Uncloaked: A Cybersecurity Podcast
Uncloaked: A Cybersecurity Podcast by BlackCloak takes you inside the world of Digital Executive Protection and personal cybersecurity.
In today's hyper-connected world, corporate leaders and high-net-worth individuals are prime targets for sophisticated cyber threats. But the weakest link isn't at the office—it's in their personal lives. And the line between digital and physical risk continues to blur.
Discover practical solutions, expert analysis, and behind-the-scenes stories on the unique and evolving security challenges faced by C-suite executives, board members, high-profile individuals, and their families.
Uncloaked: A Cybersecurity Podcast
Ep. 33 | Building a Security Strategy That Works: A Discussion with Martin Borrett
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
After 30 years at IBM, including seven as CTO for Security across EMEA, Martin Borrett has seen cybersecurity evolve from a niche technical discipline into a daily reality every organization must confront. In this episode, Martin unpacks the security strategy imperative, why executive and organizational buy-in is the real differentiator between success and failure, and how the line between personal and corporate risk has all but disappeared.
If you're interested in learning more, you can contact BlackCloak here, or visit the BlackCloak website.
Welcome to Uncloaked, a podcast series brought to you by Black Cloak, the pioneer in digital executive protection and leader in personal concierge cybersecurity. I'm your host, Dan Vasco, and today I'm joined by a special guest, recently retired from IBM after 30 years, where he spent 25 years working in the cybersecurity field in a number of senior roles, including as Chief Technology Officer for IBM Security across EMEA for seven years. It's Mr. Martin Borrett. Thank you so much for being with us here today. Thank you, Dan. It's a pleasure to be here. Thanks for that intro. Of course, yeah. Your career obviously spans um many years across this industry. You've got a lot of experience uh dealing with security strategies, and that's why after we uh met a little bit ago and kind of talked through uh your career path, this seemed to be a very uh applicable conversation to have in today's landscape in general about having a security strategy. It's something you've consulted on and dealt with throughout your career. So, you know, before we get into the the nitty-gritty of this, uh can you walk us through a little bit of your career path that spanned those 30 years for IBM and of course those 25 in cybersecurity?
SPEAKER_00Yeah, no, happy to do it, Dan. And and you know, cybersecurity is just it's been an amazing field to be involved in. Um, it has changed so much, and I think we'll come back to this. And and I didn't imagine when I started 25 years ago the way in which it it would all evolve, the internet would evolve. But I I started my career very much as um a technical specialist, actually focused on an area of cybersecurity around access and identity management. So, you know, authenticating people, authorizing them, PKI, like digital certificates, those sort of things. And back then things were relatively simple. And I think we'll come back to how the architectures have had to evolve and change as the technology has evolved. Uh, but I spent about five years doing that, and then I thought, you know, I was looking to expand my horizons and embrace some new challenges, and I pivoted into security architecture and started to help design architectures for systems, you know, with with end-to-end security, with all the security characteristics, the controls, the policies. And I spent a chunk of time doing that. Largely these roles all across EMIR, you know, the Europe, Middle East, and Africa. So it involved a lot of travel. I got to meet clients in many different countries, different cultures, different economies, different levels of maturity, different attitudes to risk, um, different investment strategies. You know, the diversity across Europe is considerable. So I worked as a security architect across Amir, grew my skills, my profile, my reputation, my eminence, um, and then worked with a colleague who's still at IBM, a fantastic chap called Jeff Kroom. I'll give him a shout out. He's another IBM Distinguished Engineer, and we built a security architecture team globally for IBM. Built the team, nurtured the team, recruited people, ran the enablement, uh, built methodologies that they used with clients, all sorts of fabulous stuff. That was really great. And then I got asked to lead an Institute for Advanced Security in Europe, which was more of a think tank, thought leadership organization. I did that for a chunk of time. And in 2015, in recognition of my impact with clients, my technical track record, my eminence, a number of things, uh, I was appointed an IBM Distinguished Engineer, which is uh one of the highest kind of technical levels in IBM. And with that became CTO for EMIR and did that for seven years before moving back into the UK for the last couple of years as technical director around security, and and now I've retired. Um, so it's been wonderful, it's been diverse. I've got to work with different people, clients and IBMers, business partners, very important cyber security across many different countries, and and some global work. So it's really been challenging but rewarding, interesting. There have you been some cyber breaches along the way, which I'm sure we'll we'll kind of get into that have um caused some interesting things over the weekends and in the evenings. It you know, there's never a there's never a dull moment, and you never quite know what's going around the corner. But it's been good. I I'm somewhat glad to be retired now. Uh I'm I'm enjoying the retired life, but I still uh you know look very fondly over all those different roles and relationships and and and challenges, and it's been uh yeah, an amazing journey.
