The Cybersecurity Bridge

Vlad babiuk, Stellar Cyber

SiliconANGLE

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 36:55

Vlad babiuk, Stellar Cyber joins Jon Oltsik for this weeks episode of The Cybersecurity Bridge

SPEAKER_01

Hello everyone. Uh it's John Oltsig here, uh analyst and resident at theCUBE, cybersecurity community activist and podcaster. And welcome to another version of the Cybersecurity Bridge podcast. If you're one of the very, very few people in the world who's never seen my podcast, each podcast covers a specific subject and it is divided into three parts. The first part we talk about the present of that particular area of cybersecurity. The second part, we talk about the future of that area of cybersecurity. And the third section, we talk about the cybersecurity bridge, how we get from the present to the future. So I'm uh glad to have a new guest on my podcast, Vlad Babiuk, who is the director of technical product marketing at Stellar Cyber.

SPEAKER_00

Vlad, welcome. Thank you, John. Really happy to be here. Been watching your shows for some time now. So it's exciting to be here and uh get this podcast going. So it's gonna be an interesting one, I'm sure.

SPEAKER_01

And let's go. But before we do, are you ready to play cybersecurity trivia? Yes, I am. Okay. This one's in our domain that we'll be talking about. It's a little bit of a tricky one. And so uh my friend, uh reformed analyst uh Anton Chuvakin, who used to be with Gartner and now is with Google, uh he uh coined this story and came up with this concept called the SOC triad. And the SOC triad is composed of sim NDR network detection response. At the time I think it was called network traffic analysis, and EDR endpoint detection and response. And so the question is what year did he first write about it? Was it 2013, 2014, 2015, 2016, or 2017?

SPEAKER_00

Oh my gosh. Um I'm gonna go with uh did you say 2020 or sorry, which one was that?

SPEAKER_01

No, I started with 2013 and went to 2017.

SPEAKER_00

So I can tell you it's not 2020. No, no, it's not 2020 for sure. Um I'll go with 2017. Okay.

SPEAKER_01

It was it was a tough one because who who remembers the exact date? No, it was 2015, and uh he's modified that a little bit. He's talked about including uh application logs, he's talked about cloud logs, and he's talked about identity, but we'll get to that. But now we're going to talk about security operations. And so my general question to start is what do you think of the state, the current state of security operations?

SPEAKER_00

That's actually a really good question. And um what I'm seeing right now is kind of this uh real inflection, I would say, in the security operations. And uh, since we just kind of gone through the RSA 2026, um, it made it very clear the industry isn't essentially experimenting AI anymore. Um, it's uh operationalizing it. Um and what I mean by that is that AI has moved essentially to a more of the center of the SOC itself. So there's a essentially a shift where AI is not just a feature, AI is the foundation. Uh, it's just not it's not just a dashboard anymore. Um, AI is driving uh essentially the decisions and and the workflows itself. Um, the other thing that I've also seen is kind of the shift that is happening as well. And you probably remember, John, we we started with this kind of uh uh perception of more of a reactive approach that we've done for so many years or so. And I believe we're kind of moving away from reactive. We're kind of in this proactive going into this more adaptive kind of solution, I would say. And what I mean by this is like reactive has been really mainly kind of this chasing of alerts. Uh, the proactive has been this kind of Fred hunting or the enrichment itself. And now we're moving this adaptive where we're seeing systems that are essentially guiding investigations, we're seeing AI that builds context uh and paths automatically, we're seeing analysts that are able to validate some of those outcomes. So it's a very interesting kind of uh approach, this whole autonomous SOC. And you've heard autonomous SOC, you've heard AI native uh uh security operations, uh AI sock. There's so many different words I would say. I'm I'm not sure if you're gonna have a question on this, but that is uh an interesting one, I would say. Um, and then the other two things I would say that I'm that I'm seeing a lot as well is this market consolidation kind of continuing. Um, a lot of those platform-level solutions that are starting to acquire some of the dependencies that are needed, I would say, to be able to grow into this AI new world. So, you know, a lot of the data pipeline acquisition that we've seen, like the observer, yeah, the ONU, uh, this is continuing, as well as the AI security space. That's also becoming a new category, whether you're seeing those kind of AI security companies that are uh single pointing at AI security companies that are just necessarily doing maybe the visibility of how the employees are using A application, the models, how they're behaving, the agents. Uh, you're hearing this AI security systems. Um, or you're seeing uh the platform-level solutions that have a sim or have an XTR that are acquiring those AI security uh solutions in order to be able to resolve that side of the things because it also almost acts like a like a confidence level. Some solutions were able to build it in-house, some are acquiring. But needless to say, there's this AI security category, but there's also this uh obviously this consolidation that is happening in the market um on both streams.

