MindHug: We Got You
MindHug's podcast series on change. Join us as we explore transformative ideas and foster meaningful conversations about change, resilience, and well-being in today’s fast-paced society.
MindHug: We Got You
In Conversation With - Tony Bernard: Cyber Practice Lead at KEEN Cyber
Join MindHug CEO Chitraj (Raj) Singh on the MindHug podcast series on change, as he dives into discussion with Tony Bernard: Cyber Practice Lead at KEEN Cyber, who's been through lots of change in his career.
In this episode, they discuss the human factor in IT and AI, why people view change the way they do, and the positive and negative impacts on change as we step into a future shaped by technology and transformation.
[00:00:00]
Raj: Tony has been through very, very big amounts of change in his career, law enforcement, government, and cyber security.
Tony: We've always had cyber security in all societies, be it from medieval times when you have a portcullis, you could have the biggest cavalry. It's always been there.
Raj: In the Mindhug SURE model, which is our core model that we do, 'Safety' is the first thing.
Tony: For me, as an individual, it's recognising the power of people around you and your hub and support mechanisms. Because without that, I'm not that individual who I would be.
Raj: Well, welcome everyone. This is another series of, 'We Got You', it's a MindHug series on change. And today, my studio guest is Tony. Tony, thanks for coming. and the reason we brought Tony for, the series on change is because Tony has been [00:01:00] through very, big amounts of change in his career.
started off in the law enforcement and government, and now you've been very instrumental in the cybersecurity change we're seeing. In the UK, you run a business on that as well.
Tony: Absolutely.
Raj: You're also, one of the partners with MindHug on the cybersecurity initiatives that we carry out. so really, I just want to use this as an opportunity to see and bring to light what is the change you're seeing and what's driving some of that change both from a technological as well as from a social side as well. So without further ado, why don't you just let everyone know your background, what you do, and then we can get into some questions.
Tony: Thank you, Raj. It's a pleasure to be here. And, We at KeenCyber, we've been working close with Raj and MindHug to actually, bring together our two, there's some commonalities, what we have and our mantra is really around people and human, first sort of interaction and [00:02:00] engagement. I started off initially as a qualified as an engineer and, just stumbled. It was my career started off what they called the Y2K boom.
Raj: I remember
Tony: And it was,
Raj: I think there'll be some people over here who are, Who are not from the 1900s as it's called nowadays.
So, you want to, tell everyone what Y2K
Tony: the Y2K. So Again, it was a big deal at the time. what they called the millennium. so it was, from 1999, which always synonymous to there's a song by Prince, 99.
And growing up. It seemed quite a far distance sort of thing to reach the 1999. And it was a new era coming into the two thousands and, millennial. and essentially there was, there was a massive I would call it a panic around,
if people know about computing, it's all binaries, zeros and ones, and everyone thought that the computers, the [00:03:00] competition, in terms of the time, there would be an anomaly with, the way the computers behaved.
After,
Raj: They thought the coding was limited to 1999, right?
Tony: And there would be some kind of glitch, thereafter. I graduated literally around, The summer of that, sort of June, and then out in the wide open world. And then as most sort of students do, I started, you started to temp, started just working and the first job I got was working for one of the, service integrators, again, because of the Y2K sort of the build up towards that, it was a case of, Actually, they wanted numbers and field engineers, as they called them at the time, to actually go to client sites and be available.
so great sort of exposure. At the same time, it was a great, introduction, should we say, into the world of IT at the time.
Raj: And the funny thing is we've had more glitches since Y2K than before [00:04:00] Y2K or at Y2K, and here's where it's interesting: people didn't know what was gonna happen to Y2K till midnight. exactly. So people were waiting. I remember. And it became a cultural phenomena. I, remember JLo's song waiting for tonight. You remember that? And it, was, everyone was playing that and, just, because of Y2K. And there was a wrestler.
I remember, if you remember Chris Jericho,
Tony: Chris Jericho,
Raj: it became Y2J. You remember that? Yes. It was, it just became this
Tony: And it was the new labor era,
Raj: when midnight ticked, everyone just, sighed a
sigh of relief, right? It was just,
Tony: the corporations and the government saying, actually this is going to occur. And do you remember even, Microsoft jumped on the bandwagon. they had, at the time it was, windows 98, wasn't it? And then they had a millennium version, millennium Edition,
as always, multinationals jump on the bandwagon from a marketing point of view, but then there's also the fear factor, which, and some of it is introduced to not give you a state of panic, but to, ensure that [00:05:00] people stay within their realms and not push the boundaries, should we say?
Raj: and we're going to talk about this because talk about perception. We're going to talk about fear because you and I have spent many hours chatting about, and that's part of the reason we started partnering up as well because of the social side
of
Tony: Absolutely
Raj: cyber security. we're going to, we're going to talk about this and Microsoft is a good example, given what's happened
Tony: What's happened, yes. Microsoft have been synonymous to, I think, throughout the, the maturity of IT. And again, if you look at Microsoft wouldn't have existed without, as they call it big blue or IBM, it was obviously, DOS, which started off, but then, people don't know.
