AI and cyber practicum
Kim Jones: Welcome back to CISO Perspectives. I'm Kim Jones, and I'm thrilled that you're here for this season's journey. Throughout this season, we will be exploring some of the most pressing problems facing our industry today and discussing with experts how we can better address them. Today, we are looking at how rapid innovation around AI can introduce unplanned risks into an enterprise. Let's get into it. I was eating dinner with a friend at the RSA conference this year. After taking the time to catch up, we began to discuss artificial intelligence and its application in most businesses. My friend is an innovator by nature. As such, his focus tends to be to look at the benefits of a new technology first. He quickly rattled off a list of potential benefits of AI. One, improved productivity. AI can automate mundane tasks, allowing employees to focus more time and energy on more complex and creative tasks, thus improving the overall productivity of an organization. Two, improved customer experience. With the analytic capability of generative AI, it is possible to create highly personalized and responsive customer experiences without the need for humans at the other end of the exchange. This could potentially lead to higher customer satisfaction rates and ultimately increased sales. And three, data analysis and insights. Generative AI excels at data analytics. The timeframe for turning data into information and then intelligence can therefore be shortened. Further, the depth of these insights may be potentially deeper as AI engines recognize patterns and anomalies with more efficiency. Whereas my friend is an innovator, my nature is that of a protector. While I agreed with my friend's insights, I focused on the challenges with operationalizing AI within any environment. One, clean, normalized data. This is a must for any AI implementation yet is a struggle for many organizations who are leaping into the AI fray. Two, exceptional data governance. Lack of good data governance to include pristine knowledge of data pipelines can lead to inadvertent data poisoning or worse, inappropriate leakage of data. Most organizations continue to struggle with data governance, eschewing the detailed measures and approaches needed in an AI-driven environment to ensure safety for fear that such measures will impede progress. Three, recognizing bad results. In 2024, an article in Scientific American described the technical term for what AI does as "BS-ing." While respecting the author's premise, it is, I believe, a tad harsh. AI is performing predictive analysis based upon a series of inputs and is drawing conclusions. Unfortunately, just like human beings, AI is subject to error and misinterpretation. Four, accountability. In some respects, this is an extension of the data governance concern I raised above, but I believe it merits special attention. If your AI agent, specifically in an agentic AI situation, makes an error, hallucinates, who is accountable for that error? More importantly, how do we minimize the likelihood of such an error causing material issues within the enterprise? Five, infrastructure upgrades. Tying AI into systems and workflows not designed for it will lead to short-term and hopefully not catastrophic failures. And six, costs. IT infrastructures are accustomed to being told to do more with less. As such, more organizations will not add AI dollars into IT budgets and just expect CIOs to figure it out. This will mean trade-offs. While this is nothing new, the newness of AI means that many organizations will not know or understand the nature or depth of the trade-offs that need to be made until they are in the midst of their AI journey. When pressed on these concerns, my friend went into an all-too-familiar reiteration of the benefits. While he eventually acknowledged the potential concerns, he offered no insights as to how these risks could be mitigated. This discussion is not atypical of some of the discussions going on within enterprises today around AI and AI usage. While all agreeing, myself included, about the benefits of AI, most organizations are whitewashing risks and costs and leaping into implementing something, anything actually, just to say that they are AI enabled. I'm almost reminded of the "I need agile" phenomenon a decade ago. Is AI here? Yes. Should we embrace it? Definitely. But do so smartly and with eyes wide open. My two cents. [ Music ] Working with a visionary thought leader like Tony Goda is one part exasperation, one part mind-stretching, and three parts fun. Tony and I have had many discussions about how to take his truly insightful ideas and operationalize them in a way that doesn't break an organization or its culture. We sat down to have one of our typically spirited discussions around innovation as pertains to all things AI. A quick note that the opinions expressed by Tony in this segment are personal and should not be interpreted as representing the opinions of any organization that Tony has worked for, past or present. So, you know, you and I have known each other for three years now, but my audience may not be familiar with you. So tell my audience about Tony Goda.
Tony Goda: Oh my gosh. First of all, it feels like I've known you for 30.
Kim Jones: Yeah, it's like that [laughter].
