Podcasts
Afternoon Cyber Tea with Ann Johnson
Ep 99
Afternoon Cyber Tea with Ann Johnson 6.11.24
Ep 99 | 6.11.24

The Role of Data and AI in Modern Cybersecurity

Show Notes
Transcript

Ann Johnson: Welcome to "Afternoon Cyber Tea", where we explore the intersection of innovation and cybersecurity. I'm your host, Ann Johnson. From the front lines of digital defense, to groundbreaking advancements shaping our digital future, we will bring you the latest insights, expert interviews, and captivating stories to stay one step ahead. [ Music ] Today I am joined by Shawn Bice and Rohan Kumar. Shawn is the Corporate Vice President of the Cloud Ecosystem Security Organization at Microsoft. He leads the team responsible for Microsoft's core cloud security platform, AI power threat and data intelligence, as well as security research and development. Rohan is Corporate Vice President of Security Platform, Data Security, Compliance, Governance, and Privacy at Microsoft. He is the engineering leader responsible for the product strategy, technical vision, long-range plan, and strategy, design, development, implementation, and engineering processes for these domains. Welcome to "Afternoon Cyber Tea", Shawn and Rohan.

Shawn Bice: Thanks, Ann. It's great to be here.

Rohan Kumar: Thank you.

Ann Johnson: So today we're going to talk about a topic that I think everyone needs to learn more about, the intersection of cybersecurity and data, or, more importantly, big data. But before we get there, I would love for our listeners to get to know both of you just a little bit better. Can you tell us briefly your journey in the technology industry and a little about your role today? Shawn, let's start with you.

Shawn Bice: Thank you for that. So I often introduce myself as a database guy that's been in cybersecurity now for about two years. So I've spent -- I've been in the industry now almost 30 years. I've spent the majority of time building data platforms, interestingly enough, with Rohan. So that goes back to SQL Server, to Azure Data Services. I was able to spend some time at AWS where I led a number of database services there like Aurora, RDS, Dynamo, Neptune, and several others. And then came back to Microsoft a couple of years ago, really to take a run at this at the cybersecurity problem in a really big way. And the last thing that I would add is after looking at the size and scope of the data problem coupled with the opportunity with AI, I just -- it was just, like, perfect timing. But anyways, that's just a little bit about my background.

Ann Johnson: And Rohan, how about you? How did you make your way into the world of cyber, and do you think yourself as a cyber guy?

Rohan Kumar: I will say I think of myself, Ann, as a cyber student. Similar to what Shawn just said, I've been working in databases and data platforms. I've been at Microsoft my entire career, about 25 years now, starting with SQL Server and we grew into -- substantially into Azure Data, where we had several services that actually spanned databases, analytics, and governance of data. I've been in the cybersecurity team for about a year and a half now, I'd say 15, 16 months. And very much in the learning phase and to Shawn's point, there is obviously a really strong intersection between big data, like you mentioned, Ann, the needs of cybersecurity as we think, you know, look at from the front end of the future of where this thing is going, especially with the genesis around Gen AI and all the opportunities over there, for sure. So, pretty excited.

Ann Johnson: Well, I know, because I get to work with both of you day to day, that it's been great to have you in cyber, different perspectives. You challenge some of the existing paradigms and really bring a lot of deep technology background to solve our hardest problems. So thank you. Thanks for taking the risk and jumping on the cyber train. Well, let's get to the topic at hand. I'm going to start with a really basic question, because basic questions often drive a lot of thought-provoking responses. Data, why is it so important in cyber? Rohan, let's start with you to get the answer on this one, and then Shawn, we'll move to your perspective.

