John Gunn | Oct 30, 2024

October 30, 2024 00:37:17

Hosted By

Ari Block

Show Notes

In this conversation, Ari Block and John Gunn discuss the pressing issues surrounding cybersecurity, focusing on the risks individuals face, the importance of hardware security, and innovative solutions like a security ring. They explore the human element in cybersecurity, the impact of AI, and the need for better regulations to protect personal data. John shares his personal journey in fostering children, emphasizing the positive changes individuals can make in their communities.

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: John, what an absolute pleasure to have you on the show today. Security is such a topic. Oh, my God. It's like every week we're hearing something in the news about a hack, about our information stolen or whatnot. I want to ask you a very fundamental question. Are we safe as individual consumers? I mean, should we be worried about this? [00:00:22] Speaker B: Yeah, that's a great question. It's funny, Ari. You cut right to the chase. And by the way, thank you very much for having me on your show. Yes, everyone's at risk because when major organizations that have your data are compromised and your data is stolen, these are cyber criminals, the very sophisticated ones. They're getting your credit card numbers, they're getting your personal information, they're getting your Social Security number, and they can commit future crimes. Not only do they want to sell that, but they're going to sell to other criminals who will then use it to commit fraud, make financial obligations in your name. So, yes, there's a reason to worry, but there's also a reason. [00:01:02] Speaker A: Let's. Who are these people? [00:01:04] Speaker B: Yeah, it's become a much more diverse group because up until more recently, it's primarily been driven by enemies of the U.S. it's been Russia, China, North Korea, Iran. It's been very sophisticated criminal organizations that often work in collaboration with these governments. There's no prosecution, and they target American individuals. They want to get money, they want to get secrets. They want to destabilize our democracy. But more recently, these tools that they use have been evolved, and we're seeing the democratization of cyber attacks. What that means is five years ago, if you suddenly gave up being the wonderful person you are, and you decided, I want to pursue a life in cybercrime, I want to have great wealth, and you made that. [00:01:58] Speaker A: I heard tax on organized crime is very low. [00:02:03] Speaker B: It's a great cash business, Vietnam. And if you're in one of those countries, there's no risk of prosecution. But you would say, oh, my goodness, these tools are so complicated. How can you possibly use them? But in the last five years, these organizations have made these tools so they're very easy to use. So that because they want to license them, you know, they developed these sophisticated tools and they get money from them. They said, hey, what if we. What if we licensed them to somebody else? So they made them much easier to use. Some of them even have support numbers. So if tonight you decided to be a cyber crime and you're having trouble launching your attack, you could get support. I'll call a support number. [00:02:40] Speaker A: So that is Outrageous. That is ridiculous. [00:02:45] Speaker B: We live in the gig economy now. So the same person who delivered your groceries in the morning and delivered your lunch, you know, the Uber Eats and doordash and who drove you to the airport in the afternoon tonight, they could use these tools and steal your credit card. [00:03:03] Speaker A: Vertical integration. I mean, why not? I mean, I'm doing this in the afternoon, I've got your credit card number, might as well hack it. [00:03:10] Speaker B: Yeah, so now it's everybody. But the biggest risks are from the most advanced tools and the bigger risk are from these large nation sponsored cybercriminal groups. That's who the biggest risk is. And so finna come back to your original question about should people be worried? Well, it's not good to worry about something you can't do much about. It's hard for an individual to change the policies of their healthcare provider or major. [00:03:34] Speaker A: That's true, that's true. [00:03:35] Speaker B: We can vote with our feet, you know, but a lot of these choices aren't marked. At most big companies, you don't choose who your healthcare provider is. And if they were compromised and you walked into the HR office and said, switch healthcare providers or I quit. All right. We're going to miss you, baby. Where's that going to go? [00:03:53] Speaker A: Not going to happen. Not going to happen. [00:03:55] Speaker B: If your credit card is stolen and you know today, right now, you went to the mailbox and you got your credit card or you looked online your statement, there's $2,000 of charges, you tell your credit card company, they wipe them out. We all pay that cost because they have to charge harder interest rates, everybody to recover it. But you as an individual, you have the hassle, but it's unlikely yourself or a real financial loss. Yeah, the biggest danger is these massive amounts of data, you know, that are sitting in these single places where people can steal them. And then what should they do with the data after they stole it? I don't know how many, tell me how many, how many times have you received a letter in the last year or two that has said, oh, your data was compromised, we're giving you credit monitoring for a couple years and you're thinking, I've already got four of them, you know, do I need a fifth one? [00:04:44] Speaker A: So it's all the time, it's at least once a month. And I'm sure it's much more than that. I just never find out. [00:04:50] Speaker B: Yeah, that's another issue, which is why the SEC has increased the requirements and the regulations for disclosure. But there really isn't that much that you can do as an individual from these large losses. But there are things you can do from the smaller losses. There's just good practices about, because part of it is how they attack companies and people. And they don't attack in one method. If I just stop this one method, I'm safe. They're attacking in a thousand ways. So having good practices like you used to shred your paper, having good practices about being very cautious with your personal advices, with your phone, with your computer, and not letting that malware or those attacks start with you. [00:05:33] Speaker A: If you can explain to our audience what is this physical key looking thing that I'm holding in my hand? What does it do? How does it work? Why is it important? [00:05:41] Speaker B: Hardware is the most secure way to protect access. [00:05:44] Speaker A: Thank you. Hold on. Why explain that? [00:05:48] Speaker B: Well, because when you identify who you are, when you log into your bank or your employer, you have to have something that's unique to you. And so they say, well, we'll give you a password that's unique. But somebody calls you up and they convince you to that you're there with tech support. So you share that. Or you go to a malicious website, it looks just like the bank, but it isn't. But there's so many ways to steal those passwords. So because there's so many ways to steal them, they become very insecure. With hardware on that device, I can put information that identifies you that you're no longer in the process. And at its core, the biggest vulnerability in computing is people. So if you can take people out of it, it's like we don't trust our kids with certain information because they can't keep a secret. And users can't keep a secret that password. So if they don't even know their own password. And you'll hear so much conversation now about going passwordless. If a user doesn't know their password, nobody can steal it, nobody can intercept it when it's in transmit. And so hardware devices allow you to do that. So your question, why haven't people used them? Because they're a hassle. If I know my password or it start in my browser, I can log in from anywhere on any device. If I have to have that key, if it's a USB key, what if my phone doesn't have a USB port? Okay, so I'll do nfc. Ubico is a great company, they make more of those than anybody. They have an ac, okay, now I can use it elsewhere, but what if I left it at home? What if I don't have it with me? What if I left in my drawer at work, I don't have. So our strategy, and I don't want to turn this into sales pitch for the company, but our strategy is to take all the advantages of hardware, the ultimate in security, but then bring back the convenience that we're used to. And people love using their mobile phones. And so many times your bank or whoever it is will send you an otp, a one time password because they know you have this. It's with you, we know it's with you. Nobody, you know, people get buried with their phones. They take them in the shower, they never leave them. So we want to do is say, how do we combine those two? The ultimate security of a hardware device and that ultimate convenience of something like a mobile. [00:08:05] Speaker A: I gotta say, as a public service announcement, everybody should have some form of OTP or second authentication turned on. I mean we have a lot of technology that's not just being used, even in the just simple phone, sms, everybody should turn that on. If you're using a software that has your very sensitive information, turn it on. If you try and turn it on and they don't even support it, you should ask yourself if this is a serious piece of software, if they can't even give you that level of security. So I think that's incredibly important. [00:08:40] Speaker B: People, if the public embrace what you just said, that's a very important psa, there would be so much less cyber crime. [00:08:49] Speaker A: What people do is they remember a simple password. Simple passwords are incredibly easy to hack. [00:08:54] Speaker B: That's such a big part of it, ari. I mean 100%. And also you see people, when they use a very complex password, they think, oh my God, how I remember that? Okay, this one I'm going to remember. Well then they use that same password everywhere. So now once cybercrimers get a hold of it, think of if you have it in 20 places, 20 people you interact with online, take the most insecure one, that Winkus Link, the hackers will hack that. Now they have the password to your most secure place to use it. They have it everywhere. So you know, we're asking humans to do the impossible. Make these incredibly complex passwords that nobody could guess, nobody can hack, and then make a different one. For 35 places you might use a password. It's impossible, which is where hardware is necessary. [00:09:44] Speaker A: Yeah, and the other thing I kind of struggle with these online password managers is, and I don't know if you remember this, but this was about something like 12 months ago, almost like two or three of these big Password manager softwares got hacked. So now they have all your passwords. I was like, oh, the person who guards my secrets just gave away my secrets. Like, this is sitting in my house. It. It cannot be hacked. Somebody has to be breaking. [00:10:16] Speaker B: Yep. It can't be used. It, it can't be used by anybody else. It's the only way they can get it if they steal it. Well, these Russian hackers in Russia, Chinese hackers in China, they're not coming into your house to steal this. I'll tell you. Here's an example. In the US we have banking regulations, but the banks have to put your money back in your account if you return. Not so in Europe. So when you look at American consumers, individuals that use banking, most of them would never want to use a token to access their bank account. But in Europe, most of them do use a hardware token. [00:10:50] Speaker A: Interesting. [00:10:50] Speaker B: Because for the most part, the financial loss is theirs. So consumers will even spend their own money to buy the tokens because they're protecting their money. If you know your bank has to just has to replace that money or pay that credit card debt. Yeah. Why do you have the hassle? It's there. [00:11:07] Speaker A: That is such a beautiful. I mean, obviously, as you said before, right, the, you know, there's this, you know, insurance and costs and like we eat the costs somehow, but it gets distributed across all of us. But what's absolutely beautiful about your example is the incentive design, Right. If you're not incentivized to take care of your own security, you might not. But if you feel the pain very actively, then you'll take care of yourself. That's so beautiful. What I'm going to argue is that they're mitigation steps. Now here's why. When our financial information gets stolen, it could be credit cards or it could be Social Security number. The point I want to make is there are things we can do to protect ourselves. And this is another thing that I think a lot of people don't know. You can put a PIN code on your ssn, you can freeze your credit scores. So the, I mean, people don't know about this. And actually all these credit agencies, they'll try to charge you for it, but they have a free way to do it. So if you look hard enough, there's a free credit freeze and you can put these PIN codes on. Sure, you can't prevent this company from getting hacked, but you can protect yourself. So I think that's a big part of, you know, what I wanted to touch on today. So I'm so curious. We've been delaying this enough. Tell us about your product. It's a ring. How brilliant is that? I just love this. [00:12:30] Speaker B: Well, I love your enthusiasm. We have predecessors, RSA Yubico. Yubico makes a great product and if everybody used to, we'd all be more secure. But everybody doesn't use it because the hassle remembering where it is, the things we talked about. So we said, how can we make it so we have the best of both worlds, all the security without the hassle. And so we said, let's make it into a ring. So you wear the ring and you can see on my ring it's got a fingerprint scanner. So it's not just a matter of having a pin, which could be social engineered. Nobody can call me up and make me believe that there's somebody I really trust and share my fingerprint. I have no way to share it. And so it solves that problem, the fact that I wear it like a ring. There's so many people that have aura rings and they'll have the Samsung ring, other ring, the health rings. It's one more ring, but then it's always with you, so you always have that. And inside of it is where your credentials are stored. Nobody can access them, nobody can steal them. People download malware onto their phones all the time. There's no way for malware to get on here. There's no WI fi connection, there's no mobile, there's no cellular connection. So hackers can't possibly steal your secret information. So it's absolutely secure. And if you use a device like this to have access, you would have to have the ring and you would have to have your live finger. And hackers don't have that. They have to be in the room with you and they're not. So it eliminates that ability for them to attack. All the advantages of hardware, but a much higher level of convenience because it's always with you and all you have to do is touch it. A token, a dongle you have to plug. We talked earlier about you have to plug it into a USB port or some other type of port. Maybe your computer's under your desk, you've got to crawl under there. And people crawl under there and they say, I'm just leaving it there. Well, do you leave your keys in your car at night when you go inside? No, the people plug these dongles in and then they go to lunch, they go home, they go on vacation and it's just sitting there with the dongle in the device Anybody who walks up, the keys are in the car. So we wanted to solve all those problems and so we did it. We did it with this. [00:14:46] Speaker A: So there's something really important about the fingerprint reader that is not trivial. And the issue is that if you have your credit card, if somebody gets close enough to your credit card, they can charge it. They don't have your credit card, they're just putting the reader close enough to your bag and they've just charged your credit card. Now, hypothetically, that same thing could happen with the ring if it was always on. But since you have to use your fingerprints, it's actually protecting that kind of attack. So that's a non trivial aspect of the product, which I saw. And I was like, oh, that's great. [00:15:20] Speaker B: Let me jump in on that. It's not as simple as that because there's two ways you can transmit, there's three ways. Rfid, you see, for building access. And you look at the field of communication, how far away? If you have us, you have wired headphones. But if you have USB headphones, everyone's experienced a thing where you're walking away from your phone. And when you get far enough away, eventually you stop hearing things because you're 30 or 40ft away. So you can do, that's Bluetooth. So you can do Bluetooth. But nfc, you know, when you're at a checkout and you hold your credit card or your phone over the reader, you have to be within inches. So for someone to surreptitiously intercept the communication with the ring, they'd have to be sitting on your lap and you'd probably notice that. But the credentials, your private key never leaves the ring. There's a matching that takes place. [00:16:08] Speaker A: Let me ask you a question. The these, these tokens or your ring, does it have the same problem of having one password in 20 places? [00:16:19] Speaker B: No. And that's. If the audience wanted to find out more, they can look up how PKI works. And the way PKI works is you give everyone your public key because nobody can do anything with it. But only you have your private key and those two have to match. And that private key exists only inside the ring. So nobody, they could present and say, is this a match? And the ring will say no. So now you can't log in and it's very large prime numbers. When that does match and they verified it, now you can gain access. So this present, this prevents anybody from ever pretending they're you. [00:17:00] Speaker A: So, so that, that's really important because you don't have that Problem of having the same password in 20 websites. Right. You. You've solved that issue. [00:17:08] Speaker B: Yeah. [00:17:08] Speaker A: I want to ask about another item. Let's say I've got all kinds of garbage on my phone and one of them is, you know, malicious and it's monitoring what's happening on my phone. If I'm using a token, a ring, whatever, and my phone is basically hacked, is that. Am I in trouble now? [00:17:29] Speaker B: You're going to be in a lot less trouble because nobody can get your password so they can't log in as you. If you downloaded malware where we're doing a screen overlay and this is a common attack where you log in through your normal method and I lay a screen over it that's not really the bank screen. And as you enter transactions to do I'm changing them, you log into your bank and you say, I want to send $100 to my mother in Kansas. A hacker sits in the middle and changes that transaction to say 10, say $5,000 to a different party, which is really them. The bank says approve sending the $5,000 to this other party. But it shows on your screen approve sending $100. That's a man in the middle attack. This prevents that because the attacker cannot sit between the bank verifying who you are and you saying who you are. So. Because they. Because it eliminates the man in the middle. It eliminates all the most common attacks. It says after 9, 11 happened, which is a horrible tragedy. George Bush established Department of Homeland Security to protect us. And they had. There's an agency within that which is the Cybersecurity and Infrastructure Security Agency, which is part of DHS. They look at all the data and they said 90% of ransomware attacks are the result of phishing. I mean it's, it's nine out of ten. So I know you would 90, I know you know what 90%. So they, they said so. So an anti phishing solution is essential and people want to get more information on. They should look at the FIDO website. They can learn about anti phishing. Passcodes are a big step in that direction. But all these old methods of sending OTPs over the phone, which is the most common, or an authentication app, those are susceptible to man the middle attacks. MFA bombing. I don't know if this means anything to most listeners. These are common ways of defeating. It's getting defeated all day long when you move to hardware and you move to an anti phishing solution. If you move to the ring, you eliminate 90% of attacks. It also makes everybody Else an easier target. And just like home security, your home security system may not stop somebody from getting in, but it does make everybody else a much more attractive target. That way you never get attacked. [00:19:53] Speaker A: That's such an important issue because we're talking about organized crime, in essence, running these attacks. They're looking for the path of least resistance. So it's kind of like that bear chasing you in the forest and you and a friend, and he's like, oh, run fast, run fast. Like, we need to run super fast. And like, no, I just need to run faster than you. That once the bear gets you, I'm, you know, I'm free. So, I mean, it's, it's a humoristic example, but it really is that simple. You have to be a little bit more secure than everybody else, right? So, you know, if you have a password manager, you're immediately moving yourself into a different level of threat. If you're using a physical token, like, we're like one of the solutions we're talking about today and you have your product. It's wonderful. But I'll say as a public announcement, any physical token just. That puts you in a whole different category of are you in threat? Other things that I would be so passionate. This is a topic you can say I'm passionate about. Don't install crap on your phones, don't install crap on your browsers. Just, you know, stay away from that shit. If you're not paying them for it and it's free, I will tell you they're making their money somewhere else and it might be your data. So it's like, I'm just saying they're making money somehow, right? So you should be thinking about that. [00:21:19] Speaker B: I agree with you. And we tell people, if you. Our brain is expensive, if it's not in your budget, you don't want to buy it. Buy somebody's hardware. When you look at this stack or this spectrum of all these different levels of security, hardware is over here at the most secure way to do it. If you don't want to pay the extra for our convenience, buy somebody else's. Buy ubiquitous. It's a great solution. But move to hardware and make everybody else the target. And when people look at the losses, they can't go back in time. When you look at MGM, we lost 100 million. You look at United Healthcare, lost 2 billion. If they could go back in time to before the attack, they would embrace hardware. Somebody's hardware solution in a second. [00:22:08] Speaker A: I'll tell you, I speak to a lot of CEOs and very senior executives. And I ask them the following question. What. What makes you lose sleep at night? And the most common answer by far is that they're going to get hacked. Absolutely terrified. [00:22:23] Speaker B: Yeah. [00:22:23] Speaker A: And what scares them the most is actually that their, their people are going to just make a mistake and it's going to be nobody's fault. And they, they train and they do everything, and yet then they bring on these engineers to target themselves, to test if their people make mistakes. And, you know, lo and behold, the human element is the weakest. So it's such an interesting topic. [00:22:43] Speaker B: That's a very insightful comment. We hired a industry analyst firm that focuses on financial services. It's called Dattos Insights. And rather than doing the typical survey and they said, you know, this. Many said this, we had them actually have phone calls with CISOs and security leaders, and they talked to a couple dozen. They asked them, what's exactly what keeps you up on that? What's your mowing? Risk? And people said, oh, phishing, social engineering, user error. Like, well, they're all saying the same thing, except their users are going to get hacked. And then once the, once the criminals get in, maybe it's a week, maybe it's a month, maybe it's two months, but they're going to have this huge downfall. And when you look at, I don't know how long you've been following cybersecurity, I've been in the cybersecurity space for more than a decade. There's a ton of people have a lot more information than I do, but everyone sees the same thing. Both the defense mechanisms and the attack mechanisms are just racing forward with new technology. It's. It's stunning, especially with the integration of AI. But there's one. And over those 10, 20 years, there's one thing that hasn't changed at all, hasn't advanced a bit. And that's you, Ari, it's me. We haven't gotten any smarter, any less gullible. Anything else? So this, the primary way of defending an organization is users. And, you know, at the start of the year, everyone does our surveys, And Gallup says 50% of people are quiet quitters. And Robert, half or some HR firm says 40% of people are planning to quit their job that year. Do you think an employee who's planning to quit their job, they have one foot out the door. Is that going to be the person who's most diligent in keeping bad people out? So that's why we say you've got to take the Users out of it. We talked about it earlier in our conversation, you and I, that if a user doesn't have their password or a way to be compromised, who cares if they're reckless? They are no longer the weakest sling. And that's what anti phishing solutions, and that's what our solution really focuses on. How do we and you make a way to train. We're going to train our people to be able to spot every attack. No way, John. No. [00:24:51] Speaker A: The problem, until, let's say four or five years ago, I felt that I was like able to avoid any kind of phishing attack. Like, I got this and I can help other people understand. It's not that complicated. What's happened, especially after ChatGPT is now people are getting so sophisticated, these organized crime are getting so sophisticated in their attacks that I look at something and I'm like, I don't know if this is real or not. Like, I don't know anymore. So my, this is horrifying because if somebody who is, you know, self proclaimed king of the lemurs, self proclaimed security expert is saying, I don't know and is being humble to say that, look, this is getting, this is getting to the level that I, this is so good that, that, that, sure, maybe I'm like, is this real? But I'm not sure that it is or isn't. Like, that is amazing. And they're, they're doing these so sophisticated attacks where they send you an email that somebody attacked your account and then they call you up and they say, oh, last week we saw that somebody attacked your account. I want to make sure that you're secure. They're using security education against us. Like, this is ridiculous. So I mean, we really have to step up on technology. We have to step up on legislation. Sure, we have to step up on education, but I'm no longer certain that that's the solution to that point. [00:26:22] Speaker B: Ari, when you think about it, you know, like you talked about, what can consumers do? If you ask me, just change the words a little bit. What can consumers do to make sure that their plane doesn't crash? You know, I hop on United, American Great Airlines. Yeah, same thing with food. How can I make sure the food I eat is always safe? Am I supposed to go to the kitchen at the restaurant? Well, we have these wonderful agencies called the faa keeps our airlines safe. Very strict regulations that are enforced. They have real teeth to them. We have the FDA keeps our food safe. We don't have a national organization or agency that says the people who have Our most sensitive data, here's some strict regulations they have to follow so it's not stolen. And if planes kept these headlines that you were talking about that we saw every day, this company got hacked. This company substitute that with planes crashing, that would never happen because the FAA goes to all these lengths to make sure we're safe. Where is. And most people don't like the idea of more regulation, but where is the regulation that protects our cybersecurity and our personal information? The same way our air travel and our food? You may have a glass of water. You just take for granted what's coming out of the tap is safe. Where is that? In the cybersecurity space? [00:27:38] Speaker A: Yeah, this is a very, very fair point. And just to bring our audience with us, there are a few, let's say, security audits, I should call them. One of them is called SOC2. SOC2 and the other one is called ISO 2701. The key thing to take away from what I'm going to explain is these are all opt in. Nothing is forcing an organization to be compliant. Now I want to say something absolutely horrific. You can be compliant and you can work with these auditors and consultants to be completely compliant, pass an audit year after year after year and not be secure. So the experts in the industry know that there is a difference between real security and compliance. So absolutely. I want to ask you a little bit of a personal question. You've had a long career in security and done a lot of interesting things. When you look back over the last 20, 30 years, what would you go and tell an advised 20 year old. [00:28:44] Speaker B: John, wow, AI is number one. AI is transforming cybersecurity. I mean, it's the obvious answer. It's transforming everything and it should permeate every organization, every position. It's not. It will eliminate some jobs, but mostly it's going to allow the jobs that exist to be much more effective. And people who don't have you say, well, I won't apply to what I do. I do such and such. AI will touch everything. So really having embracing technology, just as there were people who didn't embrace computers when they first came out, then didn't embrace personal computers, didn't embrace mobile phones, thought the Internet would just be a fad. We just talked about three trends that have happened in my lifetime. So it's catching that newest wave, but there's also these fake waves. Everybody thought blockchain will permeate everything. It's very valuable for crypto, but it hasn't changed everything. And you Know, self sovereign identity can change everything. People have been saying that for more than 10 years. It's probably not gonna. So it's being able to discern between the ones that are legit and ones that aren't. But AI is absolutely legit and it's gonna change everything in such profound ways like nothing before ever has. [00:30:00] Speaker A: I love your comment though because you were saying this between the lines. The difference between if AI will impact you negatively or positively is really if you get on burden on board, learn about it and use it right. If you fall behind, it's going to impact you negatively for sure. If you stay in time with the technology, then the risk of you being impacted or your ability to adjust to the impact and be successful is so much better. [00:30:30] Speaker B: Yeah, and the beauty is that AI will tell you what you should know about AI. You could go into any of your listeners could go to ChatGPT now and you can type really long prompts, the longer the better. You could say this is me, I'm with so and so, so and so, this is my job. You can put all this information about yourself and oh, you gotta be careful though because nothing that's person identifiable and say what do I need to know about generative AI or AI to help me in my professional life and in my personal life? And ChatGPT will give you a very long answer with really great suggestions about where you should go in gaining knowledge. Learning knowledge. So it's so incredibly easy for anybody to learn more about it because you just go to ChatGPT website, log in, type it in and there's your answer. So anybody who's not hasn't at least done that. How should I be? Here's me, how should I be using the day? They should do it right after the end of this. [00:31:26] Speaker A: I think that's so wonderful. And you know, people will get up in arms about the ChatGPT hallucinations. Well guess what, if you do a Google search and you go to, you know, a website that can be wrong. That's just a person who probably has a bias and is trying to sell you something or has an agenda or left wing or right wing or who the hell knows what. So you know, our biases as human beings are definitely incorporated into ChatGPT. So what? [00:31:52] Speaker B: I have no idea how many searches there are on chat. Maybe it's a billion. And some people say, well look, here's these wrong answers, you shouldn't trust it. It's like how many wrong answers are already out there. It's like, like self driving cars after 2 million miles, it crashed and killed somebody. That's tragic. Take nothing away from it. Take 2 million miles of regular people drive, who drive tired, drive distracted while they're using their, when they're drunk and say how many deaths would there have been in those 2 million miles? I don't know the number, but it's probably a hundred. So if one person dies versus a hundred, so because of that we should bar them forever. It should never happen. It's this huge step forward. [00:32:31] Speaker A: You know, that's such an important point. I think there's a lot of fear psychology that goes into that, that why we're like, oh no, the machine made a mistake. But, but the truth of the matter is there's ethical questions, right? So I can say, oh John, would you rather kill five people that you don't know or your mother? And then we can talk about this for hours. But at the end of the day, if you kill one person into 200 million miles, whatever, or you kill 10, one answer is clearly better than the other. Like it's not a complicated discussion so we don't need to emotionalize it. So I really appreciate that. That's so, so insightful. Okay, we're, this is such a great discussion. We're way over time. But let me ask you now, really, this is really the last question. A lot of, you know our, I have three kids. A lot of youngsters today thinking about cybersecurity, about their next step of their career. AI, what would you advise to, you know, these kids starting their journey nowadays. [00:33:29] Speaker B: I need that some deep thought because I have, I have a lot of children of my own, more than a dozen. And that's not a joke. [00:33:36] Speaker A: But what you said, that's not. I was sure. What do you mean? You have more than a dozen children? [00:33:42] Speaker B: Yeah, my wife and I raised seven. We were a combined family. And then I'm a bit older than you. So after the kids, you know, moved out, she started working with the foster system and the additional children's are one that we've, we fostered, which is if anybody has an interest in that, please contact me on LinkedIn. I'd be happy to share information about how to get involved and the challenges and the rewards. It's, it's life changing for both you and the child. [00:34:10] Speaker A: John, I, we can't not, we can't not touch that topic at least just a little bit. I mean my audience would be crying out and Larry, how did you let that slide? This is, this is like, this is the definition of bad Journalism. When somebody is like, yeah, you know, yesterday was a great day. My wife died. And then we're playing hockey. And then the next question is, oh, how was the hockey game? It was like, no, that's not. I'm sorry. We have to. Okay. You adopted a whole bunch of kids. Okay, what does that mean? What's the defense? What does that mean? [00:34:46] Speaker B: Well, the dcfs, every state has, when it's an agency to protect children, and they'll remove children from a home where they're being abused, maybe their parents had a meth lab and they're going to prison for a long time. So these are families that are in crisis, and there's a lot that our country does to make sure that it's safe. But you have these innocent victims, these children who no longer maybe never had an environment where there's nurturing, where they're safe, they're safe from physical harm, emotional harm. So the state takes these children away from these very dangerous environments, sometimes short term, sometimes long term, but then what do you do with them? And so the state, the system relies on people who will open. Open their homes to them, open their homes and their hearts. Yeah, there's a ton of charity out there. People give in different ways and support causes, and there's so much negative news. But I think if they published all the news of all these one, there's so many wonderful people out there, and there's a lot of them that will help these children, take them in and truly change their lives. So it's a pretty cool system, the fostering system. [00:35:52] Speaker A: That's John. Thank you. Such a wonderful way to wrap up our show. I think one of my biggest pet peeves is that we, we're all drawn to the negativity. Right. If it bleeds, it leads. Right? That's. That's what we want to see and hear on the news, but what we don't hear because, I don't know, it's just the human condition is the wonderful and good things that are happening out there. So, you know, I, I want to say thank you personally because I think it's such a wonderful thing that you're doing, and I would definitely advise our audience to. To go and look in and learn more. And, I don't know, John said that he's willing to an some questions. So, you know, I'll send you to him, since you already agreed to that. [00:36:34] Speaker B: Yeah, just go into LinkedIn, type my name and send me a DM and I'll. I'll give you my mobile number. We can I'll answer any questions for you. It's a challenging journey, a rewarding journey. I'd be more than happy to talk to any of it, even if just considering or want to find out more. Reach out to me. And I'm more than happy to answer any questions. [00:36:53] Speaker A: John, thank you. [00:36:55] Speaker B: And also questions about our ring. [00:36:57] Speaker A: That too. John, what a delightful conversation today. Thank you so much for coming online and coming on our show. [00:37:04] Speaker B: It's really been a pleasure. Hope I can come back sometime and continue our conversation. It's been a joy. Thank you for the honest. [00:37:11] Speaker A: I think we have a topic to talk about for you to come back. So absolutely.

Other Episodes

Episode

November 20, 2024 00:35:43
Episode Cover

Brian Townsend | Nov 20, 2024

In this conversation, Brian Townsend shares his journey from a police officer to a DEA special agent, discussing the profound impact of drugs on...

Listen

Episode

July 20, 2024 00:42:20
Episode Cover

John Gartin | Jul 19, 2024

John Gartin shares his coaching journey, starting from coaching high school students to building successful rowing programs at universities. He emphasizes the importance of...

Listen

Episode

November 06, 2024 00:49:55
Episode Cover

Tyler Hudak | Nov 6, 2024

In this conversation, Tyler Hudak shares his extensive experience in the cybersecurity field, discussing his passion for security, the evolution of security tools, and...

Listen