SPEAKER_01Well, that's great to hear, and and obviously that those roles uh leads to a really unique and um quality perspective, uh I would say, in terms of this industry as a whole. And and one of the main things that you know kept coming up when we talked was have a plan, you just need a strategy. And and that's interesting because you'd like to think that everyone does have a plan. All of these companies uh naturally should have a proper plan in place to address uh this growing uh concern and uh obviously with the the stakes being as high as they are. So, in your experience, has that really not been the case? Uh at least far too often, uh, too many organizations not having a proper plan in place?
SPEAKER_00Yeah, it it's such a good discussion point because I I think organizations do face some key challenges as they think about their strategy and plan that that that impacts that question. And and I also think, you know, it's worth bearing in mind, probably over the last 20 years or so, we've we've moved from an era where you know cyber attacks, breaches, data loss were occasional, were a rarity, to one where pretty much every organization around the world faces that that risk or threat. You know, it's moved from a possibility to a daily reality. And and that shift that's happened slowly has has impacted organizations, you know. And every few years, you know, we kind of have seen a big breach, you know, something very notable that's made in the news headlines, and it's kind of the wake-up call, particularly for those organizations not affected, because they ask themselves, could this happen to me uh or not? You know, and and every few years a new theme and idea, and you know, how are we going to solve this terrible problem comes up? And we'll we'll come back to that. So, you know, as it's become more and more of a certainty that it's gonna affect your organization, and and as regulations have emerged and matured to drive and and force organizations to apply the right level of focus on cybersecurity, the right governance, the right controls, to take it seriously. Organizations are thinking about well, what is my plan, what is my strategy, but even then the challenge, Dan, is very much about how do I get the whole organization to really embrace this, right? Because organizations have a security team, and of course they live and breathe it and they take it seriously. But if it's just about the employees, but the executives in that organization don't adopt those behaviors if it's not, you know, in the culture of the organization, if it's not systemic, um, if it's not top-down, if you don't follow it over uh a sustained period of time, you know, it's not something you're gonna do for six months, I've got this strategy, and then I just it's all fine and move on to the next thing. It really needs to be sustained over many, many years. And therefore, you have to pick the right plan that everyone can buy into, the right strategy. In some ways, I'm sure we'll dig into this. It you know, it doesn't matter so much which one it is, as long as you really do have a plan, everyone is bought into it at the right level, it's properly funded, it's got some longevity to it. So you do find, and and and even now, just before I retired, organizations in very different states of maturity, as far as this is concerned, you know, how's how really well adopted it is, right? Is it just a thin faceer of we appear to have some policies, we look like we're doing the right things, but it's not really in the fabric. Yeah. Um I and and it the way it crystallizes for me is um I've worked with some companies in different industries. Now, in certain industries, like in the pharmaceutical industry or the oil and gas industry, for example, those companies, the oil and gas companies, have a very strong safety ethos. And the way you see it is you walk into the reception and they give you a small health and safety briefing as a guest to the company before you go and see some of the team. And it might be simple advice about hold the handrail as you go up the staircase. Don't walk up the staircase with an open cup of coffee, you know, put a lid on it, or these simplistic things. But the reason I mention is those companies really embrace cybersecurity policies and strategies more strongly, perhaps than other industries, because it's it's in their kind of DNA.
SPEAKER_01Yeah.
SPEAKER_00Um, and so you know, not yes, not every organization has a strong strategy and a plan. You could grade them, you know, a grade to you you find a variety of maturity, and so it's it's not it's not a simple thing. But every I'd assert every organization needs a strong strategy that everyone can stick to and believe in, and and it almost doesn't matter which one it is, there are different ideas in the marketplace, right? People have different thoughts around this, um, but it even things that like zero trust is something people talk a lot about in the industry, which makes some security professionals cringe because they would argue we've been doing zero trust for years, and why do we need this label? But maybe you need a label because it makes it easier to explain to the organization what the security strategy is, because zero trust, even a name says it, just zip zero trust, no trust, don't trust anyone, constantly challenge and be suspicious and and give people the least privilege. And so, you know, even if it's a bit of a marketing label, if it makes everyone in the organization understand the bigger picture, if it if you can use it like a North Star, then I think it's probably a good thing.