Rohan Kumar: Thank you, Ann. It is interesting, one of the basic things around analysis, what I've learned is, you know, if you look at the researchers and analysts who are working on detecting threats in cybersecurity, they analyze a lot of data, and they're basically putting together a lot of signals. And just like any analysis, it is really important to ensure that you have the right data, as in, like, you basically have the complete data set. You have that curated in the right way so you can analyze, you know, you have a logical data model that actually synthesizes all that data into a logical whole that can be analyzed in a proper manner. And the trends that we've seen, just like with everything else, is the amount of signal that's getting generated just with the transformation of digital assets that we've seen is pretty significant, right? So that's really why I think fundamentally data, just like with any other domain, security is no different. Any sort of analysis relies very much on ensuring that you have to complete data and you have it in the right model. And based on that, all the analysis happens. And so that's why I believe it's very fundamental. Anyway, you take that and progress that towards AI, it just makes it even more important.

Ann Johnson: Yeah, it'd be hard to disagree with that, right? The more data you have, the better outcomes you're going to drive because you can reason over very large data sets, like you said, with AI and actually get to security outcomes that have a higher efficacy than we've seen in the past, at least theoretically. And we're seeing that in early returns, I know. But Shawn, I would love to get your perspective on the same thing. Why is data so important to running an effective cybersecurity program?

Shawn Bice: Well, to me, when I really started to understand cybersecurity, that I very quickly realized, like, oh my gosh, this is a giant data problem. Problem is, how you organize data, store it, query it, et cetera, plays a lot into what Rohan was just describing. Like, is analytics hard or easy? Is your data in silos? Is your security data literally in multiple stores across the enterprise? Do you not necessarily know where your security data is, or sometimes you think of people -- I've -- customers I've met, they go to look at their security data and there's no attribution fields being kept. Like, no IP address. It turns out it was a -- maybe an operational log that somebody thought was a security log. So you think about it, when our threat hunters are hunting, it's all about the data and the challenges that they face. It's often data's in silos, there's data dead ends, like, how about this one? Hey, if something's happened, I was hunting and I went to go get a data set and you hope that the person actually had permissions to that data set. If they didn't, then they've got to go get permission. Meanwhile, the clock is ticking and nothing worse than, like, Oh, I couldn't get the data. I want to get it, but it's not there. And you're like, Why is the data not there? Why? Well, it's too expensive in the data industry. You're like, Oh my gosh, it's too expensive. There's so many solutions out there to store data cheaply. And I would kind of come back to where I started here is why is it so important? Because this is at the heart and soul of being able to detect patterns. Whether it be through human beings, hunters analyzing that data, or tools using it, now new AI models, et cetera. But it is at the essence and basis of I think everything we do, and so it is huge - part of the solution, and I think part of the problem. But thank you for the question.

Ann Johnson: So, Shawn, let's elaborate on that a little bit. In our Microsoft leadership meetings, we often talk about cybersecurity being a big data problem. And you and I have had many conversations about the cost of data and why organizations are not able to store data and determine what data they actually need to store. Can you just elaborate that -- about that a little, how you're thinking about the storage of data, how you're thinking about organizations can actually store it in a more cost-effective way so the data is available to them when they need it.

Shawn Bice: It's the same thing you and I talked about the first time we sat down on this topic. And every customer on this planet should be able to store all of their security data. Not most of it or some of it, all of it, and the economics should always pencil. Full stop. That has to be a true statement. Now, for that to be a true statement, you really have to have the proper data storage management solutions behind it. In other words, tiered storage. So sometimes for somebody who's not in the database business, so you could think of, like, cold storage where you put data and you're really paying pennies on the dollar per gigabyte you store. It could be tape or it could be in one of these really cold storage systems where the cost is super low, the latency is high, but the idea is you don't need the data instantly, but you would like to store it for, I don't know, 7 to 10 years and pay very little for it. And then you might think of warm or hot-tiered storage where the storage system is getting more expensive. Why? So there's lower latency. You're, like, probably doing an interactive query on it right now. And so at the end of the day, when Rohan and I are kind of thinking about how do we take advantage of some of the best data technology that is available, just building blocks and bring that forward into this industry, the easiest way to wrap your head around it is, look, like I said, every customer in this world should be able to store all of their security data. Not most of it, not some of it, all of it, and the economics should always pencil. For those economics to pencil, it would suggest you need to have some type of a solution that has tiered storage, where if you're not using that data, you are paying the lowest possible price for it. And when you need that data, the system can get it into the most performance stores and such that your tools can access and interact on that data. When you're done using it, it goes right back. So those are the kinds of things that you need, especially to Rohan's earlier point, it's just the volume of data is only getting bigger. If you look at the trillions and trillions of signals that we look at each and every day, like, where do you put all that? Like, you've got to be really mindful of that, not just Microsoft, but for every enterprise out there, just because it's that important.

