Close out 2023 right and start 2024 strong.
Follow & like the podcast!
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Close out 2023 right and start 2024 strong.
Follow & like the podcast!
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
I was going, patrick and Dwayne, like I feel like we've been trying to plan this thing for like a year now. Hey Joe, yeah.
Speaker 2:I feel like old friends. I asked you have we talked before? And you're like I don't think so.
Speaker 3:We keep trying. It feels like it, though. It feels like it.
Speaker 1:Right, yeah, we've been pen pals over email for a year.
Speaker 3:Whatever happened to pen pals? They used to do that in schools. You used to write a letter, snail mail them. Now it's just, it's all dying art.
Speaker 2:I actually got letters in the Gulf War. When I was on the front lines in Iraq, I got letters from kids and it was actually quite fun for the soldiers to get those letters.
Speaker 3:So that's cool, bring it back.
Speaker 1:I'm not sure if I ever did that in grade school.
Speaker 3:Oh, really. Yeah, it used to be a thing Like you'd write letters and you'd send them off and then, mysteriously, they'd maybe respond or not. I don't know. It's cool. Yeah, it was magical to get a letter, open it up in the mailbox, see the postman delivering it. It's like Christmas.
Speaker 1:I don't know. I mean that's interesting. I mean I don't feel that old, but I guess maybe I'm getting old.
Speaker 3:It's entirely possible. It's entirely possible.
Speaker 1:Yeah, it's a. It's surprising. I just had my first, my first kid. She's just turned nine months. Congratulations, like for the first time I feel like an old man, it's like what is going on right now.
Speaker 2:Where do your grandkids can roll their eyes?
Speaker 3:Then, let me know. That's when you know you've made it. Yeah.
Speaker 2:Yeah, when you become lame to your grandchildren. You pretty much accomplished their life, right.
Speaker 1:Well, guys, I start with everyone's background and I'll tell you why I do that. It's because I have a varied audience. I have a group of my audience that could be trying to get into IT or security, maybe straight out of college, or they're trying to do a career change. You know, they may not know that it's possible for them, right? And I've found, after doing over 150 episodes now, that I haven't heard the same background twice. So I feel like I remember when I was trying to get into security and IT, hearing other people talk about how they got into it made it feel like, okay, this is obtainable for me.
Speaker 2:It's absolutely obtainable.
Speaker 1:Yeah Right, so why don't we start with you? How did you get into IT? How did you get into security? Maybe what sparked that interest in you that brought you into this?
Speaker 3:field. Oh my gosh. Well, this will date me, but for me it actually happened in high school. So in high school I got my amateur radio license and that hobby is all about tinkering with radio waves and electronics and figuring out how it all works, like doing the mathematics of building your own antenna right and then how you can transmit on that antenna and bounce it off the ionosphere and then talk to somebody 7,000 miles away. And you get into that world of really tinkering and figuring things out.
Speaker 3:And at the time the Apple IIE came out and my parents spent a fortune on an Apple IIE and my brother and I were enamored with it and then later on, you know, started pulling apart our 386 computer, doing online BBSs and bringing it. So that world sort of grasped us and part of it, honestly, was video games back then, because you couldn't just click a game and play it. Back then it was like you had to install it and then move memory drivers around and then like decide whether you wanted the mouse, because if you didn't want the mouse you could save memory.
Speaker 2:And then there was cheating, right.
Speaker 3:So there's all that tinkering involved with computers back in those days and we started playing around with bulletin board systems and for the listeners who might not know what a bulletin board system is you'd have a modem and you would dial up another computer that was running a program that you could then log into, in essence, and play what they called door games, and then it was probing the systems there. Well, what else can I do? Can I get it to give me a command? Can I get it to do these types of things? And that's when I started early on in cybersecurity. There was an incident in high school. I did get suspended for computer acts that we won't talk about. Fast forward, got my computer science degree. Actually, oddly enough, I went to a Benedictine Monk College because most of the engineering colleges turned me down at the time. They were like listen, we don't want a student with your background Right In computer nefariousness.
Speaker 2:Now, they'd be dying for him. They'd be lining up, so I applied it.
Speaker 3:That's the way I started a career, right, I applied it at St Anne's own college, so it's a Benedictine Monk. I mean literally the monks with the brown robes and the rope ties and that sort of stuff, and they're like you know what? We think we can reform you, we think you can. So yeah, you can get your computer science degree here, they're wrong.
Speaker 3:So then when I graduated, I had my computer science degree, my Bachelor of Arts in computer science, and I started teaching for Microsoft and I was doing Microsoft courses at that time and teaching TCPIP and that sort of thing, and I went to take my next course, which was in commerce server Patrick.
Speaker 2:Merch. Yeah, it was commerce server. Commerce server. We transitioned from merchant server.
Speaker 3:So I was taking my next course so that I could deliver solutions to customers and, lo and behold, my instructor, this old crotchety West Point graduate, Patrick Hines, was like hey, we should start working together. And this is in 2000. This is March of 2000. So yeah, long, long time ago. So that's how I got into it. And then hilarity ensued. So it's all downhill from there.
Speaker 1:And Patrick, you know how did you get your start.
Speaker 2:So I went to the military academy at West Point. I did not focus on computers, but I bought one and I was into it and I was playing gunship and the games of the day. And so I became the infantrymen who knew computers in my unit and so I was repairing computers and doing things that you know people were afraid to do, and I just wasn't afraid to break it because I'd already broken mine so many times. And then, when I got out of the service after the Gulf War, I went in the reserves but I wanted to go into the civilian sector. I started programming and I got into security right away because I always thought about the military side of things and the adversarial thinking. I guess that's the way I would describe it when I was after going to West Point.
Speaker 2:When people look at like nice pictures of meadows and tree lines and things like that, they think about picnics and butterflies and I think where I'm going to put the machine guns, and so I think about systems as far as what could go wrong, and that put me in the right mindset. And so once I started working with Dwayne this is where we went we started doing pen tests and vulnerability assessments and risk analysis. Almost 20 years ago actually, right after we started, we started looking for this kind of work and we did a lot of programming, a lot of system enterprise stuff. Between us, we've probably visited 80% of the Fortune 500 and the global 1000 over the last 20 years and a lot of free letters.
Speaker 2:Yeah, and not always as a pen tester, but a lot of times as a security engineer, and so now that's all we do.
Speaker 1:That's really interesting when you bring up your mentality right. That kind of, I guess, directed you towards security. I can really relate to that, and so my wife and I, you know, we fairly recently we built our house. So when you build a house, you got to, I mean, there's a million decisions.
Speaker 2:And my condolences. Congratulations, congratulations Right.
