Theresa Payton - Cybersecurity Expert, Author & Former White House Chief Information Officer | Cybercrime & Manipulation Tactics

The best thing that stops the bad guys is designing something they didn't expect. Joining us today is Teresa Payton, one of the nation's most respected authorities on secured digital transformation. As the first female White House chief information officer and now CEO of Fortalist Solutions, Teresa has spent her career combating cybercrime and advising global boards, CEOs and technology executives. Fraud happening is inevitable. It's part of life. A lot of people say things well, humans are the weakest link. No we're not. Your technology failed them. And somebody took advantage of them. Biting crime should never be seen as a competitive advantage. If you study the profile of cybercriminals and fraudsters, nation states, you start to see they have a pattern of how they attack the different chinks and the armor, if you will. We're the weakest link of the security industry because we keep designing terrible processes and technology around the human user story. We need to be as creative as Steve Jobs was at Apple in how we think about security constructs. In this episode, we'll dive into her journey from the financial sector to the forefront of cyber security and the insights she's gained along the way. Welcome to success story. I'm your host, Scott Clary. The success story podcast is part of the HubSpot podcast network. I am a huge fan of HubSpot because they support entrepreneurs. A lot of entrepreneurs, founders, executives, listen to this show. And for entrepreneurs that are trying to build, I have a question for you. Does it feel like your teams are getting pulled in a million different directions when everyone's digging in on different projects with different platforms in different places? It can be tough to stay focused on a common goal and that throws a wrench into things. That's why HubSpot brings everything your team needs into one easy to use and easy to love customer platform with it. They have everything they need to scale the business at their fingertips. So your marketers can write blog posts in a snap with AI and build better leads with in-depth campaigns, sales can build connections and close deals faster with tracking tools and real-time performance insights and service can get a hand from AI-powered chatbots for better support and more five-star reviews and everyone can deliver killer results and grow revenue faster than ever before. Because when your teams work better, your business grows faster. Visit HubSpot.com to get started for free today. Theresa, I'm very excited. Thank you for coming on. I appreciate your time. I know it's been a busy week for you, but I'm excited to do this. Obviously, a lot of the work that you've done is I think highly relevant and on people's minds right now, we're going to talk about sort of what you've done in politics out of politics and just your whole career, but like to sum up your career and cybersecurity, I think a very easy word is groundbreaking. You've sort of you've done a lot of firsts, which I think is phenomenal and you've not just done first. You've done your work at an exceptional level. Talk to me about maybe an inflection point in your life and your career. It could be very young. It could be a little bit older. They're really sparked an interest in technology and security. Sure. What I would say is there's still more ground to break. If anybody feels like they've been left out of an opportunity to do something groundbreaking, just wait a week. You'll have something you'll be able to do something groundbreaking. Still available to think about kind of the new things that are coming, but you know what's really interesting is I go back to high school on this one and I'm in high school and I had to transfer schools because my daddy was a career marine and he got stationed at Quantico and I was going to the high school, which is the Department of Defense School that's on the US military base. And one of the things that they required was you had to take at least one course in computer science. Now, had that not been required, I don't know if I would have taken it as an elective. I was loading up on things like I wanted to do international finance law. That was what I thought I was going to do. I thought I was going to do huge international trade deals and one day go to law school run for US Senate. So these were all kind of my high school ideals of what I might be doing when I graduated from high school. And so I'm like, okay, I'll take the computer science class, whatever. And I'm going to be dating myself here, but at least for my computer science class, we were on TRS 80s. And so we were given all these different programming assignments to do. And I realized I loved it. I was good at it. And I wanted more like I wanted more exposure to them. Like what is like this is incredible. This idea that I could be given a set of instructions by a teacher and I could make something like a Coca-Cola logo. Don't tell Coca-Cola I said that. But that was one of our programs that we had to do is like try to recreate the Coca-Cola logo in a computer program. What would that look like? And I know people listening to this today that are younger probably like, what is she talking about? Anyways, I thought, wow, I really enjoy this and I'm good at it. So I looked for more opportunities. And when I went to college, I had a double major. I did a major in economics. I did another major in business administration that I did two certifications. I got certified in business management. And I had the opportunity to get certified in computers. And my goal was I just wanted to always be employable. I wanted to always be able to have a job. So that's why I focused on my four years in undergraduate. I was like, how many degrees can I get? How many certifications can I get? And that led to a University of Virginia where I got my Master of Science. I got a call from University of Virginia. My senior year, they had started a brand new program on Master of Science and now called in Management Information Technology. And they didn't have a lot of women applied. And I got a phone call from one of the professors who was working on recruiting candidates to be in this brand new program. So if I hadn't had that mandatory class, I don't know if I would have opted in. I'd like to think I would have, but I don't know, I might have taken an art class or more language classes. And then I got this opportunity to get certified in computers, in college, in my undergrad degree. I don't know that I would have gotten that phone call from University of Virginia. And that really set things in motion for how I ended up being inspired to be solving business problems, leveraging technology. And then fast forward, my husband graduated from the Naval Academy, first tour of duty, post my graduation from UVA was Mayport, Florida. I love Jacksonville, Florida. However, not really a hotbed of big hiring in technology, when I graduated from UVA. And I thought, oh my gosh, and the economy wasn't great. And back then, you had to facture resumes. And I know this sounds like ancient times. Or I had to mail it in the mail. And I was getting, if I got an answer at all, it was a rejection. I could not find a job. I was applying at the mall. I was like, I could do retail, because it worked in high school. I had a part-time job at the Marine Corps Exchange, which is like a mall on, on Quantico Marine Corps base. I couldn't even get a job like as an assistant manager and a shoes store. Like it was really kind of, but you were learning, you were learning things that were far ahead of their time. Well, here's the thing too. I was a girl's and I had to sell cookies myself. Like my parents did not take my thing into work and say, by my daughter's cookies. So like, if you want to sell the cookies, you go door to door, you sell the cookies yourself and you walk around with the box and you deliver them yourself. And so I am used to having doors slammed in my face. I am used to rejection and I've learned to mostly not take it personally. And yeah, and be like, I know the cookies are good and I know I'm a good salesperson. So I'll just go to the next store and I'll take the lessons learned with each door slammed in my face. So I'm sitting there in the lab one night at University of Virginia and thank goodness my friend Sarah. She was talking to me. She had a connection with Barnett Bank and she was able to get my resume in front of somebody at Barnett Bank and it's a long story that's a nice story. And I started off working at Barnett Bank and Barnett Bank was always focused on customer service. What are we doing to enhance the customer experience? What are we doing to meet all of our customers where they are and really financing their dreams. Barnett Bank is now part of Bank of America. And it was a really cool time to be in banking because we were really thinking about how do we make the ATM experience better? How do we make the phone channel experience better? We were doing some online banking through dial up. And so it was really great because we were thinking about there's a multi-channel experience happening for our customers. How do we make it easy for our employees to service them? How do we make the easy for the customers if they started transaction on the phone and they finished it at the branch? How does that work? And this is 1990 we're talking about here. I worked for some of the best and the brightest