Kitecast
Kitecast
Eddie Doyle: Cybersecurity Evolutions: From the Network to Blockchains
Eddie Doyle, a renowned Security Strategist and Speaker at Check Point Software, has a fascinating career journey in the fast-paced field of cybersecurity. Doyle first understood the importance of cybersecurity in 2007 when he joined Check Point Software. Back then, it was a transformative phase; IT departments were just beginning to comprehend the concept of data centers to deal with the data influx post the dot-com era.
Interestingly, Doyle noticed that while these data centers were physically half-empty, they consumed immense power and cooling resources. Doyle navigated the rapidly evolving cybersecurity landscape, witnessing the rise of threat actors who managed to bypass physical security measures by infiltrating systems virtually—a phenomenon triggered by data outsourcing. This necessitated the introduction of network security, a critical aspect in the digital world today.
As technology advances at an unprecedented pace today, so does the acceleration of cyber threats and associated risks. Doyle is a firm believer in the effectiveness of defensive strategies over offensive ones. He points to the legal and reputational hazards of aggressive cybersecurity measures and emphasizes the need to maintain a defensive stand. Despite the challenges of the Digital Age, Doyle is very optimistic about cybersecurity’s future, especially considering the emerging industry trends. He believes that security measures, if comprehensible and straightforward, are more likely to be implemented.
Doyle uses various anecdotes from his career to illustrate his points and provide more context. Innovation can be inherently insecure, despite cybersecurity’s primary goal to protect and secure. He shares a valuable insight from a military representative who advocated for the concept of “failing forward.” This idea implies that once a cybersecurity threat has been identified and contained, it’s essential to continue looking forward and adapt, a perspective different from the typical commercial response that halts after containment.
Doyle highlights the complexity of legal issues arising from offensive cybersecurity measures, such as retaliation against a cyberattack. He also provides insight into the Dark Web’s reality, discussing the proactive measures taken by his team to stay a step ahead of potential threats. Discussing the role of private industries and citizens in cybersecurity, Doyle notes that while industries aim to defend against cyberattacks through their products and services, they generally avoid an offensive stance due to legal implications.
Doyle paints a grim picture for cybersecurity professionals. Expanding upon the methodology of cybercrime syndicates who exploit system vulnerabilities, he highlights the diabolical precision of their operations, frequently helmed by psychopathic individuals launching phishing emails and targeting victims.
Doyle reiterates the expansive global reach of such cybercrime syndicates, pushing for the creation and implementation of strategic cybersecurity tools to fend off such sophisticated attacks. He additionally emphasizes the potential of blockchain and artificial intelligence in fortifying cybersecurity measures. Acknowledging the current crisis of misinformation and declining trust in media and leadership, Doyle identifies blockchain technology—with its transparent, decentralized system for verifying authenticity and securing personal information—as a groundbreaking solution and the benefits of safeguarding personal data.
LinkedIn:
Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.
Kitecast Ep. 16 (Guest: Eddie Doyle)
Patrick Spencer 0:00
Welcome to Kitecast cohosted by Tim Freestone and Patrick Spencer, that features interviews with IT security, compliance and risk management leaders and influencers. Everyone welcome back to another Kitecast episode we have a real treat today. Eddie Doyle from checkpoint software is joining us. Edie is a security strategist and keynote speaker at checkpoint software. Prior to his current role, he served in several different roles at the company starting in 2016. Or at least the latest assignment he can tell us about the two to two forays that he's had a checkpoint actually as we delve into the conversation today, he spent time at other cybersecurity companies such as McAfee spends most of his current time in his existing role, engaging with boards of directors and executive teams, helping them to solve cybersecurity challenges in an engaging manner. And he was a competitive track athlete. We're going to talk about that today and holds degrees from the Manchester Metropolitan University in Brighton met and Northbrook College. Eddie, thanks for joining Me and Tim today. We're looking forward to this conversation.
Tim Freestone 1:07
Yeah, thanks Patrick
Eddie Doyle 1:10
There's a little correction to my bio there only because as you can already tell by my accent, I'm not the Bronx. You know, New Yorker that you think I am from England.
Patrick Spencer 1:24
Or from Texas.
Eddie Doyle 1:27
Yeah, I'm from Texas. I have spent half my life in North America. But yeah, growing up in England, we do these diplomas there aren't university degrees. But having said that, yeah, and a foray into English language before I got into technology. But anyway, you're my host. So let me know where you'd like to take the direction of the conversation.
Patrick Spencer 1:43
So competitive athlete, you still do some of that today? Do some running?
Eddie Doyle 1:48
Yeah. In my, in my dreams? Well, you know, I'm still running. So running was a thing for me from a very early age. I just ran home from school from about age, I don't know six or seven. And I was running ever since. So that's my therapy. Right? That's, that's where I get to work out all my trauma is on the pavement. So that's, that's good for me. But no, my hobbies today are riding a Harley Davidson like a good American boy.