Speaker 1:I will never financially recover from this decision. But you know you go through a million different choices. You know and, like you know, in the front of the house there's a big window. My wife loved it and I'm sitting here thinking, well, that's a non-defensible structure. You know like anyone get through that thing and she's like hey, can you take your security hat off?
Speaker 2:for a bit. No, just think about aesthetics. No, it's your job, though yeah, she's like who hurts you as a child so do you have a big front yard? Do you have a big front yard? It's a good amount. Yeah, you know, you can put some piles in and put, like, some PVC pipe in the wood piles and you can use those as fighting positions.
Speaker 3:Yeah, see, yeah, the thing that always struck me, the thing that made me start thinking about physical securities when I met Patrick because I was always into the digital security, tearing computers apart and that sort of stuff but we'd sit down in a conference room with a customer or something like that Patrick, very specifically, would pick a chair, like he would. It would always be a chair facing the door. I'm like what are you doing? He's like I want to see him coming. I was like what is wrong with you? Like seriously, yeah, yeah, that's always the mentality I've been tested.
Speaker 2:There's nothing wrong with me, but we don't have computer science. Dwayne has a computer science degree. He doesn't have a cybersecurity. I don't have. You have a computer science degree. I'm all self-taught. The bottom line is we've got veterans, we've got people who used to work as mechanics. We've got all sorts of people who work for us who are excellent cybersecurity engineers who never started in technology. It's a long road, but you can self-service your way to it.
Speaker 3:One of our great pen testers. His job before this is he was a salesperson. I think he was a salesperson at Oracle, really yeah, and he used to sell a technical product, but he's fantastic at ripping apart websites Like just you name it. He can swizzle and tear apart a website like you wouldn't believe it. Really, hacking is a mentality. You want to know how it all works. You want to tear it apart and see the insides and, I don't know, sometimes put it back together, but mostly just break it and we find somebody else's job, isn't it, if we're doing?
Speaker 3:it right somebody else. So we find that mentality is the most important part. Oh, not the technical background of the know-how or whatever that can all be taught, it's really just the drive to understand how it all works problem solving.
Speaker 2:So some people come at it differently. Some people are gamers. Gamers like to solve problems and they like the challenge. Some people it's the aesthetic. They're more into Sudoku and they like there's no one personality type. She can't be intellectually lazy. That's probably the biggest thing. You have to be curious.
Speaker 2:What I like to tell people who are trying to get into it because I think that's where you're going with this is you need to learn all the buzzwords. Not because you're trying to fool anybody, but if you're hacking a system and you find a file that says something about kubernetes, you need to know what that means so that you know where to go with it. If you find something that talks about indexes, you know what that means. Or x 500? Terminology is the first obstacle. It's kind of like anatomy for doctors. A doctor's have to learn grades anatomy. It washes out a lot of people in medical school. The same thing's true here. We tell people when they start they need to learn a little about a lot. So listen to the first ten minutes of a Hundred ten hour courses, because you only need to know the buzzwords. What's the, what's this? Oh well, that's what it's used for. Okay, great. Moving on and then eventually you come back for the depth and you learn the hacking skills and things like that.
Speaker 2:But there's a lot of Cyber security positions that aren't a Offensive, that aren't what we do we're. We're like red team hackers and that's. You know, that's kind of the dramatized. There's one, there's one of us on on the mission impossible team. There's one of us on every break-in crew and it's like well, you want me to hack the NSA? This is gonna be tough.
Speaker 1:I'm in you know, that doesn't actually work.
Speaker 2:But but the advice would be it is a lot easier to get into, it's a lot harder to stay in Because you have to run the whole time.
Speaker 1:Yeah, yeah, that's. That's a really good point. You know that. That's why, that's why there's so much burnout in security People. People don't understand that from the outside. It's. Like you know, I constantly need to be on top of my stuff, you know, if I miss, if I miss one thing, and yep, and my boss starts to be like, oh, he's not, he's not where I thought he was. Yeah, you know, like this field is a hundred percent employed. It's not. Like you know, 50% of us are, you know, unemployed at any one point in time. Like you know, my buddy, I was at a. I was at a mortgage company when the interest rates started to turn, yeah, and so immediately they laid off like 12,000 people. My buddy on the security team Was a part of those 12,000 people in the first round of layoffs. Right, yeah, this was a Monday or a Tuesday. By Friday he had an offer in hand.
Speaker 2:Yeah, right ago, as a security specialist, you could forget how to speak English and they would make allowances.
Speaker 1:Most don't know how to speak English.
Speaker 2:Yeah, that's true.
Speaker 1:I'm better than I speak in English.
Speaker 3:Right, but you're exactly right, you get that like it's a treadmill. I like constantly. My wife is like listen, I love the fact that you love what you do and I hate the fact that you love what you do, because it's like my my phone's always blowing up and I'm like, oh wait, hold on. There's this really cool Citrix hack that just came out. Let me read about it. Or there's this you know, there's a really new. I don't know if you've seen this Logo fail, but there's a way to breach any computer right now by injecting a logo into the BIOS. Then it bypasses all security. And there's like and I'm reading these things and my god, this cool is a rock chain or is it whatever? And she's like oh, it's great that you're excited, but honestly, put it away. And I'm like, every five seconds something is happening, there's a breach in some major system. Right, and it's yeah, it's constantly moving.
Speaker 3:You got one of you ever heard our Pat.
Speaker 2:Pat podcast. Every time something's horribly bad, dwayne's loving it.
Speaker 3:Oh, I do I.
Speaker 1:When the internet's on fire is what I'm my happiest yeah, I mean my Another one of my my buddies at another company. He, he's been dealing with a hack for the past month. They just like keep on targeting them in different ways. I mean he's on a team of like five people. I'm like, dude, I need to tell your CISO to, like you know, hire me. Yeah, yeah, yeah, beef up the team, you know.
Speaker 2:There's also I'm sorry, interrupt, but there's also people I've encountered in our space that are burning out because the clients just don't listen and it's like they feel like they're, they're, they're this feels like they're I Don't want to use a bad, bad term, but they're they're moving against the tide how about that? And they're just sick of the fact that they know what the people need to do. They've told them what they need to do and they won't do it. Like patching, like just you know, don't don't be stupid about it, just patch, you know. Or you change the password policy and don't let the executives get away with cheating, because it's not like other things, like when you park, where you know it's, it's rank, habits, privileges. If you get hacked, everybody gets hacked with you.
Speaker 1:Right, yeah, that's it. That's a really, that's a really good point. I actually just encountered this yesterday of you know you're presenting these vulnerabilities Right of like. Hey, you know this has been here since September. Like this was patched by Microsoft's patch Tuesday in September, yeah, and you still have this throughout the entire environment. You know what are we, what are we talking about right now? Like, what are you guys paying for? Please, please, tell me what you're paying for, because now I feel guilty, because I'm doing my job, but I feel like I'm not enabling you, you know right.
Speaker 2:Dwayne had an excellent analogy of you go to your doctor and they say you need to eat some fruits and vegetables. And you need to and you're like, no, that can happen and that's how it feels, but I still don't. I understand that I don't want to eat fruits and vegetables thing, but I don't understand that I don't want to patch when a patch is available. Thing doesn't make sense now.
Speaker 1:It's amazing my mentality with the fruits and vegetables. I actually just got told you know, I need to eat more fruits and vegetables and I'm like so I can't just work out harder.
Speaker 2:I just think we got a thing that whole thing, just work out harder.
Speaker 3:Patrick. Patrick always says when we, when we go out to dinner or whatever, they'll bring like a hamper, and Patrick would be like, hey, and they'll be like, do you want tomato, do you want lettuce? And be like, no, no, no, keep all that stuff, that's what food eats. Yeah, that's it. Yeah, yeah, but it's tough, you know. You got a, I feel, for the doctors now, where they're like, hey, you should work out more, you should eat better, you should, you know, drink more water. And and all of us are like, yeah, but is there like a pill or something you give me, like something? And then you see it in the cyber, yeah, you see it in the cyber security space, where you're like you should patch, you should have better password policies, you should have, you know, some sort of global aggregated log that you can look there. And they're like, yeah, but is there just like some simple product I can buy that'll make me a hundred percent secure? You're like, no, there isn't, like you have to do these things.
Speaker 1:Even if there was a product that you could deploy and you'll be a hundred percent secure, you still have to do the work and deploy it and configure it and you need to maintain it. And you know guess what? You need to keep it updated. So if you're not updating your windows, you know You're probably not gonna update this thing right, like there's still work involved.
Speaker 3:Yep, yep, here's what you do. You go into the customer. You get like absolutely, I can do this, I can make you a hundred percent secure. And you power the computer off and you walk off. You're like you good, you good, just leave that off, don't turn that back on you good, nobody can act you well.
Speaker 2:We've also seen a lot of complaints by big companies that they'll hire a Company to do a pen test or an audit or something and they'll get something that's a completely Inactionable and useless because there's a shortage of people in our field. There's also a lot of people who are willing to deliver sub par products and they don't get called for it. A lot of our customers have said we're only gonna deal with you once because we've had such bad results in your industry. We're, we're gonna play the field and we some of those customers are working with us for three, four years now.
Speaker 3:Yeah, and a lot of it is like listen, there is a shortage in this field. I, you know the three of us probably know better than most we don't have a sales staff, we don't need one. It's just people who need cybersecurity. Hear from other people who have had services with you. It's just such a crazy market right now. But the problem is you do you run into those, those providers who are like oh, you know what I'm gonna do. I'm gonna take this automated scanner, I'm gonna run it against you, I'm gonna call it a pen test. I'm gonna throw your report. That's 900 lines long. That really doesn't mean anything. And then I'm gonna move on to the next customer. And, yeah, it's unfortunate that that happens, because really doesn't help anybody at that point.
Speaker 1:No, yeah, that's a, that's a really good point. You know, it's interesting because several years ago I started my LSE to start, you know, kind of like consulting and whatever else, right, cuz I always have the habit of doing a whole, just shit ton of Side work. You know, yeah, and so I'm like okay, like I need to do this a little bit more smart. You know, let's get an LSE going and you do that whole thing out and you know, I don't know what got into me. I put like security consultant in my title on LinkedIn, right, and when I was forming the LSE, I'm like, well, I'm not gonna get any customers. You know, I'm one man show, I don't know anything. You know Like, yeah, I engineered this product really well, but that's really a. You know, no one's gonna, no one's gonna hire me. And I mean, I did that on Monday and by Friday at three customers. Yeah, I'm like crazy, like I had to figure out how to write a contract and all that sort of stuff.
Speaker 1:I mean we're talking like last minute. It's like guys like I don't know what the hell, I don't know if I know what I'm doing.
Speaker 2:Well, your first mistake was listing cyber on your resume, but but there's such a short. This I the last numbers I saw was half a million open positions in the United States and three million worldwide, and I, I basically it's in and that's for people who can actually help you get secure, not just people who are Fixing after, after you get like forensics and that's for stuff.
Speaker 1:Yeah, yeah yeah, you know, it's actually a lot easier to stand out in the field. Then I think people realize the reason why I say that is, you know, so I, my first like big boy cert right, was the CCSP Mm-hmm. Extremely, it was extremely difficult for me to get it. There's a huge leap forward and I figured I'm one of a million. You know, like, it's not gonna make me stand out, it's just gonna help me start a conversation again.
Speaker 1:The cloud security, right, that's how I viewed it and you know, recently, actually fairly recently I got that several years ago, fairly recently I looked at the numbers of how many actually have the certification. It's like 5,500 people Mm-hmm. Yeah, either it was either worldwide or in North America, but either way that number is insane away because you have this, you have this high level cert in Cloud security. Cloud security is a field of security. That's, you know, blowing up, right, that's where everything is going and there's 5,500 people that have this cert. I mean, you know, you put in the time, you put in the work, you get the cert and now you're standing apart, yeah, from the other. You know, 10 million of us that are in security right.
Speaker 2:So I used to be a big, secure a certification guy Back in the old days when you two were probably both in high school or junior high school. So I, yeah. So I had one point. I had 55. Now I 55 Microsoft sort of technical certifications MCSE, mcsd, mcp, everything, oh yeah, mct and I went from 50 to 55 and no one cared at that point. I could have stopped at 10 and nobody. So what's happens is it's become so rare. If I'm not saying you shouldn't get certification, I really like certifications. But you Like CISSP, specific cloud stuff, ai that is going to be coming out soon OSCP, oswe, the Offset stuff, the right SAN certifications those are all excellent advertisements, but as long as you can do the work and not just it be a book certification, but that's what the interview is all about. So I would recommend, if people can get a certification like that, it is a great way to be, and once you can get one of those certifications, you're in the industry.
Speaker 3:Yeah, and I'm on that. I'm on the side of, like, if there's a new certification in cloud security or like I have, you know, my OSCP, my Pen 300, I have my GX pen, so I'm always looking for what classes and training can I get that's going to teach me new tactics and techniques I might not otherwise run into and I want to go and get the certification to prove. Yeah, I do know these things and I agree, you know what happens in the beginning of a field and cybersecurity really is kind of just blowing up. What happens in the beginning of the field is how do you tell you're right absolutely, joe from the other 10 million people who say they're cybersecurity experts because they know cybersecurity is a big field and yesterday they were a network administrator and now they changed their title to cybersecurity administrator, how do you know that that person knows what they're doing? Right, and certifications set us apart.
Speaker 3:You know, maybe 10, 15 years from now everybody has those certs right, because you know it's kind of commonplace for them to take them. We saw that with the MCSC back in the late 90s, early 2000 range. Right, if you were an MCSC in, you know 96, 97, 98, like you were countably few and then when you got into like 2005, 2006, you get a busload of MCSCs for 100 bucks, right, and I'm hoping cybersecurity goes there. But honestly I just don't think anybody. There's such a treadmill this day in cybersecurity. I think people won't want to keep doing it. So we'll see what happens.
Speaker 2:But I don't know. I think they'll get paper. I think we're already seeing some of that where paper security engineers who are willing to give you a rote answer and collect the fee, and so I think there's some of that there now. But yeah, in order to actually hold your own, you need to stay on the treadmill Because it's changed so much.
Speaker 1:Yeah, I think you know what I always recommend, right, let's assume someone's trying to get into cloud security. What I recommend typically is, you know, let's start with a broad cert, right, and then choose a cloud, and you may not have to necessarily go like deep in terms of get all 25 of the AWS certs right, or however many.
Speaker 2:They have 23, 24, whatever.
Speaker 1:Yeah, whatever, I've only had two AWS certs, but I had their foundations level cert and then I had their like hardest security cert, right, and that was a terrible mistake that I made because, like literally the week of taking my exam, I learned oh, I should have taken like this other cert before taking it. Like this is meant to build onto that.
Speaker 3:Yeah, baby steps, show, baby steps.
Speaker 1:But, like, the reason I give you know is one you have to know the language, like what you guys were talking about. You have to know all the buzzwords, you have to actually have a good understanding you know. So that overarching non-technical cert will get you there. And then you have that deep dive technical cert, like the AWS security specialist certification, which is actually very surprisingly technical. Yes, it's a multiple choice. You know nothing but words exam, but you need to know where it ends and out.
Speaker 1:You know you don't need to just like know the terms. You're thinking about IAM, roles and rules and how you would deploy it, and then you have to troubleshoot it and talking about services, talking to each other, I mean that is technical. I was actually proven, you know, in my current role, my current day job, where you know I was on this call. It was like week one of starting and they were like, oh, we can't do it, we have to open up. This thing is very like obscure. I was going to put the organization at risk. I was like guys like AWS, you know, has this thing it's called a VPC endpoint Like can we just deploy that? Or a bastion host, like they're the same thing, different words and he goes, oh no that doesn't exist.
Speaker 1:I'm like I'm pretty sure it exists because they just beat it into me for this exam.
Speaker 3:But maybe I'm wrong, you know, yeah, and within 30 minutes.
Speaker 1:he was like, oh, he's right, We'll do that.
Speaker 3:Yeah, yeah, and that's that's a majority. Like cloud right now is there's so many moving parts in cloud and there's so many new and upcoming services and should we put an ELB on that? Let's use an Elkstag and let's use like and a lot of people, and there's not only just the terminology, but then the the hey, we got this new microservice that we're offering over here and it's like okay, well, how do I secure it? Like so it's real easy for customers to architect themselves I say architect with air quotes into a very bad place. Like ah, let me just click the start button on all these services and we're good, and you're like no, no, you really need an expert who knows how to actually control the data flow.
Speaker 2:And there's a lot of things that that they don't, that aren't the default as far as backups and recovery and logs I mean all the logs that you might need for a breach. How many times have we gone in with a somebody's had a business business?
Speaker 3:email compromise or something like that Exactly.
Speaker 2:And we have to go in and it's like none of the logs are turned on. So next time we'll get them yeah.
Speaker 3:Not this time, right, ooh, so close.
Speaker 1:Yeah, it's a and all of the clouds are like speaking different languages. You know you have to. It's not just like even buzz terms, too, because they operate differently. Yeah, yeah, and it's it's like for the tech industry just overall. You know, like cloud security is going to turn into a place where it's like, okay, we have a cloud security AWS team and then we have a cloud security Azure team, 100%. You know, I was, I was recently talking to someone that is, you know, entirely into Azure and I'm, you know, well-certified in AWS and I understand, you know, azure overall, right, but I couldn't tell you any of the terms. Yeah, yeah, I'm over here with a cheat sheet, you know looking it up, you know like you're talking foreign language.
Speaker 3:Yeah, exactly.
Speaker 3:Yeah, it's like oh, they use this word. All right, right, well, it's tough too, because each of those clouds was designed with a different customer in mind. Right, aws's cloud initially was designed with developers in mind and then, when they started getting into the enterprise, they were like, oh crap, we could have changed how we architect things. The Microsoft was designed with enterprise in mind, but then when you, you're an individual trying to use it as a developer, and that's where we're like, ah well, there's a lot of weird kind of oddities here. So, yeah, you're absolutely right and unfortunately, right now I agreed Joe, eventually it's going to be oh, are you an Azure cloud security guy? Right now, they're like, okay, can you spell security and cloud? Because we're going to put you in any cloud we can, because you're just not enough people to specialize.
Speaker 2:You missed two vows. Okay, we're going to accept that it's fine.
Speaker 3:It's fine.
Speaker 1:So how do you, how do you guys, maintain your mental health while you know being?
Speaker 2:in this field. Oh, bold assumption there. How do you bold assumption that we have mental health?
Speaker 3:I mean, you know, alcohol no.
Speaker 1:I mean I've had people on that just like admitted to like pretty destructive behaviors. So as long as you're not an alcoholic, I think you'll be okay.
Speaker 3:No. So honestly, for me, I'm a martial arts instructor, so three days a week I get out of the house and I go and and you just do martial arts or or teach martial arts. And then I'm also a robotics mentor. So I work with local high school and I mentor robotics. So that's that's also three days a week. So in the evenings, you know, I'm forced to step away and just go do something else, and it's still either in the tech field or with martial arts. There's actually an odd sort of symbiosis between hacking and martial arts, like hackers manipulate computers to do things that they weren't designed to do and martial artists manipulate the human body to do things, Generally, they weren't designed to do. But yeah, that's that's for me, that's, it is just really getting out either doing martial arts, doing robotics and and then coming fresh to do it.
Speaker 2:Yeah, and I I like to cleanse my palate with something a lot less technical, and that's why I have a quantum computing podcast. Okay, you know something like Nezzie?