in financial services. And it really just inspired me to think about always about the human user story. And when you're implementing technology, how do you prevent broadsters and criminals from getting in between you and your customer? But how do you also make the technology something they want to use? And they're not cursing you out when they're using it. The bank just drove me to this. We all experienced it too. I mean, we all know that. So now you're so you are at the, it's so interesting because you live through an experience and we're building systems at the bleeding edge of tech. And when you build at the bleeding edge of tech, you also build at the bleeding edge of security and and all the malicious actors that can try and take advantage because you build it and they're going to try and break it. So you're trying to figure this out as you go. But the issue that you solved and I've sort of read through and you'll talk about it so that the audience can hear it from you. But one of the bigger issues that security has is it's secure and then ruins the customer experience or it's on secure and optimizes for the customer experience. So your first sort of exposure to that balance that you have to navigate. Exactly. And sadly, fraud happening is inevitable. It's part of life. Right. So the fact that some people try to dishonestly earn their money, it's a fact of life. And I wish we could try to wait and make it go away, but it's always going to be with us. And it was with us before we were using technology, but it's certainly still here in the physical sense, but now also in the digital sense. And in some regards, being a criminal using digital means is somewhat easier because if you think about it, they become very emotionally disconnected from the people they're praying on. It's one thing to look somebody in the eye and defraud them. It's another thing to never see them. And you're just casting a net out to thousands of people hoping you catch a live one. But there's a lack of human connection in the way digital crimes are conducted. And it's devastating. And so you could do it at speed and scale. And for the criminals, there's really not any kind of sense of remorse because they don't really see you and I as people. It doesn't feel like it doesn't feel like it doesn't feel real. It's real results in real impact, but it doesn't feel like you're hurting a real person. You feel like you're hurting a number on a screen. That's the difference. I see what you're saying. So this is where we see people targeting senior citizens and stuff like that. Just the most horrible crimes. Oh, and they're horrible. And we get rust calls. And I can't tell you on, you know, like one day I'd love to set up a nonprofit to help victims because we can't help not everybody can afford or help most people have given, you know, thousands, maybe hundreds of thousands in some cases, tens of thousands of their hard earned dollars to the wrong person because they've been duped businesses and individuals alike. And we get those distress calls. And it just breaks my heart every single time. And you know, there's so much victim blaming and shaming as well that goes on. And this is one of the few crimes we still actually blame the victim. Like hello, we've been talking about, don't click on links or open attachments. And I don't, I don't like that talk. The conventional wisdom, a lot of people say things, well, humans are the weakest link. No, we're not. Your technology failed them. And somebody took advantage of them. You should be thinking about the human user story. And if your design were great, you would be able to reduce the impact on humans. Just like you think about a car, cars are now mandated to have seatbelts, airbags. They have to meet minimum safety standards. And ostensibly, still, accidents can happen in sadly lives or lost. But if you look at the statistics, many more people can survive car crashes these days, than in the past, because of all of the enhanced safety features. And maybe possibly because of the new safety features on cars, crashes are being avoided. You have less flying spots. You've got more alerts telling you, back up. Don't go forward. Watch out. There's somebody, you know, to your right. All of those things help make people safer in cars. We have to do better by the human user story and technology. So talk to me about like when you are, you first get into banking, is that the role that sort of, are you working in security in the role in optimizing user experiences or walk me through that part of your career? Sure. What's interesting is you didn't, we didn't really have a, like it is today, with a cheap information security officer, you know, a lot of the things, when I first started banking, most customer access systems went and talked to the mainframe behind the scenes. And what's old is new again, right? So here we are talking about, you know, I was just listening to Oracle talking about how they're going to be building out tons of data centers. They're going to be doing many nuclear plants because there's not enough power on the grid. And I think, oh, wow, here we go again. But so we had security executives who focused on the systems on the, you know, the data access points on the mainframe and downloads and managing that. And we, I guess we didn't know how good we had it having things very centralized. And then, you know, fast forward, though, as we put more of the bank's business in the hands of digital devices of the customers, both in commercial, middle market, small business and consumers, that's where fraudsters really started to enhance their tactics. So fraudsters were doing, and they're still doing it, check washing, check citing, in-person fraud, fraudulent credentials. You know, there's all of those things still continue today. And then on top of that, now you have these digital transactions that happen between customers and their financial institutions. And fraudsters are able to play a role there. So for me, I always had responsibility for customer facing systems. And because I had that responsibility, I had responsibility for working with our fraud partners and our security partners to make sure that we weren't building something in such a way that was creating an undue burden on them and on the customer. So that I always really, truly had responsibility for fighting fraud loss and for fighting, making sure that cybercrime wasn't happening, although I don't think we're calling it cybercrime in the 90s. But we were just calling it all fraud. It was just different types of fraud. And I did have a couple different stints where I supported the fraud departments. So anybody who was doing fraud loss collections or fraud fighting fraud score cards. So I did have that opportunity to support them and get sort of a bird's eye view, if you will. The type of work fraud units do to really save customers from being victims or fraud or figuring out what happened. A community where no one has to reinvent the wheel. We're all in this together learning and growing. And here's my ask. If you love this show, it's made a difference for you. Please share it with somebody who needs it. Hella friend, host on social, whatever works. It's the best way to keep this thing going strong. Bring on even better guests and share more life changing wisdom. And you can find us on all the spots. So you can go to successstorypodcast.com if you like listening to podcasts. If you like video, you can go to YouTube. It's youtube.com slash C slash Scott DeClaire or the newsletter newsletter. Dot Scott DeClaire.com just spread the word. I'm eternally grateful for each and every one of you. Let's keep learning. Let's keep growing. And let's keep making this world a little bit better together. All right, let's get back to the show. But then at some point in your career, you were, you obviously you moved into that CISO role chief information security officer role. So I mean, there's obviously was it some sort of event? Was it natural career progression? What was the thing that you kept seeing repeatedly that you're like, I can not only do this in private and I can only fight back against fraud and private industry. But then eventually you're so passionate about it that you do it at the highest levels of government. So it's not just I don't think I don't think when somebody moves from private to public service, it's just because it's a good job. I think that you have to have some incredible passion for this thing because it's not easy to do it in public service. And I'd say this used to be a CISO of a large company either. But it's not like it's not a it's not a money reason for the move or anything like that. If anything, it's probably a downer. But I'll leave that there. So what was the what was the point that you moved into into sort of roles and and responsibilities more related to security and intelligence? No, sure. So really the role at the White House of Chief Information Officer and at that time it was incredibly broad. So it included our version of intelligence operations to support the executive officer, the president, all of the systems, including the help desk. And it also included the security of all of those systems. And and I I really what an incredible honor to have been called to ask to to be interviewed and to be considered. And then to be offered the job and to do the job is incredible honor. I love my country. I love the United States. I have a whole family of US military and law enforcement. And and when the opportunity came