Raj: of companies might not have existed without IBM. even Apple, drew a lot of influence from
Tony: Absolutely. But I think we're so there's, I think that's probably one for another podcast where we could talk about the history and the evolution of IT. But yeah, going back to my career. So as I said, I, [00:06:00] literally started to, temple contract into working for these, service integrators and then just. I just naturally went into working within the IT field. And then, it transpired that a lot of contracts were within the government and, defense side of things. And that's, To this day, that's where, again, a lot of my career has been involved around, governmental law enforcement.
It's pretty much been the full circumference of around that area. Why, I like working within that space is, It's always changing. There's always new initiatives and there's always a change of government.
With that becomes, it changes, there's a change of direction and also a fresh stance, as they call it. there's never a dull day, I think. And I think, our British civil service [00:07:00] and the civil service itself, they get a hard time on how press when you think.
Governments can change every four years, but the personnel and the individuals who work within those institutions, be it in government, in education, whatever, they're there for the long haul. And I think it's testament to those individuals really, because sometimes they're unsung heroes. And,
Raj: and I worked in sovereign central bank it's, funny that you're always judged on failures, right? You're not judged when.
. Things are
Tony: when things are going well.
Raj: things are going right rather. And, and it's interesting and cybersecurity is a very, prime example here because people have this expectation that cybersecurity is, foolproof or it should be And there are so many reasons from a technological perspective and or social perspective that almost everyone [00:08:00] will face a breach at some point.
In fact, there was surveys done. With, IT managers, senior IT managers, and I think the vast majority of them, well
Tony: above 50%, well
above
Raj: 50% said they have at some in the career faced breaches, And that's only the people who actually answer the survey in the first place
Tony: And the ones that know that they've been breached. There are organisations who have been breached but don't even know they have been,
Raj: And if an organisation, like a CrowdStrike in Microsoft, the largest organisations, most technically savvy organisations can face breaches and we saw what happened in the Paris Olympics as well.
Tony: Yes, absolutely.
Raj: People are. Going to get breached because it's, it doesn't exist in silos, right? Technology doesn't exist in silos. It's not only the tech companies. You also got the malicious actors also developing, et cetera, right? Technology is developing. So it's not acting, it's not in silos. and nothing is foolproof and technology is as much about social controls and people as it is about the [00:09:00] underlying technology, right?
Tony: and fundamentally, the technologies and the products and the services, it's manmade, right? You can't blame, you can't blame the computer or.
AI for someone else's failings, because that code and the actual, infrastructure is built on the actual, the delivery, how it's actually deployed. It's all controlled by us, by that human factor. So , there needs to be some accountability. And I think particularly in this day and age, Raj, there's the, there's a lot of blame game around blaming the tech.
The human factor is fundamental. be it from when we started off in 10 BC to where we are now today, there is absolute, it's imperative that we as human beings, we still do those fundamental things like we're doing today and engaging, [00:10:00] with one another and sharing that knowledge.
Raj: I think. there's a subtlety there, right? So it's not about blame because blame assumes we're supposed to be these perfect human beings, which none of us are supposed to be we are going to make mistakes. There will be those failures.
It's, how you deal with those failures, how you mitigate the risks with those failures
Tony: Exactly.
Raj: It's how you come back from it that really determines it. And I think it's very easy to say the technology is the issue. because the challenge with that is that we're not changing the environment to ensure that the social failures don't happen because we just assume it's the technology now.
No one's saying you have to blame the people. Who, may have influenced some of those failures but you do need to recognise that those failures come from people for us to actually implement solutions that can some of that, right?
Tony: And as I said, accountability. Put your hands, put your hands up and say, Hey, I've made a mistake.
I, I take account of it. And we will, we would learn from it. And [00:11:00] actually, be it for your customer base or be it through your own family. as if you had siblings, you had arguments with your siblings. but the very next day. It would be water under the bridge and you would be, even playing field where you say, okay, I was wrong.
They were wrong. And then you just carry on about your business as always, and, and, live that life as you should. But there are still individuals out there who, who still want to do that blame game.
Raj: And I think that blame game itself is a safety mechanism, right? We're not able to want to admit that we did wrong, because that almost makes us feel like
Tony: we're inferior
Raj: inferior or fallible, and that's an environmental issue, right? That's because we're taught that. And so it's not, again, that individual's fault. It's the environment that shapes that behaviour. but maybe it's a good time to segue here.[00:12:00]
let's, just ask a very general question and this is not necessarily linked to cybersecurity, but just, generally.
What does change mean to you?
Tony: Change in my mind, there's two aspects, from a, even a personal work capacity.
It's, there's a negative aspect where change, you think it's going to impact you in a negative way. an example of that is when you're growing up, if you're, let's say one of the older siblings, I give that analogy, and then your, mother tells you there's going to be another sibling coming into the family, your instant reaction for most is that, Oh, I'm not the only one.
person in the nucleus, and it could be a negative impact. that's that personal analogy from a company perspective, again, that change where a, it could be, there's a new CEO or a new CISO the, workforce, [00:13:00] they know there's going to be a change of direction and that new individual, the leader, that leader would change way the organisation actually delivers on their mandate and their, strategy, should we say?
And again, often there's that negative aspect and, around self preservation for me from a person is how is it going to impact me? What's it going to do? The flip side to that is changes, the positive is it can bring you out of your comfort zone. Actually, you could maybe take on new skills in the personal world, in your personal life.
The change if you didn't, if you're going to the same holiday, let's say every year to that same seaside, it could be, Bognor or Southend or wherever it is, but then you decide to change and say, I'm going to go to Spain and then that you just said.
Yes. And then the year you [00:14:00] went to Spain, you meet someone who changes your life or, or I, you come across some individuals like yourself who gives you a different mindset. I think really as human individuals, we need to say, see change as not really a negative thing and always look at the positives and what change can bring
Raj: So there's this exercise in Buddhism, the monks do very, often they built these beautiful structures with sand, art if you go see them, and the goal of that whole thing, it's not designing that art.
It's actually immediately after you've designed that art to destroy it. Okay.
Tony: Wow, yes.
Raj: it's, to train them to know that everything is temporary.
Tony: Yes, and to enjoy the moment.
Raj: the moment and enjoy the moment. Yes. Yes, like the ice sculptures
Correct. Correct.
Tony: You know, it's the I know they're man made but you know when you actually see the ice sculpture in it [00:15:00] visually it's impressive, isn't it?
So yeah, and yeah, absolutely. It's I think that's a great point you've mentioned in terms of our senses. I don't think we take We use our senses well enough as we should You know,
Raj: But also recognise the limitations of our senses Because some people just assume the senses are getting all the information possible. And, we know that's not true because we're always dealing from shortcuts. And, so I think you're right. We do need to appreciate whatever information comes through.
And People automatically assume change is bad,
Tony: Yes.
Raj: And that's the assumption we have made that we have relied on. And that might have genetic roots that might have evolutionary roots because, we didn't have much control of our environments back in the day.
And we probably still don't have a lot of control of our
Tony: Yeah. And it's the status quo. I think it's, there's, there is a generational thing as well, Raj. I think, [00:16:00] I'm subject to that as well because as you get older you do realise you still question things but you're happy to go about your business and you want that.
it's stability and that your lifestyle If anything changes or there's some deviation with that, it's, completely negative. It's a negative. And I
Raj: guess that's how we're trained and that goes back to the early discussions we had about the blame culture, right? Yes. And really
Tony: Yes.
Raj: And really it being an environmental issue Because, I guess and we can go back to the genetics and the evolution of it. Because we had no control of our environment, we had to focus on individual threats within that environment.
Tony: That's right.
Raj: right?
Because we couldn't control the environment, right? So we would focus on the snake or the Sabre-Tooth Tiger
Yes.
And that started moving into individuals, right? So we had to stop blaming individuals at And the more we start doing something from a psychological perspective, and Rebecca, who's your partner, who will be on one of our [00:17:00] podcasts, she and I have chatted about this cause she's got a psychology.
Background right is it just becomes more and more reinforced and you start focusing on
Tony: No, absolutely. Absolutely. And I think living in the metropolis, like in big cities, there isn't much change. It's quite static. You give the analogy of, in the early days, Mesopotamia or, societies where they were nomads.
they, never had a place they can call home. They were always on the move. Now, Is that a negative? It's, there's two sides to that. they were always seeing new things or on their journey. And they were being educated in that manner.
Whereas we, you think we've been educated and we are sophisticated in the metropolis, but really we're, in four brick walls, aren't we? In reality.
in terms of going back to what we do in, Keen Cyber. Yeah, just, I think it's probably worth mentioning Keen Cyber was [00:18:00] evolved with me meeting Rebecca Keen, my business partner and how we came across yourself, Raj, around our philosophies aligned around regardless of what we're actually doing in our actual Subject matter, field, it's, always been around the people first and, that engagement and I think I always see when you have that human interaction and you meet someone for the first time, rather than through a zoom call for two teams.
Actually, when you meet someone, there's, a complete different actually outlook. think is very key that, that, that remains going forward, there's human interaction, because I think without that, as human beings, we, won't prosper.
Raj: And we can look at this from
even from a nervous system perspective okay, there is, there are [00:19:00] theories out there that talk about how anxiety and depression emotions more generally were communication mechanisms, pre language, and the only way some of those feelings of disquiet, whether it be anxiety or depression, which by the way, used to trigger pre language Based on your environment.
So if there was a threat in front of you, you might go anxious, to actually communicate to your, tribespeople there's a threat around me so that they could actually come and chase that threat away. Now what's happening in today's world is we are detecting threats, which are not necessarily threats, but those threats are different for individual people because we are, we're a global world but other people can't recognise And even if they could recognise it, we're just becoming more and more insular as. As a society that the tribe is not coming to chase that's right away. So, we're not being able to get those emotions and the nervous system at a stage.