Ann Johnson: I couldn't agree more. And as you both know, I have a data and storage background long before cyber, so it's a particularly passionate topic to me. So we say, and we really believe here at Microsoft, that security is a team sport. And that's certainly true when it comes to correlating datasets and graphs. We also talk about how attackers think in graphs. So Rohan, in what way does the security software ecosystem and graphs, how do they play in this entire data equation?

Rohan Kumar: Thanks for that question, Ann. I think it's a really good one. At the heart of it, if you look at the kind of analysis that's sort of done in cybersecurity by our researchers and analysts, let's say in a kind of SOC, they're essentially looking at all the digital assets in an enterprise, whether they could be virtual machines, containers, you can look at applications, data, users, devices. And all of these, what you think about as digital assets, and then activities that happen on those assets. Somebody logged into a virtual machine and they basically want to access a document which happened to be a confidential one that's based on the nature of the data that's in it. Now, for any sort of analysis, you have to have a very high-fidelity understanding of your entire digital estate and all the activity that happens on it. Now, you can imagine at any reasonably-sized organization or an enterprise of scale, this sort of leads to very large volumes of data. And to Shawn's point, one of the challenges that we saw is when we sort of entered, you know, the cybersecurity world is because of the costs of storage, this thing was becoming a huge issue. And a lot of the analysts that Shawn mentioned ran into data dead ends. So at the heart of it, we're essentially saying, Okay, you have to get all this information. Then based on that, you spoke about graphs. Now, think about relationships that you want to create. Like, an example of analysis a researcher might do is, they might do what-if analysis around posture, which says, Okay, if a particular domain controller, which is a high-value target, gets compromised, what's the fan out from there? Like, where else can the attacker reach? Now, when you think about that analysis, the graph as a data model actually lends itself really well to do that, because it's really about these nodes, which are your digital assets, and the edges, which are the relationships of the activities that could potentially happen that link one node to the other, right? So that's one of the reasons why we fundamentally believe you essentially have to get the assets and the activities, organize them in tiered storage, just from a cost-economic standpoint, as Shawn mentioned. And then based on the scenario, depending on whether you want to do attack path analysis, or you're trying to do investigations around privacy if a particular asset has been compromised, that sort of analysis is exactly what the graph data model lends itself to really well. So, you can think of this in terms of layers. You get all the raw signal that describes your digital assets and your activity, and then the relationships between them get created based on the activity signal that we see. And then a subset of that data essentially is loaded in memory into the graph model for doing these analysis. So, like, we do believe with a lot of confidence that the future of a lot of this will happen through the graph data model.

Ann Johnson: I think that's a really rational way to look at it. It's going to be a journey, I recognize, for a lot of our customers to start thinking about their security programs in that way and actually put the systems in place. But they do all have the data. It's just getting that data in the right engines. So, Shawn, let's wave a magic wand. And suddenly, for any business, all their cybersecurity and their cyber-adjacent data was connected, it was correlated. What is the promise of this? What new scenarios light up? And what can organizations do that they have not been able to do in the past?

Shawn Bice: I love this question. Like, Oh my gosh, does my mind start. Like, could you imagine -- here's one for you. So I was just with -- actually, Rohan and I were with a CISO a couple of days ago when we were traveling internationally in this conversation, and he was talking to us about what we're building, like, the new things that we're building going forward and whatnot. And we started under, you know, it was an NDA conversation. We're on the whiteboard. Rohan was drawing this picture. And one of the comments that this CISO made, and I'm going to share this with everybody, minus the name, but I'm going to share it because I've had this exact same comment come from, I would tell you, so many other CISOs of how they think of the world going ahead, like, the promise of what's new. What he basically said is, Look, these systems and cloud environments and all that is going on in my business is so complicated, there is no way human beings are going to be able to defend my enterprise with tools. Like, it's just not possible. Like, no human being, think about what Rohan just described. Like, I don't know, you're an enterprise with, I don't know 10,000 things in your digital estate or maybe ten million or a hundred million. And all those things in your estate are changing each and every day and through your network or, I don't know, it could be patches on machines. Whatever the case may be, your digital estate, I know it's not a one-size-fits-all but my gosh, they are complicated. And this whole -- I remember this one CISO, he's like, it just makes no sense with AI today that, like, in his mind, he's like, It's not about, like, SOC teams getting bigger and human beings have to do more. It's about, like, Hey, why, could you imagine having AI agents reasoning over your environment constantly? Like, why do red teams and blue teams have to be people with tools? Why couldn't that be autonomous AI agents? When you think about threat protection, why does that have to just be a rules-based thing? You know, like, you see this, do that, and when you do that, do this other thing. Like, if you think of how powerful, here's something interesting, Ann, that I learned the other day, it, like, blew my mind. Just to give you an idea of how smart these foundational models and AI are getting. So I heard on this talk that if you read -- if a human being read 24 hours a day, seven days a week your entire lifetime, you'd read 8 billion words. Now, I couldn't imagine doing that, but imagine that, 8 billion words. And then the power of these foundational AI models today, they're reading, like, a trillion words a month. Just imagine how smart these foundational models are getting. And then these agents can actually think and reason and make decisions and change their minds and -- because they learned something more. So now what these agents need is a combination of, like, Boy, wouldn't it be nice to really understand your entire digital estate and then have all of your security data available, coupled with the intellect of these foundational artificial intelligence models. Like, could you imagine how different the world of cyber could look, not, like, 10 years from now. In my mind, I really believe we are at an inflection point. Like, this gen AI thing, this is my opinion, I think this is going to make the internet seem like, oh, like, this gen AI thing has the potential to be one of the most transformational things. And frankly, one of my opinions is that it's, like, perfect timing for cybersecurity to have this kind of technology to help with, as I was saying earlier, the complexity of the environment that most people don't understand. Like, AI and data can come in here and play a huge role. And what I think that may mean for every customer out there, every cyber professional, is in some sense you may have one of the most incredible companions by your side, helping in a way that you never even thought possible. But at the same time, you've got to imagine bad guys are probably going to weaponize this stuff. And these attacks could be more sophisticated than ever. But I really think of this future that kind of centers on AI and data, where you really have AI agents that is defending enterprises and augmenting entire security organizations. Like I can't -- Oh, I can't wait for that day to come. It's like on our doorstep here already, but that's the direction we're heading.

Ann Johnson: And it is really exciting, right? And we talk about this a lot, the three of us have talked about this a lot, just the power of being able to reason over that data and drive faster outcomes for our security folks and help them prevent burnout. But there also is some risk, right, Shawn? In this more ideal world of connected and correlated data, when we get to relationship maps and graphs, there will be limitations, and there are aspects of this that maybe we need to be mindful of. Can you talk a little bit about how you think about those risks?

