Podcasts
Afternoon Cyber Tea with Ann Johnson
Ep 104
Afternoon Cyber Tea with Ann Johnson 4.8.25
Ep 104 | 4.8.25

Cybercrime and Storytelling with Jack Rhysider

Show Notes
Transcript

Ann Johnson: Welcome to "Afternoon Cyber Tea" where we explore the intersection of innovation and cybersecurity. I'm your host, Ann Johnson. From the front lines of digital defense to groundbreaking advancements shaping our digital future, we will bring you the latest insights, expert interviews and captivating stories to stay one step ahead. Today, I'm excited to welcome Jack Rhysider, the creator and host of fellow cybersecurity podcast, the "Darknet Diaries." Jack is a veteran of the security world and, for the past seven years, his podcast has dived into the darker parts of cybercrime that are happening right now. Jack's episodes capture the culture around topics like hacking and internet privacy, balancing education with entertainment. And, most important, they are really always fun to listen to. Welcome to "Afternoon Cyber Tea," Jack.

Jack Rhysider: Thanks for having me.

Ann Johnson: So, you're like this amazingly successful podcast host and storyteller I can only aim to be. I looked at some of your download data and it's extraordinary. I'd like to go way back to the beginning, though, at the start of your career. Can you just share briefly how you started in cybersecurity and what keeps you here?

Jack Rhysider: My first love was with computers when I first got on AOL and connected to the internet and got into chat rooms. I was really just glued to it. I could not stop talking with people. And, so, I knew I was going to go into computers then. And I got a degree in computer engineering, which was just a little bit about everything. But then I couldn't find a job. And then I thought, "Okay, maybe if I get a certification, I'll get some job somewhere." So, I got CCNA, Cisco Networking Certification. And, from there, a network security position opened up. So, I got a job in the NOC with CCNA. In that NOC, a security engineer position opened up. And I didn't know anything about security, but I was like, "Oh, you had me at engineer. I'll take that." And, so, I joined the security team. And this is where I realized this is exactly where I want to be because, with security, it teaches you - or you have to know a little bit about everything. You have to know about binary and hex and you have to know about operating systems and code. And you have to know just like a ton of stuff, like the wide spectrum. And because I had gotten that degree where I learned a little bit about everything, I had that wide spectrum. And now we're going to focus on, okay, that's abnormal, that's not what's supposed to happen. All these sort of things, when maybe the - you know, the front side of IT is like, "Let's just try to make it work." And now what we're looking at, "Well, this is not working the way it's supposed to." I love that experience of just like that wide body of knowledge all coming together to be a point of, "Here's security." And that's where I fell in love with security. And I was a network security engineer for 10 years.

Ann Johnson: That's amazing. And I know a lot of people started their careers in cybersecurity from the network side. So, it's really cool to hear you had that background because you've really had this success in this brand now about "Darknet Diaries," which is an awesome podcast, by the way. And, as I mentioned, it's wildly successful, 90 million downloads since the first episode published in September of 2017, which really wasn't that long ago. And I know you started on your own, you had no background in podcasting. What drove you to tell these stories and what drove you to a podcast for the medium to tell the stories?

Jack Rhysider: I wanted the show to exist. I was really into podcasts. I think "Serial" got me hooked on podcasts. And, so, I was listening to "This American Life" and "99% Invisible" and "Radiolab." And, also, I was listening to cybersecurity podcasts, like this one, where it's interviewing other people in the space and you hear from other experts. Or other ones like news that just is the news for the day. And I said, "Hold on, wait. Why isn't there a show where somebody takes a cybersecurity story from maybe five years ago, now we have all the answers to it, we found the person who did it, we arrested them, we have all the details that we didn't before when it was breaking news. And we could do that in a really beautiful storytelling way because it's like soup to nuts now." And nobody really understood because I pitched it a few who - a few podcasters and they were like, "I don't really understand what you're talking about. Why would anybody want old news? We only do new news here." And, so, I said, "Well, I guess this might be something I have to make myself. If I want to hear it and it's not out there, I've got to make it myself." But I wanted to scratch my own itch on that one and picked up some books on how to do storytelling and audio journalism and all this sort of thing because that was all new to me. And took what I love and tried to take all the best pieces from all the shows I loved and put it into something new.

Ann Johnson: So, I'm hearing from you, you have this amazing desire to learn. Right? You learned how to be a security person through being a network engineer. You went to work in a network operation center and learned that. You learned how to be a storyteller and really self-taught. So, it's amazing. Right? I love people who kind of lean into their careers this way and they don't necessarily have a degree in something, but they're like, "You know what? I'm just going to go learn something and drive my passion." Is that how you approach most things? Do you think about, "Hey, this is something that's super interesting to me so I'm just going to go learn about it"?

Jack Rhysider: Yeah. And there's an intensity there that you might not see as well, which is, "Okay, I have a podcast. Now what?" Well, now I've got to market it, now I've got to - now I've got to build this audience and all that sort of thing. So, that comes - there's a whole nother skill set that comes there. And, so, when it came to marketing, I was just relentless about it. I was posting hundreds of times a day and I was going to all the conferences and I was handing out thousands of stickers at every conference and I was meeting as many people as I could and I was joining in every single conversation as I could online, on Reddit or Twitter or anywhere that had a social space to be part of the community and to let people know, "Hey, I'm here and I have a show and here's what I'm doing and here's what I'm working on." And I know a lot of other podcasters who are wondering how do they market their show. And there's this kind of thing of like - there is a meme of - from "The Simpsons," which is like, "We've done nothing and we're all out of ideas." And, so, I'm like, "Why haven't you done these 5,000 things that I've done?" And, so, I realized that my level of intensity is very different than I think of the average person who's trying to learn something. It's not just like, "Okay, after I watch a movie and play some video games and dork around with whatever it is I'm doing, then maybe I'll spend 30 minutes on this." No, it's like I'm obsessed with learning how to do storytelling, I'm learning how to do marketing, I'm learning how to do all these things and I'm even meeting my heroes. Right? So, if I'm seeing that one of the people who I'm trying to do a show like is giving a talk somewhere or is giving a presentation, then I will try to go there to like meet them to ask them even more detailed questions and try to get more. Like it's - there's a level of intensity that I throw at learning that I don't see other people doing.

Ann Johnson: I think "intensity" is the right word. Right? I mean, I have the luxury of having my podcast marketed by Microsoft. Right?

Jack Rhysider: Yeah.

Ann Johnson: I had - I also wanted to have a podcast. I drove my podcast, you know, created my podcast, had a vision for this podcast. But I did it with the safety of this massive company behind me. Right? So, for you, you took - not only you took a risk, you drove the whole bloody thing. So, I guess the challenge is for other folks out there who want to have podcasts is to kind of get out of your own way, be creative and learn from folks who have had successful podcasts, like you. Or, if you're in a big corporation, like me, my biggest challenge was selling it internally. Right? That the idea that I needed to do this. So, it's really fascinating how you came about it and how successful -

Jack Rhysider: Yeah.

Ann Johnson: - it is. I just look at how successful it is and you're on your own and it's amazing to me. So, congratulations.

Jack Rhysider: It is maybe one of those, what is it, like overnight success, but took 10 years to make. Right? So, the 30 other things that I've tried in my life before that, I tried making websites and launching applications and all these things, they all failed. But it was me with that level of intensity, like go, go, go, work on this all night until 3:00 a.m. and barely get any sleep and then go to work. And then, after six months, I decide, "This is just too hard, I can't do it" and I give up and I go on to the next project. Right? So, it was all these things of trying and failing and trying and failing. And, along the way, that's when I'm learning marketing, that's when I'm gaining skills of like, well, how do other growth hackers work and entrepreneurs get through these problems and all these kind of things. And, each time that I started and stopped, it was a new level that I was starting and stopping at. I was starting at a higher level and stopping at a higher level. Right? And, so, this was probably the 10th thing that I took seriously to try to do just as my own personal project. And this is what stuck. So, of all the things that I tried to do, this one is maybe one of the hardest because, with a podcast, you don't just like you're done and that's it, you can walk away and let it ride. It's like every week, every day you've got to go and make another one. It's ridiculous how much work it is to just keep it going. And I almost wish I just had like a basic SaaS app that just generates money every month without me having to do anything. This is quite a lot of fun, the ride that this has taken me on.