Tony: stage. no, that's a fair point. And I think the pandemic and obviously lockdown was [00:20:00] probably a good use case for that. Because there was individuals who were used to actually having that interaction, going to the office, having their routine, and all that broke down. Because, not all of us have families, should we say, some individuals are, they're solitary, they would be that persona at work, and then when they're home, they're themselves. But without that routine, it breaks the individual. And, it takes and again, I think that's what makes us unique around as human beings.
There is no right or wrong, and there's no actually particular pattern or way of actually living. It's all individual.
Raj: We all live different realities, but we think we live one.
Tony: and it's, I think, Regardless in the personal or in the workspace, it's for us to understand as we evolve or [00:21:00] as we, develop in our own sort of life, we need to actually embrace that and understand it.
because that's where, particularly if you're a leader, We have no appreciation of success ,
Raj: and that boils down to two things, right? And we're going to talk about leadership in cybersecurity in a minute. but that boils down to two things for, and this is where Rebecca has two businesses. She also has a recruitment
Tony: has the recruitment business.
Raj: and she and I have always talked about this, that You have to bring the people who fit your culture as well, right?
Who are not just doing this as a job, but it's, a combined endeavour, right? And the combined endeavour through a common philosophy,
Tony: it
is
Raj: right? It doesn't take away from someone having a different philosophy and everyone has right to a different philosophy. It just makes that, that work a little bit harder if people have different
philosophies. Absolutely, it
It the leader's job harder. It makes the individual's job
think the engagement is somewhat fraught, if Yeah, there isn't [00:22:00] that commonality from the offset. the key takeaway there is, it's as businesses understanding the requirements of your actually, what you're setting out to do as a business.
But really, that's only 50, 60 percent the other 40 percent is actually the engagement piece. we have got that advantage when you look at compared to other nations, because culturally we are very diverse and we it does give us some kind of a different outlook.
as long as we don't
Tony: don't have,
Raj: don't have actions that get threatened by that difference.
Tony: Yes, and the arrogance, what comes around it.
Raj: which by itself is a, is also a threat
Response.
it's not actually their fault, it's just the shortcuts that they're using to process.
Tony: process. Yes, absolutely. because you would see that in particularly in the IT industry for the past two decades, the term outsource, if, it's a menial task, I'm going to outsource it.
that's [00:23:00] devaluing the whole,
Raj: the world. Yeah.
Tony: is, it is because it doesn't matter how menial the work is or. It's adding value to the organisation.
Raj: it's the age old thing, right? People. Knew how powerless they were so they just sought control and the best way of seeking control was, power and if you couldn't get power fake it
Tony: it. Yes, yes, absolutely.
Raj: so
Tony: Build a cottage industry, as they call it, just to make you, give yourself gratification, isn't it?
Raj: all stems down from the fact of how powerless people feel, often. And I was talking to someone, just the other day and, and talking about how change happened in their lives. And they spoke about the fact that, I had to change because they were having challenges with an individual come from a place of.
not feeling indebted to that person. So, [00:24:00] place of equality,
Tony: Yes.
Raj: right? and once, and that went both ways, right? That person had to accept that they were not indebted and the other person had to understand. That there was no debt to be paid.
Tony: I see.
Raj: and both of them stem from the environment that has shaped us
Tony: Yes.
Raj: and let's bring this discussion now back to the cybersecurity industry, because that's somewhere where you've been a huge proponent of change just generally. why is cybersecurity so important in today's world?
Tony: here's the conundrum here with, and I think there is a fear with, as it's the human factor, as I always say, the term cybersecurity. and label in something, it brings that a lot of times, particularly in industry, it's deemed as bad term, a negative [00:25:00] security, cyber.
And when I look at it, if I go back, and if you go back in society, I always go back in history, we've always had cyber security in all societies, be it from medieval times when you have a port cullis to protect your surrounding, you could have. The biggest cavalry in the 17th, 18th centuries, Genghis Khan having the biggest manned army.
However, as we found out that the biggest armies, that use a Trojan horse analogy where there's always a chink in the armoury and there's always a vulnerability.
And
Raj: the Trojan horse, by the way, was social
engineering
Tony: was social engineering. Exactly. And I brought
Raj: in and everyone thought it was a horse and then they had the whole army in that
Tony: they had the whole army. No, exactly. So I think. It's always been there, but there's always been a different term or a different label on it.
And the term cyber security, as I said, it's, It was always [00:26:00] deemed as information security in the early days, in the 80s and 90s, and then they brought the term cyber. It's around educating people around saying, We are not a hindrance.
It's there to actually facilitate and actually complement your business And actually we're there as a positive Or I would say a positive driver and that's the key thing really for cyber security. you need to I think there's a always that that fear that What people don't understand We're assuming as individuals, we, if you don't understand something straight away, I'm going to have my guard up and I don't like the, I don't like this. I'm used to this way of working and I'm sticking by that. but you over here, you're bringing in this change. I don't like it.
And this is where I think. Particularly as leaders, it's about educating [00:27:00] those individuals who we work with and saying we are not a hindrance, we're there actually to actually, be an asset to your business and help your business actually strive.
Raj: it's probably a good time to explain why we started working together because we both spoke about this, probably a year ago now, when we, thought about this and we had the same discussion and we said, we have to educate people, but you've mentioned exactly what we spoke about, which was safety, right?
