0:54

I was going . Joe , it's great to finally get

0:56

you on the podcast . You know , I feel like we've

0:58

been trying to get this thing scheduled

1:00

for quite some time now

1:02

, but you know , with with with our

1:05

schedules being so hectic , you know , I'm

1:07

glad that we could finally get on .

1:09

I think it's you know , you and I spent a lot of time

1:12

with the hairdresser , I think , and

1:14

so getting our appointments all lined up

1:16

without a podcasting , that was probably the difficulty

1:19

here . Yeah .

1:20

Yeah , and this

1:22

head of hair . You know it doesn't maintain itself

1:24

, it is necklace .

1:26

Yeah .

1:28

So , joe , you know why don't we start

1:31

with you . Know your background

1:33

right , how you got into it , how

1:35

you got into you know kind

1:37

of the security side , what made you

1:39

want to go down this route , was there , you

1:42

know , something that you maybe discovered

1:44

earlier on in your life that you

1:47

know kind of took you down this path . When you're looking

1:49

back on it , or what was I like

1:51

?

1:51

It's my story to a little different to probably a lot of

1:53

your tests , because I

1:56

my first job out of school was actually

1:58

the soft drink business and I

2:00

was working for Coca Cola

2:02

in marketing and

2:05

you know I was

2:07

having a lot of fun and soft drinks , you know

2:09

commercials and all

2:11

kinds of crazy stuff . But I remember

2:13

at the end of one year we grew

2:16

. It was like we had a great year and we

2:18

grew 6% and I

2:20

was like , hmm , it got

2:22

like in a different industry it grows a little faster

2:25

than beverages and I

2:27

was always interested in tech , and this was

2:29

the mid 90s and tech wasn't made

2:31

back then . I need to think about it . You know there

2:34

was no social media . There was very

2:36

little internet . Very few people

2:38

had email addresses . When I first

2:40

joined in tech , I'll just tell you a funny

2:43

story about myself my first

2:45

email address was Joe

2:47

and Karrosh , which is my wife's

2:49

name , at AOLcom , and at

2:51

the time we thought , well , every family would just have

2:53

one email address , you know , like you have one

2:56

physical address , and so we had

2:58

a shared email address . So that's how far

3:00

back I go in tech . But

3:02

then I got interested in security

3:04

in the early 2000s . It

3:06

was a murdering space , an exciting space and

3:09

I was the CEO of a company called East Charity

3:11

the first SIM products

3:13

way back in the day . And

3:16

what really turned me on as security

3:18

was when I worked at iDefense . At

3:21

iDefense we worked doing

3:23

threat intel and our customers were

3:25

all of the three letter agencies in

3:27

the government , all the largest banks

3:30

in the world , and

3:32

at the time I also got security

3:34

clearance . And so when you get

3:36

connected to

3:39

the three letter agencies and you're looking at

3:41

all of the things

3:43

that are happening in cybersecurity

3:46

, it's tentacle could be exciting

3:48

. And iDefense

3:50

was a lot of fun because we had

3:52

white hat hackers . We were also

3:55

tearing

3:58

up software around the globe

4:00

with our white hat team just

4:02

trying to get ahead of the bad guys . So it

4:04

was a lot of fun back then and I was getting

4:07

interested in security ever since .

4:10

Yeah , it's interesting

4:12

working with the government . Earlier on in

4:14

my career I worked for a very

4:17

small company that

4:19

did Enhanced 901

4:21

software and so

4:23

the government was a huge consumer

4:28

of our product and somehow

4:30

I finangled my way into leading

4:33

the entire tech side for our government

4:35

clients and

4:37

I mean it really

4:40

does just like open up

4:42

your mind into

4:44

what's possible . And I feel

4:46

like it's a different way from government

4:48

employees , because the government employees

4:50

are typically very siloed and

4:54

as a contractor you can come in and say

4:56

no , I need to know what's

4:58

going on over here . I know you normally don't

5:00

tell people , but this impacts my work

5:02

of how I provide this product , and

5:04

so I need to know these different pieces . And

5:06

so you learn probably way more

5:09

than what you should actually learn in

5:11

some cases . And

5:14

it's always interesting because I

5:17

was going to a facility for maybe

5:20

a year or two and I never

5:22

knew what they did . I

5:24

mean , you're in the middle of the mountains West

5:26

Virginia , something

5:28

else is around , like a town was built

5:30

around this thing to support

5:33

contractors coming in and

5:36

I have no clue what we're doing . And

5:41

one day I guess my handler that's what I

5:43

called him my handler at the facility

5:45

. He was like Joe , do you not

5:47

know what we do here ? I said I

5:50

have no clue . I literally have no clue

5:52

. And he

5:54

pointed to these satellites that were

5:56

, these giant satellites on the on

5:58

premise and told me one

6:01

of the small things that they did . And

6:03

I'm like my God , where am I ?

6:06

Well , Joe , you just there's a couple of

6:08

great points to kind of for first . So

6:11

I'll say my area of expertise now in

6:13

cyber is running cyber threat and insider

6:15

risk , and so you just identified

6:17

a couple of things around why

6:20

it's so important . Because , to your point , like

6:22

contractors in particular do you get a

6:24

lot of knowledge around things , and so

6:26

contractors will end up biggest risks

6:28

on the federal side . But

6:30

the other side I think it's just as important to touch

6:32

on and I often have to talk to

6:34

the old people on my teams about

6:36

this and that is that the United States

6:39

government is , in

6:41

my opinion , the best in the

6:43

world in cyber . I

6:45

mean the best in the world . What's interesting

6:47

about that is that when most

6:50

people think of government employees , they

6:52

think of people that work in agencies

6:54

and are stereotypical

6:57

. Oh , these government employees , they don't work

7:00

that hard , they just shut

7:02

along . It takes a long time to get the government

7:04

to do anything . You know all these stories et cetera

7:06

, but what I learned in

7:08

working with our Intel

7:10

community , our long course community

7:13

around cyber , is that we

7:15

literally have the best people

7:17

in the world at the NSA

7:20

in particular , at the

7:22

FDI , a little bit at the CIA

7:24

, in the military , we

7:27

have the best people in the world . In cyber , we

7:29

are nobody's better than us , and

7:33

that level of understanding and respect

7:35

is really important for all

7:37

of us that work in a cyber community , and

7:40

so I'm glad you brought that up

7:43

, something that I think we can be really proud of , and

7:45

it's something , honestly , that's just very safe

7:47

as a country .

