2025 Cybersecurity Priorities (with Bob Carver & Debbie Reynolds) Artwork

The neXt Curve reThink Podcast

The official podcast channel of neXt Curve, a research and advisory firm based in San Diego founded by Leonard Lee focused on the frontier markets and business opportunities forming at the intersect of transformative technologies and industry trends. This podcast channel features audio programming from our reThink podcast bringing our listeners the tech and industry insights that matter across the greater technology, media, and telecommunications (TMT) sector.

Topics we cover include:

-> Artificial Intelligence
-> Cloud & Edge Computing
-> Semiconductor Tech & Industry Trends
-> Digital Transformation
-> Consumer Electronics
-> New Media & Communications
-> Consumer & Industrial IoT
-> Telecommunications (5G, Open RAN, 6G)
-> Security, Privacy & Trust
-> Immersive Reality & XR
-> Emerging & Advanced ICT Technologies

Check out our research at www.next-curve.com.

All Episodes

The neXt Curve reThink Podcast

2025 Cybersecurity Priorities (with Bob Carver & Debbie Reynolds)

April 16, 2025 • Leonard Lee, Bob Carver, Debbie Reynolds • Season 7 • Episode 18

Send us a text

Bob Carver, cybersecurity thought leader and CEO of Cybersecurity Boardroom, joins Leonard Lee of neXt Curve and Debbie Reynolds of Debbie Reynolds Consulting LLC on the reThink Podcast to talk about the cybersecurity priorities for consumers and enterprises for 2025. This is the first time for Bob on the show. Debbie and Leonard were anxious to get a sense of what is top of mind for Bob as he look forward into the year and beyond as AI-infused and -augmented cybersecurity threats and attacks challenge us all.

Bob, Leonard, and The Data Diva hit on the following topics:

How Bob got started in cybersecurity (2:00)
Top security concerns according to Bob (5:20)
The problem with smarter and more capable infostealers (8:00)
What do you get when you combine AI with cybercrime? (10:58)
The future of cybersecurity - AI versus AI (14:30)
Introducing Agent Smith (15:50)
Deepfakes, the other exponential cybercriminal enabler (16:50)
The biggest cybersecurity challenge: awareness and hyperbole (22:34)
Bob's view on solutions for consumers and enterprises (25:32)
Micro-segmentation: obscuring for security (27:31)
Privacy, an important factor in cybersecurity and trust (32:50)
The consumer and enterprise mindset shifts needed (38:50)

Connect with Bob Carver on LinkedIn and at www.cybersecurityboardroom.com

Connect with Debbie Reynolds at www.debbiereynoldsconsulting.com

Hit both Debbie and Leonard on LinkedIn and take part in their industry and tech insights.

Please subscribe to our podcast which will be featured on the neXt Curve YouTube Channel. Check out the audio version on BuzzSprout - https://nextcurvepodcast.buzzsprout.com - or find us on your favorite Podcast platform.

Also, subscribe to the neXt Curve research portal at www.next-curve.com for the tech and industry insights that matter.

Leonard Lee: 0:09

Hey everybody. Welcome to this next Curve Rethink podcast episode of our Security and Trust series, where we break down the latest tech and industry events and happenings into the insights that matter in the very fast moving landscape of cyber security and trust. And I'm Leonard Lee, executive Analyst at Next Curve, and I'm joined by my co-host and very, very, very, very good friend. Debbie Reynolds of Debbie Reynolds Consulting, LC Hey, Debbie.

Debbie Reynolds: 0:41

Hey, Leonard. Nice to see you. Nice to see Bob. Awesome.

Leonard Lee: 0:44

Good to see you. Yes. And speaking of Bob, our very special guest, Bob Carver, CEO of cybersecurity boardroom, and, cybersecurity thought leader extraordinaire And prolific and LinkedIn sharing his insights. It's really great stuff. I love following your stuff, Bob, and it's really great to finally have you on our show. And I know Debbie's also. Equally, probably as excited as I am to have this, chat with you and hopefully it'll be one of many in the future. So I'm,

Bob Carver: 1:17

I'm excited to be here.

Leonard Lee: 1:19

Yeah. Great. before we get started, please remember to like, and share, react to the, comments in this episode and what we share here. Also. Subscribe here on YouTube and Buzzsprout to listen to us on your favorite podcast platform. Opinions and statements by my guest and including my co-host Debbie, are their own and don't reflect, those of next curve. And we are doing this, provide an open forum for discussion and debate. On various, technology topics and cybersecurity and trust topics. So we hope you find the program informative and fun. So before we get started, Bob, share with our audience a bit of your background and who you are, even though I think everyone in the cybersecurity domain knows who you are, but maybe expand your. Audience hereby right. Tapping into the next curve audience.

