Digital Transformation & AI for Humans

AI vs. AI: Battling Intelligent Cyber Threats with Artificial Intelligence and Zero Trust Strategies

Dr. Victor Monga Season 1 Episode 51

Share episode

In this episode, we’re diving into the next level of AI vs. AI. We’ll take a closer look at how Artificial Intelligence and Zero Trust strategies are being used to battle intelligent cyber threats, together with my brilliant guest, Dr. Victor Monga from LA, California (USA).

Dr. Monga is a Cybersecurity Technologist & Architect, co-author of Simple Solutions, Complex Problems, founder of VTF University, and co-host/producer of the Zero Trust Journey Podcast

With over 70 industry-recognized cybersecurity certifications, Victor is a highly sought-after speaker at global cybersecurity events, an adjunct professor, and an active board member of premier cybersecurity organizations.

🔑 In this episode, we reveal powerful insights on:
 ✔ AI vs. AI in cybersecurity – How intelligent threats are forcing organizations to rethink defense strategies
 ✔ Zero Trust integration with AI: Creating adaptive, self-evolving security architectures
 ✔ Game-changing technologies: Tools and tactics redefining the rules of engagement
 ✔ Balancing rapid innovation with risk mitigation: Insights on leading cybersecurity strategies
 ✔ AI-fueled use cases: Real-world examples 
 ✔ Future-proofing for 2025 and beyond: Trends in generative AI misuse and ransomware evolution
 ✔ Collective defense models: How AI is enabling collaboration to strengthen cyber resilience
 ✔ SMBs and cybersecurity ROI: Scalable, cost-effective strategies for Zero Trust and AI adoption
 ✔ Leadership insights for the C-suite and Board Members: How to build a culture of proactive security and digital trust

🎧 Listen now for expert insights on AI, cybersecurity, and leadership!

🔗 Connect with Dr. Victor Monga on LinkedIn
🔗 Tune in to the Zero Trust Journey podcast : https://www.ztjourney.com/
🔗 VTF University on LinkedIn: https://www.linkedin.com/school/vtfuniversity/


About the host, Emi Olausson Fourounjieva
With over 20 years in IT, digital transformation, business growth & leadership, Emi specializes in turning challenges into opportunities for business expansion and personal well-being.
Her contributions have shaped success stories across the corporations and individuals, from driving digital growth, managing resources and leading teams in big companies to empowering leaders to unlock their inner power and succeed in this era of transformation.

📚 Get your AI Leadership Compass: Unlocking Business Growth & Innovation 🧭 The Definitive Guide for Leaders & Business Owners to Adapt & Thrive in the Age of AI & Digital Transformation: https://www.amazon.com/dp/B0DNBJ92RP

📆 Book a free Strategy Call with Emi

🔗 Connect with Emi Olausson Fourounjieva on LinkedIn
🌏 Learn more: https://digitaltransformation4humans.com/
📧 Subscribe to the newsletter on LinkedIn: Transformation for Leaders

🔔 Subscribe and stay tuned for more episodes

Speaker 1:

Hello and welcome to Digital Transformation and AI for Humans with your host, amy. In this podcast, we delve into how technology intersects with leadership, innovation and, most importantly, the human spirit. Each episode features visionary leaders who understand that at the heart of success is the human touch nurturing a winning mindset, fostering emotional intelligence and building resilient teams. In today's episode, we're diving into the next level of AI versus AI. We'll take a closer look at how artificial intelligence and zero-trust strategies are being used to battle intelligent cyber threats, together with my fantastic guest from Los Angeles, california, dr Victor Munga, with my fantastic guest from Los Angeles, california, dr Victor Moya. Victor is a cybersecurity technologist and architect, co-author of Simple Solutions, complex Problems, founder of VTF University and co-host and producer of the Zero Trust podcast. Welcome, victor, it's a pleasure to have you here in the studio.

Speaker 2:

Thank you, rumi, thank you for having me.

Speaker 1:

Let's start the conversation and transform not just our technologies but our ways of thinking and leading. If you are interested in connecting or collaborating, you can find more information in the description. Subscribe and stay tuned for more episodes. I'd also love to invite you to get your copy of AI Leadership Compass Unlocking Business Growth and Innovation the Definitive Guide for Leaders and Business Owners to Adapt and Thrive in the Age of AI and Digital Transformation. Find the Amazon link in the description below. Victor, it's such a pleasure to have this conversation today. I'm so looking forward to all the insights we're going to share with our viewers and listeners. Could you please tell us a few words about yourself, your journey, your passions, and I'm really curious about learning more about you and your path.