SPEAKER_01

So it's not a boring market for that description. There's a lot going on. But let me ask you so um you immediately got into AI, which is cool because uh AI is fundamental in what we're doing. We're watching what the uh adversaries are doing. But AI starts um or AI models start with good data. So I want to ask you about the data because historically I've thought of uh stellar cyber as moving toward and and marketing toward open XDR. And some would argue open XDR versus native telemetry. Well, native telemetry is stronger because it's controlled by a vendor, and open telemetry may not be as robust. What's your thought on that?

SPEAKER_00

I think I think open telemetry is probably the more the necessary requirement that is needed nowadays, especially because you cannot just rely on third-party data to be able to do and solve some of the things. And I'm I say always, uh, and probably the market is also kind of showing this, is that AI is just as good as the data that you have. So if you're just relying on one sphere of data, um, that becomes very complex. And also when you look at the open XDR approach, we're not just looking at at the endpoint. We're also, we want to also get some of the telemetry for the network. We want to get some of the telemetry on the cloud, the apps, the the everything, because that is the picture that we're trying to solve here. And that, if I can say that juice is that that that information is what's gonna drive the the uh the ability for us not only to filter uh some of the noise that we don't need, but also focus on the things that we need by doing some cross-correlation, by focusing on the case-centric approach, but also uh being able to utilize some of that automation that we have um and that the market is is kind of doing right now to really build in uh that autonomous SOC capability. Um so I think the open telemetry is probably the best approach, and also the the the avoidance of the specifics uh around the vendor lock-in, because a lot of users are also looking to be able to uh multiply the usage of what they want to uh use on a day-to-day basis, not just one specific telemetry itself. I'm not sure if I'm answering your question, but that's kind of the approach that I've been looking for.

SPEAKER_01

That was that was good. That's a good start. Let me let me dig into that a little bit because um open telemetry assumes that you're getting that telemetry through APIs. Everything I've noticed in the market is that the APIs aren't really that good. A lot of them are poorly written, a lot of them are are um limited, they give you limited access to the data. So, since you're in that market, tell me where I'm right and tell me where I'm wrong on that.

SPEAKER_00

I would say um I think there's kind of an important nuance. A lot of the vendors talk about this open telemetry and APIs, but in practice, just having APIs is not necessarily something that's going to be able to solve everything. So APIs are great access, I would say, but they don't solve necessarily the normalization, the correlation, or the consistency. So what ends up happening essentially is that teams still have to stitch everything together. Um, agents have their own issues as well, deployment overhead, uh coverage gaps, essentially. Um, but it's still there's a real challenge with APIs versus the agent itself. The way I've seen that have worked pretty well as well is like having sensors, you know, sensors specifically built in directly uh with an astronomy-prem solution. Um, that has gained a lot of good visibility and credibility within the market itself.

SPEAKER_01

Okay. Um historically, one thing, and we and and basically what you talked about up front is there's a lot of moving parts in security operations. And that communicates to me complexity. And complexity has been the enemy of security operations. In fact, when I was at ESG, we did research, and a lot of people bought a sim assuming that it was uh giving you out-of-the-box functionality, and they it turned out no, that's not. You have to customize it, you have to maintain it. So um talk to me about complexity, the the the uh the balancing act between complexity and efficacy.

SPEAKER_00

Yeah, for sure. Um what I'm seeing right now in the market is, and I think this is one portion of the consolidation that is happening, is a tool sprawl. There's essentially an great example is I I used to work at a at a major financial institution. We had three sims, we had uh two in DR solutions, we had two of everything, three of everything. Are we using all those solutions? We were not using all those solutions because it was complicated to be able to go from one solution to another solution and be able to stitch it together and understand exactly what's happening. So I think the market right now is reacting to the approach that we've done for so many years and trying to consolidate. And I essentially look at it as two consolidations that are happening. The first consolidation is an internal consolidation. You're seeing some of those platform solutions that are realizing, hey, we need a more unified view of what is happening in the a better workflow for our users. So they're combining their SIM, they're combining their XDR together, they're combining their store together, they're combining their attack surface management, they're combining everything together and they're putting this kind of unified view. Uh obviously they might not have all the tools, and so there's there's another type of consolidation that is happening where they're acquiring companies in order to create that full picture. Um, and I think ultimately this is where the complexity is, one of the first complexity I would say is because tools are are you're using in a SOC tools that are a little bit everywhere, and you're not able to have that kind of unified view and approach in your investigation. Um, I think this is actually shifting right now. So I think there is definitely a much better approach that is being coordinated within the market, but it's still very far away. Um, we're we're still seeing, like, especially with companies that are acquiring other companies, in order to create that unified view, the stitching together is not always perfect because you you have a one architect that has worked perfectly fine for you, but it doesn't mean necessarily that it's gonna be the same thing with the other solution, and maybe the maturity of the other solution is not gonna be as great. I think what has worked very well is organizations that are able to create something that is purposely built for uh for the market, for the user, and that is truly unified, not something that you're stitching together. The other thing that I would also say is uh is uh in a kind of different perspective, is I'm looking at a tool right now. It's like you want a tool that is working for the user, not the user working for the tool. And that has been a big issue in the past because as you remember, in the 1990s and then the 2000s, when we first started kind of getting together the security event management, the security investigation management, combining them all together. There was a pretty significant tuning required, a lot of work from the user to be able to make it compatible. Nowadays, I think we we a lot of the companies are realizing, hey, we need to provide a lot of those out-of-the-box detections, a lot of those out-of-the-box integrations, we need to provide some of that automation, you know, so it's so it's prioritized, so we so we have that cross-correlation with the front intelligence enrichment, all of those things combined together.

SPEAKER_01

Yeah, I remember those days, not uh not some somewhat fondly, but uh not from a technology or a use case perspective. But let's move on to the future. And you started by talking about the agentic SOC or the autonomous SOC. And I'm I'm wondering where do you think we are today? And since we're talking about the future, what can we expect in two to three years from uh AI agents dedicated to security operations?

SPEAKER_00

Yeah, um, I think today we're we're just starting to realize the implication that AI has on security. Um and we're just learning, we're kind of in this infancy phase. And I'm I'm gonna break it down, back it down a little bit. When the sim became the sim, uh that was a learning curve. When the sim became the next gen sim, that was a learning curve. You know, when people realized that EDR was not the only approach, you also need XDR, you also need OpenXDR, that was a learning curve. You know, when we move from SecOps, TDIR, Unified, that was a learning curve. And I think now we're realizing that, hey, we need to combine, we need to understand all of this, plus we need to add the AI component in order to be able to fully have this uh complete picture of the autonomous SOC sphere. Uh, how does it uh how does it reduce the amount of alerts for our users? What are some of the impact that it will have on the response capability that we have? What else can we do to really fight AI with AI? And I think that's kind of the better kind of way of saying it. Um I kind of see SOC that becomes kind of more AI driven by default. So I think AI will correlate a lot of the signals, build a lot of the investigation, recommend a lot of the actions. And we're already seeing this in the industry. Um, and then analysts are essentially going to be shifting, and I'm sure this is this has been said multiple times already, but analysts are gonna be shifting for more of a kind of decision-making oversight, um, exception uh uh expertise, kind of more like a strategic role, I would say, uh, on the forefront. Uh, I think data strategy is also gonna become a kind of the battleground. So I think key trends like data pipeline control is gonna be a big one. I've I've also seen like a few folks were talking about like ETL agents. Uh so that's gonna be interesting how that's gonna be positioned in uh some of those um data pipeline companies, uh, cost optimization, open and close architecture. Um, I think the the platform consolidation is gonna continue, of course, as well. And uh I think AI security is gonna become mandatory. I I don't see it being as a component that will not it will need to be part of your ecosystem as part of your ongoing strategy in order for an organization to be able to have the full visibility in the system, because the complexity of the attacks that we're seeing today are probably not even as big as what we've seen or what we're about to see in in the next few months, in the next few years or so, because our attackers are using AI to create more complex attacks. And so if we don't have the tools to be able to uh view it and to be able to capture it and isolate it as quickly as they're able to create it and make it as complex, then we we can't survive. And so that's why I would I would almost say the only approach right now moving forward is to have an autonomous SOC um capability or feature to be able to move forward.

SPEAKER_01

Yeah, I agree. I think it's a work in progress. Uh and I think you do too. We saw that at RSA. But um we're also seeing uh and we talked a little bit about this, but new data sources, so um identity to get a better view of of uh understanding the root cause of an attack, also understanding who owns an asset. Uh we see uh uh exposure management integration so that we can have more of a risk-based approach. Uh and how do you see those things coming together with uh AI agents? So, in other words, uh there are product categories, identity management, uh C10 or exposure management. Do you see those merging into uh security operations or is there a loosely coupled kind of relationship?

SPEAKER_00

I I I don't I I've I've actually seen the uh continuous threat exposure management agent. That was something that I've seen as well. Um, I think identity is becoming kind of the central layer for understanding a lot of the environment, uh, but it's still one of the kind of hardest problems uh to solve well. In most environments today, I think identity is is fragmented. You have users, you have service accounts, you have uh cloud identities, uh, you have API keys, you have AI agents. Um that's uh that's why we've actually seen, I think, like last year, uh a big focus uh has also been around identity, uh, identity threat detection response. And I think you probably heard it because that was a big one one of the things that a lot of companies were starting to implement. Um, so all of this is kind of interacting with the assets, but they're not always clearly, I would say, mapped itself. So when alerts fire, one of the first questions you typically see is still who actually owns this and what can they do? And I think that's where AI starts to actually help, but only uh as the right context. So what we're seeing emerging is essentially AI is building the dynamics behind the identity uh graphs, um, linking users to assets, uh permissions, behaviors, and and activity over time. So now when now when you're you bring AI agents um into the picture, it gets a little bit more interesting because agents effectively become kind of this new identity in the system. Um, they can take action, they can access data, and they can trigger workflows. So I think the shift, the question kind of shifts from who owns this asset, uh, which identity, uh is it human or is it machine? Uh is it responsible for the action or should it be allowed or not? So the future about it, I think, is probably gonna be more of a unified identity, asset context and activity into kind of a single view. Um, I think that's the direction we're seeing this as well with like a lot of the other solutions like NDR. Uh NDR is not gonna be um, I I don't believe personally that it's gonna be like a standalone solution. I think it's gonna be within this full unified sphere. And we're already seeing like some companies that are also creating uh dedicated agents that are able to auto-triage not only EDR alerts, not only UEBA alerts, but also NDR alerts. And so maybe identity is gonna be another portion of it.

SPEAKER_01

Do you think uh we evolved to a place where there's really strong local coverage? So you mentioned identity detection and response. We've got network detection response, cloud detection response, endpoint detection response. It seems to me that those are very, very good at detecting and responding to local activity, but something needs to stitch that together. So does it become more of a federated kind of a federated model like I'm describing? And then what's that centralized um centralized um investigation platform, if you will?

