welcome to the cyber rants podcast
where we're all about sharing the forbidden secrets
and slightly embellished truths
about corporate cyber security programs
we're ranting
we're raving
and we're telling you the stuff that nobody talks about
on their fancy website and trade show giveaways
all to protect you from cybercriminals
and now here's your hosts
mike ratando
zack fuller and loro chavez
hello and welcome to the cyber ants podcast
this is your co host
zack fuller
joined by mike rtando and laro chavez
today we have special guests ken wiley
join us ken
thank you for joining us
looking forward to diving into this conversation today
it's my pleasure zack
so we'll get into a little bit more here shortly
ken has a deep
deep background in it and security
and we'll get into that here in a bit
and learn some words of wisdom
i'm sure throughout the conversation
but before we do mike
you want to kick us off with the news
interesting thing
economic news
ransomware revenue drops
forty point three percent in twenty twenty two
as victims show less interest in paying up
researchers
estimated that the total ransomware revenue dropped
forty point three percent in twenty twenty two
with several
indicators signalling a drop in victims willing to pay
or perhaps report payments
since twenty nineteen
victim payment rates have fallen
from seventy six percent to just forty one percent
the report nugget
one big factor
is that paying ransoms has become legally riskier
especially since an o fact advisory in december
twenty twenty one
and the potential for sanctions violations with
paying ransoms
the us treasure department warned
that it would take action against those who pay ransoms
to entities on its sanctions list
in march twenty twenty two
congress passed legislation
requires critical infrastructure entities
to report any ransom payments to make outside the us
the us has similar
legislation
and additionally
and i think this is the bearing driver factor
is that cyber insurance
has really taken the lead in tightening
not only who they insure
but also what insurance payments can be used for
so they are much less likely to allow their clients
to use an insurance payout to pay a ransom
that's good news yeah
good work pan off
do you think they listen to our podcast
the government regulators listen to our podcast
and said how could they not
are right yeah
that has to be it
ransom attacks persistent
health care has impacts on patient safety rise
and a report by the ponemon institute refers
reaffirms that the number of healthcare data breaches
didn't change significant last year
but the severity of each breach has steadily worsened
sc media were previously reported
that more than a dozen of the biggest
incidents in twenty twenty two
each impacted well over a million records
the vast majority of these records
were attributed to hacking
and it instance
as noted by ceo don l
dodson the fortified health report stressed
that healthcare risks
of targeting by threat actors mirrors other sectors
but the impacts in industry far out pace the risk pace
facing other industries
the inability or limited ability to care for patients
because of a security and sent pals
in comparison to a small charge on a credit card
easily reversed once identified
as the latest ponoman institute survey shows
the impact of ransomware attacks on patient care
has remained one of the biggest risks and challenges
surpassing the sector overall
the sector faced a number of ransomware attacks
last year many of which were caused by poor
cybersecurity controls
both internally
and with their third party vendors and products
that was kind of the key pieces there
also when you put ponymon into word
it changes it to pokemon
so just keep that in mind
security risk of chat gpt and other ai text generators
there's multiple stories about this
i found it interesting
chat gpt the natural language ai go
made available to the public in november
twenty twenty two
will likely make low level cyber attacks
easier for unskilled adversaries
we successfully asked chat gbt
to write a convincing fishing email
to create javascript
that could be used to steal personal information
security research have spotted similar chat gbt
created malicious material posted on cyber crime forums
how much of a threat is chad ebt
specifically in our ai in general
the short term threat may be minor
but the long term future
portends in arms races
attackers and defenders both use ai
to gain advantages on each other
it's kind of important
maintainers
of the get source code version control system
urge you to update the software to fix two
critical vulnerabilities
the flaws are discovered as part of a security source
code audit of the source code version control system
sponsored by the oscif
which was performed by a team of security
experts from x forty one and git lab
the vulnerabilities can be exploited by a thread actor
to achieve remote code execution of cve
twenty twenty two
for one nine o three
integer overflow
and get archive
get log format
that can lead to remote code execution and get
the maintainers
the project recommend users
who cannot immediately update their install
to disable get archive
and untrusted repositories
to medicate cve
twenty twenty two four one
nine o three
in conclusion
the get code base shows several security issues
in the sheer size of the code base
makes it challenges to
it makes it challenging to address
all potential instances
of these issues
the use of safe wrappers
can improve the overall security of the software
as a short term strategy