People put the guard up and we know from a biological and a psychological That when the guard is up, it's like talking to a wall, right? Because the body actually shuts down, right? You can see it
Tony: It's a fuzz. It's a fuzz.
Raj: brain scans because it goes into threat mode and threat mode means all the body's trying to do is escape.
Now that's not the person's fault. That's not our fault, but until we understand what's actually happening from information processing in the individual, when you get on that stage, you can't actually implement change.
Tony: Absolutely. Absolutely.
Raj: so which is [00:28:00] why. In the MindHug SURE model, which is our core model that we do, safety is the first thing, because before any change can happen, you need to bring the nervous system to a stage where it can actually acquire information.
And there's no way it's going to acquire information if it's tricked into believing it's running away from a Sabre-Tooth tiger.
Tony: typer. Yes.
Raj: so the work we're doing now, which the workshops as well, which we're collectively is why are we bringing in breath work and sound therapy and mindfulness into that, because we're trying to give people that safety, before we can, it's a positive Trojan horse, right?
It's a positive Trojan
Tony: No, absolutely.
And I can bring that same analogy with cyber security. CISOs, CEOs, CIOs, If they were actually compromised within their actually organisation or previously, they would carry those scars and they would have that guard up and their first reaction would be, rather than [00:29:00] looking at the nucleus of the issue and saying, and looking at as they would as leaders.
logically and, strategically, they would have that particular, that, that reaction where I need to protect myself. Let me invest in the technology, the tech is going to cure me. The tech is not going to cure you because you need to understand the new, as I said, the nucleus of the issue yes, the technology could protect your estate, but fundamentally before that.
It's your workforce. it's, actually your people. It's actually how did the actual, compromise happened in the first place? And, we've, always discussed this for, around 90 percent of all compromises and ransomware attacks are human interaction.
Raj: and people think they're not going to be
Tony: defrauded.
no.
Raj: social engineering just gets more and more [00:30:00] sophisticated, right?
Tony: As I said in the early career, I was always told email is not a guaranteed form of delivery, but we all expect that email to come in milliseconds, don't we?
And at the same time, it's still the basic sort of technology sort of forms like text messages, emails, which are duping
Raj: and,
Tony: and phone calls and, really,
Raj: I got a call from Amazon the other day because of the MacBook that I ordered the night before. And I basically told them, no, I didn't order a MacBook.
I ordered
six.
Tony: Yes.
Raj: And they didn't know what to do. They didn't know what to do.
Tony: it was off. It was off the script, wasn't it?
Raj: Like that. I didn't order What happened to the other five that I ordered?
Tony: The script,
They weren't taught that in the script, were they?
So it's, no, absolutely. And I think really fundamentally we, that's what we're here for really around. It's going back to the basics and understanding, replaying something. And actually learning from those mistakes in the first place, as we said, [00:31:00] as we were as children, or when we were corrected by your teacher, it's actually learning and saying, actually, that was the new that was the root cause of where I went wrong.
And actually take an account for it.
Raj: Yeah. But take account for it to learn,
Tony: learn, exactly. not to blame. Absolutely. and, this is where the industry, I think, particularly, and it's not just the cyber security industry. I think it's business as a whole. The, there is a lot of, un-factual information and also scaremongering, which really needs to be actually, Brought to the fore.
And as com as a community, we, we, should be calling it out as SMEs. and look, end of the day, everyone's here to make a profit. Yeah. But I think we always say this when we, myself and Rebecca and yourself, Raj, we always say it's the benefit of the [00:32:00] business. It is no point in making a profit if there's no benefit.
For both responsible and for, both parties. Yeah. and that's where ethics come in. I think really, I've always been straight down in terms of ethically, are you actually delivering a, service which is, true to yourself and you the business?
Raj: Yeah, as an economist, the word I use is. Look, if you. If you add 10 units of value or 10 units of happiness, which is the fundamental premise of an economy, right? It's to add value and happiness so we can enhance the human experience. It's not to make money. Money was just a way we were able to transact so we could do it
Tony: So we could do it efficiently, exactly.
Raj: So the goal is to enhance the human experience. And if I add 10 units of happiness the human experience, which wouldn't have existed without us. And we say, can we keep two of that? We're still out of 10
Tony: You're still outta 10 units? Yeah,
Raj: we've made a profit on the two units. Okay. But [00:33:00] there's still eight units out there, which is there for everyone to Okay, so that's the way I define responsible profit and impact entrepreneurship and everything, right?
Tony: But then most organisations want the additional two units,
Raj: or, they don't add any units of happiness and they are still tricking people through information Into believing they've added 10 units and actually taking two units. So it's a negative happiness into the world, right? So so you have zero added but you tell the world it's like, selling blueberry pie to someone who likes apple pie or is allergic to blueberries telling them it's apple.
Tony: It's not gonna go down
Raj: not going to go down well.
Tony: no.
Raj: there's no, you can make money off it, but you've added no happiness into the world. that's what I look at, but, but this is, really good. So you've spoken about. The executive team, and this is probably a good time to say the journey that MindHug and, and KeenCyber has been on over the last [00:34:00] year or so.