7:49

Yeah , you know , it's

7:51

very interesting that you bring that up , you know

7:53

, because sometimes

7:56

, as from

7:59

the outsider perspective , right and I'm

8:01

talking about people that aren't even in cybersecurity

8:03

it looks like to them that

8:07

we're so far behind everyone

8:09

else that we're not

8:13

capable . There's too much bureaucracy

8:16

. And I will say this

8:18

there probably is too much bureaucracy

8:20

, right , but at the same time , I

8:22

know the crowd of

8:24

security professionals and

8:27

we need those rules , because if we don't

8:29

have those rules and you just say , you

8:32

point us towards China and you're like

8:34

hey , you've got the power grid , you

8:36

know go have fun , right , like

8:39

yeah , it's going down and they

8:41

won't be able to recover from it , but

8:43

like that's something you know you want to really

8:45

tie it , tie into other things

8:48

and really control , right , and

8:50

it's a . It's

8:52

fascinating that you bring up . You know that we have

8:54

that talent pool there , because I

8:56

actually had on someone

8:58

maybe two years ago at this point and

9:01

the episode was never released because

9:03

the military asked me to not release

9:05

it and you know I do not want

9:08

the United States government showing up at my door

9:10

for any reason

9:12

. And

9:15

you know he

9:17

talked about how the

9:19

training that he was going through is a two

9:21

year program , for you

9:23

know , one of the three letter agencies . It was a two

9:25

year program and he said , literally

9:28

every single day , at any

9:30

point in time , you can be cut . If

9:32

you write an inefficient line of code

9:35

, if you , you know , do something that you

9:37

shouldn't have done , if you put

9:39

it in the wrong language , whatever it might be

9:41

, you know you can be cut right there . That's

9:44

the standards . And he said you know

9:46

only a very small amount of people

9:48

actually make it through and you typically have

9:50

like a six to 12 month

9:52

ramp up time before you even go

9:54

to the school and

9:57

you know those standards . They

10:00

come into play in the real world because now

10:02

you know what the bar is , you know you . You

10:04

kind of know what you're expected

10:07

to do and what you're able to perform at

10:09

and whatnot , and that's expected

10:11

of you . You know day in and day out , and I

10:13

feel like I've always

10:15

felt like we've had the best cyber

10:18

capabilities , for sure . And

10:21

if you just look at the things that have leaked , you

10:23

know , though , like eternal blue and

10:25

how many , how many zero days

10:28

came out of internal blue , right

10:30

, and that's , you know . That's

10:32

10 years ago at this point , Well , it's

10:34

interesting .

10:35

So you know , first of all , and work , I

10:37

will tell you that in working with the NSA , I

10:39

interacted as much

10:41

with lawyers at the NSA as

10:44

with the , with the cyber experts

10:46

. That's how careful they are at

10:48

following our laws and

10:50

so you know they're not . You

10:52

know they're not doing things that

10:55

are the older , very , very

10:57

, very careful . That's

11:00

something that they share . But

11:02

you mentioned there's not enough data sharing and

11:04

stuff like that . All the leaks

11:06

we had in the US have really

11:08

been because coastline

11:11

alumn , the cyber

11:13

community , you know

11:15

, created tools to share

11:18

broadly the intelligence and

11:20

there's over a million people that have street

11:22

clearances , that have access to

11:24

some of our nation's most you

11:27

know , sensitive information and that

11:29

you know . The Jack Tech Sarah

11:31

, you know , leak recently is because

11:34

it just takes one of those people

11:36

to use that information the

11:39

wrong way out of a million people

11:41

. So that's a half every month . So

11:43

the price that we're paying right now on those

11:45

leaks is that we give

11:47

a lot of access to people

11:49

and because we want to share

11:52

that data and , you know

11:54

, one a bad thing to the change

11:56

and can cause that change . So it

11:59

is an interesting balance . I know there's

12:01

a big back and forth and you tell those community

12:03

about that at all times . But

12:05

honestly , I only wanted it . We

12:07

all need to dwell on it . I just find that point

12:10

out to your list , or is that like

12:12

if you're young and you're like

12:14

not sure about these things , you haven't come

12:18

? Just know that

12:20

the people that are

12:22

protecting us from a serious death by someone

12:24

that has to the world , and that's

12:26

a good to know and it's also important to respect

12:28

.

12:30

Yeah , absolutely , you

12:32

know to dive into the insider

12:34

thread a little bit more , right

12:37

, do

12:39

you think that these Snowden

12:41

leaks kind of set the stage

12:43

for you know all

12:45

the other leaks to follow . Right , how

12:49

big was that , how meaningful was that

12:51

from a you know quasi

12:53

insider , you know expert

12:55

knowledge , right , like you probably have a little

12:58

bit more knowledge on that leak than anyone

13:00

else . Right , like , what

13:02

was ?