up, you're right. It is a tremendous pay cut after coming from financial services, you know, you have stock, have your compensation plan. And maybe I should have had stock in the US government, but it is it is a pay cut and it is a tough job, but I'm very mission focused and mission oriented. And I felt like, wow, we've got all these men and women serving overseas. You know, this is post 9-11. So it's 2006 to 2008. And I have family members who served. And this is my opportunity. This is my opportunity to serve in my way with with the gifts that I've been given to give back to my country who's been so great to my family and so great to me. And while it was there, it's interesting because I really thought I'd seen it all, you know, after working in financial services for 16 years, you've seen pretty much every type of fraudster. You've, you know, heard about criminals who crawled up on roofs and actually felt through the roof, you know, and security's sitting right there. I mean, you feel like crazy stories, crazy antics of criminals and fraudsters. So you pretty much think, you know, at all, as far as like what's going on out there. And even working on, you know, anti-money laundering and know your customer, you see a lot. And then I sat in my first briefing, my first classified briefing and started to learn the various capabilities of the adversaries of the United States. And it just, it just changed me. It was like a switch flipped. And I thought I don't think people understand the dire situation that we're in. And I don't hear people talking about securing the human use or story. I hear people talking about add more firewalls, add more tools, follow this framework. And if you follow this framework, then you're going to be great. Or if you would just implement these controls, it stops 80% of everything. And it was like this conversation about security never talked about the humans at all. It was a lot of tools and products and one pane of glass. And I'm like, well, where's the human and the whole thing? This is when you transitioned into the into the White House. Yeah. And so I, you know, I really thought long and hard about this and the getting briefed on what the adversary was up to. And I told my husband, because I was commuting back and forth every week in small children at home. And I said to him, I believe I know what I'm going to be doing for the rest of my career. And I don't believe I'm going to go back and be just a cheap information officer. I think I have to focus on human user stories, secure digital transformation. I need to make sure that we talk about, you know, not reveal anything classified, of course, but that we need to talk about these risks that are coming. And really, in sort of a more organic, authentic way, be focused on cybersecurity. And so I started interviewing for jobs when it was time to leave the White House. And I was seven months pregnant with my little girl. And nobody was talking about cyber security this way. It was still very much product and tool, like a solution driven, like I'm a hammer and search of a nail. I'm a son, search of a board. And my husband just encouraged me to start my old company. And he said, why don't you do it your way? And he said, if nobody wants to hire you, you can, after the baby gets older, like you could just say, hey, I did independent consulting. And now I'm backing corporate America. And, you know, that was 2009. And here we are. I love it. And it's so interesting. So you felt that you move from private. You saw every kind of financial fraud and otherwise in private. Obviously, it was like, it was like a light bulb moment for lack of a better term when you moved into the White House. And then you saw what true threat is it's not just people trying to get some money. It's now probably sovereign nations trying to attack the US and whatnot. So it's a whole other level. But you still felt in private and public, it was still focusing on the tools, not the people. And you mentioned like the human story. You mentioned this a few times. And I want to understand what that is. I'm curious. I'm maybe paint a picture for people that aren't in tech and cyber security. You don't really know this world. What is the issue with focusing on tools as a CIO? I said CISO before that was a, I misspoke CIO. Yeah. These write-holes change all the time. I always tell people, just call me Teresa, the title snug. Good. So, Teresa, I work in technology. That's good enough. No, no, that's good. So the point is, I mean, so what's the missing element? And also, what is missing element when you don't include the human story, which is kind of like to your point where the world was? I mean, not just private, but in public service and government as well, which where the world was. And then what is the issue with that? What's the, what's the opportunity for a malicious actor if you don't include the human story as part of your cyber security, threat analysis, whatever you want to call it? Sure. So I'll give you, this is going to be a little bit of a, a simple example. So my more technical friends will say, well, this is why you do these other things. But let's just start with strong passwords. Do you love them? I hate them. I hate them. I hate them. Nobody except for security loves strong passwords. Nobody loves them. But we all have to use them, right? So you can't use password one, two, three, four, five, six. So it's time to retire then. Anybody listening? Yeah, I've never met anybody who loves those. But that was a construct come up with over time because people would say, what's really easy to guess your password. So if we make it long and we require special characters and we require a lower case and we require you to change it every 90 days and you're not allowed to have like a version of the last time ones that you had. And now we have to do secret answers and questions and, and all of these things. And nobody likes that. So what do a lot of people do to work around that? Because they can't remember them all. They write them down on post it notes. They have a document on their laptop called passwords. They, whatever it is that they do, just try, they're just, we're just trying to live our lives. And so that's an example of where there was no human centered design there at all around, you know what? We just make it user ID and password. Oh shoot. These bad guys keep guessing passwords. Make it super long and super complex. Okay. Now enter in two factor authentication. Do you love two factor authentication? It's not as bad as the passwords, but it's still a little annoying sometimes. Now you got to do this wrong password. And now you have to remember like you're going to get a code or maybe you have to scan a thing. The system is it's all different. And so now you have to do that. These are important things that we've implemented. And I'm not saying don't do strong passwords and don't do two factor authentication. But again, they weren't really thinking about the human user story. Do you know who thinks about the human user story all day long? Cyber criminals and fraudsters. They know better than you and me. What our company processes are. They know better than you and me. When we get an urgent phone call, how our hearts going to race, how our pulse is going to change and how we react. They just know human nature. They study human user stories. They know that there's going to be a strong password. They know that there's going to be a two factor authentication code. So what do they do? They trick people into giving those up. And it's very convincing social engineering. So every time we layer something on, it all it is is another thing for cyber criminals and fraudsters to just figure out and just trick us into giving it up. And then the security industry says that's why humans are the weakest link. And I'm like, no, we're the weakest link of the security industry because we keep designing terrible processes and technology around the human user story. It should be seamless. It should be elegant. It should be easy. And it should be things we already know about the person that the cyber criminal and fraudster won't know. And we've got to be constantly rethinking how we do our designs. We need to be as creative as Steve Jobs was at Apple in how we think about security constructs. So we've got to change and shift our way of thinking and it has to start with that human user story. Ignore that our own peril because every time we add this another layer of complexity on the user's shoulders, the cyber criminals and fraudsters figure it out and they get in between us and the systems and the security. Do you feel like do you feel like there's an example and I have a thought I usually find this is my personal opinion. The government is not leading the way in terms of bleeding edge technology. I find that for a lot of technology, I find that it's private industry. Now I don't know about security because I don't have clearance and I've never worked in that particular role. But sure government security is exceptional. But I don't believe that they have ever led the way. And maybe I'm incorrect. And I'm curious about that. But when you look at what you did the work in the White House, do you believe that some of the things that maybe the government, the White House does, we should incorporate or do you feel like it's the opposite? You feel like they should start to incorporate maybe or hire more people from the outside and private industry that are more innovative or is the innovation there? And