Approachability, Empathy, and Security with Tracy Z. Maleeff

Show Notes

In this episode of the Entropy Podcast, host Francis Gorman speaks with Tracy Z. Maleeff, a cybersecurity expert with a unique background in library science. Tracy shares her journey from being a librarian to transitioning into cybersecurity, emphasizing the importance of research skills and empathy in the field. She discusses the significance of open source intelligence and the need for digital literacy in today's information landscape. Tracy also highlights the role of storytelling in cybersecurity, advocating for a more human-centric approach to security practices. The conversation concludes with insights into current trends and concerns in cybersecurity, including the impact of AI and the importance of protecting journalistic integrity.

Takeaways

• Tracy transitioned from library science to cybersecurity for longevity.
• Empathy and approachability are crucial in cybersecurity roles.
• Open source intelligence (OSINT) is about gathering unclassified information.
• Digital literacy is essential for navigating today's information landscape.
• Storytelling can change behavior and improve cybersecurity awareness.
• Research should be substantiated with credible sources.
• Approachability encourages users to report security issues.
• AI poses significant challenges in information accuracy.
• Protecting journalists is vital for a free press.
• Cybersecurity requires a human-centric approach.

Sound Bites

• "I made cybersecurity my quirky hobby."
• "You need to have a research trail."
• "The truth is out there."

Connect with Tracy:

https://sherpaintelligence.substack.com/

Transcript

Francis Gorman (00:01.08)
Hi everyone, welcome to the Entropy Podcast. I'm your host, Francis Gorman. If you're enjoying our content, please take a moment to like and follow the show wherever you get your podcasts from. Today, I'm thrilled to have Tracy Z. Maleef with me. Tracy is the owner of Sherpa Intelligence LLC. Before transitioning into security, she spent over 15 years as a librarian across academia, corporate, and law firm settings. Armed with a Masters of Library and Information Science from the University of Pittsburgh and an undergraduate degree from Temple University in Penn State.

Tracy has fused her deep research skills with cybersecurity. She's also known for her open source intelligence research, daily InfoSec and privacy newsletter, and being featured in the Tribe of Hackers books. Tracy, it's fantastic to have you here with me today.

Tracy Z. Maleeff (00:44.588)
I'm thrilled to be here. I have my coffee to so.

Francis Gorman (00:49.706)
That's great. And Tracy, when we started talking first, one thing that really drew my attention was you spent so many years as a librarian in that area, and then you transitioned to cybersecurity. Can you share the turning point that made you look at cybersecurity as your next step?

Tracy Z. Maleeff (01:08.044)
Absolutely. is quite a long story, so I'll give you the shortened version. But basically, I was looking for something with longevity when I was making a decision about my career, because in library science, I had pretty much gone as far as I could go. The next step up would be a law firm library director. And honestly, that's not really what I wanted to do. I want to be doing research.

and things like that. So I realized I had to look elsewhere. And I actually read an article, was an entrepreneur magazine. And it said, you know, three ways to future proof your career. And one of them was to find something that always interested you. You know, what was a common thread between past jobs that you really enjoyed? And when I thought about it, it really was any tech aspect. Whenever there was

if it was hardware, the printer was broken, I'd figure out a way to fix it. Or one job I actually found is back panel email system that nobody knew existed. And I really enjoy doing things like that. So that's kind of when the idea drops of, maybe I could explore tech because previously, prior to that, I didn't think that I was smart enough to be in tech, that I was technical enough.

that I had enough, you know, math and science. And that's some sort of weird gatekeeping illusion that took me far too long to penetrate. So yeah, so that's when I started looking at tech as a whole, which I know is very broad. So that's why I was selecting different areas. Quickly realized I had no interest in programming in Rust or Sinatra or any of these other things.

And after really kind of spinning my wheels and not clicking with any of the communities, you know, within tech, you know, little friend said to me, hey, I'm, work in backend security and cybersecurity. think you would be good at this. There's a lot of non-technical aspects or technical aspects that you can learn. So it was really that it was just kind of being also intrigued by cybersecurity stories. One of the tips I give people.

