The Human Element Still Matters in a Quantum AI World Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

The Human Element Still Matters in a Quantum AI World

July 14, 2025 • Joe South • Episode 196

Send us a text

Aksa Taylor shares her journey from electrical engineering to cybersecurity, highlighting how curiosity and focused passion can open unexpected career doors in the security industry.

• Finding specific interests within cybersecurity rather than trying to "get into security" broadly
• Building a personal brand through knowledge sharing and community contributions
• Quantum computing's progression from theoretical to practical applications in security
• The challenges posed by unrealistic job descriptions and automated filtering systems
• How AI capabilities create both opportunities and new risks for security teams
• Weighing the tradeoffs between established security vendors and innovative startups
• The critical importance of customer support quality when evaluating security solutions
• Community-building as a foundational element of the security profession

Abstract Security recently published a free community resource book called "Applied Security Data Strategy" for those interested in security data operations.

Digital Disruption with Geoff Nielson
Discover how technology is reshaping our lives and livelihoods.

Listen on: Apple Podcasts Spotify

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1: 0:54

Cool. How's it going, aksa, it's great to get you back on the podcast. I'm really excited for our conversation today.

Speaker 2: 1:01

I'm loving it, thank you. Thank you for having me back and I'm super excited for our talk today.

Speaker 1: 1:06

Yeah, yeah, absolutely. So you know why don't we start with how you got into IT? What made you want to go down that path? Was that always like a passion of yours? Did you study it in university, or you know what does that look like?

Speaker 2: 1:22

Yeah, I kind of mentioned this story a couple times at other places, but I didn't really study IT or cybersecurity. I was electrical and engineering graduate and I came I was doing my master's at University of Texas in San Antonio and I had to take a course that's outside of my core subject, which is electronics and communication, and I there was a new course on cloud computing. I took it and then that kind of like shifted my entire focus and that led to my first job with Twistlock, the first container security solution that was available back then, and then that led to Twistlock being acquired by Palo Alto Networks, which really put me in the product management track, and from there I realized that startups is my thing. So I've continued my journey and now I'm with Abstract Security, who is more of the data operations, security operations world. So it's kind of a shift from the container security world into this and definitely a shift from the electrical and communications engineering world to cybersecurity.

Speaker 2: 2:27

One of the things that kind of introduced the cybersecurity world to my life was I was doing a paper during my master's thesis on securing cloud containers using quantum, a QK quantum key distribution and that kind of introduced me to Twistlaw because I was talking to people who are doing cybersecurity, because I was like I don't know what container security is. I know a little bit what I think I understand about quantum, which is like juxtaposing itself. That's what led me to Twistlaw again what I think.

Speaker 1: 2:58

I understand about quantum, which is like juxtaposing itself. Yeah.

Speaker 2: 3:00

That's what led me to TwistLog, and the rest is history. And that's how I got here.

Speaker 1: 3:06

Yeah, it's a. It's an interesting path, you know, because, like I tell everyone in security, right, or everyone trying to get into security or thinking about it, right, you have to be curious. You know, like that's like number one above everything else. Like you have to be so curious that it's like embarrassing to be that curious. You know, and there's something about it too, because I've seen other people, you know, that even like, get into security and they get bored, you know, and like maybe it's the role right, so they change roles and they go to a new place and they get bored. You know, and they and like maybe it's the role right, so they change roles and they go to a new place and they're like no, this is, you know, this just isn't for me, and for me, like, I don't have that problem at all. It's like, you know, I have a whole list of things and it's going to take me, like beyond my entire career to get through them all.

Speaker 1: 3:59

And, I'm sure, as new things pop up I'm going to be diving into those right?

Speaker 2: 4:00

Yeah, what were you going to say? I was just going to add on to what you're saying that people outside it may look like a glamorous role, like, oh, cybersecurity, I get to like stop the hackers, stop the bad guys. But there's a lot of nuances within cybersecurity, like what kind of a track? What track do you want to take? Are you going to be in applications? Are you going to be in auditing and governance? And if you're not in the right place, you'll end up in a boring job that you don't really like. So I think it's really important to, instead of thinking about like I want to get into cybersecurity, think about what topic really excites you. Is it AI? That's the buzzword right now. We want to know what are the best practices and security for AI. Then just do the research and the opportunities will come to you automatically, right? You do the research, you learn about it, you talk about it, and then people who are looking for roles to fill are going to eventually find you if you are in the same.