Ann Johnson: Yeah, I do tell people, by the way, my - I'll give you my side advice there is if you want to start a podcast understand it is a lot of work. Even under the umbrella of a big company, it's a lot of work. You know, and you doing it on your own, and I want to go back to that number, 90 million downloads in less than eight years is extraordinary. And your humility that you're showing is probably a lot of the reason why you're that successful. Right? You're not that in your face, "I'm the best ever." You're like, "I work really hard at this and I'm going to keep driving it."

Jack Rhysider: I mean, I take a lot of inspiration from people who have been successful before me. And I'm like, "I think there's two ways to look at that." You could be jealous of their success and be like, "Oh, gosh, I could never get to their height and I can't believe they're better than me" or whatever. Or you can just take inspiration and be like, "That's so great that they got to do that - they could do that. I want to do that, too. And how - teach me how you got there. And I want to join you - I want to follow in your footsteps." Right? So, that's kind of how I look at people who are more successful than me is it's very inspiring and I want to get there as well.

Ann Johnson: Yeah. And, you know, we're way off course, but the glorious thing about being the co-producer of my podcast is I can go any direction I want within reason.

Jack Rhysider: Yeah.

Ann Johnson: So, I guess we should get back on course, though, as my other - before my other co-producer texts me and tells me how far off I am. Anyway, so you worked in a NOC, as you mentioned early in your career. You know that cyber pros, we are storytellers. Right? We're looking at evidence across multiple systems, multiple data points and we're trying to actually compile the story of what happened, right, the forensics and trying to put that in a coherent report; a lot of times, in a coherent report, for people who aren't cyber pros or who aren't technical pros. So, how do you go about your storytelling? How do you make the stories relatable? How do you decide which stories you're going to tell? How do you think about which stories are going to land really well and meet the theme and the objectives of the podcast?

Jack Rhysider: Yeah. So, as I was learning this, I was reading books and such, "Out on the Wire" was one of the first books I read. And this is how the great audio storytellers have done their task, which is, again, "This American Life," "Radiolab," "99% Invisible." And, so, they taught me some tricks. And a lot of tricks that I think are interesting are we start the story in a specific direction knowing that we're not going to end in that direction. We're going to end somewhere else. And, so, we have this strong, you know, right turn or this left turn or something. And there are - there are - these turns that are in the story are the critical parts. And, so, there's a lot of people that just tell me a story of like, "Oh, yeah, one day I hacked into a company and I stole assets that they wanted me to steal." And I'm like, "Okay, great, where's the twist and turn? Like did you go to the wrong company first? Did you hack the wrong thing first? Did you fail the first 20 times and you've had like a secondary objective, a third objective, something like that?" That way, you know, I can pull those out in a story. It usually exists somewhere. I'm like, "Okay, you were initially trying to get that. You were trying to get this." And, so, that's - as a storyteller, I'm sending us in one direction first and now we're expected - we're hoping to accomplish that goal. But then it all goes wrong and we have to abandon that goal and go in a - in a new direction. And that's what I love, that's what I'm looking for in stories, stuff that has all these twists and turns that you never expected us to have to switch into that or go there. And that's what makes a good story for me. Making it relatable is I think - somebody told me once a long time ago that if you can explain complex topics easily or simply, there's money in that. And I didn't know what they meant. You know, I was like trying to blog, like, "Okay, I'll try to explain this topic as simple as I can." But like nobody's paying me to blog so it wasn't quite working. But I was getting pulled into some of those tougher calls, right, where there's bigger leadership involved and stuff and somebody needed to explain this as simple as we can so that we sound good. And, so, I'd get pulled in and I could explain things. And they were like, "Yeah, that's great. We're going to pull you into more of the tougher calls." So, I was being used as an asset even more and more with the better I could explain things. And combined I think with blogging and understanding these technical things and explaining them to people in a way that gets us all motivated to do the same thing is sort of the background of what I used to start the podcast. Right? I was able to explain these complex topics simply. And some of the stuff I would do is I would just like take a walk and say, "All right, where is the analogy here that I can use?" Just one I was using today as I was writing is about fuzzing. I was like, "Okay, fuzzing is where you're trying to send a whole bunch of inputs to a program or something to make it do things it's not supposed to." But I was like, "Wait, didn't I do this when I was five when I was trying to like get a gumball machine to work improperly?" Right? I'm putting in plastic paper clips, whatever, and trying to get the machine to give me a gumball. I was basically fuzzing the gumball machine, right, throwing in everything. I was trying to twist the knob backwards. I was trying to shake it. I was doing everything I could. I found these analogies to be very helpful for maybe just the everyday person or a person who doesn't understand these sort of topics yet. The other thing I like to do is not linger on it too long and just kind of summarize it as best I can, but as well as I can, and then move on so it doesn't bore the people who know that topic really well. It still is like, "Okay, yeah, that does - that is true" or something and we go on. But it also helps those people who don't know that topic at all learn a little bit more, just enough for us to know the context and we can move on. So, those are kind of my tips.