Tracy Z. Maleeff (03:33.546)
who are unsure about a career path, set up a Google News Alert for different keywords. So I had all kinds of tech keywords and also all kinds of cybersecurity keywords. And I would look at these articles coming in and I tell people, well, try to realize what articles are you clicking on? What's drawing your attention? What's keeping your interest? And for me, it was very quickly to figure out, it's all these cybersecurity articles that's interested. Interesting to me.

I like to say I made cybersecurity my quirky hobby while I was still a librarian. I was listening to the podcasts and I was getting involved with the community on Twitter back when it was a more cohesive social media outlet for our infosec community. And then I was brave enough to create an awareness project for Cybersecurity Awareness Month and I took it to the law firm.

and they let me run it. But then when cybersecurity month was over in 2015, I just had to go back to being a librarian. But I know I was was often to this new world of information security. So I just kind of built myself a plan to start my share for intelligence company and make my my way out of library science. And I knew that I couldn't just jump into a new job without

without any training. So I used my OSINT skills, my research skills to do freelance until I landed an infosec job, which I did a year and a half later as a stock analyst. And the rest is what you already read. Yeah. So that's what happened. That's how it happened is just me trying to be proactive, you know, reading the room, reading the world. There was a time

Francis Gorman (05:17.357)
rest is history.

Tracy Z. Maleeff (05:30.163)
when I was making my decision that a lot of law firms were closing or merging and I didn't want to be one of a hundred law firm librarians in Philadelphia out of work, you know, fighting for the remaining jobs. yeah, longevity, know, preserving, you know, what I feel, things like that. So, yeah, it was it was basically, I guess, out of necessity in a way, but it pays and it's helpful.

to be aware of your surroundings like that. It's not always admirable to go down with the sift if your company is going to the ground, you have to think of yourself.

Francis Gorman (06:11.949)
That's a really intriguing story, Tracy. I love to hear the different backgrounds that people come from and end up in cybersecurity. I worked in film and television myself before. I transitioned across and again, it was driven by the recession. it's always fascinating to see and I think a lot of people in cybersecurity have come from.

Tracy Z. Maleeff (06:15.613)
I think.

Tracy Z. Maleeff (06:27.339)
Mm-hmm.

Francis Gorman (06:32.289)
different areas of technology and that, but Librarian is new one for me. I'm interested to know what skills translated best for you, because there's always that kind of niche skill set, no matter what you do, that kind of finds a perfect space in the cybersecurity world. I suspect the research aspects in those were prominent when you when transitioned across.

Tracy Z. Maleeff (06:52.423)
Absolutely. And I have made a whole like second career out of talking about it. When I spoke at Security B-Sides Dublin in May, my keynote was called long overdue making InfoSec better through library science. And that's where I did exactly that what you asked. I showed how I can bring library science ideas and I'll, yeah, I can talk about some of them now. The first one was just empathy.

The one of the primary principles in library science is that, you know, you're there to serve the reader, to serve the user, whatever, you know, the customer, whatever you want to call it. And that people-centric mindset, I noticed was missing less than one week into my SOC analyst job. I remember getting an email. This is absolutely true story. First week on the job.

I remember following up with someone in the company about a security issue. And the response I got was, there's people who work in the cybersecurity department. I thought you all were just automated and it was all robots and things. forget what she said. But it was funny that she was genuinely surprised there was a person there. And I remember asking the stock, I said, do you not talk to the end users? And yeah, the look.

than the scoffs I got. And that was very different for me because in library science, know, it is person first, you are, you know, focused on the patient first. And that's why you exist, is to help connect them with information. So that was a huge thing for me. And that's how that talk started, is I brought the seven steps of the reference interview from library science.

And I break that down and I apply it to information security. there's, I could talk about that for an hour by itself, but just to give you an idea that these are sorts of things I'm bringing in is yeah, the concept of empathy of, you are in a service position. I said this at DerbyCon, I was fortunate enough to speak at the last DerbyCon and I started my talk off with, you know, we are in a service.

Tracy Z. Maleeff (09:15.807)
field, whether you like it or not, but we don't make things, we provide service. And so to have so many people be very arrogant and condescending and demeaning to the people that we're serving made no sense to me at all. So I've been trying to bring some of those other concepts and organizational concepts and things like that into information security. And pleasantly, the response has been great.

You know, anyone, if I do come across the rare, you know, denier of what I have to say, then they just don't get it and it doesn't matter. But 99.9 % overwhelmingly positive response to me bringing these concepts of library science into our world.

Francis Gorman (10:05.133)
So that's a kind of a sobering concept. So from someone who's worked this industry quite a number of years, I absolutely get what you're saying in terms of the robotic responses and the detachment from the reality that there is people at the back end of system in some cases. When you looked at that.

And I think I think this is something probably when you're in the industry, you know, you we talk about security as an enabler. We we look at our awareness programs. But empathy, empathy in itself is a really strong. You know, sediment that you can apply to people in general and, you know, empathy and everything you do, but empathy and security is.

I think you're the first person that has said it in such a sobering way, to be honest, in terms of, you've created a visual for me now of the sock and I'm visualizing the sock and, know, there's just alerts coming in and it's alert fatigue and you're forgetting that at the end of it, someone has clicked something or, you know, someone's password has been compromised, et cetera, and that human touch. So.

Tracy Z. Maleeff (10:52.095)
Yeah.

Francis Gorman (11:10.035)
From working in the industry now and from those initial observations, did you make any changes or any suggestions that kind of helped improve that? did you just get out of Dodge? Was it, can't work here, I need to go to a different department?

Tracy Z. Maleeff (11:20.652)
Hahaha!

Tracy Z. Maleeff (11:25.036)
Oh, no, I love that job. was there for almost two years. It was an assimilation of the, I was a victim of organizational restructuring as were my coworkers. So no, I did actually implement change there. I did win an award actually. I was given an award because I redesigned the daily threat intelligence email. guess that's.

Kind of overstating it, but it was basically like a daily email for primarily the higher ups in the chain. And I, when I saw what the current email, daily email was, I said to my manager, you know, I can do this a million times better. And eventually the opportunity came around for me to take it over. And one of the higher ups liked it and nominated me for a financial award through the company, which I won and about four months after I started.

So yeah, I definitely practice what I preach and implement things. And if you wanted a more concrete soft example to sober you up even more, I have a very specific one. So empathy is important, but before empathy, you first have to have approachability. Because if you're not approachable, then people don't feel comfortable bringing the security problems.

to you and then that's when the empathy can go out the window. But if you think, because it's a stupid, they clicked on this, it clearly looks like it says, okay, except that we look at these things every day and end user may not. It may look legitimate to them because they don't know any better. So the key message about approachability is this is how I explain it to people who are familiar with working in a SOC. I say, if you're approachable,

And then user will have clicked on the link and it notified you right away. You know, oh, I think I did something stupid. This is the email. I think I clicked on it. You know, can you tell me if everything's okay? That's being approachable. Okay. Um, and say the person contacted you at 11 59 right before lunch and you're thinking, you know, like, oh, now I have to eat lunch at my desk. Okay. That's kind of a bummer, but what's the alternative?

Tracy Z. Maleeff (13:50.045)
not being approachable and 459 on a Friday of a holiday weekend and you were not given a heads up that an end user clicked on something because you were too mean and grumpy and not approachable. Guess what I would rather do? I would rather eat my lunch at my desk than be stuck late on a Friday of a holiday weekend because I wasn't approachable. And that is

very much what I saw happen a lot at the SOPS and also subsequent jobs I've had. Because of my approachability, I've been able to have people in the organizations I serve approach me privately, either because they were too embarrassed or scared or just unsure of how to report things or where to report things or just also being judged. And I love that superpower because I was able to sort

some problems because people felt comfortable coming to me and telling me these things. And I love it. I'll take librarian face all day in cybersecurity because I know that I've been able to do some good by being approachable and appreciating approachability.

Francis Gorman (15:04.365)
Tracey, that is a fantastic example. I'm actually, in my head, I'm thinking of the technical frameworks. I'm always thinking of the human centric framework now that needs to be created by yourself and applied to the industry. It's brilliant. It's so simple and just to ground it in terms of approachability followed by empathy, and then to bring it to life in terms of the scenario.