Speaker 2: 4:55

And that's kind of what happened to me. Like I wasn't looking for a job in cybersecurity per se. I was just trying to finish my thesis and a major part of it was the security role, the cloud containers, container security or cloud security. So I had to do research, I had to learn all about it, and I mean all the timing by God's grace that it worked out where they were looking for someone, and this was new. And all things work together for my good. But I think if I set out after my master's thinking that I want to get a job in cybersecurity, I won't say it's impossible, but it's difficult, because so many job descriptions out there say you must have experience in XYZ, you must have experience in that. How are you going to get experience if you don't get the opportunity? And so I think the focus should be on the topic that makes you passionate yeah, yeah, that's a really good point.

Speaker 1: 5:49

You know it's crazy because there's there's been so many people in the industry that complained consistently about these stupid job descriptions. You know, and like the, the, maybe the biggest one that like stood out to me was when the creator of Kubernetes, right, like this guy, literally created the container framework. You know, yeah, he, he, he saw a job posting that required, you know, 10 or 12 years of experience, and this is like eight years into you know Kubernetes existing and they declined him and he's like I'm on the paper that like started it. You know, like it's so crazy. You know, and people have such unrealistic expectations of what that experience even means or brings to the table that you know they're taking I feel like they're taking, you know this, this like 10 years of experience, as like a broad. Okay, you're a senior, you're a lead. You know we're going to apply that insecurity.

Speaker 2: 6:53

It's like no, that, that that isn't how that works at all you put it into an AI LLM and you get this really nice, curated thing with all the right buzzwords, but then you may not get the person that you wanted for the role. I think we should really get away from the applications and just be like, hey, let's talk If you have what it needs and you have the experience. Just bullet, point what you've done facts and let's get into it. But instead it's all about the buzzwords, the years and, yeah, it's, it's been hard yeah, maybe the most frustrating part for me is, you know, like I like.

Speaker 1: 7:49

So I have two little kids, I'm getting my PhD, you know I do consulting on the side and I have a nine to five right, so I don't have the time to modify my resume. You know, for 10 different jobs it's like here's my resume. If it looks interesting, call me. Right, like that's what it is. But to these like filters and everything, you basically have to rewrite your resume for every single application you submit to even have a chance. You know, and I recently went through a round of like interviewing, looking for a new job and everything, and I barely got any hits and I think it's kind of twofold right, like the job market is in a weird place right now where you know when a role goes up on LinkedIn, right within two hours it has over 100 people applying to it.

Speaker 1: 8:41

I don't know if they're bots, I don't know if they're real people, right, like maybe they're all fake or something like that. But how am I ever going to get recognized for any position in that situation, let alone now I'm formatting my resume to fit something that I'm not even going to get recognized within right? So like it's this crazy conundrum.

Speaker 2: 9:04

And sometimes you don't even get to the stage where you can talk to a person. You're just automatically declined based on some keywords.

Speaker 1: 9:11

Yeah, yeah, that's the craziest thing. Maybe my most successful roles even, I think, have been from hiring managers that watch the podcast. They heard me talk about a topic and they're like, oh, I need a guy in cloud security. I like, I like his personality, I like how he thinks his skillset is there. Right, cause I'm not just talking to anyone right, like I've had on, like yourself I've had on, you know, ai security experts from NVIDIA that are over here talking about, like tiered architecture for AI models that you know I'm over here like trying to just keep up. Like I feel like I'm barely able to read. You know what this guy's putting down right, but having that broad range of experience opens you up to hiring managers. You know what this guy's putting down right, but having that broad range of experience opens you up to hiring managers. You know a little bit more right, and getting out there and talking about it, really building a brand for yourself.

Speaker 2: 10:09

Right, I think also.

Speaker 2: 10:10

I see a lot of knowledge sharing and people who do a lot of knowledge sharing and I think that's so important for our community our defenders, security defenders, community to share that knowledge more outside of just talking about our products and platforms right, and that's why I love podcasts like these, where we can just have an open conversation about things going on and, of course course, highlight innovations that people are doing within their company and what what the product is doing. But it's also important to just talk about, I think, things outside of work related stuff. I don't know there's a thin line on LinkedIn on how much you can post about versus. I'm definitely not an expert on that, but I like knowing like, hey, you're a person behind the corporate mask, right, and you have your own life and you have your own story and how you got to where you are, and that's inspiring to me. Just going reading stories of people, how they got there, and I think that affects our work as well. If I see someone who's gone through a similar work track and that I'm trying to get into, it opens up different ways of thinking and how to think about career and just our own personal journey as well.

Speaker 2: 11:30

So I think we need more of that as a community that don't treat people like oh it's a sales guy, I'm not going to reply to him. Oh, it's a CISO'm not going to reply to him. Oh, it's me, so I'm going to reply to him, like that kind of differentiation based on titles or vendor names. We should really try to look at people as people and they're solving problems and we're all here to protect environments and organizations in whatever way. If you are an organization, you're trying to find services to protect yourself. So community is key to cybersecurity and I think that is what also opens doors of opportunities for people if we create that bridge and have more community-led projects.

Speaker 1: 12:16

Yeah, something you said about kind of being more open. I've always found it that the security industry overall, right, at least at least once, you're than happy to discuss a new topic with you. They're more than happy to talk about what they're working on, what they're finding. All this different stuff, right, which was something that I was nervous about, you know, going into this podcast, right, is who's going to come on, who's going to even, like, want to talk to me? Why would they talk to me, right, all these different questions that you always, you know, have pop up in your head when you're doing something new, something you haven't done before, or whatnot. But you know, everyone that I've had on, right, you know, but it's like everyone that I've had on for the most part, like they're all very open about it. You know, and, to be honest with you, the people that are there because, like, their pr person put them there and they don't really want to talk to me, like those episodes don't even go live.

Speaker 1: 13:23

It's just like, yeah, I'm not giving you, I'm not giving you the marketing, you know keeping it real yeah, because I you know, I I do, I do almost no editing and the editing that I do is now done by ai, so like. So you know, I feel like it adds an authenticity to the podcast, right, when you come on and you tell your story, they're going to hear your story from you. I'm not choreographing it. You know, like you've been on the podcast twice and I don't think I've sent you, I don't think I've sent you any questions, like, like nothing.

Speaker 2: 13:59

In fact, not even today. I was just like, oh, what are we going to talk about? Well, it's Joe, we're just going to find something to talk about.

Speaker 1: 14:06

Yeah, yeah, we'll figure it out. You know, that's a good thing about this space, though, right, and especially with a background like yours, right, where we're talking about, you know, pqc and containers there's so much that we can dive into it. I was actually thinking about this, you know, last night maybe I guess I'm a nerd, right so I was thinking about like quantum encryption overall, because I have to know, I have to know like I feel like just enough to get by and not sound stupid and not insult an expert. You know, like with with knowing, you know with like doing my research, right, and so I'm thinking about like how much I actually like know, um, you know within the space, and I'm like man, I think I think it's like 2%, but I think we probably also only know maybe 40% of what it actually is overall. So that takes it down to like 0.5, 0.4,. You know of what my actual knowledge is.

Speaker 2: 15:14

That's what I was going to say. Is there truly a full knowledge of quantum world? I remember my professor right on day one of the class, when I I mean day one of me starting this report with him we had a one-on-one to discuss what this is going to be. He was going to give me books to read and all those articles, research material, and he, before giving them all to me, he said this look, as you start this journey, just whatever you know until now, throw it out the window. You're going to relearn everything from this perspective. So just come with a completely open mind. Don't bring the laws of physics or logic into what you're learning. Just learn with a completely open mind. And that's key to starting your quantum learning journey. And I thought why Everything's connected to starting your quantum learning journey and I thought why, like everything's connected.

Speaker 2: 16:06

and then I started reading and all the principles and I was like this is a lot yeah I see what he was saying now and honestly I am excited about it and I think not think I mean you already seeing the merge of quantum in the cloud security or security world itself, whether we talk about cryptography or whether we talk about secure channels and things like that. I don't know if we've completely accomplished it, but I think it's something that we should talk about because it's going to impact our world sooner or later.

Speaker 1: 16:43

Yeah, yeah, you know, I've had on other people and every time we go down this rabbit hole, right, it's a weird situation because we've been told for so many years I mean a couple of decades at this point, right, that you know quantum is right around the corner five, ten years, whatever arbitrary number is thrown out there. But recently it's kind of more in front of your face because now we have this LLM, which is not an AI, it's not quantum, right, it's a brand new search engine that is way better than Google. I mean, I use Grok more than I use Google now but it's like a building block for what you would call you know AI, right, and AI and quantum are tied together in everyone's heads, like it's impossible to separate the two, no matter how much delineation you break it apart. Right To separate the two. No matter how much delineation you break it apart, right, like everyone is going to think about the other when you mention you know AI or quantum, right, and so we're in this weird flux state right, where it could literally happen tomorrow or it could literally happen in 10 years. Everyone just knows it's going to happen.

Speaker 1: 18:00

And I was talking to a researcher based out of Germany who's actually like doing? You know this legit quantum research with satellites, launching satellites? He launched one over the weekend and I mean he literally told me. He said you know everyone in the space, that's anyone that knows anything. We're all kind of a little bit nervous right now. Right, because now everyone is paying attention to it and you know, you have Google, you have Microsoft, you have Nvidia, tesla all these companies are building towards, you know, an AI integrated quantum computer. Right, because once you give AI the proper amount of power that quantum computing unlocks, basically it's pretty much unstoppable. There's no dialing it back in, right, and the argument is that essentially the genie is already out of the bottle and so you're not going to put the genie back in the bottle, you kind of have to just go with it at this point and hopefully, you know, the genie doesn't destroy you at the end of it wow.

Speaker 2: 19:11

Well, I'm not an expert on quantum, but I'm definitely looking forward to that episode of yours yeah researcher because in I guess, I've been more on the cybersecurity kind of world.

Speaker 2: 19:22

I've lost touch from the quantum world ever since I graduated and AI is definitely something that's on everyone's minds. I don't know how much I think of quantum and I think of AI, but for sure, from a vendor perspective, from someone thinking about solutions that we can solve for clients or organizations that haven't been solved before, and how do we make it better for clients or organizations that haven't been solved before. And how do we make it better. The problem is there's so much hype about AI that sometimes the buzz is greater than the facts and the facts get buried inside. We were just discussing this because we're going to have a panel in Pittsburgh about AI and security and just facts from people actually building it right People from AI companies, and what are the problems they're trying to solve. How are they solving it. So what's buzz and what's real? I think that distinction is starting to get very blurry.

Speaker 1: 20:16

Yeah.

Speaker 2: 20:17

There's so much hype on AI and people say things like AI will replace XYZ jobs just so plainly.

Speaker 1: 20:24

Yeah.

Speaker 2: 20:26

I mean, I don't know if humans can be replaced by technology perfectly. And this was an argument that I had when I did a talk on process mining for audits and governance and such. And so there was someone who asked me like well, if we have all this automation and everything in place, then we don't need auditors, or we don't need auditors if we have AI. And I said no, because there's going to be some exceptions that you have to manually put a human lens and verify if this is a serious security exception or if this is okay to add and things like that.

Speaker 2: 20:58

Decisions like that can't be just zero or one logic. You need a human perspective and the knowledge and experience that you've gathered over the years to apply to that kind of decision making. If you just put everything in an algorithm and say make your own decisions, I'm pretty sure the results are not going to be bad. Just like if you put one prompt and say write me a whole research on XYZ. It's going to have a lot of stuff that I just made up and you don't want to apply it, just as is to security. This is why you need humans, just like any machinery right, you have machines that made our world easier, but you still need humans to develop and guide and go through that journey with it. I think that's what AI is going to be. It's going to be a really good support, but not a replacement.

Speaker 1: 21:47

Yeah, it's so far off to actually be a replacement and I feel like companies are like moving too quickly in that direction. Where they're? You know, like, absolutely, I won't say where I work right now, but it's within. You know the mortgage industry, right, say where I work right now, but it's within. You know the mortgage industry, right, and there's huge pushes for AI to get rid of, like, loan officers and loan underwriters just completely. And you know, like we're all kind of just sitting here. Like you know, we're moving so quickly towards this. You're going to eliminate all these jobs and in five years, you're going to figure out I need double the amount of people, right, even with this AI on top of it that is doing whatever, right, and that's really like the case for most things.

Speaker 1: 22:35

Now, I do think that there's some areas that, like, it'll offset in the near term, right, like you know, I was reviewing a contract with a customer of mine and rather than pay $1,500 to a lawyer to review the contract and give me their opinion on it, I'm just going to throw it into Grok. See what Grok tells me. I'm going to review it myself, use my head, google what I need to Google and put it back into the document and send it back, right, I've never had, you know, an actual lawyer, like you know, receive the document from me and be like this doesn't make any sense. This is stupid. Like he's never, they've never called me out on it at all. So why would I go and pay the guy that you know I've, I've used before, right, like, why would I pay them? It doesn't make any sense, you know. And another thing is probably like, probably like graphic design artists, you know, or whatever, whatever that might be.

Speaker 2: 23:34

We're going to have a debate right here.

Speaker 1: 23:37

Yeah, well, it's a. It's an interesting debate. I'll tell you this, right. So I recently paid someone to like create a logo for me and everything like that right, a new logo. And did a fantastic job Like no complaints, nothing Like I've used them before, did fantastic work. Grok goes and gives me a prompt saying do you want a logo for this services website that you're standing up Like why not? I already paid this guy Doesn't really matter. I'm going to go with that logo, but it would be cool to see what Grok gives me. And Grok threw out four drafts within 30 seconds and all four were better than what I just paid for and I'm just sitting here like this is that's going to be a problem for a lot of people.

