's a provenfact, the organization that was
associated with it now, but it'sa proven fact.
So once the channels areestablished, now you're dealing
with other things like thescalability of it and things
like that.
But the fact that these kindsof things are happening is a
proof that it's not just theoryanymore.
(46:50):
It's not magic.
It's not like teleportation atthis instant, but there is
progress in proving out theconcepts of quantum computing.
So I'm sure that we will see agradual progress in that.
It's not like AI that you canjust plug in with code and get
its actual physical equipmentand things needed on top of it,
(47:14):
which makes it a little bit more.
I guess, effort it requires alittle bit more effort.
But yeah, I agree, I don'tthink it's just theory or just
text.
For sure, interesting,interesting for sure.
Well, thank you for having me.
I know we're almost out of time.
Speaker 1 (47:34):
Sorry.
Speaker 2 (47:35):
No, no, no.
I truly appreciate theopportunity to be here again and
just speaking candidly aboutall these topics.
I'm looking forward tofollowing more of your podcasts
and discussions with all ofthese people and see where
things are going.
Thank you, yeah, absolutely.
(48:07):
Well, before I let you go, howabout you tell my audience where
they could find you if theywanted to?
You know, connect with you andreach out, and you know probably
even like you know, you weren'there on is Aksa Taylor.
You can also find abstractsecurity on LinkedIn.
We recently published a bookApplied Security Data Strategy.
If you want, and that's freelyavailable.
It's a community resource.
(48:27):
We talked about it.
We're doing anothercommunity-led event and that's
going to be in Pittsburgh.
So if you're in Pittsburgh,please come say hi to me in
person.
It's going to be my Pittsburgh,so if you're in Pittsburgh,
please come say hi to me inperson.
It's going to be my firsttravel after my maternity break,
so I'm pretty excited.
Speaker 1 (48:41):
Awesome, awesome.
Well, looking forward to it,I'm sure I'll you know, see a
recording of what you guys aredoing in Pittsburgh, and we'll
definitely be in touch.
Speaker 2 (48:50):
Thank you, thank you, I look forward to it.
Speaker 1 (48:52):
Awesome.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!