Speaker 2:

Yeah for sure, yeah. So born and raised in India and then migrated to the United States in 2012. My background is actually IT network security and then transformed into the real hardcore cybersecurity, I should say and in the past five to eight years I have been a security manager leader, ciso, and recently, with all the work I have done around Zero Trust architecture, I've started this podcast where we bring the guests and we talk about Zero Trust and the actionable intel. There's a lot of information out there about Zero Trust, but not a whole lot of ways to actually how to implement it, so we talk about that. We also cover some of the Zeta Trust news. We talk about some of the vendors who are helping with Zeta Trust. So that's been my passion recently.

Speaker 1:

Amazing Sounds really good, and I invite everybody to tune in and listen to those amazing episodes to find a lot of value. Victor, the theme of today's episode is AI versus AI battling intelligent cyber threats with artificial intelligence and zero trust strategies. This concept sounds both futuristic and critical. Can you break it down for our listeners? What does it mean in real-world applications, and how do zero-trust frameworks integrate with AI to create defenses that evolve as quickly as the threats? Why is this a must-address issue for organizations aiming to stay ahead in the digital economy?

Speaker 2:

Yeah, so let's break it down right. So start with the AI. It's not futuristic at all in my humble opinion. Ai is here. We all are using it, so it's not in the future anymore at all. There's going to be two camps from here onwards One who are going to embrace and use AI and make their lives efficient and streamlined, and the other camp is going to be who are going to be reluctant of trying AI and they might fall behind. So AI is nothing to be feared of. Ai is yet another era that we will transform how we interact with digital space.

Speaker 2:

If you look back when the computers were invented, we all thought the HEMOs will be irrelevant because now computers can do things faster. Fast forward 40, 50 years. We're still relevant. On the contrary, now we have a whole industry, it and cybersecurity and application and the whole thing about the GRC as well. It exists because of computers. Same thing happened during the time when internet was invented. Everybody thought that now everybody can get the information so fast and so quick, we don't need a whole lot from humans. Again, yet another myth about it. Ai is the same thing.

Speaker 2:

I explain AI in my classes where, at VTF University, I treat AI as a calculator. Yes, I can multiply, subtract and divide using a pen and paper. With a calculator, I can do it faster and I can do it better. I can verify my results. I treat AI just like a calculator, where I have yet another tool to do my job faster, maybe even do more quality work. Have something in someone verify for me and bounce off ideas Doesn't mean AI is replacing me. On the contrary, ai is making my job and my work better, and that's what the crook of this conversation is where. How do I use AI today and right now, where we are? We all think chat GPT is AI and that's not it. The applications of AI in different industry, different sectors, healthcare if you think about it, if AI can predict, based on your food habits, based on recent stress that you have been suffering, based on your travel habits recently you picked up it can predict and tell you that either you need to change your lifestyle or you need to start taking medication. Think about the application. Same goes for other industries.

Speaker 2:

Let's take cybersecurity, my favorite topic. Zero trust is a framework, a strategy that came out when John Kinderwark started talking about where zero trust is not about not trusting people. It's actually not trusting packets. At that time he deferred to packets because network was the biggest thing. But now, if you think about it, we don't want to trust what's going on in digital space, your identity, what applications you're accessing, how you're accessing, from where you're accessing. All of that we want to verify, we want to log in, we want to enforce policy, all the principles of Z-Retrust. So it's not about not trusting Victor, it's about the actions performed by someone who thinks Victor is Victor using a computer.

Speaker 2:

How does AI help with zero trust? So let's talk about that, just like the example I gave you about healthcare Same application, same principles, same things can happen in cybersecurity. If, by looking at different signals, different logs, different telemetry, different policies, an AI can predict that, hey, either you're going to change this policy for acceptable use or you're going to have to enforce a technical control because we can foresee this kind of threat will be actually coming your way. Now that's something that's very powerful and hasn't happened, at least in cybersecurity, for a long time. We try to do it with SIEM, security Incident Event Management. We try to do it with SOAR, the security orchestration mechanism. We were not able to get there, but with AI the first level, the tier one. We can get some predictability into it because now we can massively look at the data and process it.

Speaker 2:

The other side of it is also verification and assurance. We always struggle with that because we don't know. We talk about the software bill of material. Sbom, log4j is a great example Many other examples where we just don't know what softwares are being built and packaged into the software that I'm using. Today, like for this recording, I'm using a software I don't know. This recording platform may be using an open source library which might be vulnerable, but now think about it If having an AI mechanism that can tell you, inform you, here are the softwares which are bundled in this package and part of those can be vulnerable. Maybe I have a choice I replace them with something closed loop, or maybe I have a choice that I accept the risk, but now I'm being informed about it.