Patrick Spencer 2:12
Ah, interesting. So good, Tim.
Tim Freestone 2:17
Just what did you say you're in the UK now or you're you reside in the US? I might have missed that.
Eddie Doyle 2:23
No. So I left the UK when I was just turned 21 years old. For adventure. An adventure is to be had in North America. My friends. You guys are having way too much fun out here. So I stayed. And so that was the 30 years ago.
Patrick Spencer 2:35
Oh, God. All right. You never know. I was at a gas station in Germany on the Autobahn A few years ago and a guy on a big Harley pulled up. But I think he was from the Air Force, US Air Force Base. You never know where you'll see when Polo.
Eddie Doyle 2:50
Right, right. We're all my friends out here have the triumphs because they're buying the British classics. I'm a British guy in America. Right? So let's go Harley. Yeah.
Patrick Spencer 2:59
So tell us a little bit about your role over a checkpoint what you do this latest assignment, I think dates back to 2018. And you've actually been with the company and two different stents interested hearing, you know, what you did originally and how you came back? Because the role changed, I think dramatically over time.
Eddie Doyle 3:16
Yeah, well, so you know, I fell into cybersecurity with checkpoint, as a matter of fact, I mean, prior to that, I was working in the race floor data center space. And so this was 2007. And so if you recall, you know, in the industry around 2000, what we see here in the early 2000s, as it guys went out to the CFOs, and said, Hey, give me a big pile of cash, I need to build a datacenter. Because I've got all these servers, I didn't know we're going to have them. Yeah, this is just an after the.com, boom, right? And it went bust. But we needed all these servers to host all this space. So CFOs gave, you know, 5 million bucks, go build your data center. But then what happened is Moore's law, right? You know, we created super-fast computers, blade computing came in. So my data center was physically half empty, but I was using all the juice. So all the power, all the cooling was being sucked by these three racks now. And so I got into that game for a little while it was it was to basically say, Well, look, instead of wasting your money, you're now retrofitting the power and cooling to a room in a high rise, which is jolly expensive. Let's outsource all this stuff. So that was the beginning of us, the industry taking our very precious machines, and moving them to data centers, somebody else's physical building. And so as part of that evaluation, the physical building was evaluated, but then threat actors just got in, you know, straight through the ether. And so we get Okay, great. You've got really good redundancy for power and cooling. I don't think Spider Man is breaking in through this window. It's pretty good security here, right? But all of a sudden, some kid with keystrokes on the other side of the planet just stole everything what? So that was my first thought. of introduction to Okay, that's interesting. How did that happen? And then, checkpoint is software at the same time, of course, you know, really the story goes in North America, you had John McAfee, right building Antivirus for endpoint. And that was in the late tooth. Well, actually, that was the early 1990s. That's how early that was. And then you had Gil sweat tinkering around in Israel building network security. Again, that was the late 80s, early 90s. So fast forward a decade to the early 2000s, these guys had established gigantic companies, I got pulled into cybersecurity on the network security side, because that was where I just happen to have fallen in datacenter raised floor spaces and trying to figure out a solution, really a solution to a financial problem. Because the tech guys at that point, well, we're not well versed in finance, right? I mean, it's just, hey, we need all these servers, and I'm going to hook them up for you. And prior to that, I was just putting printers and copier machines and coffee machines together. So that person really didn't have an understanding of finance, the CFO doesn't have a clue about it. And these two worlds came together. And you know, a lot of money was earned and spent. So I got into the network security business. Because well, as I said, because you know, people started stealing stuff through keystrokes. And I was very much interested in how to prevent this. And so Gil at the company checkpoint first hired me, and I was working in sales and marketing. And then I left to do a startup in the valley, a cloud access security broker, I've just been very much interested in, you know, shiny new objects, shall we say, right, the bleeding edge of innovation. And what I've discovered from that, actually, that passion of mine, because I bounced out after a year and went back checkpoint. And that's because it's a, it's a furious world at the bleeding edge, it's where all the fun is. But when it comes to security was funny, I was talking to some military guys about this just last week, you the standards are very different, you know, we can afford to play? Well, having said that, not really, because I'm still thinking of 2008. Today, with the kind of ransomware attacks that we get, you know, the word play is a little too casual for, you know, for people that have a severe consequence to somebody, you know, engaging a keystroke across the other side of the planet. But I will say that there is a difference between what the Department of Defense requires, and what industry is, is pushing to attain. So, you know, that's what got me into this world, I'm interested in the innovation at the edges of innovation is absolute creativity. But at the same time there is vulnerability. You know, one of the mantras for cure squared has always been if security isn't simple, it isn't followed, right. If it's complex, people will find a way around it. And, you know, God has interrupt me because I can talk but I'm just about to jump into the problem we have with passwords. That's complicated. And so people found a way around it. And so what is it 81% of breaches in 2022 came from a phishing attack. And that's because threat actors know that I just need to get that password. And then I probably got the password to everything.