Ann Johnson: Yeah, and I think that's great. And, by the way, that leads me to, and I'm going to ask these questions together because they're super interrelated, has a story ever challenged your perspective on the right and wrong in cybersecurity and, in the storytelling you do, which is truly, you know, the same kind of topic, how do you avoid glorifying the bad guys and their behaviors whilst also telling a really compelling story?

Jack Rhysider: I think challenging my view is always interesting. I like to pick stories that do challenge my view because if I'm interviewing a hacker and he's like, "Yeah, I hacked the police," and I'm like, "Oh, that's kind of a jerk thing to do," I mean, what - so, I want to back up and I want to say, "Okay, my first reaction is I don't like this. My second reaction is probably similar to that. So, what's my third reaction? Okay, my third reaction is, I probably don't know enough about your backstory. Tell me, what have the police done to you as you were growing up? Or how - what is your relationship with this? Tell me about your teenage years." And, so, then you start to get into this empathy situation where you're understanding their situation and you're like, "Oh, I see, I might've done the same thing as them if I was in this position." And now you're practically cheering them on like, "Yeah, I feel for you, man. Go, get 'em, let's see what you got. What happens next?" Right? And, so, I have to kind of back up and put that context into place to give me their worldview because that's really what I'm after is trying to understand why it is they're doing the things they're doing. That gives me a bigger perspective of how things work and all that sort of thing.

Ann Johnson: So, how do you avoid really giving glory to the bad guys and the things they're doing while still telling this like amazing story?

Jack Rhysider: Yeah, so a lot of times people reach out and they're like, "I've got a cool story for you, man. I got this - I hacked this person." I'm like, "Great, I love it." But, and this is true, like so many times this happens where somebody reaches out, tells me this and my first response is, "Can I see your police report" because often these people have been arrested and they go to prison and they come out and then they're willing to tell. And those are great stories. And that happens probably a dozen times on my show. But if they're like, "No, I've never been caught for doing this," well, now I know exactly what situation we're in here. We have a criminal who's actively doing things and they maybe want to just boast about how good they are and how they've never been caught and that sort of thing. And, so, I kind of shy away from those situations. Only maybe one or two episodes I've ever done like that where the person's never been caught, but they want to tell me what they've done. And I gravitate more towards this person has actually gone to prison for doing this sort of thing. Right? So, I think, ethically, I feel responsible to say, "Listen, if you do crime, you're - there's a high chance that you're going to get arrested for it." And that I think makes it less glorifying and more like, "Okay, yeah, I was cheering for this guy, but he got in so much trouble and I don't know why I was cheering for him at all and - to begin with." And, so, it really - it helps you stretch out your own ethics as well of trying to figure out what's going on for myself. Like, where would I - where do I even stand on this? Because I really like that aspect as well of really pulling you from two different directions where you want the good side to win and you want the bad side to win and you're so torn listening to it. And that that's some of my favorite storytelling techniques.

Ann Johnson: That actually makes sense. Right? You have to make those ethical decisions every time someone approaches you. And it probably puts you in a really hard position if someone wants to confess to crimes that they've never been caught for or convicted of. I can't even imagine.

Jack Rhysider: Yeah. Especially when they're underage, right, and I'm like, "Can I at least talk to your parents?" And they're like, -

Ann Johnson: Yeah.