Tracy Z. Maleeff (15:14.259)
Yeah.

Francis Gorman (15:27.703)
Would you like to your sandwich at lunchtime? Because somebody reached out instantly and you got ahead of the tread or spend your entire weekend, know, couch surfing and drinking coffees and eat pizzas because, know, something's been ransomware and, know, you don't know how they got in or where they got in just because you weren't informed because of that, that wall you built. No, it's a fantastic example. really is. Tracy, want.

Tracy Z. Maleeff (15:38.55)
Ha ha ha ha.

Tracy Z. Maleeff (15:49.58)
And obviously it's not foolproof, you get the general gist of it.

Francis Gorman (15:55.758)
I get that, yeah, no, exactly. I get it. It's not foolproof, but nothing is, but I think it does bring it to life. does bring it to life. Tracey, I want to talk a little bit about open source intelligence for people who don't really know what open source is. Can you tell me a little bit about open source intelligence and then some of the methodologies that you would maybe apply to gather information from those sources?

Tracy Z. Maleeff (16:01.692)
Mm-hmm.

Tracy Z. Maleeff (16:08.62)
color.

Tracy Z. Maleeff (16:13.1)
you

Tracy Z. Maleeff (16:23.496)
absolutely. So, in the simplest terms, open source intelligence or or however you choose to say it is basically anything not. What's the word that I want not classified, not classified information. You don't need any clearance to say it. You know, there's there's nothing legally militarily classified about it.

I do, I once ran into folks who said that anything that had a subscription wasn't OSIN because it wasn't free. OSIN doesn't equal free. let's clarify that. So yes, a magazine that has a subscription is still OSIN. So it is what you can gather on your own that is digital because then there's also humans, which is human intelligence. This is a whole other area I am not qualified to speak about. But that's enough to know that.

Yeah, to explain that it's a different type of intelligence. So this could be, you know, your newspapers, it could be method board. But what, in my opinion, and this is where my library science training comes in, you know, it needs to be substantiated. You need to cite sources. You need to have receipts, as the kids say. You know, you, I, one of my pet peeves, one of my other pet peeves is

watching presentations and people don't cite their sources, either with like a physical printing of it or just saying as you're looking at the slide, you know, the information didn't come from the ether. You you need to, you need to have a trail, you know, a research trail. There's, you know, tools like Huntsley that can help you with that. But it's important to know from where your information came. It's also called the provenance.

the provenance of your information. So I have a great example of this. Years ago, I was on a train going to New York for my job at the New York Times. And I started to see on Twitter that Kobe Bryant may have been injured or killed. And I am not one to just repeat something without looking into it. I feel strongly about validating information. And I don't always get it right. And I accept the

Tracy Z. Maleeff (18:46.816)
the correction when I get it wrong. But this time, this is what I was doing was I knew to look for certain resources that I would consider reputable because this is just some random account saying, you know, helicopter went down. So instinctively, I knew actually go to TMZ. I don't know if you're familiar with them. TMZ is a celebrity entertainment news outlet. But I just know from dealing with them in the past,

because of the Harvey Levin as a lawyer, I know that they are very good at obtaining court documents and verifying information. They were the first to report it that I saw. And then I kept waiting for other sources to report it because I wanted to triangulate. I wanted to do a triangulation to say, okay, if three sources that I consider reputable report it, then I think that's fair enough to go ahead.

So yeah, they reported first that I could tell. It took a half an hour for the Los Angeles Times and the New York Times to catch up. But once I saw them post about it, then I knew sadly it was true. that's just the, and now keep in mind, I was on the train with nothing else to do. So I realized that my, this goes a lot quicker on the desktop, but since I was just dealing with my phone, but still the principle remains the same.

You know, and why was I looking at the Los Angeles Times? Well, I knew that's where he lives. you know, using critical thoughts like that of, let me check the local sources as well. Let's look at some local sources. So that's kind of an example of, you know, using my thinking skills for that because, you you don't want to be liable for passing a loan incorrect information to say your stock manager or your board.