as a long term improvement strategy
we recommend
to alternate between time box
code based refactoring sprints
and subsequent security reviews
so if you've got code stored there
get it updated
popular email
marketing and newsletter platform
mailchimp was hacked
and the data of dozens of customers were exposed
the news of
a new security rate
was confirmed by the company
the incident exposed
the date of a hundred and thirty three customers
but actors targeted the company's employees
and contractors
to gain access
to an internal sport
and account admin tool
on january eleventh
the mailtip security team
identified an unauthorized actor
asking one of our tools
used by mailtip
customer facing teams
for customer support and account administration
the unauthorized actor conducted
a social engineering attack
on mailchimp employees
and contractors
and obtained
access to select mailchimp accounts
using employee credentials
and compromising the attack
based on an investigation to date
the target incident
has been limited to
a hundred thirty three
mail chimp accounts
so with that
that's the end of the news
but there are some headlines
for those of you
tracking my critical
microsoft azure rce flaw
and collected
multiple services
there's a couple of vulnerabilities in netcom
there's another chat gbt story
that create
polymorphic
malware wave
which not good
cybercriminals are targeting telecom
teleco providers
and roaming
mantis hacking
campaign ads
dns change into mobile app
so check out the headlines
and with that
we're going to move on to
laurel's corner
we're going to learn to love
grow and be better
cybersecurity
people laurel
mike thank you
there's always
such a pleasure
when you introduce me like that
i feel so special
so welcome everybody
to the podcast today
and in laurel's corner
we've got some
iphone security tips
yes iphone only
don't blame me for having class
and a little bit of
you know lust
for the beautiful
and elegantly created
but i'm not
saying that
iphone is that much more secure than droid
while if you ask me
which way i prefer
all droids a lot
like working
trying to correct a rubik's cube
where somebody's taking the stickers off
and put it back on
incorrectly
so i prefer
iphone again
i have that sense of
elegance in class
and so for those
of you out there
that also have an iphone
i want to talk about
some security
and privacy
configurations
that you can make
to maybe make
your experience
of going through life
a little better
so if you're like me
and you're driving on your tesla
go ahead and click that
autopilot button
and let's talk about
accessibility
from the apps
at the lock screen
a lot of a lot of
you may not know
there have been some
lock screen
by fat bypass
hacks that have been done in the
previous years
and even with current
versions of the iphone
what that means is that
you have these apps
that are running
in the background
in the front
of the lock screen
so their background
foreground apps
in any case
you can access
them from the
lock screen
you can swipe up
or swipe right
you'll notice
these notifications come in
in form of sms
maybe from a
twitter feed
or an instagram feed
or a TikTok
notification
attackers in the previous years
and even currently
can use this
to obtain access to the phone
without having to know your pin code
or use your fingerprint
or use your face recognition
so just to give
you an extra
level security
while you're on autopilot
go ahead and swipe
up on that phone
and go into the settings
in settings
you'll see a place called
accessibility and
and in there
you're going to find
there is a privacy setting
so it's called face id and passcodes
and that's in your settings area
okay so you want to scroll down there
and you want to allow access when locked
you'll see a whole list of things series on there
if you ever wonder why you're driving along
and you say something that even
sounds remotely close to siri
no i'm not talking to you go away
just like that
and siri pops up
that's why she's allowed in the background
on front of that lock screen
and she's listening to everything going on
and if you say her word or her name
she's going to come to life
and ask you if you need help
these options are in this setting
so that's in settings
face id and passcode
you're going to be required in your passcode
before you can go in there and change those settings
the next one is ignoring unknown callers
you probably didn't know that
when silent sector harasses you
and your number is not in your contacts list
i don't know why it wouldn't be
we are the most popular podcast on the planet
anyways you're going to ignore those calls
without having to listen to the annoying ring
so if you're like me
and you're trying to work out
or listen to a podcast or anything else
and the phone starts ringing
and it's an unknown caller
possibly spam
you still have to grab the iphone
turn it off
and go back to what you were doing
well apple's taking care of that for you
they have an ignore unknown callers feature
and you can get to this by going into settings
going to the phone
and scroll down to the bottom
of course they put it at the very bottom
so that it's hard to get to
because they probably don't want you to do this easily
but you'll see the toggle for silencing unknown callers
now mind you
anyone in your contacts list
is gonna get sent right to voicemail
but if anybody truly wants to get a hold of you
shouldn't they leave a voicemail anyway
because i think it's just rude to call nowadays
without a text
i'm like showing up the parents at your house
when you're having