Shawn Bice: Yeah, I mean, this is scary. So, here's an interesting way to think about, all right, we're going through a generational change. Like some people say, like, society or the human race is at this inflection point, or technology's at an inflection point. Like, if you think of, like, historically, the Industrial Revolution, there's two of them, but think of the second Industrial Revolution, like in the, I guess, late 1800s, early 1900s. And imagine, like, all these huge factories getting built, and people are stamping out cars and trucks, and it's just incredible. Like, before that, you were riding horses to work, and bikes. Like, you're building boats. And then meanwhile, people are dying in factories or getting hurt or what have you. And then, like, in 1971, I think it is, the Occupational Health and Safety, OSHA, comes about 1971. So, the second Industrial Revolution, early late 1800s, early 1900s, and, like, 50 years later, safety enters the picture. Or you think about discovering oil, and, you know, imagine, like, the oil is discovered in 18th century, 19th century, early, and then in the 1980s, we're talking about, like, Environmental Protection Agency, trying to keep the air safe and clean. Like, in this world, you cannot, with this AI stuff, you cannot, like, 50 years from now go like, Hey, we should be thinking about how we make it safe. Kind of like the industrial revolution and then, like, I don't know, 50, 60 years later, the Occupational Health Safety shows up, or oil's discovered and whatever it is, 50, 60, 70 years later. We're talking about, Hey, the environment, we need to make it cleaner and safer. You can't do that here. This is so, so, so important. So when we hear about AI safety and AI ethics and data privacy around AI and the whole thing, like, it has to be dealt with, talked about. Like, everybody should be talking and pushing on this, not just a few people. But in my mind, the meta point I'm trying to make is in the past when there have been these huge revolutions, safety is something that is a thing that followed, like, 40, 50, 60 years later. The point I'm trying to make right now, this is so significant that safety needs to show up on the scene right now, at the same time, along with the ethics and mitigation biases, like, all of it. We've got to treat it like that. Otherwise, it could be catastrophic, like, really bad. So, you know, it's kind of one of those things. And this is why you hear quite a few people in the industry really pushing on it and doing a lot of research on it. But I just shared the story around the Industrial Revolution and discovering oil and how the safety showed up in 1971 and then, you know, in the '80s I think it was around. The point I'm trying to make is, like, when people think about it that way, they're like, Oh my gosh, yeah, what are you talking about? We should not be waiting 50 years for ethical AI and ethical data use and mitigation bias. Like, you should be -- that stuff really needs to be dealt with right now.

Ann Johnson: And we do talk about that a lot. We talk about we have the opportunity right now to get this right, and we should, right? We need to make sure -- and we have, as you know, at Microsoft, a long history of responsible AI, and we will continue that. And we will continue driving standards towards that and working with the industry. Well, let's pivot a minute. We've talked about technology a lot. Can we talk about people? In a world where more complete data is at the fingertips of our defenders, Rohan, what does this mean to the defenders? How does it change their job and empower them?