it's just a very bureaucratic process. So I'm curious about the dynamic of of innovation in the White House. And then I'll have a follow up to that. I don't like to do two prong questions, but I'm just very curious. Now the follow up is, okay, we talk about innovation in the White House, but the follow up is the human story. If the White House is doing it well, if private's doing it well, or if there's an example of anybody doing it well, then we could sort of like wrap our mind around what good security looks like, but we could start with like just like in terms of innovation in the White House. I think it's fascinating. Yeah, I mean, I would say I probably had it luckier than most at the White House because it's neither a department or an agency that the the layers of approval processes are very lean at the executive office of the president. Certainly, where nobody's going to waste taxpayer money, like there's process in place to make sure things aren't wasted. But as far as getting approval, I would sit down with senior staff. I worked very hard to earn their trust and show that the team would perform and deliver on our promises. And that always served us well when I had an ask for something that was innovative or new, I would come in and make my business case. And I would get peppered with a lot of questions, but I had tremendous support from senior staff to get done what needed to get done. So I'm not sure everybody has that level of support and awareness around them with their executive team, but I feel like I did. And so when I proposed different things to them, as long as I can make the business case and show what the value would be, show I had the budget or could find the budget to get it done, we could do it. Also, the other thing I would say is the private sector and the government, different pockets are leapfrogging each other in innovation and creativity. And a lot of people talk about we need more public private sector cooperation. We need more public private sector. Like that sounds like the Holy Grail and I'm a huge money Python fan and I, I hope it feel like I'm at the end of the movie. I'm like, wait. Where's it? Why is everybody leaving? You know, I'm in search of the Holy Grail and I don't think there's a perfect way to do a public private sector partnership. It's not very scalable doing it at the human networking level, but it's a good place to start. And so we can find these safe places to do innovation and information sharing. There's some great things happening. For example, I was just in Brazil and was visiting with a fraud tech company called Unico and visiting different banks of Fintech companies and they're rolling out this really cool new technology around proof of life to make sure you're not actually being frauded by a deep fake. That's a representation of me for example, a representation of you. And so like, for example, on the Zoom, how do you know it's really me and not my avatar? Like I could have created an avatar to spend some time with you. But it's authentically me and I know it's authentically you. But being able to in these like high stakes transactions or big money movement transactions being able to prove, you know, fraud. And we have conversations around information sharing and the government and Fintech and sort of like that open collaborative nature of fighting crime should never be seen as a competitive advantage. You shouldn't be sitting on those intellectual assets. Like how do we help everybody do a better job at fight crime? It's good for consumers. It's good for government. It's good for business. And you know, just seeing that information sharing that was going on while I was in Brazil for three days was pretty incredible. And you have to have that sharing. As you see these verticals, one is struggling and one is doing great. Being able to share the innovation is critical. So the more frameworks so we can do both nationally and internationally around true innovation and information sharing under Chatham House rules, you know, under, you know, a forum that makes things better is just going to help us solve these issues. And the banking industry does they do have a fraud alliance. They do have a cyber security alliance and they do share, you know, they bust broad rings together. They do share things and don't see that as, you know, competitive advantage to hold on to information. So they do share, how can we replicate that model across all industry verticals? No, I agree with that. And I think that's probably the best way forward. It's just when you talk about like the optimal fraud prevention and security, I was curious who's leading right now. Is it is it the government? Is it private? And then what does leading look like? Who's doing it the way that you would want it done? Well, I have a softest in my heart for the financial services industry. No doubt. I spent 16 years there. But if you think about it, the financial industry leads the way on a lot of things because why they have the money. You know, we're the big problem. They go where the money is and and and they're looking for these opportunities to attack the banks, attack the bank's clients, attack the bank's vendors because they know there's a lot of money flowing through them. They're hoping that they could just, you know, be a micro transaction, swimming in the sea of macro transactions. Maybe they'll get away with it. And so I do see the financial services industry leading the way on both, you know, kind of anti fraud and anti cybercrime measures. But there's also a lot of great work being done, for example, in the energy sector. But the energy sector thinks about things like, well, what if somebody cut the power supply? That would be terrible. If one is somebody maliciously took out the power, took out a dam, took out a nuclear reactor, took out solar, took out wind, took out electricity. And so there's an incredible amount of innovation and great work going on in each industry vertical. And it's just hard to sort of extract that and share that across industry verticals and back and forth with the government. I just want to take a second to thank the sponsor of today's episode HubSpot. Now HubSpot has an incredible podcast network. Success stories part of it. And if you like success story, you're going to love other podcasts and their network. One of my favorites is iDigress is hosted by Troy Sandage. What Troy does exceptionally well is in under 30 minutes, he helps eliminate complexity, complications, confusion in your business. He talks about frameworks, strategies that really work to help you achieve scalable and sustainable success. So you need to go listen to iDigress, one of the most useful podcasts for entrepreneurs and founders, part of the HubSpot podcast network, wherever you get your podcasts. That makes sense. And just like again, the human experience we're trying to face because I've had other security experts on this show before and they do speak about the human problem and the phishing attacks. And you just mentioned something that's very interesting. Everybody hates these super complex passwords, but we know we've got to do them. And everybody, the 2FA is annoying, but we've got to do it. And I guess you have your like Google auth that seems to work well. And I personally hate doing like the texting 2FA, not for like Sim swap reasons, but mostly because sometimes it doesn't get it, I don't get a text, just the pain in the ass. It just seems like it's a lot of effort. And again, if I got a phone call from an AI voice that said, you know, it's your brother and it sounds like him and I'm stressed out and he says he was arrested. And I've heard stories of this kind of fraud. And then it just like pulls out your heartstrings and you feel stressed out and you want to help the person and you go wire the money or whatever. I mean, there's a million different types of fraud that I've even haven't haven't fallen victim to, but people have tried to target me for a variety of different reasons. I've had employees with spoofed emails emailing me that they want to change your banking information. Like a whole bunch of different things, right? However, you said that you made a good point. So the fraudster is going to understand there's a complex password. They're going to understand there's 2FA and they're just going to layer on a human component and they're going to try and trick you into doing something. But and the answer is not blame the human, but then how like how do you solve that? Because humans are humans and they're always going to have an emotional reaction to these like the social engineering that a fraudster is going to put together. Absolutely. So one of the things that one of the principles that I have is if you study the profile of cyber criminals and fraudsters, nation states, you start to see they have a pattern of how they attack the different chinks and the armor, if you will. And so the goal sometimes, you know, you want to do the basics. I mean, you want to have good digital hygiene practices. You want to invest in tools. You want good processes. But really oftentimes the best thing that stops the bad guys is designing something they didn't expect. So for example, having a passphrase that's not easily guessed. So if you're sitting on, you know, there was a recent wire transfer fraud where the employee, part of their protocols, you get on a video conference with the CFO or the CEO or somebody else. And you have proof of life. And the employee was on a video conference and was told