Bob Carver: 2:13

Yes. I've been doing cybersecurity for over the past 25 years. Originally, was working in the financial world and, started in the nineties, one of my first projects was building a key management center, Gado, a ES 2 56 encryption. That, ended up, encrypting traffic. it was moving money between, fidelity investments and some major financial institutions, I'm sure that system lasted probably many millions, hundreds of millions of dollars, probably worth of transfers before it was retired. But anyway, little by little, I just, started, dabbling in, security over, at, fidelity Investments volunteered. there was very few back in the nineties and even the early two thousands of full-time security folks. So it was the IT guys that just volunteered to help out with the security. So that's what it started. And anyway, after I'd been there for a while, there was a position opened at Verizon Wireless. what happened is, I say that I owed my, career at Verizon Wireless due to the Paris Hilton hack here. Account got hacked at T-Mobile and the management in their own wisdom of Verizon Wireless said, we may ought to hire some full-time people to do this security stuff. Yeah. Wow. And anyway, I was picked out of, literally hundreds of people that they interviewed and I ended up being employee number one to start things. they had some people that were contractors that started, but anyway, I've been doing, this for, like I said for some time and, went through a lot of major changes in technology over time and and just seeing all the craziness and also. Not only the, in the defensive part, but to see the threat actors getting better and better. So yeah, that's the short bit. So,

Leonard Lee: 4:07

yeah. No, that's fantastic. And I'm sure our audience is going to appreciate, The insights that you bring on both sides, right? Of, what you're observing from the threat perspective, but also, how you see solutions evolving. And, we'll, we'll get into all of that as we have our discussion, We're really excited to have you on, as I said. So why don't we start off with a chat around what are some of the things that are top of mind in terms of. Threat trends, and it seems like, there are some that have been in play for quite some time, but then there's. Also seems to be additional things being layered on top of the existing stuff, but then also new vectors and areas that are starting to form. And so, Debbie, I haven't spoken to you in a while, so love to get your take as well. But one of the things that I'm observing is the velocity is just accelerated. It seems to have, at least in the last. Six months and just by looking at both of your posts and what you're sharing on social, it, looks like things are just picking up and I don't think that's a good thing. But what are, I am sure you have plenty of things to share, but what are some of those things that have been top of mind for you guys in the past, let's say, six months?

Debbie Reynolds: 5:31

La Ladies first, or in that, that Bob. Oh, guess first, right? Yeah. I want Bob's thing. Oh, okay.

Bob Carver: 5:39

Yeah. it's mind boggling, the velocity that's going on. Yeah. North Korea, they're probably the world experts on being able to break into cryptocurrency, sellers and, and, networks and to be able to siphon off all those Bitcoin or Ethereum recently too. Matter of fact, I had just sold off the last of my, cryptocurrency a few months back, before everything started going downhill, which I was glad to get out. one of the concerns I had too was the security, I didn't get in for the longest time because like, how am I gonna really be able to secure this well. Yeah. And so that, I didn't get in for a long time. And then even then, I had a call from a friend of mine. They said, oh, I have this friend, and they just lost$300,000 worth of Bitcoin. And it was due to one of the major wallets that is very popular out there. And, I don't know if they didn't keep up the updates or it just continued to have one vulnerability after the next. And a matter of fact, it was the same wallet that I was using. And, anyway, just to see that sort of scary thing happening. But the other thing is to see, a lot of the info steeler and just, Anyway, I was talking to you earlier, Leonard and Debbie too, I think, about going to some of these LLM sites and some of my security stacks showing up, spyware and info stealer. I. Domains that somehow got into the mix luckily I have some fairly decent security, that ended up blocking these domains, or at least warning me of what was going on. And, that's a concern too, because once an info stealer gets into your network or your computers, Basically everything you log into, they have the username and password and they can pretty much, replicate what you've done. the only thing that might help is if you have, good multifactor authentication. But, and I've known some people, I've recently wrote, I did a video last week talk about like small businesses getting compromised and stuff. And these businesses, like the in gets in there. They could lose their entire business, their banking accounts, all their email, all under control. Their phone may be under control and, it's scary, So, can we back up for a moment?

Leonard Lee: 8:03

What is an info stealer? I mean, quite honestly, it is a bit of a new term for me. Sure. what is it

Bob Carver: 8:10

Info Steeler basically sniffs out all your logins. All your login, at least that's the primary, result of it. So all your logins, your username and passwords. they'll also check, to see, is this your bank? I. domain Is this your email domain? This is, your password domain if you have a password manager, And, they'll, grab all that information that is used to be able to take over your account.

Leonard Lee: 8:43

Wonderful. Look, look at you, Deb. Debbie. You look pained. What is, yeah, you, you've been holding a grimace this whole time as he, Bob is describing info dealer.

Debbie Reynolds: 8:57

It's,

Leonard Lee: 8:58

it's

Debbie Reynolds: 8:58

scary. You. Yeah, it's horrible. Yeah. Terrible, terrible. yeah, there was actually a story about this in the news. I, you may have written about it, Bob, about the guy he worked for Walt Disney. Oh, yeah. Yeah. A bad actor was able to Yeah. Take over his, yeah. His password manager. Yeah. And his password manager had his per personal stuff and his work stuff in it. Right. So they were able to get into his Disney accounts and do stuff, and then he ended up getting fired and they stole like. Yeah, a lot of money from his bank accounts

Bob Carver: 9:31

he's trying to get his job back now, but, what happened is he thought, he thought he'd be, smart and, download, LLMI think on his local machine, and I think he got it from GitHub. And after he downloaded that and installed it. That's when things started going bad. evidently there was some sort of info Steeler type code in that LLM he downloaded locally. And his endpoint security did not, pick that up.

