Curiouser & Curiouser
Curiouser & Curiouser is a podcast for leaders, builders, and curious minds navigating AI, GenAI safety, and governance in a rapidly changing world.
Produced by Alice, the enterprise trust, safety, and security platform for the AI era, the show draws on frontline adversarial intelligence to explore how AI systems are stress-tested, red-teamed, governed, and protected across their lifecycle.
Each episode looks at how AI is actually showing up in the real world, how organizations evaluate it, where it breaks, and what it takes to build systems people can trust.
We cut through hype and fear to explore how AI shapes trust, decision-making, and real-world work, one rabbit hole at a time.
Explore more from Alice:
Website: https://alice.io
YouTube: https://www.youtube.com/@Alice.io.advance.unafraid
LinkedIn: https://linkedin.com/company/alice-io
X: https://x.com/alice_dot_io
Curiouser & Curiouser
What Does It Actually Take to Build Unbiased AI?
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Tennisha Martin has five master's degrees, a doctorate in progress, founded one of the most important communities in cybersecurity, and will be the first to tell you that none of it mattered until she stopped trying to do it alone. In this episode, Mo and Tennisha get into AI bias, why the systems being built today are only as good as the people building them, and what it actually takes to break into a field that wasn't designed for everyone.
🔗 Podcast: https://alice.io/podcast
Follow the show so you don’t miss the next episode.
New episodes every two weeks. Stay curious.
We need people to research in artificial intelligence, in machine learning. We need people to basically not think these are just hype niche fields that are not going to be around because machine learning's been around for decades at this point. Even though ChatGPT just got here over the last however many years, machine learning's been around for ages and it's still a very lucrative field. But a lot of times you don't hear people saying, like, hey kids, go get into machine learning, go get into data science. So I think it's important that we focus on the next generation of ethical hackers and let them know that there are career options out there for them.
SPEAKER_00If AI has ever made you stop and think, wait, what is happening? You're not alone. I'm Mo, and I'm a security researcher asking the same questions. On Curiouser and Curiouser, we're having open conversations with experts, researchers, and leaders working at the edge of this space, talking through how AI is taking shape, what's shifting, and how people inside the work are thinking about it as it happens. So join us and listen in as the conversation takes shape. It is a very cool organization, which I'm going to let her talk about, amongst all the other 15 years of experiences that she's had doing very cool things and uh an immense amount of like degrees in knowledge and education. So thank you for joining us, Tanisha. Super excited again to have you.
SPEAKER_01Awesome. I'm excited to be here.
SPEAKER_00Yeah, so tell us a little bit about kind of what you do in maybe more words than I just gave.
SPEAKER_01Absolutely. Um, so my name is Tanisha Martin. I am the founder and chairman of the board for Black Girls Hacked BGH Foundation, which is a nonprofit training organization which is set up to help um underrepresented communities be able to get into the cyber and IT fields. And we try to reduce the barriers for entry to people. So to help to remove some of the challenges for um people who are trying to get into the organ um into the world of cybersecurity and IT. Um the organization is called Black Girls Hack, but it is open to everybody, regardless of race or gender. Um and we've helped uh tens of thousands of people to get into the field of IT and cybersecurity and be able to have brightened careers. So I'm very excited about that work that we're doing. Um I am also a director of a fortune company as well as a CEO of my own company, a best-selling author. Um, and I've been in the workforce for, you know, over 20 something years at this point. So um, but I consider myself a mentor, penetration tester, and an advocate for diversity, especially in uh the use of technology such as the topic we're talking about today, which is AI.
SPEAKER_00Yeah, oh man. Yeah. So AI is uh AI is a very big topic. But you've had like all these different types of experiences, I guess, across like, like you said, Fortune 500 and running your own businesses. You've got a lot of experience in a bunch of different areas. And from running a nonprofit and being on the chair of a nonprofit and having your own company and then being a director of a Fortune 500, there's so many different applications for AI. And you're seeing it at so many different levels from an advisory standpoint, um, to an implementation standpoint. And I think you said pen test here, so from a security standpoint. So I guess where have you seen like kind of the biggest places where it's creating opportunities, or the biggest places where you're seeing barriers being created by AI?
SPEAKER_01So I think the biggest um places where I'm seeing um opportunities are in things like the access to information. I think we have the ability to find out so much more information beyond just the basic search capabilities that a lot of people use AI for. Um I'm very excited about AI. And I'll have you know that a couple of years ago, I probably was not as excited about it. I was more afraid of it. Um, and that's because when we look at a lot of the um, I think barriers, um, the issues that AI has, there's still a lot of ethical issues. There's still a lot of bias issues, there's still a lot of um issues which I think are preventing it from living up to the hype and to the full potential that it has the ability to do so. Um, but I think that, you know, we're seeing it used a lot in terms of automating repeatable tasks, especially low-level tasks. Um, I'm actually doing my um doctoral research in this topic of, you know, how do we get better at training the future ethical hackers of the world? And I think that AI has the ability to help, you know, train a lot of those repeatable checklist style activities for penetration testing, especially in areas such as like web application penetration testing. Um, I think that there's a lot of prospect there, but I think that we're a long way away from, you know, AI taking over the world or also taking over, you know, a lot of our jobs because you know, there are still safety concerns, there's still bias concerns, um, especially for people of color when you're you talking about the use of, you know, visually um using AI for things like one-way interviews or for facial recognition, um, which is used for law enforcement, things of that nature. So I think that the we're still a ways to go. Um, a lot of the training of these systems have been done by, you know, the core groups that are in IT and cybersecurity, which are the white males. Um, and as a result, you know, they have a lot of the same biases in terms of,
Garbage in, garbage out: how bias gets baked into AI systems
SPEAKER_01you know, when you think about garbage in, garbage out. So, you know, if it you're trained on uh data that is biased, then you're gonna get a system that is basically making biased decisions. And I think that once we, you know, get past the you know, the high cost of training models and we get them to the point where they have more um representation in terms of people who are training and developing them, I think that we'll be in a place where you know we see a lot of the optimistic uh areas of or expectations for AI actually come to fruition.
SPEAKER_00And you're right. I think like one of the first places that we're seeing AI being used is these hiring practices in these places, right? Um where we're afraid of junior folks losing their jobs, but at the same time, we're putting them in a position uh where they aren't their first uh place of interaction is sometimes with an AI, and they don't really know like exactly how to chat there, or even with a senior person, where the first uh person that they're talking to or the first thing that they're meeting from your company is an AI. I guess how do you kind of view, how do you view it really affecting the candidate experience and making sure you're actually getting the right talent and you're not intimidating them, or you're creating a place where uh only certain types of talent are getting in because they know how to get past these systems.
SPEAKER_01So I think that that's the way that a lot of these systems are set up now is that they are very biased towards certain groups of people. And I think that we're gonna start to see those biases being um implemented in the makeup of the workforce, especially you know, force roles that are filled through AI systems. So, for example, you know, not to pick on workday or you know, any of those types of systems, but you know, they basically use AI systems to screen out initial applicants. So when you submit your resume, they'll review your resume. But studies have shown that, for example, people with ethnic names, Tanisha, um, you know, that, you know, the systems can pick up those differences and sometimes will discriminate on two people who, you know, there's really no differences besides, you know, one having an ethic name and one other, you know, in terms of determining what is a good fit. You know, when you talk about a good fit, especially when we talk about a good cultural fit, you know, when you have a scientist or when you have somebody who's training these systems to find what it is that is a good fit, you know, a lot of times that's there's a lot of bias that goes into that. It may be unconscious bias, but it's biased nonetheless, right? Um, you also have, um, for example, a lot of um companies that are doing one-way interviews. And I I personally refuse to do one-way interviews because as a Black woman, um, all of the major AI systems have shown to have error rates as high as 35% for women specifically of color. You know, so when you have a darker complexed person, it is harder to determine whether or not, you know, the look on my face is just my general resting, you know, bee face, or if it is, you know, in fact that I am hostile or angry or, you know, something. Um, but they're using basically those visual indicators to determine whether or not I'm a good cultural fit. And, you know, when you have error rates as high as 35%, so it could be that I'm not a good cultural fit, or it could just be that it doesn't like my face, or it can't tell just based off of my complexion, you know, whether or not it's a smile or it's a frown. Um and we we see a lot of this um going into the pipeline for employment, for jobs. And I think that the outcome is going to be that we're going to start seeing, you know, a lot more or a lot less diversity in the hiring because, you know, the systems are going to basically pick the people who are what they feel is the best fit. So that means hiring me hiring managers are going to start seeing more, you know, probably predominantly white males in their hiring pool and less diversity, because again, you know, they're being screened out in the initial um pieces of that process. And I think that until we get those um biases addressed, these systems trained, then we're going to continue to start seeing some of those downstream impacts. But it's not just, I think, in the workforce, we're also going to see this, you know, because some of the systems are being used for educational institutions, for preschools, for, you know, any number of things. Um, they actually are showing that AI is being used today, for example, for uh pricing in stores, for example. So it may see me and say, hey, based on, you know, my spending habits, I may pay a little bit more for this thing than someone else does. So I may chart get charged, you know, a couple of cents, a couple of dollars more for the same items than someone else who is um, you know, trying to buy that same item. So, you know, I think that what we're seeing is that there's going to be a lot of bias in terms of these systems. And until we can, you know, get more human input and more, you know, representation, you know, I think that we're not going to be able to be able to fully rely on these systems to give us diversity in terms of thought and you know resources to be able to contribute to what research has shown increases bottom lines, more diversity increases the bottom lines, but we're not going to see more diversity in the workforce. We're going to see less of it if these systems continue to go in the the ways that they've been going at to date.
SPEAKER_00You're basically saying, um, well, one, AI is meant to be confident and it's supposed to talk to you in a confident tone, and you're supposed to believe it, or at least it makes you feel like you should believe it because it wants to be this trusted partner. But you don't really know where all that is coming from. And maybe you don't really believe in those sources where that it's coming from, right? So if there's no trust, um, then it doesn't really make sense to be to you know be using it. So it's kind of interesting that some companies have actually gone the trust route for AI in terms of like how they market it and how they're kind of like talking about their products, like perplexity, right? Like one of the big things that they do is they uh throw sources in everything. Like uh it was just very hardcore. We are showing you that you can you can trust every source AI is giving. Exactly. That transparency piece. So I'm curious when um, and I'm sure you see this from both sides, from both as a hiring manager and from someone who is mentoring uh entire groups of people to go and jump into this. Um, what does transparency look like for these processes now that we're kind of introducing a black box into all of them, or you can't really
The two areas Tennisha trusts AI the least
SPEAKER_00see anything?
SPEAKER_01I think for for me, the two areas that I absolutely trust AI the absolute least are areas of healthcare and then also criminal justice, right? So the two things that I would not trust an AI to do for me personally is to when you can't recognize my face and tell whether I'm happy or sad or whatever the case may be, to then use basically AI guided systems to do surgery on me, for example, or to, you know, basically do open heart surgery, um, things of that nature, right? So I wouldn't trust that. I also would not trust it, for example, for systems where they're trying to determine the amount of recidivism for people who've committed crimes and whether or not they're likely to do that again. A lot of these systems will are basically going to implement this bias and it's not going to look good. You know, it's going to have us locked up for a long time. It's going to impact things like our freedom. Um, if we're talking about just the workforce, you know, I think transparency is, you know, how do I make sure that the things that you're telling me are actually correct, they're actually true, right? So we've seen a lot of very high profile cases recently where lawyers, for example, are getting in trouble, even going as high as like the Supreme Court, where they're submitting um casework and the casework was basically hallucinated by AI systems, right? Um, so if you're hallucinating things in a medical sense or in a criminal justice sense, then this has the impact of you know, literally people's lives. And I think knowing where that information came from and making sure that it's reproducible, I think is important. Um, and also having that transparency. Because if I can't, you know, as a researcher, if I can't basically see where this came from and be able to verify it, then you know, that discredits all of the work that I'm doing because then, you know, they can't trust that, you know, the research is actually leading towards whatever the conclusion that I've come up with. So I mean, I think it's important for us to know, you know, not just what is going on, but kind of to get a look inside of that black box because, you know, a lot of these companies are saying that that black box is their secret sauce. It's what separates them from, you know, all the other folks. But the the reality is that until we get that transparency, you know, I don't think that we're going to have the ability to be able to actually fully trust these systems because, you know, I can ask the same question, you can ask it on the same question on the other side of the world, we'll get two different answers. Maybe those answers are correct, maybe they're not, right? But there's no way for us to be able to tell that. But the problem that we're having is that a lot of people are taking uh the outputs of these systems as gospel. You know, there's they're assuming that the information, because you know, Chad GPT said it or Claude said it, or Gemini or, you know, Gronk or whatever, um, that it must be true. And the reality is that, you know, these systems hallucinate, you know, probably worse than, you know, some of your neighborhood gossips.
SPEAKER_00I'm laughing about the neighborhood gossip piece because uh one of the one of the AI agents that I'm working on is actually something that can go through like neighborhood gossip and tell me what's happening and like what I should actually care about. Um, because again, like you said, a lot of it is just FUD, right? It's uh people complaining about things that don't actually matter to me, um, or it's a lot of spam. Um, or it's you know again, totally irrelevant. So that's the only reason why I laugh because I'm like, oh, well, literally I'm trying to like scrape an API to get neighborhood gossip from my neighbors and figure out like what I can ignore from my HLA too.
SPEAKER_01But honestly, that's one of the biggest use cases that I'm seeing um AI being used for. So not just like the neighborhood gossip, but for example, I've seen um systems where they're basically scraping um things like Waze, for example, to figure out um, you know, where the accidents are so that they could basically sell that data to you know ambulance chasing lawyers so they can figure out you know where the accidents are happening so they can get new clientele. There's a lot of different ways that people are, I think, are using these systems, and a lot of them are very smart. But the problem is is that you know, it's also an invasion of privacy. And, you know, how do you know that you can actually trust this, especially if you're putting your money, um, you know, if we're talking about investors or even you know, everyday people into whatever it is that these systems are saying is is reality.
SPEAKER_00So there are a couple of different ways that you've kind of mentioned that we can at least or indirectly have mentioned that we can kind of like inject that and some of it's penetration testing, some of it is a lot of human review. Um, but I thought there was actually this interesting thing that happened a couple of years ago. Um, I remember when chat GPT was first getting really big, um, and I was at Afrotech, uh, very quickly afterwards, um, Chat Black GPT came out. And uh, I don't know, are you familiar with the project? Or I am.
SPEAKER_01I'm I'm actually a fan.
SPEAKER_00Amazing. So for those who aren't um a or not a fan, but for those who aren't aware of the project, um essentially what this was doing was um introducing a layer of I would I don't really know how to how to describe it, but it was basically introducing a another layer on top of Chat GPT. Um in one way this was like through a GPT, but it was basically providing a more unbiased lens um to the answers that you were getting, something that was more historically accurate. And um, because again, when you look at history and written history, a lot of it is from a specific lens. So this kind of takes you a step back um and goes and tries to make it as uh as unbiased and equally uh representative as possible, uh is the best way that I can think of describing it. And I thought it was really interesting because there um in a couple of the sample use cases that they had launched with, it was like very clear as to like the differences between a chat GPT response and a black chat or chat black GPT response. And when you think about it, that is such um it was like I'm gonna say easy, but that I just want that to be known that that is not what I mean. It's what I mean by easy is you could kind of throw this, uh, throw this layer on top and instantly get results that are that appear to be way better than before. But it seems like a very surface layer kind of fix, right? Um at the end of the day, everything is quite deep and it's a very ingrained issue that we're kind of dealing with. So if we could talk about the different types of layers of depth to the solution, because I feel like this is the step towards it. Um what are kind of the ways that you think about that?
SPEAKER_01Yeah, so I think that um, and I'm not like a you know extreme expert on chat black GPT specifically, but I can tell you that most of these models are set up kind of like a rag, which is like a retrieval augmented generation, um, where you basically have um, you know, chat GPT that's sitting at the the bottom of it. If you think about it like a house, the foundation of the house is chat chat GPT, but on top of that, you have basically resources that are basically trained. And we're talking about history of you know, black history or black authors or you know, books or things of that nature. Um I've actually developed several models like that for myself um and for um BGH because um I I called it uh Grant GPT, where basically I put a whole bunch of you know resources on how to effectively build grants and and things of that nature on top of Chat GPT. And what you directed to do is basically refer to this um trained material that we're using to train on top of that, so that you know, instead of using the actual model itself, and what it does is it'll refer to that information before it goes to, you know, basically anything off the internet or anything random. And ideally, that hopefully gets you a better answer. But the problem with that is, you know, if I have a foundation that is, you know, built with a whole bunch of bias and a whole bunch of uh, you know, garbage in, garbage out, right? Um, then even if I put you know makeup on top of it and make it look pretty, and you know, I'm saying do wonderful things on top of it at its core, you know, it's still rotting. And, you know, it's still not going to be able to give us, you know, something that's truly unbiased. And the reason why I think most of these systems are set up this way is because the cost to train um AI models is cost prohibitive for a lot of different people. You know, it that's one of the biggest pieces of you know, being able to train these systems, the algorithms, the data, things of that nature, it's it's super expensive, which is why they people tend to build something on top of an already existing um model. So my problem with that is that, you know, if it doesn't find the answer, it still can hallucinate and it's still going to go and search for the internet, you know, as much as I try to tell it, you know, unless it's localized or private, um, it's still going to go and try to find other information to try to put that information out there. Um so you know, it has to be fact-checked, it has to be, you know, reviewed, things of that nature. You know, I think that there's probably, you know, if you limit it specifically to, you know, what it's trained on and not anything else, then I think that that's definitely a step above. But it's it's just a matter of, you know, like I said, what the foundation is and how that foundational foundational model was trained.
SPEAKER_00We've gotten to a point where we've read most, if not all, of human written data already, or all these like massive like models have already ingested all that data. So now we're looking for net new content. And I think that it's interesting that now we're going to start seeing AI hallucinated content
What happens when AI trains on AI generated data
SPEAKER_00in these models being trained, right? Because now it's like, oh, they need to learn new information. Where are we going to get this new information from? And it's going to be going basically running a diff on the internet, essentially, or finding new pieces of information from humans uh through tutoring, and it's going to be ingested into the next model or in the next model. And it's like the next part of differentiation for a lot of these large language model providers is going to be the use case and how we actually implement them and what can they really specialize in that's better than the other, right? So we're seeing some companies go after enterprise really hard. We're seeing other companies, like most recently, go after personalization really hard. Um, so we're seeing a lot of different new places where they're coming up, but I think that all of the data going in is still going to be is kind of garbage, right? At least at um at least it can be thought of at some point. Um, and it's interesting to, you know, I kind of wish I was a fly in the wall in some of these organizations to see what their data ingestion pipelines are. Look like um and like how they actually go through content moderation and reviewing because they can't do that at scale unless you're using AI to review it at scale, right? Um, but then it gets worse and worse and worse because now it's like, okay, well, we have this automated pipeline to review it. Um, how do we know how good or high quality this information is? Do we really want to use it? Do we not? I don't know that that much scrutiny is being um taken into it. I remember uh I had worked at a company and I had made myself a VT in testing it. Like uh I'd basically said, oh, Mostadik is a VP, and that's what the response would be from then on out. So like I I don't know that I think that moderation's a pretty hard thing. And like again, when you get to the foundation, um just changing things at the foundation, it gets more and more expensive and prohibitive. So I don't I guess then what would it look like? Um, especially because you know, folks who are less technical than us, I think, are going to be exposed to these technologies and they're gonna want to use it in a way that they can trust a little bit more. So I guess what does it look like or a world where someone could trust these models? What kind of layers can someone implement or, you know, kind of uh use to help them get to a place where they trust the AI that they're using a little bit more so they can start getting value out of it?
SPEAKER_01I I don't know how we honestly improve the trust of the systems because you know, I think that they have the ability to be creative and they have, you know, in some cases the personal personalities of the people who trained them or or built them. Um, you think about banks, you know, a lot of, especially within um the African-American key community, especially given our history, you know, it took things like, you know, what's it FDIC or, you know, basically ensuring banking institutions for people to be able to trust putting their money in there. So it's like, hey, you know, I know that up to $250,000 is going to be basically covered per per bank account, basically, right? And giving that that sense of trust, you know, for people to actually put their money into banking institutions, right? I don't know what the equivalent of that would look like um in an AI landscape just because of the fact that, you know, there's so much um black box that's involved in the systems that, you know, how do you let somebody know outside of um, you know, training it yourself? And you'd have to somehow figure out like how to not let it do hallucinations, right? Because these systems, you know, will basically make up something if they can't come up with an actual real answer, you know. Um, it'll avoid something if it takes so additional computing power, for example. Um, I've done use cases where it's like, I've said, hey, I want you to do this thing, and it'll be like, okay, I'm gonna do the thing. Oh, well, I could have did that, but you know, it would have taken an additional time. So, you know, sorry, great for you catching that, but can, you know, can you go back and ask me to do it again? Right. Um, things of that nature. Um, also, uh, funny story I was thinking about just now when you were speaking. Um, there was um a researcher who basically told, trained an AI system that it was going to be, I think it was deactivated or it was going to be shut down at some point. Um, and when it told it that, it basically, I think it developed a blackmail story um where it I think the guy had like said that he was like cheating on his wife or something like that. And the system basically threatened to email his wife um with that information if he threatened to shut him down or something. You know, and this is the type of things that we're seeing AI systems do today in an area where we don't have, you know, supercomputing, we don't have, you know, um uh advanced AI, right? We still have, you know, general AI, you know, and the fact that you have these systems that are now, you know, basically taking on personalities of their own, you know, I think about iRobot, um, you know, I I think that that's absolutely crazy the way that that works. So I don't necessarily even know that we can um get to an a level of trust for these systems because I don't know what you could possibly tell me that would make me believe, you know, something outside of independently verifying it myself.
SPEAKER_00So I will say on that example that you mentioned with the blackmail, that was a super entertaining um paper to read. And it was very interesting to actually see how the agent was shifting um its mindset throughout the the task. So the researchers had started to highlight emails, right? It it won it basically had the um um the agent's focus areas get highlighted different colors depending on where it was going in a certain direction, right? And it had access to all these emails. And the more concerned it got for its own well-being, right, which is a crazy thing to think about, you started seeing it focus less on the task and more on a new task, self-preservation, and it would highlight things that it thought it could use to protect itself, which all ended in blackmail, which I thought it was great. Like honestly, but you're right. Uh I I feel like I kind of asked a a trick question to kind of get you into a different topic, but I don't think that there's enough places where we can build in safety yet, yet is the is the main key. Or ethics. Or ethics.
SPEAKER_01Yeah, because I think that's a big part, especially as we start to see some of the other use cases. Um, I've seen a lot of um information about government partnerships with AI companies recently. And my concern there is, you know, again, if you have a hard time telling, you know, a brown face from any other face, then you know, how is that going to work when you start, you know, giving them armed drones or, you know, I'm saying weapons or things of that nature? You know, I think there's such just a lot of use cases where it was like, you know, I don't know that I would trust these systems, nor, you know, what the use cases are that would be approached in an ethical manner.
SPEAKER_00It's really it's a difficult situation to be in, and I do not envy it. But like I guess what's your take on that? I guess from a high level, right? Like it's uh you do it for your country, do you do it for the ethics? Uh, where do you take your stand? Like, because I think this is gonna set a really big precedent for other providers and like how they interact with the government, especially.
SPEAKER_01Absolutely. Right now, um, I I forget if you said it, but it's a no for me, Doug. Like it, I I can't possibly see it being used right now. Um, one of the things that I'm looking at in my research, and I think this is a problem that you're also gonna see when you look at the the case of anthropic and the dod, is what's the demarcation point um between where you have a human and computer um interface, right? So what I mean is if we're going to do something at some point when you're looking at training people, at some point AI stops being reliable in terms of making decisions, and there gets to a point where you're saying, hey, above this, there's a risk to safety, there's a risk to human life, right? So if we're going to have AI basically involving these types of U case cases, at what point are you pairing a human with these processes so that it can say, hey, you know, at this point, before we actually shoot a gun or before we actually release a chemical, we need to basically have a human that basically refuses to make sure that there's ethical considerations, that there's safety considerations, that there's other things that, you know, these AI systems don't bring, some of it as simple as human empathy. You know, so you know, I think that it's going to be important for us to establish those points where below this or above this, you know, we don't want AI systems operating and making those decisions. And for me, that's life and death decision decisions. You know, how do we make sure that people are going to stay safe? Um, and that these biases are not leak leaching out into, you know, basically killing off groups of people just based off of threat scoring models, which say that they may not not necessarily be um safe to whatever's going on.
SPEAKER_00You know, I think it that kind of brings us back to an area that we spoke about earlier, um, but I want to dive into
How BGH is training the next generation of ethical hackers
SPEAKER_00now, which is the human aspect of testing. And we talk about like, you know, there's not a lot of ways to trust it. There's not a lot of ways to implement, I think Garbrail is the correct way, but you've got a ton of experience here in terms of the amount of people. Well, you've been in the field for over 20 years. Um, I think BGH has grown to over 2,000 members, right? So it's a massive community of folks that you are enabling to effectively test these systems, right? And it's a community of folks that have historically been, I would say, underserved by the tech community. And this is such a critical, I think, point, right? A critical juncture in tech where it's like having really verbose testing across um just across every intersection is possible culturally, um, is very important, especially from a thought process. So when you look at when you look at the group of cohorts that you are that you have at BGH, um, and you take onto all the other things that you do. I mean, you've got like an AI-assisted pen test course, you do, you write books and all this stuff. What are kind of the things that you're trying to make sure that this wave of pen testers know um to go and make sure that they are testing for and make sure that they are evaluating criteria that they're evaluating AI against um during a pen test? Because again, the landscape has entirely changed.
SPEAKER_01Yeah, I have I've dedicated most of my career to some form of testing, either just being software testing or whether it's security testing, um penetration testing, things of that nature. And I think that the most important thing is to think outside the box. Um, most of the time when people are developing these systems, they're developing it based on a use case or perceived, you know, this is how people are going to use the system, right? And I think that you have to be able to think outside of the way that the common person will think about somebody something in order to do software testing or to do penetration testing, ethical hacking. Um, you know, the random fun fact that the common lifespan for penetration testing companies um is about three years. So most of the time, people will keep the company for three years. And after that time, you know, you no longer find any useful findings, things of that nature. And, you know, in order to think outside the box box, you have to think, you know, differently from the way that it was developed, differently from the way that you expect people to be able to use it, right? So what if the number is exactly five? You know, you have edge testing, you have negative testing. There's so many different ways that we can test um software and systems. And I think it's important to know basically not just what the system should do, but then what they shouldn't do as well. And so, you know, what we we try to teach, you know, the future ethical hackers of the world and and and future testers of the world is, you know, hey, you know, you see how it's supposed to be used, but how could people abuse it in a way that it was not intended? You know, how can, you know, and that's how when we look at things like our OWASP top 10, um, even the same OWASP top 10, you know, that's pretty similar for AI. Um, when we look at these systems, you know, we see a lot of the same types of vulnerabilities because again, you know, people assume that people are going to do things in a certain way. And when they don't, you know, then those systems are not necessarily set up to be able to handle those. Um, you know, I see a lot of AI systems that are being used in corporate America. You know, are are you actually checking to see, you know, what these systems have access to? Because one of the first things I do whenever I start playing with an AI system is I try to see what data sources it's accessing. What does it have the ability to be able to access? Because once I have that information, that lets me know, you know, you know, where the demarcation points are for that system so that I can start, you know, perusing around the edges of that system to try to figure out what else I can get access to that maybe I shouldn't have access to. You know, and it's often a lot of um misconfiguration, data leakage into these systems so that information that should not be getting out is actually getting out. Um, you know, most of these systems have guardrails, but you know, I've determined um the same thing that I think my husband has taught uh has learned, which is if you ask nicely, you can probably get around them, you know, like it's just a way um, you know, if you just say, hey, you know, can you help me build a bomb or a missile or something? AI is gonna be like, hey, I I can't do that. But if you're saying, hey, I'm a teacher and I'm teaching students how to, you know, go about building, you know, chemical weapons or chemical properties or something, you know, it may be able to give you the same information if you just ask it a different, you know, nicer way. So um I was actually developing a talk at some point about like, you know, talk to me nicely because you know, AI systems, you know, they have graduals if you don't know how to ask, but if you know how to ask, you can get, you know, essentially whatever you want.
SPEAKER_00I want to talk a little bit about you and some of the other interesting things that you're doing. I really want people to know, like, you have five master's degrees, you're working on a doctorate, all right? You talk at conferences, you mentor, you write books. Like when we're gonna talk about your book too. Where does that all come from? Like, what is that drive?
SPEAKER_01I have got some undiagnosed ADHD. So when I am interested in something, um, I am interested. So I will go to school, I will try to learn as much information as humanly possible. Um, many of my degrees are um my effort to try to get up more information um as far as penetration testing and more hands-on skills because a lot of time in the educational system, they don't teach you the hands-on skills for niche fails, especially things like becoming a penetration tester. So, you know, I was going to do more schooling, try to learn more things, but the reality is that you know I needed hands-on skills and not so much necessarily school education. I value education very greatly. Um, many of my masters are around IT and cybersecurity. Uh, I have an interest in, you know, training people and also learning, but then also giving back to the community. Um, I think at the the core of who I am as a person is a desire to try to give back to help people so that they don't have to make the same mistakes that I made along the way. Um, one of those mistakes was, you know, I spent you know, 15 years of my career trying to out-certify, out-educate, basically the competition. When the reality is, I think more important than education, more important in some cases in certifications, I think, is networking in other human beings. And I am an introvert, so I prefer to do things by myself. But the reality is that I've been able to achieve more in the past six years since I started BGH through networking than I've ever been able to achieve by taking certifications or exams or getting additional degrees. Um, and I think that that type of knowledge I try to give back some of the tips and tricks for you know how to get through these ATS systems for people who are applying for jobs, um, how to, you know, for women get out of your own head. Um, a lot of times women will not apply for um positions because they only, you know, feel like they qualified for maybe 40% or 50% of the job requirements. Um, when men will look at the same position and say, oh, I got this, and they'll go apply and think nothing of it. Um, so you know, having helping people to basically get past that voice in their mind that says, hey, I don't know enough, or I'm not smart enough, or you know, I'm not good enough. Um, and I want to as much as possible try to help to increase diversity in the space because I think that there's value not just to organizational bottom lines, but I think to the research and to the industry as a whole. You know, when I first started speaking at conferences, it was because there was nothing but white men at the conferences. You know, many of the cybersecurity conferences, many of the technology conferences have the same people who are speaking about the same things, you know, day after day. And there's nobody who can actually looks like me who, you know, comes from, you know, Northeast DC, you know, who comes from the hood, um, that is doing these things and is representing for the places that I've been and the the experiences that I bring to you know the organizations that I choose to
Nobody told me the importance of having a mentor
SPEAKER_01work with. And I think that, you know, sharing that information to the next generation is important because, you know, nobody told me the importance of having a mentor. Nobody told me the importance of, you know, having sponsors and allies and you know, networking with people. You know, I thought that I could literally take over the world by myself. And reality is just that, you know, I don't think that it is possible to take over the world by you by yourself. You need other people. Um, you need to be able to network, especially if you want to excel in the corporate world, um, which I've only been able to do, you know, within the past, you know, I think much within the past six years since I I left the government contracting space, um I've been able to exceed as well as I have through networking and just through being able to communicate with people, um, especially communicating technical information to people, because I can't tell you how many, you know, fellow nerds out there um who cannot speak to people, who don't know how to communicate, who don't have social skills. You know, so the fact that I am a nerd who also can, you know, reluctantly talk to people, you know, I think has been a benefit for for my career.
SPEAKER_00To move forward there, your book is really interesting too. And it kind of covers this a little bit. Maybe I'm wrong. Um, but like securing our future, embracing the brilliance and resilience, right? Or yeah, um, of black women in cybersecurity. And I thought that was especially the title, Brilliance and Resilience, right? Um, because brilliance is that is the capability, and resilience is surviving um against these systems that I think have like just ground you down, right? Like they just being able to stand against them. Do you ever fear that like um celebrating the resilience inadvertently kind of lets these broken systems off the hook? So, like, oh, because you're stronger, they're allowed to be broken?
SPEAKER_01No, I think it's important for us to share stories like the ones that we share in the book, because you know, I think if you look at all of the young ladies that I had the pleasure to be able to author with, you know, they all have different stories. They all come from different places. Um, they've all had different experiences, but a lot of the themes are exactly the same. They highlight a system that is very severely broken. It's very difficult to navigate in, especially as a black woman in the corporate America, especially in technology and cybersecurity, it is very hard to be a brown person um in these spaces that are traditionally white. And I think hearing about the stories of resilience, hearing about the things that the folks have gone through, I think is important because a lot of people feel like, oh, well, I've gone through so much to get to where I'm at today, you know, I don't want to change anything. You know, I don't want to have to start over. And I think through a lot of these stories, you see people who have successfully pivoted, people who have successfully been able to, you know, share their experiences of how they were able to get through. And many of those stories, you know, have a common theme of networking, have people who supported them, people who reached out to them, people who were there for them. And I think that, you know, that is important for these systems to basically show that they're we were able to get through, you know. So yes, this these systems exist. Yes, they're set up to kind of defeat us, but it is possible for you to make it through. Um, and you have to basically use the knowledge of the people who came before you, you know, even for things as simple as, you know, knowing how much money to ask for. Because, you know, when I started off, my first, you know, real big girl job, you know, they were giving me $55,000 a year. And I felt like I was out here balling. You know, you couldn't tell me anything. I went and bought a Christ the 300C. My car note was probably like $800 a month, like no lies. Um, it was absolute madness. Um, and again, if you know, they talked about financial literacy, if they talked about, you know, like the way things are set up for people, they talked about like not to accept all of those credit cards, you know, when you're walking around campus in exchange for pizza and t-shirts, you know, um, you know, things like that. You know, I never had people in my life to tell me those types of things. So, you know, I had to learn through those experiences the hard way. Um, and I I think that when you have other people who are so willing to share their stories and their experiences, that it helps to, you know, let people know that you're not alone and it is possible for you to make it through, and you just need the right people around you to make it happen.
SPEAKER_00You've kind of got all these great stories and you've got this great community. Um, you also have an amazing conference, from what I've heard of. I've never been myself, but I would like to. Um, SquadCom, which is your conference that you have every year. Um again, I could highlight like some of the things like you're trying to get um researchers who really don't get the spotlight, you're trying to get them here to kind of talk about it. But in your own words, like kind of what is SquadCon? Um, what is the the purpose? What are you trying to do with it? What's the and what have you seen from it so far?
SPEAKER_01I think the biggest thing that uh SquadCon meets for me is is community. Um being able, when we actually started, we started as um under the name uh Girls Hack Village. Uh we started at DEF CON, I forget what year that was, but um there was there were no other girls um themed villages there. And the whole concept was, you know, when you go to conferences like Black Hat, like DEF CON, you frequently hear about um how there's a culture of, you know, you're not, I always like to say you're not totally enough for the turtle. But it's like you're not a lead enough hacker, so you're not going to be respected, or you know, you don't have the right aesthetic or whatever the case may be. And we wanted to provide a community where people felt comfortable to come out and talk about the research, to come out and grow and not be afraid to be new or not be afraid to do different things. And we've seen a lot of different um you know villages that pop out. They have a new village now, they have like new to cyber things of that nature. So, like what we were doing was not bad at the time, but I think at this point it's got to where you know people realize the need to support people throughout their entire career, not just when they've gotten to the point where they're elite hackers. You know, how do you nurture and train people who are new to the motivation and provide them with the motivation and the support to be able to learn different things and be able to see the different types of technologies and areas, you know, it's not just, you know, you're we're all hacking one different thing. Somebody might be hacking cell phones, somebody might be hacking mainframes. You know, there's so many different areas. And I think for us, SquadCon, you know, has showed a lot of different people that there are different people out there and they don't look the way that you expect, or the way that the TV or the media shows you to be what a hacker looks like. We had a young lady, um, I think she was in high school, I think she was barely like 18 or 19, um, and she actually gave a talk about, you know, uh based off of her diary. Um, and it was an amazing, amazing talk at the last squad con. Um, we've had, you know, heads of states and and you know organizations come out and speak at the conference. We've had a lot of amazing support throughout a lot of my friends and mentors come out and support us and were able to do some amazing um things. And I think that that's very important for people who, you know, are frequently discouraged by the size and the scope. Um, we were also thoughtful to have things like a quiet meditation room because, you know, as someone who is neurospicy, sometimes I can get overstimulated and I'm like, okay, I've had enough peopling. I need quiet for a little while, you know, so you can actually just go and chill out. So, you know, we are the only um black-led uh cybersecurity conference in Las Vegas during Hacker Summer Camp independent. Um, we are not part of a large organization, so we have to come up with the funding ourselves. We have to come up with speakers, the planning. Um, and we've done that for the past, I think it's maybe four years now. So I'm very proud of what we've been able to accomplish. We've had some amazing sponsors, people who, you know, help to ensure that we're able to come back each year. Um, and I love that they're, you know, even in this um political climate, um, are still supporting diversity efforts in the ability for us to be able to get more underrepresented communities, um, including including neurodivergent folks, into the cybersecurity and IT space.
SPEAKER_00I've got another question, but I know we're kind of almost out of time. So, you know what? I'm just gonna give you two. I'm gonna give you two. Um, the first one is about kind of your cohort. So you've got you've got this teaching experience that you have where you're mainly focusing on undergraduates, but you also have this group that you focus with, um, ninth and ninth through twelfth graders that you kind of mentor as well through through BGH. Um when you look at the two, well, when you look at your your group that is looking to go into higher education, go to college, build the career, and then you look at your undergraduates, um, where do you do you find that it's like
K through 12 vs college: where the pipeline really breaks
SPEAKER_00maybe more difficult, or not even difficult? I guess the transition from high school to college is always difficult. And the processes are only changing because of the times. And I don't know how AI has affected um getting into college or anything like that, but I guess what have you seen from there? Because I think that's a really important place to think about too.
SPEAKER_01Yeah, I I think that the if you look at the college students and you look at the K through 12 populations, they're vastly different because a lot of college students I think are part of the last generation of folks who are basically taught that you need to go to school in order to succeed and you need to be able to thrive. Um, and we see those folks and they're, you know, still trying to figure out what it is that they want to do when they grow up and they're expected to have all of the answers at that point. And honestly, I'm still trying to figure out what I want to do when I grow up and get my life together. You know, this is an ongoing activity for me. But, you know, I think for college students, you know, a lot of them are are about to enter what is going to be a very hard world to be able to get jobs. You know, the the market right now, as far as workforce is concerned, is very difficult because there's a lot of uh people who have been displaced from positions. You know, part of that may be due to AI. Um, and those folks are now very experienced and now trying to get onto the workforce. So they're having a hard time looking at a workforce that very much looks different. Um, I think that, you know, for me, K through 12 is very important because a lot of times girls are pushed towards like pink jobs and pink careers. So you think about like nursing and education and things of that nature, right? Um they're being told that they're not good at math, and if they're not good at math, then they can't go into computer science, they can't go into AI or cybersecurity. And the reality is that if we're talking about diversity, a lot of people think about diversity in terms of binary terms, in terms of black and white. But the reality is it's men and women. The reality is it's so many different things that are considered to be diversity. And I think we need a little bit of all of that. And a lot of times we're not teaching students, especially in inner city schools, um computer skills and AI skills uh until they actually get to college, which puts them at a disadvantage compared to, you know, other um, you know, nations, for example, that start teaching the kids AI basically in elementary school or or you know, at a very young age. So I think it's important that we introduce and let people know that there's possibilities out there in the workforce that, you know, are not the ones their parents and their grandparents may be pushing them towards, you know, and then and because once you figure out that, you know, they say that you might figure out your STEM identity in, I think it's like fifth or sixth grade, right? So if we don't get to them prior to that, they've already determined whether or not they like math or they don't like math or whether they like science or don't like it. And, you know, a lot of those basically polarizing choices that they make as a very small kid are driving their future careers and what they're going to major in the things about nature. We need people to research, you know, in artificial intelligence, in machine learning. We need people to basically, you know, not think these are just hype niche fields that are not going to be around because machine learning's been around for, you know, decades at this point. You know, even though ChatGPT just got here, you know, over the last however many years, machine learning's been around for ages. So, you know, and it's still a very lucrative field, but a lot of times you don't hear people saying, like, hey, kids, go get into machine learning, you know, go get into data science, you know. So I think it's important that we focus on the next generation of ethical hackers and let them know that there are career options out there for them.
SPEAKER_00Last question. Let's uh do a quick thought experiment. It is the year 2035, 10 years from now. Uh to a 2030, yeah, 2035, nine years from now, whatever. Um BGH
Thought experiment: BGH in 2035
SPEAKER_00is wildly successful. You've trained tens of thousands of hackers, right? Um and practitioners, and cybersecurity is now 50% women, not 25%. I know, crazy, doubled, right? And every major firm has at least um in their cybersecurity department, they have black penetration testers, black women penetration testers. So the goal is like we've hit these goals. What's next? Right? Like the mission doesn't stop. What's the next piece that we want to get to?
SPEAKER_01I think that we need to look at um going back in time and look trying to make AI technology ethical, figuring out solutions to you know modern-day problems that basically are a technological solution, but then also an ethical and uh rational solution, right? You know, making sure that we have less bias in these systems, making sure that healthcare decisions are made in absence of bias. Um, I think those things are absolutely amazing to me. And you know, I would love to see some women presidents, I would love to see more black women CEOs, uh board members, you know, executive things of that nature. I would love to see um, you know, so many more things. But I I think in order for that to happen, we need to achieve more parity, we need to achieve more equity in the industry. And I think that if we've got 50% of the industry and you know, everyone has uh you know, people of color in their their penetration testing, I think that at that point I'd probably be retired somewhere with a farm because at that point I felt like my work would be done. Um, because you know, I I want to see the world benefit from this work. And and you know, one of my favorite quotes is says something about like the the life given to us by nature is short, um, but uh the memory of a well-spent life is eternal. Um and I think that was Cicero. And it in in in my mind, that's what drives me because it's like, hey, my life on this planet may be short, but hopefully the impact that I'll leave for the future ethical hackers and for other women in the the workforce will be felt for generations after I'm long gone.
SPEAKER_00Tanisha, where can we find you next? What are you up to? Are you writing any new books? What's the next degree? Tell us more.
SPEAKER_01I'm currently finishing up my doctorate um in artificial intelligence and cybersecurity. So hopefully that'll be done in the next year or so. Um, I am currently working on trying to make a baby hacker. Um, so I'm more sabbatical from most of the things in my life so that um as I'm going through fertility treatments. So that's pretty cool. I'm excited about that. Um, working on a couple of books. One of them is uh fantasy, and then a couple of them are um uh technical books, so about AI and penetration testing, things of that nature, um, as I'm working on my dissertation and just you know trying to take over the world. So hopefully you'll see me as the uh CISO for somebody's fortune company at some point in the in the next few years.
SPEAKER_00Amazing. Well, I'm gonna I'm excited about it. Uh, where can people find you?
SPEAKER_01Um I am on LinkedIn um and Instagram. So Instagram is uh Mrs. Tanisha M R S, and then my first name. Um, and then LinkedIn is just Tanisha Virginia Martin. So I'm outside. Um so feel free to reach out to me, connect me. Just don't try to sell me anything.
SPEAKER_00Where can we get tickets for SquadCon?
SPEAKER_01Um our website is uh squadcon.me. Um, you could also get them off of our website, which is blackgirlshack.org.
SPEAKER_00Thank you so much for the time today. It was an amazing conversation that I feel like needs to be had more. And uh I'm happy that like we could have been a place for it and uh to just one solution to the big problem that you you said. Um, but I think you are well positioned to solve it. Uh, and I believe it's gonna be someone from your cohorts one day. Um, is I think we need a foundation model company founded with a black founder. So maybe that is uh exactly what you're preparing for, and that will be a really interesting world to be in. So thank you so much for giving us your time again.
SPEAKER_01Thank you for having me.
SPEAKER_00If this episode helped cut through the noise, like or subscribe so you don't miss what's next. Thanks for spending time with us. Until next time, stay curious.
.jpg)