Another example I give is, you you need to do your research, your OSINT research as if it needs to be admissible in court. And why is that my mindset? Because I worked at law firm and library for a long time. And you don't know where the research you did is going. There were so many times when lawyers would get back to me after their case and say, wow, that thing you found about this, you know, really helped.

Tracy Z. Maleeff (21:09.546)
you know, with our case and all. And that piece of information to me, I had no idea would be used in court. But because of my, you know, ethics and my practices as a librarian, I knew to substantiate it. But that's the thing is you never know what's going to be used. So you better make gosh darn sure that it is accurate with the citation from a source that you have checked out.

And yeah, that's something that I preach a lot and I wish more in InfoSec would do is with this. isn't just randomly Googling and throwing spaghetti at the wall and seeing what sticks. know, it's broken library world is all the dead bodies are buried on page two of Google results. Nobody ever goes past it. So hopefully that answered your question. But yeah, there's definitely skills that I recommend for OSINT.

to really, you know, use ethics, use library science principles, and AIs making it more difficult. know, AIs, you know, fake stories are being published all the time. New publications, I want to use publications with air quotes, that you look into it and you need to follow the money. Who's sponsoring this website? Do they have ads? If they have ads, what are the ads for? Are they ads?

You know, for a certain leaning or. Yeah, it's like, follow them. And if they don't have ads, that's actually a site without ads raise raise a suspicion for me, because it means they don't need money. May not mean that, but I mean, they must mean that they're funded. So, okay, who's funding them? What are their objectives? Because this goes into the writing. I don't know if people realize that, but, you know, everybody has a bias. You you have a bias. I have a bias.

It's about recognizing that bias when you take in information and you try to look for the truth, the neutral, and then document that. you yeah, you can draw a citation from a controversial publication because that in itself may be of use to the person you're doing research for, but don't present it without the source because there's context in that.

Tracy Z. Maleeff (23:38.41)
Yes, there is a lot more critical thinking and analytics than I think people realize is what goes into ocean. It's not just Googling.

Francis Gorman (23:48.642)
not just Google it, no, and I suppose when you're using it to build threat intelligence and kind of deep end research, do you spend much time in the dark web and that side of things or do you try to keep it above water?

Tracy Z. Maleeff (24:00.608)
I mean, I don't actively use dark web research because I'm currently more interested in, you know, the stories and helping people make connections. I seem to have a knack of just finding really good news articles. So, no, I'm saying more on, I guess, what's called the clear web. But there's still a lot that's unchartered in the clear web that people don't.

really seems to catch on to. So yeah, I'm always really excited when I find articles that I might see some of the bigger companies posting because I'm looking at sources that others may not be.

Francis Gorman (24:46.317)
Tracy on that, if I think about what's happened in the last kind of month with OpenAI and Grok and people who have publicly, well unknowingly created sharing links that have been indexed by Google and are publicly available, I know they've stripped them, but then they've been stuck in different archives and time machines, et cetera. So we know when something goes on the internet, it's very hard to remove it again. You spoke with edX and BIAS. When you see stuff like that happen, that's

Tracy Z. Maleeff (25:12.438)
Mm-hmm.

Francis Gorman (25:16.271)
obviously now fair game. It's up there but but ethically there could be information in there that is very sensitive people's know medical conversations you know company information but it's going to be a goldmine for bad actors.

Tracy Z. Maleeff (25:26.048)
I will do

Tracy Z. Maleeff (25:33.388)
Yeah, absolutely.

Francis Gorman (25:36.189)
When you saw that happen, did anything in your mind go, oh God, this is going to be a gold mine or this is disaster or did that evoke any reaction at all for you?

Tracy Z. Maleeff (25:47.229)
Do AI evoke a reaction? Yeah. yeah, no, it's horrific. And I knew all along it was going to be horrific. But I also knew that, you you can't stop it. So you just have to prepare and you have to build your defenses against it. You have to build your analytical skills.

Francis Gorman (25:50.775)
as in the indexing of the conversations.

Tracy Z. Maleeff (26:16.342)
for it. So that's unfortunately another level of burden that researchers have. And what bothers me the most is the untrained person consuming this information. That's what's bothering me is I, you know, I trust savvy professionals can suss out the fake, you know, for the most part, but what really troubles me and worries me and does concern me is the

you know, the general public consumption of this because they, you know, weren't trained to have digital literacy, which I know some countries have been doing or starting to do. You know, information literacy or digital literacy, whatever you want to call it, again, is a library science principle that I have taught at a college level to be actually. it's.

digital literacy is really important. And what I mean by digital literacy is all these things we're talking about, of how to identify a source, how to detect the leaning of a publication and how to verify things. That's digital literacy, understanding that getting information from a local source versus an international source, the pros and cons of that.

I wish that digital literacy was taught more in school. Maybe it is at some point, but yeah, it's really, you need to have more analytical skills than I think most people are willing to use when they're surfing online. But I just ask that people, you know, maybe talk free-sparing things you're not sure about. Like, that's wild. That's probably fake. Well.

maybe don't reshare it. Don't feed into it. I know that's asking a lot. And believe me, I like to stuff too, but I've made myself pause. Do I really need to share this? Am I sure that I'm sharing accurate information? Because that means a lot to me. I take pride in sharing legitimate confirmed information. And I try to do my best to verify things before I share it.

Tracy Z. Maleeff (28:37.036)
But that's just me. But yeah, that's, it is, it's terrifying and yeah, I'm happy to talk digital literacy to anyone who would listen.

Francis Gorman (28:50.049)
It's a very good observation. And I suppose we're seeing more and more of it, even in the professional space now. If you look at platforms like LinkedIn, can see that the clickbait, I suppose, this piece of research made this statement, but the context is no longer there. It's been detached from the context that it was written in. And I think that's not only is really poor practice, but it's also driving levels of disinformation and confusion. I think, you know, you...

Tracy Z. Maleeff (28:58.507)
Mm-hmm.

Tracy Z. Maleeff (29:02.017)
Mm-hmm.

Tracy Z. Maleeff (29:09.791)
Yeah.

Francis Gorman (29:19.373)
The MIT study of 90 % of AI POCs never failed scale, et cetera, has been flying around. But they didn't talk about the individual with a generative AI account is adding real value in the back end. the context, isn't there. And I think that's something that's been missed. And I think the digital literacy conversation is yet again another important one that should be had at a national level.

Tracy Z. Maleeff (29:25.548)
Mm-hmm.

Francis Gorman (29:47.948)
So, you know, that's a really great one to go after. One thing that you've said a number of times and I've kind of been picking up on it, cybersecurity storytelling. Can you explain this one to me a little bit? What do we mean when we say cybersecurity storytelling?

Tracy Z. Maleeff (29:59.568)
yeah.

Tracy Z. Maleeff (30:06.348)
Well, I love storytelling as a skill set and storytelling isn't about telling a story as it is persuasion. What you're trying to do is if done well, I can tell these stories to change behavior. So storytelling is fundamental to things like cybersecurity awareness. It's also fundamental to

a security team working with an IT team that may be at odds, you know, a lot of tech departments, but heads with the security department. And it's having the ability, you know, to convey a message of persuasion in a way that it'll be happily received and accepted. That's how I define it. I mean, it's...

You know, you're conveying information to either, you know, persuade or, you know, or entertain or, you know, there's a purpose to it. But I strongly connect storytelling and information security to the persuasion because you're always trying to pick something, aren't you? You're either trying to get more money for your budget. So that's persuasion and your awareness.

is perquisition, to change behaviors, right? So storytelling is a very valuable skill and it is something that can be worked on at home and some people, many Irish people are very good at the skill of storytelling. And actually I did write a blog post about it. So I wrote, and I can share it with you so you can share with your listeners. But I was in South Africa at the time and something about

the heritage of storytelling in Africa, this kind of got into my brain and I thought this would be a great way, just great inspiration to write a blog post about storytelling and information security. And I did that and I'll share the link with you. But I just really believe strongly that it's a great tool to have. And when I give my keynote talks, I tell stories from my library days and