Speaker 2: 25:02

I mean competition. Yes, I think that also makes me curious what are going to be the copyrights for images and products generated by AI, right, yeah, do you have thoughts on that?

Speaker 1: 25:15

Because these companies like 100% could lay claim to whatever their AI cooks up. But that would also open the door to like, massive pushback right From the population that's using these tools where it's like, hey, you know, we understand our data is, you know, being sold on the back and you're making your money somehow some way, right. But it would lead to other things. That's the problem. Like they could 100 do it. Like they, they could just like completely destroy that and rip that from our hands and everything. But that would lead to so many other negative things for them in the court that, like I don't think anyone would ever do that yeah, that's definitely something to look or think about.

Speaker 2: 26:08

Wasn't there a recent discussion about Disney princesses versus AI? Because I think Disney is in some discussion about not giving out its I don't know, I had a.

Speaker 1: 26:23

Really.

Speaker 2: 26:23

I wasn't talking about it, but I think cases like that will come up. Bi starts generating things off of products that are already copyrighted, but then it adds its own twist to it. Now, who really owns it? Is it a general creator? We're going in a complete loophole here.

Speaker 1: 26:44

Yeah.

Speaker 2: 26:46

When you mentioned that, hey, I replaced my designer or not replaced, but I could replace my designer Augmented. Could, and that makes me think like what's going to be the originality of stuff. And what if it creates the same logo for another user and nobody has the rights? So who wins?

Speaker 1: 27:06

Yeah, yeah, that that is. That's an interesting conundrum. You know that that will that we're inevitably going to fall into. We're probably already in it and we don't know, you know yeah, I think the same applies to security too.

Speaker 2: 27:22

When you mentioned earlier that, hey, we're moving too fast adding AI to security and products in general, not security products in general. We have AI features or AI capabilities and that can have a lot of negative impact on what you're actually creating with AI. For example, if you create a platform, if you have a platform that takes a lot of customer data and you want to add an LLM or a natural language processing kind of query, people can create easy policies or configurations based on that. But if you don't control the dataset models and don't have proper boundaries in place, then you're kind of mixing up. First of all, you could be in a problem where you mixed up different customer environments or proprietary data from different customers. The other thing is how do you avoid LLM poisoning or data poisoning and LLM hallucinations, right? How do you control that? It can make its own stuff Something as simple as like give me a summary of my threats that you've seen from my environment and what if it makes stuff up to give you that answer. But if you completely rely on it and if the creator of that platform doesn't have proper security features in place to avoid that from happening, then you're just prone to so much more attack surface. And then there's a whole other thing about prompt injections and all those things coming into play as well.

Speaker 2: 29:02

So, as companies are running to get or to say that we have AI, AI something, platform, AI powered, AI enabled, AI assisted, it's so important to know or ask the right questions, I think, as a consumer. But how do you protect against all these different risks that AI features can introduce in the environment? Is it keeping my data safe? Do you have proper boundaries in place? Is the data set given by the company or is it like? What kind of model are you using? Are you using like an open library? Are you using a control data set? How are you controlling that governance piece? How are you controlling the privacy piece? If you don't ask the right questions, every platform is going to use AI in some capability, but you may expose yourself to higher threats and higher risks, and I think that conversation in itself is a whole entire topic. You would have an entire podcast series on that.

Speaker 1: 30:02

Yeah, I have. It's a pretty expansive area overall and you know, like you said, I feel like when we were going into the cloud, basically 10, 15 years ago at this point, you know, a lot of people didn't realize the huge risk of sharing resources of. You know, hey, I'm gonna throw all this data into this S3 or this EC2, you know, whatever it might be, whatever, maybe a Lambda when they came out and whatnot. And surely AWS would never use my data against me and create a competing product before me very conveniently before I launch it and whatnot. Or you know, another customer would never be able to see you know this data or anything, because when I log in, you know the portal's right there and it's only my stuff.

Speaker 1: 30:53

But you know, unfortunately there's been reports of all of the big cloud providers actually launching, you know, competing products conveniently, right before a startup is going live right, conveniently, right before a startup is going live right With you know, code that's very similar, that was built on their platform, and now they have this new product and there's nothing that you can do about it, right, because when you're a startup, I mean you're kind of going, you know, month to month, week to week, for the amount of money that's coming in and whatnot, and when you're AWS or GCP or you know Azure, it's like what's a couple million dollars that we're going to waste on this lawsuit compared to, you know, this willow chip that we just made and spent probably like two, three, four billion dollars on to create over the last 15 years? Like what does it matter? You know.