SPEAKER_00

Does that make sense? Yeah, um I I I I believe it's more of a kind of like a lot local coverage, of course. Um one of the things that I'm seeing in the industry is also like in it's it's probably more it's it's more of a common thing to to see on the auto triage side of things, is and the Federation is probably one of the biggest ones as well, but is the coordinator agent. So that can be another kind of uh interesting portion, I guess. And I I don't know if that's maybe the answer itself, but it's definitely one of the approaches that could be dedicated specifically on stitching it all together, putting it together and giving them guidance and direction on what needs to be done. Um, because they all kind of share a certain amount of context well. So stitching it together becomes kind of almost a manual process. So I think you need uh that. kind of system to try to kind of reconstruct and put it in in uh an actual um an an actual unified approach uh to be able to move forward so um that's one thing because i think people don't realize um you might hear like autotriage agent you might hear um you you might hear the response agent the summarization agent and whatnot but in the background there is a lot going on there is there's many agents that are working together they try to complete that full picture for the adult so the analyst doesn't have to do it um and i i think that's probably maybe one of the directions that we can see this put together in the future yeah i've never heard that term that way the coordination agent but that makes sense because the coordination would be the workflow behind stitching together this alert so I get an alert on the cloud or I get an alert on the endpoint what else is going on what else have I seen where have I seen this IP address um who let it in what else has happened so yeah that's good stuff um let's move on to the third part the cybersecurity bridge getting from here to there um as we have more agentic solutions what kind of skill sets do we need um not and I'm not asking what the skill sets go away but I think there are new skill sets so I'm I'm interested in your opinion on that yeah I I think from a skill set is is changing our mindset is one of the first things I think especially for SOC analysts because we've kind of built this approach for so many years that you have tier one tier two tier three type of analysts we cannot continue um putting ourselves into that kind of position anymore because with the agentic with the autonomous and everything like that I can see tier one tier two becoming as as uh I wouldn't say completely dissolved but they're definitely going to be predominantly completed by the the autonomous SOC platform itself. The analyst perspective and mindset has to change to become more critical and more strategic and also as a human oversight. And that's why you're seeing a lot of this kind of human in loop feedback loop because models are are great at giving you what you're you're looking for but they also make mistakes they also hallucinate they're also prompt to some security risks and concerns and whatnot. And so and like I said in the beginning they're just as good as the data that you feed. And so that other portion of the data is the analyst the analyst that is providing guidance and direction of what they're actually looking for, how they want this information to be perceived and why this information is so critical for their success when it comes to a particular investigation in order to close a particular case. So I think changing our mindset is going to be very important. The other thing is is obviously the ability to to fight with AI because we're not we're not doing this it's not the same as it was before the attacks that are going to be coming in they're going to be much more uh probably bigger stronger more critical than the ones that we've seen and probably faster as well so I think this continuous development this adaptive approach that we were talking originally is going to become very important as well because that is what's going to allow us to position ourselves as a solution of choice as as a company that has the visibility that is needed to be able to um to attack AI with AI essentially in the future um and I think it's just understanding AI understanding what what it what it needs what it wants and and where where we're kind of moving the direction that we're going uh so continuously educate there's gonna be new new career new uh new new positions opening up as well you've probably seen already like AI security engineer uh there's ai security sock manager there's there's everything you can imagine around ai right now so um I just think our the way we've we've looked at the SOC itself in for the past few years is gonna change uh quite significantly and so we need to adapt to that um and we need to adapt to it very quickly yes i've i've heard the term ai orchestrators or ai security orchestrators yeah um but let me press you on this a little bit because you're I I agree with you that tier one and tier two analysts those roles get changed uh but that's a growth and training domain right now right so if I became if I start as an entry-level tier one analyst and I grow to tier two and then tier three I've learned along the way so we're saying well we're gonna take away that tier one and tier two or at least change it um so how does a tier how do we get tier three analysts thread hunters really experienced people in forensic analysis and investigations when we're taking away the training ground yeah um I I think it's I think the training itself is still gonna be there I think it's a matter of of positioning them in a certain in a certain spot where they're learning other tasks and other responsibilities and other um nurture them to to be able to be a tier three hunter. So I think those positions are just not going to be tier one tier two anymore. It's just gonna be a different type of position that that's gonna help them to achieve that tier three so maybe they're gonna come in as a tier one yeah security security like model um analyst or something like that who who their responsibility is to understand exactly how AI is behaving. Is it behaving the right way that it's doing um or is the is the particular like use cases that we have the integrations and whatnot make sense you know so the I think the responsibility itself is going to shift. I don't think we're completely removing the tier one tier two I think we're we're just adjusting it we're adapting it to the current needs. So um I think it's just changing it's it's it's a it's a movement um I don't know what it's gonna be to be honest with you uh right now in the industry as as we look at it right now and some of the prospects that we tackle or the the customers that we talk um they still have the tier one the tier two the tier three but they're just saying hey our tier one tier two is not what it used to be before they're just doing other tasks other uh different things that are maybe a little bit more guided towards them becoming that tier three analyst eventually yeah good answer by the way thumbs up for that answer.

SPEAKER_01

Um I I also think we'll use AI for kind of red teaming simulation to teach them uh there'll be more use of cyber ranges things like that.