Patrick Spencer 8:26
Tim, I think he brought up a topic of, you know, the DOD and so forth a topic that's close to our heart. I suspect you're about to ask him about CMMC.
Tim Freestone 8:37
Yeah, just in general, I noticed I think what you were referring to you went to the guest Summit. Does your guest Yeah. I'm interested in knowing what fell out of that what, you know, the government and those the speakers you were with, it looks like folks from the DEA that Navy Department of Labor, you know, where their heads at in terms of the next year? 234? What, however, out far out you want to look and how that contrast what you're hearing in the in the commercial space? Are there similarities? Are they in different universes, the government versus the commercial space when it comes to security and innovation? Just, if you could springboard off of that I'm interested in Sure.
Eddie Doyle 9:22
So I was there for the morning, I can let you know what the public addresses were in the morning. And I was on the panel with the Navy prior to that the gentleman who keynoted the event was the CISO for the US Army. And one thing I really took away that was very strongest sort of similar to that philosophy that I just mentioned, I just touched on, you know, when you're at the bleeding edge of innovation is actually quite an insecure place, ironically, right, considering we're building security products. And one thing the general is a general who I forget his name off the top of my head who gave the address at the beginning. He said in History provides products that will, that will find the threat this happened. And it will remediate the problem. And then we'll carry on as normal. These are my words, not his. Whereas he said, what we require in the military is, okay, you found the threat, remediate, but fail forward. So in other words, and it's a really interesting philosophy, and I think he's right about this, because as manufacturers, what we're trying to do is, let's say, for example, you have ABC bank, okay. And ABC bank takes security very seriously. And so ABC bank gets a breach, all right, we detect it, we isolate it. Right. And we contain the damage right there. And is, and if you've done your zero trust architecture, effectively, well done. Right now, you know, unfortunately, you had the breach, but it has been contained, if you've done zero architecture correctly, has been contained on MITRE, or most of these kinds of standards. Alright, brilliant. But whereas the army says, Okay, we found it, we've contained it, but now we, we need to respond with a military. Right. So that's, that's different from us, we clean up and we're done. So this actually takes me back to a talk I did at it was for the Journal of Law and cyber warfare with a bunch of military adjudicators. And this point actually came up because if, for example, you're working at ABC bank, and you know, one of your competitors, is stealing your customer information or trying to, and some young kid on your team decides I can stop this, I'll just throw a honeypot out there. And we'll watch what happens. And if that honeypot works, and it detonates on that competitive bank that was stealing your information, you just broke the law. You're not allowed to do that, you know, that was under Reagan, you're not allowed to break into somebody else's computers by breaking into the house, I forget the name of the law, but that was established way back in the 80s. So this is a really interesting area now, because industry already actually does this, doesn't it? I mean, you know, we have about three or 400, what we call offensive cyber operators who sit in our Tel Aviv office. And what they do is they go on to the dark web every day, and they take on the persona of, you know, an avatar of a terrorist or criminal, somebody like that this is going to hang around the dark web. And then they befriend these threat actors. Well, why? And the reason we do it is simply because we want to be a millisecond ahead of what's going on. And so when they're out on the dark web and cyberspace, they're and think about this, this should blow your mind. Only 4% of the internet is indexed.
Tim Freestone 12:46
I like that recently as well, right? It's amazing.
Eddie Doyle 12:51
Now a lot of it is intranet. So that's an alarming statistic that is manipulated the wrong way by people in cybersecurity, right? Because the majority of is actually intranet. So that's not bad. That's not threat actors. That's me at the checkpoint intranet, and you're not allowed there. Right? So that's not indexed, either. So that does include that. And there's a lot of that. But it does open your eyes a little bit to how busy it is on the dark web, right. And so what these folks will do is they'll take on these conversations with threat actors and the dark web. I'll give you a good story. If you've got time for one guy's and by all means I'm all over the place. Yeah, no, no pulling me back in before
Tim Freestone 13:32
your question. Before you go into the story, though, I do want to, because that's what makes for a good podcast. You said something interesting, which I haven't heard yet in any of our podcasts. And we talk a lot about how cyber security's losing to some degree. And that we're, you know, the industry is always on the on the defensive, sort of protect, protect, protect crap. You know, they got in now get back online, protect, protect, protect, but what I heard was protect, protect, protect, defend, now go on the offensive and go and in sort of counter strike into the bad actor’s home, if you will. Is that what I heard? So?