Speaker 2: 31:43

Wow, yeah, that's an interesting topic for sure. Actually, that brings another question in my mind, so I'd love to know your thoughts on acquired platforms. You know these big companies. They acquire startups and sometimes offer their capabilities for free, or sometimes might integrate them in the bigger platform, or sometimes just not use it at all right, it gets peered. And then there are startups that are innovating so fast and they are all hands on deck. They're super focused on what they're delivering and it's all inbuilt and native native offering, right, um, curious. I have my own opinions about it. Of course, come, I've been in a bigger company, I've been in smaller companies, so, based on my experience, I have my own opinions, but I'm curious what you hear and what you think about that acquired platforms versus native innovative platform.

Speaker 1: 32:42

Yeah. So speaking from an end user, right Like, I've only been an end user, I've never worked for a, for a vendor. You know I haven't like sold the product. I'm a pretty good salesperson, right From an end user, it's all. It always makes me nervous when a product that that I like or have used gets acquired by, you know, palo Alto or Cisco or Microsoft, google, whenever they're acquired by any of these giants. Yeah, because you're like what's going?

Speaker 2: 33:14

to happen to it.

Speaker 1: 33:16

Yeah, you know, like the list is pretty extensive of products that were amazing and then they get acquired. And I mean, two years in it's a new product, it's completely reskinned. It looks like someone just jacked up the UI. Completely doesn't operate. The same.

Speaker 1: 33:36

All of the roadmap items that were supposed to take place never came to fruition for a number of reasons. Right, and it destroys products, like typically, right, and that's why I'm a little bit nervous with Google acquiring Wiz, because on Wiz, yeah, wiz will protect themselves, right, they built their product on AWS. It's also not like, it's not out of the realm of possibility that someone could recode it. You know some genius from Google could recode it to run on GCP, right, like it's not. It's not rocket science. And you know, like I've gone through the whole thing of talking to Wiz about it and they all seem very confident that nothing's going to happen.

Speaker 1: 34:22

But still, again, you know, like there was a, there was a permissions company that was doing cloud permissions completely differently from everyone else, and I can't remember what it was called. Google bought them and the product development stopped when they bought them. They bought them seven, eight years ago and they and they were five years ahead of everyone. Google bought them. I think it was like Beyond Security or something like that, and at first Google just took the same name and integrated them into GCP and it was like, okay, it operates the same and everything else like that. Then it just seems like they completely forgot that they had that product Like it's. You know, now it's lackluster when before it was so far beyond everyone else, like I was literally evaluating it to be like can I use this thing like on-prem?

Speaker 2: 35:22

Because I want to use this everywhere now yeah, yeah, no-transcript and refine, fine-tune things to make it work with everyone. Sometimes, I mean, most of the things are pretty casual. They're global, right, but if there is a customer using an integration that's not really well popular or they have their own in-house data source they want to extract things from, there's always going to be cases like that where you need access to the leadership, the engineering team of the company that you're working with. But if you're working with a bigger company, what does that customer support going to look like? And I think that's a pretty big differentiator in people think oh, I'm going to get this XYZ thing for free, so I already have a partnership with this big company and they're going to throw in this XYZ thing that they just acquired for free. So why can't I just go with them? Because they're a brand name, they're a bigger name, they're a bigger company and logo. Why would I go with a smaller company or a smaller startup? Well, there's a pretty big difference there, because, sure, you're going to go with a well-known brand or logo or whatever much bigger, billions of dollars logo, but what is the compromise you're making and what are the pros really aligning with the cons, and I think that's something that should really stand out for consumers.

Speaker 2: 37:16

I'm sure, just like you said, you've never been on the vendor side. You're a consumer, but you're already thinking that right, you're already thinking like, hey, how is this going to impact? What kind of service am I going to get? And not only customer service and support for product and platform, but even beyond that, in terms of innovation At bigger companies, how many layers of approval do you need to go through to release a feature and you're going to try to make it work with the entire ecosystem so that it benefits the bigger ecosystem. That may have nothing to do with the problem that you're trying to solve, but you're trying to sell more of your own bigger services, broader services Whereas at a startup you're kind of straight focused in your core area the problems you're trying to solve and you're vendor neutral because you don't have expanded library of services you're trying to upgrade the client to or trying to sell them on.

Speaker 2: 38:07

So you're just going to keep your focus on what does the customer actually need in this space and how can I make it better? And if there's innovation that needs to be rolled out, it's much more faster. So the pace of innovation is much faster as well. I think that is something that broader audiences or customers should keep in mind when they're thinking about should I go for a free version of something because a bigger company is offering it, or should I stick with a company that may be smaller in size yet really executing on all fronts and really delivering results in so many ways? So glad to hear that, from a consumer perspective, that you're already thinking about it, and I'm sure a lot of smart leaders out there also think. I hope think the same way.

Speaker 1: 38:52

Yeah, it's, you know it's become so critical. I involve it in my like POC criteria, right, the success criteria, where it's like, hey, I'm going to cold call your support, I'm going to just call them, email them, open a ticket, whatever it is right, and I'm going to grade the level of support I get, just plain and simple, right, and so I've been on the support side and so I won't play like a difficult customer or anything like that. But I mean I'll act like someone that, hey, I just logged in for the very first time. This thing isn't working. I was told I need to go fix it. What do I need to do? Right, that's probably like, you know, a softball pitch, right, like a little soft pitch to any support engineer, like they should be able to handle that. And then, as it goes on, the difficulty gets ramped up. Right, I want to see you know when you decide to escalate, because that matters for me, when I'm trying to get something resolved and you don't know, within five minutes you should be escalating. Right, like immediately. You should be like, hey, I need an adult over here to help me on this thing. You know, let's get through it, because I want to provide that level of customer support. And for sure, I mean, like you know, for those companies that bought the IAM tool from you know, before Google bought them, right, I'm sure they were getting outstanding support, and that's what I actually heard in the industry too, that they were getting outstanding support. Go and open a support ticket with Google, right, like, let's, let's start there, open a support ticket with Google and we'll time them for when they get back to you and what their response is and all that sort of stuff. Right, like, because that matters a whole lot.

Speaker 1: 40:36

Good luck trying to get Microsoft on the phone. Microsoft is typically a little bit better about it, you know, like they'll put. They'll throw someone in front of you with the Microsoft, you know. But it's like, ok, I'm like I just ran into this random issue. I'm going to spend the next two weeks trying to get someone on the phone. They're going to have to escalate it five times because no one knows what they're doing over there. Right, and this is a one off problem. So, like, god forbid me as an end user, I can't solve a problem in their product before they need to solve it. That's like the literal situation. I've been on calls where I've had to reverse engineer someone's product and explain to the person that's supposed to be giving me support how their product works, most likely on the back end for them to escalate it to get someone on the call that understands what I'm asking. And I'm just sitting here like dude. This was, this is a four hour call. Now, this was a five minute question. Right, you should have escalated at minute 10. Like, as soon as you didn't know what I was saying, you should have escalated.

Speaker 1: 41:46

You know, and on the flip side of that too, I have, like, I've internally experienced where you know we're, you know, internally at a company, right, we're evaluating CSPM solutions. You know only, like, the core of your cloud security program kind of an important thing to you know, have the right one in place. Have all of the top competitors I mean, there's eight or nine solutions I'm looking at, right, and I'm evaluating them. I'm nitpicking them because that's what I'm supposed to do.

Speaker 1: 42:21

And you know, last minute, a vendor that we, we bought everything that they sell because, guess what, they own the entire space in a category and it's like, hey, you're either going to go with them or good luck with anyone else. Very rightly so. Their product is amazing, I love it to this day. I have used it for years. Right, they decided, hey, we're going to get into the CSPM space. Right, like, we're going to play in this space too. We heard you guys wanted it. We'll give it to you for free. So you know, my VP, my CISO. Like, they're fully bought into this company. Right, because we already have a contract with them and everything else like that. We're never going to rip them out, nor should they. And we get on this demo call. Demo is in the title of the meeting. Right, to me, that means we're going into a console.

Speaker 2: 43:20

Yeah.

Speaker 1: 43:20

Right, we're clicking around, okay, we get on this call and it's nothing but slides. For an hour it's nothing but slides and screenshots and mock-ups. I'm like, okay, guys, that's fine. You know you guys mistitled this one. I want to see the tool.

Speaker 2: 43:37

Yeah.

Speaker 1: 43:37

Right, put the tool in front of me. Let's get another hour on on the clock. Right. Next week we get on there demo again in the title more slides. And I just go back and I meet with my cso and I just told them like hey, they're showing us slides because they don't have a product. Like they're giving it to us for free because they can't charge us for something they don't have right, but if we buy it, they'll build it.

Speaker 2: 43:59

Basically it's like you're more like a design partner than a customer yeah, which is it's.

Speaker 1: 44:07

It's cool for, for. For me, I guess, if I really want to deal with, you know, the heartburn for a couple years, I'll get the product that I specifically want, you know, but it's like man, do we really want that? Or can we just be more efficient and go with the market leader in this space, pay a little bit extra because they already did the work? Some other customer took the bet on them and they built it around that person already you know like come on.