Leonard Lee: 10:03

Object. Yeah.

Bob Carver: 10:05

And yeah, it took not only took out his entire, everything that he was associated with, but the, the threat actors that did take over his machine made it look like he had, been stashing some child porn. so it would be a high probability that he would be fired, that the FBI would get involved on and on and on. And then, but the thing is, is that I think they got into other parts of Disney too, based on, his, access that he had at Disney at the time. So, um, yeah. Wow, that's nice. Very, very, very scary. So that's why when, I hear about, the spyware and info stealer, Malware. It's scary.

Leonard Lee: 10:45

Yeah. And, this is something that, we talked earlier about RSA, to, you know, RSAC or the RSA conference That the conference was started to become very concerned about last year.'cause you know, in the prior year everybody was high on generative ai. They were excited about its potential to be a tool to help combat, the existing problems with cybersecurity and threats. And then that tone quickly changed, last year, right? What you guys are describing here in this scenario with Disney is exactly what they were concerned about.

11:26

Mm-hmm.

Leonard Lee: 11:27

I think they saw the writing on the wall. A lot of practitioners and vendors actually saw the writing on the wall and said, this stuff if it gets into our networks, into our corporate environment, it can go exponential, right? It's actually a tool that can accelerate an attack beyond, anything that, a non gen AI enabled, intruder and attacker could institute. in our environment and ultimately on our business, right? So it's really interesting that you're bringing that up because it seems that a year ago that tone change was completely appropriate

Bob Carver: 12:04

and

Leonard Lee: 12:04

the thing,

Bob Carver: 12:04

I think, to emphasize something here, important point of this, one of the reasons he was. Putting the LLM, downloading it and installing it locally was due to some privacy concerns of being, putting prompts and, all their information into the one that's out in the cloud. So they were trying to protect, from a privacy standpoint, he was going the right direction. But the thing is, is the, it backfired. It sort of backfired.

12:34

Yeah.

Bob Carver: 12:36

End up exposing things. It's ironic, more things in the long run by going locally than, if they would've stayed in the cloud. But anyway, but the thing is like sort of implying what you were going, talking to, Leonard, there is that, individual AI agents could be rolled up into these systems. Yeah. All of a sudden they could be used. It's almost like going down a bad alley and then getting attacked by entire gang. Just all by yourself, you know? if all those AI agents were, defined to do bad. Well, they would tear you apart.

Leonard Lee: 13:13

Yeah. And that, that's the problem. agentic AI is something that's been more of a recent trend and pivot in the general AI narrative, but last year it was brought up as being a potential vehicle for. threat expansion, attack expansion, everything along the lines of what you're talking about right now. Right. So I think, the community outside of cybersecurity is about a year and a half behind. Mm-hmm. The cybersecurity industry that's looking at what the potential is for these technologies to actually. it's already been a asymmetric, like, Debbie, you always talk about how it, the, the relationship or the, the fight is asymmetrical, right? it increases that asymmetry, but in the favor not of the cybersecurity practitioner. Actually, the attacker. Right. And so that's the dilemma.

Bob Carver: 14:09

one thing that's interesting, IWI had the opportunity to speak at several conferences way back in 2018 and 2019, I was at a conference in Dublin, Ireland. That was the first time I had always had this in the back of my head, but to publicly not just my close network, but publicly say to, several thousand people, get ready. the fight in cybersecurity is gonna be AI versus ai. It's just a matter of time. This was 2018. It was the first time I said that publicly. Then I brought that same message to the International Monetary Fund twice. In 2019, one time in front of 190 countries and the other time was a little bit smaller, but still countries from all over the world. And, anyway, it was just. people were sort of deering headlights. the audience in the EU was all definitely cyber folks. The IMF is more, monetary folks, you know, bankers, economists, that sort of thing.

Leonard Lee: 15:06

yeah,

Bob Carver: 15:06

And so now we're actually seeing a result of this happening. A genetic AI that could end up being, the attacker. I liken it too much to, the swarm attack drones in the air, where you're busy trying to fight off, each one on an individual basis, but it's difficult to fight'em all. Every single one. At the same time.

Leonard Lee: 15:34

Right, right.

Bob Carver: 15:35

That's the type of, if you have a visual reference, I would say, tho those attack swarm drones, it would be very much like that in, in a cyber realm.

Debbie Reynolds: 15:44

Well, it's like the matrix with, you know, fighting, what's the guy's name? Agent. Yeah. The agent like Yeah. That's what it's like. Yeah. Yeah. I'm, I agree with you. I was. going to say AI agents or just AI in general and how people are using it for attacks, right. I'm super concerned because, you know, these agents are, are, would reportedly know more about you than maybe a typical person would know or would. Typically be known about you in public. And so that's enough to create a situation where they can maybe send an email or do something on your behalf and fool someone to give them some information or something like that. And when we're thinking about agents. You know, think about agents, right? With s Yeah,

16:30

yeah.