So we started obviously on, DSBD, digital security by design, the initiative, the government, the largest, one of the largest digital security initiatives in the government. we started from a technical point because we wanted to develop technology and we realised one of the limitations in healthcare is, digital security and regulation.
So we started working on CHERI and Morello, which is this really sophisticated piece of technology that that kind of splits
Tony: it's a foundation really.
Raj: foundation, right? It's a new chip,
Tony: and for those who don't know, CHERI was actually, it was devised by the university of Cambridge
Raj: And ARM as well
Tony: and
and look at the positives for what CHERI actually and those initiatives
Raj: bring that becomes a social concept, right? So the benefits. So that's why we started moving towards more of the social and psychology of it And probably it's a good way of saying What do you think is the best way and we've spoken about safety, which I agree is paramount We've agreed about talked about bringing people in the workforce who [00:35:00] share that vision with you but what do you think is the way we need to Showcase benefits because here's another problem right in the world. All right, we have more information more data in the last two years All right. Then all of human existence before that. Okay. More data has been generated in, in in the world in the last two years, then all of human existence
Tony: Yes.
Raj: Okay. So we are not only dealing with an abundance of data that needs to be kept secure. We're also dealing with an abundance of data, which we have to Navigate to get any message across. And by the way, this abundance of data is, acting as triggers to get up, get the guard up on people
Tony: Yes.
Raj: And because it's exponentially higher, the threat mode is exponentially higher as well, which makes change higher as well.
So how, what have you seen in the work you've done both in, in, in law enforcement and defense, as well as through your consultation, that has worked in helping people understand. The benefit of digital [00:36:00] and organisational change more generally and actually implementing it.
Tony: fundamentally as a team, we, need to get a buy in from the individual. So it's always that initial engagement where the early engagement is key. when I come in and actually meet the team, I always like to meet the team.
particularly not just actually the senior, members of obviously the management team, but the team, and when I say the team, the, it could be the development team, it could be a HR team, but the team who's actually delivering the key sort of requirements, and bread and butter for the business.
And I try and do a, we call it The Keen Space or the Keen Works, it's, it is essentially a workshop where we'd present a bit about ourselves, what we'd be brought in to do, and, push our initiative, the initiative around [00:37:00] cybersecurity.
As I said previously, rather than it being a hindrance, it's actually, it could help you within your day to day job. It's purely around as individual cyber resilience. Prevent is always the, key thing. and it's actually learning, teaching the workforce to actually understand those techniques around that.
And, I think it's really fundamental around when we're, people think as you get older, it's too late to learn. And we're learning every day and you need to have that mindset. And I think it's telling those individuals that because it's, quite easy for them to actually say, I don't know anything about technology.
I don't understand it. we always come in and, the first thing we always say is it's forget the technology. It's actually asking what value are you bringing? what is [00:38:00] your role in the organisation? Everyone's an asset to the organisation.
And actually, if you did, for instance, click on the email or if you did actually let that visitor into the building, what will be the ramifications and the implications. And it's working through those playbooks. So, a lot of that, a lot of those sort of, the workshops are around the fundamentals on the, how individual would behave rather than the tech.
Raj: And that must be very validating for the individuals because I think, and this is coming from a place of genuineness by the way, just so everyone knows, it's not, we're not trying to, manipulate the workforce.
So, the workforce is there to come work together. I would say the counter, which is not happening now is actually the manipulation, which is people feeling like they have no power, to be working together. And part of that actually boils down to. People just [00:39:00] taking a job because it becomes survival instinct and some people have to do that.
Tony: Yeah, absolutely. It's a necessity for them to live
Raj: Correct and then also Goes back to the point that they're not feeling part of the mission Okay, and they're not feeling part of the mission because that boils down to a leadership challenge It's not always cascaded down or they're just not the right cultural fit for that organisation which can happen and a right cultural fit doesn't mean You know, there's anything wrong with you.
It just means people are different and that's the bottom line, right? so so the question really is if we had to influence Leaders to understand this because also one other thing I want to understand
Is there anything that you do? Different to other organisations to get in front of those leaders so you can actually have those
Tony: Me and Rebecca always find, when we talk to leaders outside their comfort zone
I. e. not in their actual workplace.
Raj: call that a discomfort zone almost.
Tony: yeah. [00:40:00] where they essentially that they are themselves.
So the coffee shop or the actual, you may go for a meal. we'll go for a meal in the evening and then we would bump, we might've gone to a seminar and we bump across, we bump into the CISO who was at that actual seminar. And then it's just small talk initially around the individual, around who you are
Raj: it's about people,
Tony: right?
And the person.
And then it's, it, it's a natural really, conversation around. About the individual and then it just transpires actually, actually we work in cyber security. Oh, I'm a CISO. and, that's really it. I think it's, a natural.
Raj: you've already, calm, taking their guard off.
Tony: Yes, exactly, and then they're able to understand, appreciate the true genuineness of the effort rather than
Absolutely.