Speaker 2:

And again, the applications are limitless at this point because we haven't explored all of that. In my humble opinion, we haven't explored 1% of the AI applications just yet, even though everything has AI. I walked down the aisle in my grocery store. The toothbrush is powered by AI. It literally says it's powered by AI. So right now we are the marketing hype of it, of AI, with a lot of use cases that we use with LLMs and Gen AI, but I think there's going to be real applications which will really help mankind to process our tasks efficiently and faster so we can get to bigger and better things. Again, if I have more time in my day, maybe I'll think about something else. Human brain can process a whole lot. We only use it. What? Between 5 to 10 percent. There's a 90 percent that I can start thinking about it and I think, using a right calculator, aka AI, today it gives you that.

Speaker 1:

I love your explanation and your vision and I agree. We are just in the beginning of this journey and the opportunities are endless, so it also depends a lot on how leaders are applying and developing those technologies and how it will in reality, define the development for the humankind. With your extensive experience in cybersecurity, can you give us a high-level overview of how AI has redefined the rules of engagement in cybersecurity and standout advancements that CISOs should be embracing or changes they need to mitigate? How can leaders balance rapid adoption with minimizing risks?

Speaker 2:

Yeah. So let's start with the one hypothetical, the cap where if I'm a security leader and I am not ready to embrace AI, in my view most of the CISOs I know they're smart enough, they have embraced it. Embrace AI In my view, most of the CISOs I know they're smart enough, they have embraced it. But let's say that there is a case where we're not ready to embrace AI in cybersecurity and we are the blocker. My question to those people, those personnel, is that do you think the bad guys, the adversaries, are not using AI just because you are not? And that's where the mindset and the shift is, where, if I have the calculator, bad guys are using the same calculator. If I choose not to use it and use pen and paper and slow down the whole operation, bad guys are going to compute faster and multiply faster, divide faster and add faster and get to the count joules faster. I can continue doing the same operation panel using pen and paper. Just because I can, I can do it doesn't mean I have to do it. There are better ways to do it now and that is using with using ai. So that that's the mind shift that we have to adopt. Where the question usually is am I ready to embrace ai? The question is not. Am I ready to embrace AI? The question is not. I think it's the wrong question. The question is are bad guys also using AI? And the answer is yes, adversaries.

Speaker 2:

If you look at the threat reports actually put out from 2024, the top ones are the typical ones inside the threat ransomware. But if you start looking at the new ones or new additions in the threats, which are deepfakes, which is AI, gen AI, or the LLM generated content, which is poisoning, the phishing emails, or if you are into the entertainment business I'm in LA writing the scripts and actually inserting them into your scripts written by the writers the threats are actually faced, created by threat actors using AI. Now the question you want to ask yourself are you going to pick a pen and paper to go and fight those AI generated threats or you're going to actually use AI? And that's where you have to ask yourself am I ready to embrace AI? And the default answer is yes, because we have to. At this point we are not given a choice anymore. The adversaries that are using AI. We have to use AI to fight back the level one threats.

Speaker 2:

If you look at it and it's funny to watch it. If you're in a security operations center, you can see some sort of a machine generating these alerts or actually generating the URLs and spinning up the websites and bouncing off different IPs as they go, and you can see that it's almost scripted and yet it has a brain of its own. And if you have a cybersecurity solution which can detect it, prevent it, protect you and respond to it, that would be something of an AI intelligence in it, because now they can detect the pattern from AI threat, ai solution will detect it and protect you. If you go fall back to traditional security solutions which are not AI equipped yet AI threats are going to pass by them laughing, because they will not be able to detect, they will not be able to see the pattern it's not going to be able to detect. They will not be able to see the pattern. It's not going to be obvious to them. So in order to see the AI-generated threats, in order to combat those threats, you need AI solutions as well, and that's where CISOs are looking at it.

Speaker 2:

I mean a lot of the research done by Avantis and IDC or Ponymon. They are asking CISOs now what are the different strategies that you are changing. Number one is budget. Is budget going to change? Because all the time we have a tendency in cybersecurity saying that if I buy a solution, I don't need a human, or the other way around, where if I'm buying something, I need to consolidate. There's no consolidation yet. This is a new type of threat, so you have to accept that fact. This is a new type of threat. So if you're trying to consolidate and and try to remove your traditional security tools, or trying to actually not renew your traditional security tools, that might not be the time you want to continue using what you're using, but layer on top of it. Now See where the gaps are, see where the overlaps are. Don't just make the decision out of thin air. And that's what CISOs are looking at.

Speaker 2:

Smart CISOs are right now going through and they have started this process in 2024, poc and POV to look at what AI threats are out there and how to combat it. 2025, they are putting the budget together to actually go buy these tools to make sure that they have that board chest ready when the threats are actually knocking on their doorstep to combat them. And that's the shift. It's going on right now and translating it back to the business terms. That's business 101, that's security 101. This is a new type of threat, but ultimately your crown jewels hasn't changed Just because now AI-generated threats are coming. Whatever you are doing, that hasn't changed. But now you have to guide the strategy because there's a new threat out there. Bad guys are using AI. You have to inform your strategy to use AI to combat it, budget it, train your staff, train your company, train your employees, train your contractors. You have to think a little bit differently how these AI-generated threats can really bring down a company or customer and how, as a security person, you will be able to combat it.

Speaker 1:

You are totally spot on. It's not a matter of choice anymore. It's just something we have to accept as a part of our processes, build in into our strategies and be adaptable enough and change the mindset in order to match those capabilities and play this new game. So I totally agree and it's great that you highlight that side of business development and technologies development as well. Victor, cyber threats are evolving faster than ever before, so let's dive a little bit deeper into this topic. Could you share specific examples of how artificial intelligence-powered tools are fighting fire with fire to combat these intelligent threats? Are there breakthrough technologies, use cases or maybe innovative approaches that businesses should prioritize for immediate impact?

Speaker 2:

You know, I started my career two decades ago and even then it was always like this there is a new breed of threats out there.

Speaker 2:

The threats are evolving, there's a new landscape. I feel like that's old news now. Threats are always changing, but what's constant is your business, your crown jewels, and that's where I always keep going back to it. We are, as a security professional, as a security leader, you have to have almost think of this way. You have a protect surface, what you need to protect. That's where you put your crown jewels Defense in depth, least privilege, all of those principles they were informing us to do just that Protect your crown jewels, because that is my protect surface. And then you have your attack surface and that's where the infinite possibilities of threats come in. My attack surface is where either someone internal or inside threat can go and grab my database or grab the customer list or grab whatever is your crown jewels. Someone external maybe a new APT group, or maybe someone who's really mad at me, or someone maybe trying to explore a ways of hacking and they stumble upon my website and from there they found a vulnerability and exploited it. That's my attack surface.

Speaker 2:

Ai fighting AI that's not new. Machines have been fighting machines for a long time Now. They just have a brain of their own. They can actually pivot on their own. When I used to teach threats a decade ago, we used to use the term polymorphous, where the code will change on the fly, based on the controls and based on what the blocking is happening. So think of this way If I send the malware today to Amy because she has availability on her computer, maybe her antivirus will block it and that'll be it. But that's just machine malware, machine antivirus fighting with each other. That's about it. Ai takes it to a different level because now what can happen in my malware? If actually it has a brain of its own and connected to internet? When it reaches Amy's computer, it's going to scan and it's going to detect that there's an antivirus. So maybe it will not do anything bad, or it will almost go quiet mode and wait until there's a vulnerability in that antivirus, or maybe there's a space in the policy, or maybe there's a way out between the shutdown and hibernation, whatever the million ways it can find a way to actually bypass that control and then exploit it. Now that's AI versus AI. This is where I think it's fun to watch it, where the industry is going.

Speaker 2:

A lot of times we are seeing the low-level threats generated by AI and the cybersecurity solutions, which are powered by AI and have a brain of their own. They're fighting with each other. It's creating additional noise that we didn't need it, if you think about it, if we didn't have AI. This is almost like opposite of the solution, which is we created a problem of our own as well. We created AI so that bad guys can use it and now obviously the good guys have to go and fight that. So there is a layer of noise that's created by AI which is again bad guys trying to get in, good guys trying to fend off. That layer is the part where almost we're trying to make it invisible, if it happens. Make it invisible so that our human analyst doesn't have to worry about it, don't have to look at it.

Speaker 2:

Sure, it's in the records, but on the other side of AI and all of this is the data sets and my audience, my listeners here if this is the first time you're hearing about the term every AI they actually really lives upon data sets. That's how they train their models. If you look at all the gen ai models out there right now chat, gpt, cloudy, gemini, all the other ones co-pilot they live and thrive upon the data sets. That's how they train. So whatever I train today, it might be out in 12 months in the new model. So the data set is the most important. So, as a security professional, sure, you have the cybersecurity solutions which are using AI, but as a business, what's unique that you can do about it is that you want to look at how AI solutions tools out there will use me my data as a data set to train their models, and that's what's happening right now. In 2024. A lot of time was spent in research. A lot of time was spent in the policy drafting where, as a CISO security leader, now you have to go around the around your business and look at what other data can be used as a data set from an AI perspective that can be harmful to your company.