Debbie Reynolds: 16:30

Multiple. So like, you may, like, they may have a a hundred agents and then there's no Yeah. No guarantee that even the ones that you sanction will not go wrong. Right. They have your, you know, they may have your, flight information or your bank information and they're only supposed to, book flights for you. But who's to say they wanna book flights for somebody else? So, yeah. Well, I wanna share.

Leonard Lee: 16:53

Yeah, Debbie, you and I, we've had discussions about deep fakes for actually years now. It's incredible years. But, I was just at the NAB show and I kind of did a no-no, I actually consented to have my image used in a demo. And the demo, after about a minute, pumped back an advertisement that, had my likeness. Whoa.

17:18

Yeah,

Leonard Lee: 17:18

and I was. Astonished, number one, how quickly they're able to replicate, or create that deep fake. although, you know, o obviously the vendor was thinking, Hey, we're doing this for fun. This is something that fans might engage with or a creator if they, licensed someone's likeness. They could create content using generative. Techniques, without having to bring that individual into the studio, et cetera, et cetera, But you flip that and it's astonishing how these deep stakes could very easily, fool most people. Yeah. Right? And, our voices, our likeness, they're on the internet. And then there's also the dark web that is open, And so when you have these agents and these, generative AI architecture is what, what you might call. Rag architectures, for cyber attacks, basically, connecting to an indexing or creating embeddings of you in a vector or a graph database, and then using that information or that corpus to institute intelligent or reasoned attacks on you. With deep fakes. A deep fake layer. Super scary. And it's not like this is tomorrow. This is like today.

Bob Carver: 18:56

Yeah.

Leonard Lee: 18:56

This is maybe even yesterday. And I don't think this is part of the public discourse enough. it's actually quite frightening.

Bob Carver: 19:08

What, there's several things there. I mean, one of the things that a little concerning is that there are several, many financial institutions started doing the voice recognition as part of the identity. And it's like when that first came out, I go, oh boy, I don't know about this. But we'll go back and about a year ago, I think in Hong Kong, it, there was a company taken for over a couple hundred thousand dollars, through a deep fake, and it was done with a video and that sort of thing. And then the most recent one you probably remember was, Ferrari. Somebody was trying to imitate, the CEO of Ferrari and he was trying to. get some major money from Harry? Yeah, yeah, yeah, yeah. Remember that? Yeah, yeah. Yeah. It's interesting, you know, it started out with, using a phone number with WhatsApp. That they didn't recognize, but they had his picture with the Ferrari logo and that sort of thing. And then, they had some sort of voice changing technology that was able to imitate his, Southern Italian accent. It was very similar to his voice. Luckily one of the. Upper management that was going to, eventually have to approve this money transfer. He said, He said, you know, I'm gonna have to have you prove exactly who you are here, right? Because, oh, you, you know, you're calling from a different number. I'm not familiar with that sort of thing. And there was, there were several things that didn't quite add up and he said, you know, we had a conversation, you and I last week, and you recommended a book for me to read. Oh no, that what, what was the title of that book? When that happened, all of a sudden the, the line went dead. Oh, wow. The actor, the guy, the bad guy hung up. he'd been had there he couldn't fool'em anymore, but he fooled them all up to this point though. Yeah, it was like, I think they had gone on for. An hour back and forth with multiple people in the organization

Leonard Lee: 21:15

That's true.

Bob Carver: 21:15

they had everybody fooled. When it went to a personal conversation that was happening, the week before the guy couldn't replicate that it just shows that companies and even families need to have some way of, authenticating, people, beyond the normal means. Yeah. Beyond a normal voice. A normal video.

Leonard Lee: 21:36

and it is ironic that the mechanism for doing that is the most archaic thing that you can think of. It's the most non-digital thing. Yeah, exactly. You know, that's really. Depressing. So, yeah. Anyway, Debbie, do you have anything? Go ahead. You have another depressing thing to share with our

Bob Carver: 21:58

audience? Oh, I'm sure. I have lots of different things, unfortunately. matter of fact, I am, I'm called out regularly on LinkedIn. It's like, can't you share some good news for a change? Oh, really? Yeah. Oh my goodness.

Leonard Lee: 22:11

well, no, you know what? For those people, I think if you have a solution, it's a great opportunity for you to say that you have a solution. Sure. I mean, that's why I tell a lot of folks, because our, our biggest challenge right now is lack of awareness and hyperbole. Right. Yeah. Right. Some, a lot of folks thinking that certain technologies are, are something beyond what they actually are. And then the other is certain technology topics or issues or risks that are just simply not known. And so for enterprise practitioners, but also increasingly for consumers, it's important to. number one, have that awareness of some of these issues that we're already talking about here, but then number two, to also not hyperbolize certain types of technologies that simply are not gonna deliver on exaggerated expectations. Right? None of those, I think things are good, right? So, I mean, even for this podcast, we invite. Anyone, if you have a solution, it's not like we know everything. No. If you have a solution, give us a call or share. And then we'll kick the tires on it. if it's great stuff, we would, be more than happy to share the story of a solution. Which we'll get into in a little bit so that. Demi's not has that sourpuss face on her. Yeah. Debbie. I don't want through the whole episode because she's hearing all this disturbing stuff.

Bob Carver: 23:39

I think the main thing is just to get the word out so people have awareness to be able to Exactly. Protect themselves. That's the main thing.

Leonard Lee: 23:47

Yeah. Debbie, any, any other, depressing. Cybersecurity topic? You wanna No,

Debbie Reynolds: 23:53

pretty much, I think you pretty much covered it. I, I'll say though, the thing that I always tell people, the three things I always note in these situations is almost like, and I'm dating myself and I'm sure Bob, you know this back in the day, but remember, Saturday Night Live when they had this. Skit where, it was someone at the door and they like say candygram or something. There was always like a shark. Right. Oh, I remember that. Yeah. So

Bob Carver: 24:19

that's unfortunately that's, I know if Leonard remembers that, but maybe he saw some reruns, but

Debbie Reynolds: 24:24

Yeah. But yeah, that's what reminds me of, so no matter how people try to get to you, they're trying to do the same thing. Yeah. They want to create a disturbing situation that make you do something that you wouldn't typically do. Yes. They create a sense of urgency and they want you to take an action. Yeah. So if you don't do any of those things, that'll help you no matter what you do.

Bob Carver: 24:45

Yeah. I think we all have to slow down and listen. Mm-hmm. And try to make sense of whatever. Is going on. and you're right, that sense of urgency a lot of times is used by different threat actors and scammers, to try to get people to, do something really quick, you might be better off just to think about it for a while.

Debbie Reynolds: 25:07

it off

Bob Carver: 25:08

later.

Debbie Reynolds: 25:08

Yeah. It's so urgent. I just don't do anything. So I was like, okay, well what's gonna happen?

Bob Carver: 25:13

Yeah, exactly.

Leonard Lee: 25:14

Oh, geez. Okay, so now let's move on to the bright side of life.

Bob Carver: 25:21

Okay. I hope,

Leonard Lee: 25:24

Okay. So it looks like some people have reacted to your posts, Bob. Yeah. And, let's talk about like solutions. I mean, the bright side of life. Yeah. And hopefully the other side of the asymmetrical equation here, I. But what are some of those things that you see, emerging or in play right now that look like they could be viable solutions either for, enterprises or consumers? Because again, I agree with you. Consumers is increasingly important.'cause now they're becoming a. vulnerability to businesses. Mm-hmm. Because their vulnerabilities could then be a way for A threat actor to actually compromise a business as well as our customers. So what are some of those things that you see that are promising in terms of solution?

Bob Carver: 26:11

Sure. I did post something. I mean, this is sort of the good and the bad, but, there was an article I found that talked about a lot of the common VPN solutions for consumers they were sending off a lot of their data to advertising. Agencies and so they were not only, basically. they were supposed to help with privacy and that sort of thing. But then they were sucking down all your data from your web history and sending it off to these ed agency type groups. And, some of the common names. Some of'em were like Nord, VPN for a while, express VPN was doing it. But they finally are backing off I think, because consumers. discovering this, but it also gave that same article that I had posted, gave a lot of the companies that supposedly did not do any of that type of thing. so it was good knowledge just for the general public to know which VPN to buy now. I don't think VPNs are the ultimate solution for security and may even be sometimes questionable, even on the privacy end, although they're advertised to be that way a lot. one of the advisory boards I'm working on now, they've developed a hardware. Microsegmentation platform and Oh, wow. Yeah. And, I don't know the pricing, how solid is, and I think they're doing it more for, medium to large size businesses right now. But it's not, I don't think it's gonna be a huge cost, like a small little gateway. And what it is, it almost acts like a VPN because you're hidden behind this microsegmentation or sort of like a firewall type thing? Yeah. Behind the gateway. But this gateway, you can't discover this gateway with the normal pen testing methods. It's, it, there's nothing there. Or, or at, at the worst case it's this, oh, there was something there, but it's not alive. Like, can security you mean can't do it? Security. Okay. Security. Yeah. Security by security. By security, yeah. Which is great. Exactly. Yeah. Exactly. Exactly. So people can't get to you. Yeah. And then, you log in through there and then it also logs you into a cloud instance, which is almost sort of like a similar to a sass e type situation. but you can set it up to protect you, where you allow only certain users, only certain ports, only certain ips, and you can even do geolocation blocking and nobody can see your traffic except for the people that actually run this I think the traffic just, overwrites itself after a certain amount of time. So, that's something that I find very interesting and it'd be interesting to see if they get this available eventually to consumers. But right now I think that, like I said, they're gonna, do it from medium to, large. Organizations, they have it for individual endpoint, like where you can do either wifi or ethernet or you can set up a gateway to make your own little mini network. Or now they're going to. A full blown switch where the whole switch can be set up with all of these micro segments and you can totally control, set up the, configurations to totally control all the traffic going in and out and from one to another. considering a lot of companies have, a certain amount of crown jewels, they wanna protect. this is, it's already, been certified at FIPs one 40 dash two, So that means pretty much that most. Pen test guys aren't able to break into it. Yeah. So, anyway, I think that's interesting. I think it's gonna be good for, iot. I think it's gonna be good for ot. OT and it's gonna be good for a lot of manufacturing that are stuck on xp, windows XP platforms that are, full of holes. So, yeah. I think it's could be exciting thing. And also, I don't know if they're gonna do consumers right now. I think it's more gonna be mid to large, commercial enterprises. Yeah. Yeah. If somebody gets a hold of a system and they have admin pro privileges, they escalate to a admin privileges. The microsegmentation that's built into an os, it's toast. It's done. You know, it's the same thing with, you know how the threat actors take down, endpoint security. Yeah. So they take down the endpoint security, they take down the micro-segmentation. It's like game over. Yeah. anyway, I'm pretty excited about this. yeah.

Leonard Lee: 30:48

I think it's totally cool, actually, in, the study I did, for off comps. Now going on almost seven years ago, we brought up microsegmentation for, and this is a tough context Sure. For that, for mec, that being like a big Sure, missing piece. But I like. this, notion of bringing it to consumers because, we have a crap ton of stuff connected to our network. Imagine being able to bring zero trust capabilities To a household. And not just within the home extending that sort of a consumer sassy model, if you will. That's super interesting.

Bob Carver: 31:27

I have one in my home network.

Leonard Lee: 31:31

I'm sure Bill Pew does as well.

Bob Carver: 31:33

Yeah, yeah, probably so. But anyway, yeah, it's, I love that idea. It's exciting and, yeah, I can see some great things and I remember meeting somebody a black hat years ago, he said, hold on, hold on, hold on one second. One second ahead. Debbie smile.

Leonard Lee: 31:47

This is, I'm sorry. She's smiling. Does look on her face.

Bob Carver: 31:52

It's all good. Okay, go.

Leonard Lee: 31:54

Go ahead Bob.

Bob Carver: 31:55

to block that. Oh. I met somebody at Black Hat years ago and he had set up his own VPN and what he did is he set up a cloud instance and, had the microsegmentation and everything Uhhuh and he put everybody's traffic. through a big mixer, in this cloud. So even if somebody could get into that cloud instance, they wouldn't be able to tell whose was what But this is sort of the same sort of thing, same sort of principle where this is gonna connect this device, hardened device, Hardware device or micro segmentation connects to cloud instance and the cloud instances rero you to other parts of wherever you wanna go.

Debbie Reynolds: 32:35

Yeah. I'm much in favor of sharing less, so that helps less data or information go out.

Bob Carver: 32:40

Yeah. And so, nobody really can get to my computer when I'm connected to that.

Leonard Lee: 32:45

Well, I don't think we would expect any less from you, Bob, so,

Bob Carver: 32:49

Yeah. So anyway.

Leonard Lee: 32:52

That's fantastic.

Bob Carver: 32:53

another thing that was in the news recently was, a lot of these Android applications that are, we're again, sharing data with all these data entities, advertising entity, whatever. Sucking down and, and not being a hundred percent, revealing in, in what they're doing with all the data, transparent with all their data that they're grabbing off of your phone. The same thing with iPhone. And even there, there's times, you've probably seen, you can't always, change the settings where it's like, no, I don't wanna share my data with you. You know?

Leonard Lee: 33:27

Yeah. You can opt out.

Bob Carver: 33:29

It's not always available to opt out,

Leonard Lee: 33:30

Yeah. a lot of these examples you're bringing up a privacy is such a big factor. I mean. And the reason why I say that is because you've brought up the issue with, the freemium ad model and the business model that it is and that unfair trade that Debbie always talks about. Right? Yeah. And the risks that. imposes, or creates for not only the consumer or your customer, but for the enterprise itself ultimately. Right. And it's like this, whole chain of risk, everyone talks about chain of thought. Let's maybe we coin a new term here as the chain of risk.

Bob Carver: 34:14

Yeah.

Leonard Lee: 34:14

Right. It's just no single instance of vulnerability or compromise. it tells the whole story. it's that whole cascading effect all the way to, the enterprise, right? The service provider that you have to consider. So it's just something that I just kind of. Notice from our conversation.

Bob Carver: 34:33

One of the things that I do, and I recommend a lot of people to do this and people can do this themselves, fairly easily, by a couple of plugins. and I generally don't recommend doing plugins on browsers, but, you block origin. And the other one is privacy badger. Which is from e, f, F. Yeah. they, those two and Debbie probably, she knows of those and probably maybe amuses them, but they, they block a lot of the advertising and tracking. But I also do it on a domain basis, Through DNX. Oh, okay. blocking all these ads and tracking. it's usually at the very minimum, 10% of all the traffic that goes to and from my computers. Our, a either ads or tracking 10% is just on the low end. It's probably been as high as 12 or 13% of the traffic. So that's how much of this stuff is going on and, it's sort of scary, but I mean it,

Leonard Lee: 35:33

yeah. Bob, how are you such a popular person? Like, so stressful. I don't think well out listening to you, man. This is like crazy.

Bob Carver: 35:43

The advertising people aren't very happy with me saying anything like this, but,

Leonard Lee: 35:49

I don't think they're happy with any of us right now.

Debbie Reynolds: 35:52

Right, Exactly. You have to eat your vegetables and take the medicine, I guess.

Bob Carver: 35:59

Okay. But anyway, it does break some websites, unfortunately. I just have to weigh how bad I want to go to some of those webinars.

Leonard Lee: 36:06

Yeah. Well, you know, that's why the work that, Debbie's doing, IEE and

36:10

mm-hmm.

Leonard Lee: 36:11

You know, in trying to establish a standard for. privacy or, or transparency around privacy and privacy practices like what Debbie and I call like the privacy first, principles of just Right. Anything right. Of like business or economy, right? Sure. That's why that's so important. But again, I think we suffer the problem with, folks not. Having the awareness of the risks and the issues related to just trading your privacy for free stuff.

36:40

Mm-hmm.

Leonard Lee: 36:40

there's A very wide and deepening ocean that needs to be transferred because at risk of all of this is trust at the end of the day, because going back to the beginning of our conversation, the tools that the threat actors, are now equipped with asymmetrically enable them to do exponential damage, right? I mean, when they talk about the exponential benefit of ai. It really, applies to them mm-hmm. Today at a scale much greater than anything that cybersecurity practitioners can institute. Yeah. To countervail that growing. Of course.

Bob Carver: 37:18

And I know Debbie's talked about these before in the past. I know. I mean the, Automobile market and any more recent automobiles, the amount of data is just incredible, that they suck down off your system. the only thing that, frustrates me is you have no way to mitigate that, easily. They don't, you know where on my home network, anything that goes through my home network. I can take care of a lot of that myself, exactly with settings. But you're Bob, I ex, well, Roku, example, I have a Roku box that I bought several years ago for my old tv. Just looking at my logs on the DNS logs, one of the Roku domains is one of the top blocked domains out of thousands of domains. It's just a big chatter box. It is just constantly. Sending information out to the internet and to the people you know, to feed on this stuff. But they must be, a little bit disappointed because I have thousands and thousands of blocks as they keep on retrying and we want this information. It's like, no, you don't get it.

Leonard Lee: 38:28

Okay. Bob, I think we're gonna have to cut you off because you're, you know, Debbie smiling for just a moment when we actually remind her that she's grimacing and then she goes straight back to grimacing. So this is like not healthy thing that have going on here. Yeah. so let, let's do this. both you, Debbie, and Bob, share some of your perspective on what you think, enterprises need to do in terms of mindset shift going into this year. you know, obviously Bob, this is your first time on, so really interested in your thoughts there, but Debbie's constantly. Tuned into the vibe of what's going on with enterprises and privacy. And I think it is all becoming so interrelated. This is like what Debbie and I have been talking about for years now. This isn't y thing, this is what we've been talking for a long time. Trust, privacy. And security are all coming together. They're different.

39:24

Mm-hmm.

Leonard Lee: 39:24

And that's like the, actually the first order of awareness that needs to be bridged. But when they come together, you need to start to understand how they're interrelated and how they're all coming together because of actually. the morphing nature and the evolving nature of cybersecurity threats. Right. But what is that mindset shift that you would say that enterprises need to make, going forward into this year? so mm-hmm. Both of you that please share your thoughts.

Bob Carver: 39:58

You wanna go Debbie first

Debbie Reynolds: 40:00

Oh, sure, sure. I'll go first. Well, two things. One is that I think companies need to educate employees and it not just about company stuff, but about personal stuff, right. Protecting themselves in the digital realm because even in this Disney example, right, so this guy's probably using his home stuff, maybe he understood what he was supposed to do at work and he did all that stuff, but there were some gaps there between what he was doing that maybe could have helped him and, not hurt his work.'cause we see people, they can't print at work, so they send a document to their. Home email address, the shenanigans kind of goes on and on. So being able to educate people about just cyber safety or digital safety as a whole, not just at work, I think is, you know, bridge that gap. And then also I. Companies need to talk about future risks, right? Emerging risk, talking about this, a agentic stuff. So can't just be like, oh my God, this terrible thing happened. You know, Johnny got hit by a car last week. you have to talk more about, these are things that are out there now. Yeah, these are things that are emerging. Here are the possibility of things that can happen if we don't do x. YZ. So it can't just be reactive, it has to be more proactive and we have to have more imagination and explain to people mm-hmm. What these future risks could look like.

Leonard Lee: 41:27

Yeah, that's awesome.

Bob Carver: 41:28

Bring back, bring it back to the real world. Yeah, yeah, yeah. I think, one of the big things is to be able to, expand their understanding of the breadth and depth of the risks that are going on.

41:47

Yeah.

Bob Carver: 41:49

The next step is to be able to have the visibility and context. Into the network to understand some of these, threats that could be going on in the network. so many of these threats nowadays use a combination of, uh, traditional malware, but they're also living off the land where they use. Traditional processes that whether on a, windows or a Linux box, and they just use those traditional commands. And of course, the endpoint security and the network security don't see those as being a threat because it's like, oh, those are the commands that the everyday cis ad admin uses anyway. So it's not a problem. So they do, they do need additional, Visibility into those type of processes. yeah, I think we, need more microsegmentation. I think this microsegmentation that's done in a hardware probably could be a boon for a lot of companies, It, OT iot are, are actually, I mean, I I'm sure there's ways you could figure out how to even do that in the cloud if you did it right. yes. So, I can see that sort of thing. The other thing is going to the next level of. Machine learning and neural networks to be able to make understanding of what's going on on all those endpoints and what's going on on the network flows, whether it's to and from the internet or east west, you know, a lateral movement in those networks to be able to help understand, what's going on. So those are a lot of, the basics that, uh. I'm concerned about.

Leonard Lee: 43:28

Yeah. Well, I'll add one additional, oh, please. This has something to do with, the title of your company actually. Yeah. addressing board pressure on emerging technologies, whether there's generative AI or gentech ai, especially agent AI now, because I think now there's this, yeah. Huge, deluge of agentic ai, Kool-Aid being pumped into, the techno verse, right? Right. That needs to be addressed. And no doubt, you know, the kind of board pressure that you always hear practitioners talk about, that needs to be addressed. And part of that is getting experts like Debbie. Yourself, Bob. and I'll include myself. There you go. All, any of us as you should. Yeah. Yeah. to help alleviate that pressure. it's incumbent on the, actually it's a fiduciary duty of a board member to know what the hell they're talking about when it comes to these things because it's so serious and, to check. Any expectations that are being built on the hype side of, emerging technologies against the cybersecurity realities and the threats that, and risks that they, not only potentially, you know, present, but do present because usually the threats are ahead of. The actual business value in any of these technologies that we've already discussed. So, yeah, that's the only thing that would add. And so with that, hey, great discussion. Smile Debbie, please. She usually smiles Bob. Don't get the wrong impression.

Bob Carver: 45:06

I've seen Debbie smile before. I know. She smiles.

Debbie Reynolds: 45:09

Bob knows I smile. Bob knows I smile.

Bob Carver: 45:14

I I probably was just being a downer to No, no, no, no, no. Okay. Okay. That's okay. It's all good.

Debbie Reynolds: 45:22

I a glare in my eyes, so I'm more squinting. Sorry about, uh, good one. Good one. That was a nice

Leonard Lee: 45:28

pivot there,

Debbie Reynolds: 45:29

Debbie.

Leonard Lee: 45:31

But hey everyone, thanks for tuning in and I hope you found the discussion, insightful and helpful. And, Bob, Debbie. thanks a lot for jumping on, love doing this with you guys. And Bob, hope to have you on again. so really quickly, why don't you explain to our audience how they can get in touch with you. I know that, you've started your own thing, so Share with our audience.

Bob Carver: 45:55

Yeah, my main platform is LinkedIn. I mean, I'm on X Twitter too, but, LinkedIn is my main focus. And just look for me, I mean, if you just, do Duck, duck go, or Google and Bob Carver Cybersecurity, the LinkedIn link comes up right away. So I'm on the first several pages of, all the search engines. So LinkedIn puts me out there.

Leonard Lee: 46:20

Oh yeah. Cybersecurity boardroom folks. And then how about you really quickly share with. Our audience, how they can get in touch with you.

Debbie Reynolds: 46:29

Sure. So you can always type in, Debbie Reynolds, data Diva on LinkedIn, and my name will pop up. You can also go to my website, debbie reynolds consulting.com. I have a lot of videos and other I. Stuff that people can take a look at. yeah, so a actually we were talking about boards. I did a speaking engagement last week for the National Association of Corporate Boards. it was really interesting,'cause we ended up doing A-A-A-A-W-S hosted, like a tabletop thing with boards and we were talking about implementing this new ai and it was pretty cool. But. it was funny because I was trying to tell people before you go into this AI stuff, you have to think about the privacy stuff first. And a lot of people just didn't wanna do that and so we kinda lost points for not forgetting it the wrong way. So think about the privacy stuff first. call me if you need me. But this help, I think it'd be great.

Bob Carver: 47:20

Love that. You slow us down, dude. You're slowing us down.

Leonard Lee: 47:22

Yeah. there is nothing sustainable about dangerous or poorly executed innovation. Innovation needs to be safe. I think people need to be conscious of that. going back to what you were mentioning before, Bob, about the early days of online banking and financial, you know? Yeah. A lot of people weren't thinking about security back then. some of it was quite rudimentary. And then look at how it has had to evolve, right? pretty remarkable, where we needed to go. So, um, yeah. With that, please subscribe to our podcast, which will be featured on the Next Curve YouTube channel, and check out the audio version on Buzzsprout or find us on your favorite podcast platform. Also, subscribe to the next curve research portal@www.next-curve.com for the tech. And industry insights that matter. we will see you next time again, Bob, thanks for jumping on, Debbie. always a pleasure. All right, take care.