Raj: genuineness being masqueraded as a threat.
Tony: right? Absolutely. and, [00:41:00] this is where I think, there's still that mindset where there is that hard, those, email mail shots, those sort of cold calls, which none of them are really going to bring value.
They may bring a sale, but are you going to have that longevity with the client? Probably not. and I think a majority of time we go our separate ways. We don't, there is nothing to close or there's no further engagement and that's fine.
I
Raj: You had a good human connection.
Tony: exactly. And I think, really fundamentally it's, With those engagements, sometimes we learn something as well because,
Raj: I will, I would just say that it's really what you're doing is you're trying to connect as a human being, rather than it being an imposition, You're trying to connect as a seeing, what's If they can get some value from it because by connecting and validating Their experience as a human you've dropped that safety guard, which we've spoken about [00:42:00] over and over again
Tony: Exactly. It's very much around understanding the business and building up that. The resilience through the workforce, because that's really where your profits and your delivery is all coming from your workforce. the rest will, again, it will be a actual natural progression. If, as, you do that engagement and that journey, isn't
Raj: Yeah, no, 100%. In fact, one of the projects we did, with the DSPD and Describe ecosystem which is linked to CHERI was around, was around regulatory standards for healthcare companies, and GDPR and the EU is, valid, HIPAA and the States.
And, we felt that. Really the parent standard, it's not a parent standard, but it covers a lot within HIPAA and GDPR, not everything was the ISO standards, The, ISO two seven zero zero one. and if you look at the standards, and [00:43:00] I can't remember at the top of my head, how many standards they were, but it's a project, but can get the project, in fact, we'll put a link in this podcast as well to the project we did, majority, the vast majority, well over 50% of the standards, were social.
Social standards, not technical.
Tony: That's right. Exactly that.
Raj: and, and that was because of a recognition that it is someone leaving a password out or someone passing a password or someone sending details that they shouldn't be
Tony: Yes.
Raj: the, other case that was going on. With Meta/Facebook around that person who sent faulty invoices and made millions,
Tony: That's right. Yes. that was a funny one. Yeah,
Raj: so so so, they were controlled and in fact there were a lot of I think that the article said man steals Millions and someone said it's not stealing or stealing because they handed it All right, and I think that then someone corrected that yeah, but it's still fraudulent [00:44:00] behaviour, which it is But it was just interesting play on words and that just goes back to how language can change things right the right word okay.
So look this has been a great chat. now I know we're coming to the end now so the one question i'm gonna ask you is What is it like working with MindHug? ?
Tony: I'm here today and, you haven't scared me off yet, Raj, but, no, it's, I think, it's been a really It's been educational from my point of view, because, as I said, was always, it's probably over the past two or three years of the focus has been on human resilience and actually engaging with you.
It's actually complemented that and actually broadened out our actual horizons around what you're doing in your space and what we do. and there is some synergy and commonality. Absolutely. [00:45:00] Within, the two strands, even though we're two worlds apart. Yeah, but
Raj: that's, that just shows that the world was focused on a very conditioned and siloed view, not realising that everything boils down
to people.
Tony: No, exactly. And, in a nutshell, really, MindHug has, I think what the work, what you've done, to actually build the identity of MindHug and the ethos. I could see. Yeah, I'm happy to be a part of that journey and I can see things really where we as keen cyber and you as MindHug that, that journey.
I think there's a lot of things, good things to be look looking forward to in the horizon. and I think it's testament to yourself in terms of that, you live, the MindHug way. Yeah, there is. There is. And I always say this, [00:46:00] even within cyber security, I'm, not going to actually advise you on something which is not my subject matter expert.
I might, my expertise would say I would, through the network, I may be able to recommend or advise someone because within cyber security, as in with your space, it's vast. And, ultimately that's where we, as. we've got that network and that support mechanism. I call it the family, isn't it? Yeah.
to have that is, is a great thing to have. and it's really important as, as individuals that we actually, know our limitations and know our strengths. yeah, so I think, Really, it's been absolutely amazing. And it's not been a great length of time, is it, Raj, really?
It feels like I've known you forever.
And
started with Rebecca, right? That was not even when she was in cyber security. [00:47:00] she was, but she was on the recruitment
on the recruitment side, yes.
Raj: And then you came along. Yeah. and
Tony: again, it was the same sort of, It seemed like the same way how I met Rebecca, it's the same way how we met.
And it's just really, those sort of type of relationships you have to actually cherish. because it's like, it's just a natural thing where Positivity brings positivity, as I always believe, as like the Dalai Lama actually always says, and we need to actually promote that.
Raj: And change is hard, right? Change is hard. we're going to fall a million times and we
talk we keep falling a million
Tony: in industry, as I said, we don't in those big contracts where there's a lot, there's so many moving parts, so many commercial constraints, how do you actually unpick it? It's and really. . It's actually been having that [00:48:00] mindset to actually say, actually I can work outside the box here.
Yeah. And that's really where, what it's about. there's some, sometimes there's rigid, yeah. You have to be rigid, but there is a flex. Yeah. the ruler does flex, doesn't it? Yeah.
