Secure AF - A Cybersecurity Podcast
Think like a hacker. Defend like a pro.
Welcome to the Secure AF Cybersecurity Podcast — your tactical edge in the ever-evolving cyber battlefield. Hosted by industry veterans including Donovan Farrow and Jonathan Kimmitt, this podcast dives deep into real-world infosec challenges, red team tactics, blue team strategies, and the latest tools shaping the cybersecurity landscape.
Whether you're a seasoned pentester, a SOC analyst, or just breaking into the field, you'll find actionable insights, expert interviews, and unfiltered discussions with Alias team members and top-tier guests from across the cybersecurity spectrum.
Stay sharp. Stay informed. Stay Secure AF.
Secure AF - A Cybersecurity Podcast
A.I. as a Multiplier: Introducing Vector Pulse A.I.
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Got a question or comment? Message us here!
A.I. conversations are everywhere ... but how can businesses realistically use it today? In this episode of Secure AF, we introduce Vector Pulse A.I. and discuss how A.I. can help organizations automate workflows, improve operational efficiency, and support smarter decision-making.
We also dive into the growing excitement (and concerns) around A.I., common mistakes companies make when adopting it, and practical advice for leaders looking to explore A.I. responsibly.
Watch full episodes at youtube.com/@aliascybersecurity.
Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.
Do you do you see that as an issue that people need to be worried about? Do you think it's people are are going to lose their jobs, or do you think jobs are going to change? I mean, what's your thoughts on that?
SPEAKER_01Aaron Powell Yeah, the answer that everybody always gives is that there's going to be a transition where some jobs go away, but long-term that it'll be better. And that's true, but that's not helpful if you're someone who's going to like lose their job doing it. Yeah. I I think the better way to look at it is if there's anything that you can do in your job where you can leverage AI, you should do so.
SPEAKER_00You're listening to the Secure AF Podcast.
SPEAKER_02Welcome to the Secure AF Podcast. I'm Jonathan. This is Dan, and we've got a great episode today because we're going to be talking about AI. We're going to be talking about a new company for alias, um, all kinds of different things. And it's it's going to be fun. I think you're going to really enjoy it. Um, we are starting to see AI pop up everywhere. Uh, and security is uh hopefully on top of it and making sure that we're doing things the right way and implementing it the right way and doing the policies and procedures the way, which is what I'm worried about because I'm a CISO. But uh we also have the fact that AI is making things more efficient, um, generally better. And so Vector Pulse, which is our our our the new company, um that's kind of well, I guess the plan for it anyway is to help organizations really implement AI and and do it in a way that truly focuses on the needs. So that's why we're here. So, Dan, thanks for coming by. Please. And uh tell us about yourself and tell us what you do now.
SPEAKER_01Yeah, so I'm Dan Mackey. I am the chief AI officer for Petropulse. We do solutioning, AI solutioning for companies, integration. Now, there's a lot of it's very easy to put a PDF into Chat GPT and you can see that it works. But if you have to process 10,000 of them, you need a way that's repeatable and automatable and that fits your quality goals, things like that. Right.
SPEAKER_02All right. So I guess my very first question, because I deal with I've got a lot of organizations that were implementing AI, we're we're we're and we're going through the process of doing an AI audit. How are they using it right now? Doing the policies, the procedures, doing the compliance, doing all those things. So it's all more of the functional side, kind of the how do we do this the right way. But from your perspective, how should organizations be looking at AI in terms of making their jobs better or making the work product better?
SPEAKER_01Return on investment. That's the biggest thing I think people leave out. Like I've heard that list before where you go, we're doing our policies, our governments, our procedures, and then like if it does it make any money, it's like the last thing if it's even on there. But that's the the biggest issue. And it's hard to quantify because the the tasks that are best suited for it are things that are highly repetitive and cognitively light. So doing a lot of over and over again processing. And a lot of the big companies have already kind of offshored that. So you have to compete with very low prices initially. That's one of the things that we found really challenging is we would build systems that could process incoming faxes, and we could do it for like 15 cents a document, but a company was offshoring that to a different country for like four dollars an hour, so I'm just doing it by hand. So you have to really compete with these low prices and how you integrate that, the kind of curve going forward, all of that's worth thinking about.
SPEAKER_02Is it something that most businesses can utilize, some businesses can utilize, all of them? What what's your thought on that?
