0:00:00.0 Max Havey: Hello, and welcome to another edition of Security Visionaries. A podcast all about the world of cyber, data and tech infrastructure, bringing together experts from around the world and across domains. I'm your host, Max Havey, and today we're taking a look at what's on the horizon for next year, talking 2025 predictions with our guest, Kiersten Todt. Currently serving as president at Wondros, Kiersten has spent much of her career working in the public sector. Including stints as Chief of Staff for the Cybersecurity and Infrastructure Security Agency, CISA and Executive Director of the Presidential Commission on Enhancing National Cybersecurity. And I'm so excited to hear her thoughts on the year to come. So, Kiersten, thank you so much and welcome to the show.
0:00:40.2 Kiersten Todt: Thanks so much, Max. Great to be with you.
0:00:43.1 Max Havey: Absolutely. And as we near the end of the year, we enter a time that many in the industry have dubbed as a prediction season where thought leaders from across industries offer their thoughts about what's on the horizon for the year ahead. So today, I wanted to pick your brain and get your take on some of the predictions that are hot on your mind. So Kiersten, can you hit us with your first prediction here?
0:01:00.3 Kiersten Todt: So I think one of the key elements is with artificial intelligence. We've obviously been talking a lot about AI for the last couple of years, and I think what we're gonna see is that that bubble is gonna pop a little bit, that this sort of surge, there is a curve that they talk about in research that you see the most activity when people know the least about something, and I think we've sort of hit that pinnacle. But what we're gonna be seeing now is probably a more focused look at how artificial intelligence is a tool, how it can be used actually to enhance cybersecurity. When we're looking at refactoring code and we're looking at scanning for vulnerabilities, there's a real opportunity here for artificial intelligence to work with cybersecurity.
0:01:41.4 Max Havey: Absolutely. And that's kind of vain there. What sorts of insights do you think cyber folks can gain from this bubble beginning to pop?
0:01:48.3 Kiersten Todt: Well, I think it's really understanding how we appreciate the breadth of artificial intelligence. I think so much with technology is very much about using it as a tool, as an opportunity, and also being aware of the challenges of it. And so certainly we focus on these things in a very extreme way. When it's come to artificial intelligence, we've seen it as it's gonna take over the world, it's gonna take over humans, and it's also the, it's gonna be this holy grail innovation that's gonna save the world. And usually the reality is somewhere right in the middle and we've kind of swung the pendulum in those different directions. And so now as we're focusing, I think we'll see again, artificial intelligence as a tool to help us enhance cybersecurity, enhance these technical issues where we don't necessarily need to have humans as a part of it, but humans certainly need to be staying engaged.
0:02:36.3 Max Havey: For sure. It's to a degree, kind of finding that middle ground. It's not being a doomer about it, not being too overly optimistic, but kind of understanding the real value of it at this point.
0:02:45.8 Kiersten Todt: Yeah, exactly.
0:02:46.2 Max Havey: On that same topic, how do you think those sorts of insights around finding that middle ground can help sort of move security forward?
0:02:53.1 Kiersten Todt: Well, I think the more we understand and educate ourselves, I think the challenge with artificial intelligence is there's such variability on what people know. It sort of became the center square and everybody's bingo card. And so you are hearing boards of directors and CEOs and executives talk about how are we using AI when we know in fact that artificial intelligence has been around for a while and a lot of companies have used it for a while. So what we're hoping to see now is greater fluency, greater literacy, and what artificial intelligence is, how it can be used and the appropriate caution about how we're always gonna integrate innovation when we don't actually know all of the applications of it that that's part of the research and part of the growth of the issue.
0:03:36.9 Max Havey: Absolutely. Well, 'cause it's that sense of, I know the way people talk a lot around Generative AI. It's often been sort of the life finds a way. People will constantly find ways to be working with this and to use this both through the benefit and detriment of a lot of organizations. So having that appropriate caution kind of seems key in finding the best way forward.
0:03:54.2 Kiersten Todt: Yes, exactly, exactly. 'Cause I think like anything, it's always, it's guardrails and guide. We can see how we can be guided by this technology, but we do need to have the appropriate guardrails. And I don't think in our lifetime, there'll be a situation where we are ever gonna hand over major critical infrastructure or major elements of our society to technology that we always have to have human judgment in the loop. And I think that is particularly critical when it comes to tools that are built off of AI.
0:04:23.5 Max Havey: For sure. I think not disregarding the human element in all of this, especially anything related to security, the human element is a thing you kind of have to always keep in mind.
0:04:31.0 Kiersten Todt: Right. 'Cause I think the other piece is we have to appreciate that particularly Generative AI as you shared, that's it's everyone always talks about garbage in garbage out. Like whatever's going into artificial intelligence, if we are putting in any type of bias data, then what the model is going to kick out is exponentially going to be biased. And so it's not that's... People tend to see that as an extreme, but it's just an important reminder that if anything that we put into artificial intelligence subtly is not accurate, the Generative AI will produce that in much more extreme forms. So we've gotta be paying attention to things that only humans can determine. Tone, tenor cultural issues as we're building out these AI models.
0:05:14.4 Max Havey: Absolutely. Well, and in that same sort of vein, to pull a prediction from one of our folks here at Netskope, Neil Thacker, our CISO over in EMEA, he predicted the idea that the rise of even more AI regulations and organizations wanting more visibility into AI, will potentially see the rise of a new role, a sort of Chief AI Officer. And as we're talking about AI, I wanted to get your sense of how does that sort of prediction strike you looking ahead?
0:05:37.3 Kiersten Todt: We already have it. I don't know that it's actually predictive for next. Like we have, that's been part of the executive order in government and government is rarely the leader when it comes to these things. But they're the executive order and artificial intelligence identified a Chief AI Officer and all the federal agencies. So you're seeing that I think industry will be close behind. I think what's gonna happen though, that we have to be careful of, 'cause we've actually seen this in government, is you just don't want somebody who's doing all this other work, if they're a CISO, if they have other responsibilities, now all of a sudden they add Chief AI Officer to their role. That might be fine, but similar to the way that CISOs and CIOs evolved, that was often a role that was held by somebody who had another set of responsibilities that had adjacent skills and expertise, and then they sort of had to figure out what the role was, and that there was this variability of what a CISO or a CIO was.
0:06:30.2 Kie