Jack Rhysider: - "No, my parents don't know."

Ann Johnson: Then maybe we shouldn't have you on the show, but thanks for the call.

Jack Rhysider: Yeah.

Ann Johnson: Appreciate the outreach. Look, many of the topics you cover, and you think about phishing or crypto abuse or privacy, they've been around for a while. You know, I always say we're not going to solve cybersecurity, it's kind of baked into the infrastructure. We're certainly going to do everything we can to reduce it, right, but it's kind of like saying there's never going to be another burglary again. So, what do you think about the threats out there? And, just to give a little practical advice if you feel comfortable with that, what do you think defenders should be doing right now? If there's one or two things you say, "Hey, protect your orgs, here's a couple things I'd suggest based on the conversations I've had."

Jack Rhysider: When Copilot came out for GitHub and it was like, "Here's some tools to help you code better," I'm like, "I hope the very first thing this tool is doing is helping me secure better because it should be auditing my code and it should not let me push insecure stuff to GitHub." And it wasn't quite trying to do that as its first thing. And, so, I really think, with all this AI explosion, the attackers are definitely using it to look for vulnerabilities and we should be absolutely using it to defend ourselves. It's just too asymmetrical if we aren't. And, so, each one of these tools I think start with helping it with defend before you help it build because I think that's going to be way help - more helpful. And I see a lot of rhetoric going on right now where there's vibe coding going on, which is basically you just give a prompt to a coder - an AI coding tool and say, "Hey, make me a game that has palm trees and airplanes" or something, and, "Here you go, buddy." And The thing is is that people are running into these huge problems with this because suddenly their app that they just put out in the world is extremely vulnerable. And, so, AI isn't doing the work it needs to do unit testing or look for vulnerabilities or buffer overflows or any of the problems that are coming out of this AI-built - this code that we're releasing apps with and stuff. And, so, I really think we need to build some tools that helps AI get more secure because it's just not doing it. And at least something to audit your code or review it before you publish. And I really think unit testing is where it's going to be. If you can start with the AI, like build some unit tests first. Before you do anything, start with your unit tests and then listen to my prompts. And I think that's going to go a long way and I'm not seeing it right now.

Ann Johnson: I think that's great advice, too, by the way, because everyone, you know, obviously including us, we want to get AI out there to make people more productive, we believe it'll improve security efficacy. But you're pointing out a gap. Right? Which is that, "Hey, don't just rush ahead on this. Make sure you're actually being practical and doing some testing and you know the impact of the AI and you're not just, you know, 'Hey, this is a great thing, I'm going to roll it out' without any contemplation to any downside of it." Which people will do. It's a cool new tool. Right?

Jack Rhysider: Yeah. In fact, the first time I saw ChatGPT just show up on my Twitter feed is when somebody's like, "Look, I used this program, ChatGPT, to look for a vulnerability and a smart contract on a blockchain and look at all this stuff it found." And I was like, "What is that tool?" And, so, yeah, I was blown away at how like the - the first time it showed up in my life was from an attacker's point of view.

Ann Johnson: That's really interesting. We could dive into that. Given more time, maybe I can get you back on the show, and we can just talk AI.

Jack Rhysider: Sure.

Ann Johnson: I'm serious. Yeah, at some point in time. Can we talk about human beings? Human beings are not necessarily even your weakest part of cybersecurity, I would - I could reasonably argue that software vulnerabilities are. But, that being said, human beings are a big part of cybersecurity. They're both victims and they're also folks that perpetrate attacks. What do you think about with the average person? So, you know, if you can think about someone who's not a cyber pro, how should they be thinking about privacy and how - given everything going on in the world?

