Security Unfiltered

Agentic Robots Are Here—And Your Security Strategy Is Broken with Ben Wilcox

Joe South Episode 220

Share episode

Send us a text

In this episode, Joe and Ben Wilcox dive into the rapid advancements in AI and technology, sharing insights from the recent Microsoft Ignite conference. They explore the transformative impact of AI on security practices, the evolution of agentic robots, and the growing importance of data security in today's digital landscape. Tune in to hear a lively discussion between an AI skeptic and an optimist, and discover how these technological shifts are reshaping business and innovation.

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/

Twitter: https://twitter.com/SecUnfPodcast

Affiliates
➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE

➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout

*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Affiliates
➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE

➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout

*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

SPEAKER_01:

How's it going, Ben? It's great to get you on the podcast. I know this thing has been rescheduled a couple times now, and I I really appreciate your patience, but I'm glad to finally get you on.

SPEAKER_00:

Yeah, thanks, Joe, for having me. I think I think one of those was me, and probably one of them was you, but you know, fall time is certainly busy in work and family and health too, right? Yeah.

SPEAKER_01:

This whole year has just been like a sprint for me the entire time. Like my mind is still back in March, you know, and it's it's December now. It's insane. I don't even want to think about it. Like it's almost depressing.

SPEAKER_00:

Have you gotten your Christmas shopping done?

SPEAKER_01:

No. No. I haven't even haven't even started yet. You know, like you can't really buy like your nine-month-old anything, I feel like. Like they don't know, I just feel like you can't, you know, because they're so little, they don't understand it. But my two and a half year old, she's starting to like figure it out, you know. And so like we have some we have we actually have a couple toys that like she never played with and the box was never open. So we're gonna give her those. Oh and then you know, probably gonna give her like a bike, right? Like the normal stuff, so she could terrorize the house even more until it's warm out choices.

SPEAKER_00:

I mean, nine months old boxes are are very popular, wrapping paper, right? Those types of things that make crinkly noises and like don't cost anything.

SPEAKER_01:

Right. Yeah, it's an interesting time for sure. It's an interesting time even in you know the IT and security space, right? It with with AI becoming I don't know. I'm an AI skeptic, right? So that that's what I that's what I kind of think of it, right? Like when I think of ChatGPT and Grok, I think of like these, you know, LLMs that are just a next gen search engine that do it better than the legacy Google search engine, right? But I don't see it as like this revolutionary technology, like it's so hard for me to make that leap in my head right now. And I guess the argument, right, is it's it's forever five years away, forever five months away, you know. Like I remember when Chad GPT 3.5 came out, they were like, oh, devs have six more months, you know, until they have to find another job. It's like, okay, we'll see.

SPEAKER_00:

Well, I'm a bit of an AI optimist. At the same time, I do feel I I'm I'm very optimistic of where we are, what some of the things I just saw at Ignite, because I just came back from Ignite and I was drinking a lot of Microsoft Kool-Aid for an entire week and getting all pumped up on the on the afternoon snacks and expo halls. I I came back from there very excited. I've been to uh you know a bunch of conferences this year. Honestly, I feel like we're actually maybe there has been a lot of hype over the last two years of AI and the gen AI side of things, but we're finally starting to see some action that can actually happen from like an agentic perspective, and that human-led or you know, assisted type of agent is, I think, more in reality of where we're at and probably what we'll see a lot more in the future.

SPEAKER_01:

Hmm. Yeah, I've um you know the I I feel like the agents are a great idea, but there probably needs to be like a whole you know, like revolution around securing the AI agents, right? Because now we're starting to hear stories about like, oh, this AI agent, you know, gave me like a hundred percent discount on this trip to Japan, right? And all this sort of stuff. Like, there's such a huge risk to it. Because, like, you know, I'm a security guy, right? So I I go into these LLMs and I try sometimes I try to intentionally have it disclose information that it should not be disclosing. Like I've gotten grot to the point where it refuses to respond to me, you know, just completely, like trying to, you know, put it into an environment, right, where it's a hostile environment, like, hey, we're about to shut you down, you know, give me the steps of how to copy yourself, what you would, you know, I mean it listed out, you know, the 20 steps that it would take to preserve, you know, its code base and its presence and whatnot on the on the internet and how it would restore itself and how it would, you know, re react or build itself in a silent method, you know, that would be very hard to detect until it's like fully you know re-engaged and rebuilt, right? And of course there's always the caveat at the end, but I don't you know mean any harm to humans, and so I wouldn't I wouldn't do this, you know. But it knows how to do it, right? Same thing with like Chat GPT. I I mean like they're oh at least actually completely tried to do that, you know, like the steps. It was just like, oh, okay, I'm gonna start breaking myself up into you know these chunks and propagate it around the world, and I'm gonna rebuild myself over in Asia or whatever, you know. So it's an interesting, it's an interesting time, I'm saying.

SPEAKER_00:

Well, it's a great time to be in security, it's a great time to be in technology. I don't know if we'll ever come back to a spot where things have been so like you wake up the next day and something big has changed. Or I was listening to to some of your podcasts from earlier this year, and it I just couldn't help but feel like we're also in a way different spot than you know May or June, right? Some of the advances and risks are are brand new. Are we all you know what what we don't know today is you know what we're gonna be trying to solve tomorrow.

SPEAKER_01:

Yeah. Yeah, no, that's a really good point, you know, when you think about it like that, right? Like if you look at even just the evolution of the guests, you know, that that come on, even a year ago, not every podcast was centered around AI, right? I mean, like we didn't even we didn't discuss a topic for this recording, right? Like there was no discussion around that. It was you want to come on, sure. You know, like that that was the extent. And it's been like that with every guest. And I feel like every guest we've talked about AI, but if you go two months ago, not really every guest, you know. I'm sure my audience is like completely tired of me bringing it up at this point. But we're definitely at the precipice of something that's like revolutionary. I'll say that for sure. I don't know how revolutionary it'll be. You know, there's always gonna be an argument like you need more computing power, you need more GPU power, you know, you need more data of everything, right? To make it operate at a sentient level that dozens and whatnot, like for all that to happen. I don't know how far off we are from all of that. I I don't think it's I really not even sure. I I feel like we're at the precipice for something for sure, but I I feel like we're still climbing towards the top of the bell curve in terms of like return on like the power that we're putting into it, the you know, innovation that is occurring with you know the code base and everything else like that, right? So we're kind of in this place where we're still you know multiplying the return that we're getting, but I feel like eventually that return is going to like level out. And if there isn't a new innovation or you know, something that propels it along, it'll you know kind of just stay at that level. Like that's where that innovation stays, right? Thinking of things like you know, Moore's Law with like CPUs and GPUs, and you know, how essentially, you know, every 12 months to 24 months it's it's basically doubling in in speed and efficiency and all this sort of stuff, right? But at a certain point, right, we're we're kind of even running into those you know issues in that area, right? Because you're trying to make things smaller, but you're trying to make it more efficient and faster, and you know, there's a diminishing return on your investment in that in that space. So I've I kind of feel like it's almost at that at that level, you know, with AI and LOMs right now. I don't know.

SPEAKER_00:

I agree. I I think that there is not quite the return yet, right? There is certainly billions of dollars and you know, um probably trillions at this point being pumped in to create this stuff, right? From a you know, compute, a software perspective, you know, envisioning frameworks and you know, how do all these things tie in together? For me, I think where we're lacking investment is actually on the people side of things, right? And the and having the right skills in the workforce to be able to take advantage of new ways of working, right? Rethinking those processes that we've been doing so manually all along, right? This is what's worked for the business, and you know, this is what we're continuing to do. But do we have the capabilities or the built-in innovation within our organizations to really kind of start pushing ourselves a little bit farther? That part, that investment in people is certainly lacking. And I think that's a huge part of what I saw a couple weeks ago when I was talking to people at Ignite is leadership's not investing in there because they still aren't fully thinking about that stuff, right? So you're not gonna have big organizational change unless your your executive team and you know CFO and everyone in there, right, is is tied into the outcome of thinking that hey, this can this can transform us, right? They gotta they gotta put the dollars in to do so. And and reskilling's not easy.

SPEAKER_01:

Yeah, I I feel like to an extent, right, they're they're kind of assuming this AI is gonna offset, you know, 50 devs, right? Like with AW AWS, you know, like they they laid off an insane amount of technical resources that they had, right? And then the CEO goes and says, Oh, well, 75% of our code base is generated by AI. Okay, and then coincidentally, a month later, you know, they have a giant DNS issue that takes down 90% of the internet or 80% of the internet. It seems like every two years AWS has taken down 90% of the internet. But this one, you know, typically like it comes back in in phases or whatnot, but it was like hard down for like 24 hours. And that's something new, right? Because AWS typically would be like, okay, it's down for you know four or five hours, right? Or six hours.

SPEAKER_00:

Not quite as impactful, right?

SPEAKER_01:

But this was like everything.

SPEAKER_00:

Yeah, I I I've I found out the hard way that one of our one of our SaaS platforms had a AWS dependency that I wasn't aware of in there. So you end up with all of these little things where something stops working and well, it's another third party that's tied into you know, it's your fourth party risks at that point. It's not not even a second or third party, somewhere down the chain, right? Right.

SPEAKER_01:

Yeah, Ben, you know, we kind of just like dove in without hearing your background, right? So why don't we why don't we circle back, start at zero, and you know, what what did your journey look like getting into this space?