Tony Goda: Yeah. I'm an engineer, been doing software development all my life. My dad had a computer consulting firm, brought me in at a pretty young age and told me, hey, I can touch every computer in this organization, but I can't play games on any of them. So what that meant is that I had to just, you know, figure out ways to entertain myself. And that meant, I guess, building things to entertain myself with. And I've been doing that pretty much ever since. At some point, you know, I ended up kind of working at -- I got into, you know, kind of cybersecurity. Because he actually had -- that computer consulting firm actually was a fraud prediction system for the cellular industry. So I was kind of indirectly involved with kind of building fraud prediction systems. And then kind of later in life, I found my way to MasterCard, where I kind of helped design the first generation of AI-powered actually credit and debit fraud detection systems. I did that for a few years. And at some point, I bought a MacBook Air, ran out of space, and decided, hey, I can, you know, solve this problem, the storage problem with software. So I ended up quitting my job, moving out to the Valley on a whim and being a startup CEO for a company that I founded on some technology that I built at the time. Built that for, you know, probably five years, left that company, started another company. I was the CEO of that for another five years. I spent a decade in the Valley, you know, just kind of being an engineer/kind of CEO, which allowed me to better understand, you know, the intersection between kind of business and technology, and actually how to do people management. Because remember, people are a lot less deterministic than software is.
Kim Jones: Well, whoa, whoa, whoa. Really? They are [laughter]. Well, shocked I am.
Tony Goda: The current generation of people, and we'll talk about that later, actually, because, you know, we didn't even get into the agentic people just yet.
Kim Jones: We'll get there.
Tony Goda: Right. But, you know, really learned how to, you know, kind of, you know, motivate people to kind of do the best work of their lives. And, you know, both those startups actually were cybersecurity adjacent or cryptography, kind of related. One was a storage company. The other was an insider threat detection company. So then took a bunch of time off to kind of catch up with family. Because I was basically, you know, traveling a lot, you know, had young kids at the time, and, you know, just wanted to spend some time with them. And then, you know, I got a random LinkedIn request from someone at Intuit who, you know, kind of reached out and said, hey, you've got a lot of, you know, kind of external startup experience. It looks like you're impatient kind of with your -- you know, in your expectations, and you also, you know, it seems like you're pretty innovative. You know, you haven't been, you know, maybe, I guess, indoctrinated by a larger organization just yet. So we'd love to bring you in so that you can kind of be that that architect for the next generation of cybersecurity technologies that we need to kind of build to solve for the problems at Intuit scale. So that's my current position. I'm the Vice President of Cybersecurity Architecture at Intuit. Been there for about almost three years now, really enjoying the job. I walk in every day and ask the question, hey, you know, is this the right thing that we're doing? And if it's not, let's change it. Let's figure out what the right thing is and kind of help drive that strategy across the company.
Kim Jones: Fantastic. So the nature of our relationship began, and I won't talk about Austin because that's a different story [laughter].
Tony Goda: We weren't talking about Austin.
Kim Jones: Yeah, we're not talking about Bruno, we're not talking about Austin. But the nature of our relationship has been, and that's really what I wanted to bring here, is when we met, you coming in as an architect and probably using the term slightly incorrectly, but yeah, I'm a simple guy, so you have a futurist outlook and look at, you know, what can be and how to project truly from a strategic vision as to what we ought to be thinking about. And, you know, I've been an operational CISO for 17 of my 38 years in cyber and was running the SOC for Intuit when we met. So a lot of our relationship is, yeah, great, wonderful, fantastic. That's going to break all this stuff. Now, how do you want me to get there without breaking stuff? [Laughter] And this led to more than a few very, very engaging conversations about, yeah, I want to go forward. I don't want to just invent, I want to innovate. And I had a dear friend, Frank Kim, tell me that the difference between innovation and invention is both are new, but innovation is actually useful. So I want to innovate out in the market, and I want to help support the innovation, but how do we get there in a way that doesn't blow up the culture, blow up our protection posture, etcetera? And you and I regularly have conversations about this and did for three years. And as I started thinking about, you know, the theme for this season and thinking about, you know, the dreaded AI -- and yes, we're going to use that, if you're playing AI, bingo, trust me, we're going to use it a lot here. But What should the cyber professional be thinking about in terms of where his or her business is probably looking at AI? But more importantly, how do I as a cyber professional utilize AI to create efficiencies, to create excellence, to optimize what I'm doing within the environment, and to better keep people safe? So Tony, what I'm going to do in front of 1,000 or so people is have the conversations you and I regularly have had for the past three years and talk about, tell me what your vision is, and then let's talk about how we get there in a way that makes sense, yet doesn't needlessly slow things down. So just talk to me. What -- you know, I am a CISO. What should I be thinking about as I look at AI in the future and utilizing it within my organization? The floor is yours.
Tony Goda: Yeah, I think the challenge is actually, I think the challenge is massive, but also, I think the opportunity is just as massive. I mean, we're basically at a crossroads, not only within cybersecurity, but across every industry, in which we traditionally have thought about things incrementally. So it's like, hey, you know, we've got this existing kind of process. We've got this existing kind of technology. We're going to upgrade it a bit. It's going to get a little bit faster. It's going to get a little bit more accurate. It's going to, you know, kind of help us be a little bit, you know, maybe 5, 10% more operationally efficient, you know, across an organization. And I think that there's a lot of organizations that are thinking about AI in a very similar capacity. And I think that actually is a mistake. What I think we should be doing is fundamentally rethinking the approach that we have for all of these types of problems that we're actually solving for. Because if you think about it today, the problems that -- the solutions that we have in place are basically we've got humans at the center that are being augmented with technology that kind of help them, you know, kind of get to some outcome within some organization. But if you were to fundamentally rethink the problem, to have AI at the center, to do a lot of the redundant, you know, kind of repetitive tasks, the things that we know are automatable, or the things that have some level of automation to them, and then put humans into a position in which they are in some cases, fact-checking what the AI is doing, or giving the ability to, you know, help govern an AI-centered system versus augmenting a human-based system with AI, I think that opens up the possibilities to much more autonomous, you know, kind of systems which could solve for the types of problems that I think we're going to face in the future, which are much faster than human speed.
Kim Jones: So I've got to push a little bit, and I know that's shocking to you [laughter]. But I've got to push a little bit. You know, you said a couple of things. Well, the smaller portion regarding creating efficiencies through automation is something that every good business leader, that includes every good cyber business leader, because every CISO who runs the business of security within their organization is always attempting to do. But reflecting back, you're talking about flipping the model and making it automation-centric or specifically AI-centric within the environment. The challenge that I have with that -- and first, not that I disagree with you, because I think there are plenty of opportunities there. But the challenge that I end up having there right now is, that's great until you run into that nasty A word, "accountability." And right now, you know, CISOs are being held liable. You know, the CISO SolarWinds is still under indictment right now, having spent millions of dollars due to something, you know, in a human-based system. Now you're going to tell me to turn this over to agentic AI, basically, for lack of a better term, you know, in the environment. And if it goes sideways, you're still going to, you know, attempt to throw my large butt in jail. So how do we balance that? You know, agreeing that we could do more, how do I balance that as a CISO in terms of, okay, you want me to divest a level of positive control within the environment over to the automation to drive certain decisions, not analysis, but decisions. Yet, what does that do for our liability engine within the environment? Because you know as well as I do, your boss, currently, and their boss, currently, aren't going to let you off the hook for that. So how do we create an ecosystem that allows a CISO to do that in this highly litigious society where two CISOs have been placed on trial, and one has been found guilty?
Tony Goda: Yeah, I don't think the accountability shifts at all. I think that -- so what we're talking about is a future that is inevitable. I mean, AI will power a lot of the systems that today are being powered.
Kim Jones: Okay, so I'm going to cut you off and I'm going to push back on you on that. Telling me it's inevitable is not something I disagree with.
Tony Goda: Okay.
Kim Jones: But telling me how to do it is -- and again, this is the -- you know, we had this over at a steakhouse at RSA.
Tony Goda: I was going to recount that story, I literally was.
Kim Jones: Yeah, and I agree with you. I'm not talking about the inevitability. Let's assume that we're heading there. The issue is the how. Which is the same conversation we had. You know, I am sitting here pointing out that we have to create a how that enables the person who is that responsible charge to take that step. That requires an organizational structure change potentially. It requires issues regarding liability and accountability. It requires potentially decisioning regarding how AI impacts that within the environment. So my push for you, and again, this is nothing new, you and I do this all the time, is telling me it's inevitable is telling me the sky is blue. You know, I'm not a Luddite. And I agree with you because I want to innovate. What steps do I need to get there that are going to allow me to protect the company as well as myself? That's what I'm asking. So, Kim, listen, I totally get it. And I think one of the issues is that people think that AI is some magical kind of genie that's 100% right all the time. And they're putting it in positions where, you know, if it's wrong, then it can be catastrophic to the organization. Now, you know, I'm a huge fan of, you know, kind of Waymo and the technologies that they've got and kind of how they've taken this extremely difficult problem of navigating, you know, a city street with a life inside of it, you know, safely across, you know, across even some of the most busiest streets in America. Now, what I'm never going to do is take a Waymo up some cliffside California highway. Like, that's not a thing I'm going to do until this thing becomes way more stable. But at the end of the day, there have been checks and balances that have been put in place to make make sure this thing actually does, you know, react in such a way that is not catastrophic to a human life. Should we be prepared to change organizationally to enable that? Those are the questions that I want to push you towards.
Tony Goda: Yeah, so if you think about, you know, kind of what happens today, you know, you've got a security operations center, you've got some person sitting in front, you know, of a PC or some terminal, they get an alert, they respond to that alert. You know, I mean, in all, you know, frankness, a lot of these things today are either outsourced to other organizations, or we're doing a lot of the tier one things with automation. So if you think about it, setting a goal within your organization where you want to automate a lot of your tier one operations, so that determining kind of what those are, but letting your discrete teams decide what tier one actually means, and then empowering them to be able to go out and make the technological decisions to put these things in place, but also giving them, you know, the room to experiment and to actually fail in some cases. Because at the end of the day, what you want is for them to have the psychological safety to actually go out to find the tools, to train the users, to expect, you know, the first responders to actually, you know, to take the systems that are -- or to take the cases that are being generated by the automated system and to just double check what it's doing. So it doesn't necessarily have to be this person's making a decision about a particular, you know, incident that's happening, it's double checking what the system recommends as a course of action. And that in itself allows you to automate. I mean, which I think is an actual standard operating procedure in a lot of more advanced, you know, kind of cybersecurity organizations today. [ Music ]
Kim Jones: You know, as we think about this automated SOC, so, you know, reflecting back, it requires culturally an environment, you know, a culture that allows for, lack of a better term, for failure.
Tony Goda: And experimentation. That's exactly right.
Kim Jones: Yeah. So to experiment, we have -- and I'll use that term, a culture that allows for "experimentation" is a culture that allows for the possibility of failure. Because if you experiment, not everything is going to work. 100 -- 1000% agree. You and I have had this conversation on more than one occasion. I absolutely agree with you.
Tony Goda: And that's actually extremely important. Because otherwise, you -- because us as literally risk owners, the first thing we're going to say is, I don't want to trust this thing. Like my job is on the line.
Kim Jones: Yeah. And by the way, I own no risk, the business owns the risk. I just -- CISOs, yeah. And you know how I feel about that one. But, you know, so as we sit here and create that culture, I guess the question that I would ask is, culturally -- and we're going to get -- we're not going to get metaphysical, but we're going to get beyond just the SOC issue here, Tony. Culturally, security has become, there has become an expectation of security of lack of failure within most environments. You know, I have said in other venues that if the expectation for perfection in security in the IT space existed in the physical space, we would expect a murder and kidnapping and theft rate to go down to absolutely zero across the country, which is unrealistic. Yet our business customers -- our CEOs, our COOs, our CTOs, etcetera -- expect that nothing is going to go wrong within an environment and want us to drive to zero, and anything less than zero is considered problematic. How do we, you know, change that mentality if we need to create a culture of experimentation? I would say that I am not familiar with a lot of Fortune 500 organizations that do more than talk a game regarding experimentation within the operational arena.
Tony Goda: I think that -- I think what we're talking about is a reframing of the risks that we're already accepting. Because if you give three different SOC analysts the same alert at different times of day, it will get classified three different ways. We talk about humans as if they are infallible, but in their current environment, they're extremely fallible. Humans themselves are some of the most indeterminate, non-deterministic things that exist on the planet.
Kim Jones: Absolutely, absolutely true. But I can hold the human accountable. And based upon conversations we've had, I can't necessarily do that with agentic AI.
Tony Goda: No, but.
Kim Jones: At least not yet.
Tony Goda: So I think if the question is if we expect to hold the AI accountable, I think that's not -- I think that's not the argument that I'm making. What I'm saying is that we should put a system in place.
Kim Jones: So you want me to accept a level of error. I mean, and you and I were just talking about this earlier from an operational standpoint. There was a recent report regarding an AI coding tool that wiped a production database, fabricated 4,000 users, and then actually lied in terms to cover its tracks within the environment [laughter]. I would argue that the code review may exist, but the code review, even if done by an agentic system, it is not perfect. Humans are not perfect, you know, machines are not perfect. So the challenge here gets to be, there's a point where we create systems of accountability as a method of check and balance. So as I roll to more agentic AI systems here within the environment and turn more of these processes over, it's not that humans themselves aren't infallible, because they are absolutely fallible, but they can also be held accountable. So you want me to turn over more systems to make more decisions where I can't create that level of accountability.
Tony Goda: No, I think -- so it's not -- so yeah, we hold humans accountable by performance reviews, by looking at, you know, kind of how they, you know, how well they work with each other. But with agentic systems, what it should be are checks and balances that could be either humans checking and making sure that the agentic system is making the right decision or other agentic systems that are put in place to validate the decisions that are being made.
Kim Jones: Okay, so you're talking.
Tony Goda: It's about risk mitigation.
Kim Jones: Not mitigation, management, management. Which will hopefully create some level of reduction. So using the NIST's AI Risk Management Framework, you would want to create systems that create human-in-the-middle type interactions. Which makes sense.
Tony Goda: We're more observers, right? So it's not necessarily -- and what we're not looking for is something that is infallible. But we're looking for something that gives us a lift in efficiency, something that allows us to have much faster response times. Because remember, the adversaries are using AI to traverse through our systems to find vulnerabilities at faster than human speeds. So if the expectation is that we get an alert, we take a look at it, in the meantime between detection is now, you know, 30 minutes or whatever it may be, let's say it's five -- let's say we even get it down to five. Imagine the amount of damage that an agentics, you know, system or an AI-powered adversary can do in five minutes to an organization. That could be catastrophic.
Kim Jones: And take that same argument regarding an agentic system that is responding inappropriately within an organization. Imagine the amount of damage they can do. So you're absolutely right. But, you know, what I'm -- and I guess the question here that I'm having is, yeah, putting a human in the middle is great, but if an agentic system is reviewing 15,000 different actions within the space of 10 minutes and taking 15,000 different actions within that timeframe, I can't keep up in terms of that review other than sampling. So we're still in the environment where I'm depending upon folks to make those decisions with a high level of autonomy. Which again -- and again, Tony, just for the sake of our audience, you know, I want to reiterate where I started. You or I are in violent agreement that this is going to occur, and, you know, this is happening. But what I'm trying to get to is, you know, we're still in an environment where I'm looking down and staring down the barrel of that gun, and I don't have a solution other than to continue to do what I'm doing at a pace I can't keep up within the environment and still accept the liability associated with that. And then I'm told as a security professional, I shouldn't be resisting this because it's coming, yet you don't have an answer for me.
Tony Goda: It's not even coming. It's already here.
Kim Jones: But again, you don't have an answer for me. You don't have an answer for me if I actually, at the pace you tell me is coming, tell a system to make automated decisions and it deletes tons of code within the environment.
Tony Goda: Yeah, I think not having the right checks and balances within any system, even a human-powered system, is probably a very risky decision to make.
Kim Jones: Agreed. And you're sidestepping, because you still haven't told me what the right checks and balances are at speed. How do I do this at speed?
Tony Goda: It's agentic, it is a standby agentic system that is double-checking the decisions that are being made. So think about it as a consensus-based system, where it has the ability to determine if this agentic system that is given a limited set of functionality -- so it shouldn't be, hey, you can do whatever you want. Which is what we typically give people the ability to do is to make whatever decision they want and to affect lots of systems. We can set guardrails for an agentic system to say, hey, you can kind of do these three things, and then we'll put a secondary system in place to validate that this is the appropriate action to take. And if it doesn't fit within a certain requirement or it doesn't fit within a certain set of parameters, there is an exception flow in which a human in the loop can actually decide if this is the right thing to do. But none of these should be destructive. You should not give it the ability to delete databases or to commit code to your repository that is unreviewed, that's not reviewed.
Kim Jones: The challenge that I have here as I go to operationalize these within the environment is not just checks and balances, but how do we put appropriate checks and balances on the system that's moving faster? You did answer that in terms of a sort of check and balance AI system within the environment, as well as limiting the access to what these agentic systems can do at least initially until you can build up the knowledge, you can build up the trust, you experiment within that environment and say, oh, that went wrong, let me actually open this up within the environment. That makes sense to me. I am still struggling.