13:03

that like that was a

13:05

devastating leak . I mean , that was

13:07

a devastating leak for the United States . You

13:11

know , people lost . Some people lost their lives over

13:13

that leak because there was so much information

13:16

that she ended up in

13:18

hands that it shouldn't have ended up in . And

13:21

I think it was also devastating for Booz

13:23

Allen and their reputation , because he was a Booz

13:25

Allen contractor and it

13:28

was so basic

13:32

. I mean , all

13:34

thumb drives were supposed to have

13:36

been , you know , all

13:38

external drivers were supposed to have

13:40

been blocked , you know , and

13:43

they just hadn't gotten to that facility in

13:45

Hawaii to put those

13:47

controls in place , and so it was easily

13:49

preventable . It keep with policy

13:52

would improve . So

13:55

it was careful , but holding up

13:57

the level . Look , here's the thing about

13:59

insider thread and insider leaks

14:01

. We're always going to have them and

14:05

so you have to really put controls in

14:07

place . But

14:09

you know , back to this conversation about sharing data

14:11

, you've got

14:14

balance tag with the need to

14:16

share and collaborate and

14:19

if you step outside the document for just a

14:21

second , we go into corporate , which probably most

14:23

of your listeners are corporate . I

14:27

think what surprises people is

14:29

how pervasive data

14:31

is making out of organizations today

14:33

. So we all might say , oh , you

14:35

know so , do so , but haven't done anything so

14:38

stupid , or how could we be so stupid

14:40

? I've got that happen and up , up , up

14:42

, up , looking your own backyard

14:44

I mean we , when our

14:46

company was specialized in helping organizations

14:49

on insider threads we first come

14:51

in . What surprises

14:53

our clients is that the

14:55

amount of data moving out of the organization

14:58

is incredible . Literally every single

15:00

person that will reach your organization

15:02

for a new job takes a

15:04

lot of critical data . Literally

15:06

every single one . 60% of

15:08

people admit they took data from their

15:10

last job and are using it in their

15:12

current job . That's

15:15

the people that admit it . So , even if

15:17

I said it's probably more like 90%

15:19

, and so it's

15:21

really . You know , what's interesting

15:24

right now is that the whole fn of AI

15:26

and the datasets around AI people

15:29

are finally starting to pay attention and say

15:31

, oh , wait a minute , do I need to be worried

15:33

about my source code leaving

15:35

or my large

15:37

ASS leaving , or you

15:40

know whereby , your customer lists or

15:42

et cetera , etc . So we're seeing a real assertence

15:44

in people because

15:46

of the focus on AI datasets

15:49

. But , to

15:51

be fair , that's just a very

15:53

small to the I for what's actually

15:55

leaving and most organizations

15:57

. We see a lot of source code

16:00

, customer lists , hr

16:02

data . We see that all

16:04

the time . So it is an area

16:06

I'm glad is

16:09

finally getting some attention . We

16:11

can talk about sort of different stories around that

16:13

and how it's happening , why , but

16:15

on the corporate side , just to touch on the , you

16:18

know , on the stone side , on

16:20

the corporate side , the

16:23

breach that Millie sort of woke everybody

16:25

up in the last few years is Anthony Lewandowski

16:28

, who took data from Waymo

16:30

which is all their self-driving

16:33

car data and , just like Snowden

16:35

, took just a troll of the information , lewandowski

16:38

in the last week of his

16:40

his time at Google or

16:42

Waymo online , who walks to

16:45

all that data , and he just took it on an

16:47

external hard drive and then

16:50

used it for a year before

16:53

they realized it . And they only realized

16:55

it because one of the suppliers

16:57

accidentally sacked

16:59

Waymo and said , hey

17:01

, we can put confirmation on this part

17:04

. And the people at Waymo was like wait , that's our

17:06

parts . Oh , we did order this and

17:08

it turns out it was . It was he

17:10

just literally taken the exact schematic

17:12

for his new company and was saying that

17:15

part and so you know it was all

17:17

. When he discovered accidentally by the

17:19

folks at Google Now was

17:21

sort of the best , that's

17:23

the snowman taste on the corporate

17:25

side and you know

17:27

he ended up . That's what was interesting in

17:29

the end for your listeners is he

17:32

went to prison for

17:34

that and was serving time

17:36

in jail when , in the

17:38

last days of his presidency

17:41

, president Trump parted

17:43

Anthony Lewandowski with

17:45

no little to no explanation

17:47

of his phone . So interesting

17:50

sort of story that kind of keeps

17:53

going .

17:56

Yeah , that's really fascinating

17:58

. I actually I didn't . I

18:01

don't think I knew about that . You

18:04

know , is Waymo still around ?

18:06

after that . Yeah , waymo's still around . It

18:08

was an massive issue between

18:11

Waymo and and

18:13

then Uber because Uber

18:15

. It looks as though Uber basically

18:17

encouraged Lewandowski to take that data

18:20

, stand up his own company , and then Uber

18:22

bought that company six months later . And

18:25

so Anthony Lewandowski was at Uber

18:27

when they discovered this and Uber was working

18:29

on sell all the self-driving car stuff . So

18:32

they it was a long lawsuit

18:34

. They ended up settling in the

18:36

end , but then when they

18:38

sell , after they sell the lawsuit , then

18:41

criminal trial came and

18:43

so it was a big deal . Some people

18:45

think it's . You know , one

18:47

of the reasons Travis lost his job

18:49

was we're all around the same time . So

18:53

it was . It was a big . It

18:56

was very controversial at the time . Dead

18:58

pass .

18:59

And that's really fascinating because

19:02

you know , like

19:04

, how does that even , how does that even

19:06

come about ? Right , like

19:09

you know , you're working for Google on this project

19:11

. A competitor

19:13

, a direct competitor , like

19:16

they , must have approached him at some point

19:18

during his tenure at Google to

19:20

approach him with this idea . You

19:24

know , I maybe I'm just not in the insider

19:26

threat space , right , but

19:29

I mean that's a , that's a kind of corporate espionage

19:32

, that that

19:34

I I never would have thought

19:36

of , I never would have imagined

19:39

that a competitor would go to that

19:41

length . You know , I could see

19:43

them , you know , buying

19:45

the company , right , but the for

19:47

the idea to come into place

19:50

with this guy , to take

19:52

the code form a company , start

19:55

, you know , probably develop it with it , try

19:57

and order the parts that were proprietary

20:00

, you know , for what he was

20:02

using at Google , I Mean

20:04

that's just a different Love

20:07

that I feel happens every day .

20:08

We had , we beat , we beat . We had a new client just

20:11

a couple of weeks ago at code 42

20:13

where they had Employee

20:16

that left and stood up his own companies

20:18

in his source trust . The way

20:20

it happens is people that are

20:22

Smart and people that create new

20:24

things All are capable companies

20:27

. They , they , a lot of them believe

20:29

why created this design . So

20:32

you know , I'm gonna take it with me to

20:34

my next job . They'll . And

20:36

that's not the way a lot your property works

20:38

. When you work for a company , when you

20:40

join , you sign an document says anything I create

20:42

for this company the company owns , and

20:45

so we see this every day was

20:47

sourced to right now most software

20:50

developers . They have

20:52

their own get cover

20:55

, get lab accounts , your

20:58

repos . You're gonna talk to developer

21:00

friend hey , do you own your own repo ? Oh , yeah , I guess we

21:02

have in your ego of that projects that are working

21:04

on my whole career . Okay , well , those products

21:06

for companies we are you

21:09

know , let's does this company source code we

21:11

have ? I mean , it's not like I took it . I

21:13

left the copy . The company's using that copy

21:15

. I took the copy of the source code With

21:18

me and no , we see that time

21:21

and time again and it's

21:24

interesting and this ties back to the AI

21:26

stuff I was out there about . So the

21:28

way we look for the way most developers

21:30

Take

21:33

source code is this kind of interesting

21:35

and very straightforward , is they ? Essentially

21:38

, you know , every day when the developer pulls their code

21:40

down from the corporate repo , you know that corporate

21:42

code is locked up tight it's . You know

21:44

you gotta have the right stiff divider machine to get into

21:46

it . Sometimes it's all like back authentication

21:49

, but like you're not getting in that vehicle

21:51

unless you're authorized to know . Right , most companies

21:53

are really good now and

21:55

so well . Once the developer takes the code down

21:57

to their local machine , that's when they start buying

21:59

code . They got their test cases running . They

22:02

got a bunch of the ends etc , a

22:04

writer code , and then they check it back into

22:06

the forklbeat pop . Well , you

22:08

know , in order to check it back in , you

22:10

use it commands to push

22:12

that code . It's called a git push

22:14

. She pushed that code back up is the recalls . Oh

22:17

, what a lot of developers do is , at the same

22:19

time , they're gonna take the bill , get pushed

22:21

to their own personal repo and

22:24

you know if they're sitting at home and

22:26

they're off the corporate network which was developers

22:28

are these days or there's our what

22:30

. So , wherever they are , most organizations

22:33

are completely blind to

22:35

that get pushed to the corporate , to

22:38

personal repo , and we

22:41

built technology code 42 so we could see

22:43

that . And unless we did , that was her

22:45

seeing some resource Good at filtration . We

22:47

were literally like , oh my gosh , we didn't know

22:49

. We didn't even know that this was happening

22:52

. At the same time , the

22:54

same capability also

22:57

sees when you move large datasets . You

23:00

also use the git commands to use

23:02

large , large datasets . So

23:04

we also started seeing large datasets

23:07

getting moved around and that's where the AI I

23:10

was . That comes in a play where

23:12

people moving large datasets to train

23:14

LLMs for

23:16

AI usage and

23:19

you're gonna see back in the same capability

23:21

we law . We're let a

23:24

company that has this capability out there today

23:26

. We lost it about two

23:28

years ago and so the

23:31

timing was just lucky . We didn't , we weren't anticipating

23:34

that was that half of it . With

23:36

the AI and the large language models

23:38

I know , which I have a lot in the a

23:41

stop a few years ago , but

23:43

but again we see this kind of huge

23:46

movement To that again . So

23:48

back to the afternoon and ask you story like yes

23:50

, he took his designs , yes , he

23:52

took his files , let's see , toss up . I

23:55

mean , he went to prison for this , so he's obviously had

23:57

to pay the price . But in his mind he

24:01

probably was like , well , this is so fine , that's it

24:03

. No , this is my stuff . Like I

24:05

do this , I want to forget , just like if a

24:07

whole team of people who were bonus and

24:10

the damage done to the people you leave behind

24:12

as an insider , when you take

24:14

Everybody's , you

24:17

know the work that everybody did and

24:19

then you go take it somewhere else is real

24:21

. And no part of what

24:24

we often do as an insider risk company

24:26

is we help educate

24:28

the organization on like a . Hey

24:31

, we're not allowed to do an . I'll ask you

24:33

why is an adder ? You know well , you

24:35

know why is it important ? Is it ? Is it

24:37

the company being mean ? Asking you your

24:39

information ? Might , but people

24:41

often don't sort of understand that the impact

24:44

that they have is on their old tears is Let

24:47

it biggest impact cash that you know

24:49

occurs on inside risk hmm

24:52

, yeah

24:54

, it's .

24:57

I feel like it's almost like a

24:59

, it's a miss in the brain or

25:01

something like that . You know , because from

25:03

my perspective you

25:05

know I'm in it right , I

25:08

work a day job in cybersecurity

25:10

there's a lot of Potentially

25:13

you know , proprietary information

25:16

that I have taken down in notes , in

25:18

my , in my one note . But

25:20

there's a lot of Things

25:24

that I'll that I'll learn right for the very

25:26

first time and I'll take note of it and it'll be , you know , not

25:31

proprietary information , right

25:33

, it's a configuration in AWS or whatever might be , and

25:38

I'll take note of it so that I remember it . And

25:40

when I leave the company , if I don't know it by heart , I'll

25:43

just take that little , that little piece of information

25:46

and put it into my personal one note , right , but it's

25:48

not proprietary , it's not

25:50

anything that's

25:53

you know , customer , the company or anything

25:55

like that . And

25:57

for me to do the mental

26:00

gymnastics , right , to kind

26:02

of rationalize taking proprietary

26:05

information from company

26:07

, I mean I don't want to go to prison .

26:13

And it doesn't usually end up in prison . I think part

26:15

of what's going on here is

26:17

that most

26:19

organizations today have

26:22

some form of data protection but

26:24

are Are . You

26:26

know , our ability to exfiltrate data

26:28

from our company is expanded so rapidly

26:31

in the last five or six years that people

26:33

just don't think Daniel is paying attention or

26:35

they don't think that any of that car works . And

26:37

it is probably more the former than the latter

26:39

, because if they really think about any car and they

26:41

feel guilty about it and they and awesome

26:43

, they won't do it , which is good . But most

26:46

companies today just can't see

26:48

. If you upload a document to Dropbox

26:51

from your house , you know you're not on

26:53

the company network , or

26:55

you know and you just Gmail

26:57

to yourself . These are the most common ways

26:59

that people take data

27:01

and they're free and most people are like , well , no

27:03

, I don't think my company sees that , you

27:05

know I can still print and all kind of stuff , and

27:08

so you know , you know our

27:12

. Our philosophy as a company is we

27:14

coin in terms of secure

27:16

the collaboration culture , and

27:19

the collaboration culture is how we all live

27:21

today . We use stack , we use teams , we

27:24

use T drive and one your I . We have all

27:26

these tools like Salesforce , that they're cloud

27:28

based , last share information and our work

27:30

clothes are shared and we can collaborate

27:32

on presentations together and that's awesome

27:35

, like it's a so much more

27:37

productive as organizations , right

27:39

. And so he

27:41

insecurity is not to get in the way of

27:43

that and to just brought a little

27:46

bit of security around it so that people don't feel

27:48

like , hey , nobody's watching , nobody cares

27:50

, and you'll find it in one of the ways

27:53

that we do that , that's how it

27:55

is that the impact is , and

27:57

somebody good employee , normal employee

27:59

, been working , you know , in their

28:01

job does something that they're not

28:03

supposed to do . We'll send that

28:06

. The system automatically send them a video

28:08

. Is this hey , we noticed that

28:10

you uploaded a file to Dropbox . We

28:13

don't use Dropbox as our sharing platform

28:15

here at X company

28:18

, you know , please ? So what

28:20

that does is it puts the employee on notice

28:22

that well , somebody's actually paying

28:24

attention , but it does it a very nice , polite

28:26

way , etc . And if

28:28

you let people know that we're watching

28:30

a score , most people are

28:32

steal from you and most

28:35

people behave the right way . And

28:38

I'll say , if I last week I was doing

28:40

a presentation in San Francisco

28:42

and I got there with my laptop

28:44

at the conference and they were like , oh

28:46

, you can't use your laptop , catholic , but

28:48

instead I could update fine on , use yours

28:51

and know like we need your presentation

28:53

. And the only way I could get it

28:55

done was was a thumb drive . So I

28:57

put my thumb drive in and

28:59

had me using adapters . Of course , matt , matt

29:02

doesn't allow forever . Eight and

29:04

my days . The presentation is them and I

29:06

you know it was I one minute

29:09

before like my kickoff . So it was like fast

29:11

, Like I don't know , I did my presentation

29:14

that afternoon . I am

29:16

in knots . I got an email

29:18

but

29:20

I was a black from my security team , the little video attacks and

29:22

said you know , no use

29:25

, found rise to your code 42

29:27

to take that . So you

29:29

know , risky way to XLT day it . Please

29:31

watch this video . I had watched the video

29:34

all the way through . You know

29:36

I did the very tenth and check that I

29:38

have lost video and all that kind of stuff , stuff . So

29:40

that's how controls you place working in

29:42

a line and you like don't , don't

29:44

do that . And just by doing

29:47

that , now I know if

29:49

I were to leave the company , like

29:51

if I moved a bunch of data , they would

29:53

pay it , they would notice and they would pay attention . So that

29:55

kind of show , you know , that really reinforces

29:58

a way to keep people from actually doing

30:00

something .

30:02

So I mean , that's a great . That's

30:05

a great like reinforcement of

30:08

a , you know , a learned

30:10

behavior right

30:12

. But how do you , how do you stop

30:15

that developer from uploading

30:17

to their own personal you

30:19

know , get repository right ? Because

30:21

I don't , I actually don't know .

30:24

Yes . Well , from a technical standpoint you

30:26

don't want to try to solve that . And then you

30:28

hear the other one is , if

30:30

you get in the way of a software developer as

30:33

a security person , which

30:35

one ? You is the leaser job

30:38

? And I'm telling you , this is just

30:40

right . You do not want to get in the way

30:42

of the 300 software developers you got

30:44

to your company , or 500 or 1000

30:46

or whatever , and that's two , though

30:48

, slow down their machine . If you slow down

30:50

your developer's machine , hell is going to pay

30:53

by the CTOs that you go to the CEO and

30:55

say where . And

30:57

also , you don't want to get in the way of them

30:59

using get commands . That's the . That's

31:01

how you do their job every day . So

31:04

that's why the approach we

31:06

take in is not to to

31:08

stop that , but it's to

31:10

monitor that and to and

31:14

, of course , correct behavior . So , if

31:16

so , the first time a developer moves

31:18

something to a open source product

31:20

that's unsanctioned , which

31:22

is also how the that we see that a

31:24

lot too , which is , hey , meet , work , we're

31:26

contributing to 70 open source products , but

31:28

it turns out that when we actually start monitoring

31:31

, we see code moving to a lot of hundreds

31:33

of open source products . It's

31:36

a very regular thing that we see at code 42

31:38

. When we work with our clients , the

31:42

first thing you do is you send

31:44

that video to say , hey , no , do that . And

31:46

then the second time the developer

31:49

does it and you have a conversation and

31:52

then if it happens again , then then you go

31:54

to their boss and say , hey , no , developer

31:56

is doing X , y and Z . But

31:58

what you don't do is overreact

32:01

and say fly that developer

32:03

, set down their machine , cut

32:05

off all software , that people from

32:07

pushing code around with gate tomehans

32:09

. That's exactly the home

32:11

response for a security

32:14

team to have , and I think it's it's it's

32:16

right . That's one of the big differences

32:18

between insider

32:20

threat and external threat

32:23

, because when you have a piece of malware

32:25

come in , you know the first thing that

32:27

you do is

32:30

it's killed by the sledgehammer . You don't isolate

32:32

that machine , you're going to disconnect it , you're going to

32:34

quarantine it . That is not

32:36

what you do with insider

32:38

threat , because you really wanted

32:41

to investigate and understand what is the person

32:43

doing . Why are they using drought loss ? Why don't

32:45

Joe use a thumb drive ? You know , and

32:47

it turns out Joe used a thumb drive because he don't know , because he was giving

32:49

a presentation and he had to in order to get

32:51

it done , even though it's against our policy . We use

32:53

a thumb drive . We understand why we made

32:55

that decision in that situation and

32:58

we didn't come down and get Joe with a sledgehammer

33:00

right , because it's

33:02

always a bad actor when

33:05

malware gets in . You know it's

33:07

always a colleague when

33:09

we're talking about insider threat

33:11

. The threat is fast

33:14

moving and propagating

33:16

when it's from the outside . But

33:19

insider risk does it spread ? Just

33:21

because you , joe , lose the files around doesn't

33:23

mean so hot or Joe is going to move some files around

33:25

. That's not how it works . You have time to investigate

33:28

and to understand what's happening

33:30

. Right , when

33:32

it's malware , you know the

33:34

security team can handle it on its own every

33:37

time . But when it's

33:39

an insider , you're going to need HR

33:41

, you might need legal , you're going to need a little

33:43

bit of help to do that . So these are very

33:45

different situations . It's

33:47

never accidental when you get malware

33:50

in . It's always it's

33:53

sometimes . It's sometimes accidental

33:56

for in fact , it's , about 50%

33:58

of the time , an insider risk

34:00

event . This was just an accident

34:02

. Like you never need to educate

34:05

the hackers , the

34:07

bad guys . Like that's a waste of your

34:10

time and money when you always

34:12

want to educate your own employees , because

34:14

that brings down the number of events

34:16

for you last time

34:19

in it . And then , last thing , I think the interesting

34:21

one is you can't

34:24

. You can get fired

34:26

for not reacting fast

34:28

enough to a malware threat

34:30

in your environment , but with

34:32

insider risk you can get

34:34

fires for reacting too fast

34:37

and so it's like it's a totally

34:39

f*****g-less-it sign . So

34:41

one of the things that we

34:44

always work with our clients on , if you're in security

34:46

, you really need to process that is how

34:48

is this ? Is that the

34:50

folks that are running CrowdStrike

34:53

and look at all the internal , the

34:56

external activities , are not necessarily

34:58

the same people that you want to have running

35:00

your internal , because they can

35:02

be , but it's a . You have

35:05

to turn your brain around and

35:07

understand which problem that

35:09

you're working on external or internal

35:11

because your response is and the way

35:13

you handle it are so very , very different

35:16

.

35:18

Yeah , that's a really good point

35:20

that I was going to bring up

35:22

. It sounds like you almost need two separate

35:25

teams because to

35:27

that normal security team everything

35:30

looks like a nail when you're used to being the

35:32

sledgehammer . I'll

35:35

tell you right now if I saw something

35:37

like insider threat or whatever , I would

35:40

have immediately , without question

35:43

, quarantined the machine , started

35:45

doing a forensics investigation into

35:47

the guy or whoever

35:49

it is . I would immediately

35:52

go the nuclear route

35:54

. Okay , we're going to make sure this person

35:56

can't do anything .