you know date night with the wife
and there's you know
stuff on the tv that there
i will go there
the next one
that you should know about
while you're on autopilot
cruising down the i five is lockdown mode
hopefully your tesla doesn't go into lockdown mode
and stop traffic
inadvertently
on accident or purpose
we're not quite sure
lockdown modes
the who to draw of
i think my phone's been
compromised
so if a friend sends you something
and you click on it
and it looks like you're downloading angry birds
but then certain weird things start to happen
on your phone
if you still have access
you can go into settings
privacy and security
and scroll to the very bottom
just two big swipes
and you're all the way there
and you'll see
the lockdown mode button
the apple operating system is going to warn you
before you enable this feature
as it will stop
a lot of activities
and begin an increased logging
and begin reaching out to apple
at their intelligence center
to start looking for
indicators of compromise on
your apple device
so remember
if worst case scenario happens
and you believe that your phone's been compromised
you can go to the setting
lockdown mode
in settings
and privacy
and security
and enable that
so go ahead and take that
autopilot feature back off
and continue your drive to work
or wherever it is you're going
thank you for spending time
in my corner today
and last but not least
make sure that you share what you learned
with loved ones
to make us all more
secure together
as we go on about our daily lives
zach we have a guest
today don't we
i'm excited
we do well hey
thank you so much
i did a bunch of updates here on my iphone
so i'm a better person
for having done that now
so thank you
you're welcome
hey we're going to
have a great conversation here
coming up with mr
ken wiley himself
after a quick commercial break
and we'll be right back
want even more
cyber rants
be sure to subscribe
to the cyber rants podcast
get your copy of our best selling book
cyber rants
on amazon today
this podcast
is brought to you by
silent sector
the firm dedicated to building world class
cyber security programs
for bedmarket and immersion companies across the us
silent sector
also provides industry leading penetration tests
and cyber risk assessments
visit silent sector
com and contact us today
and we're back with the cyber ants podcast
glad to have you here
glad you're listening today
because we are going to dive into
some vast vast
and immense experience
so you don't get to hear this stuff everywhere
so we're glad to have you ken
thanks for joining us
really appreciate it
good to be here zach
for the listeners out there
i mean you you have
a very deep background in it
and cyber security
would you start
off by sharing a little bit about
your journey
how you get started
your career
path and so on
for those listening
sure yeah so
i'm a manufacturing engineer
by education
and when i came out of school
i went to work for
what is now
accenture so
i spent you know
my first decade
doing consulting
work in the
information
technology side of things
mostly in the pacific northwest
working with
you know large
to small companies
from intel down to
central point software
and if you remember them
they were one of the first
you know signature based
find me the
malware on my machine or virus
and you know
it's fun to
look back on
where we've gone with that
and you know
over the so
i've been in this industry
for i you know
did the math
thirty nine years
so it's been a
it's been a good
long journey
and now as you know
i'm working with
you know an
interesting company called
silver draft
supercomputer
outstanding
well thanks ken
i mean through your career
you've been hands on in the tech
you've built teams
you've got companies organized and compliant
and security controls in place
what would you
just speaking of career and such
what would advice do you have as far as those it people
growing in their careers
looking to take that next step forward
and really accelerate to the next level
sure you know
i think for me what has helped me the most
is making sure i understand the business
and one of the things that a company i worked with we
every year i had to go spend
you know a couple of days with a salesperson
and i would go on sales calls
you know as the it guy
and then i'd spend a day at a manufacturing facility
and be on the floor
you know maybe pushing a broom
but i'm learning and seeing what's actually happening
and so i've got that context of
you know here's what i think we need to do
what does it really mean
for those people that we're putting it on
and so you can't lose that context
because the it is a service
you know and unless
i guess you are building a security tool you know
you're there to help make that business run well
you know or
you know minimize the amount of risk that they're in
and so you know
having that context of
you know what business you're in makes a lot of sense
appreciate you saying that
so you're saying that tech
the tech people
can actually learn something from the sales people
i don't think
most people think of it as the other
well you certainly learn their frustrations
right you know
and you know
we had a conversation on that this week
with some sales teams who are you know
why do i have to put this data in the crm right
they don't see the day to day benefit
right but having the leaders of the company explain
you know hey
we can detect patterns on where are we being successful
you know where aren't we being successful
and you know
hey we've got a mail campaign
or we've got some outreach with you know
business development crew
and you know
it is or isn't successful
and so people get that
okay now i know why
you want me to fill these three fields in
makes sense
well let's let's dive in a little bit
what you're doing right now
a silver draft supercomputers
is pretty fascinating stuff
do you want to give
the ten thousand foot overview about silver draft
what the company's doing
where it's headed
sure one yeah
silver draft super computing is about
real time photorealistic rendering
and we got our start because we
you know we
we figured there had to be a better way
and if you remember
you know not that they still don't do this but in
back in the day
you would maybe do some green screen film
shooting for the movie
and then you'd wait until that rendering was done
and you know
amy galle our ceo
she said you know
there's got to be a better way so she
she got together with a professor out of virginia tech
and they built a forty terraflop machine
and got it in front of a film crew down in la
and demonstrated that they could shoot
and in thirty seconds
have the extended reality overlay
and so the director
so basically
we're in the business of saving people time
so you no longer have to wait for that render
you liking it
to the days when they shot film right
they had to go process the film
now it's all digital
so that is faster
and then with all these xr overlays and visual effects
we're now able to do that in real time
and it's photorealistic
you know you know one of the
the best examples
i think all everyone has
most everyone has seen is the mandalorian
the majority of that shot indoors
in a virtual production volume
and we're the compute that makes those walls of leds
have the right image at the right time
based on actor position and camera position error
flops is the way
yeah well we're beyond that now
what other what are their applications i mean that's
that's all right well before i go down that path
mandalorian i know you've done some work with the nfl
would that be safe
if you watch that video
i think i reposted something from one of our partners
you know the nickelodeon teams
with the nfl every year to bring slime to a game
and that is again
that's all real time overlay on a broadcast event
and i think in addition to being fast
we're incredibly reliable
so we have customers who have
running the system they bought six years ago
and it's still doing what they need it to do
and they don't fail
and we do that because we manage heat very well
and we've studied the performance of gpus and the cpus
and we make some bios tweaks
so that they don't get distracted in their task because
windows likes to generate a fair amount of distraction
if it sees some empty cycles
does it ever
and so we do
you know we've kind of addressed the whole problem
and then we've gotten down to the level where
if you're using v red from the autodesk world
or you're using you know the epic
you know game engine for generating those graphics
we've tuned the machine to those specific tools
and what they need or expect
you know and so
we're able to fit ten gpus in a four au server
and have six of those stacked together
and run twenty four seven and not overheat
do you get the crypto community that's collapsing
to reach out to you
for help on cooling their gpus too or
no no honestly
my real question is
do you have any game companies
that are taking advantage of this
because you mentioned epic
and i know the unreal engines
really popular out there
so if you had any of the
because i know a lot of my nerd friends are jones
and about this technology
and how it's going to change the gaming industry for us
well so the unreal engine was actually
the engine they used in that nickelodeon nfl broadcast
and so our context is generally for that
real time rendering
and you know
we have had the
you know people reach out to us and say you know
hey i want my
i want the fastest gaming engine i could get and okay
we tend to be more in the
call it the enterprise space
where you know
for instance
car manufacturers
we have several car manufacturer customers who have
distributed design teams
and they no longer build
you know that clay model of the
the new model
and they're putting on their goggles
they've got their hand controllers
they're connected to the internet
and they've got somebody in tokyo
somebody in la
somebody in detroit
and they're all interacting at the same time
on this three d model
right and there
you know some of them are on the design side
others are on the production side
and they've
they're using the tools
that someone on the production line virtually
just you know
can i get this tool in there to tighten that bolt
and they're making those interference
you know finding them before they hit the floor
and so they can come out with
a design that's manufacturable
you know and you know
i think one interesting thing we did because we
in addition to
building the platform that they'll run on
will build plugins for say
v rad if that's the design tool they're using
and you know
we created this thing
where you put a light bulb inside the car
and it looks for light leakage
so you can tell that
oh maybe i need to
you know refine the
the fit of these two components so that you know
i'm not getting water in the car or whatever yeah
i'm pretty sure somebody dropped the door on my ford
before they put it on
so that would have been handy
i'm that's cool
i think i think
i think the metaverse
i think z berg should reach out to you
because they could certainly leverage the rendering
capabilities of your system
compared to what they have today
i think it's terrible
well you know
we're looking at that idea of
we think about the corporate metaverse
right you know
the metaverse that someone like
facebook is pursuing is a little different than say
the internal metaverse
that a company might want to create to maybe
create a better experience for remote employees
and you know what we found is to be very effective
especially say in this design world
you've got to be photorealistic
it can't be the cartoonish
blobby kind of precision it's got
it has to be photorealistic
and the best example i have of that is we have a
demo that we did with one of these car manufacturers
and we take it to trade shows
people put on the goggles
and they're able to be around the car
and you know the one question everybody will ask is
you know hey can i get in the car
and he's like yeah
just step on through
and you're on the inside
and then they'll say well could you open the door
and we you know
we hit the button
the door opens and they jump back
it is you are so immersed in that virtual world that
you know you're expecting to get hit by that door
when you see it move
so i don't know that i want to go to the office
even virtually
i don't know how mike feels about that
no offices are done yeah
we could stand by the water cooler virtually you know
well the virtual office is a tropical island
waterfalls maybe a pterodactyl flying by
that you don't need the
the actual aesthetics of a cubicle farm
well that sounds better
let's all hang on an island like lord of the flies
that sounds great yeah
well you know we're also
we are seeing a number of
you know companies
you know we talked about the movie studios having those
virtual production volumes is what they call them
but many companies are starting to leverage their own
you know in house studio
so that they can better communicate
and they you know they
it's not somebody standing in front of
you know all that production
green screen kind of things
but they're able to have this photorealistic
you know here's what's actually
what could be happening in your factory
and giving somebody just a very realistic looking demo
so one thing that comes to mind of course
i'm starting to think about cybersecurity ramifications
and i'm thinking about things like
maybe real time deep fakes eventually
that would be the ultimate social engineering
jump on a zoom
meeting with somebody that's not actually that somebody
and they're interacting with you
do you ever think about that
any ideas and when
as this computing power becomes more readily available
on site for people
what kinds of
what can of worms do you think that might open
at some point
from a security perspective sure
well i think what i've seen a lot of people
how can i take all this interesting real time
photorealistic rendering and
and then combine it with blockchain
so that you know
people can be
you know either monetizing say the video or their
the whatever rendering they've done their content
you know so they're
this idea of the creator economy
and how can people monetize right
and i think you look at that pattern
that happened with music right
there is a lot of
you know how can
you know with napster and all that
it felt like
you know artists are gonna go
you know they can't live because they can't make money
and i and i
you know that that got resolved right
it was i think a
people had to take a deep breath
and there was some struggles through that
but now i think you know
artists have a way to monetize
through the technology we have out there today
and and so i think that you know
the benefits of something like the blockchain to help
you know secure people's copyright
for a lack of a better term
help them monetize
and then you could extrapolate that to
well what's the digital signature on my image right
and you know
you know even with
you know the iphone
right i mean
it's ability to detect that it's me
and that it can unlock my phone
you know will will
the compute gets so good that it can fake the iphone
that you know
that would be interesting to see
when we end up with them
i was like ready player one to me is about to go down
yeah well you know
hopefully we'll get out a little bit more
yeah hopefully
the world will be in such turmoil
right but yeah
kind of the best of both worlds right
i think that was a really cool idea for a film
and i think really kind of hopefully shows where where
that at least that industry is trying to try to move
and other industries using it as an extremely
innovational thing
because now
as much as mike and i don't want to go to the office
we can sit in a conference room with our
realistic looking avatars
and be around a board table and have these meetings
and stand up and actually interface with a whiteboard
or something that might be in there
which is a really cool idea
yeah yeah yeah
well and we've been poking at the idea of
you know how can we provide that level of rendering
say on some
you know tetherless
glasses right
because today to do real time
or maybe that photorealistic rendering you
you really got to be tethered to the cpu
you got to be wired in
yeah otherwise
you know if you tried to put the
the rendering in the goggle
you're gonna melt somebody's face
because it's just too hot
and so the idea of say
the five g network right
and if you look at how lte was facilitated
with the amount of infrastructure around
versus where five g is going to be
you're going to have significantly more
tower density than you did with four g
you know lte
and you know
i think i saw a number that said
you know they
they term these tower modules or areas as mechs
and i can't remember exactly what mech meant
but they estimated to be like
twenty seven million mechs
as fiji is rolled out by
you know sometime in twenty
twenty five
twenty twenty seven
somewhere in there
and you know
we're thinking
holy smokes
if i'm going to be rendering to somebody's glasses
as they're walking through the park
i'm going to need a render capacity
in every one of those mechs
you know so we look at that as the possible growth path
and we're like wow
how many rendering farms
you know is it twenty seven
you know two point seven million
rendering farms that we need to have in place across
you know by twenty
twenty seven that's a
it's a huge market
you're gonna need a new supply of gpus
well you know there's also talk about
what is the next generation of gpu
and i heard a term
the programmable gate array i think was the term
and is it is it
you know the current architecture we know and love
as gpus are what people are coming out with
kind of the next gen
you know i you know
i'm not at that level of detail
but it'll be interesting to see how that shakes out
so we're still a ways away from the next generation
hollow suite from specialty
yeah well as one of our scientists i used to say
you still can't defy physics
star trek should not be your model for where to go
what about the x men
because they had a
they had a training room that was all based on ai
so hopefully you know
you know in like a vacuum right
and in like a closed space we might be able to
to use some mirrors to you know
and goggles to help that become realistic
but yeah you can't
you can never beat physics
well we are using the technology to help train
some public safety products out in the market
where one company called rap
they have a
public safety device that you know
wraps the perpetrator up
right and you know they
they dawn of you know a goggle
they've got a handset that mimics the
the thing that fires this bolo rap
and they do it
they train law enforcement virtually
and you know in this vr
so you go through scenarios and then you know
was this the right time to fire
the right angle
all those kinds of things and they
they do all that virtually
and nobody gets bruises as they're
you know virtually wrapping people up
yeah that sounds like
good for like a firearm safety or something that
you know you can
you can fire right up and you know
pull your weapon and put a piece of equipment in it
that responds to the unit
and then you can
you can do your safety and your activities
yeah yeah i could imagine the
just the implications there for all kinds of training
i mean you know
from everything from athletics to
you know government to corporate you know
and just pretty
pretty amazing
i mean with that kind of power
there's so much
so much that you could do
we might have to
get one of those machines for silent sector
and start playing around but
well what's what
and what are you most excited about in
the technology world in general
i mean between you know
we talked a little bit about blockchain between ai
you got quantum computing
i mean what's what
what do you
would you recommend people keep a close eye on
over the next couple years
well you know
i think with this compute
it seems like we've been able to just bring brute force
to solve problems right
and i look at
say training a model to recognize a cat or a dog
right you know
it's pretty much brute force math to look at an image
pixel wide pixel and train the model
and i think okay well
what happens when we start getting elegant about this
you know the power
you know i may be
you know chad
gbt and it's ilk is the first example of
you know hey
we're moving beyond the brute force
to doing some really elegant algorithms
that add in that sense of
you know how our brains work versus just pure math
for me the application of technology
i look at where we were in the nineteen eighties
with microelectronics
and we were really getting good at understanding what
you know electrons were doing in a doped silicon
to then get really good at making it smaller
and smaller and faster and faster
and that whole moore zola thing
and i think in the biophysics
biochemistry side of the world
we're now beginning to understand that
finite level of detail of what happens
in the structure of say
a virus or rna
and how that then you know
enables them to do what they do
and so i see that revolution
of people being able to use high performance compute
to understand at a very granular level of detail
what's really going on at the micro scale
and how our bodies work and how chemicals work
that i think that's kind of for me
kind of the next revolution
and so that has me excited
i can't wait to see what kinds of interesting things
coming to that
the other thing for me
you know back in the early nineties we were doing some
what was termed expert systems
and we would spend time
you know my best example is at a paper mill
we spent time with
the folks who operated those massive machines
who knew how to make paper
and we we built a set of rules that enabled them
to have kind of a decision support system
and you know
yet we had all this data
you were collecting a hundred thousand data points
every fifteen seconds from the machines
but we didn't have the compute to
like we do today
to say well
let's just you know
train a model to look at those data points
and then make recommendations
you know we
we took information from people
about how they did their job
to then help build a decision support
and we couldn't take it any farther
because the compute just wasn't there
you know and now
you know with all the data feeds we're getting in
you hear about iot
and just you know
we're collecting data from everything
we're applying it everywhere
and i think that's
you know i think i saw something where people are
municipalities are able to look at all their
coin meters
you know for parking
parking meters
and they can tell
you know here's where i need to send my
my team to go set tickets because
that's where all the expirations are about to happen
and you know they're able to bump their revenue and
you know how else can you apply that in your
that's a terrible waste of technology
i saw another thing where
you know police cars have cameras on them
and they can read like
seven hundred license plates a second wow
and so there's lots of privacy issues around that right
but what one state was doing was
they would record all those license plates
and they'd match it to their stolen vehicle registry
wow and and they
you know and then they
you know you combine all that data together
you could start getting patterns about
you know where a theft might have occurred
or where that vehicle's going
you know it's
you know it's a little scary on one hand
but you know shoot
if somebody can help find my car for stolen that
that's a good thing
yeah i heard that they were
i heard a through second hand
that they were actually using some of that technology
for repossessions
for banks to
to go out and find cars that owners hadn't paid
sure wow yes
yeah there's definitely privacy concerns about that
i know there's some law
there's some case law around it as well
okay so what point is the government interference
so i guess it depends on your big
your view of the big brother state sure
at what point is it a violation
so definitely a fine line to walk
absolutely yeah
well and i think one of the biggest benefits i've seen
on the security side of things is just the ability
to detect patterns that are occurring in your world
you know and we had
you know six hundred or so employees
and you know our
the tools that we were using would
would find you know
hey this group
one of them just downloaded you know
six hundred meg from some
you know outside source
and they've never done that before
is this a problem
right and then
you know hey
we then began to tweak the model
say well you know
that's a developer
and you know
hey they might have just downloaded from the repo
and they only do that once a month right
on the flip side
you know you are
because we in the company i was with
we built routers
you know they
some of the engineers like to use bit torrent
to generate a lot of traffic on you know
the little stub of the network they were working on
and you know
we had some issues where they might have pulled
it from a repo that was tainted
and so we began to
you know we would learn enough about the patterns
that were happening that we could then
well you know
okay we need to set up a you know
here's the rules around what repo you can go to
and that sort of thing
outstanding
can hey before we wrap up
any advice for those looking to get into the it
or cyber security career path
just get those people just getting started
any advice around how to have a good
fruitful career
well i mentioned before that you know
learn the business you're in
because you're there to serve the business
and you know
i think you just got to continually learn
because things change over time
and you know
so you got to stay connected and relevant to
you know where the technology is going
and you know
there's lots of good ways to do that
you know this podcast could be one of those sources
and then you know
lots of other things out there
whether it be corseira
or capella university or whatever
and you know
visit your local library
there's lots of good books on the cheap
and you know i guess i
you know the number of books i look at your bookcase
i mean you just can't stop learning right
outstanding
mike larrow any
any final words of wisdom before we jump
no i like that it plays moore's law to your brain
good there you go
that's right everything has a
what is it half life right yep
absolutely well
outstanding and ken
if anybody wants to reach out and get a hold of you
what would be the best way to do that
or learn more about silver draft for that matter
well certainly silver draft
you know silver draft com
that's that's the best way to find us there
and you know you can find me on linkedin
you know reach out
be glad to set a connection and help others where i can
outstanding
well hey thank you so much ken
it's been great to have you
and look forward to continue this conversation
this is this is been a great topic
something we've never covered before
so really interesting work that you're doing
and much needed
so thank you everybody
for joining us on the cyber ants podcast
hope you enjoyed this episode
cyber ants podcast com
you can send us a note on future topic requests
questions you might have
anything like that
get the show notes
get the links to the news articles
that mike talked about
all on cyber ants podcast com
so reach out anytime
share this with your friends
get the information out there
so we can make world a safer place when it comes to
the use of technology
so we'll see you on the next episode
pick up your
copy of the cyber ants book on amazon today
and if you're looking to take your cybersecurity
program to the next level
visit us online at silentsector com
join us next time
for another edition of the cyber rants podcast