to do the wire transfer, did the wire transfer? If part of the protocol, it said, so good to see you. What's the passphrase? And the passphrase was like something ridiculous that nobody else would know. Yeah. Then you probably would have had somebody hang up. And it was that from happening. You can use this in your personal life. So you were mentioning like the virtual kidnapping type thing. Yeah. I don't know about you, but like I grew up, my sister and I, my dad would play a little game with us. When we walked into a room, restaurant, wherever, I didn't say, okay, without turning your end, where are the exit doors? Where were you hide if something that happens? What were your weapon day? Did you grow up and play that game? Yes. Yeah. Exactly. So my dad was in I'm Canadian, so my dad was in the RCMP and then he moved into Ceasis. So he was always adjacent to a lot of all Ceasis's Canadian security intelligence, right? So yeah. So it was very aware. You had a similar childhood experience and then it just became muscle memory for you. Yeah. Probably even today, I know I do. I can walk into a room and without really looking, I know where everything is. I literally was giving a talk, huge place I'd never been there before. And the fire alarm went off long enough that I said, hey, everybody, I know where the fire exit is. Please follow me until the fire alarm because stuff. So I get off stage and everybody follows me orderly out. And the place was like, we cannot, we've never seen anybody do that. I'm like, well, my dad trained me. So my point in bringing that up is is have this passphrase, play the game with your, your family, by the way, I'm wearing the exits. It's really important. A lot of people are really underestimate that. But the same thing with the passphrase. So I'll just like in the kitchen before dinner, like anybody know the passphrase, I'm like, well, then you're not getting rescued. If you call me and tell me you're in jail or somebody's got you, like you have to give me the passphrase. So that's something you can apply in your personal life as well. And again, each one of these things are typically just studying what's our process, how will criminals and fraudsters try to interject themselves into the process? And how do we do something completely unexpected? That's really it. It's about removing, it's about removing the routine out of, you know, our activity, our day to day, so that it can't be guessed. That's really it. Something that can never be the hacker, the fraudster, there's no way they're ever going to be able to know this. That's the goal. That's really the goal. And make it simple, make it simple, not a strong password. Because the purpose is for, it doesn't matter really what the word is, it's just that it's there. That's really the goal. I want to ask you some more, just questions about some of your time in the White House. They're fine. I'm fascinating. Obviously you speak about what you can speak about and don't get yourself in trouble. But I am curious about some of the, when you walk into the White House, you say the general public is not aware of really the threats that are going on. So what are some things that the public should know about that they're kind of oblivious to? What is coming at the US? Why are we in trouble? Why? I think you mentioned at some point. It's not unicorns and rainbows when it comes to cyber security. And people know about other nation states and they understand that China exists and Iran exists and Russia to an extent exists. But maybe a little bit more clear as to what is actually happening that we have no clue if we don't pay attention to. Yeah. Well, I mean, for example, cyber criminals, like especially nation states and then people who are loosely affiliated because for the record, China, Russia, Iran and North Korea say they don't have nation state operatives hacking into American infrastructure. So they say that. So I'm just going to give that disclaimer from them. But what's interesting is is they first primarily focused on what's referred to as the defense industrial base. They would go after the US government, US military departments and agencies, White House, then they'd go after the vendors, you know, the big vendors that provide airplanes or weapons or anything else to the government. But then they realized they might be leaving money on the table. Maybe we should steal, I don't know, intellectual property trade secrets and then reverse engineering manufacturer own stuff and compete with the US. You know, kind of even the playing field, we'll just steal their R&D, we'll skip that process and we'll just reverse engineer it and produce it here. And China for one is really good at doing that. And so that was something that was very eye opening to me at that time because that wasn't really being discussed. And if any companies at that time were falling victim to that, they weren't talking about it because they were worried their competitors would take advantage of it. So I think that's something, you know, that was a big aha moment for me. You know, many people may not realize this. I'm sure most people assume attacks against White House are constant, the constant barrage and that is correct. But what's interesting is is like I learned for example because we have White House suck up and White House suck up is not connected like to anything, like there's not like, hey, the president's secret briefing is just right behind White House suck up. Like it's it's really just meant to be sort of a here's where the executive orders are and like, hey, look at President Bush's dogs Barney and Miss Beasley and watch Barney run around the White House. One of the favorite videos of my kids was Barney at Christmas time watching things get decorated and running around with a little Barney Camon. Probably the Peyton House sold was the like biggest consumer of Barney but the president's dog. And it's really meant for that, but for whatever reason, if there was like a visiting head of state from another country who had a beef with somebody else or different things that were going on, we would sometimes, according to our vendors and routers and our own monitoring, be the most attacked website in the world on certain days. Now, if the website goes down, it's incredibly embarrassing, but the website isn't like where people get money and the website's not like it's not connected to classified systems or anything like that. But for whatever reason, that was a kind of a digital representation, a public face, if you will, of the White House. So a vitally important page to not have commandeered and defaced, which was very popular thing at that time. Let's take over this department and agencies webpage and put, you know, long live Iran or, you know, something like that. So those are, you know, some of the a little bit of an inside ball without giving too much away of the types of things that you have to think about and deal with that shape my thinking when I work with companies and people today. That's interesting. I actually, I had a few people on this book about this, but the Metri Alperovitch, it was spoke about, yeah, so you spoke about some of the work that he did with Google and McAfee when he realized that nation states were actually targeting the U.S. I think that was, I can't remember the name of them. There was like an instance and I am blanking on it now. I didn't write it. Yes, that's it. Yeah, exactly. So it's just very, it's very interesting what, how constant we are bombarded. And I don't know if everybody really thinks about that that it's like a daily thing. I think most people think that intermittently, there will be attacks, not just constant attacks, just a little bit, it's a little bit stressful when you think about, you think about your role and what you had to, what you had to, what you had to sort of a handle. So there's always these attacks happening, whether or not they're on WhiteHouse.gov or which are obviously the ones that could be embarrassing or the ones that are more serious that are targeting actual mission critical systems like you mentioned. Is there, in your mind, is there a concern, because we always speak about nuclear war and the concern about nuclear war? Are you just as concerned about a nuclear war version of a cyber attack or cyber war? Absolutely. I, the question would be, why would they want to do it? So you always have to think about mode of opportunity and then are they prepared for the repercussions. And when I think about the mayhem that can be created by a nation state or a cyber criminal syndicate, it can be pretty significant and it doesn't just have to be the systems that we think about. It can be space too. A lot of our internet connectivity is dependent upon space. It's not just under sea cables, although those are really important to protect too. So you've got, you've got multi layered levels of opportunity for infrastructure to be impacted. But at the same time, that's multi layers of connectivity and digital that it would be hard to attack them all. I'm not saying impossible, but you'd have to have a pretty well orchestrated attack to go after the undersea cables, the satellite and broadband cables to take out all internet. But the question is, is a nation state who decides to play the long game? They might be thinking about opportunities like that. So to me, I do think about war in the sense of coming from a military family, there's land, air and sea. There's the digital realm, but there's also space. I think that if you think about the most alarming cyber security opportunities, you think about internet, obviously, that's connectivity. You think about power grid, like you mentioned before. You could also think about nuclear launches as a potential, not an opportunity, but like some of the targets, excuse me. But I mean, obviously the systems and protections in all of these circumstances are so extensive. What would be something that you think going forward outside of just space would be another target for malicious actors that eventually we're going to have to pay more attention to? Leveraging quantum computing to break all of our encryption. How far are we away from that? It's a race. We're not going to know until we know the wins. That's very scary because they have quantum computing already. You know, it's not like commercially available yet. And there are really smart people working on post-quantum computing encryption. And for lay people, here's what I want you to take about away about quantum computing. So today's computing, even though it looks cool and sexy like your mobile app you might be using behind the scenes, it's just ones and zeros on a computer. So everything's just ones and zeros. And today's computers, I can add more memory. I can add more storage. You can kind of tweak the programming to leverage everything that's there. But at the end of the day, you're flipping ones and zeros to make the program work. Quantum computing is stateless computing. So nothing is a zero or one. There's no flipping zeros and ones. So you can have an instruction go out and instead of being a linear set of instructions across like multiple memory, you know, soft memory, software memory, and hardware memory, and disk space, et cetera. Quantum computing is stateless. So you can process mathematical instructions and handle mathematical calculations at a speed in scale we've never seen before. And right now there's some quantum computing, but it only, like the scale of like the power that it needs for cooling, electricity, the processing power, we're still in our infancy stages for quantum computing. But once it becomes generally available and something that's scalable isn't environmentally as harmful as it is today with the the energy that it needs to consume, it's just going to basically run mathematical calculations at a speed in scale we've never seen before. Encryption of your passwords of your data of systems is nothing but a big ol math problem. So quantum computing with today's encryption can unlock these mathematical problems at a speed in scale we haven't seen before, which is why we need post-quantum computing encryption. So the question is, is who wins the battle first? Who figures out post-quantum computing encryption? So it's ready when it comes or who figures out busting encryption and getting quantum computing in the hands of evil doers before that happens. And then even if post-quantum computing encryption is available, it may not be simple and easy to implement. So how long will it take everybody to get it implemented before it's in the hands of cyber criminals to use quantum computing? That's the race we're under and you've got really smart good people working on this issue and you've got sadly smart evil doers working on their set of priorities. And the last piece I mean we sort of touched on these to like very briefly touched on AI and how it can be used to fraud but another piece of technology outside of AI because AI is not quantum AI is still with binary computing so it's still not outside of using it maliciously to interpret or to create avatars or to replicate a voice which is now that is commercially available. And you have all these systems like that password to show proof of life. These are kind of the ways that we keep up with emerging technologies and fight back against malicious use. But then when you see something like neural ink that must be like a huge red flag for you because now you're putting computers into people's bodies. So that's like a whole other that's like a whole other. I mean if you have a if you know I don't even know how neural ink works but I mean anything that's a computer can be had to some degree. That's very scary. Oh I mean we've talked about pacemakers for example like oh that's true they've been around for a long time. Yeah yeah and you know what's interesting about neural ink technology like I think about wow like that technology can help people who are paralyzed move their limbs it could help people who have they can't speak or they can't hear or they can't see it may actually give vision to the blinds or you know some type of virtual reality or something and you know we're still the infancy stages of this but this is why we're way behind on ethics we're way behind on saying what are the ethics around technology we didn't do for social media which is a huge disappointment to me around algorithms and the addictive properties of algorithms and how harmful those addictive properties of algorithms could be you would think we would have learned our lessons at we anything that's addictive in society we have warning labels on them of course we've done nothing and some lives are absolutely ruined and sadly some lives lost because we didn't figure out how to warn people how to create ethics and governance around social media and big tech and algorithms so here we are we're advancing technology yet again and we really don't have a lot of protections and rights for back to the human user story of you're going to implement this technology what are the do's and the don'ts or the technology you know what is the international body of medicine say where the technology should be limited and should have guardrails and should stop it it you know go ahead i was going to say just interesting how we we focus on security but we don't focus on the ethics we roll something out our security jobs would actually be easier to do if we focus on the human user story and ethics like if there was a if there were guardrails around and ethics can be translated as governance it can be translated as regulation it could be translated as an ethos you know these are our guiding principles but because we don't focus enough on ethics everybody else has to make up for the gap right so you you you have to think about you know what are the ramifications just because we can do something should we do something and a lot of those things unless you have governance or laws or regulation or ethics a state of code of ethics they they just don't get handled the right way for people that are listening that are not in the government and not private industry and not big banks and financial institutions and they're like okay this is this is a little bit concerning but i'm ultimately worried about you know my Alexa listening to my conversations or my email getting after something like that what are the things in your day to day that you should be paying attention to again you covered the past phrase and it's a great strategy but are there devices are there why find networks that can be hacked like what are the concerns you know day in the life of somebody that's just trying to live their life yeah personal security does bleed into professional security so you're your workplace and we're finding that as workplaces do a better job protecting the company systems what are fraudsters and cyber criminals do they don't suddenly say i'm gonna be a good person in big pies for my neighbor they just go down the kill chain and so okay i couldn't get in here couldn't get in here well i guess i'll go to the employee and believe it or not they can at scale get to employees in their homes and they've done it they go to their personal email they find them on social media and they could do this all at scale with computer programs and they can get people's personal emails target them that way target them on LinkedIn social media platforms home wifi home devices and i you know i don't want everybody feel like they have to unplug and start wearing tin foil hats although i mean tin foil hats are cute but there are some basic things that you can do at home and it's really going to be based on your personal preferences for privacy and security so not everything that i do is something that everybody else wants to do for them and their family but i'll give a couple simple examples one hide your wifi name and if you don't know how to do that just ask your internet services provider how to hide the name and create a guest network so when people come to visit you give them you know the login that can be a great way to just sort of kind of lock down the internet things devices you have at your house lock down the traffic at your house never use something out of the box without looking for a way to change the password that's another kind of like basic thing two-factor authentication i know it's clunky if you get offered it take it because if somebody is trying to like reprogram your security cameras around your house and you have two-factor authentication turn on guess what the code comes to you not the bad person devices are they listening to you they're going to tell you they're not this is what i'm going to tell you about how technology works it technology has something in it that's trained to wake up and listen to you when you issue it a command it's always going to be in a state of thinking i might have heard that command and it's going to wake up and whether you know it or not it's going to listen may record so just understanding that i'll give you an example because