SPEAKER_00

Um so here's a question that I've pondered with for years and that is uh if uh if you look at security in general it's a horizontal practice meaning everyone needs a sim doesn't matter if you're a manufacturing company financial services healthcare do you see that uh same model moving forward and and I'll uh let me just uh build upon that uh AI is gonna change all of these industries uh I do some volunteer work at a at a hospital and even my little local hospital is adopting AI and it's going to make it much more of a different business model than it has been historically so do the tools start to become more verticalized or is that a customization type of activity as it's been forever i i think they're probably gonna be more verticalized but um I don't think sim is going away I think it's gonna be just a different type of sim um traditional sim has been very horizontal it's true they like collect everything store it they let analysts query uh but today the problem is isn't just visibility you know it's also decision making and I think that's where AI kind of starts really changing the role of the sim itself um what we're seeing with sim evolving is from a system of record into a part of a kind of an operational platform instead of just like storing and then searching data you need to actively essentially participate in the correlation the investigation and the response so at the same time you're seeing some more domain kind of specific capabilities like identity and cloud and so on. I think this future isn't just purely kind of horizontal or purely kind of vertical I think it's going to be like a combination. So like horizontal for data access and maybe vertical for like enriched context all tied together by kind of an AI driven kind of workflow. And the platforms that win will be the ones that can unify it so you're not choosing between the brief and the depth you were seeing this happening already you know like a lot of the solutions and you probably heard it um unified security operations platform or um secops is was one of the other ones uh um but then also you're kind of seeing the shift in some of the some of the wording like autonomous sock AI native security operations platform you're seeing some of the SOC overlays some that are just really positioning themselves on the on the just their ability on filtering some of the alerts that are coming in but don't necessarily have any like detections out of the box don't have any integrations out of the box you know I call them sock overlays they're great at reducing the alerts but they're not necessarily giving you the the operational portion which is that the true sim you know the the uh the correlation the uh the uh the case management the um the ability to cross correlate and all of the enrichments of a friend intelligence and whatnot so um I think you need a blend of everything and that's kind of where we are moving together. I think sim is just going to evolve um but it's not gonna be a sim in the future it's gonna be something else but it's still going to be there just going to evolve.

SPEAKER_01

Well even Gardner has now I think they have three names for sim or three categories for sim that they're now pitching. So one more quick question because we're almost out of time and that is um we're everything we've said assumes that the customer is acquiring and managing a sim or a security operations platform. What's the role of MSSPs and does that change in an MDR of course and does that change in an agentic AI stock world?

SPEAKER_00

I think it definitely changes um but I think it makes it better for them because for an MSSP perspective the ability to reduce the to to increase the visibility to reduce the amount of alerts as quickly as possible for their customers is going to be very beneficial. So especially companies that are currently working uh that have positioned themselves as an autonomous SOC capability and they're working we're very close with MSSPs that are leveraging their solutions uh for MDR um I think they're the ones who are going to be the biggest winners as well in this industry because not only their their their hands in some cases are very tied in because they have so many different customers that they have to take care of um this autonomous SOC, this agentic revolution that we're going through is actually an enabler for them to um have more customers at the same time while at the same time being very critical on the type of alerts that they're spending a lot of time and what they're escalating. But there's also the the other caveat that there's also maybe the concern, right? Autonomous sock is not perfect, right? There's we're still learning, we're still growing, we're trying to understand exactly everything that needs to happen. And I think that's why you really need that human in the loop factor. So I think those ones that are going to perfect that human in the loop um are really the ones who are going to win in this kind of industry because not only they're going to be able to sell hey we have the speed that comes with AI but we also have that oversight and both combined together is really where the benefit is going to start to shine.

SPEAKER_01

Yeah I agree and and three quick points to add one is uh AI technology allows them to customize what they offer maybe four different verticals. Number two is they're trying to hire the same people everyone else is and it's expensive and you can't always get the right people in third it's a thin margin business. So uh if you can have robots doing what people do maybe you could pull a few more shekels out of the margin. I don't know.

SPEAKER_00

Yeah hopefully for them but uh we're just scratching the surface but we're uh unfortunately and sadly out of time but I do want to ask you the question I ask every one of my guests and that is what's the one piece of advice that you give to cybersecurity professionals who are watching this wonderful podcast um I think it's just uh continue learning and AI is um get interested with AI put the effort and the time to really focus on understanding exactly how it plays within the cybersecurity sphere because it's gonna be a a very very important piece of the puzzle when you do decide to um whether to join a company on the vendor side or a company on the on the in the you know not on the on the customer side more of a as a as a client itself it it's gonna be uh the piece of the puzzle that you're gonna need to solve on the day-to-day basis um and I don't say I wouldn't say forget everything you you knew before uh but keep what you knew before and just add that extra layer of AI.

SPEAKER_01

Yeah what I wrote after um RSA was be cautiously enthusiastic about AI and so we can leave it at that flat thank you so much for being a guest on my podcast you were great thank you John appreciate it two thumbs up doubt thank you I loved it thanks so much on I really appreciate it it was great it was my pleasure and for the audience thanks so much for listening and I'll be back soon again with another edition of the Cybersecurity Bridge podcast