Rohan Kumar: I mean, it's a fantastic question, Ann. You sort of step back and take a look. One of the things that what we've observed, not just at Microsoft but in several of our large and medium-sized customers as well, is the analysts and the researchers, their core competency is basically doing the analysis, correlating signals. But if you really go and ask them, Hey, where do you really land on spending all your time? They'll tell you that about 85, 90% of the time, believe it or not, in some cases, is actually spent in getting access to the right data, right, if it exists, if it hasn't already been deleted for cost reasons. And just imagine for a second if that was a solved problem, where just like you walk up to a search engine, like Bing or Google, a threat analyst could walk up to an endpoint and basically start issuing the queries, or better yet, start prompting against that to get the results that they wanted based on the Gen AI models that Shawn spoke about. I mean, the innovation there is pretty staggering and the pace at which it's happening. So, we believe fundamentally, if you just take a look at the researcher's experience or an analyst's experience, that is going to get transformed. And the opportunity to do that is to really commoditize just gathering up all the signals, curating them in a way where the economics of the cost, like Shawn pointed out, works out. The organization of that data, the logical data model that gets created, all that is sort of happening behind the scenes in real time, right? That is really the promise of the world that we're moving towards. And if you're an analyst, most of your time, if not all of your time, is being spent in actually doing the job that you're sort of skilled for, right? And sort of making that easy, because you can imagine when you start looking at signals like hundreds and trillions of signals, correlating these, I mean, you need augmentation, you need the support of Gen AI, a model that can reason over very, very large volumes of data and get you those insights into what the correlations could be that augments what an analyst does. Now, taking that a step further to the point that Shawn is mentioning where Gen-AI doesn't just help with these agents, the good guys, but the threat actors are essentially looking at leveraging that. We see this every day just in terms of the volume of attacks that we are sort of seeing just across the world, that we track as Microsoft as an example. And it's pretty staggering in terms of how this amazing transformation technology in Gen AI is being used for that. Now, when you sort of look at it in this world, going back to that CISO example, it's very unlikely that you are able to protect it with any reasonable confidence just based on human intervention. It's just not going to be feasible. And this technology is so transformational in terms of, let's say if you're a researcher, imagine being able to sort of author an agent that 24-7, 365 is able to reason on the signals. It's actually able to think like you would, right? So it's not just automation in terms of a set of manual tasks that are put together, but based on a specific signal that happens, the model is able to reason about what's the next best course of action. For example, a person who sort of has a high insider's signal is trying to exfiltrate data which is considered confidential based on the nature of what's contained. Now, that's a very rich signal, and maybe an action to take based on that essentially is to increase the conditional access control that you put on this employee. Typically, that kind of reasoning is done by humans. What we are seeing is you can actually use a Gen AI model to do such correlations. Now, imagine what a fantastic copilot to have as an agent if you're a researcher that can do this for you. So it's not like as a human you're waking up. Somebody is basically able to reason the way you ask them to in real time, 24-7 based on these signals. So that's the world that we believe that we are moving towards. And, in fact, like, there is no choice, frankly. Like, a lot of these things which are being manually done today and going back to even the discussion around risks and privacy, it is going to become a big deal. I mean, if you look at the trends just across the world, every government is looking at making sure that they protect the privacy of their citizens. So you have this interesting conflict that's happening where the volume of data is increasing, the threats are increasing, the technology within AI is very transformational, and the laws around this governance are actually becoming stricter and stricter. So, you need a platform-based approach. You need something where privacy and risk essentially are built in, in ways that as a researcher, as an analyst, I never have to worry about it. The system just takes care of that, just like it takes care of gathering all the signals in a very cost-effective manner. And you sort of only reason in terms of agents, you reason in terms of what the next best course of action is if a particular thing happens, and use the Gen AI model to actually build that. So we believe it's a whole new world, and very excited about it.

Ann Johnson: I am too, Rohan. I'm very excited about it. And when I talk to customers, they're also very excited about it. They're very excited about the promise of being able to actually really reason over their data and get to the right outcomes much more quickly and much more effectively and drive security, enable their defenders to actually have a chance in this cyber fight that we have. So before we wrap, I want to pull that thread just a little bit, Rohan, and talk about customers, right? What do they need to be thinking about? How do they need to be thinking about their data? What questions do they need to be having or asking themselves, conversations within the organization? And what big challenges do you think they're going to face that they need to get ahead of right now?

Rohan Kumar: Yeah, I mean, that's a fantastic question. And as Shawn mentioned, we've had, like, several of these conversations with customers who are very worried, frankly, the CISO that Shawn was describing, who's just fundamentally actively looking at his enterprise and is very worried around, like, Hey, are humans ever going to be able to protect at the rate at which we are being attacked. So what I'd say is that it's very critical if you're the security leader of an enterprise to think in terms of a platform-based approach. And what I mean by that essentially is historically there have been a lot of point solutions, right? You have something to protect your endpoint, you have something to protect your network, and then all the signals are coming through the applications. And we believe the architecture is fundamentally getting reversed. And what I mean by that is the signals essentially have to get collected independent of whether it's coming from the endpoint of the device or the data or the virtual machines or the containers or the network, right? Because all the analysis has to be done end to end, right? It's never that the attacker may come to your endpoint and then may fan out to your cloud assets, may get access to your data. And so you have to think in terms of a very comprehensive approach, starting with how your data gets organized, right? And then it's a reality that there is no enterprise out there that's going to just bet on any single vendor, right? So having a platform-based approach that helps you normalize the signals that you're getting from various products and gets it into a logical data model on which your analysts can reason, agents can get written, you can have Gen AI work on top of that, that fundamental architectural shift is going to be very critical in the future, just given, like, how complicated the digital estates are getting, which essentially means the volume of data and signals, you know, that we've discussed on this call, leading to the tiered storage point that Shawn was mentioning. I think all these things have to be thought through because if the foundation is not right. If the way all this thing comes together is not right, then your analysts are going to be very challenged. Either they're going to run into data dead ends, or they're essentially going to spend all their time trying to figure out how to get these signals. They're going to run into cost challenges, which they've seen with traditional SIM products. And that is, you're going to be constantly battling that and not spending your time in defending the company, which is practically going to be very disastrous and just the way technology is advancing. So that's what I'd say, like, if you're a security leader, really think about the foundational architecture of how the data layer is getting organized because so much of the value that you're going to derive, so much of even leveraging technologies like Gen AI is going to be very critically dependent on that. So that architectural stack is going to be important.

Ann Johnson: Thank you, Rohan. That's really great completeness for a short period of time we have. Before we wrap, gentlemen, I always consider myself a cyber optimist. I believe that despite the rise in cyber crime, we tend to be one step ahead of the bad guys. And I'm optimistic about the future, I'm optimistic about the tools and our capabilities and our humans. So Shawn, why are you a cyber optimist?

Shawn Bice: Well, I have to tell you, I'm a cyber optimist because much like everyone else in this industry, we have a common mission. It's about making the world safer and more productive for all. And, I mean, if you look at the global stage today, this world needs the good guys working together. We're at sort of one of these very interesting times where we have the advent of new technologies in the hands of both good guys and bad guys. I think of myself as a cyber optimist because, like, look, I had served in the military before. Honestly, today, it's just us sitting here. I tell friends this sometimes. It's like, I feel like I'm serving again. I just don't wear a uniform or go to work in a Blackhawk. It's like -- like, defending and trying to help make the world safer is what we're all doing. That's the common mission we all have. But the other reason I'm a cyber optimist is because it's not business as usual. It's not like, Hey, here's a way to do it, just a little bit better. I actually think the way things can be done is transformational. Like, as you think about what Rohan was saying, like, you want to move away from silos, like, all these security tools that have their own tech stacks, and now you have data silos all over, and it's up to somebody else to do all the data engineering and bring that together. You've got to move away from that, and then you become an optimist because like you think of the available building blocks out there in the data space. Oh my gosh, there's like a lot of them and if you can use these things and then make them highly optimized for this domain, let it be around the logical models, let it be around formats that you store data in, let it be around the different ways you can query that data, how you can really at the end of the day really, truly allow a customer to literally save all their security data and the economics will always pencil to thinking about these AI agents that are literally thinking. Like, sometimes people make this mistake that when you talk about an AI agent, it's so fun when somebody starts to learn this. It's not about, like, script automation. That is not an AI. Like these -- I remember I was talking about like these foundational models reading trillion words a month, how smart they're getting. These agents can actually think and make their own decisions based on what they're learning. It's incredible what our researchers have built. I mean, it just would blow your mind. But, like, I'm telling you that you become an optimist in a sense because you go, Oh, my gosh, you're really going to architecturally be able to flip this whole thing from silos to a platform and a platform that's optimized for not only data, but it's also optimized for AI and it's highly optimized from top to bottom for security. And then you start to think these key ingredients now coming together, you're talking about being able to defend in a way that has never been possible before. And why is that important? I would sort of end it with this I think it's important because cyber is an infinite game. It's a game that never ends. There's, like, no end. There's no official start, there's no official end. Winning is outlasting. It's not a problem you just solve. Like, Oh hey, we solved it, just stop. Like, wait a minute, like, why does this thing keep happening? Because it's an infinite game, it's never going to end. So then you've got to have -- architecturally have systems that can go on forever, like literally can scale indefinitely, can query the most complicated sets of data in ways that have never been possible before, that have AI agents literally reasoning over your digital estate 24-7 like human beings would. That world is here. That future is here. That's why I'm an optimist. And in the end, when you really -- one other point Rohan made is the term "the good guys working together". The way we think about it, it's about enabling the ecosystem. This thing is so big and our responsibility is so strong to defend. You know, when we come into work every day, we're thinking, like, how can we create and enable an entire ecosystem? Not this mindset of, like, one winner take all. That, to me, I don't know that that's helping anybody, but like, boy, if you could create a platform in the right ways, the next thing you create a whole ecosystem of defenders making it easy for new apps to come and new agents to come. And then as far as the customer's concerned, the stuff just works. That's why I'm a cyber optimist. Like, I couldn't -- it's a very difficult time, but it's also a very consequential time and it's why you have to bring data people to this problem, AI people to this problem, with cyber experts. And then you put all the right people together with the tools we have, I am really confident we are going to absolutely be able to take advantage of this inflection point to do things that were just at the end of the day, think of it like this, defend in a way that was just never possible before. That's exciting.