Speaker 1:Yeah let's spice that up Right.
Speaker 2:Well, Dwayne stole my answer. I've been doing martial arts for 50 years and he stole my answer.
Speaker 3:I let him go first, but it's pretty common, honestly, in this field. There are a lot of martial artists and that's I think that's one of the things is like it's, it's martial artists.
Speaker 2:I think it's. The seeking of control is what we have.
Speaker 3:It could be, but it also, I think it's also it's a it's a heady enough sport where there's a lot of thinking and puzzle solving in it. That's true, but it's also still a sport. It still gets you out onto the field and doing things and it's still the sort of the natural progression of someone who really likes to break things apart and solve problems and twist Like elbows and then go break elbows and twist people.
Speaker 1:Yeah, yeah I'm. I'm actually going to start getting back into jujitsu here.
Speaker 2:Nice, nice, I'm excited Japanese or Brazilian, brazilian that's a funny comment. I hold rank in Nihon jujitsu, which is the Japanese started by master say Sato, who I met several times. My son-in-law is big in Brazilian jujitsu and so we kind of have our lanes. He does Brazilian and I stay over here and Japanese. Yeah, there's a lot of overlap though.
Speaker 1:Yeah, it's, you know you. You bring up the, the control aspect of it and that's a. It's really interesting. You know, when I was in high school right, I was a wrestler in high school and I mean week one you learn, you know, control the head and you'll control where they go, control their hips and you know you're going to win. They'll do whatever you want them to do. You don't, you don't really understand it and you're going through these moves, but like thinking back and then being in, like you know, real confrontations is like, yeah, like those basics, you know, like there's, there's literally, you know there's a lot of you know like you know, you can't really you know you can't really.
Speaker 1:You know you can't really. You know you can't really. You know you can't really. You know you can't really. They're defining principles. Yeah, there's no chance that anyone defends that if they don't understand when you're controlling their hips, right.
Speaker 3:And why you're doing it and how you're doing it, where you're applying pressure. It's like, yeah, you're just going to feed into it. You know at that point, and it's it's funny you say that because then translate that over to what we do in offensive cybersecurity. We do the same thing. We apply the pressure because we know they're not going to be able to defend against it. So sometimes, like we'll be really loud on one part of the networks that we can exfiltrate data from another side of the network and and we know how they're going to react, and we know if we, you know, cause enough noise, the sock is going to go nuts over the SQL server over here and not pay attention to this file server there we're completely, you know, pulling data off of. So there's, yeah, there's, there's all sorts of those same sort of tactics from a logical standpoint, in what we do as well. So, yeah, that's.
Speaker 2:Well, you also do a lot of things to see if you get a reaction. Yeah, so, if you're, if you're in a, a competition will call it or a fight, and you're well over matched. That's when you might like experiment a little bit, so to see if the, the CERT team, or the, the, the, the, the socks that they're using will see? Why don't? Why aren't they seeing this? We're setting up red flares. How come they're not? We shut down, we uninstalled their agent. Why are they not?
Speaker 3:seeing this, oh my God, most recent pen test we had. We've all we all know about net cat right Very common ability to get a reverse shell on a server. We never use it because it's detected by every AV on the planet. For the last decade and we had super fancy reverse shells we were using and all of them were getting caught and we're like you know what, just throw this oldie on there. And we threw like straight up net cat and it's fine, like defender didn't care, nothing cared. It was like oh yeah, this is a tool from you know the nineties and you're like this is nuts, yeah, so definitely, probing the defenses is is something that ties to both martial arts and hacking as well.
Speaker 1:Yeah, maybe I don't know. I've seen that too. I've encountered situations where teams, or pretty large teams of people will say oh yeah, I know what to do if we're going to DDoS, or I know what to do if there's data being exfiltrated or whatnot. And then you get to the tabletop exercise and the developer team didn't even tell security that this was going on. And then the question is asked well, what's alerting on it? Well, nothing's alerting on it.
Speaker 3:There's no longs for this, it's just going through.
Speaker 1:You're just begrudgingly going through the next hour or two hours of a tabletop exercise. It's like, well, yeah, we failed. There's always a couple of people that are confident yeah, we did good, guys, we got breached, yeah we did it with style, but it could have been worse.
Speaker 3:I love that rationale.
Speaker 1:Yeah, we only got breached 2% of our data, guys. That's all we have available for the exercise.
Speaker 3:Yeah, 23 and me or whatever. They came, they got breached and they said, oh, it was only 14,000 accounts, that's it. You guys are good, you're good. And then two days ago they came back and they were like our bad, it was actually 6.9 million and it was half of our database, but only half. You went from 0.01% of your database to half of it, but the other half secure. You're like, yeah, okay, or Okta or LastPass, exactly yes.
Speaker 1:The story is Thankfully Okta isn't a sponsor of the podcast, but like If they were, they wouldn't be soon. Yeah, I cannot believe that. Like you know, before they were like oh yeah, it was only targeted on the government clients. You know, that's what they said, and they're like oh, there's a couple stragglers to.
Speaker 3:I do.
Speaker 1:Like guys, you know I'm in security. Okay, like you can find this out before you make your first post. Yeah, but you knew this, you 100% knew it 100%. If someone at your company knew Yep. Like you, can't tell me you didn't know.
Speaker 2:Somebody knew, but always I'm very charitable in that I subscribe to the thing. It's never ascribed to malice what can be explained by incompetence, and so it's very possible that the person giving the statement believe what they said at the time that they said it and they just are not communicating. It doesn't make them any look any better, but at least they're not evil.
Speaker 1:I guess that's possible. You know, they didn't trust the highly paid hopefully highly paid engineer and architect that told them, hey, this was 100%. They were like, no, it can't be 100%.
Speaker 3:And it's only 1%, right, right that highly paid, overworked, probably not as highly paid as he or she should be engineer who right now is like oh, my God, Probably recently fired, Exactly Right.
Speaker 1:But you guys also have a podcast, right? How do you stay motivated with staying up on top of the podcast? Because I feel like doing it myself, doing a day job, doing some consulting, doing a podcast. At least the first two are kind of related. The first two you get away with doing one and you know how to do the other. But doing a podcast and marketing and getting on guests and all that sort of stuff, Right? I mean, like I just told you right, Like we started the conversation off with, like it's literally been a year since we started talking about this, yeah, you know like, how do you, how do you manage it?
Speaker 2:Because I'm having a terrible time doing it.
Speaker 2:You're not going to like the answer. You're not going to like the answer at all. So for security this week. So our podcast that we do weekly is securitythisweekcom. We have a partner in that, Carl Franklin, who is a gifted programmer, someone I've known for for many years, even as long as I've known Dwayne almost and he and I got together many years ago and he had a podcast that he still has called Dotnet Rocks, and I was the first guest on his podcast. I didn't know what a podcast was until he explained it to me.
Speaker 3:So 2005, 2001.
Speaker 1:Yeah, so I thought him and his grandmother would be the only ones that ever heard of this, yeah.
Speaker 2:So he does the technology, he does the recording and we all you know, promote it through. So it's a three man team. It's a lot. Have more hands, make light, work For my podcast, my other, my partner in the Quantum podcast, entanglethingscom, is a PhD in AI out of Romania who is more busy than me and I'm pretty busy. So we have our CIO is an audio engineer. He does the recordings and the editing. Our head of marketing gets the guests on and does the promotions and so we cheat fair and square. If I was doing this alone, it would be. It would be a. It's a lot of work, we know it.
Speaker 3:Yeah, and I'd say for security this week, for content. So the goal of security this week is, for the last seven days, what were the biggest stories in cybersecurity and which of them were just type and you shouldn't worry about, and which of them are marketing. Enough play and you really should take a peek at? And and for me, those stories are the stories I'm already reading. I'm already constantly have these. Now all I have to do is bookmark them and say, hey, we want to talk about this on the pod this week. That's it. So from a content standpoint there, I think we've only had one guest in two years, two and a half years, whatever we're doing.
Speaker 2:Yeah, we had one special episode, we might do another. It's not a guest base. We're each other's guests.
Speaker 3:There's three of us, I know right, just like now. So so, yeah, so from that standpoint the content's easy, because my day job is keeping up on all of the scary things that are happening and I just mark the ones that I think are interesting, that I think the public should know about, and then we go and talk about them.
Speaker 1:So yeah, it's very different when you, when you're doing it with other people, yes, so I actually started out having a co-host and it was. It was totally different. It was so much more, you know, significantly easier, because you could rely on another person. It's like, oh, this guest, you know, canceled on me, not a big deal, you know, I have someone that I can fill the space with, right. Well, now, if there's no guest, it's just me talking.
Speaker 1:I mean, no one really wants to hear that, you know so like it's just, it's a different ballgame, you know, like adding on these layers of difficulty, but I also think it's kind of that. It's kind of that mentality of security that we talked about in the beginning, of like, okay, I need to be learning, I need to be doing something new. You know what's a good way to maybe voice your opinion on something or get your feedback out there. Right, that gains more traction. Oh, podcast is a great way of doing that.
Speaker 3:Yes, yeah, absolutely yeah. And you're absolutely right With us with three hosts, like, if there's a week I'm in some skiff, you know, hacking into a train, then the other two of them can just talk, right, and they, you know, they can go through stories and security and whatever right. So there's always at least two of us, you know, who can then sit down and do the podcast and it doesn't become a monologue. But yeah, it's, it's. I'd say it's tough being being on your own.
Speaker 1:So you know, Dwayne, I saw you are potentially good with cryptography. How in the world do you get good with cryptography?
Speaker 3:Oh, that's so. That story actually brings me to getting on a no fly list. Okay, well watch.
Speaker 1:It's a ride of messages security.
Speaker 3:Yeah, exactly, apparently I pissed off Malaysia and back up that story, microsoft came to us and said, hey, listen, you know I'd like you to do a lecture. And I said, well, you know, cryptography is something I've always loved. The math I always do like the mathematics of SSL and that sort of stuff when I'm giving lectures to developers and that sort of stuff so they understand how it all works. And this is back early, early days.
Speaker 3:I've been doing like mathematics and cryptography and that sort of stuff. I mean heck, even for my three kids as they were growing up. I would actually give them crypto quips a day and be like, okay, solve these. And even to the point where my daughter's like, oh my gosh, she's going looking at colleges now and she's like, I remember, she's like I want to go work for the NSA, I think, because I was doing these, these crypto puzzles like all the time. But so, you know, fast forward, I do, I'm doing this lecture for Microsoft. And they're like, well, we wanted on distributed computing. I was like, okay, cool, so I created a distributed computing app for for scalping tickets at concert events.
Speaker 2:And mobile mobile, mobile, mobile.
Speaker 3:Yeah, and we of course didn't want the authorities to be able to know what we're doing. So I entered in like frequency hopping in different layers of encryption and all sorts of stuff, and it was more to show how you would do encryption inside of a database at row level and how you do encryption at the disk level and how you do encryption at the protocol level, and that's where stuff. Well, I had a buddy who worked for the VA, who was going for higher and higher levels clearances and he got flagged. He was like they're like, you know this guy? They're like, oh my God. So they started to research me but for the, for the course of a year, I was the guy who always got pulled out at the airport to get searched and I was like Dude, this is crazy. And then even on connecting flights, I go from like Boston to Baltimore to, you know, seattle, and in Baltimore they'd pull me out and I was like Boston, just check me. Like seriously, what's going on? Come to find out.
Speaker 3:My lecture that I had posted got picked up by the government of Malaysia and they put it on their website and they were like look how horrible Americans are. And you know, microsoft is supporting them, stealing things and that sort of stuff. And if you're a US citizen and your name shows up on a foreign website, you instantly get on this, this watch list, where you go pull that. Yeah, so that's how my love of security made it hard to travel, or a cryptography that made it hard to travel, but more was just the love of the mathematics and the puzzles, like that's why I love offensive securities. It's the puzzle.
Speaker 2:He's off the list now, but he's still not going to Malaysia.
Speaker 3:I'm still never going to Malaysia.
Speaker 1:How do you get started? You know going down that path right, because that's that's an area that's always interested me.
Speaker 3:I know it's always interested other people? Yeah, but the good news is it's all starting over. That's good. That's the good news. Yeah, it's all changing.
Speaker 2:So let me, let me jump in here. So, yeah, math is a part of your future. If you want to be in cryptography, a little bit of math, a little bit at least. There's some really good YouTube videos that will explain step by step, using really small numbers, how to do RSA and how it works for for asymmetric encryption.
Speaker 2:So the first thing you need to understand is there's two different types of encryption. There's the one where we share a key I hope you don't mind me going through this here, no, it's great. There's one where we share a key and we have to be in the same place or in a secret compartment or the cone of silence, if you remember, get smart or whatever and we have to share that secret, which is not always possible. When I go to a vendor that I've never visited before, I have to share a key in public. Right, that's where public, private key encryption, rsa, elliptical curved. If he helmet come in, okay. So that's, this is current day encryption. So with symmetric encryption, it's fast and it handles very large things. If you encrypt a file or hard drive, it's symmetric encryption and you may be like, okay, well, what about a transaction on the internet? Yeah, every time you order something on the internet, it's using symmetric encryption for all your communications. But how did I get?
Speaker 3:How did I get that key?
Speaker 2:Yeah, how did 1,800 flowers free plug get that key so that I could have a secure transmission? Well, they exchange the key as part of a symmetric encryption with RSA, because it is not suitable, it's not fast and it also doesn't accommodate large pieces of information, but it's enough for us to share a secret key. So RSA is really the big standard, but you can also use elliptical curve, and they're all using the discrete log problem of. It's really hard to take really large primes, multiply them together and then factor those primes, because that's how you break it if you're not one of the Pete parties to the encryption.
Speaker 2:So fast forward to quantum computers, and quantum computers, through Peter Schor's algorithm mathematician professor at MIT, will break RSA not in a billion years or a trillion years, which is what it would currently take, but in minutes or hours. And so when quantum becomes ubiquitous, which is probably not more than a decade or certainly not more than two decades away, then we need a new encryption standard that we're already been using, and so NIST has come up with new encryption standards based on mostly crystal technology and which is more geometric, and so the good news is, if you want to get an encryption now, you probably have to learn what's going on now, but you have to really focus on what's coming, and so I would encourage organizations to start getting ahead on this, because if you thought the old stuff was hard, the new stuff's going to be harder.
Speaker 3:Yeah, when you start talking about crystals dilithium and crystals kyber and, like I know, right. So crystals.
Speaker 2:kyber is the key encapsulation mechanism. It's the RSA encryption mechanism replacement and dilithium is the signature technology using crystals, and we could do a whole show on that, but maybe we should. But it's a good time to get into it because you can start learning about this new technology and learn a little bit about the other and you'll be in demand because the government has mandated that organizations start using. If you want to work with the government, you're going to have to start using the new encryption because there's fear that the certain nations that I probably won't travel to anytime soon, like Russia and China, are collecting this information so that they can crack it later. Right.
Speaker 3:Using the old encryption. Imagine if you could collect all of the encrypted data today and knowing in about 10, 15 years you'll be able to open it all up. It won't be declassified at that point, but yeah.
Speaker 2:It will be to you. Did that answer your question or did I go way off in a tangent?
Speaker 1:No, I think that makes sense and I think that they both build on each other. That was actually going to be my follow-up question, because I find it interesting and me as someone that is paranoid, I guess from the job market, I always want to be ahead of the curve. So 10 years ago I identified cloud security as something I wanted to get into. Did the work in the cloud security. Now it's like okay, I have that expertise, when am I going next? Well, quantum is where everything is going next Come on Aquano.
Speaker 1:How the hell do I get into quantum?
Speaker 2:If you think it's hard to find engineers for cyber, wait 20 years and watch quantum, because, oh my gosh, it's not that hard if you're willing to have an open mind, but there's some basics you've got to really accept. The hardest part about the quantum stuff is once you start getting into it. Is you want to understand why? That's a dangerous question? Because, honestly, we don't know why You're going to be disappointed into, just like suspend belief and act like it's a Superman movie. Oh yeah, he can fly, just move on.
Speaker 3:Now what can we do? He can fly, Assuming he flies. Now what do we do? Yeah, exactly.
Speaker 1:So the two solutions that you talked about are those what's considered like, it's like quantum resistant technology.
Speaker 2:Yes, yeah, they're quantum resistant algorithms and they're trying to. Nist, the National Institute of Standards and Technologies, came out with their recommendations. They started with 57 different mechanisms and they had all sorts of cool names, and some of them are still going to be in use, but the winners seem to be the crystalsorg. There's a company called Crystals. They don't sell Aura charts or anything like that and they've come up with these algorithms. There's a company called PQ Shield that's very heavily involved and if you're interested in this, you might want to get in their mailing list. They sent out a lot of interesting articles. They did an article where they talked about what it would take to take the signal app, the communications app, and change its algorithms to be quantum resistant and use the new algorithms. So there's a lot coming here. There's also a lot of promise that quantum itself will solve some of these problems with quantum key distribution, the ability to generate unbreakable keys using quantum technology. But that's kind of a chicken and egg thing. You can't wait for that because by the time that's ready for prime time, your data's already toast. So you need to get ahead with the nist recommendations, the crystal stuff, and then get into it.
Speaker 2:I can explain the crystal stuff a little bit more. But yeah, sure, okay, all right, glutton for punishment. So imagine a matrix, a diagram, just a 2D XY axis, and so if I say the matrix is 1, 1, that means every whole number point on that whole grid is a potential point. It's a valid point in the matrix, in the lattice we call it. Now. A two-dimensional array is pretty simple and you can imagine things with it. But if I say it's 2, 2, then that means 0, 0 would be a point, 2, 0 would be a point, 2, 2 would be a point, but 1, 1 would not be a point on that lattice. It's not a valid point. So I can basically come up with any number of lattices that I want, but they're always whole numbers and it's an infinite space.
Speaker 3:Now-.
Speaker 2:That's an n-dimensional, yeah, but now multiply it by a thousand dimensions or a hundred dimensions. And if I look at the 2D space and I say, ok, I'm going to give you a number, I'm going to give you a point that's not on the lattice, and we're going to use the most, the closest valid point on the lattice to that as the key. And you're going to be like, well, that's trivial, I give you a point of, I give you a lattice of 2, 2, and I give you a point of 1.9, 1.9, right, and the 2, 2 point is the closest point. That's easy to see.
Speaker 2:But what they do is they build in errors. Learning with errors is what they call it, which I still haven't got a good analogy for it. They build in some errors and then they multiply it by a thousand fold and then it becomes really, really hard for a computer to figure out where the closest point is, and it becomes impossible for humans because we can't think in a thousand dimensions. And so they're using a geometric relationships and there's different ways of relationships that you can use. So that's what crystals is doing. That's what lattice encryption is all about. I hope that was quick enough, wow.
Speaker 1:Yeah, I mean.
Speaker 3:I was going to say it's enough to bake your noodle. It's fun.
Speaker 1:Yeah, like I feel like I'm done for the day now. You know, like I'm just going to tell my boss hey, like I went too deep on quantum, I got to take it. I'll be back next week, I'll be back next week.
Speaker 2:That's all you need to know. Yeah, well, and again, if you nibble at it, you'll get there, just like cyber. None of us learned, none of us became cyber engineers overnight. It was a process. Quantum's the same way, ai is the same way. And I think those are the three key technologies that if you're good with one, you can do the others, because it takes a. You got to be curious for all of them. And I think unfortunately, they're going to compete for each other, for people.