i want my three Gen Z kids to make conscious decisions about on the grid and off the grid so if we're having family discussions about being on the kitchen or anything like that we make sure we're in a room where there's no devices no phones no internet at things devices we have a nice conversation we map everything out then we'll leave the room and go on about our business again for some people they may say well that sounds like another level of paranoia and i say it's only paranoia if it's not true so a little bit a little bit of nerd humor for either but these are all different strategies that you can take if you want to go like a little further with it you can use a privacy forward browser like brave so all of your searches you can use brave and brave's got a lot of really cool features built in for free they do ask people if they want to donate to just kind of help them continue to prove the browser you can but they were built from the ground up focused on your privacy whereas google says we've built privacy features in that you can opt into so that's the difference in my mind about a privacy forward browser versus a browser that is privacy settings and then you can continue to sort of grow and build from there but those are some basic things that i recommend everybody consider using and we touch on this at the beginning but password management so there's tools like last pass obviously writing stuff down on a piece of paper is probably not great putting a document on your desktop saying passwords is probably not great what do you recommend people do because a lot of people can't remember i mean i can't remember 30 different passwords yeah have a system that works for you so for some people they don't want to use a password vault and i understand that password vaults can be incredibly helpful if you use one i highly recommend really locking that down not just with the strong password but think about having like a hardware key as well like a ubiquit where it's strong password to get into your vault and you got to have a physical key or you lock it down and say well only if it's accessed on this computer there's nothing wrong with if you wanted to have like a book that you don't call passwords where you kind of create sort of a coded you don't say like this is my bank bank ABC an ID and password but there's nothing wrong with kind of created a coding system for yourself to say this is the password i'm using for this another strategy that some people use is they always reset their password every time they log in so they every time they log into their bank they say forgot my password and they actually go through all the rigmarole to change their password and log in these are different strategies not you know i try to give different sort of ideas for people to use to kind of you know not one size fits all yeah but it is about having a system that at least put a look i think the takeaway is put a little bit of thought into your system more than probably 99% of people do and don't do things like spring 2024 exclamation point summer 2024 excellent we're like if everybody knows you know it's really hard to be an NFL panthers fan right now i'm just gonna say i so i grew up i did i lived all over the place so i followed the eagles and i root for the eagles but i living the carolinas and you know the panthers are right home teen it's like really hard to be a panthers fan but if you are a panthers fan and people know it don't use panthers in your password and you'd be surprised how many people it's like i have no doubt super bowl or bronco super bowl and people can guess that it's not it's not that hard and many websites allow three to five password attempts before it logs you out i guess what cyber criminals do they figure out how many per website so each day they try one less than what will have a lockout they come back the next day and try them again and now i'm sure that they because i see it because i get the alerts like my past passwords have been hacked and put on the dark web somewhere so they have a starting point to work from they really want to they do yeah that's another thing you can turn on an alert if somebody's dead a login from a new location uh it's right but watch out for those because cyber criminals actually send fake alerts and get people to click on the link and type in their credentials so be careful um about those alerts never follow links in the alerts are are VPNs private are they are they useful are they well you have to kind of really pay attention to which vendor you're choosing i'm also a big fan there's a free tool called virus total and it checks over 60 different sources it checks links and attachments looking for basically danger and so that can be a great way when you get sent a link or an attachment you can actually put it for free in virus total and it's super simple it scans it and if there's something bad found it marks it red very good no very very very good what what do you think would be um a radical change required in our education system just going forward to prepare people for the threats they're gonna face and their kids are gonna face you know i love what Finland is doing so they have a K through 12 digital citizenship critical thinking skills program and then they do public service announcements for the public geared at all age groups and so they're not telling people they're not labeling a point of you as misinformation or disinformation because then that gets at you know in americo people say well that's free speech i'm allowed to say what i want so instead they they don't do that they just teach people how to do critical thinking skills and they do it at every age level and then they give them examples and then they let people think for themselves and i think that's the best way to do this because otherwise you have people say well you know who's fact checking the fact checkers or the fact checkers and bias or and so if you just teach everybody critical thinking skills and digital citizenship it'll make a huge difference you know the the one thing that actually it's so funny i got so into this conversation that i actually forgot to bring up the thing that we spoke about that we're gonna talk about when before we press the court so i think this is very interesting it's very time to talk to me about elections and talk to me about security regarding elections because i know that it's is a very hot topic in in the u.s and everywhere right now but it's always been a hot topic especially i mean over the past you know last few elections has been brought up again and again and again and again so what is your take on security and elections and protecting the results and all of it yeah i mean all global elections are always sort of an area of consideration because if you think about democracy you have dictators and different types of government constructs that don't really they're threatened they don't really love democracy they don't like seeing people voting for themselves and all people of all social classes voting and picking leaders and and so they want to make democracy look like a big dumpster fire and then convince surround citizens you don't want that we've really good here look at these people they're all arguing with each other and saying crazy things and and so i think what what was interesting to me so i've got a book manipulated it's out in second edition and when i first wrote the first set of research to release in in 2020 i really thought that like nation states were meddling to get us all to like argue with each other maybe influence and pick a winner or pick a loser and i learned some other things that i was surprised to learn that kept getting confirmed over and over again in my research and talking to experts and one of which was Dimitri by the way um in the book and and that was a couple of things one it sure there were there are some operatives it is about making us argue with each other yes there are people trying to pick winners and losers nation state leaders that you know kind of want somebody to win and somebody to lose but i also uncovered a couple other things one many of the nation states who meddle in European elections US elections other people's elections they actually test everything out on their own citizens first so they actually meddle internally sending disinformation and misinformation their own citizens to try and keep control everything is hunky dory in this country because we're run this way and look at democracy it's a dumpster fire and then they take the skills that they learned and the algorithms then they meddle in everybody else's elections the other thing that i learned is there's a whole cottage industry of people who are not associated with nation states and they're not necessarily associated with political campaigns and these are the groups that figured out that during a political cycle people are super active on social media and if they can get you to click and share and post and repost and click through on the clickbait they make pennies on the click and so they actually make loads of money and for them it's all about capitalism and so if promoting a fake narrative or a debunked narrative gets you to click on a link and share it and they make pennies on the click death to democracy but their wallets get fat that's kind of that so civil is very surprising to me when i did my research and so what i would just ask you a way to do because there are wonderful things going on but the government level in the United States every state is