Tracy Z. Maleeff (32:34.164)
You know, I think it's part of the librarian theme that I always present. think it's kind of a good stick, I guess, to get people to listen. yeah, it's having some speaking skills, you know, having ways to illustrate points through examples, which I've done on this call. You know, it's about having, you know, a good grasp of language and how to paint a picture with words. When I gave one of my I think it was my very first talk

to the cybersecurity world, was beside Philadelphia, here where I am, sober. The projector didn't work for the first eight slides of my talk, which was very visually dependent. while some guys in the back were seriously working to get the projector working again, I had to share my slides.

as, you know, theater of the mind. Like it was old time 1930s radio and I did it. And by the ninth slide, it came back on. So I was able to relax, but no one told me that they didn't enjoy my talk. I had very well received people complimenting me on, you know, conveying the message. So it is a really good skill to have because sometimes the projector goes out and you need to be able to paint a picture.

with words, know, paint a picture, you know, by speaking to convey your message. And that's where storytelling can be a very, very important skill when it comes to, you know, working with coworkers, working with your end users, working with the higher up.

Francis Gorman (34:18.541)
absolutely agree Tracy and you know the Irish are fantastic at storytelling so you know that's a that's a whole different episode but yeah no it's it's it may not be the sort of stories you'd want to tell your upper management is the only problem you know.

Tracy Z. Maleeff (34:21.985)
Okay.

Yeah.

Tracy Z. Maleeff (34:32.022)
There might be some foul language, but yeah, no, would love to have like an Irish InfoSec storytelling contest. think that would be phenomenal.

Francis Gorman (34:42.957)
might just have a soda seed there. We'll see who can come up with the best. So that's a listener competition now, is it? can put it out there. That's fantastic. Tracy.

Tracy Z. Maleeff (34:52.588)
Yeah. Or create some new, you know, blessing. You know, like instead of may the road rise up to meet you, know, may your ports always stay open or something like that. Or close. Yeah, depending on your perspective.

Francis Gorman (35:07.437)
stay closed, maybe we'll have to think about it. Tracy, before we finish up, well as you're across a lot of research at the moment, is there any trends in cybersecurity that you're excited about or on the other hand concerned about based on your work to date?

Tracy Z. Maleeff (35:18.966)
Mm-hmm.

Tracy Z. Maleeff (35:29.056)
not really ever excited about anything. It's rarely good news. Quantum computing is something that I don't understand, but yes, but that is a concern that's rising. You can find a lot of good academic papers about it. It hasn't really made it into magazines and things like that yet. So this is also something if you are more technically

minded, you can go right to the source of these very technical academic documents. AI, you know, and all the fake things really is a concern, continues to be concern. And just also the way the global events are, you know, it's going to impact, you know, journalists, journalists are often under fire. And if they can't be on the ground reporting what's going on,

You know, and this doesn't pass cybersecurity as well. Like we, you know, we rely on journalists to tell, tell us the world. So we need to do more to protect journalists, protect free freedom of the press. Because if we are being fed news through a curtain, we're never going to know really what's going on. you know, to, pass a quote, famous PDT so the 80s, the truth is out there.

Francis Gorman (36:57.901)
I only have some good news for you on the quantum front is we've had lots of experts on the show talk about quantum. So there's loads of episodes there in quantum readiness and the quantum threat to check out if anyone wants to know a bit more there. We just had today's episode was actually Dr. Mica Mosca. He's he's a world leading expert in quantum. So yeah, definitely lots of good stuff there, which is a, which is a bonus, a bonus point for that topic. But

Tracy Z. Maleeff (37:05.116)
Okay, good.

Tracy Z. Maleeff (37:13.836)
That was fantastic.

Francis Gorman (37:21.953)
Tracy, it's been absolutely fantastic having you on and I think you've had some really unique perspectives come across and I hope the listeners do enjoy the content, but I totally enjoyed speaking with you today.

Tracy Z. Maleeff (37:34.988)
It's fabulous and yeah, I'll leave my information. People can subscribe to my newsletter, follow me on socials. I do post my thoughts and articles often, so please join me.

Francis Gorman (37:47.886)
Excellent, we'll get those details off here and we'll stick them into the episode detail when it goes live. Thanks a million Tracy. Thanks a million.

Tracy Z. Maleeff (37:53.324)
Right. yeah, thank you.