SPEAKER_01Most. So I think if you if you have any process that can be offshore, you can use AI instead for the most part. If you're like a realtor and you're not really outsourcing your businesses, or even then, a lot of realtors like go on Fiverr and and purchase photo editing services. Yeah, yeah. So there are some opportunities for it. But where it's really gonna hit, and the part that's hard to quantify, is that it's a it's a multiplier. So you can 10x any staff member you want. A lot of people focus on like the call center, but for many businesses, the call center is not um a big part of their business. Like if you just took like Nestle and took out their call centers, automated it entirely, the stock price wouldn't move. There's no money in it. Right. So what you really want to do is to 10x your CEO, your president, your vice president. I had I had one guy who was like the VP of marketing for this company or product development, but he would take something and hand he'd have a question, like uh, if we did this, what would happen? And he would he would hand it off to this team of people who would research and engineer and do all the work for it and bring it back to him like a week later. Now he goes on you know a chatbot and does it himself. So you the guy the process is so much faster and so much cheaper, and you know, his time is very expensive. So that's that's where you're looking.
SPEAKER_02Now, are you uh when you're talking about AI, there's lots of different kinds of AI as it relates to what people use. You know, they might be using something as simil as simple as their phone and Siri and Google Maps or whatever, and there's a little bit of AI built into some of that. And then you have things like the Chat GPTs or Gemini or or Grok or Claude spinning the news later. What are you when you talk about AI in the organization? Yeah, what are you talking about? What is when the when the audience is hearing this and they're hearing you talk about how to make that 10x, how to make that faster, easier, more efficient, what are you talking about?
SPEAKER_01What is it that's actually going to help them? What tool? Yeah, it totally depends on the business process. If you're trying to automate like a call center, that's a conversational infrastructure is very difficult. It's real time, it there's a lot going on there. If you're trying to just do image analysis, like I used to work at a hospital and we would do whenever you have an MRI or a CT, it's always sent to what's called a reading room. Sometimes it's not even in the same building or even in the same organization. So your MRI, the doctor never actually sees it initially. It goes to a specialist who's trained to read MRIs and says, I see whatever, tumor, whatever, and the doctor just gets the notes of what they talk about. Right. And they'll eventually look at it, but initially it's just bullet points. Yeah, yeah, yeah. And we had systems that were coming in into the office that could read better than the humans could, and they're faster and they work all the time, because the humans are only like 84% accurate. Right. Which doesn't but whatever. So humans are humans. Yeah. Yeah. But that's an image-only model. You can't talk to it, you can't like interact with it, it just you give it a JPEG, and that's what comes out of it. Right. So I think most people would probably be looking at like a chat GPT kind of chat infrastructure. Even if you're coding, they're there are coding assistant tools. Yeah. But most people would have that device president asking questions like he would say, if we did this, what would happen? Show me graphs of this. So it just depends on what you're doing. Right.
SPEAKER_02Now, what do you think most people are interacting with right now in terms of AI? You know, whether it be a personal or in the business, what what do you think they're actually touching the most often that involves AI or already using that deals with AI?
SPEAKER_01Oh, interactive chatbots for sure. ChatGPT has incredible volume. Um, Claude, Grok is very good as well. In that's although that's challenged by coding assistant tools, the number of times people talk to ChatGPT in a day are not a lot, but the number of times that a coding bottle go back and forth are very thousands of times. Yeah. So it depends on if you talk about like volume or what you're doing with it. But that's the the two main areas are like coding and abstract questions and research.
SPEAKER_02Okay. Now you said earlier, and this is a question I get all the time. Um, in fact, in recent news articles here in Oklahoma City where they talked about organizations that have laid people off and they've gone to some sort of AI model or processing. Do you do you see that as an issue that people need to be worried about? Do you think it's people are are going to lose their jobs, or do you think jobs are going to change? I mean, what's your thoughts on that?
SPEAKER_01Yeah, the answer that everybody always gives is that there's going to be a transition where some jobs go away, but long term that it'll be better. And that's true, but that's not helpful if you're someone who's going to like lose their job or something. Yeah. I I think the better way to look at it is if there's anything that you can do in your job where you can leverage AI, you should do so. It reminds me of I used to I used to know this guy who worked at an audio engineering place, like the guy behind the booth when people are in the and he told me the story about how his colleagues, when tape went to digital to DACs and like Pro Tools, things like that, there were people who made the leap and people who did not. And if you stuck with tape and tape went away, then your job went away. But if you went to Pro Tools, then your job stayed. Right. So if you see it coming, I would lean into it because then you'll be on the Pro Tools side and on the tape side. That would make sense.
SPEAKER_02How how does someone do that? I mean, you take take someone who is worried about that, someone who is wanting to use uh some sort of AI to make their job easier, make it better, make it more efficient, make it more productive, whatever the the words are that they want it to use. How do they do that? Where where do they start at?
SPEAKER_01Oh gosh, it depends on your job. Um, coding is very popular, and uh, and it's often talked about because the AI coding is it's quite good depending on how you look at it. So that's maybe one of the few spots where you can actually automate a job entirely. But the the better way to use it is if you're a a senior engine, senior developer, you might have previously had junior devs working on a small part of it. Now the senior guy can do a lot, be a lot more efficient about it. Right, right. So it that that's an area where there's clearly a tool available. If you're more like an office worker, you'd want to try to find some way to leverage it for your process.