responsible for their own election infrastructure a lot of great work has gone on at the state level and the US government level to help make sure the states have the funding and the resources to roll out election processes that are best for their state because every state is so different on the social media side there's a bit a lot of work done trying to shut down bots shut down inauthentic accounts looking for that misinformation and disinformation but nothing's going to fix this problem propaganda has been around and misinformation disinformation since there were two people walking the earth it's always going to be with us so that's why it's so important for us to help each other so i always tell people have three sources that you check so if you have a real emotional reaction positive or negative chances are you might be in a manipulation campaign and it might have truth and it might have mistruth so i always take a local source that's trusted embedded new source a national source and an international source and so if i see something that gives me a reaction either aha i knew it or that seems incredible or whatever it is i go to three different sources and see what they're saying about it and if it's not portrayed exactly the same way it's possible in my feed there was a manipulation campaign so i always tell people try to do that also if you have someone you care about friend colleague loved one and they're falling prey to manipulation campaigns the worst thing you can do is actually point it out and so you fall in prey to a misinformation campaign that is not the way to bring them around the best way to bring them around is hear them out ask them how they got their information ask if you can process what they just told you and then you go away and do your own looking here looking there and say you know i thought a lot about what you said i also did some research i'd love to share with you what i found meet them where they are in that moment with grace and space and again from a critical thinking standpoint you don't have to say you fell prey to something nobody wants to hear that um so go to them and just say and i did some research to it and i found this to be interesting i just want to share with you what i found you may not change their mind in that moment but you may open them up to the possibility of digging a little deeper and asking more questions it seems like the answer to a lot of the problems that we face in manipulation and security and threats the answer is a lot of just injecting the human component to it because even that even that conversation that you have i think i've seen this a lot and i've had conversations about this during covid when we're all isolated and we're all getting so angry on social media it seems like when you remove the human component people are very quick to fight over this this point of you that point of view but the way that you just walk through this like a very simple process on how to not become bad if in rebuking someone else's point of view but it really just get everybody to be a proponent and an advocate for critical thinking and just go through life that way when you go through life that way that seems to be a great way to just basically improve everyone and improve every circumstance it could be potentially manipulated and i think that problem sure that i mean i've never heard of that that that's so fascinating the people that use misinformation to make money they don't even care about the outcome it's just it's just so it's not even like a nation state that's that's they just know that this particular story or this headline is going to get people to click through so it's not even manipulation in the way that people think of manipulation so that like yes yeah marketing on another yeah yeah relating how people think about elections that's fascinating it's scary but it's fascinating but it just goes to show you how whenever you get information i love your process of due diligence of vetting and critical thinking but then again know that not everybody not everybody listen to this podcast or or or has the same approach to vetting information and that's the way you have to go through life and that's the way that you have to approach maybe conflict and like not even not even outside your outhouse i know families that got into fights over misinformation and different points of view and it just especially during COVID it's so much anger and so much hostility and actually as a Canadian i've noticed i've noticed that a lot because i don't think Canadians take politics as seriously take it seriously but they don't take it as seriously here it's very serious and it creates this very very significant divide or it feels like it i don't know if i don't think it's real i don't need divide as as real as it seems like on social media but if you live too much on social media you get pushed into these echo chambers and it just creates this this anger and this divide it's just horrible it's just absolutely horrible yeah and you're right i i hope people saying i'm gonna have to uninvite this family member to Thanksgiving and it was no at a certain point of view and i'd say please don't do that like yeah i think it's too short that over one issue you're just not gonna invite them just say like that we're not gonna talk about that topic like life is too short to lose family over politics way too short yeah is there anything that we didn't go into that you think is just something that's been on your mind lately or some last words of wisdom that you want to leave the audience with you know i would say you know i do have people say to me gosh i feel like i'm being left behind with AI i i don't have time to to figure it out i don't have time to look at it i could be replaced by AI i'm so far behind and and what i would say to you is you're not so for starters AI should be enhancing the human experience not the other way around and uh so and if you feel like you're being left out don't worry it changes every day and you can get caught up you can you know watch great podcasts you can dabble in if you want to you don't have to uh but just like any technology transformation that's come along there is some of that legitimate like that phomo that fear of missing out but also the fear of will i be replaced and and what i would say is is um you know the the power to change especially white collar jobs is definitely there with today's AI but it's incredibly expensive to implement it's hard to implement and what i would say is is that there's an essence of humans that's uniquely ours and humans created computers and humans created the technology and even though we might have robots and humanoids and things like that in the future the essence of human is something that's divinely created and given to us and it will never be replicated and so just know that you are unique and let your essence of who you are as a human shine and just a reminder that technology was built by humans to serve humans and to make our tasks and functions easier and don't let like any kind of like the fear uncertainty and doubt that's out there um tell you otherwise i love that i absolutely love that where should people go to just read more of your work connect with you uh listen to some more of the stuff that you've done a ton of research on uh all the websites to social everything i'm sure so uh for anybody on the professional front linked in uh my company posts a lot of great stuff it's not all for me it's uh i've got really smart people that i get uh the honor to work with every single day and and so there's some really great stuff being posted on linkedin by the company accounts for list solutions and uh and then i've got a personal account there that i post stuff i am on x i've been on x since 2009 so i've seen it in all iterations um but it's a great place to post things read things see things uh we do have a company account on instagram for people who are like yeah x and linkedin or not my thing so you can follow us on on on instagram as well and uh yeah those those are great places to reach out and and find things and certainly if anybody has a chance to read manipulated um would love to know your thoughts on it um as you read it and chances are it might not be for you it might be something for you to read and pass along to somebody you care about i love that we'll put all the links so i'll get all the links we'll put it in the show notes below um last thing i like to ask is obviously you had a career with many seasons so i mean first private industry public service entrepreneurs you've kind of done kind of that at all um if you go back and tell your 20-year-old self one thing what would that be sir my alarm went off so you'll have to add it i know you're good uh take risks uh yeah it would be take more risks take more risks i love that and and i mean you've you've done that over your entire career you've done that with your own career you've done that by diving into sort of the bleeding edge of security and tech so i just want to say thank you you always say thank you for obviously all the work that you've given towards protecting people and keeping people safe and educating and the research and all of it because the end of the day the work you do is meant to make the world the safer place for for everyone so thank you thank you oh yeah it's a it's an honor to be able to take the gifts that i've been given and all these wonderful opportunities that have found me and and put it to good use to to help other people be safe