DrZeroTrust: Hey, good afternoon, evening, morning, whatever it is, wherever you might be. Obviously, I'm at the RSA show here in San Francisco. CxO Security Forum Ch1: Hey, good afternoon, evening, morning, whatever it is, wherever you might be. Obviously, I'm at the RSA show here in San Francisco. DrZeroTrust: where nothing is going on and everything is super boring and it's not sensory overload. It's very quiet. Yeah, there's not like people wrestling and bull riding and I think I saw horses yesterday. Duel horses? Yeah, so I'm Chase Cunningham or Dr. Cunningham or Dr. If you're with a friend of mine, Michael Hiskey. Michael, tell folks who you are and what you do. So I have a community for sea level executives that are interested in cyber security, fraud and risk stuff that's generally CISOs and we CxO Security Forum Ch1: Where nothing is going on and everything is super boring and it's not sensory overload. It's very quiet. Yeah There's not like people wrestling and bull riding and I think I saw horses yesterday horses Yeah, so I'm chase Cunningham or dr. Cunningham or dr. Trust if you knew with a friend of mine Michael Hiskey Michael tell folks who you are and what you do so I Have a community for sea level executives that are interested in cyber security fraud and risk stuff that's generally see sows and we DrZeroTrust: get together periodically at places like RSA and other big industry conferences and make some observations on the market. CxO Security Forum Ch1: get together periodically at places like RSA and other big industry conferences and make some observations on the market. DrZeroTrust: So being that you're, let's just say, not a hardcore technologist, right, which is fair, like what's your view of everything that's going on here? I mean, especially from someone that does events and hosts stuff and has come from that space, like, to me it's just, we've gone full bonkers and it seems like it just keeps coming. If this isn't peak RSA, I don't know what is. mean, really, like, where do we go from here? So I... CxO Security Forum Ch1: So being that you're, let's just say, not a hardcore technologist, right, which is fair, like what's your view of everything that's going on here? I mean, especially from someone that does events and hosts stuff and has come from that space, like, to me it's just, we've gone full bonkers and it seems like it just keeps coming. If this isn't peak RSA, I don't know what is. mean, really, like, where do we go from here? So I... DrZeroTrust: Look, I think that the... event... CxO Security Forum Ch1: Look, I think that the... event... DrZeroTrust: of the cyber security industry. I I guess all enterprise solutions in general, but cyber in particular, I think that whole system is broken. Like, materially broken. The way in which enterprise solutions are kind of sold and marketed, and the way in which they are evaluated and purchased, that whole system is materially broken in the way that I believe the US healthcare system is broken. Which is broken. Yeah, meaning that it doesn't get fixed because the people that own the system make money on the brokenness of the system. That's CxO Security Forum Ch1: part of the cyber security industry. I I guess all enterprise solutions in general, but cyber in particular, I think that whole system is broken, like materially broken. The way in which enterprise solutions are kind of sold and marketed, and the way in which they are evaluated and purchased, that whole system is materially broken in the way that I believe the US healthcare system is broken. Which is broken. Yeah, meaning that it doesn't get fixed because the people that own the system make money on the brokenness of the system. That's point. DrZeroTrust: Keep it broke. There's 44,000 people here. There's I don't know I think there's 10 million but I've no idea I can't even count how many vendors are here but what I find interesting is that somehow they just keep finding the CxO Security Forum Ch1: Keep it broke. There's 44,000 people here. There's I don't know. I think there's 10 million. I can't even count how many vendors are here. But what I find interesting is that somehow they just keep finding a new way to really say the same stuff a little bit differently. And this year that's obviously the AI flavor. Yeah, I I really do believe like if you boil it down, there's thousands of vendors here probably. Let's call it 2,000. DrZeroTrust: to really say the same stuff a little bit differently. And this year, that's obviously the AI flavor. Yeah, I I really do believe if you boil it down, there's thousands of vendors here, probably. Let's call it 2,000. would say 10 % of that is really actually valuable and aligned on fixing the problem. I'd say the majority of many of the rest of them are money grab and VC pump and dump. CxO Security Forum Ch1: 10 % of that is really actually valuable and aligned on fixing the problem. I'd say the majority of many of the rest of them are money grab and VC pump and dump. My first observation is that you look at a lot of the things out there on the show floor and you say... DrZeroTrust: My first observation is that you look at a lot of the things out there on the show floor and you say... that's not a product, that's a feature. ⁓ What I see out here is roadmap filler for other people's portfolios eventually. That's a good way to put it. And it's kind of a, maybe it's a get me bought strategy, maybe that's the VC strategy, If I want to get 5X on my money in three to five years, you're not going to grow that organically. Well, on the goal, mean, the VC's in this space, you don't see that whole CxO Security Forum Ch1: that's not a product, that's a feature. ⁓ What I see out here is roadmap filler for other people's portfolios eventually. That's a good way to put it. And it's kind of a, maybe it's a get me bought strategy, maybe ⁓ that's the VC strategy, If I want to get 5X on my money in three to five years, you're not gonna grow that organically. Well on the goal, mean, the VC's in this space, you don't see that whole DrZeroTrust: The rule of 40 thing really showing up in any other space necessarily. Like people talk about it, whatever, but in cyber, the rule of 40, it's a rule because they expect that. And here, evergrowth just continues to go forward. from the perspective of the problems being fixed, I think all we're doing here is just regurgitating the problem space with a slightly different tangent. Like a few years ago, yes, I get it. Like people were talking ZT and blah, blah. Okay, fine. CxO Security Forum Ch1: rule of 40 thing really showing up in any other space necessarily like people talk about it whatever but in in cyber the rule of 40 it's a rule because they expect that and here ever growth just continues to go forward and from the perspective of the problems being fixed I think all we're doing here is just like regurgitating the problem space with a slightly different tangent like a few years ago yes I get it like people were talking ZT and blah blah blah okay fine there was still like a strategic sort of value to that and we've crossed the chasm, jumped the shark, But AI, like number one, when I walk around here, I don't get anyone that actually tells me what the AI is. I get the response that it's AI, that doesn't mean shit. And then when you get deeper into it, I literally talked with a guy who, the deeper I got into it, I basically figured out that he's put a UI on top of an API to talk to chat GPT. And he's getting funding. DrZeroTrust: there was still like a strategic sort of value to that and we've crossed the chasm, jump the shark, whatever. But AI, like number one, when I walk around here, I don't get anyone that actually tells me what the AI is. I get the response of it's AI, that doesn't mean shit. And then when you get deeper into it, I literally talked with a guy who the deeper I got into it, I basically figured out that he's put a UI on top of an API to talk to chat GPT. And he's getting funding. CxO Security Forum Ch1: I mean, I could do that too. Can't you just create a new chat GPT thing and send out the link publicly? Like I could do that. And the issue is we're supposed to be the power of community. What if your community is just fucking things up for everybody? I own a community. I see myself as a community organizer. have C-Sills in your community. Right. So I have a little bit of a... DrZeroTrust: I I could do that too. Can't you just create a new chat GPT thing and send out the link publicly? Like I could do that. And the issue is we're supposed to be the power of community. What if your community is just fucking things up for everybody? I own a community. I see myself as a community organizer. have C-Sills in your community. Right. So I have a little bit of a... thing about power of community when it comes to RSA, all apologies aside, because it's not a very inclusive community. It's like a community if you could afford $100,000 to sponsor a booth, spend $700 a night to stay in a hotel, fly yourself. It's not a very inclusive community, right? It's a very expensive community. It's like the rich neighbors. kind of you walk by their gated community and you get to look in. RSA is the mafia of the cybersecurity industry. CxO Security Forum Ch1: about power of community when it comes to RSA, all apologies aside, because it's not a very inclusive community. It's like a community if you could afford $100,000 to sponsor a booth, spend $700 a night to stay in hotel, fly yourself. It's not a very inclusive community, right? It's a very expensive community. It's like the rich neighbors. kind of like, you walk by their gated community and you get to look in. RSA is the mafia of the cybersecurity industry. What I mean by that DrZeroTrust: Is Black Hat any better? But RSA has this, you could skip a Black Hat. You don't get to skip an RSA, otherwise people are going to People are going you're not at RSA, I don't know, we're not going to be able to... But there's kind of a different, let's call it, kind of a different clientele per each one, right? So this one is supposed to be more leadership and C-level and executives and strategic thinking and that sort of thing. Black Hat is, originally, because I was at Black Hat forever ago when it was like 100 dudes in a room. CxO Security Forum Ch1: Is Black Hat any better? But RSA has this, you could skip a Black Hat. You don't get to skip an RSA, otherwise people are going to People are going to you're not at RSA, I don't know, we're not going to be able to... But there's kind of a different, let's call it, kind of a different clientele per each one, right? So this one is supposed to be more leadership and C-level and executives and strategic thinking and that sort of thing. Black Hat is originally, because I was at Black Hat forever ago when it was like 100 dudes in a room. DrZeroTrust: Like it used to be... All in black t-shirts by the way. Right, it all used to be like, you know... CxO Security Forum Ch1: Like it used to be all in black t-shirts, right? It all used to be like, you know Hacker stuff in the in the summer like he's called hacker summer camp, right now It's become RSA 2.0 in a worst city with worst heat In the middle of the summer. It's why in August in Vegas like whoever decided to do that in August in Vegas, you know It's on my could we be in Phoenix? about the face of the Sun? Can we literally just put us on the face of the Sun? No, and and then do you think DEFCON is? DrZeroTrust: hacker stuff in the summer. Like you used to it hacker summer camp. Now it's become RSA 2.0 in a worst city with worst heat. In the middle of the summer. Why in August in Vegas? Like whoever decided to do that in August in Vegas. You know it's like could we be in Phoenix? How about the sun? face of sun. Can we get it? Can we literally just put us on the face of the sun? And then do you think DEFCON is what Black Hat was? Yeah I think it's like trickle down. I mean you got RSA which is big CxO Security Forum Ch1: is what Black Hat was. Yeah, think it's like trickle down. I mean, you got RSA, which is big, supposedly big strategic thinking, C-level, whatever. Black Hat, a little bit more. DrZeroTrust: supposedly big, strategic thinking, C-level, black cat, little bit more... CxO Security Forum Ch1: doers and planners and strategizers and whatever. And then DEF CON is some actual things that you would be interested in from the perspective of doing the work. You know, I'll give a hot take on this. I think the Gartner Security Summit, the thing in National Harbor, is underappreciated because there's a lot of CISOs there. There's a lot of CISOs in town for RSA, but they're not setting foot on the show floor. No. This is terrible expression. If a bomb were to go off in this building, I don't think any CISOs would be harmed. DrZeroTrust: and planners and strategizers and whatever. And then DEFCON is some actual things that you would be interested in from the perspective of doing the work. You know, I'll give a hot take on this. I think the Gartner Security Summit, the thing in National Harbor, is underappreciated because there's a lot of CISOs there. There's a lot of CISOs in town for RSA, but they're not setting foot on the show floor. No. This is terrible expression. If a bomb were to go off in this building, I don't think any CISOs would be harmed. No, would be a lot of people dressed up as characters. Marilyn Monroe would die again. And again, Taylor Swift. would know what happened to her. I think the other thing is, stuff we're doing with AI, the stuff that's good, that's not AI-washed, because 8 out of 10 booths have an AI explicitly labeled on there, is not creating new problems as much as it's exposing old problems much more quickly. Sure. CxO Security Forum Ch1: No, would be a lot of people dressed up as characters. Marilyn Monroe would die again. Again, and again. Taylor Swift. know what happened to her. I think the other thing is, stuff we're doing with AI, the stuff that's good, that's not AI-washed, right? Because eight out of ten booths have an AI explicitly labeled on there. Is not creating new problems as much as it's exposing old problems much more quickly. Sure. DrZeroTrust: None of those old problems were unknown to us. Yeah, fair enough, but the Creating an exploit that quickly is new. ⁓ sure ⁓ CxO Security Forum Ch1: None of those old problems were unknown to us. Yeah, fair enough, but the Creating an exploit that quickly is new. ⁓ sure ⁓ DrZeroTrust: And then the, I mean, but then the part of it now is like you're talking to these folks and they go, okay, so it's like, let me get this straight. Your solution to my problem is your bot is going to monitor the bots that are doing the bot things for the bots. you remember Oracle's solution to everything was buy more Oracle? Well, isn't it a little bit like that? Right. mean, it's, you know, and it's not that I don't think that people do innovative stuff here. I think they do. There's brilliant, smart people. absolutely cutting edge. I think there's valuable capabilities, but it's just, CxO Security Forum Ch1: And then the, I mean, but then the part of it now is like you're talking to these folks and they go, okay, so it's like, let me get this straight. Your solution to my problem is your bot is gonna monitor the bots that are doing the bot things for the bots. Do you remember Oracle's solution to everything was buy more Oracle? Well, sure. Isn't it a little bit like that? Right, I mean, it's, you know, and it's not that I don't think that people do innovative stuff here. I think they do. There's brilliant, smart people. They're absolutely cutting edge, I think there's valuable capabilities, but it's just, DrZeroTrust: I mean, we've just gone full nuts on, I saw people wrestling. Like I walked there, I was like. Full on. Full, mean just. that's right next to Mel's diner down there. Yeah, and then there was a dude of writing bulls and I want to know about the liability release on that. ⁓ No goats this year. No, I actually like the goats. I gave them props. cats, no kitten petting, no but the goats I gave them props. If you're call yourself a goat, you better have a goat. They had actual goats, so. CxO Security Forum Ch1: I mean, we've just gone full nuts on, I saw people wrestling. Like I walked there, I was like. Full on. Full, mean just. that's right next to Mel's diner down there. Yeah, and then there was a dude of Riding Bulls and I wanna know about the liability release on that. ⁓ No goats this year. No, I actually like the goats. I gave them No cats, no kitten petting, no Yeah, but the goats I gave them props. You're call yourself a goat, you better have a goat. And they had actual goats, so. DrZeroTrust: There's not been any animal cruelty at all. There's no vehicles. Usually someone has a Ferrari or Oh no, there's been a couple vehicles. I didn't see them. Yeah, so there's been a couple vehicles that drove around. Normally down there. Oh, well yeah. But mean the cyber trucks I've been seeing around here. Okay, another thing that I'm scratching my head about is have you seen these little convoys of branded vehicles? I'm not going to name CxO Security Forum Ch1: There's not been any animal cruelty at all. There's no vehicles. Usually someone has a Ferrari or Oh no, there's been a couple vehicles. I didn't see them. Yeah, so there's been a couple vehicles that drove around. Normally down there. Oh, well yeah. But mean the cyber trucks I've been seeing around here. Okay, another thing that I'm scratching my head about is have you seen these little convoys of branded vehicles? I'm not going to name DrZeroTrust: but you know there'll be four escalades in a row all dude it up and they're empty. like I thought maybe they were moving their executives around or they're carting people around for free. No, it's just billboards. And like the and then the digital billboards right those trucks. in a very green city. right. You're driving around in circles, congesting traffic with these diesel trucks. CxO Security Forum Ch1: but you know there'll be four escalades in a row all dude it up and they're empty. like I thought maybe they were moving their executives around or they're carting people around for No, it's just billboards. And like the and then the digital billboards right those trucks. So in a very green city. right. You're driving around in circles congesting traffic with these diesel trucks. DrZeroTrust: So it's I don't it's it's it's I was talking to I was actually having dinner with or legitimate see so Last night and he runs a really big org and I asked him flat I was like, do you get any value out of the show? He goes, nope Unequivocally. Nope. I said, then why do you come out here? He goes I'm here for hallway con He's like I want to talk to lobby con run into people like in town for all right He's like all my stuff is around here. Yeah over at the Four Seasons CxO Security Forum Ch1: So it's, I don't, it's, it's, it's, I was talking to, I was actually having dinner with, legitimate CISO last night, and he runs a really big org. And I asked him flat out, was like, do you get any value out of the show? He goes, nope. Unequivocally, nope. I said, so then why do you come out here? And he goes, I'm here for HallwayCon. He's like, I want to talk to people. LobbyCon, Run into people. Like, town floors. Yeah, he's like, all of my stuff is around here. Yeah, is he over at the Four Seasons? I don't know where he's at, but. The Four Seasons are the power bro. DrZeroTrust: brokers that the Seasons the Marriott marquee the W the st. Regis you W like George well Texas right so I mean like that's and then all the other little things happening in little spots around here but to you know further that point asked him I was like so let me ask you about kind of the legacy power of research in this space I said is any of that is any of that driver decision decision driver for you said no not at all he said it's a data point and I was like CxO Security Forum Ch1: The Four Seasons, the Marriott Marquis, the W, the St. Regis. You say W like George. Yeah, well, Texas, right. So I mean, that's... Little things happening in little spots around here. to further that point, asked him, I was like, so let me ask you about kind of the legacy power of research in this space. I said, is any of that driver decision driver for you? He said, no, not at all. He said, it's a data point. And I was like, that's interesting to hear somebody that's that big muckety muck say, and they pay a shitload of money for that research. For him to say flat out, I don't give value out of the show. DrZeroTrust: That's interesting to hear somebody that's that big muckety muck say, they pay a shitload of money for that research. For him to say flat out, I don't give value out of the show, and the research is published by the orgs that we pay a shitload of money for publishing, it's a data point. ⁓ CxO Security Forum Ch1: and the research is published by the orgs that we pay a shitload of money for publishing, it's a data point. ⁓ DrZeroTrust: That's interesting. Like we're at an inflection point, I We're at peak RSA. think that one... So a positive comment I heard, this was from a Gartner friend of mine. said, it's like walking into my LinkedIn. Yeah, okay. That's a good way It's like all these people who exist in the profile and I love running into all the folks, you know what mean? Like the people I... That's a good, great way to put get that. You're taller. You're taller than I thought you were. Yeah, right. Everybody said, oh, you're bigger. Yeah, you're bigger than you are online. That's how TVs work. know. Yeah. I ran into a dude the other day and he turned around and he was like... And you're dumber. CxO Security Forum Ch1: That's interesting. Like we're at an inflection point, I think. We're at peak RSA. think that one... So a positive comment I heard, this was from a Gartner friend of mine. said, it's like walking into my LinkedIn. Yeah, okay. That's a good way it. It's like all these people who exist in the profile and I love running into all the folks, you know what mean? Like the people I... That's a good, great way to put get that. You're taller. You're taller than I thought you were. Yeah, right. Everybody said, oh, you're bigger. Yeah, you're bigger than you are online. That's how TVs work. I know. Yeah. I ran into a dude the other day and he turned around and he was like... And you're dumber. DrZeroTrust: Well, there's a whole other story there. The good thing is, yes, seeing your friends and meeting people and those conversations and whatever else, from the... CxO Security Forum Ch1: Well, there's a whole other story there. The good thing is, yes, seeing your friends and meeting people and those conversations and whatever else, but from the... where this goes, mean, we have to get to a space where we need to go back to where it started. And back to where it started, think is, it's the B-sides, it's the smaller events, it's the ones where you have time to sit down and actually talk to folks. if I hear Chatham House rules one more time, I'm gonna ninja kick whoever says it. Because a lot of these places will tell you Chatham House rules, and you say stuff, and then what's the first thing they do? DrZeroTrust: where this goes, I mean, we have to get to a space where we need to go back to where it started. And back to where it started, think is, the B-sides, it's the smaller events, it's the ones where you have time to sit down and actually talk to folks. if I hear Chatham House rules one more time, I'm gonna ninja kick whoever says it. Because a lot of these places will tell you Chatham House rules, and you say stuff, and then what's the first thing they do? ⁓ CxO Security Forum Ch1: fun and games until some idiot puts it on the internet. The Chatham House rules or the community, let me say community, has become the new thought leadership. You know what I mean by that is thought leadership is what vendors use to dress up their pitch deck to sound like something else, but it's just a reverse engineered pitch deck. I think you're doing the same thing now with community. ⁓ it's not a pitch. Come out. DrZeroTrust: fun and games until some idiot puts it on the internet. The Chatham House rules or the ⁓ community, let me say community, has become the new thought leadership. You know I mean by that is thought leadership is what vendors use to dress up their pitch deck to sound like something else, but it's just a reverse engineered pitch deck. I think you're doing the same thing now with community. It's not a pitch. Come out, we're just gonna talk. It's gonna be all about community, know, no rules, Chatham House rules, nothing, no, and then it's still a pitch. CxO Security Forum Ch1: you're just gonna talk, it's gonna be all about community, know, no rules, shadow house rules, nothing, no, and then it's still a pitch. Like anything you go to, if it's clearly put on by a vendor. Which, and I mean, get, like, I get it, right? You've gotta pay for whatever you're doing for it, some level, and I just think that that's where this whole thing is getting to that stage of, it's, the house of cards is beginning to teeter a bit. And this is my point, I wanna find solutions DrZeroTrust: go to if it's clearly put on by a vendor. Which, I mean, I get it, right? You've got to pay for whatever you're doing for it at some level. I just think that that's where this whole thing is getting to that stage of the house of cards is beginning to teeter a bit. And this is my point. I want to find solution providers that are really honestly willing to just pay for the privilege of being in the right room with a very curated CxO Security Forum Ch1: providers that are really honestly willing to just pay for the privilege of being in the right room and listening with a very curated group of people. So we did our breakfast on Tuesday, 25 CISOs for my community, and ⁓ I think one of the best summaries that came out of it, we talked a lot about AI and everything else, was really about getting back to basics. The thing that's still missing is the basics. DrZeroTrust: group of people. So we did our breakfast on Tuesday, ⁓ 25 CISOs for my community, and ⁓ I think one of the best summaries that came out of it, we talked a lot about AI and everything else, what was really about getting back to basics, like the thing that's still missing is the basics. I don't see that being marketed, like if your AI is as awesome as it is, cool. How does your AI make us do the basics really, really well repeatedly that solves the problem? CxO Security Forum Ch1: And I don't see that being marketed like if your AI is as awesome as it is, cool. How does your AI make us do the basics really, really well repeatedly that solves the problem and goes along those lines? You know, it's like so, you know, Richard Steen and our friend talked a little bit about the AI sock was the first thing that took off. And that makes sense. You know, we've got AI that can do art and make music. I don't want that. I want to do art and make, like, I like stuff that's a fun human thing. I want my AI to like do the dishes. I want it to do DrZeroTrust: goes long, long, you know, it's like so, you know, Richard Steen and our friend talked a little bit about the AI sock was the first thing that took off. And that makes sense. You know, we've got AI that can do art and make music. I don't want that. I want to do art and me. I like I said stuff that's a fun human things. I want my AI to like do the dishes. I want it to do the boring stuff. It does develop the robot that does folds laundry. I'm paying for that day like that. There's a couple of things in this world I will plop down money for and that could be a laundry folding robot. CxO Security Forum Ch1: boring stuff. If Tesla does develop the robot that does folds laundry, I'm paying for it that day. Like that, there's a couple things in this world I will plop down money for. And then that could be A laundry folding robot, done. What if we could use the shiny new object of AI and the idea that as a CISO you're viewed as a cost center, but you could get money for AI stuff. What if we use that budget coming in for AI and used it to address the basics? But that's not sexy. DrZeroTrust: Done. What if we could use the shiny new object of AI and the idea that as a CISO you're viewed as a cost center but you could get money for AI stuff. What if we use that budget coming in for AI and used it to address the basics? But that's not sexy and that's not gonna help any VC rule of 40. Yeah. You know what mean? And I mean... CxO Security Forum Ch1: and that's not gonna help any VC rule a 40. You know what I mean? I mean, goes, know, money ultimately is the root of all evil. Like that's where this all begins. And it kind of blows my mind, because I had a session I was doing with some folks down by the water, and it was like, who in this room agrees you could do effective security with open source and never pay a nickel? Everybody raise their hand. And I said, who wants to do it? Nobody raise their hand. DrZeroTrust: goes, ⁓ money ultimately is the root of all evil. That's where this all begins. It kind of blows my mind because I had a session I was doing with some folks down by the water, and it was like, who in this room agrees you could do effective security with open source and never pay a nickel? Everybody raise their hand. And I said, who wants to do it? Nobody raise their hand. No version control. And then it's just a, and I mean, they're totally fair in that approach. I wouldn't want to do it either. Yeah. So like, there's got to be a medium, there's got to be a happy ground here somewhere. I don't know what is CxO Security Forum Ch1: no version control. And then it's just a, I mean, they're totally fair in that approach. I wouldn't want to do it either. Yeah. So like there's got to be a medium, there's got to be a happy ground here somewhere. I don't know what it's going to take for it to collapse in us, find that and actually go, this is where it is. But we're, we can't get much more peaky. What does it say about our industry? Like what's next? Like where does it go from here? Do you think we take a dip? Does RSA descend next year and it's not as crowded or? DrZeroTrust: going to take for it to collapse and us find that and actually go this is where it is but we're we can't get much more peaky. What does it say about our industry like what's next like where does it go from here do you think we take a dip does RSA descend next year and it's not as crowded or does it continue to? No I think it's only beginning to get bonkers because it's the the AI stuff is the gas on the fire and the fire was already pretty hot now it's napalm and it sticks there. CxO Security Forum Ch1: Does it continue to? No, I think it's only beginning to get bonkers because it's the the AI stuff is the gas on the fire and the fire was already pretty hot. Now it's napalm and it sticks to everything. That's Agent Orange, isn't it? Well, both. I mean, we're just we're just pushing in the actual when you what's funny, too, is if you talk to some of these folks that are the CEOs and running some of these new fancy cool things and you ask them about I told them DrZeroTrust: That's Agent Orange, isn't it? Well, both. We're just pushing. What's funny too is if you talk to some of these folks that are the CEOs and running some of these new fancy cool things and you ask them about, I told them one of them I was working with, was like, what's the value proposition? And starts going down how this does that and blah, blah, blah, and all the cool things it does and the speed, it's great. What's the value proposition to me? CxO Security Forum Ch1: one of them I was working with, was like, what's the value proposition? And he starts going down, how this does that, and blah, blah, blah, and all the cool things it does, and the speed, and, it's great. What's the value proposition to me? Well, it does this, blah, blah, sure. DrZeroTrust: Well, it does this that, sure. But where is that? Where is Where is it from me? I don't want to start a new topic here. I'm also hearing a lot of, I either get somebody who's a technical founder or ⁓ one of the whiz kid sales engineers who gives me an answer that is 45 minutes of mind numbing excitement. Or I get a marketing kid, forgive me, who'll say, ⁓ I'm new here. It's my 13th day on the job. And you're in the booth, right? Couldn't you chat cheap E.T. some CxO Security Forum Ch1: But where is that? Where is Where is it for me? I don't want to start a new topic here. I'm also hearing a lot of, I either get somebody who's a technical founder or one of the whiz kid sales engineers who gives me an answer that is 45 minutes of mind numbing excitement. Or I get a marketing kid, forgive me, who'll say, ⁓ I'm new here. It's my 13th day on the job. And you're in the booth, right? Couldn't you chat cheaply T-Sum? DrZeroTrust: on the way out of here on the Your ability to get through this conversation with a monocle of dignity is really what sets you apart. Why you should be here. CxO Security Forum Ch1: on the way out of here on plane. mean, at least have an answer for me. Your ability to get through this conversation with a monocle of dignity is really what sets you apart, why you should be here. DrZeroTrust: It genuinely concerns me for the future state of security across the US and globally that the hype cycle now is the AI hype cycle. And I think there's going to be a lot of organizations in the very near future, call it next 12, 18 months, Dr. Zero Trust prediction here, are going to be very disappointed in a lot of the things they bought that didn't deliver on that the way that they were expecting. ⁓ CxO Security Forum Ch1: It genuinely concerns me for the future state of security across the US and globally that the hype cycle now is the AI hype cycle. And I think there's going to be a lot of organizations in the very near future, call it next 12, 18 months, Dr. Zero Trust prediction here, are going to be very disappointed in a lot of the things they bought that didn't deliver on that the way that they were expecting. We'll do one downbeat before we go back. We got to end on a positive note. In the late night cigar gathering, the corn con guys have a great gathering. By the time the evening was getting late, the CISOs that were there were starting to try and predict which companies' business models are going to be totally outmoded by this time next year. And there were some candidates of, could AI the heck out of this, and I could AI the heck out that. Why would I need this anymore? DrZeroTrust: We'll do one downbeat before we go back. We got to end on a positive note. the late night cigar gathering, the corn con guys have a great gathering. By the time the evening was getting late, the CISOs that were there were starting to try and predict which companies' business models are going to be totally outmoded by like this time next year. And there were some candidates of, could AI the heck out of this and I could AI the heck out of that. Like, why would I need this anymore? CxO Security Forum Ch1: You made a mess better with that tool, but if I could just make the mess better with AI, why would I buy your thing? I don't need another screen to look at. Yeah, it's just more of the same. I mean, there's total value in this AI stuff, even though again, none of it's AI. It's LLMs and MLs and whatever else. Like in the Cunningham household, I tell my kids, we cheat to win. So like, I don't know about you, but when I grew up, they would tell us, don't use calculators. Wait, don't use a calculator even though you're giving me algebra and stuff like that. DrZeroTrust: You made a mess better with that tool, but if I could just make the mess better with AI, why would I buy your thing? I don't need another screen to look at. Yeah, it's just more of the same. mean, there's total value in this AI stuff, even though again, none of it's AI. It's LLMs and MLs and whatever else. Like in the Cunningham household, I tell my kids, we cheat to win. So like, I don't know about you, but when I grew up, they would tell us, don't use calculators. ⁓ Wait, don't use a calculator even though you're giving me algebra and stuff like that. CxO Security Forum Ch1: and they're doing the same thing with kids nowadays. I remember distinctly two arguments I had in high school. One with my 10th grade English teacher when I said, well, I would just use autocorrect for that. I lost points for spelling something wrong. And she said, well, you're not always going to have autocorrect. No, I will. But why was she wrong? Yeah, right. I'd like to call that one back. And I'm sure I know a math teacher at some point said to me, well, you know, you're not always going to have a calculator in your pocket. And there's super immense value to it. And a billion percent, like for me, DrZeroTrust: They're doing the same thing with kids nowadays. I remember distinctly two arguments I had in high school. One with my 10th grade English teacher when I said, well, I would just use autocorrect for that. I lost points for spelling something wrong. And she said, well, you're not always going to have autocorrect. No, I will. Boy, was she wrong. Yeah, right. I'd like to call that one back. And I'm sure I know a math teacher at some point said to me, well, you know, you're not always going to have a calculator in your pocket. ⁓ And there's super immense value to it. And a billion percent, like for me, I use Claude, because I do research all day long and write and The trading stuff especially too. well the buy the breach stuff, whatever else, but like I wrote a little thing that goes out and every morning at 7 a.m. it's got a thing that says crawl this information, bring it in, I need at least three cited sources and blah blah blah. And I've got like 1,500 resources now that I can reference when I do my research. All free. Oh yeah, 1,000%. It's all useful, I think. CxO Security Forum Ch1: I use Claude, because I do research all day long and write and stuff. The trading stuff especially too. the buy the breach stuff, whatever else, but like I wrote a little thing that goes out and every morning at 7 a.m. It's got a thing that says crawl this information, bring it in, I need at least three cited sources and blah blah blah. And I've got like 1,500 ⁓ resources now that I can reference when I do my research. a thousand, ⁓ yeah, a thousand percent. It's all useful, I think, but it's. It's not, I didn't go off and go, I'm gonna AI my research. I was like, okay, I need Google Notebook, I need Claude to help me code, because Chase is a shitty coder, and then I gotta put it in play and start going forward from here, and then what am I gonna use it for? Whereas a lot of what's down around here is, let's just AI stuff. It's like that movie, I'm gonna science the shit out of this. DrZeroTrust: It's not, I didn't go off and go, I'm going to AI my research. I was like, okay, I need Google Notebook, I need Claude to help me code, because Chase is a shitty coder, and then I got to put it in play and start going forward from here, and then what am going to use it for? Whereas a lot of what's down around here is, let's just AI. stuff. It's like that movie, I'm going to science the shit out of this. CxO Security Forum Ch1: Yeah. DrZeroTrust: That's that's a great I'm gonna AI the shit out of that. That's that's that you heard it here first. Yeah, I'm gonna how are you possibly? You know what like because that could be a see-saw answer a board ass. Well, you know, what are we gonna do? We talked about we talked about there could be like an AI Armageddon like an AI cyber cyber Armageddon everything comes together and there's been under the super Skynet breach I don't know some crazy thing and your only answer would have to be that I'm just gonna AI the shit out of this. Well, I mean, but that also makes me concerned about CxO Security Forum Ch1: That's that's a great I'm gonna AI the shit out of that. That's so that's that you heard it here first. Yeah, I'm gonna how are you possibly? You know what like because that could be a see-saw answer a board ass Well, you know, what are we gonna do? We talked though. Well, we talked about there could be like an AI Armageddon like an AI cyber cyber Armageddon everything comes together and there's been under the super Skynet breach I don't know some crazy thing and your only answer would have to be that I'm just gonna AI the shit out of Well, I mean but that also makes me concerned about DrZeroTrust: Are ⁓ we really trying to just offload liability and responsibility to this so that when things do go wrong you can go, well the bot missed it. CxO Security Forum Ch1: Are we really trying to just offload liability and responsibility to this so that when things do go wrong you can go, well the bot missed it. DrZeroTrust: And that would be a valid answer to a question. Like, well, why did this breach occur? Oh man, the bot didn't catch it. We paid all this money for that thing. I didn't put the correct controls in place because it's my responsibility and I put the fundamentals in and did those things right. I bought this AI thing that said it was going to be, you know, never have a breach. But then that bridges into the cyber insurance guys don't want to have to pay for it, right? There was the big healthcare breach we talked about earlier in the month. They didn't call it an act of war. No. CxO Security Forum Ch1: And that would be a valid answer to a question. Like, well, why did this breach occur? Oh man, the bot didn't catch it. We paid all this money for that thing. I didn't put the correct controls in place because it's my responsibility and I put the fundamentals in and did those things right. I bought this AI thing that said it was going to be, you know, never have a breach. But then that bridges into the cyber insurance guys don't want to have to pay for it, right? There was the big healthcare breach we talked about earlier in the month. They didn't call it an act of war. No. DrZeroTrust: because then the insurance company would say, not us. Well, cyber insurance is evil fuckers anyway. let's end on a positive note. What's something we have to look forward to? I think the positives note is there's a lot of really good innovation going on here. There's a lot of valuable capabilities. There's a lot of opportunity for all these strategies we've been talking about to actually be implemented. Like the days of people bitching about not having the resources and humans and whatever else, that's over. CxO Security Forum Ch1: because then the insurance company would say, not us. Well, cyber insurance is evil fuckers anyway. let's end on a positive note. What's something ⁓ we have to look forward to? I think the positives note is there's a lot of really good innovation going on here. There's a lot of valuable capabilities. There's a lot of opportunity for all these strategies we've been talking about to actually be implemented. Like the days of people bitching about not having the resources and humans or whatever else, that's over. DrZeroTrust: there's lots of potential good to come out of this. ⁓ I just, from the techs inside of me, my cockles go up a little bit just because everything's just so much. That's fair. I'm going to say my positive take is that the people part of the business is really starting to catch up. And what I mean by that is I think we're finally shaking free from the cybersecurity skills shortage. CxO Security Forum Ch1: there's lots of potential good to come out of this. I just, from the Texan side of me, my cockles go up a little bit just because everything's just so much. That's fair. I'm going to say my positive take is that the people part of the business is really starting to catch up. And what I mean by that is I think we're finally shaking free from the cybersecurity skills shortage. DrZeroTrust: And understanding that it's really an opportunity shortage. You know, had a friend that said, that's like saying there's a shortage of people who want to be general managers at a hotel. No, there's not a shortage. They're just you don't want to give that kid at the front desk a shot at general manager job. Right. So we're giving shots more. I've seen the people that are coming up are there's the balance of the the hoodies and the suits. I think that balance has started to really gel. It's leveling out. Yeah. And it's not all. CxO Security Forum Ch1: And understanding that it's really an opportunity shortage. You know, had a friend that said, that's like saying there's a shortage of people who want to be general managers at a hotel. No, there's not a shortage. They're just you don't want to give that kid at the front desk a shot at general manager job. Right. So we're giving shots more. I've seen the people that are coming up are there's the balance of the the hoodies and the suits. I think that that balance has started to really gel. It's leveling out. Yeah. And it's not all. DrZeroTrust: way or the other. CxO Security Forum Ch1: way or the other. DrZeroTrust: Cautiously optimistic. Yeah that all of that the people side of this is moving in the right direction Yeah, I mean as always it's great to run into your LinkedIn crew out here. I mean it yeah, we live or real LinkedIn live Yeah, like LinkedIn living or whatever. IRL LinkedIn IRL. Yeah, TRL with IRL or whatever. Yeah, we'll that guy the MTV guy could narrate it or whatever He makes me feel old just seeing him now. I'm like wow I used to watch that guy and like the saved by the bell guys CxO Security Forum Ch1: Cautiously optimistic. Yeah that all of that the people side of this is moving in the right direction Yeah, I mean as always it's great to run into your LinkedIn crew out here I mean it yeah, or live or real LinkedIn live. Yeah, like LinkedIn living or whatever. IRL. Yeah, yeah TRL with IRL or whatever. Yeah, we'll that guy the MTV guy could narrate it or whatever He makes me feel old just seeing him now. I'm like wow I used to watch that guy and it's like the saved by the bell guys DrZeroTrust: Yeah, right, they're like 700 now. Anyway, all right, well thanks for jumping on the Dr. Zero Trust Show. We're at RSA 2026. Thank you very much and stay smart, stay safe, stay secure. Catch you on the next one. CxO Security Forum Ch1: Yeah, right, they're like 700 now. Anyway, all right, well thanks for jumping on the Dr. Zero Trust Show. We're at RSA 2026. Thank you very much and stay smart, stay safe, stay secure. Catch you on the next one. Perfect on timing. DrZeroTrust: Perfect on timing.