Jack Rhysider: Yeah, I need to do - I need to do more thoughts on this to get a clear answer. But I'll just kind of go off the top of my head. I think there's this like an asymmetry here of what we think our apps are doing and our computers are doing versus what they are doing. Like there's just a whole bunch of - a whole bunch of, you know, data collection, cookie collection, monitoring, app fingerprinting, all this kind of stuff that I don't think the average person knows. And I think the cards are almost stacked against them to be like, "You just don't - like we don't even want you to know that we're collecting this data." Right? And, so, we're doing extra work to keep you in the dark. And I think that asymmetry of just how much privacy you're losing versus knowing you're losing, like what you think is safe isn't safe and what you think is private isn't private and all this sort of thing is growing. And I think that's a problem. And then so that's one of the reasons why I become sort of a big privacy advocate to kind of expose this to try to reduce that gap because we have a lot of technologies coming out today that is giving us end-to-end encryption and is allowing us to opt for more private, focused options, like GrapheneOS is a better alternative than the stock Android OS because it does a lot of de-Googling of your phone as well of - and silos things and changes all kinds of configurations to keep you more private, but it's a little bit harder to use. And, so, why is it better? And we can - I like to explain why all these things are important, like why privacy is important and all that sort of thing. And, so, this is kind of like one of the things I've been going off in the last year or so. Kind of the arc in my head, though, is that after covering these stories so much and you just see breach after breach after breach, I started to - I guess some people would become hopeless, like, "Oh, my data's always going to be in a breach" or whatever. And maybe even turn to the dark side. Like, "You know what? Screw it, I'm going to start my own ransomware company." Like, after I cover these stories enough, there's got to be something that changes in me over time. Right? And I think what's changed in me over time is I've realized, "Wait, I do have the ability to not be impacted by these breaches." Like I - obviously, the breaches are going to continue to happen and my data is going to be in there whether I like it or not. But could I - could that - could I do something about that? And I think the answer is being more private. Right? So, I try to use fake names everywhere I go, fake email address or, you know, burner email addresses, burner phone numbers, burner credit cards, like everything that I can possibly do so that, "Okay, my data got breached. Well, that's fine. That's Sam Walters and some other phone number and address that's not even in my state. Fine, you can totally have that." That was totally siloed just for that company because I knew I shouldn't be trusting companies anymore with my data. Right? So, this is how kind of my stance on the whole thing has changed over time is just seeing these stories for so long and just like these companies are not protecting me. They're going to continue to do bad things to me. I better do - take my security into my own hands. And that's where I've landed on today.

Ann Johnson: I don't necessarily think that's a bad approach. I think your average non-cyber or non-tech person would struggle with it, but I don't think it's a bad approach, especially for professionals. Just getting my family - they almost fired me as a family member when I asked them to put their phones in lockdown mode when we were traveling because it was just so difficult for them to manage. Right? They were like, "This is miserable. How can we possibly manage that?" So, now I at least have them - I assume all of our identities have been stolen and now, for any financial account we have, if there is a single transaction, I don't care how much it is, we get a - we get an alert. Right? It's just the only - one of the only things - simple things I can think of for your average human. At least be aware that, you know, before somebody can exfiltrate millions of dollars or hundreds of dollars, you've lost a dollar. Right? It's about all I can think of for the average person. But I agree with you, I don't think that folks are privacy - there's been too many data breaches. You just kind of have to assume your data is out there on the - in the ecosystem somewhere. So, I love your approach of how you think about privacy and how you actually have firewalled yourself in a lot of -

Jack Rhysider: Yeah.

Ann Johnson: - ways.

Jack Rhysider: And I think - you know, my data is out there as well, but what I like to think of it as like sort of a past relationship where, yeah, that person knew everything about me then, they knew my passwords, they knew where I live, they knew everything about me because we lived together. But that was 10 years ago or whatever and we stopped talking. And, so, now they don't know anything about me now. They don't know where I live or what I'm up to. And, so, even though your data's out there, you can still cut it off and it still has - it gives you a bigger advantage to what your privacy is today because, if somebody knows every move you're going to do every day, that is totally different than they knew about a couple things about you 10 years ago because it was in a breach. So, I think that there's still some value in cutting it off and not giving up entirely.

Ann Johnson: All right, let's go back to your podcast for a minute. When you look back on this meteoric rise of "Darknet Diaries," what are you most proud of?