Eddie Doyle 14:18
Yeah, to be clear, that was a response to what was the theme of the gist conference. And what I was understanding to answer your question from the military is industry creates, it creates products and services that do not go on the offensive. Yes, right. And they should, right. Then I bought up the fact that there was a rule of law and cyber warfare symposium. And the reason they don't is because we will break the law if we go on the offensive, so we actually can't do that easily. So what I'm what I'm presenting is a predicament that was very interesting from a philosophical perspective that the general brought up in his keynote address. You know, and then I can certainly just to round out actually what those morning discussions was about. I was on a panel that morning Speaking with the Navy, I think a hot topic of conversation is certainly. So if this is interesting, right? This is the first time in human history where the citizenry. Yeah, it's not the first time in human history. It's the largest time in human history where the citizenry can influence war. I'll give you a side note example. When Russia first invaded Ukraine, last year's, Zelensky realized he was going to have a cyber-battle. So as part of his response to that cyber battle, he sent out an appeal saying, hey, if anybody can help me, because you know, it's us against Russia, so the whole world, please help you I want to these 200,000 people signed up to a telegram account in a week, 400,000 people within a month. Now these are citizens around the world is like, excuse me, what are you doing? Right, you've picked aside, I'm not questioning whether you should or shouldn't, I'm questioning that you did, and that you're weighing in on a war. This is very strange. And so in a similar predicament, the military leans on private industry and manufacturers such as ours, and says, Well, let's, let's get into business, let's buy some of your products, let's make them work. And so to the largest extent that we've ever seen before in history, because you take an event like World War Two, for this Ford Motor Company is simply told, Hey, go build tanks, now you're not building cars anymore, and they just go okay. And then four years later, three years later, okay, we're done that we're currently building cars. This is different. This is a continual relationship. And it's different from a Lockheed Martin, that's very specialized, I'm going to make you an FA tea, and all the employees are going to be super-secret, and blah, blah, blah. And this is the only thing I'm doing for you with this entire department. and off you go last night like that with any of these vendors, cybersecurity vendors. So it's an interesting dynamic and relationship. And I think that was the main theme, Tim, to sort of finish off your question there. What came out of our dialog? Because how do we put these two very diverse groups, the military and citizenry and publicly traded companies that are absolutely for profit in there? And have to be right and their motivation? And how do we marry that? With patriotism for a country? There you go. Sure. So that that was that was part of the challenge on it. I'll pause there, because there's a few directions. I think we could go
Tim Freestone 17:32
well, there you started also talking about the I don't know how large the team is, but the team in overseas that swings the dark web, in Tel Aviv that swims the dark web, pretending to be part of the bad guy universe. And, you know, what's the outcome? What's the what's the game plan there for checkpoint? With? What happens? Is it threat intelligence? Is it alerting the government and the commercial entity sectors to beware of x, y, and Zed? Because we've seen it from the inside? What's the past?
Eddie Doyle 18:11
Several reasons I'll save the sexy one for last, because that'll be the story which I think you'll love this one, like? Well, certainly. So the first thing is, what we want to do is you want to get threat intelligence. So we want to have ears to as close to the ground as possible. And the ground is the dark web. And so this is this is where these people fly. And it's a horrible world in there too. By the way, when they start looking in that direction. We want to alert industry of vulnerabilities before threat actors find them. Right. So we want to find a zero day we're searching for a Holy Grail here to write we're having fun, but we're searching for that. I say we I'm not going to I'm not going on the dark web raises. These are very specialist people sent in I do not recommend it either. Everything I ever need is indexed in Google, right? I've never gotten the Darwin right. No need to. So they are informing and working with industry. We found some very severe vulnerabilities in Microsoft recently. We find them often in Microsoft, Facebook, WhatsApp, these are the big culprits, right. culprits’ kind of interesting way to put that I shouldn't have said it that way. I think these are the big.
Tim Freestone 19:20
The targets. Yeah, thank you.