Tony Goda: You want to know, hey, how do I, as an organization, like how do I actually operationalize this? How do I tell a team to actually like achieve this goal?
Kim Jones: Less that from the technical standpoint. But the things that you're talking about, which you did bring up -- yes, I was actually trying to poke at you to get Tony to come out. [ Laughter ] It's always more fun when you're here, brother. You know, I don't want to gloss over the piece that is necessary for this, as you have laid out. And that is not just a mindset shift but a cultural shift within the environment. It is a mindset shift that says we have to experiment within the environment and that we have to be able to experiment without failure being a significant career-impacting event, you know, within the organization. So I guess where I'm trying to get to is, you know, as someone who has been, you know, in cyber for not a short time, probably not as long as I am because I'm an old guy [laughter], how do we empower our constituents -- meaning, you know, the businesses we support -- to allow us to create that mentality? Because, got to tell you, you know, it's not there as deeply as it ought to be for this level of transformative approach. So that's -- what are your thoughts there?
Tony Goda: For me, it is -- so I think about all of this in the same way that a startup would. Because if you think about it, you know, from the traditional, you know, kind of sense, which is again, incremental improvement, I think you're going to get 5/10%, you know, kind of efficiencies. I think what you do is that you set an expectation that is well beyond what is possible with our current systems. You say, hey, within six months, between, you know, six/eight months, maybe 12 months, let's say -- let's give it the old enterprise 500, let's say in an FY, right? Let's say an FY-26, we're going to achieve a level of autonomy in tier X responses, period. You don't talk about the tactical, you don't define what tier one is, what tier X is. You allow the team to make that decision. But you give them the resources that they need to actually execute against that. So set the goal. Don't necessarily set the tactics for how to achieve it. But then empower them to make the types of decisions that need to be made. Maybe that's bringing in an external, you know, a system that we haven't had in the past. Maybe that's bringing in, you know -- which could be a startup. It could be a well-established, you know, kind of providers, kind of SOC or SIM tool. But whatever the case may be, empower that organization to actually make that decision and give them the budget and the psychological safety to achieve what I like to call a "moonshot." Give -- encourage them to deliver on this. And if let's say they don't hit the moon, let's say they, you know, get halfway there, that is a tremendous increase in the capacity of the organization and something that you can absolutely talk out to your executive team. Like at the end of the day, there has to be -- you have to set the tone that a transformative, you know, kind of result is what is expected, which means they're going to rethink how they're doing everything.
Kim Jones: Yeah, so it takes -- from reflecting back appropriately, it takes both a mindset and a willingness on the part of the business to take that moonshot to achieve that level of transformative success.
Tony Goda: And characterize it in that way. And that will galvanize the team. So it's not just, hey, let's do this thing that's a little bit better. Hey, if you -- literally go to the team, say, hey, if you had, you know, a budget and you wanted to achieve some massive transformational change within your organization, what would that look like? And what support would you need from me to allow that change to happen?
Kim Jones: So let me ask that one question then. Let me give you a final word. You know, let's -- answer that question for me, okay? You're a CISO. The business wants AI. The business wants you to adopt AI. The business doesn't know necessarily what adopting AI means for you, etcetera, within the environment. If there's one thing, one thing, that I could do today as a CISO who's starting that journey, what would it be?
Tony Goda: Trust your team, empower them. It's literally all about -- you've got experts that have -- that know exactly where the areas of improvement exist within the organization. And if given the opportunity, they will absolutely blow your mind away. Just set the expectation that, blow my mind, like tell me where we can get, you know, not 10% improvements, but 10X improvements, 100X improvements. And you'd be surprised at the answers that you get. [ Music ]
Kim Jones: And that's a wrap for today's episode. Thanks so much for tuning in and for your support as N2K Pro subscribers. Your continued support enables us to keep making shows like this one, and we couldn't do it without you. If you enjoyed today's conversation and are interested in learning more, please visit the CISO Perspectives page to read our accompanying blog post, which provides you with additional resources and analysis on today's topic. There's a link in the Show Notes. This episode was edited by Ethan Cook, with content strategy provided by Myon Plout, produced by Liz Stokes, executive produced by Jennifer Eiben, and mixing, sound design, and original music by Elliott Peltzman. I'm Kim Jones. See you next episode. [ Music ]