35:58

Unfortunately , that's an exact story from

36:00

my customer base . One of my customers

36:02

, ciso , has called me and

36:05

said Joe , I'm really angry with you

36:07

. Your team handed my team a

36:09

gun and didn't teach you how

36:11

to use it . And it was the very

36:13

first thing incident they had

36:15

was with the senior vice president at

36:17

this organization , and the

36:19

security team did exactly what you described

36:22

a warranty machine , a

36:24

toboa machine and then they interrogated

36:26

the senior vice president and

36:28

was hugely embarrassing for that executive

36:30

. But it turns out the executive was just

36:32

actually doing their job

36:35

and there

36:37

was a little bit of a misunderstanding

36:39

about why I'm supposed to be sending information

36:42

to that particular vendor in this

36:44

case . And the security team oh

36:46

, that's an untested vendor and oh

36:48

, yes , had

36:50

they handled it the right way , it would have just

36:52

said oh great , we've learned from that and we'll add that to

36:54

our trusted list or wherever . But they

36:56

put on a team machine , they isolated it

36:59

and then they interrogated a person and

37:01

so , yeah , that happens . And so

37:03

part of what we've learned is like who are

37:05

we going with our customers ? We have to have

37:07

a lot of conversations and

37:10

the funny thing is is most of our customers

37:12

are not , you know , securing

37:14

folks , like you've worked with them all year , most of all

37:16

like we have this message that we know you

37:18

want to tell us . We're very familiar with all the stuff , and

37:21

we have to tell you listen

37:23

just a little bit in us , because your

37:25

methodology is so different . So

37:28

many people in security

37:30

would like to think like Fedor , say , mom

37:33

, let's just block , let me just block all

37:35

this . You know exfiltration

37:38

, and if you just block it , then you know

37:40

we all worry about it and it

37:42

doesn't really work with insiders

37:45

, right , you know it doesn't really work as first-worlds

37:47

like well , so you're gonna block external jima

37:49

. You know a lot of it . So

37:51

how are your employees going to

37:54

? You know , are they after a

37:56

second machine around with them and they have

37:58

to do it ? How will that go ? Re-employment

38:00

oh , tough , tough today

38:02

, but okay , well , fed , we know , you

38:05

know , let's see if that , if that plays out

38:07

well in terms of your employees . Just don't they find

38:09

that you , you got a nail

38:11

or a proton nail where they start , you know

38:13

, going around you . So what always finds a way , and

38:15

so , oh , we tell our customers

38:18

. As I look , your employees in

38:20

most of the organizations we work , your employees

38:22

are better have a

38:24

gene nail account . They might have a dropbox tab

38:26

because they do something with their church or their school

38:29

soccer gene with thousand like X . The

38:31

important thing is that you help them

38:33

identify , is that you watch for

38:35

important company

38:38

data not moving to those things , and

38:40

then you course correct them if you see those things

38:42

happening and you always have

38:44

the information available to you that

38:46

you can . It's necessary to

38:48

cross you down or whatever , but usually what

38:50

you just need to do is course correct and

38:52

let them operate the

38:54

way they they need to offer

38:57

and collaborate and work together . You cannot

38:59

get in the way as if you start putting on these

39:01

rules . One people's machines

39:03

, it's posed down to machines for everybody

39:05

, and so it tends

39:08

not to be a great way to do things .

39:12

Yeah , it reminds

39:14

me of a time a little bit earlier

39:17

on in my career where , you

39:19

know , my manager was walking me through

39:21

, like our , our data loss prevention

39:23

solution that we had

39:26

, you know , and he was saying how , you

39:28

know nothing , nothing is going to leave

39:30

that we don't know about , or anything like that

39:33

, and that you know it's a perfectly

39:35

locked down and everything like that . You know , and

39:38

my security mind , I immediately

39:40

and I did this subconsciously

39:42

, right , I didn't even realize that I

39:45

did this at the time , I took it as

39:47

a challenge Like you think

39:49

I can't get around this , like

39:51

I'm not the admin on this , I don't own the

39:53

tool , but you think

39:55

that I can't get around this . And then I immediately

39:58

started discovering ways of

40:00

getting around it . And when

40:02

he didn't believe me , I showed him right

40:05

there . I was like , well , I just did

40:07

it . You know , like it's , it's on my phone

40:09

now , it's on my personal cell phone now

40:11

. Like what are we ? What are we doing

40:13

? You know , and it's

40:15

, it's a different

40:17

, it's a different mentality that

40:19

security people have , you know

40:22

, because I feel like when you tell us

40:24

that we can't do something , we

40:27

immediately make sure that we can't

40:29

.

40:30

Well , it's funny . I just as as

40:32

as as comprehensive as our product

40:34

is today . And the

40:36

thing about traditional DLP is it doesn't

40:39

see . There's so much it doesn't

40:41

see . I bet in the way

40:43

we talk about it is traditional DLP

40:46

. You write specific rules to cover things

40:48

that you want to cover and so

40:50

as long as you know what all the risks are , you

40:53

know you'll be able to refine . Of course , you don't

40:55

know all the different ways that people can exfiltrate

40:57

data and move data around , and so they

41:00

tend not to be very effective

41:02

solutions . In fact , when we

41:04

go , when we sell today , 85%

41:07

of our customers and Greenfield mean

41:09

it may not have anything . Because people

41:12

gave up on DLP 15 years

41:14

ago . They said these systems don't work , they

41:16

keep us from collaborating , et cetera

41:18

. And so the

41:21

space we call the space and Cyrus management

41:23

today Microsoft

41:26

calls the same thing . So the , the , the

41:28

idea is really like hey

41:31

, we will block people for

41:33

doing things that all the in rare circumstances

41:35

only mostly focus on is monitoring

41:38

and then and then scoring

41:40

things in the cloud so we can see where

41:42

did the data come from , who had

41:44

it , where did it go ? What do we know

41:47

about that ? Versus is the first time that you

41:49

said we can do all that kind of analysis in the

41:51

cloud and and and

41:53

do it efficiently . So then also , people's and

41:55

phones down and then we can score and then we

41:57

can tell security . Well , I need to pay attention to Joe

41:59

and in particular

42:02

, when Joe is leaving

42:04

the company , this is the biggest

42:06

risk you have . We can look back 90

42:08

days and say , hey , joe , 40

42:11

days ago he took , he took , he took a lot

42:13

of information and in this , well , one

42:16

is we talk lies in the same way that you

42:18

. You know you're very careful to make sure that

42:20

we get our bags back so they can't physically

42:22

get into building their very careful and actually

42:24

the laptop accurate , so they can't get on our

42:26

networks . But Only

42:29

10% of companies ask people about their

42:31

data . Only 10% ask

42:33

you on the way out hey , did you take the data ? And

42:35

so one of the things that we have

42:37

is a process then say , go back

42:39

and look at every single person who's departing

42:42

the company and just double check that they

42:44

haven't taken all their data , because

42:46

if you think about it out while

42:49

they're in the process of leading her , before they've left

42:52

, it's really easy to get

42:54

it back at that point and

42:56

I know that sounds like well , how is it ? You know the

42:58

security will . You'll never get that

43:00

data back , but if it's someplace , I'm like , look

43:03

, here's how you get it back . You

43:05

basically tell them we need to get back

43:07

, you need to do this , all copies , and

43:09

we need to be confident that you're doing

43:11

that . Because when I'm confident you're doing that

43:13

, you're gonna sign in attestation that you did

43:15

that the total , full bill of

43:17

the process . We're gonna notify your

43:19

next employer that you're in possession

43:21

of our data . If we notify your

43:24

next employer that you're in position of our data , that actually

43:26

puts them on the hook legally for

43:28

it . They're gonna also send a pretty strong message

43:30

to them that , hey , you're hiring a new person and

43:33

new person is never worth the day of your company . Is

43:35

the process of stealing the data from their last

43:37

company . Do you really want to hire that

43:39

person ? So it's what most people

43:41

come to understand very quickly is

43:44

that they're putting their next job at risk if

43:48

they don't return the data and

43:50

up like when an empty lot of dollars you left

43:52

, they end to start it for a year . By

43:55

that time they had taken all that

43:57

data and they were using it . All

44:00

that information was being used across

44:02

Uber in this case and so

44:04

unwinding that was really complicated . If

44:06

they had found that the two days before

44:08

he had left and figured that out , it would have been a completely

44:11

different situation Although now it's very

44:13

time-prisoned and then you would take his

44:15

mind and she's allowed it safe

44:18

and his ideas and

44:20

worked at the next company and

44:23

maybe created it so that information

44:25

and done some different things . But you

44:27

want to sell his actual designs

44:29

, source code to property , et

44:31

cetera .

44:35

With the evolution

44:37

of AI and LLMs

44:39

? Are you seeing this as

44:41

a new , I guess , attack

44:44

avenue or attack path for

44:46

insider threat ? Because I'm

44:48

thinking about it from the just

44:50

a simple chat GPT side

44:53

of it . Like most of the time

44:56

the company isn't going to block chat GPT . You

44:58

could just upload whatever you want to chat

45:00

GPT and

45:02

one . You don't really know what they're doing with that

45:05

data on the back end . So that's obviously

45:07

a huge risk , but

45:09

at the same time you could save that

45:11

conversation and then you can go and access

45:14

it from your personal computer . Are

45:16

you seeing newer attack

45:19

paths that you haven't seen before or

45:21

come up ?

45:22

Yeah , and let's talk about sort

45:26

of you know hat trial , how

45:29

to act on demand . So first , I'm a rimerist . Most

45:31

of the people that are moving data out of the company

45:33

. They put them into

45:36

large lines all like chat GPT . They're

45:38

a hoise . And what are they doing ? They're

45:41

just finding their jobs , like they're literally trying to do

45:43

their jobs . They're probably not thinking I'd stay

45:45

on Excel freeing the data but not putting

45:47

it up into chat GPT so that they can

45:50

steal it in a case , or just like

45:52

hey , do you like to get an answer to this

45:54

or something ? So one , that whole video

45:57

education part that we talked about is

45:59

super important , right ? So just

46:01

remember , why are they doing

46:04

what they're doing ? And can we dictate

46:07

them and then say you

46:09

know , help them not do that ? That'll solve

46:11

most of the problems . Just try and be there

46:14

. They were actually trying to in

46:16

most cases found steal data . They certainly

46:18

not find a steal data in chat GPT . How

46:21

would that benefit them ? I think

46:23

what's newly been interesting is that

46:25

it's the first security

46:27

. So about seven months

46:30

ago , when the supply chain attacks started

46:32

happening , you know some

46:37

of the poor members

46:39

would ask security , hey

46:41

, how are we on our supply chains and most

46:44

of them are there when nothing has

46:46

been quite as loud as

46:48

the boards of directors specifically

46:51

asking security leaders a

46:53

re-cover for AI , like how

46:56

to low-earned up in the chat to TV . It's

46:58

one of those things that's been pressed to much that

47:00

poor members who aren't great technical usually and

47:02

aren't great security savvy but

47:05

boy do they worry about this issue , is they

47:07

? You know the tank cycle is really high

47:09

and so they're freaked out . So security

47:11

people are hearing a lot of like are we

47:13

covered for that ? So on

47:16

the one hand , it's one of those times on security

47:18

to be like , hey , you do the best to more money

47:21

and so it has some resources because the board

47:23

really cares about this . But

47:25

the actual threat out

47:29

again is relatively

47:32

easy , easily mitigated and

47:34

controlled by controlling

47:36

what you know

47:38

from a network security standpoint , what

47:41

you get access to . You know

47:43

, like our helping . We have our own internal

47:45

chat to TV , so it's hard

47:47

data and so it's easy to . We restrict

47:50

corporate access to chat to TV . As

47:53

I mentioned earlier , we also watch , you know

47:55

, for large style

47:57

uploads as well , and

48:00

then I think that's an

48:02

area that's been in this we've

48:04

got to work . Test you now One last example

48:07

, sort of to your point RCTO

48:11

did a experiment

48:13

and you just asked TechEBG

48:15

to go

48:17

tell us what the product roadmap

48:20

plan is for our competitor and

48:22

for work . Peppers and

48:25

TechEKING got all of their stuff

48:27

, so somebody over there had

48:29

uploaded enough information

48:32

. I guess they were working on their you know

48:34

product plan and why and how

48:36

it been you know creating it . And

48:39

we got the insider of product plan just by asking

48:41

chat to TV . So , yes

48:43

, the format is real . It

48:45

is usually accidental , so you got

48:47

to handle it , knowing that it's usually accidental

48:50

and closer , direct first , are paying

48:52

a lot of attention to it right

48:54

now . So it's not , it's something you really

48:56

need to pay attention to , even

48:59

though I would say them , the

49:01

previous threat to most organizations right now

49:03

is source code extliferation

49:06

from your own software engineers

49:08

, because you

49:11

know you think about like hey , I have

49:13

forgotten to install our source code . That's

49:16

bad , because you know they can look more bullies

49:18

in your source code . But that factor

49:20

is at a hard time . Taking that source

49:22

code and making a product , the

49:24

person that wrote back to the scope and

49:26

knows exactly what it does and how it's written

49:28

and what business problem it's solving

49:31

because they wrote it . That's

49:33

the biggest risk to your source code

49:35

today and keeping those

49:37

people in line and in

49:39

check from doing that is

49:41

a much bigger risk today and

49:43

I think you'll start to

49:46

hear a little bit more about this in

49:48

the coming months . Is it a few

49:50

big cases that are happening on Thursday ? Is

49:53

it probably a bigger risk than what's happening

49:55

on the AS ?

49:59

Wow , that product roadmap

50:01

that is . You

50:05

know , I mean the person that probably uploaded

50:07

it right was just trying to get chatGPT

50:09

to write it better . You know , I mean I

50:12

do that with everything you

50:14

know .

50:14

I mean I know people that do that with all their emails

50:17

to executives , right , you

50:19

know it's a very valid and again

50:21

I get it , you're not malicious , so

50:23

you think right , you're not trying to hurt

50:25

the company when you do it right . So

50:28

because of that , it's

50:30

one of those things that can be largely

50:32

solved through education . But

50:35

you have to take it on , you have to address it and then you secretly

50:37

leave things as well as soups . So

50:40

most of us , all of us , go through training

50:42

. You know there are companies that copy

50:44

. Every year we have to do these mandatory trainings and none

50:46

of us pay attention to it . We all push 2X

50:49

on the video thing . You know

50:51

that's how we do it . What really

50:53

we found is really the type

50:55

of the moment you do something wrong within

50:58

a few hours . That's when we

51:00

send the video as an end time , because you

51:02

know , oh , I did do something

51:04

wrong , I did upload something to chatGPT

51:07

. I shouldn't have done that and they noticed , and

51:09

so you could . Why those things ? That's

51:11

just too important . So I would say that right

51:15

now , inside of Threat in AI

51:17

is an education problem and

51:19

then , of course , correction

51:22

problem , because a lot of people will suddenly be like

51:24

look , I know I'm not supposed to do it

51:26

, but I'm not going to email to my CEO . He

51:28

needs to be really good and so I'm going to put

51:30

in there and ask for better language and

51:32

stuff . Well , if you know you're made it caught

51:34

building that , then you're less likely to do

51:36

that , but if you don't think anybody's paying attention

51:39

, then you're going to continue to do that . So I

51:41

think it's that . Of course the education is

51:43

important , also the enforcement of that

51:45

education , but that's different

51:47

than just sitting and someone with a stash card . No

51:49

.