Raj: 100%. Cool. Yes. All right. One final thing for our listeners, watchers, everyone around the world. What is the one thing if you had to give away to people that helped you during challenging times or during change? It could be anything. Book, quote. It
Tony: Yes
Raj: And if it's a playlist, we can post it in the podcast.
Tony: Yes
Raj: If you had to give away something,
Tony: music to me is it's my escapism and as humans, we've always got different moods, and that's where music really is great, isn't it?
You can, there's music to exercise too. There's music to relax to, there's music to embrace and enjoy it collectively. So, music is really escapism for [00:49:00] me and also there's a, there's too many, I think there's too many sort of artists and songs to probably mention, really, I think it's, For me as an individual is recognising as we mentioned it, recognising sort of the power of people around you and your, and your, hub and support mechanism, because without that, I'm not that individual who I would be, and that could be, growing up from actually having a, unconventional upbringing, should we say?
And then meeting those people throughout your journey in your, in that life, it could be, and, like we have, it's that, the power of those people and those individuals, some of that makes you as an individual and, knowing that you're not alone when you're facing challenges and changes, I think really, we should always have that mission because as I said, there are [00:50:00] individuals out there who have, who feel very isolated and feel that they are very much in their own silo they don't have that support mechanism, but really it's about reaching out.
And if they do, if they did reach out and actually, knew that there was that outlet, it would become available to them.
Raj: and not only that, there are actually studies done on this, which actually show that you're actually doing a favour to someone you reach out to by reaching out to them
Tony: It's that good Samaritan analogy, isn't
Raj: in position because we are innately wired to want to help our tribe Okay. So you were actually doing them a favour. Now that doesn't mean you'll always get help because people need to, we know we're always in a very irregulated nervous system stage because of the amount of information around us.
Tony: Yes.
Raj: And, and we can go into, and I'll do, we're going to be doing a podcast on this at some point as well.
So if you're [00:51:00] always in a dysregulated information, nervous system stage, when you go and ask for help, someone's not actually in the headspace. To actually reach the deeper level of emotion and deeper level of human connection that's needed to provide that help So in a sense they are in a dysregulated ill state themselves That's why they don't provide help But if someone is in a regulated state and many people will be in a regulated state we go through cycles You actually do them a favour by asking them for help, so if someone doesn't give you help it's probably because they are in a dysregulated state themselves
Tony: right?
Raj: but the point of the matter is there will be someone in a regulated state who will Jump on anything to help
Tony: So is that would you see that as a defense mechanism what we
Raj: Oh yeah. It's absolutely, it's, more than a defense mechanism. It's, the body saying, body and mind saying, we need to exit.
The nervous system is flared up because we are facing threats. It doesn't know that information. Is misguided information.
It's [00:52:00] just using that information to make calculations
and, it uses them as shortcuts,
Tony: But that's how your brain is. Every individual's brain is wired slightly different,
Raj: Correct. And every, brain is wired to look at shortcuts because it was programmed when we had to run away
Tony: it.
Yes. It's that repeat. Yeah. Or that situation they were in. Yes.
Raj: So we don't ever look at the full picture. Because we've been trained to run away from that tiger and running away from that tiger meant.
We didn't have time to think. We heard rustling of leaves we ran. So we've always been programmed to deal with shortcuts. And the problem is, abundance of information means we're dealing with so many shortcuts that our nervous system is
Tony: confused. It's so true. obviously in the, world, in the development world of the IT world, it's the goal is a short script so they can be done with it and move on to the next.
And it's the same mindset.
Raj: Simple question. How many people. How many people will actually read the manifesto of, of who they're voting for? [00:53:00] They'll ask the neighbour, the siblings,
Tony: Or the company strategy.
Raj: companies.
Yeah, exactly. They'll just hear things because we use heuristics and which is called shortcuts Because the probability of us actually making a difference to that election is so small That the cost of actually acquiring that information has been calculated so high That we just base it on heuristics
Tony: Yes.
Raj: right shortcuts
Tony: Interesting. That's really good. But the bottom line to end on a positive note is most people Not most people, every person is wired to help.
Raj: Sometimes they're not in the nervous system states to be able to help, but that doesn't mean they don't want to help.
Tony: Yes.
Raj: In fact, that if anything, that means that sometimes they need help to actually calm that nervous system so people who ask for help say, but I never got help. that's because that person themselves might've needed help, but a person in a regulated state will jump to help because that's how we hardwired.
Tony: [00:54:00] Really insightful again. You learn something new every day. I mean that's a completely different way of looking at things.
Raj: And you're doing them a favour strangely. pick up that phone if you need help.
Tony: Absolutely, an open book is one shared, isn't it. Correct.
Raj: Correct. Correct. Absolutely. thanks a lot, Tony. we're going to be talking to your business partner at some point,
Tony: point. Yeah, absolutely. I think, maybe the next session we'll get Rebecca. we can do another session on a specific topic, isn't it? And, really again, pleasure and thanks for, actually having me.
Raj: Thanks for coming, Tony, and, thank you everyone, and we'll see you next one.
Tony: Bye bye now.