SPEAKER_02Right. Now, is that something that there's training on? Is that something that or is it trial and error? Is it something that they could use the tool and just try to figure it out? I mean, even going back to to VectorPulse, is that something that they could the work or the organization can contact you and say, hey, we want our people to be more efficient. We want to build these processes, and maybe they don't have the skills to do it, but you certainly do. Is that where you see that's going from the business side and from the individual side?
SPEAKER_01Or yeah, 100%. So there's there's training that you can do if you're unfamiliar with it or you want to get better at there's classes like there is for anything, we can help with that. Sure. And there's a lot to be done with workflow integration. So you do have office workers who are not developers and they don't they know it can be used somehow but don't know how to use it, that's where we can come in, is we can say we can make you a custom tool, we can make you the equivalent of the sidebar in the S studio that does the coding automatically, whatever you need. Right.
SPEAKER_02Now, if let's say someone comes to you and says, Hey, I need I need to be more efficient in this process. Um, how do you go and help them? How how do you scope that for them? How do you what questions do you ask them to understand if they're ready to really do that or if the job can be done that way?
SPEAKER_01I usually ask what is the worst part of your job? Or like what's the biggest pain? But you because what you want technically is they call it pain points. You want to know what the where are you sp spending the most on your time? And typically it's something like we get these spreadsheets, I get six spreadsheets, I have to turn them into one spreadsheet, and that's like a longer process than it sounds. And we go perfect. Okay, you hate doing that, it's highly repetitive, very automatable, and we can develop a tool that was that would turn that job into just did it do the tool correctly, did the tool work right? And that's everyone likes it better, it's great, no one loses their job, it's faster, it's tremendous.
SPEAKER_02It's all good. Do you find that organizations are receptive to that? Or do you feel like there's still some that's resistant to it?
SPEAKER_01Oh no, everyone's 100% on board for it. That in fact so much so that that's the that managing the expectations is the biggest problem. What you have is we have board members who are like board members, you know, they don't know, and they're like, AI, we need AI. So then that gets down to like president, BP, and now a budget is created, but and there's expectations that you can replace your entire call center with graphics cards. And then when you can't do that, then you start running into problems. So you have to kind of manage, like, look, this is what we're gonna do, this is how it's gonna work, and this is the return on investment, but it's not gonna be like magic. Yeah, kind of pick a little bit.
SPEAKER_02Right. What what do you think the phases that let's say I'm uh I'm the I'm the organization, I'm thinking about this, I'm gonna I'm gonna hire you to come in and help me figure out what we can do and how we should do it. But what are the steps that I need to think about as the organization? I mean, certainly scoping with you and getting you information, but I mean, there's gonna be implementation, there's gonna be testing, there's gonna be other what are some of the normal things that the organizations really need to think about of okay, this is what the project's gonna look like.
SPEAKER_01Yeah, there's a lot of um different organizations have different needs. Um, we're working with a banking company, the finance laws are very strict about what you can and cannot do. The healthcare laws are strict, but in a different way. So you have to figure out like that basically, why can't you just use Chat GPT now? Like if we're if if we're coming into the situation, it's because you thought about it, but then there's some kind of an issue, and it's gonna be regulation, governance, return on investment infrastructure, this can stay on site, this can't go off-site, those things all have to be kind of identified and then worked around. Yeah.
SPEAKER_02I literally just got off a call with a client who they have a vendor pushing AI on them. Yeah, it's like, hey, you need to use this, you need to use this, you need to use this. As for a hospital, and they were like, Well, we need to have a BAA and we need to make this, we need to have all this. And and they're like, Well, no one else is asking for this. So I'm really proud of the hospital um because they're like, Whoa, wait a minute. We we want to do it, but we want to do it the right way. We want to do it the safe way, we want to make sure all of our stuff is is in place. Are you seeing are you seeing any resistance from the compliances side? I mean, you you do have G OBA, you have HIPAA, you have FERPA for high you know higher ed, stuff like that. But are you seeing anything where you can't actually do something with AI because of the compliances? Or you just had to kind of make sure you work around it or work with it?
SPEAKER_01I think that's the job of HR and legal is to say no to things. I mean, not actually, but that's like but that's kind of how it does happen. Um so yeah, no, they they they the compliance people oftentimes when we get into the involvement situation, what has happened is someone wants to use AI, it's come down from the board, and then it got stuck at compliance. They couldn't figure out how to do it in a way that would square all the circles. Right. And what you want to do is you want to say, okay, this is what has been done before, this is the pattern, companies do this, don't get sued, this is how it's done safely. And then once all the boxes are checked, compliance is totally cool with it. Sure. You got to get the you gotta get it all figured out and all the boxes checked.
SPEAKER_02Who is usually involved in that? I mean, you got the certainly the lawyers, the compliance people, but who else? Who else do you normally when you're working with the organization, when you're working with your clients, who are involved in that process and that in that team? I mean, it's not just the people who are the jobs are getting easier for them. There's a lot of other, but who are you regularly working with?
SPEAKER_01A lot of times it's senior leadership. There, there's a vision coming down about we want to do this and we want to enable it, and we have all these big goals and we want to do these things. And then the vice president gets off the call, and then you have the engineers and okay, so how are we gonna do this? And then you start to kind of build towards that goal, but it's it's all layers because everyone's involved. Okay. The person who gets left out the most, sorry, is often the actual user of the product. Like they'll be the president and the lawyers. I believe that. And then they don't talk about like, okay, well, it's Sally's gonna use it. We should ask Sally what she thinks. So that's important to actually test all these things.
SPEAKER_02Which is really important because uh you're right. A lot of the times that end user is the one who is gonna be the most affected by it, and they're the ones that don't get asked the question.
SPEAKER_01And they'll make noise if they're unhappy too.
SPEAKER_02Yes, yes, and the whole goal is to improve their workflow anyway. Right. All right. So here's uh maybe a tough question. Are there any things so far that you've seen that you've said AI is not gonna help you?
SPEAKER_01Yeah. Um if the task is a decision-oriented task or if it requires any reasoning, there's a misconception that that AI models can reason because they can kind of they look as though they're doing that. They kind of fake it. They fake it, yeah. But if you ask it a question that's challenging, you can see right away that it won't work. If you ask it like which religion is the correct one, it can't give you a certain answer. It will it which if you a person can pick, but the AI can't. So it it will attempt to satisfy that based on the training data in two ways. It will either say, Well, these think this, these think that, and give you the options, yeah. Yeah, or it will give you a generic platitude that fits like the lowest common denominator. So if your task requires you to come to a decision that other people will be unhappy with, the computer probably can't do it. Right. But if it's like I worked for a company once where they were getting a lot of faxes, and they would get like people's IDs faxed over, doctors' IDs faxed over, and processing the faxes is very easy for AI to do and very hard for people to do. It's very painful. Right, right. That's a great use case.
SPEAKER_02Okay. Thinking about AI and thinking about organizations. We'll put it back to organizations. My biggest concern, of course, is security. That's what I do. Sure. What are you seeing now that concerns you on the security of AI? Either at let's let's start with the AI models, the the tools themselves. We'll we'll talk about the use of the tools later, but just from the AI models or the the tools that you're dealing with right now, what are you seeing that really concerns you about security?
SPEAKER_01As long as you're doing it correctly, it's the same conversation that I felt like we had like in 2010, 2015 about like going to the cloud, about going to AWS or to GCP. And the same concerns apply, like, okay, well, is the data is it encrypted in REST in transit houses, all those things. But a lot of times, especially now, the frontier models are being hosted by Microsoft or Amazon, and there's already a like you're already on Azure, we can just, it's already Microsoft already sit, you're already paying for this part of it, we can make it work. Right. So where it becomes a little bit awkward is if it's a small business or it's a weird manufacturing facility, maybe it's a a private clinic where they're not on the cloud and it's all on premises. How do you go about doing things that way? So it just depends on the business.
SPEAKER_02I uh I was at a a uh policy village at DEF CON last year, and we're there were several presentations about AI and such. And there was a panel up there, and they were talking about how we really, you know, we have to go to AI or we have to do all these things. And they didn't really talk about what we were doing. It was more that that surface layer, we have to get there. Well, I when I get into those, I'm I'm gonna raise my hand, I'm gonna ask questions because I'm a CISO and that's my job. And uh we asked a question about security, what I just asked you, and they they gave a um kind of a non-committal answer of well, we need to do all the stuff that we're supposed to be doing, you know. We need to do like kind of what you said, encryption, you know, transit and press and you know, all these different things. And and I raised my hand again. Um you're that guy. Yeah, I am, yeah. In that particular presentation, I was that guy. I raised my hand again, they got to me, and it's like, we haven't been able to do that for the last 20 years in security, we're still working on it. Why do you think we're going to be any better at it in AI? And they flat refused to answer my question. I see. And at some point, and I'm of course, I'm sitting in the back. Um, because you know, you get there like you got to sit wherever you can, and uh somebody in the front says, Hey, I want to know the answer to that question.
SPEAKER_01Oh, you've got career later, awesome.
SPEAKER_02And they refuse to answer the question. And I guess it wasn't fair. I mean, because like you said, it it every implementation is different, every organization's different, every tool is different, and you still have to do those good things, you have to do the correct things to make sure there's secure, you have to understand what security means in that in that environment, and then you have to do those things. But it was just funny to me because uh you know, you I think you kind of mentioned it before where you know everyone says, Ah, we have to use AI. Okay, sure, but it's a tool, yeah. And if we're going to use it, let's use it right and and let's think about how we're using it and does it make sense if we're using it. Um, but of course, I'm I'm the CISO, I'm the guy that's going to do the policies and procedures and the compliance and this and that. And it's like, okay, well, let's do it. And uh in my favor of saying about AI is AI ain't going away, it's it's it's going to be here. And uh back in the the 90s, if you said ain't, someone was going to smack you. Nowadays they don't even think twice about it. But but those are the things that we do think about, and it's not about I don't look at it as the tool, because I think you're absolutely right. I mean, when we uh you know go back, we'll go back into the early 90s, you know. Uh in college in the early 90s, they were or in the 90s, they were saying, don't use the internet for your papers. And now, can you imagine not using the internet for papers? Yeah. I think in five years, probably less. So, right now, you know, I've got several higher ed clients where their their faculty members are. Talking about you can't use AI in your classes, they're just forbidding. There's a lot of problems with that. And I'm like, you're you can't in five years, that's not even going to be an option. You know, we can't say don't use the internet in your classes. No one would realistically say that nowadays.
SPEAKER_01I know a professor who um whenever you if you're in college now and you send your paper in, it's going through like a like they call like turned it into vendor that has and they grade if it's plagiarized but also if it's AI generated. Yeah. And this professor, he is a partner in the company selling a product that humanizes the text so it goes through the filters. So it's kind of like, right? Nah. Is that a good jam?
SPEAKER_02Okay, so here's what I think. This is my opinion. This has nothing to do with our podcast, but this is my thought. All the tools that we have available to us, it's making things more efficient, it's making research more efficient. I use some sort of LM almost every day for one reason or another. Um, all of our engineers use it. If it can make your job easier and we can be more effective in security, we should be doing that. Okay, got it. But you look at higher ed, you look at places that still require people to say to write 30 pages. I mean, I had I don't know how many 30-page papers I wrote in college. Oh, yeah, I'm so jealous now. I it it was dumb. Now I'm gonna tell Chat GPT, hey, give me a 30-page paper on this topic, and then I'll go through and fix it. And guess what? It's not gonna be perfect. But it gets you the it does some of the work for you. Exactly. Yeah, you can do something with it. I I honestly think that in a couple years, those aren't even going to be requirements anymore. Why would you have someone write you like Dan's writing it now? Well, we did that too, but why would you do it? Because you know, it's an arms race. If you that's a great word for it, yeah. If you're building an AI model that can help someone write a paper, you got to build another AI model to determine that that was an AI model, and you've got this back and forth, back and forth. It's like, okay, let's just stop that and figure out a better way to judge someone's capability uh on that topic or that class or or whatever. Yeah, is the paper good? Is it the good? Yes. Or do you even need a paper? Why can't you just go ask them some questions?
SPEAKER_01Yeah, there's a lot around interviewing that um uh the AIs are can be very good at interviewing, and it's like um it's a problem for like legal and for HR reasons, but that's that's coming too. Yeah. Absolutely. And that's realistic.
SPEAKER_02I think that that's where now I will say that I had a client who's doing um it's a it's a tool, it's a fairly popular tool, but it's a you basically they'll ask you a bunch of questions you have to record, and then someone layers are gonna go and watch it. Oh, really? Okay. Um, and it's just so they don't have to do an interview. So well, they don't do the first interview. The first interview is you do a recording, but they give you the list of papers, you have the list of questions here, and they say, Okay, I want you to go on and I want you to answer these questions on this recording. And it's it's a very specific uh well. I mean, like in in the podcasting world or whatever, we have something like StrainGuard, or uh, there's a variety of others. This one is you go log in, it starts the clock, you read the question, you answer the question, you read the question, and then somebody goes and watches it. And they're like, okay, it's not really saving any time. I mean, the person on the uh this side has to go and spend the time to answer the questions, and then someone has to go and watch it to listen to the answers. You're not saving any time anywhere, but they still do it, and people are like, all we have to do this. It's like, okay, well, I get it, and we'll figure it out, we'll make it secure and we'll do all the right things.
SPEAKER_01But is it really helpful? It depends what you're doing with. I it's funny you say that. I used to be on these uh panel interviews where if you got through the first level and the second level, you'd be on like an interview panel, and they'd be asking my colleagues be asking technical questions like, What is this? How do you do this? And the person would answer it. But everyone that gets to that level knows the technical answer to the questions. No one's bubbling up there and isn't already an expert, you know? Right, right. And we would go down the line afterwards, they'd get off the call and they'd be like, I think he's good, I think he's good, he's good. And then it's to me. And I'm like, I think the guy sucked. Because it's there's a whole like culture fit. And is the guy like can he communicate well? Can he put the ideas in ways that you can comprehend? Will will he fit into the dynamics of the team? There's all these other aspects too.
SPEAKER_02Right. And I think that that's so that's but that's someone who's experienced at doing those interviews or at least interacting with people. You have a lot of people that have never hired anybody. Oh, yeah. And they're trying to make a determination on this person's capability in that environment. That scares the hell out of me.
SPEAKER_01Yeah, I we were. That's why a lot of insurance companies got sued for using AI, and then you look at it, and it was like an automated spreadsheet. This was like in the past. So there's like a balancing act for it.
SPEAKER_02Yeah. Well, okay, so that that really leads into more of a compliance question for me. This is just this is me, this is not actually a podcast. I'm just curious. So one of the things when GDPR came out for the EU back uh eight years ago now, however long it was, it said automated processing, automated decision processing as it relates to data subject data. And they basically said in the law that if someone doesn't want to be automatically processed, that there would be an alternative. There would be some way. Now they have to ask for it and they have to say it. But we're getting to the point now where a lot of this stuff is happening automatically and they don't really have alternatives.
SPEAKER_01No. And it's like it and it's more ingrained to things than you would think. Like if you hear about them doing um, what do they call it? Like like burst pricing, where your pricing changes depending on your person, like your profile. Yeah. Uh yeah, that's and you go to stores now and they have the little electronic price tags that change. Like that's yeah.
SPEAKER_02I mean, I see the point. I see why organizations are doing that, but I'm I mean, I'm a GDPR guy. Okay, you know, I've I've I've helped organizations meet GDPR requirements. We had to meet it at the university, and I get it. I mean, as a as a data subject, as a person who I want this organization to make a decision about me or my child or my wife or whatever, I don't want that left to a computer. No. I I want I I want at least a person involved in it. Um, which I I I get it. I mean, I get it of that's a person, that person is tied up for X amount of time doing that, and you can get that 10x efficiency by doing other things, but you always want a human in the loop.
SPEAKER_01Like with the MRIs, it goes somewhere and it comes back and it says whatever, and the doctor will like sit down and pull it up real quick and glance at it. And you at least don't want the glance. Yeah.
SPEAKER_02Do you think let's let's talk about like uh health insurance, because they get some of that data. Oh, yeah. You know, they they pull some of the data from the hospitals and they they got intake forms and whatever. I'm sure doctors aren't involved in that. Do you think there's a danger of them making decisions, whether it be not necessarily patient treatment, but maybe patient um benefits on that AI thing that they were gonna have to think about, maybe not right this second, because there's still a lot of manual things there. But do you think that's something that we're gonna have to deal with?
SPEAKER_01Yeah, I used to be the director of AI innovation for Cigna, the insurance company. Okay. So we did a lot of insurance stuff with the insurance company. But um it's it's really surprising what data they can use and cannot use. And the parts where you think that that'd be a problem, that's usually not. And then the other parts where it's like one of the biggest issues you have with insurance pricing are are what's called stop losses, where if they make a misguess about how many people will need the service, it can really balloon out of control. So the there's not really a lot of like making decisions uh about you in like um a bad way necessarily. Sure. But the problem with insurance is that you're you're the doctor is spending someone else's money. So there's so much, there's an arm trace between the hospitals and the insurance companies to figure out where to go.
SPEAKER_03Yeah.
SPEAKER_01Like um, I had to get a procedure done once that was just an injection, and the doctor can just do it in the office, like just go like that and be done with it. But instead, they make you go through a facility because the facility gets the facility fee and the doctor gets the doctor fee. So that's yeah. But which university did you work at? University of Tulsa. Ah, University of Oklahoma.
SPEAKER_02Yeah, no, I was at University of Tulsa for 22 years. Oh, wow. Um the last 10 I was CISO, and then I I came to Alias. Oh, very cool. So uh I spent a lot of time up there. I did a lot of stuff and I enjoyed it. It was a lot of fun.
SPEAKER_01Learned a lot, learned a lot about compliance. Yeah, the university environment is very interesting. It's like a mix of academics who have like their head in the clouds, kind of and then like more practic. Like I was at the University of Oklahoma in the Health Sciences Center, so it was right up the teachers who were like, you know, very thinking about things in academics, and in the hospital that's all like money focused, and they would clash very hard. Yeah.
SPEAKER_02I I I can tell you when you get two people that have worked in a higher ed together, this is what happens. We could do several episodes of just what it was like living in a higher ed environment. Now, I will say I learned a lot. I I mean, we had I learned a lot about incident response because I was dealing with your security response team, about being a CISO, about being, you know, help I was my first job at higher ed was help desk, well, not my first one, my first job at higher ed was actually circulation desk. I was worked in the library. That was when I was a student. Okay. Um maybe we'll do a whole episode just on the phone.
SPEAKER_01Well, actually, I'm in my head, I think, but it's because it's so because the hospital or the rather the university people are so like not money focused primarily. Like they're not trying to meet their core their goals or whatever. But then they have a whole different set of objectives that are like But money is always an issue.
SPEAKER_02Well, core Because you get to the end of the year and all money stops. You know, all budgets get frozen, now you gotta deal with stuff or you can't buy anything, you can't do anything. You still have to make projects you know happen.
SPEAKER_01You do. There's a lot in the whole grant process is very fascinating. Like I'm sure you saw the meme where the certain words just spiked in oh grant papers because they're being done by Tadji B obviously. Yeah, yeah, yeah. So, but I we had a biology lab that what they primarily did was just write grant papers. They had like they would do research, but the grant writing process is so long and so intensive that there's just guys just all day long.
SPEAKER_02So uh I'll uh have a little fun because the AI is becoming an issue on these grant issues, on these these grant submissions and stuff. Um I was working with a client um and they were putting they were putting an RFP together. Okay. And so they they wrote the RFP and they sent it to me. I was like, hey, can you look at it? And I looked at it, it's like ChatGPT wrote this. You can totally tell, always. And I I I emailed them back. I was like, hey, what why? Well, first of all, why'd you use ChatGPT? Which I have nothing against ChatGPT, but why'd you use it? And number two, why are you asking this and this and this and this? And they can they came back and then it's like, well, you know, this question we always ask, and this question this and this question. It's like, but are you actually making a decision off of that? I mean, you're getting this information, but what decision are you making? And they're like, Oh, well, but well, we're we're gonna compare them. It's like, great, well, is it good if I give you a three on it? Is that good or is that bad? And how do you compare that? And they're like, Oh, we can just cut all of that stuff out. It's like, yes, that's one of the things. Again, it's that arms race. If you have someone who writes an RFP or a grant request or whatever with Chat GPT, I can almost guarantee you someone responds with Chat GPT. They're gonna go, oh, well, they wrote it with Chat GPT. Here, let me put this into Chat GPT, create me a response, and it's gonna create a response, and you go and you have to verify it, validate everything. But that's how they're doing it. So at some point, someone's gonna say, Okay, stop. Let's stop this cycle, let's just make this easy, let's make it efficient. Sure. I mean, I mean, hell, let's use AI to tell us don't do this process anymore. How do we do it to be effective?
SPEAKER_01Anyway, that's my rant for this. It's so funny you say that that resonates with me because it I I would work in IT, and if I wanted to buy something or whatever, you make the ticket for it, and like I sign it, colleagues signs it, my boss signs it, their boss signs it, the manager, and then like God signs it, and then it's now approved, right? Right. And I would look at these like service desk tickets that are going through, and there's so much information about questions like, is it this? Yes, is it that? No. And some were a requirement of the company, like you you you can't use uh a vendor from China in this industry. Yep, but other ones were like they were added in the 90s and no one looks at them and no one took them off. It's like there's a it's a lot of opportunity to to streamline those processes because no one wants to be the person who takes it off and gets fired, but that's why you hire a consultant because then we can blame them for it.
SPEAKER_02Yes, I cut shit all the time. I oh this is a funny little story. Again, it has nothing to do with AI. I was reading a contract once. Uh no, it was a uh it was policy. It was a uh I think it was a handbook. Anyway, I I was reading it, I immediately stopped. I called my liaison, the one I work with. I was like, all right, who got fired for this section right here? And that person started laughing. He goes, let me tell you the story. There are some stories sometimes. I'm like, oh my God, why did you put that? Fire him absolutely, but why'd you put it in the policy? Why'd you put it in the handbook like that? And he goes, Well, we had to have a reason to fire. I was like, No, we're gonna take that out. It doesn't belong there, put it somewhere else. It doesn't anyway. It was, but that's what happens.
SPEAKER_01Yeah, I understand it. I guy one time I when I was working in IT at the cancer center, actually, students and cancer center, huh? I had uh we're turning everything on in the morning, it's very early in the morning, and I have like two monster Andrew drinks in my hand. It's very the sun's not yet. And someone comes and gets me out of my office and brings me to this like stack of servers or whatever, and goes, like, well, it's not working. And I'm looking at it and and I'm like, what what exactly is the problem? And he goes, Well, that light there should be on and it's not. And there's a switch next to it, and I turn it on and it goes and he's like, Is it working? Yeah, and I I think he could have done it. I just think he didn't want to get fired for turning it, you know? Because he's like not a technical guy, he doesn't know. Yeah, yeah. But it should be on. But but that's the thing, is that that stuff happens. It does, yeah. And wow. I mean it could easily go the other way too. You could have and that's there are switches not to flick too, so it depends. Well, that's true.