Ann Johnson: Shawn, I love your energy. I love your enthusiasm and I love your optimism. Rohan, let's close it with some optimism from you.

Rohan Kumar: Oh, thanks, Ann. No, I actually -- I think, I love what Shawn said in terms of this isn't a finite game. It's not about winning, but it's really about managing and outlasting and the good people have to work together. And frankly, what I'd say is in the jobs that we do, I mean, there is no option but to be an optimist because not being one actually doesn't lead to a good ending for us. The thing that we've seen just as we've spoken to a lot of our customers and you've been a part of this, I've had these conversations, I think the excitement that we see when we speak about this vision and how all of us can work together. And just where people are forgetting, like, hey, look, the real tall order really over here is to protect the entire world. And this is not just about a business problem that we're trying to solve or dollars that we want to make, but, like, foundationally the investment that we want to do and the technology that we want to create is to enable all the good people to sort of work together. And it's about having a very rich partner ecosystem in the systems and the technologies that we create because you need that expertise, as Shawn was saying, from, like, everyone. You need creativity from, like, everyone, all aspects, everywhere in the world to come together because that's the only way this sort of works out and favors the good people in the end. You know, the technology frankly is going to help us with this because just the way you sort of spoken about and this whole frame around why data becomes important, the organization of that becomes important, and there are clearly more good people than threat actors in the world. And if you put all that energy and all that creativity into leveraging the Gen AI models to sort of create understanding of digital systems just across the world, across every enterprise where signals are being shared in ways that make us materially safer, it's such an inspiring problem to actually work on. So that's why I'm an optimist.

Ann Johnson: Well, Shawn, Rohan, thank you for making the time to join me today.

Shawn Bice: Thanks, Ann. It was a lot of fun. Appreciate it.

Rohan Kumar: Thank you.

Ann Johnson: And many thanks to our audience for listening. Join us next time on "Afternoon Cyber Tea". [ Music ] I chose Shawn Bice and Rohan Kumar to join me on "Afternoon Cyber Tea" because I think the topic of the intersection of big data and cybersecurity is so important. The future is incredibly promising when we think about our ability to reason over all of the data that already exists in our organizations and drive better cybersecurity outcomes. I very much enjoyed talking to them. I love their enthusiasm. I know you'll have a great time listening to this episode. [ Music ]

Afternoon Cyber Tea with Ann Johnson
Podcast Info
HOST(S):
Ann Johnson
Ann Johnson, CVP of Security, Compliance and Identity at Microsoft, oversees the long-term security investment and partnership strategies helping organizations become operationally resilient and unlock capabilities of Microsoft's intelligent cloud and next generation AI. From the way we tackle cyber threats to the language we use, Ann encourages the industry to get outside its comfort zones to expand how we address the evolving threat landscape.
Schedule: Tuesdays
Credits: Executive Producer is Bruce Bracken, Co-Executive Producer is Greg Ormsby, Producer is Rob Petrillo. Production Manager is Max Solomon, Scheduling and Administrative Support is Annalisa McBride, and our Audio Engineer (and magician) is none other than The Great Rich Cerbini.
Creator: Microsoft