Speaker 1:Yeah. So with when we're talking about going into an emerging field right like quantum, how do you become recognized, as you know, knowing anything that knows about it. How do you become recognized? Because there's no certs, there's extremely few jobs. Most companies aren't even thinking about quantum right now in order. Do they want to?
Speaker 2:So here's how quantum would work in my opinion. And first thing is you got to know what you're talking about. So you got to go and consume and understand the basics and you've got to look. You're going to, you're going to go to lectures. My first lecture on quantum computing was More than ten years ago, before there was a quantum computer, and I was like fascinated by it.
Speaker 2:And then I saw, I seeked out people, I started reading books, I brushed up on my math which it was pretty good anyways and then a big turning point was I took the MIT courses on quantum. I actually went and, you know, had to pay something for it, but they were great. They filled in some blanks and I found like-minded people and I started doing presentations at code camps and Other user groups on the topic to become, you know, well, this is the guy, he's speaking about it, so he must, and I admitted early on I'm an amateur, I'm just learning it. And then I managed to start a podcast three years ago with a guy who's you know, one of the brightest guys I've ever met, outside of present company, of course, and and I've been doing this podcast, so I've been talking to professors and CEOs the government of Finland Seeked us out to talk. So actually having a podcast not a bad idea. And I would say that I'm pretty well known now in the small pond that is quantum, because I talk about it all the time and I'm reading about it all the time and the guys send me articles all the time and I'm constantly bringing it places like this where no one expects it.
Speaker 2:But, honestly, just being able to have the conversation and applying for the job and knowing the terms, you're probably in the secret handshake is yeah, you know you, somebody tells an entanglement joke and you get it, you know, or something like that. Or or somebody makes a reference. They might ask you some questions, but if you know your stuff, it's really not hard because there's so there's gonna be so much demand. We're still very early days quantum if you're not doing the hardware stuff, but you can program right now. So I'm gonna reveal something and I know I'm doing too much talking.
Speaker 2:We were gonna do a startup, dwayne and I with some other friends, where we were gonna build a product to help develop new material science, new materials using quantum. Microsoft just released it and so we killed our idea. But it's Microsoft, my Microsoft, has a Quantum essentials. They basically will help you take development of new materials and Accelerate it the way most people think it would take AI to do. But really you need AI plus quantum, and so there's tons of opportunities. There's gonna be tons of startup and in the next five years We'll probably see tons of money going into startups not for AI as much, but the money will switch over to quantum, so it's a good time to get ahead of that.
Speaker 1:Yeah, I got a lot of work.
Speaker 2:You're still sleeping, I bet you know there's a lot of.
Speaker 3:Tell you he has a nine-month old. He isn't sleeping.
Speaker 2:He's asleep. There you go. Yeah, what we talk about sleep.
Speaker 3:What is this sleep thing you talk about? I?
Speaker 2:Mean it's self-serving, but podcasts go a long way, so this I love Patrick opens up with.
Speaker 3:Well, all you got to do is take the courses at MIT, and then, you know, I didn't build on that as a foundation.
Speaker 2:You're like oh, I didn't have to go as get accepted as an undergraduate.
Speaker 1:Just pay, yeah because that's, anyone can just go to MIT.
Speaker 2:Honestly, if you have $1,500, you can, but you have to also understand. So I'll be full disclosure. I spent it was only 10 hours a week for eight weeks, but I was spending another 20 hours a week on math, yeah, on revisiting linear algebra, matrix math. I went back to you Euclidean geometry just because I was trying to understand some of the things they were saying and I got a lot out of it. I mean, I got every single little bit out of it. So your, your mileage may vary, but it was very helpful to me.
Speaker 1:Huh, well, you know, in the next five years, I mean this will be, this will be where we leave it. Of course I don't mean to go over time. I know you guys are busy, but you know, if you had to pick three fields for people to start getting into, right, obviously quantum is gonna be one of them. What are other emerging fields that you think are gonna be? You know, blowing up will be beneficial for someone to. You know, get some sort of specialty in to kind of, you know, secure that career, that career.
Speaker 3:So one that I would offer up. You know, of course, cybersecurity, but cybersecurity is too general. I think what we're gonna start seeing is cybersecurity around AI and, and more specifically, you're gonna start with things like cybersecurity around LLMs and Then move into more. You know, securing the corpus of data that an AI may either have access to. So I think you're gonna start to see more fields around really artificial intelligence.
Speaker 3:You know slash machine learning, but but yeah, and and cybersecurity, I think that's that's gonna be a hot field coming up very shortly. And then obviously, quantum. Yeah, I think you know quantum in general, but then quantum cybersecurity is a whole other mind-blowing thing Around. You know understanding how lattices work and crystals and how to do entanglement of data, and you know there's there's a lot going on there too.
Speaker 2:If you want to be specific, I think it the the, the new quantum resistant encryption is a big space. Hmm, as we were talking about, as Dwayne was talking about, the AI. You know, put the security on AI. You gotta understand AI and you gotta understand security. That's an intersection that's gonna be big. But if I had to go big picture, it's gonna still be quantum AI and cyber. Those are the three fields that are gonna keep on, those are the gifts that are gonna keep on giving, and then it's the Intersections and maybe there's something new that's gonna get invented we never heard of, but big data is still big and and you know, can't material science is gonna be impacted by all of these.
Speaker 1:Yeah, it's. Uh, it sounds like we probably need to have another conversation, maybe, maybe, in a year we'll be able to.
Speaker 3:Maybe, we'll make it semi-annually.
Speaker 1:Awesome. Well, before I let you guys go, you know how about you tell my audience. You know where they could find you, what your podcasts are and your website and all that good information so they could they could locate you and learn more about you if they want.
Speaker 2:So we pulse our securities, the company we work for, that we you know we founded Security this week. Calm is where we talk every week about cyber and Entangle things. Calm is where I talk about quantum and Dwayne tries to avoid, and that's about it. We go to conferences, we speak at code camps and things like that. We're gonna probably start a few up in New Hampshire. We're about an hour north of Boston, so that's where we are. If you're looking for me, I'm in the basement with my guns, so make sure I know you're coming, yeah.
Speaker 1:Awesome. Well, thanks guys. I really appreciate you coming on. It was a fantastic conversation. Well, I absolutely have to do it again, you know, sooner rather than later. Thanks, joe.
Speaker 3:I can't be awesome. This was a lot of fun. Yeah, anytime, joe.
Speaker 1:Absolutely. Thanks everyone. Hope you enjoyed this episode.