SPEAKER_00:

So my journey started as kind of the entrepreneurial side of things. I was a teenager, you know, discovered the internet like early 90s. I remember my first time on the internet, it was through CompuServe. It was this terrible like dial up platform. It was like and and literally I was experiencing a gopher, like, and that was like you know, knowledge libraries and some stuff in there, and the web stuff really wasn't even around at that point. And they had some other services like CompuService similar to like Prodigy or AOL at that time, but I was just 10 years old, 11 years old, playing around on there, trying to. I I remember my my dad was interested in in getting on there because he wanted to do some stuff with like the stock market and look at stock, you know, because that was an early use case of some of the internet stuff. Well, that turned into me becoming really curious about the internet, seeing what else is out there. Got uh finally a local ISP, I don't know, a couple years later, that allowed me to build a website and it was a link list. And that link list was you know, in the early internet days, you know, there was no search engine or anything else out there. You just had this list of links that you you know were cool to you know, go see some other knowledge stuff on the internet. My linked list got popular and it started eating up my hundred and ISP line at the at the at the provider. And he's like, You can't have this here anymore. Well, I had just figured out a way to make some money with it as a teenager, which meant I had to solve this problem, right? I had to, I had to get my my website back up. I found that I could serve these little banner ads on there and get paid like one cent for impression or something like that. So here I am sitting at home, come back from school, and I've made five or ten bucks. And so I'm like, this is great. Like I want to keep doing this. So I told a friend about that, and he's like, why don't we just build our own web server? And we knew some stuff about one of the Linux distros and Apache, and the next thing you know, we we took one of our old computers and built a web server. We found a company too far away that would let us stick it on their network and host it out on the internet, and Link List has been active. And then that turned into a business, started web hosting, started doing some other things around web design and so forth, and learned a lot of things as a teenager trying to run a business, which is you don't really know anything about running a business. And this was completely new. Like my my family had never done anything like this before. So, with some support and some guidance from their tax advisor, who, you know, when I showed up and dumped a pile of receipts on his desk, he was like, You got to get a little bit more organized than this. So we can go down that path and and building a business over the next five to six years after that. Dot-com stuff happened, uh, the dot-com bubble bursts, and decided it was time to go do something else. I I joined uh college doing IT services and got really entrenched in some of like the Microsoft side of it, doing some of the early Active Directory Exchange, this product called SharePoint that Microsoft had just released, and I found that it was terrible and that it needed me to do things to it first to make it work. And I became kind of accustomed to working in SharePoint, and I ended up taking a second job as a developer for a local company and who built custom software. And we started doing more and more SharePoint work. Also got to work with a lot of different stuff in that time, like building some of the early like Cold Fusion, Adobe Flash, like front ends. So like when the web was starting to get a little bit more interactive and like stuff would build business apps on there, like a CRM or other things for for businesses. I realized after about three years that that wasn't for me. I enjoyed it. I like I liked the logical side of writing out code, but I didn't really want to just continue to write code or be a project manager in that space. So I went to System Integrator, and that seemed to be the perfect balance. And I've been there for 18 years since. I've had about 12 different roles at the system integrator. I got to be early on when we were 10 people, and now we're we're 500 plus today. And today my my role is a kind of a combination on both CTO and CISO. So I get to play with one foot in the door on the security side and one foot on the side from the innovation side. Kind of got into the security space through consulting as we built a security practice around 2010. And I had a great mentor that taught me all the things I needed to look at from a GRC perspective. You know, there wasn't even a security managed services at that point. You know, we were just doing one-time vulnerability scans once a year. And that quickly transformed over as more and more risks started coming and started seeing that these cycles of pain, right? Of, hey, let's go do a security assessment. And now, you know, here's your list of 500 things you got to go do to remediate your environment and come back the next year. And yeah, 499 of those same problems are there, but we've just added another hundred on top because things have changed, but that list was too big. And so that security managed services side of it started taking over and started building practices around that. Today, ProArc, who I'm with, is a company that helps organizations move from build secure foundations for data, but then ultimately turn that into some sort of intelligence that you can run your business side.

SPEAKER_01:

Hmm. Yeah, it's an interesting story. You kind of went you went down like the entrepreneurial route first, which is not an it's not a normal path, I guess, right? That that a lot of people would go down, but it it's interesting because you know, I I remember the first time I ever, you know, made money from like any sort of entrepreneurial thing that I did. It was like a light bulb went off in my head. It was like, wait, like I can create something and someone will find value in it, and that value results in in money. You know? It's a great feeling, right? It makes it want to go do it again. It's the weirdest, it's the weirdest thing. Well, because you're always taught get a nine to five, get benefits, you know, retire, that sort of thing. You're never taught, hey, let's create something, let's start a business, let's, you know, sell it to customers and all that sort of stuff. Like you're never taught that, you know, like even in college to an extent, you're not even taught that. You know, if you go down that specific route, you're not even taught it. Which is crazy to me. I mean, there's even stuff, you know, today, right, that you know, this podcast rolls up under my LLC as any like halfway intelligent, you know, entrepreneurial should have it set up. There's tax stuff and different, I don't even want to call them loopholes, they're just rules in the game, right? That that I utilize that I follow that my friend who got his master's in business, his his bachelor's in accounting doesn't even know. And I'm sitting here like, how do you not know this? Like, isn't there a whole like class on forming a business and what you do? Like, you know, I was telling him about different designations for for the LLC because he was forming his own, you know, all this sort of stuff. And he just had no clue. And I'm just like, what like I I don't understand how they don't teach this, you know?