Speaker 2:

If you're a pharmaceutical company, you might have so many researches going on. Imagine you're Pfizer. You have a lot of research going on in the medicine world and now, all of a sudden, all of those data sets are being used to train a model. 12 months fast forward. Pfizer's competitor actually go and search in that chat bot and ask for hey, I'm trying to make a medicine for cancer. Can you suggest me three formulas which will reduce the time to make it in 12 months and get FDA approval in the next three years. That's it. Pfizer is done because billions of dollars, if not millions, go into before the product is actually put on the shelf. That investment is everything for that company and that's the data set, that you wouldn't have to worry about it if AI was not here today, because that's something is your deluxe property. You have people under NDA. It's part of the key and lock and bad system. You go in and explore the data, do the research.

Speaker 2:

But now, since we all use AI, between the screenshots and note takers and the Zooms or the teams and agents installed on the endpoints of the network, everywhere, there is a form of AI in the network. Sometimes we don't even know it and it's being trained from an AI perspective whatever we are doing. So that's where the security has to go in and change this mindset, where don't worry about wasting your time looking at ai, fighting over ai. Go look at the data sets, go look at the models that that will use your data to train them and if you do find it, then catalog it, index it. And again, rule of thumb is don't roll the osh. Go back to your crown jewels and look at what data do you have there and how that's being used for the models to train their data sets. And then from there you have to build a policy which tools can touch this data, which tools can be exposed to this data? Because if the tools have ai in it to make the jobs efficient and effectively of the researchers, now you have the responsibility to make sure that that ai does not use your data and if it does, you are aware of it, how it's being used. That that's where the ai versus ai conversations happening.

Speaker 2:

A lot of research went into it last year because this data set is becoming a big of a problem. That is not necessarily security, because security usually have the access controls. If Amy is in marketing, she's not supposed to see the sales, or Victor is in IT, I'm not supposed to see Amy's balance sheets. That's what the access control used to be, traditionally IT security that as long as I know the identity of Victor or Amy, I can limit the access. Ai does not come with an identity. It is it. It comes with one form and one shape, which is all of it. So when the AI is coming to the data set, it does not have any identity, and that's where the complication comes in.

Speaker 1:

This is so interesting and now it's getting really exciting as we look forward to 2025 and beyond. What do you think are the emerging trends in AI-driven cybersecurity? You mentioned the mindset shift, but I would like to hear more If there are specific innovations or threat vectors, such as quantum computing, generative AI misuse or advanced ransomware tactics that organizations must prepare for now. What proactive steps can leaders take to future-proof their strategies?

Speaker 2:

I think we're still at the surface, as I said, the 1% of the AI use cases. So I foresee 2025 being the next phase of that, maybe 2% or 5% of the use cases. More time is going to be spent around guardrailing and putting policies around it and making sure that if you were to build your own AI, if you were to use public consumption of AI, how can you do it? A lot of focus is going to be on the AI providers than the consumer going to be on the AI providers than the consumer. So if you were AI provider, if you are ChatGPT or Meta or Microsoft or any other flavor or Google then how would you provide safeguards so that the AI is not being used for malicious purposes? I think that's going to start in 2025, because 2024, 3 and 4 was a lot on excitement of ChatGPT, that I can ask any question and it will have an answer. A lot of time was spent creating funny videos on the internet using AI. A lot of time was spent on creating that generative content, but now the tail end of 2024 taught us that all of those things can be used for malicious purposes. And now in 2025, we'll start drafting some of the policies and governance around it and that's going to be on a lot of providers, not so much consumers. Cloud security alliance is putting together a ai control matrix and it's out for peer review. If you want to look at it, go to cloud security allianceorg and you can. You can see it. That's where you can see now the organizations and a lot of the institutions are putting together some sort of control matrix, some sort of controls.

Speaker 2:

If you were to build and consume and provide AI, what are the rules of the game? And that's what I think 2025 is going to be From a strategy perspective. Back to basics, just go back to basics. Don't be distracted because it's a term of AI. Don't be distracted by the marketing hype. Go back to basics, fundamentals. What are your crown jewels? What is your tax surface? What is your protect surface?

Speaker 2:

Ai is a new threat and treat it as such. Put your strategies, put your program mature your program mature your staff, train them accordingly to tackle this new threat. But don't get distracted and completely just overhaul your security program. That's going to be a bad move.

Speaker 2:

Ai is a threat. Treat it as such. Put your controls, put your detection, put your prevention, put your response. Update your playbooks accordingly that if this threat happens, what would I do and that's all we could do at this point, instead of being distracted and just completely taking the eye off the ball. Because, keep in mind, if you start putting a lot of efforts into AI threat mitigation and completely tear eyes off the ball, the adversaries are also going to use the traditional attacks as well, which are non-AI, if you will. So you have to keep up the lights and continue building on that one, as you will consider AI as a threat, and just like any other threat. How do we handle it? We look at it if we are the victim or can be the victim, how AI can impact you, if AI threats are going to impact you, and do you have a playbook ready to actually roll if that happens and that will get you going for 2025.

Speaker 1:

I'm just getting a little bit of regret that I don't work directly with cybersecurity, because it becomes increasingly important, increasingly exciting, and all those new technologies and opportunities and everything what is going on today, and we are the very first generation who has access to all those opportunities and also needs to find the solutions to the new problems and emerging trends nobody else needed to deal with. This is really interesting, Victor. Collaboration has become increasingly critical in the cybersecurity world. How do you envision AI facilitating partnerships between organizations, government bodies and even competitors? Are there examples of how a collective defense approach powered by AI has already made a significant difference? How can leaders leverage this model effectively in their own ecosystems?

Speaker 2:

It's not just cybersecurity. I think in general, people thrive on one partnership because what I have to offer, maybe someone can't, and what they have to bring on the table, maybe I can't. So businesses around the globe and it's nothing new partnerships have been the cornerstone for a business, for an enterprise, to move forward. Ai is bringing another layer of that, where if this is something I've seen personally in my life, where I'm not good at something as simple as writing effective emails Maybe the way I used to write it is something that doesn't come across that professional or doesn't bring the point across Doesn't mean I don't have a good idea. It just means I cannot communicate. This is going to actually help globalization and bring those partners in the limelight where they were not able to build the partnerships, especially in the Western countries, where now they can, using generative AI, they can bring their point across because they can speak in the native language. Ai, using ChatGPT, gemini, cloudy, whatever the flavor that you're using today you can actually transform that language into English properly write an email, even proposals, one-pager solution briefs, whatever that is. That's that's happening. Same goes for our internal teams. If I were to hire a talent, I don't need to just look into my city or my town or my state, I can go around the globe now because, even if english is not their first language or if they're not comfortable actually communication-wise, they can actually use AI now to bring their point across. Now it's a double-edged sword. I will highlight that right now. There's a biggest problem going on right now, especially in the young age professional Unlike me, I'm a dinosaur at this point Over-reliance on AI, over over reliance on these chatbots, where you start losing an edge, where you just don't even know how to talk, you just know how to prompt, and this has happened. In 2024, a research was done at a university level where the students are so hooked onto the chatbots where they are entering prompts so even when they are communicating with each other, they're giving prompts to each other instead of having a communication. And that's the other side of it, right, where you need to balance it. If you are a professional, young professional trying to use AI for your day job or day work, don't over-rely upon it.

Speaker 2:

There was actually an incident not reported but told in the inner circles where a CFO actually was running against the 10 line and used ChatGPT to run some numbers. Chatgpt made a minor mistake in the number that was informed or made an informed decision to actually bring the whole company down. Because again, there was a minor, minor difference in the number when ChatGPT actually did the OCR from the page, because CFO took the pictures of the transaction or whatever the decision, and asked ChatGPT to just come up with the numbers and that numbers were actually put in the Excel. That Excel was used by the controller to make the transaction and again it was detrimental to the company. Again, over-reliance. Right, you need to verify what you're using and that's what I would advise right now for those who are listening Use ChatGPT, cloudy, gemini and all the other chatbots as calculator.

Speaker 2:

Just know 2 plus 2 is 4, or just know that 102 is more than 100. So when you actually use a calculator, if the calculation came out to be 102 is less than 100, have a logic that 102 cannot be less than 100 because it's more. Have that basic fundamentals clear and use the chat gpts of the world to actually efficiently make more content for you. But you are the verifier always verify, always verify. The best rule of thumb you can do is, whenever you give a prompt, treat it as that you're verifying what you know instead of trying to make it some create something new. And if you're creating something new then you have to verify. You have to continue verify because otherwise it's the problem over relies you.

Speaker 2:

We are over relying upon chat gpts of the world. Again, I'm not just picking on chat gpt, but the chat paths. We're just so over relying on it that we're gonna lose our edge of being human and we don't want that. That's. That's the whole conversation right now, where a lot of people are saying we don't want to use ai because we don't lose the touch of being human. We both can coexist. We humans have to decide how to coexist. We have to make our own space, our own room, our own voice. That is verifying what you get out of these AI tools.

Speaker 1:

This is the essence, and I'm so grateful that you are mentioning this dimension, because this is exactly what we have to do. We have to stay in control, and it gets faster and faster and more and more stressful, because we have to match, basically, the AI capacities with our capacities, in a way, in order to catch up with everything that's going on, and a lot of people get burned out and overwhelmed just because it is a fast-paced game and not everybody is in the place to keep up with this space. So it's not always easy, but it is absolutely crucial to define who is in charge and stay in control while you're using all those solutions, because otherwise it might lead you to extreme problems, exactly as you mentioned before, and you, and only you, are in charge for the outcomes anyways, as a human being. So it is really important to be responsible and keep in mind who is the boss for the moment and take that approach and apply it to everything you are doing, with the support from the side of latest technologies.

Speaker 1:

Victor, you already mentioned the area of budgeting before, but for small and medium-sized businesses that often operate with constrained budgets, adopting AI and zero-trust strategies can feel like an uphill battle. What practical, high-impact steps would you recommend to help these companies and businesses build strong security foundations while maximizing return on investment? How can they prioritize efforts in a way that makes the most sense for their size and resources?

Speaker 2:

I'll give a personal example. My family growing up we were not that rich, so going to a shop where it's something shiny or they have it on sale, my dad would always say do you need it? And that's the principle I will give it to the small business owners as well and the SMB industry that what do you need? Do you need it? Just because something shiny out there doesn't mean you necessarily need it, doesn't mean that that fits your business requirements. That doesn't mean that fits your IT or security requirements. That's the essence of it. Do you need it Just because AI is out there and there are 30 different flavors of AI? Do you need it? And if yes, then what do you need?

Speaker 2:

Chat, gpt or the chatbots are not the extent of AI when it comes to SMB. Yes, you can use it, but at the end of the day, for SMB, if they have less manpower they're trying to be efficient into their process and run lean then you need to have requirements. Doesn't mean I don't have enough people to actually look at the logs and I need an AI solution to actually correlate all the logs and just tell me when it's really to the burning point. Maybe that, or I don't have enough money to actually pay for professional services. I need an AI solution that will configure or keep me up to date with these antivirus or Windows update or Linux update or whatever that is or it could be. I have someone internally then. They don't have the IT background, but they would like to learn more about it, they would like to grow into it. Maybe I need an AI tool which will help them get better at the job, but the human is going to verify it. So again back to what do you need? Do you need it?

Speaker 2:

If you write down those bullet points, then you can go shop, then you can go decide what's out there and if that meets your budget, smb is always going to have that budget, as probably you said it, and it's not even a problem. It's that's just how the economy works for smbs. They they have to make more with less. That's that's the essence. Making more with less has constraints quality or quantity. So with ai, yes, you can streamline your process. You can even look at inefficiencies, and that's one area. Some of these have been actually using ai to look at inefficiencies in the process, because they don't have highly trained black sigma belt or whatever that that's called actually. Uh, to come in and look at your operations and decide where the inefficiencies are. Maybe AI can looking at putting like 15 cameras around your operations and they can maybe identify efficiencies. Maybe they can help you actually make sure the employee efficiency is also improved by either making sure they send a text message hey, your break is due. Go take a coffee break. Go stand up now, feel refreshed, come back, because when they come back they can work efficiently. So AI can help you with those things.

Speaker 2:

But at the end of the day you have to ask yourself what do you need? Just because something is out there doesn't mean that fits your bill. Ai can go from $1,000 to $1 billion. Are you ready to pay that? What does that bring for you on the table?

Speaker 2:

So again back to my dad's code where do you need it and what do you need? And if you do, what is your budget constraints? What is your human constraint? What is your process constraint? And the ROI is usually, for the smaller businesses, three to five years. That's the depreciation they use, right? So for larger enterprises there's different depreciation models, but for smaller, it's usually three to five years that I'm going to use a depreciation model. So if I'm investing $100,000 today into an AI which will help me improve 10% of the operations. That 10% brings me only $2,000 per month. Use the depreciation. You're actually paying more to be efficient than being inefficient today and not losing that money. You have to run that math at the end of the day. Back to what do you need and once you decided, that will dictate and guide the path what you need and how you can procure it, how you can use it.

Speaker 2:

Ai has a lot of use cases. Keep exploring them. If you're in the SMB space, keep exploring them, especially the efficiency, because you can really help, or you can really get helped by AI to run the operations lean and mean and that helps you. Six Sigma actually that's the term. Six Sigma.

Speaker 2:

One thing that I have noticed in 2024 in the SMB space, where now the SMBs can also streamline their processes, such as creating a PO, creating an invoice, sending a reminder, collecting the raw things that they were manually doing those steps. A lot of times, the AI process can do that. Now, if an email came to your inbox that, hey, I'm checking up on that invoice, they can send an invoice PDF directly to the person. So, those things it will save you time, but you have to run the math. How much time is being saved and what do I do with that time? Do I bring more money with that time that I spend on the AI? That's the math you have to do it. Sit down, take a step back, run the math on the paper to make sense. If the ROI is not there that 20, 30% that you want then all of that for nothing. Just because you have a flashy AI doesn't mean you're saving money. You might be actually wasting money.

Speaker 1:

That is a really wise approach and an amazing advice to everybody who is trying to compete in the way, that they need to choose the fanciest solutions and keep up with the trends of technological development. It's not always worth to just get the latest and the trendiest solutions, because you have to apply them to your case, to your situation, to your business, and make sure that the return on investment is still making sense for you and you're going to grow due to that achievement and not go bankrupt instead, which also might happen, actually, in some cases. So it is really important to prioritize what really matters and unfortunately, I see this trend on the market in different areas, not just cybersecurity, but there is a lot of this in more tech as well. There are new solutions coming up every day and many companies are doing their best to catch up with the latest and trendiest models and solutions, and it's not always worth it and it might lead to the opposite outcomes as well. So do you really need it? I love that question and we can apply it actually to so many areas in our life and business.

Speaker 1:

Victor, this is an amazing conversation. I'm enjoying it so much, but it's about time to wrap up. So the last but not least, question about your experience and some golden nuggets from your side. Your experience and some golden nuggets from your side. What advice would you give to C-suite and other leaders managing cybersecurity in 2025 and beyond to ensure alignment, agility and resilience in addressing ever-evolving threats? How can they foster a culture of proactive security and innovation while maintaining stakeholder trust and balancing business objectives in an increasingly complex digital landscape?

Speaker 2:

Oh, that's a loaded one and there's a lot in that. I think the simple advice I have is be curious. If you're a board of directors, if you're C-suite, be curious about what's going around, what's changing, and don't make harsh decisions. Don't make abrupt decisions because something flashes out there, something more happened out there that you heard about it and maybe you got scared. At the end of the day, you have to trust your people that you hired. You have to trust the talent that you handpicked, that they will do the right job and that you handpicked that they will do the right job. You can have a process to verify and find the assurance in it, but don't want to make decisions for them, because that really limits innovation at all times. If threats are out there and you feel that you're not being informed, that's something you can ask More communication, transparent communication, maybe education on the things that maybe you're not aware of it, but making a decision uninformed or with the limited education because you don't have time, actually has a lot of impact that you have no idea, that sometimes you don't get to see it. So, again, if you're, in 2025, sitting on the board of directors or if you're c-suite, be informed.

Speaker 2:

There's a lot of changes happening everywhere, especially with the ai disruption. We have seen this disruption during the internet time. We have seen this disruption dot com era. We are in the new era of ai. A lot of disruption is happening. So you may try to go back to what you know, but this is uncharted territory. No one knows anything. So, instead of actually falling back to our decisions or falling back to our knowledge and falling back to our experiences, be curious, ask the right questions, be and trust the talent that they will do the right thing, help them to get to the right decisions. That's my advice.

Speaker 1:

I absolutely love it. This is so profound and so efficient and actually this is the essence of the success formula. And today, in 2025 and beyond, it is really difficult to be a leader in the space of the unknown and, of course, there are many constants and things which are still the same, like those crown jewels of the business. But at the same time, there is so much to learn, there are so many learning curves to deal with and it requires resilience, bravery, courage and a lot of motivation in order to put things into place and be future-proofed and run a sustainable, growing business. So thank you so much for sharing your wisdom, your experience and knowledge with us today. I highly appreciate you being here and sharing all of the best, what you have to offer to our listeners, to our viewers. Thank you so much for this conversation, victor.

Speaker 2:

Pleasure to be here and thanks for the invitation.

Speaker 1:

Thank you for joining us on Digital Transformation and AI for Humans. I am Amy and it was enriching to share this time with you. Remember, the core of any transformation lies in our human nature how we think, feel and connect with others. It is about enhancing our emotional intelligence, embracing the winning mindset and leading with empathy and insight. Subscribe and stay tuned for more episodes where we uncover the latest trends in digital business and explore the human side of technology and leadership. Until next time, keep nurturing your mind, fostering your connections and leading with heart.

People on this episode

Head Shot

Emi Olausson Fourounjieva

Host