SPEAKER_01Yeah, you know, yeah, and and when you use some of those uh phrases and terminology that is widely accepted industry-wide, then I think that leads to the adoption, um, you know, having a greater level of success because they're seeing third-party validation, they're seeing the industry talk about it, not just their own company, right?
SPEAKER_00Yeah, and and you need to make it explainable. You you've got this kind of contradiction because I I for a lot of people, when I'm talking to senior executives, I try to avoid making it seem complex. Yeah, but but it at some level it is complex, uh, it's uh intricate, it's multidisciplined, there are many facets of cybersecurity, you know, uh governance, architecture, you've got different areas, you know, access management, you know, data security, application security, you know, there are all these very specific um uh domains and specializations. So at some level, to achieve holistic and end-to-end security, it's it's quite complex because there are a lot of different disciplines you need to consider. How do you balance them all at the right level, the right maturity? And again, there are great frameworks for doing these sort of things that have been developed. So you can do it, but it's complex. To make people feel like it's achievable, you have to simplify it. You have to remove some of that complexity, otherwise, you can't get your head around it, and it seems like just an impossible task. So you're just trying to balance those things when you're thinking about the strategy, the label you give it, uh, and how you implement it in the organization.
SPEAKER_01That kind of leads into my next question, and and you touched on a good portion of this, so we don't have to rehash necessarily the communicating aspect of it, but you know, your expertise in the architecture frameworks principles. I am curious what what you view as the core principles that you would say are almost universally applicable, regardless of of industry and um and business.
SPEAKER_00Yeah, well, I think for me there are some slightly thematic things that that help drive you in the right direction. So the one that I used to work a lot with organizations on was this notion of secure by design. So as you're building a system, uh uh a new application, a new IT system, a data center, whatever it might be, that you adopt a set of principles that ensure that right from the start, you're considering security, you're considering weaknesses, you're planning for security, you're testing for security, and it's it's it's sewn all the way through. So I was always trying to convince people to think to have this mindset of security by design. During my time in IBM, you know, IBM is very keen on patterns and frameworks and doing things in a very rigorous and engineering mindset way. It's kind of in the culture of the company. And so we had an IBM security framework and blueprint that we used, and that I helped to develop and sponsor with clients. Um and again, it was just a way to be thorough, to consider all the different facets. So we would, you know, we'd have all the different policy controls or the different technical controls so that you could work your way through that. But I was never religious about it. You know, it's it you don't have to use the IBOR, and whatever one works and fits well in your organization is likely to be well adopted, is the one you should probably go for. And you know, in recent years, NIST has done a great job with their cybersecurity framework, which is again very professional, very thorough. So I think you can you can pick any of these because they're they're well thought through, they incorporate, you know, the despite all the complexity and technology is evolving, those core principles, like the principle of least privilege, don't give people more privilege than they need. You know, the need to authenticate users, authorize them to audit what's happening, to ensure integrity across systems and you know, to encrypt data. These kind of fundamental building blocks are timeless, you know. You just need to apply them in the right way across your architect, your solution, your organization. That has got a little bit more complex because of technology changes. And uh, we'll come back to this later on, I think, when we talk about what's what's changed over the years. But um, so picking one, um, and then one of the things I spent a lot of time on good the several years actually, really working closely with clients on their maturity. Um, so there was a period of time when people were really embracing cybersecurity where they wanted to understand how good they were or not, how mature am I? And so with work with them, you know, survey them, interview them, work with them, look at what they were doing, and try and understand on a on a simple scale of one where one's not very mature to five, which is you know excellent, how mature am I? Because no no one is perfect, but everyone's striving to get better. And you can't get better overnight. It's not it's not like you can just turn some switch across a large corporate organization and go from level two maturity to level four in a few months. It it takes time, and you've got to figure out which battles to fight, which areas are most serious and significant, which would be most impactful. If we do this, what's the what's the business benefit? And so we did a lot of that. Uh, and again, the frameworks, these frameworks help give some rigor and professionalism and and thoroughness to what you're doing so that you you don't forget something important. You can just you, you know, they're very comprehensive, they cover the bases. So it's more about, I think it's more about the vertical adoption, making sure that the CEO really embraces it, the CIO, the chief operating officer, the security, you know, all the way down through the organization, so that you can really drive the behaviors from the top down, you know, that everyone, every and everyone can see that everyone in the organization is following the framework. Because um, not to get on too much of a tangent, of course, people dislike security because they they think that it's adding friction, it's making their job harder. You know, you're you're adding barriers to what I need to do. I've got a lot of work to do, and you're you're adding this extra step. So it's it's trying to just get that balance balance right.
SPEAKER_01Absolutely. You know, and and when we think to like the early days where it was really just about firewalls and antivirus, I mean, this has evolved tremendously. And I know that you you had mentioned, you know, as you got more into detailed analysis, you started to notice more and more the separation between corporate life and personal life was starting to blur a little bit. And that attack surface um was unique. How did that manifest for you? Was it a personal experience? Was it something you noticed in your discussions with companies that you spoke to, or maybe it was both?
SPEAKER_00Yeah, it's a bit of both. I mean, it's interesting. As I got busier in my working life, as I took more and more senior roles, the scope of my role expanded. You know, I was under more pressure, I was working different hours. I was traveling across Europe, I was sometimes, you know, working late into the evening, working with people in the US. You know, you you find yourself, your work life balance evolving. So you're working at different times of day, in different time zones, in different locations. And there was definitely a period of time where it suited me to try and keep things quite simple. So I personally had a single corporate mobile phone that I was using for everything because I didn't want to get into device management. And I would meet other people in other clients I was working with, you know, sometimes they come in and they'd have these two phones. So they're clearly doing a better job at separating work and life. You know, they have the personal phone and the work phone. And in you know, certain countries in Europe, you know, this is very strongly implemented. Um, and I remember one time a corporation, I think it was in Germany, actually banned employees from doing emails out of hours. They actually put a block on it. They made a policy statement, we don't want you working in your personal time, stop, stop doing it, and we're gonna block it. Other people have two mobile phones. Uh, for a period of time, I had a single mobile phone, one laptop, one email address. That might sound horrific to some people listening. But I thought I thought I could do a better job of protecting myself if I kept the device sprawl down, you know, and that then I see everything and I treat everything with the same risk, whether it's people attacking me as an IBM employee or as Martin Borrett in my personal life. I'm sort of treating, because it's coming through the same device, everything with the same kind of risk profile, uh, which suited me. I I think it it it worked for me personally. Then as as I got closer to retirement, I've obviously had to unpick unpick my life, which uh and separate it. And that that really has made me aware of how I I ended up in this this picture, you know. And I'm not claiming that's a good practice, it's just something that can happen to people, you know, it creeps up on you, and it's it's very difficult, depending on what sort of role you have, what sort of corporate life, it can be really hard to to separate the two, even if you have two devices, sure, you know, because one is spilling into the other. So I I went for the simplicity uh of approach.
SPEAKER_01Yeah, that's interesting because you you know, and you mentioned it there at the end too that it it can be extremely difficult, uh, even if for for those individuals that do have their personal phones versus their corporate phones. I mean, this is something we're seeing. A lot and it makes perfect sense. Um, ideally, if you're the corporation, you would like your uh executive team, your high access employees, uh, all of the employees really to conduct work business on their work devices only and leave it outside of their personal devices. But as we actually look into the reality of it, that's just not the case, whether it's for convenience or some other reason, uh, these individuals are going to be, you know, conducting their business while they're at home. And hey, if someone's reaching out to them on their personal phone or they get their wires crossed and they're using their personal email to you know share and forward something, uh, that's where these lines get completely blurred. And now you're talking about a you know convergence of this risk to where now a personal risk is a corporate risk at that point in time. And and so I think that's that's the thing that maybe is still taking time for uh organizations to fully come around to because that that personal risk is a direct uh you know liability for the corporation most times.
SPEAKER_00Yeah, I think you I think that's absolutely spot on, Dan. Exactly, exactly. That's a risk, and and those devices, you know, you're you're on the gray edge. Those devices, those behaviors, the things you're doing at at home are not necessarily so well protected. And yet, yet you need to be because the cyber criminals, the people who are trying to steal your data, information, corporate secrets, money, uh, don't see the difference. They're just looking for that that weak spot, uh, and they are you know farming that information from any any device, any source they can to build that profiling picture of you as an individual. And um, you know, I was always slightly worried that as my profile in IBM grew and I was doing speeches for IBM externally, and you're posting opinion pieces that you're making yourself a target in your personal life, then you start worrying about am I drawing my family into this? And and I think this is a real thing. Uh and you know, just as you, you know, ensure your home against fire and theft and so on, you you and put fire alarm, you know, there are alarm systems in my house, you know, as you do these things, you you you need capabilities now to protect yourself holistically. Uh that's why I think Black Cloak is so so interesting, because the the whole way people protected themselves on devices for so long was all about kind of antivirus, you know, and but we're so far away from that now. If you think of the nature of the way we interact with services and applications through different devices and different interfaces, and even through my TV, you know, I'm accessing things, is it just incredible how it's so intertwined? You just need a much better level of protection that can look holistically across that and and understand. And and it is complex. So having some some hand holdings and concierge is something you know I really have grown to value and and and think, you know, that's that's so important, so useful, right? Because it is a it is complex, and sometimes you're just not sure whether something's really risky or not. You need you need some advice. You know, everyone needs advice. You know, when I was at IBM, I was very lucky. I had a fabulous team around me, and we we'd be discussing these things all the time. Now I'm retired, I'm you know, I need advice, you know, it's it's interesting. Even as even as a quote expert, there's always something you don't know, there's always a new threat emerging. And so, you know, trying to keep abreast of that in in context, right, in a way that's relevant to me, you know, it's funny when I get um attacked, you know, when the the phone rings, my mobile phone rings, and it's someone claiming to be from Microsoft support, you know, about my Microsoft computer, it's very amusing because I we don't actually have any Microsoft devices in our house anymore. So it, you know, that's very funny because all our devices happen to be Apple, other other brands are available, but they do. So that that's not true. So you can hang up the phone with confidence, but you get so many of these things, uh, so many different attack vectors. It's it's quite um daunting, I think.
SPEAKER_01Absolutely, uh, it can be uh extremely overwhelming uh for many. And unless you're living breathing this on a daily basis, it is hard. You can't really expect everyone to have all of the latest education on on the new threats that are that are coming up, and so that's why, you know, to your point, like the concierge, having a dedicated, trusted individual who's who's in that space and who's in living and breathing that every day um can be invaluable. And and that kind of brings us back to the fundamental part of this discussion, which is the importance of being proactive versus just reactive. Obviously, you want to have a reactive strategy in place, you want to have an incident response team that's able to response plan. You need to but yeah, but there's that proactive side that I think does get tossed to the wayside more often than not because it's a cost up front, but it's hard for people to connect the dots to the cost of an inevitable breach, which it is becoming an inevitability. So exactly, exactly it's extremely important. And there's you mentioned all the different uh attack vectors, uh, they only need to be right once, and they're in, right? So, can can you speak to just the the nature of today's risk in that respect?
SPEAKER_00Yeah, I I think so. This comes back to how things have have changed over the years. So when I started, it it seemed, although you know it seemed that security was a lot to do with cryptography, to be honest, when I very first started. And we had these very simple architectures, you know, which had uh uh firewalls, a demilitarized zone, you know, you had this intranet, this demilitarized zone, the internet, and gosh, you know, things have evolved so much since then. We had you know service-oriented architectures, SOA, which was really about componentizing capabilities, creating more um pluggable architectures. The architectures kind of has sprawled tremendously, sprawled and flattened perimeters. You know, we used to think as like an organizational perimeter, we can just build this moat. That's pretty much blown away now because not only is there still this service-oriented architecture kind of thinking, there's cloud computing. So you you're leveraging cloud resources, compute resources to build an end-to-end customer experience, right, through your through your application, through your service. Um, and then somewhere in the midst of that, there's some AI capability. So it's very componentized, you know, string of pieces. Somewhere in the midst of that, there is data. Data is being stored somewhere that ideally you want to secure that, but it's being it's flowing through and so difficult. I mean, we used to talk for years about end-to-end security. It's actually very hard to achieve perfect end-to-end security because there are so many hops and linkages, and you know, it's very hard to truly encrypt something absolutely end-to-end. You can in some situations, some architectures, but sometimes you need to decrypt things to do things. And so it's it's complicated, right? It is complicated to achieve that. And, you know, managing that risk and looking at architecture is hard. But but uh, you know, to offer hope, I mean, the principles are still the same. You know, you still need to authenticate users with confidence. You can do that actually more easily today because that's actually something the technology has enabled. Uh you know, much more frictionless authentication because devices have biometrics. You know, my phone has the ability to do face recognition, to do fingerprint recognition. It's got location services, there are all sorts of facets that you can use to build confidence about the risk. You know, is it really Martin or not? So there's there's lots of hope. You know, there's the complexity, but then there's then this technology is the enabler. Um, and it's just really trying to use those back to frameworks, those frameworks and architectures and principles in a structured way, ideally from the beginning, back to secure by design, so that you can balance all those things. And it and it is manageable. I think it's still manageable. You know, the world continues, the world of commerce continues, applications work, services work, people are trading and buying things, and the world works, but at some level it is complex, and you really need a strong strategy and approach top-down, and to believe in it and to fund it, you know, appropriately for the long term, and and you'll be okay because you know you can be proactive, as you said, you can you can go into um we used to help clients with cyber ranges, you know, go and practice and prepare, go and test it out, go and simulate a cyber attack, see how well you do, understand where you need to improve, and and and go back and test again. And the same with maturity assessments, you know, see where you are, take steps to improve, and then move back again. Um, so I think I think there's you know lots to be optimistic about for organizations if they you just embrace it, really embrace it through the organization.
SPEAKER_01Yeah, yeah, it's gonna require, like you you mentioned earlier, you know, a culture shift in some regards and and and that buy-in, but it does seem like more and more uh corporations are coming around to this idea of you presented the uh the insurance analogy, and I think it's perfect because you know that's a justifiable uh cost, uh, even if someone's not gonna need to cash in on that insurance um ever. It's about the peace of mind and and kind of knowing that there is something in place. And and I think that's a a really poignant, you know, applicable analogy that that resonates. And so hopefully, you know, that optimistic take uh will continue uh to prove true over the the coming years because um yeah, as more and more organizations face the these inevitabilities, it's gonna become more and more clear that having this holistic approach, as you put it, the the proactive nature and um you know that that reactive posture uh is gonna be extremely important. Um, Martin, this has been a super insightful discussion. Just curious, uh, and any closing thoughts from your end about today's risk, about organizational um architecture when it comes to a security strategy.
SPEAKER_00Yeah, well, I I get uh I get excited every time I see organizations, you see more and more organizations kind of stepping up to the mark, trying to really show some leadership, be proactive, put security first. And and every time I see one of those, I think that that's great. You know, we're winning the battle, you know, we're we're becoming more secure. You know, you've got the adversary, the good guys and the bad guys, who's winning? And that makes me feel so hopeful and positive. And I think that's absolutely moving in the right direction. There's a lot more security leadership now, there's a lot more understanding. Um, the thing I uh watching closely right now as someone who's retired is the AI element. AI from an adversarial perspective, you know, how is it being used to create new attacks? Uh, there's so many things, clever things you can do with AI to fool people, but also it's tremendously powerful from the defensive side, you know, you drive more automation, more recognition of patterns and techniques, adaptions. And uh, you know, I I watch on with interest to see where that's going. So I think that's something to definitely follow and understand. And I, you know, I I never like to use analogies like you know, this is a war or battle, but but there is this adversarial aspect of it, no doubt, right? People trying to do harm, people trying to steal your money, um, and the defenders. And I I think you know, the battle's not lost. It's it's I I feel like we're winning. I feel like we're winning. That's probably because I'm such a positive person. But uh, I watched I'm watching the AI thing with with real interest. Um, and then you know, somewhere around the corner is quantum computing, which continues to mature. That's going to have some interesting uh impacts on cryptography and the way we keep data secure today. But it's probably a good thing because it it will lead to people making that security more adaptable, more upgradable. One of the problems of the past is sometimes the security is kind of hard baked in and you can't update it, you can't modernize it. Uh, modern security architectures have modular security, have pluggable security. You can plug algorithms in and out, you know, you can modernize it. Um, so the quantum era will probably lead to another, I don't know if it'll be a scrabble like year 2000, but another wave of modernizing architectures, modernizing security, um, updating the cryptography, which will be a good thing because it'll make those systems more secure, uh, which will you know help all of us. So um, I'm pretty optimistic. I'm watching with interest on the sidelines, and uh yeah, yeah.
SPEAKER_01Excellent. Yeah, that's great to hear. Adaptability is gonna be key. And yeah, the important thing to remember is that while the a lot of this technology is being leveraged by the bad guys, it's also being leveraged by the good guys in turn uh to improve these security systems and uh and continue to adapt and fortify. So, yeah, a very important note there. Martin, thank you so much again uh for being with us to talk about this. Uh, really appreciate your time and um as always, uh very insightful discussion. Thanks, Dan. It's my pleasure. You can listen to all episodes of Uncloaked at blackcloak.io slash podcasts or on your platform of choice. And if you're interested in becoming a member or want to learn more about how to protect your digital life, visit us at blackcloak.io. Thank you for tuning in, and we'll see you next time on uncloaked.