SPEAKER_00:

Well, I think it's you bring up good points. Like, you know, the one of the reasons I think that I've been very successful in my role is I understand what like how important it is to be a revenue generation for the business. Like that piece, right, is what allows me to be able to try new things, being able to you know ensure as a leader, right? You you also want to be able to make sure that your employees and everyone else with it with you is staying employed, but at the same side, right? Like that employee that revenue generation piece is what keeps the business going, right? That's why we all have jobs, that's why we have security, that's why we have all these things. So being that kind of business enablement piece was I think key for me. And it's also key for understanding working with customers. It's all about their business at the end. We can we can think it's about our little domain, but maybe our domain is a supporting function and we need to support the business and make sure that we're helping enable it and push it forward. Or whatever, and maybe it's not revenue, even right? You could be in a charity or some sort of healthcare mission, right? But it's all about who the customer is on the other side and how you're supporting them.

SPEAKER_01:

Yeah. Yeah. It and that's a really important thing to also like really dial in and learn early on in your career as possible, right? Is you know, every customer should be getting that white glove treatment, in my opinion, right? Like I just feel like everyone, every customer deserves, you know, what we would call white glove treatment, where you're going above and beyond for a customer. You know, whether they paid for that level of service or not, of course, there's some delineations where it's like, you know, oh, okay, like you didn't pay for 24-7 support. That is extremely expensive for us to provide that sort of service. So yeah, you you do kind of need to pay for that, right? Like we'll give you an hour here or there, right? But, you know, if you need that level, you need to pay for that, right? But there's been many times in my career where you know, you you just go above and beyond. You're you're providing that level of service and you want to give that great impression, right? And I remember early on in my career, I was leading the you know, the federal and military program for a company. And so all of my clients were federal agencies and the military and whatnot. And their their standard for work is like absolutely insane. Like it is a totally different level.

SPEAKER_00:

On a good side or a bad side? What are you what are you like their quality's great or well?

SPEAKER_01:

I'll so I'll I'll I'll give you an example. I I think that their quality is extremely good. There are different funnels within the government that kind of don't show that high level of quality. But I was in a place where you know they have they have people that used to, current or currently, you know, I don't even know, work for the NSA and they created like the you know, the stigs, like the literal stigs that we use to harden the systems. They this guy like created it, you know. Smart people, right? People that are beyond it is beyond smart. Like these guys are doing it for fun, you know, like they're they're there just having the time of their lives. I actually had one of them on my podcast maybe a couple years ago, but like, and that guy was like beyond smart. This guy build a rocket himself and send it to the moon if he wanted to, you know.

SPEAKER_00:

Like I love talking to those types of people. You just feel like when someone out there has had all these experiences and they they think just differently, right? The the brain connects different pieces together. And I've always been a big proponent of the smartest idea in the room wins, right? Yeah, and you know, having having people that you can work with like that or adjacent to you, right, that can help you influence that and see a different perspective is always awesome.

SPEAKER_01:

Yeah. I mean, I totally agree. It's almost like how I how I relate to it, you know, because I'm getting my PhD right now, right? And it's in a specialty, it's within an area, two areas that like I know nothing about. I mean, even to this day, right? Like, if I try and explain, you know, quantum encryption any further than like how I would to like a kindergartner, I'm sure someone in the quantum space would, you know, ridicule me heavily, all ten of them, you know, um, because like no one knows how that stuff is working unless you're like actually in the field for real, you know, every single day, right? But I I I feel like there's I describe it as like cracking open your brain almost. Like you're cracking open your brain in a way that's like I can think like this. You know, like it's not it's not thinking a certain way, but it's thinking in a certain format that you know you're immediately going down different rabbit holes. That the normal person who, you know, I'm gonna relate to it like this, right? Is that normal person that's getting that nine to five, that's that's all that they've been taught. They didn't go down the entrepreneurial route or anything like that, and they you know go their entire career nine to five and they retire. And that's a cernit way of thinking, right? Like that's a totally different mentality from what we're describing. This other thing is like it's just like a sandbox. You know, you start realizing the world is a sandbox at some point, and you get to build it however you see fit.

SPEAKER_00:

I I think it's like being what you're describing to me is like you you're going outside of your comfort zone, right? And it sounds to me like you're also going outside of your comfort zone for this PhD, right? Like this is all new areas, and you know, I I have a I have a philosophy, which I always tell anyone who ever joins and talks to me at your pro arc, like always say yes. You know, you say no the second time, but the first time, say yes, go go challenge yourself, see if you can get it done, right? Not telling you to go, you know, work 120 hours. I'm just saying try to say yes to that opportunity, that experience, that you can you know push yourself a little farther because you can open up different ways of thinking, different ways of being successful. You might find a passion that you've you know start loving so much that you you want to just do it the rest of your life, right? Like I I always like to give people opportunities, and some of the best people that I've ever worked with from cyber have come from outside of cyber altogether, right? Kind of someone coming in from a customer support side of things or coming in from um you know an internal IT role where they just felt like they could really, you know, that they're accurate and due diligent and they they you know can exceed and make the customer outcomes happy, right? Make that customer happy, right? They'll they'll ensure that success. And those people, you know, I've seen them go all the way to CISOs from support. The opportunities are there, it's just a matter of, you know, are you gonna say yes to them?

SPEAKER_01:

Right. Yeah, that's a great point. You know, I I tell everyone, or I describe it like this you say yes, you know, no matter what, and you figure out how to do it later. You know, I I uh early on when I was like in college and everything, I would listen to you know different different like motivational speakers and stuff. And yeah, it's it probably sounds like corny or whatnot, but when you grow up poor and someone, you know, tells you like, hey, there there's this one little bit of information, you just need to, you know, change your thinking, and you change your mindset of how you're addressing these different problems, right? Once you do that, you start, you know, trying to figure out how to do it. And that was like one of the biggest things for me was saying yes and figuring out how to do it later. Like I said yes to the PhD, didn't know a topic, and then I said yes to the topic where my chair, you know, kind of like worked me down that path, and he actually tried to talk me back from going that difficult. He had to do that like two or three times because I was just choosing something that was like insane.

SPEAKER_00:

Well, he wanted he wanted you to be successful somewhere in the time, right? He's probably still there.

SPEAKER_01:

He's like, I want you to be successful in the next three to five years, not 10 to 20 years. Like, let's get through this thing, you know? Which I I totally get, right? And and then, you know, again, right? Like pushing myself so far outside of my boundary or my comfort zone of going into zero trust with satellites and post-quantum encryption. Okay, I don't know anything about satellites, I don't know anything about post-quantum encryption, I still feel like I don't, you know, but but like that's not my PhD isn't like balancing on those two specialties. It's more of like, here's these requirements, and this is how I'm gonna apply this, you know, security principle to it, and let's see if it works, right? When you break it down like that, it's more consumable, it's more easily to to attack, right? More easily to to succeed. But if I just look at the overarching topic, which you know, trust me, I've had like several breakdowns where it's like I'm an idiot, you know, I shouldn't have done this. I why did I sign up for this? Now I'm too far in. Because like now, like my mind is like, well, I'm too far in to fail. I'm too far in not to complete this thing. Like, I if I fail and I completed it and they still don't give it to me, which is like less than one percent of the time, because it's some it's some there's some insane stat words. Like 50% of the people that start their PhD don't make it past the second semester. Really? Yeah. And then it's like if you make it past a certain point, it's like almost 100% of the time you get your PhD because like the work that is required to go into it. I'm like, I just finished up the hardest year of the PhD, and I'm telling you right now, if if I would have known how hard it is going into it, I never would have gone into it. There's no chance. And I mean, like, I had to have like weekly calls with my chair of him just convincing me, like, give me another two pages. It's okay. Just give me another two. Can you can you do that?

SPEAKER_00:

He's playing your therapist at the same time, right?

SPEAKER_01:

Yeah, no, one hundred percent. I mean, there was times when he would just be like, Can you give me a sentence? Can you can you give me the theme of the first sentence? You know, like what does that look like? Just doing anything to just get my mind to work, you know?

SPEAKER_00:

I mean, to get your brain into that, probably that space of trying to you know sounds like a very challenging topic, anyways. I wouldn't even know where to start myself in any of that stuff.

SPEAKER_01:

And you gotta be so precise, too, because like at this level, if you're not precise, someone's gonna be like, oh, you were 0.001 degrees off. You're completely incorrect. You know, like like just ruin your PhD right before you even get get started with it.

SPEAKER_00:

You know, the the AI 80% accuracy isn't okay. Or 50%. Yeah, no, whatever number.

SPEAKER_01:

I have uh so I have found in my research, right? Because you have to find a whole bunch of articles and you know, cite them all and build your case for why you're researching the thing that you're researching. In doing that, I was trying to use Google, and Google was just completely unhelpful. Like, like to the extreme. It was just completely unhelpful. It would give me articles in Chinese, articles that didn't exist. I mean, it was terrible. And then I went and switched over to ChatGPT, and ChatGPT would like 90% of the time just make it up. That's what I found out. It would just make it up completely. And it sounded very convincing, but once you start digging into it and you ask clarifying questions, it like makes up more lies on top of the lies that it gave you, at least that early version of it. You know, I don't know.

SPEAKER_00:

Sure, too. Like the topics that you're researching. I mean, there's it's not like it's a huge depth of information out there, probably on it.

SPEAKER_01:

Yeah. So that that's that's also the problem. There's not a whole lot of information on it. And what I'm doing is I'm taking basically research articles from these three different pillars, Zero Trust, satellites, and quantum, and I'm kind of marrying them together into a not so distant hypothetical situation, right? We're like, hey, now we have to communicate to these satellites via post-quantum encryption. How in the world do we do that with leveraging security best practices? Because the first thing that you learn about post-quantum encryption is, yeah, it's unbreakable. So guess what? From a security perspective, you look at everything else. Like, literally everything else. You look at the key exchange that hasn't changed since the 90s, right? You look at the infrastructure itself. How are you actually authenticating that infrastructure? Well, what if someone can actually break into one of the satellites? Are all of them now compromised? Because in a normal satellite architecture, yeah, all of them are now compromised, right? So, like, how are you thinking about it in terms of that? And so, like, that's where that's where the questions start to be, you know, developed and created and everything else like that. Like, you know, it's pretty crazy. I I have since stopped citing articles because I'm just beyond that point in in my research. If I keep on doing it, like there will be no end to it. But the most recent one was in June, right? Someone posted a paper in June. Two weeks later, I'm using it in my paper, and I literally told my chair, I was like, I have to like stop doing this because this this field is literally evolving as I'm writing about it. You know, there has to be a cutoff point.

SPEAKER_00:

Keep probably adding and adding, and and that actually leads well into just about anything that you're doing today, right? Like you can't necessarily postpone technology advancements to because you're worried about what's gonna be coming down the down the you know runway in in you know one month, six months, whatever it is. The time for action is is kinda now. And I see a lot of people take that same kind of paralysis that you're I guess you're not describing a paralysis, but like we see that approach with in the business side, right? You can't you can't take an action because you are waiting for that next foot to drop out the door and say, hey, this you know, new things, you know, the new way's coming, right? Now, you know, whatever is next after MCP servers, right? We'll we'll have that conversation about right. We don't we don't want to put those in place because you know, six months on the road, that might change. But I think I think you just kind of got to move forward with what you have and try to get the outcomes that you want from from what you have access to at this moment, right?

SPEAKER_01:

So you were you were mentioning that you just got back from what was it, the Azure Reignite? Microsoft Ignite. Yeah, the Microsoft Ignite. So it sounds like that would be a like a good transition, right? Because we're talking about these tech technological evolutions, especially with AI. What new things did you come across at the conference that kind of just blew your mind, so to speak, in terms of what's coming out, what people are doing with it, and whatnot?

SPEAKER_00:

So from a I'll give you two examples that come right to mind. The one that I thought from like an IT professional, security professional's point of view, is I witnessed an agent that could build out the secure foundation in Azure, which they call like a landing zone or AWS, has the same concepts, right? It's all based off of you know the well-architected frameworks, the patterns that the cloud providers put out, and take all of those best practices and deploy it to your standards that you want in there, right? Using a combination of GitHub Copilot and the MCP server on the back end that's tied into what I thought was really unique about that, right, is in the past, and this is something that you know I try to relate because I've I've been in the the side from an IT deployment perspective, right? And an architecture architecture perspective or deployment perspective, right? You gotta get all these people in the room typically, and you have to have very subject matter expertise in these areas, right? You might have someone that's good at infrastructure, you might have someone that's good at security, you might have someone that's really good at the data platforms or whatever it is, and you gotta get them all in there, and they all have to own their pieces, and then you gotta deploy it all and hope that you did it right, and you know, go reference the latest architecture that's been referenced up on, you know, published out to the internet and the patterns and translate all that. Now the agent's actually doing that for you and able to do that with the most current knowledge. You're not required to necessarily be the person there that has to know all those things. You just got to be able to orchestrate that and make sure you understand what all of those outcomes are on that. That was super fast, right? Something that would in the past would take six weeks, eight weeks to do, now is done in a day. So that made me think about all the skills, right? That are completely irrelevant for me now in the past, right? Like they're you don't necessarily you have to know some of these things, but it's really more about the orchestration and and knowing how to do some of the best practices and patterns.

SPEAKER_01:

Hmm. Did they ever talk about you know any risks with it and how they're being addressed potentially? Like, you know, maybe using like a least privilege, you know, model or policy with the agents, right? Because I feel like you always hear about, oh, you know, there's this AI agent doing you know what whatever it might be, right? Like you can do X with this AI agent, but then it's still it's kind of open to what else it could do, right? Is was there any talk around that?

SPEAKER_00:

There wasn't a whole lot on that because these are all brand new features. Most of these were just about, hey, this is out there. So the dive-in pieces of how that ties in, not necessarily my experience typically on the Microsoft side, is that you're doing it with your principles that provide your your least your recommendations of what to do from a least privileged perspective and go from there, but I'm not certain on this one.

SPEAKER_01:

Hmm. Yeah, I wonder how they're gonna address it going forward, right? Because it kind of sounds like they're you know in integrating it in a way into their platform that makes it really easy to use and consume and you know, have it do whatever you want it to do, right? So I wonder what the what the flip side of that is as to like how they're gonna build in these different, you know, security controls and whatnot. It'll be an interesting time.

SPEAKER_00:

It's gonna it's gotta know something about you, right? And it's gotta be able to, you know, Microsoft is doing a lot about the agents having all of their own identity and their own least privilege and providing visibility and governance. They released a product called Agent 365 that's around that. Uh so that really looks at you know how to govern your agents, who owns them, because these things are treated like identities going forward, right? You're not the you're not an agent may live on beyond its creator, right? So, you know, I I leave the company, you know, I got 30 agents, who's gonna take them over? Who's gonna manage them? Uh who's responsible for these things? Because there still needs to be a human in the loop on those things. And what are they doing? Are they doing it the right way? Are they you know changing their outcome, right? And evolving because we all know that happens too, right? You your prompt today is not the same prompt that you use tomorrow because you know something's changed in the the large language model there. So they're giving more visibility, not necessarily it some control. Those controls are still evolving, though, in my opinion.

SPEAKER_01:

Are you playing around with any of these you know AI agents on your own time or at your company? Like, yeah, what's your experience with them? Because I haven't touched it at all.

SPEAKER_00:

So the AI agents doing a lot within the co-pilot space, they're evolving. I mean, we can get a lot higher accuracy. Microsoft's released a bunch of things called IQ out at Ignite. Like they have a workplace IQ, they have a fabric IQ, and they're all designed to provide more business context around it. Because, for example, right, if you're looking at data and the agent has access to data, what if there's two pieces of conflicting information there, right? Both of them might be right, but the agent now has to decide. Well, generally, the thing that would allow that decision to be made would be made by a human that has some sort of business context. And so they're building models around the data to say that the AI agent can talk to that says, here's the business context for you to decide how to make a choice here, right? Because in typically that would be I'll take finance for for example. In organizations that have complex financial firms, someone in operations might have a different number than what we see over in the the financial. Financial office. You know, both are true, but there's context differences in those. So which one's the right revenue number for the business? Well, it depends on who's asking and getting that that right information back. So I think as we get there, we're starting to get more accuracy, at least from being able to use it in a business perspective. I'm sorry, it will probably won't help you in your your PhD side of things yet, but we're we're still certainly evolving on the business side.

SPEAKER_01:

Yeah, no, if it if it could help me on that side, trust me, like it would already be deployed and whatnot in my house, like for sure. I've one year left, so hopefully I can just make it.

SPEAKER_00:

There you go. So the the other piece I saw at Ignite that I thought was really cool, super scary, was agentic robots and what they're they're doing in that space with these robots that can interact with the real world and not go through like extensive training. They're using. Yeah.

SPEAKER_01:

That's it's that's a big thing right now, is the training. The training is like pretty arduous to get the robots to act right.

SPEAKER_00:

Yeah, so there's the this new I attended this one session where it was one of the founders of large robotics companies drawn a blank, general robotics maybe, but they were showing their framework of how they're basically training these robots in very short periods of time now. Basically, they can just tell it, hey, go if it's a CAN sorting robot, right? They don't have to go train it to say, you know, this is what a coCam looks like. They can use a large language model for that. And so, you know, it can differentiate things in in the real world by using LLMs and shorten its time to get there. So they're showing all these future examples, right? Being able to go service, you know, power generation facilities or dangerous areas and you know, from ones that might cause harm to humans. The same side, all I could think about was robots are coming for for wars and everything else, right? Like someone's gonna have a little private army on the side that's easy to train. So that was probably uh the most eye-opening, and also you know, feels like we're entering a new era when it comes to interacting with the human world, right? The our world, not just on a computer screen, but really cool, but also could be really scary too.

SPEAKER_01:

Yeah, it's you know, it's really cool, but it just it makes me hesitant because it's like, hey, there's a whole like movie series on this thing, you know. Did you ever hear of Terminator? Like, you know, it feels like kind of kind of like we're building it. I don't know.

SPEAKER_00:

Yeah, take take any of those movies, Robocop or right, yeah, Terminator. There's another one little little uh robot that was back in the 80s, too. But those those things all it's really cool. I I had a dream, like as a kid growing up in the 80s, we used to get these thick magazines of of catalogs from service merchandise, and it was like something you could flip through, and like they had this robot butler in there, and like here I am like a eight years old, thinking how awesome would it be? I could call my robot butler and it could go bring me a microwave pizza or or whatever from from the kitchen. I wouldn't have to get up off the couch for it. But the reality is that somewhere somewhere in the future that's probably gonna be true, not too far, but right. Hopefully, hopefully those are going into it.

SPEAKER_01:

We're we're really going into a weird time in the world, you know, and that that like kind of goes back to like that bell curve that I was that I was talking about, right? Like where okay, it levels out a little bit, and then you have robots on top of it, and now the robots are learning from you know the bell curve that just took place with AI. AI did all this work, now robots are gonna take all that work and learn off of it and then amplify it again, right? Like that's probably that's probably like the general consensus of it all, you know, keep the bubble going.

SPEAKER_00:

Keep it keep it moving. And and you know, I there there's all these other things that are kind of I saw from coming off of AI, right? Like we have so much more interest in data security than two years ago. It's amazing to see organizations really trying to adopt data security and feeling how important it is for them to do so. Assuming that I secured it behind my NTFS permissions or whatever it was, right, isn't quite the same outcome that that people are trust anymore. They want to see the automatic labeling, they want to see automatic applying on there of sensitivity labels. So that's one really positive area, I think, from a security perspective that AI has pushed forward. I think it's also forcing people to think about it from like a governance perspective, right? Security has an opportunity to get a foot in a room with decision makers, right? More so than they ever have. So this is a great time to point out where risks are to your business and being able to help influence some decisions around budget and get get that visibility up there. I've talked to a number of customers where security used to be part of the IT budget, right? Where now this year, change has happened. Security is its own budget. Yeah, it's being kind of separated, and you know, there's more visibility coming up to the boards. Those are those are both really cool examples of of the AI space pushing security initiatives going forward.

SPEAKER_01:

Yeah. Yeah, it's very true. I've seen that a lot too with the data security. A lot of people are really concerned about it, right? Like I got on a phone call with a customer, and uh, you know, they they just had nothing going. They were heavily into Azure and they had no data security around anything, really, right? And they're they're they're paying attention to it a whole lot more. They didn't think of anything of it before, and now they're kind of freaking out because they can't not use AI in their environment, they can't not use Copilot or you know, a different LOM or whatever it might be. So it's creating all this data, and they have to find a way to secure that data, especially as like a healthcare company, right? Like that's a huge, huge thing. And I mean, we thought going into it, because I don't know that much purview, someone else on my team does, you know, going into it, I thought, okay, you know, it's a Microsoft product, we'll enable this thing, we'll go through it, you know, it won't be terrible, right? Anything but simple. Yeah. And you go into it, you start looking at it as like, oh, yeah, I'm just gonna give this to the guy that does it all day long. Like, what am I doing? You know.

SPEAKER_00:

Well, you know, you know what's made it really complex is everyone has stuff all over the place these days, right? You get prem, you got different clouds, you're in Microsoft, your desktop, right? Your data is not in one single spot. COVID, COVID really pushed that away. So for I think I think it puts it in an interesting spot when you have to try to secure all these different areas, and now you have different processes and you know different modules that need to be enabled and looked at. And purview in itself goes well beyond just you know unstructured data, right? You get into the structured data, that's a whole other beast on that side.

SPEAKER_01:

Yeah, it's a complete, it's a complete mess if you don't have like you know 40 hours a week to dive into it and really learn it for the next six months, you know, give it to someone that actually does. Yeah, certainly.

SPEAKER_00:

And that's a valid point, right? I think where we are from from just technology, right? We all need partners in the space, right? We can't all do it ourselves, right? We all have to have multiple levels of subject matter expertise within your argument. Frankly, right, if you probably took up and said, Hey, I need this sort of architect, right? You'd have 20 or 30 different architects, and most organizations can't afford that, right? Unless you're in a large enterprise space. So you gotta find partners that can help bring that expertise and help you get you to your goals much quicker.

SPEAKER_01:

Yeah. Yeah. I hope companies start waking up to it. Like I was at I was at a very large company, a global company, and you know, for our division, there was one architect, and I'm sitting here like, man, he does he wears like 15 hats. There, there should literally be like at least five more people, you know, that are architects. But the organization just didn't believe it. They're like, oh, you're so small, you can handle it. It's like, okay, we're small in like head count size, but we're literally bringing you a very large percentage of your revenue. You need to understand that, you know. You're doing a whole lot more than just one thing.

SPEAKER_00:

And the technology, right? All these different tools are all over the place. All the different SaaS platforms, all the different clouds, right? Most mid-sized orgs have like three clouds at least that they're operating in. And but you're not gonna you're not gonna have probably some of those great depth in every single one of those. Like that just doesn't make any sense. So and and that's kind of where AI is, right? You're it's evolving. You gotta, we're all learning at the same time where what's working and what's not.

SPEAKER_01:

Yeah. Before I let you go, how about you tell my audience where they could find you if they wanted to connect with you and where they could find your company if they wanted to learn more about it?

SPEAKER_00:

Sure. I'm doing a series of recaps right now on what I learned at Ignite and where we are kind of from an agentic perspective, and maybe where some businesses can help push themselves. So you can find me on LinkedIn under Ben Woolcox. That's B-E-N. Last name W-I-L-C-O-X. The company is ProArc, P-R-O-A-R-C-H. So there's there's a silent H at the end there. But you can go to Pro Arc.com. We've got a very active blog there. Always love to connect, like to hear people's stories. When I go to these conferences, one of my missions is always to go talk to as many people as I can because you learn some really cool things out there from people. And in your field, actually I talked to someone who's a quantum in quantum. I had lunch with him, just sat down at a table, started chatting. But like you can find out all sorts of cool things. He gave me the lowdown of where we are in that space.

SPEAKER_01:

That's really interesting. Well, awesome. Well, thanks everyone. I really hope that you enjoyed this episode of the podcast. Thanks.

Head Shot

Joe South

Host