Eddie Doyle 19:24
And so we'll find you know, severity rated 10 vulnerabilities at Microsoft margin recently, and people can get these for free. Our competitors can pick them up for free by the way, it's got a blog adopt checkpoint.com. And that they're actually this is a research group called research.checkpoint.com. They're really cool. Those are the offensive cyber operators that who hacked the hackers right as it were. Then the other thing that we are doing, of course, is we are looking for how people create threats. So we're looking for how people create what they're doing with code. Now this is where outside of my as soon as they start talking Holy, I love hanging with these guys in Tel Aviv. They're freaky and weird and scary, but when they start talking code and like I see you later on out of there, but so they're looking for code that has vulnerability, but they're also looking for new types of attack. Okay, so here's one, this is the fun story. You are familiar with the manufacturer. I believe it was LG, this is public information. You can go to my go to the blog by just certainly Forgive me if it wasn't LG, but I'm 99%. Sure it is. So LG makes this robot vacuum cleaner. You know, like the Roomba it looks like a gigantic disk and it goes around your house, right? And it just the cat writes on it. And it's based on more of a gimmick than anything. I don't know that it's ever really done a good job vacuuming my carpet. I have one, not the LG. And so just bear that in mind LG vacuum cleaner. All right. So the team is on the dark web and they find something for sale, that looks nefarious. All right, this is what they're interested in. It was maps, but not like topology, maps of geography out there outside that we would use to navigate somewhere. Maps of buildings, categorized. Here are maps of homes of high net worth individuals, but not all the information. It was an advertisement. Here are maps of buildings of certain industries like aviation, it's kind of interesting. So what is this? Why are these maps for sale? They're just for sale on the dark web. And so with a little bit of investigation, actually, unfortunately, my team got pointed out. So oftentimes, because this is the game for these threat actors, they'll know that it's either spooks right, because obviously our intelligence services as well as those of other countries are doing this. We are likely not the only cybersecurity company that does this. And so the threat actor figured out this is not a legitimate customer, because what we'll try to do is we'll try to pretend that we're interested in buying this What's it for right? And then that person will reveal a bit more information. Anyway. So what my team did is reverse engineered to find out how this person got this information and why the LG vacuum cleaner at the time had cameras in it. Cameras, like actual cameras, not just sensors, that camera cameras to see cameras, why it's mind blowing to me. The other thing, the LG Chem, the camera here has a gigantic camera, the LG vacuum cleaner did is and this is cool. It maps your room for efficiency on the battery. Right? That's a good thing. So it's trying to is trying to get okay go this way, go that way, so I can be more efficient plant myself. Now, where did these maps go? And this is the thing that when customers ask this, what do I do with all this big data? Do you use it? No, delete it, they can't, they won't delete it. Of course, it's money. We store all these cat videos and people's pictures of people's food because somebody thinks they're going to make money out of it one day. So all of these maps were being sucked up to LGs cloud. And unfortunately, that was hacked. This was quite a few years ago. And you can read about this and research checkpoint.com. And yeah, so you know, you're not a cybersecurity company. If you're going to keep this kind of stuff, this vital information, be careful. And why is that helpful? Well, at the time, El Chapo, who was the drug lords, the Mexican drug cartel was on trial in New York, it would be useful to have a map of the jury's house or the judge, right map of a billionaire’s house where their children sleep at night. You know, it's a horrible thing. And so this is what they're doing, they're going there to look for, where are the latest threats of vulnerabilities. And then we have 24 hours, it's called, there's a name for it. It's a responsible disclosure. So just like a bug bounty program, in a sense, you have 24 hours, to responsibly disclose the vulnerability you found. I'm pleased to tell you that. And this is true for Facebook and WhatsApp that I mentioned earlier, and Microsoft, all of these companies work very well with us, we get the occasional company that thinks they're going to get sued or some such you know, but we're there to help. And so then typically, our sales team rush in, and then make a buck, right? But we'll help them we'll fix all that stuff up for them. And we go along with our data. So that's why the teams are doing
Tim Freestone 24:17
it. It's just It's actually amazing how creative the hackers can get in in context like that, because usually it's PII, it's PCI, it's all the P's and I's of sensitive information. But to see the angle with Roomba like recordings of floor plans, and to put that on the black market and market it in a way that could be used by more bad people. It's just it's where does it you know; no one can be proactive in that in that situation. I'm sure LG that they have the least sensitive Data are in coming out of that vacuum that they get.
Eddie Doyle 25:03
Right? Yeah, that's interesting, isn't it? Yeah. Well, it ties into what you asked me earlier about people thinking that we're losing the battle, we're not a chief information security officer needs to be right 100% of the time, a thread at least to be right 1% and wit, and the majority of companies are not hacked. So guess what? We're winning,
Tim Freestone 25:27
right? I mean, it's one of those things where, you know, what is win what is lost, but it's, I think the conversation is just around candidate, can it come to a head, where it's just eventually the rate and the amount and the value goes down, because it continues to go up, there's more hacks, there's more password to your earlier comment. There's more passwords leaked every day than there ever has been before. It just seems to keep increasing. Now, you could probably make an angle for that, well, there's more business and there's more people and there's, there's more of everything. So of course, that's going to go up as well. But it just, I think, to the common cybersecurity team of professionals, the outlook looks like the hockey stick is not going in a lot of our favor, so to speak.
Eddie Doyle 26:19
Well, this in a moment, I think would therefore would be a great segue into blockchain and AI, because that's where we're going to be saved in my opinion. Before we get into it, though, you know, if you go to that research site, or where you know, they even have they took hold of this vacuum cleaner and drove it into our CEOs office and turn the camera on. It's a good fun video. So within 24 hours, what my colleagues did, made this quick video, posted it and then called LG and fixed all the problems but you know that that's a good sample
Patrick Spencer 26:49
turns LG. Yeah, what's that turn? Is LG back on now?
Tim Freestone 26:55
I actually I do. I do. Everybody
Eddie Doyle 26:59
was putting a little bit of duct tape on the cameras. Yeah. No, it's a sensational story. So I think, Tim, you're right in your response to have alarm to the fact that there are dreadful people looking at such things, thinking of something that you would never have thought of that it's a beautiful response of a good man, that this is the way it's going. So on that same website, the research, you're going to if you do a search on I think cyber Kingpin is what my colleague Oded Vanunu called it. And Oded put a very painstaking amount of research from the dark web together on, like, how did the cybercrime syndicates? And I use the word Syndicate, because of this article, like, how does all this come about? Because Tim, to your point, somebody didn't actually come up with the idea of, oh, I should get the map of, you know, some billionaire’s kid's house. No, no, that's not how it works. Some immoral, certainly, but childishly stupid, but talented kid is on the dark web looking for vulnerabilities and find one in let's say, algae. Okay, fine. I'm just going to penetrate I don't know; I don't know what to do with it. Just going to go and assign Yeah, I'm just deleting it, kid. There's just stealing stuff, because I'm a horrible human being, but I'm not that evil. And then I found a bunch of maps. And it's like, oh, just take them. And I'll sell them online for $5. Really, this is what is done, right? This is what they're doing. So they'll sell it for a couple of bucks. They know what to do with it, like I fell in it. Now. Like mafia, these syndicates, these guys are out buying this stuff. They're the ones that weaponized it, right? So what you've got is you've got a few psychopaths, because there's only one few percent of people are psychopaths around the world who are looking for this, and they're the ones that are creating it. So what happens and what Oded managed to show was, when the psychopath sees that he goes, Okay, I'm going to start a campaign. And let's just separate it into a less sensationalized one now, right, the things that we deal with all the time. Okay, I'm going to I want to do ransomware. So what the psychopath does is says, Okay, the first thing I need is a good phishing email. And it turns out that these people are, they don't work like a corporate structure like us and a pyramid, but it seems kind of like that, because this person at the top of the pyramid, just outsources the phishing. I need great wording for a phishing attack in France, targeting executive people at finance. And literally, that person will have a smorgasbord of things to choose from. Again, not much money. And so now we'll chat GPT is like wow, okay, more though. I did ask Jack GPT to write me a phishing attack. Ask as Melinda Gates asking Bill Gates for money, because I forgot my wallet was terrible. It was terrible. So we're okay. We're okay for now. Chat GPT thanks. So, so it really was an awful phishing email. So but what they'll do though is they'll find these phishing emails, okay? That's the phishing guy, that guy gets their piece of Bitcoin fine. Now what I need is I need to, I need a target list. So that threat actor will find that the so called the psychopath will find a target list. They'll pay some bitcoin for that, etc., etc., etc., right? Until they find that they're in and they're watching, and they need malware, and off they go. But what we're finding is, they're very well organized. And they will get resources in Australia, mostly Eastern Europe, some Asia, right? We see these kinds of Africa, of course, but all over the place these cybercrime syndicates come together. And so that's how I think it happens. And then a nasty person figures out how to do something with it.
Tim Freestone 30:52
My concern, my concern there with that organization is that it'll, it just gets escaped, again, because they don't have law. They don't have any rules, right? So it's, it's organized in an in a totally ruthless operation. Whereas the good guys, we have to be organized in within the confines of the law. And when you have no confines, it's easier to innovate. And with things like AI and chat GPT, I mean, that the thing is the founders of GPT chat GPT don't even know how, why it does what it does. They just know they have created a large language model with the data of the universe behind it. But they still don't know why when you ask the question, it produces what it produces.
Eddie Doyle 31:38
But there's What do you mean, I don't understand what they don't know why they have I was
Tim Freestone 31:43
at a conference, or not a conference, but a presentation by one of the founders. And a lot of what they're doing now is trying to figure out why it's producing the words in the order that it is all it all they know is that it's going to the vector database based on your input. And it's looking at the data that should be the next word that it should give you based on the question you gave. But in what order and why it's different when you ask the same question. In at different points. They don't quite understand why it's why it's doing that. So there's this whole evolution right now. It's called prompt engineering, which is, this is a long way of me getting to a point where how you ask what you ask, is as sophisticated today in this particular dynamic as computer engineering was 3040 years ago, where you had to learn different types of computer language. Now you have to learn how to prompt large language models with, you know, natural language, but you have to do it in a way that gets the output that you're looking for. And if you can do that, and then if you're the bad guys, and you can scale, for instance, your phishing email, same request, put in the hands of some incredibly talented prompt engineer in Russia, would probably come up with not just one but an entire library of phishing emails that he could then syndicate to that organized Band of Brothers to essentially launch into, you know, into the universe. And I My concern is the scale behind that. And I just think we're almost you were just scratching the surface of what AI and large language models can do for bad guys.
Patrick Spencer 33:27
But that he thinks that the fix may be with AI and block
Tim Freestone 33:32
and I Yeah, I heard that. So I'm curious to see like, what your thoughts are on the other side, how we could be
Eddie Doyle 33:38
blockchain for sure. And I did mention AI to their denial about blockchain is really what I meant. And yeah, yeah, you just got me really thinking about what you just said with AI. That's, that's, that's truly amazing. I think one of the largest challenges for us in the industry is, you know, what you see, you see scale coming now we've got all these threat actors, right attacking us. We have to be right 100% of the time, we can't be asleep once, right? And all of a sudden, a scale problem is coming because of supercomputing. That's what we're attempting to articulate. Now. Blockchain. The first thing I like to say is think of it this way blockchain is eating the internet. It's kind of a strange thing to say. And it doesn't really mean much only it gives you an analogy, that blockchain is the monster and the internet is inferior. And you think that the internet is I like to say the printing press on steroids, right? And so think about what the internet did to us. blockchain will outdo that. And so that's the best way I can come up with grabbing people's attention. That's my hook right into it. And here I'm going to struggle because who can speak effectively about artificial intelligence or blockchain? Right? These are tough things. But what I will say is, we've now created the most secure computer system I'm in the world for recording data. And it is entirely open. Yeah, it is such an irony. It blows my mind. I love it. It is now. Yeah, so full nodes. I think I've got this right there are now 20,000 full nodes. So 20,000 Computers have a full ledger of every blockchain transaction
Tim Freestone 35:27
on Bitcoin and Bitcoin. Yeah.
Eddie Doyle 35:31
That is that, how are you ever going to destroy that? So, so now I started thinking, I think, especially with guys, we're going to have to say the cultural was because of the dynamic in the discourse of our, our political climates in the West, because they are so furious with, I actually don't even know what's true anymore. Ray have been really, we called it early on misinformation, right? And now the blue checkmark has become the holy grail of it's me speaking, because we've dealt with deep fake is that video, yeah, we're talking so much about all these, these new words, with deep fake now, and with of course, your own, you know, Twitter accounts that don't even have video on them. We are going to constantly challenge authenticity. Right? We don't trust our leadership, and nor should we look how embarrassing our political leaders are, right? We don't trust the discourse from our media, and nor should we, they've lied to us, and we know it. And so now we've got a generation coming up saying, Well, I hear you saying that, but I don't know who to trust anymore. So now, we are going to have to have a discussion about authenticity in a way that we've never had it before. And the authenticity needs to come first from the individual. So I think sovereignty and wish sort of getting outside of the dynamic of cyber here, so put me back in, but I think sovereignty to the individual, on a blockchain so that they can keep what's most precious to them secure. And then as a collective in us in our companies that we currently protect with all of these amazing tools and incredible things that we vendors have made for them, we are going to somehow have to authenticate them. using Blockchain. We have to authenticate the experience of using all technologies through blockchain somehow, this is what our CTO is going to have to come up.
Tim Freestone 37:47
Yeah, I don't think you're too far off it just kind of interesting how long it's been. It's taken to get I mean, people, it's people who are not certain with their, they don't understand what blockchain is, tell them say it that way. And so when you really have to dig in, you have to spend hours upon hours to understand truly what's going on there. And so there's trust problems with from the cybersecurity side, there's trust problems with the people side. But once you get past the trust problems on both of those, it truly is probably the only infrastructure where you can be absolutely certain. Tim is Tim, this computer is this computer, whatever you want to put on this on the blockchain in all of its very different many different forms. It's just people are uncertain with what it is. And so they haven't moved there. Collectively, right? Like the Ethereal blockchain, we're getting off Bitcoin, but that that's just a blockchain of contracts. Right? It's, it's that's all it is. And it's there. You can't once that once that contract is on the blockchain, it's as good as gold it's set in stone, right? And that's you can't tamper with it. So if you think about things that you could put on a blockchain people's, you know, passwords, their identity, all those types of things. If it's impenetrable because of its decentralized and you have to validate it from you know, X number of nodes and there's real power in in protecting the citizens and there, their data privacy. And
Eddie Doyle 39:22
I'm annoyed with myself because I can't yet tie it to what we need to do today, because it's like it's all very well that this because it's I'll give you a great example, I live in New Jersey. So what you can do with the blockchain just to help people understand that I live in New Jersey and I cannot hate the Department of Motor Vehicles enough. Okay, all right. There's no need to have them. There's no need to.
Tim Freestone 39:47
Yeah, it doesn't make any sense. I can register
Eddie Doyle 39:49
my car to the blockchain. And every time I have an oil change every time it gets in an accident, every time I do anything to it, it's registered. Now that cannot be stolen. So now the DMV which likely has the weakest, cybersecurity ever, and has my personal information, my driving license, my driving history, my insurance documents. I'm an immigrant. So it's got my green card information. It's got right. And it's got a Social Security for every American. And that's sitting behind a firewall at the DMV. And if you've met a DMV employee, you're not going to be impressed. So all of that goes away. When we simply Institute blockchain that's a good analogy, the entire threat landscape goes away. It's like try breaking into 20,000 computers threat actor to take my car, my social security number, and my green card. You're not getting in. I won't give you the keys. They're in my head as well. Let's put a checkpoint. Sorry,
Tim Freestone 40:52
check. It's checkpoint doing anything? Futuristic like that. If Yeah, and that friend?
Eddie Doyle 40:59
Yeah, not. Not that I would like to share it as far as expectation nothing, nothing that's coming to market, you know, very soon, but
Tim Freestone 41:08
our brains are working on it. Brains.
Eddie Doyle 41:10
Everybody's brains are working on blockchain. Because we all know there's a future there as we just described it. Look, I will say this, I've got a friend that runs an amazing company called Lauren forensics. And at this company, he's using Blockchain in a very real world way today. Obviously, it's for anything forensic really. And so what they do there is as great, it's very simple. When they're doing forensics on post breach, it gets automatically sucked into the etherium contract, so that the chain of custody is intact. And, and this goes for police departments, because goes for anybody doing forensics, it goes for military, whatever. So you automatically just hand the key for the blockchain right over to whoever wants to look at it in a court of law. It's brilliant. Yeah, great application. So you think about forensics in the police department, you come across a road traffic accident or something nefarious, you got to take pictures of everything, and you've got to seal everything, you got to make sure the chain of custody hasn't been tampered with, from the scene of a crime in in a financial crime. Right. Let's say a bank has experienced a financial crime, when you are investigating it, suck all that data out into the blockchain through this guy's product, boom, done. So that's a great way to use blockchain. But I think with cars and identities, you think Jamie diamond over at Davos at the W E. F. WTF, I'm holding back from it. He supposes did that they spend a billion dollars a year in cyber, a billion, just their identity access management alone is quarter of a billion dollars. Now, this is a response to what we said at the beginning of our podcast, which is your response to him on, you know, all these threat actors out there? This is this is horrific. Well, we're paying for it. Because our banking fees go up. Right? I mean, it's easy for Jamie to friend a billion dollars, it's our money. Right? So you know, it's like, it's like the government. That's our money. So we are paying to stop the threat actors by spending a billion dollars. Yeah. Well, does that in turn, that entire problem doesn't go away with the identity access management, with Blockchain. But certainly, we have a better experience. So actually, I think the irony is this over time, just like with any open market system, the cost of goods and services go down, and life gets better. So we're going to get there. But if you think about the internet, from the perspective of the printing press, you know, 1440, Gutenberg invented the printing press prior to that we lived as barbarians, right, you know, just murdering each other. And then 200 years later, we have the great Renaissance, right after the printing press, the first time in human history, that the average person can learn to read and write and gain knowledge. So Newton says, If I have gone further, and others is because I've stood on the shoulders of giants, that's what he meant eight other people came along prior to that point in history, no one could read, then you get common sense by Thomas Paine. And you get America How about that? Just from this little wooden contraption called the printing press? Well, the internet came along. Right, and gave birth to this thing, which has only been 30 years. Isn't that interesting? We're still kind of figuring it out. You know? And do you know what the most popular book was in the first while after the printing press? It wasn't what Isaac Newton would have read. That's for sure. It was how to spot a witch.
Tim Freestone 44:45
Yes. I actually heard that too. A couple of weeks ago. It's interesting. Yeah. Not my best selling
Eddie Doyle 44:52
book. Crazy people.
Tim Freestone 44:53
Yeah. People wanted to read It's what do people want to read now? And you know, with the age of blockchain and an AI, you know, what, where are we taking, we
Eddie Doyle 45:09
seem to be taking pictures of our food and watching kitten videos a lot. But I think once we grow out of that, and out of the barbarism of, you know, the new cultural wars, right, I think we eventually will move to a very peaceful environment, where we understand that sovereignty for the individual is important. Blockchain solves that problem. And the majority of people are good. So let's push the threat actors back with these incredible tools that folks like you and I make sure. That's where we're headed. Yeah.
Patrick Spencer 45:47
A very fascinating conversation. Eddie, we really appreciate your time. We know you're in high demand and speaking. I love it.
Eddie Doyle 45:55
I love what you guys are doing. I love what my guys are doing. We're having fun here. So let's just keep doing it.
Tim Freestone 46:01
Appreciate maybe we'll have you back another time. Because I, I still want to talk about quantum computing and the threats of that. And blockchain is always interesting. So there's more conversations to have for sure. Yeah, quantum
Eddie Doyle 46:14
and encryption is really exciting right now. Right? Yeah.
Patrick Spencer 46:20
But that's a deeper dive in terms of where is that headed? And what does that mean from a cyber-threat and risk standpoint?
Eddie Doyle 46:29
I might have to get a buddy from MIT on the phone when the call went.
Tim Freestone 46:33
You can just you can just Google it. Let's go to
Eddie Doyle 46:38
GPT before we do the next one. There you go.
Patrick Spencer 46:41
Thanks for your time. We appreciate our audience. For everyone tuning in, you can check out other kite cast episodes at kite works.com/podcast. Thank you for listening to another Kitecast Show. Check out other Kitecast shows at Kiteworks.com/kitecast.
Rate. Comment, Subscribe and listen. Wherever you get your podcasts