SPEAKER_02I I I uh I do a lot of not really intrusion detection, but network sensors, you know, watching. And uh I had one of my sensors pop off one day. It's like that's odd. And I tracked it down, and somebody had gone and bought a Raspberry Pi. Oh, cool. And they were just having some fun with it. It was their personal device, but they were in their office playing at lunch, you know, just which is what you do. I mean, that's totally stuck at work, yeah. And uh they plugged it into a uh private VLAN that wasn't actually private. Um, anyway, they took this Raspberry Pi, they plugged it into an Ethernet jack on the wall that just happened to be on the access control network. Oh, cool. And they were just letting it run. Well, the problem was we they thought that that VLAN was blocked off at the network level, you know, at the firewall. And it wasn't, it was wide open. So someone popped that box with the default creds. Oh, neat. And so that Raspberry Pi is now scanning the whole network. Wow. My sensors popped off, and I was like, that's interesting. So I went over there and what is this? That's funny. And he goes, Oh, well, that's my pie. It's like, fuck, not anymore.
SPEAKER_01Did you get a lot of um Alexos or Google speakers? We would get those people to bring those in and like plug them in and so we had one.
SPEAKER_02We're at 47 minutes. I want to tell one more story, and then we're I think Samantha's gonna like throw something at us. We uh so we had one, it was at a nursing station at one of my hospitals. Okay. And I'm not with them anymore. Yeah, they they don't have services anymore, but they had this this um uh Alexis or whatever it was, it was sitting there, it was plus but playing music, of course, you know. And one of the technicians walked up and says, You can't have that. Okay. And they looked at him and they go, Don't tell anyone. Well, the technician immediately called me saying, I don't know what to do. I was like, I need you to go and I want you to get all that device, I want you to unplug it, and I want you to take it back to your office and put it in a Faraday bag. And they're like, But the nurse is scary.
SPEAKER_01There is such a back and forth, because I I totally get that, but sometimes it's like people don't know, they bring it in, it's just playing. You gotta kinda like Well, they knew that was that's why they said, Shh, don't tell anyone.
SPEAKER_02They knew they weren't supposed to have it, but they did it anyway.
unknownThat's typical.
SPEAKER_02All right. Well, I I I think we're at the end. We're uh we're hitting our 48-minute mark, we're somewhere around there. So, okay, Dan, tell me about VectorPulse real quick. So tell us about the company.
SPEAKER_01VectorPulse. We're in Oklahoma. We do AI consulting, AI solutioning. If you have a if you want to use AI in your organization and you don't know how to do it, or you want you want to know how other people messed up before you got there, what what mistakes do other companies make, how to not get sued, someone to blame when things go wrong, that's when we'll help you out with that. But uh a lot of it is creating the AI for your company in a a way that is scalable and cost-effective and achievable and meets all your requirements, and that makes ever all the stakeholders happy, and that's what we do.
SPEAKER_02And it's not just helping them implement I mean, you're actually helping them write processes to build the AI into doing things.
SPEAKER_01Yes, because the every business, especially right now, it's a evolving field. You know, a lot of what we do is we have to look at where other companies go wrong, how do they get sued, what would they how do cases go out, and then you create policy that reflect how the law is changing for this particular sector. It's a lot of yes, you gotta be right on the edge about it. Yeah.
SPEAKER_02Now, we've got a few AI things coming up. I think there's gonna be an AI summit at B-Sides this year. Yes, on Thursday. Yep. So there's uh and you're gonna be at B-Sides. I will. So if you are interested in this sort of stuff, of course, we're gonna have all your contact information for Vector Pulse uh on on the podcast. But if you want to come out and meet Dan, um kind of get an idea of what you guys do, or if you have specific questions, you'll you'll have a booth at B-Sides, so that's gonna be a lot of fun. Um, and then of course, we have alias, and you know, we can always get you in touch with him. So thank you so much. Thank you very much. We see you coming out. This was a lot of fun. We've got to circle back to the college one and oh, absolutely. We're gonna have fun with that. So, all right, thanks everyone. Appreciate it, and uh, we'll catch you next time on the Secure AF Podcast.
SPEAKER_00The Secure AF Podcast is a production of alias Cybersecurity. Visit us online at alias cybersecurity.com. All rights reserved.
Podcasts we love
Check out these other fine podcasts recommended by us, not an algorithm.