Speaker 2: 44:39

Yeah for sure, yeah, sure, yeah. I, I can definitely relate to that yeah, I couldn't.

Speaker 1: 44:45

I just you know the first call, when it was titled demo, I was like okay you know, I'll give you a break. It's fine, someone miscommunicated, it's all good I mean I think second call.

Speaker 2: 44:57

Yeah, I think the moment you see a Figma mock-up in one of those slides, you know like, oh, this is talk. We're going to talk about what the demo will be.

Speaker 1: 45:07

Yeah, I'm very Now, I'm very sus of any mock-ups that I see. I'm just sitting here like, oh, I don't know if this thing is real.

Speaker 1: 45:18

Yeah, yeah, well, I'm just sitting here like, oh, I don't know if this thing is real, yeah, yeah. Well, that's the weird space that we're in because, like security, just security overall, right from the corporate side. It's so hot. You know, you got security companies spinning up every day, basically, and they're going to RSA, right, and by the end of the year they're dead, they're no longer a company, and you know, and these people, I mean no, knock on them.

Speaker 1: 45:44

I've interviewed some of them. They're just creating these companies to sell them and make a whole bunch of money. Hopefully Cisco buys them, has to deal with that garbage product, right, and no one's going to buy it from there on, right. I mean, that's the situation that the market is in, because they see Google spending 34 billion on WIZ and it's like I can build something that WIZ would buy, that they're lacking, which probably isn't the case, because if you look at their product suite, they do everything in the cloud, but everyone sees that dollar sign. They're just like, oh yeah, I could get a couple million here or there. You know, it's just we're getting sidetracked quite a bit and it's my fault.

Speaker 1: 46:28

I'm supposed to be leading this thing.

Speaker 2: 46:30

Yeah, I know I started asking you questions, no, but I enjoy our conversation and I don't know how we got here.

Speaker 1: 46:50

I think it started with my journey and then quantum, and then I, and then, yeah, start computing companies you know, and like if you because if you look at any sort of stocks there's like four right that you can invest in that are related to quantum, that are like directly building a business all around their quantum computer.

Speaker 2: 47:10

Yeah, and also there is university investing heavily in research in that front as well.

Speaker 2: 47:21

My professor, dr Brian Kelly from UTSA I know he's pretty involved deep into it and there's independent research organizations as well that are investing in. I don't think we're really in just theoretical phase for quantum. Yes, it's not like the magic. You're going to see quantum computers in every house stage. But there is more than just textbook right the quantum key distribution channel.

Speaker 2: 47:44

Recently I was reading an article that there was a longest practical quantum key distribution channel established between two points. I don't remember exactly the organization that was associated with it now, but it's a proven fact, the organization that was associated with it now, but it's a proven fact. So once the channels are established, now you're dealing with other things like the scalability of it and things like that. But the fact that these kinds of things are happening is a proof that it's not just theory anymore. It's not magic. It's not like teleportation at this instant, but there is progress in proving out the concepts of quantum computing. So I'm sure that we will see a gradual progress in that. It's not like AI that you can just plug in with code and get its actual physical equipment and things needed on top of it, which makes it a little bit more. I guess, effort it requires a little bit more effort. But yeah, I agree, I don't think it's just theory or just text. For sure, interesting, interesting for sure. Well, thank you for having me. I know we're almost out of time.

Speaker 1: 48:57

Sorry.

Speaker 2: 48:58

No, no, no. I truly appreciate the opportunity to be here again and just speaking candidly about all these topics. I'm looking forward to following more of your podcasts and discussions with all of these people and see where things are going. Thank you, yeah, absolutely. Well, before I let you go, how about you tell my audience where they could find you if they wanted to? You know, connect with you and reach out, and you know probably even like you know, you weren't here on is Aksa Taylor. You can also find abstract security on LinkedIn. We recently published a book Applied Security Data Strategy. If you want, and that's freely available. It's a community resource. We talked about it. We're doing another community-led event and that's going to be in Pittsburgh. So if you're in Pittsburgh, please come say hi to me in person. It's going to be my Pittsburgh, so if you're in Pittsburgh, please come say hi to me in person. It's going to be my first travel after my maternity break, so I'm pretty excited.

Speaker 1: 50:04

Awesome, awesome. Well, looking forward to it, I'm sure I'll you know, see a recording of what you guys are doing in Pittsburgh, and we'll definitely be in touch.

Speaker 2: 50:13

Thank you, thank you, I look forward to it.

Speaker 1: 50:15

Awesome.

People on this episode

Joe South

Host