51:51

Yeah , you're playing more into

51:53

the psychology , right

51:56

, it's more of the psychology of the

51:58

person . How do we change that thought process

52:00

? How do we change how they view

52:02

this or whatnot ? Right , which

52:04

is ? It's the better approach

52:07

than the sledgehammer that

52:10

I would have done .

52:12

And Joe , you pointed this out . It's so

52:14

different than most cybersecurity

52:16

.

52:17

Yeah , it's completely opposite .

52:19

We should talk to fancy bear and tell them

52:21

what they're doing is not even thick . You

52:24

know what I mean . There's nobody

52:26

at CrowdStrike that's sitting

52:28

around and worried about educating

52:30

. You

52:33

know , one of the things that we

52:35

always get raised eyebrows from security

52:37

people is we say , look in

52:40

security , we don't want anybody to know our methods

52:42

and practices . Right , we don't want anybody

52:44

to know that stuff . It's set inside

52:46

risk and companies . And actually

52:49

why tell people A lot

52:51

of during your food hour , monitoring

52:53

you ? We care about your

52:56

job . We're not hot in your productivity , we're

52:58

just monitoring when you move data to untrusted

53:01

location . You know like we want you

53:03

to know that we pay attention to that . And first

53:05

of all , you tell security people that they're not

53:07

going to tell people that , no , you do . You're

53:09

not really want to catch them , but

53:11

the rest of security is more tax stuff . It's

53:14

like you just don't want them to do . It

53:17

is what it comes down to and

53:19

you know it's a way to grab to try to escape

53:21

the hackers of the world and

53:23

you know to

53:26

find syndicates who are really wanting these

53:29

things today . It's a waste of time and

53:31

we see when they hack hospitals and

53:33

they're literally causing people

53:36

life and death problems

53:38

and they'll tear . You

53:41

know , and so clearly you

53:43

know it's . We're wasting our breath and we try

53:45

to educate the dinosaurs .

53:48

Yeah , it's a great point . You know , recently

53:51

I'm not sure if it was in the

53:53

news or anything like that , I don't watch the news but

53:56

you know , lurie's Children's Memorial

53:59

was

54:01

attacked . You know , it wasn't like

54:03

a small attack , like they

54:06

took them offline , you

54:08

know , and this is a children's hospital that

54:10

treats only the sickest

54:12

of sick kids , that doesn't

54:15

even charge families if they can't

54:17

afford the treatments , they don't even charge

54:19

them . You know , I

54:21

had a very personal experience with that right , like

54:24

my sister was a patient there

54:26

and there was no way , no

54:28

way my family would ever

54:30

be able to , you know , shell out the

54:32

half a million dollars to

54:35

get her , you know , treated for the

54:37

next three years or whatever it was

54:39

, you know , and they

54:42

didn't send us a bill or anything like that

54:44

. You know , like that was a huge weight

54:46

lifted off of us . And now these attackers , you

54:49

know they they go in and

54:51

they they knock them offline . It's like guys

54:53

, you know , at least do

54:55

an adult hospital , you

54:57

know what I'm saying Like a children's hospital

55:00

is just like the most heartless

55:03

thing that you can do , but these attackers

55:05

they don't care , they know .

55:07

They know and that's , and again , very

55:09

different than your insiders . I

55:11

mean insiders do care , they work at your companies

55:13

and they can most far , I mean

55:16

there's those a few people doing

55:18

, you know , real uh

55:20

, espionage at organizations . I

55:23

was a far kind . So like , yeah , we're going to help you

55:25

find those two , but like , the most important

55:27

thing is to help you reduce

55:29

the amount of offense . You see

55:31

, their non-friendly , their

55:34

accidental . That would just

55:36

require a little bit of , you know , a

55:38

course budget so you

55:40

can spend your time . Go to some of the others . You

55:42

know , a friend of mine told me

55:45

to send us to my first school , my first

55:47

job , in my early

55:49

spring , because I was the manager of a small

55:51

retail store and I saw like seven

55:53

people working really small and

55:56

, um , and somebody was taken

55:58

through the till and

56:01

this is where all came to surprise , you

56:03

know , and that then we took tax rights

56:05

and my owner , the boss

56:07

, said look , joe , 10%

56:10

of the people , uh , will

56:13

never steal from you , and

56:15

10% of people will always steal from you

56:17

. And 80% of the people

56:20

will steal from you if you give them the

56:22

opportunity . So your job is

56:24

to set the systems and the processes

56:26

and the controls so that 80%

56:28

of them steal from you and

56:31

you go focus and figure out who the 10%

56:33

that will always steal from you is and

56:36

um , and that's sort of a retailer , a retailer

56:38

, a retailer , a retailer , a retailer if

56:41

you ask a retailer , who's your where

56:43

, where's most of your leakage from ? And it's not

56:45

from , um , people coming

56:47

in well , that some cities are not

56:49

mostly not people coming from from the outside

56:52

, and so so it's your employees taking it . And

56:55

I think the information services businesses

56:57

and professional services businesses have been

56:59

so slow to realize that Um

57:01

, uh I tell that story

57:03

often now because we try

57:06

to really help our clients do is get that

57:08

80% figured out , so

57:10

that they're trying to start

57:12

with the 10% that are , that

57:14

are are going to take three or four or what , um

57:17

, and , and catching that is is is

57:19

really important because they probably have malicious

57:21

intent with what they're going to do with the data .

57:24

Hmm , well

57:26

, you know , joe , we're . We're , unfortunately

57:29

, we're at the top of the hour here . We're

57:31

at the end of our time . You know , I feel like we

57:33

could we keep talking about this forever

57:35

. Um , you know

57:38

, yeah , it was a , it was a fantastic conversation

57:40

. I really appreciate you coming on . Um

57:43

, you know , before I let you go , how about you tell my audience

57:45

, you know , where they could reach out to you if they

57:47

wanted to reach out , and where they could find your company

57:49

?

57:50

Yes , so we're code 42 and that's code

57:52

42.com and you can

57:54

get me at pain Joe on

57:57

back , sign us and you

57:59

can get me at Joepain JYNE

58:02

at code 42.com and happy

58:04

to talk to any of you . And um , you

58:07

know we try to get back to the community

58:09

. So the research report coming

58:11

out , um , I think in a few

58:13

days , uh call the data exposure

58:15

report . We do it every year , so look

58:18

for that in this loss and information there . Uh

58:20

, inside of that and center risk .

58:23

Awesome . Well , thanks everyone

58:25

. I hope you enjoyed this episode

58:27

.