Jack Rhysider: You know, the thing that surprised me I think is I was thinking, "Okay, you know, maybe I can get some notoriety, make some money off this. I don't know. You know, we'll see what happens." But I think what surprised me is just the impact that the fans have reported back. Like they said, "Wow, this has changed my life. I was a carpenter and I listening to the show and suddenly I realized I do have a love for computers. And why did I ever let go of that? And, so, I went back and I got a cert and now I have a degree and I got my first job as a pen tester." And I'm like, "Oh, my gosh, all that from this show. Right? And, so, there's this love that I'm feeling from the fans, which is such an amazing thing. Like it gives me wings and it gives me fuel that I can just fly to the moon. And, so, I don't need, I don't know, the love or the - or the money to go because this is what's like driving me now. And I never thought that would be the driving force of the thing is just feeling so much love from the listeners. It's amazing.

Ann Johnson: Oh, that has to be really good reinforcement for you, especially with the intensity and how hard you work, at least knowing your - knowing people appreciate it. Well, on "Afternoon Cyber Tea," I always say I'm a cyber optimist. I know it sounds like a cliche, but I - you know, I've been doing this 25 years, I wouldn't get up every morning if I thought it all sucked. Right? So, with that in mind, as you consider your career, what are you optimistic about in the future of cyber?

Jack Rhysider: I would call myself a cyber optimist, too. That really rung true for me when you just said that. I think of this - all this technology and such is still unlocking our human potential. So, I think my like just overall goal is how do we - how do I reach my potential? Like, what am I capable of and how do I get as close as I can to all of what I'm capable of? And that's what I want to do. And then I want to also help other people get there as well if I can. Right? "Here, let me help you empower yourself." But this technology I think is unlocking more and more and more of what we can be capable of and it's giving us more abilities and more skills than we've ever had before and ever had access before and more knowledge. And I can't wait to see what is the maximum human potential that technology can give us. Right? And, so, I think just as a technology force, I'm very optimistic about that. And when it comes to security specifically, I think - we're back to AI here, is I think traditionally we've had the AI power in some very elite hands. Right? So, only specific people had access to some of these amazing AI tools. And now they're commercialized, now they're retail, now anyone can really access some of the top level, highest, most amazing AI tools out there. And, so, this really flips the script on who is empowered. It used to be maybe just military or, you know, high tech internal stuff, but now I have this. I can do whatever you can. Right? So, "Military, show me your better AI than me - than what I've got right here." And it's not that much different. Right? So, this is really amazing that now suddenly the playing field is even. And technology has brought this to us. And we can use these tools to do whatever fight it is we want to do, which is - could be used for cybersecurity and defending our networks or attacking networks or whatever. And it's really amazing to see that playing field just get leveled so quickly.

Ann Johnson: I'd love that. I do think that the future, we're going to have - you and I came up and you're - the hard way, right, kind of self-teaching and learning along the way and cyber wasn't a super mature industry. Now, with AI, I'm hoping we can onboard and train people faster, but also give them tooling that just makes them better immediately. If we really use it the right way, it has so much promise and so much potential. So, thank you. By the way, I know you're really busy, I know you have your own podcast, so I really want to thank you, Jack, for making the time to join me today.

Jack Rhysider: This was really fun. Thanks for having me on, Ann.

Ann Johnson: And many thanks to our audience for listening. Join us next time on "Afternoon Cyber Tea." Look, I invited Jack to join me because I'm a fan. His podcast is amazing, it's a fountain of knowledge and he always keeps it real. Right? Real people to the core, he is real, he's authentic and it was just a treat to talk to him. I expected it would be. It was a treat to talk to him. He's a great storyteller. So, I know you're going to enjoy this episode.

Afternoon Cyber Tea with Ann Johnson
Podcast Info
HOST(S):
Ann Johnson
Ann Johnson, Corporate Vice President Cybersecurity at Microsoft, talks with cybersecurity thought leaders and influential industry experts about the trends shaping the cyber landscape and what should be top-of-mind for the C-suite and other key decision makers. Ann and her guests explore the risk and promise of emerging technologies, as well as the impact on how humans work, communicate, consume information, and live in this era of digital transformation. Please note, the opinions expressed by guests on this podcast are their own and are not endorsed by, nor do they necessarily reflect opinions of, Microsoft or Ann Johnson.
Schedule: Tuesdays
Credits: Executive Producer is Charlynn Settlage, Producers are Rob Petrillo and Greg Ormsby. Production Manager is Max Solomon, Scheduling and Administrative Support is Katie Zwart, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft