Podcasts
Afternoon Cyber Tea with Ann Johnson
Ep 100
Afternoon Cyber Tea with Ann Johnson 6.27.24
Ep 100 | 6.27.24

Reflecting on 100 Episodes of Afternoon Cyber Tea

Show Notes
Transcript

Ann Johnson: Welcome to Afternoon Cyber Tea, where we explore the intersection of innovation and cybersecurity. I'm your host, Ann Johnson. From the front lines of digital defense to groundbreaking advancements shaping our digital future, we will bring you the latest insights, expert interviews, and captivating stories to stay one step ahead. [ Music ] Welcome, friends, to a very special episode of Afternoon Cyber Tea. I am your host, Ann Johnson, and today marks a significant milestone for us. In addition to closing out our seventh season, we are celebrating our 100th episode. So as we brew our last seasonal cup together, I want to just take a moment to reflect on the journey we have embarked on over the last five years. From our very first episode, Afternoon Cyber Tea has been a labor of love, steeped in the world of cybersecurity. We have delved into the depths of digital offense, sipped on the latest trends, and shared stories that have shaped our understanding of this ever-evolving domain. Our conversations have been rich with insights, and like a fine tea, they've left a lasting impression. In today's episode, we will revisit some of the most memorable moments and the wisdom imparted by our esteemed guests. We will also explore the key themes that have emerged over the years: trust, resilience, and the delicate balance of security and our digital lives. So as we pour this last cup, let us savor the aroma of cyber insights one final time and celebrate the community that we have built together. Here is to the 100th episode of Afternoon Cyber Tea. [ Music ]

Charlie Bell: Security is -- I call it the mother of all problems, because almost everything we do in technology can become a weapon in the hands of someone. And so you think about all the advances that humanity has had, you know, since fire, and everything that we create in the computer world, in the technology world, can be turned around and used as a weapon.

Marc Goodman: We've had consumer medical devices, implantable medical devices -- everything from diabetic pumps to cochlear implants to heart monitors and the like, automatic defibrillators -- all hacked.

Dr. Andrea Matwyshyn: What I mean by the term "Internet of Bodies" is the policy and legal implications of the use of the human body as a technology platform. And I divide this concept of the Internet of Bodies into three generations of technology. The first generation involves body external devices: the Fitbits, the Apple Watches, the augmented reality goggles, or the glasses that film where we go. The second generation are the types of devices that you just mentioned, the pacemakers that have certain components of the system that rely, at this point, on software updates and on complicated and important security measures that are built by design into the product. And then the third generation is the idea of body-melded devices, meaning devices that are built directly into the brain and have live read-and-write capability with the cloud.

Marc Goodman: For the first time in our collective history, the human body itself is subject to cyber attacks and that's only going to accelerate. So I know that's a bit of a futuristic perspective, but what I would say is for all of the companies that are out there, they need to understand not just the threats of today and putting out the fires, but have a clear understanding of where we're going.

Charlie Bell: You can't really make the kind of progress we all want to make unless we first solve this problem. The nice thing about AI is it's all discipline. It doesn't care about a particular discipline. It thinks about across all of it and thinks about it with lightning speed. It knows it can say, "Oh, I need to go look at the access logs for X," and pull a query and grab it and use that information to provide context for the next action that it's going to take. And it does all that at machine speed. And so if there ever is going to be anything that totally changes that asymmetry, it is AI. Because the fact that you can harness everything you have and do it with machine speed now, that makes it very difficult for attackers. Remember, they do have a data disadvantage. They only get to see the surface and they only get to see the area that they've been able to get to. But remember, we see the whole thing. We just haven't been able to harness it all. And that's what AI is going to let us do.

Dr. Fiona Hill: You know, we're equally worried about the deep fake videos being made by a campaign operative of a political party here in the United States as we are by it being somebody sitting in, say, an agency close to the Kremlin in Moscow or more likely in St. Petersburg where a lot of these activities have been outsourced to. And I, you know, saw St. Petersburg, Russia and St. Petersburg, Florida, maybe both kind of areas where we may see some disinformation emanating out from. And this is the challenge for us because we have to then figure out how we disaggregate what's happening on the domestic side of things and what's happening on the international front and how our adversaries are also taking advantage of our domestic, political, and social environments.

Runa Sandvik: The really challenging part with sort of disinformation is that we don't necessarily -- like, we talk about it being a thing. And you have platforms -- like, Facebook is doing a lot of research around what that looks like, and disrupting different groups on their platform and pushing out a lot of really, really good research. But when disinformation then reaches the public, and it is spread by, say, a media organization, there's not a whole lot of acknowledgment later on that that has happened. And so I think that for that part of the communications chain, we do need a bit more transparency and openness around the fact that it is happening. It has happened. It will continue to happen. So what are we going to do about it? How are we going to talk about it? And how are we going to actually learn from the past?

Ram Shankar Siva Kumar: In 2019 when I was just, like, putting together the AI Red Team, I was, like, shopping around this idea to people. And, Ann, I distinctly remember our conversation. I felt like I never had to go in salesman mode with you. You were like, "Ram, you have to do this because this is important." So even before the wave of, you know, now AI safety and AI security is in vogue. You know, everybody from the White House and all the companies kind of like are on board. But for me, the penny dropped where -- Ann, I think you mentioned this, security cannot be like built on top of AI systems. It needs to be bolted in. And that is, like, super important. And that I think is a fantastic opportunity for defenders who really have seen waves of technology come and go.

MK Palmore: We have to broaden our optic as an industry and look for folks who have the potential to flourish in our industry. And then we have to be willing to train them and give them the opportunity and time to develop their skills on the job. And I think that, in and of itself, will help to increase the number of folks that we get pointed towards that field. And of course, I believe there is also a diversity and inclusion component to that in terms of widening that optic. We need to spend a little bit more time as an industry reaching out to diverse communities and saying to them that if you have an interest in this and you're teachable and that you go through these specific processes that are available via nonprofits -- I know Microsoft does some work in this realm, as does Google and lots of other tech industries like providing the kind of skills and training. There's a way to get more folks pointed in this direction and interested. But as an industry, we have to be more welcoming to folks who don't fit the typical mold of a cybersecurity professional.

Marene Allison: So, Ann, when we started out, there was no such thing as cyber. There wasn't even computer science. It was electrical engineering. Electrical engineering was a brand-new degree. I've always loved technology. So at West Point, I leaned that. But even before I got into West Point, I had a woman who was a sponsor, Margaret Heckler, the congresswoman from Massachusetts, who decided to give me her principal nomination to West Point versus the Air Force Academy where I had applied. And I think that was a strong lesson on looking at what your sponsors are suggesting. Don't fight it. You know, sometimes you don't understand it. And I've had a number along the way that have helped to guide my career. The other thing is that there's a lot of lemons, and instead of trying to -- it's sour and it's awful and whatever, every lemon I'm handed, I'm turning it into something sweet with lemonade and spreading it out and making it better. That's what we need to do in our industry.

Mike Hanley: I am encouraged that I feel, like, in the last few years, while there have been some big landmark incidents that everybody can point to and that were in the news, I also feel like there's been meaningful progress and it feels like most of the time we're rowing the boat together in the right direction. It's not always perfect, but I generally feel like everybody is clear that security is a priority. Everybody is clear that security is something that we need to invest in.

Theresa Payton: The CISA organization has worked so hard in providing actually free services to the states, briefings, security briefings, including classified ones to make sure everybody's aware of what's going on, how to protect and defend. Microsoft was one of the early leaders in offering free tools and different types of kits to kind of help the states improve their technology. And I mean, I just applaud Microsoft because you basically looked at something that could have been a revenue generator and said, "You know what? Democracy and protecting and securing elections, this is a great or good moment for all of us." [ Music ]

Ann Johnson: As the final notes of our 100th episode linger in the air, I am filled with gratitude. Thank you to each and every one of you for being an integral part of Afternoon Cyber Tea. Your engagement, your curiosity, and your passion for cybersecurity have been the driving force behind every episode. Together, we have navigated the complexities of cyber threats, toasted to the triumphs of security breakthroughs, and learned from various leaders who have graced us with their presence. We have built not just a podcast, but we have built a community, a circle of trusted knowledge that extends far beyond the digital airwaves. As we conclude this chapter, I leave you with one final thought. The essence of cybersecurity is much like brewing the perfect cup of tea. It requires patience, precision, and a touch of intuition. May you carry these lessons forward, infusing them into your daily practices and conversations. So for one final time, thank you for sharing this Afternoon Cyber Tea with me. Keep your data secure, your minds open, and your hearts warm. Cheers! [ Multiple Speakers ] [ Music ]

Afternoon Cyber Tea with Ann Johnson
Podcast Info
HOST(S):
Ann Johnson
Ann Johnson, CVP of Security, Compliance and Identity at Microsoft, oversees the long-term security investment and partnership strategies helping organizations become operationally resilient and unlock capabilities of Microsoft's intelligent cloud and next generation AI. From the way we tackle cyber threats to the language we use, Ann encourages the industry to get outside its comfort zones to expand how we address the evolving threat landscape.
Schedule: Tuesdays
Credits: Executive Producer is Bruce Bracken, Co-Executive Producer is Greg Ormsby, Producer is Rob Petrillo. Production Manager is Max Solomon, Scheduling and Administrative Support is Annalisa McBride, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft