Soulful CXO Podcast

AI in Cybersecurity: Hero or Villain? | A Conversation with Chuck Brooks | The Soulful CXO Podcast with Dr. Rebecca Wynn

Episode Summary

In this episode, we dive into how AI is transforming cybersecurity with expert Chuck Brooks, author of Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security. Discover practical strategies for enhancing threat detection, addressing talent shortages, and safeguarding both SMBs and enterprises against evolving cyber threats.

Episode Notes

Guest: Chuck Brooks, President, Brooks Consulting

LinkedIn: https://www.linkedin.com/in/chuckbrooks

Twitter: https://twitter.com/chuckdbrooks

Host: Dr. Rebecca Wynn

On ITSPmagazine  👉  https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/rebecca-wynn

________________________________

This Episode’s Sponsors

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

________________________________

Episode Description

In this episode of Soulful CXO, host Dr. Rebecca Wynn speaks with cybersecurity expert Chuck Brooks about the double-edged role of artificial intelligence in today’s complex security landscape. Chuck outlines how AI aids in automating threat detection and response, helping address the cybersecurity talent gap, yet warns of AI’s potential misuse by cyber adversaries. Together, they discuss the essential role of proactive risk management, the need for robust cyber hygiene, and the unique challenges faced by SMBs in securing their digital environments. Chuck also sheds light on the crucial but often overlooked supply chain risks, especially in an interconnected world where even small vulnerabilities can lead to major breaches. With actionable insights and strategic advice, this episode prepares businesses of all sizes to better navigate cybersecurity’s evolving challenges.

________________________________

Resources

Chuck Brooks’ book, Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security

https://a.co/d/j7Y0BGB

Dr. Rebecca Wynn’s article: Navigating the Future: Strategic Vision for 5G Network Security with AL and ML

https://www.linkedin.com/pulse/navigating-future-strategic-vision-5g-network-al-ml-dr-rebecca-tr0tc/
________________________________

Support:

Buy Me a Coffee: https://www.buymeacoffee.com/soulfulcxo

________________________________

For more podcast stories from The Soulful CXO Podcast With Rebecca Wynn: https://www.itspmagazine.com/the-soulful-cxo-podcast

ITSPMagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

Episode Transcription

AI in Cybersecurity: Hero or Villain? | A Conversation with Chuck Brooks | The Soulful CXO Podcast with Dr. Rebecca Wynn

Dr. Rebecca Wynn: [00:00:00] Welcome to the Soulful CXO. I'm your host, Dr. Rebecca Wynn. We are pleased to have with us today Chuck Brooks. a globally recognized thought leader and subject matter expert in cybersecurity and emerging technologies. He is adjunct faculty at Georgetown University's graduate cybersecurity risk management program where he teaches courses on risk management, Homeland Security Technologies, and cybersecurity.

Chuck is one of the top tech people to follow on LinkedIn. He is a GovCon expert for Executive Mosaic and GovCon Wire cybersecurity expert for the network at Washington. Post visiting editor, Homeland Security today, and a contributor to Skytop Media and Forbes.

Chuck, great to see you again. Welcome to the show. 

Chuck Brooks: Great to see you again. A pleasure to be here. Thank you, Rebecca. 

Dr. Rebecca Wynn: we've been on several shows before but I think your background is fascinating. So you can walk us through that because you started in poli sci, then you got a little bit more strategy and then you became the thinker on the hill.

I'd love to hear that [00:01:00] story. 

Chuck Brooks: when I went to college, we didn't even have electric typewriters let alone the internet. I was interested in the. Scenario it was a liberal arts school in Indiana called DePauw, which I loved, by the way.

It was only a couple thousand people. And, and I was from Chicago originally and sort of go back into the, the Indiana heartland where all the farms are. It was fun and the people were genuinely and nice. So I enjoyed it. So poli sci in English where my focus there. And then I went immediately to University of Chicago and started international relations and particularly more of the national security realm 

I came to Washington, DC and, and that's a typical Washington DC story. I went to some party, I befriended a retired general who is also former deputy director of the C I A and former head of d I a, Lieutenant General Danny Graham. And he said, would you like to do some writing for me? And I said, sure.

Wrote some stuff on strategic missiles High Frontier. S d i, all that stuff. And he said, you're doing a great job. Would you like to serve in the Reagan administration? I said, yeah, that would be fun. I got an appointment to assist the director, [00:02:00] under Richard Carlson.

you probably know his son, Tucker Carlson. Richard was head of Voice of America. It was still the Cold War. And not a secret now, but a lot of the stuff in the communication activities with different language stuff, which was then by shortwave radio. It wasn't even, you know, the internet yet either.

And they were weighing computers now that I'm working on. I worked there for a while and got picked up, worked on the hill for almost 10 years doing technology and security issues. you see the evolving capabilities of the technology back then. Then people were starting to look at. The implications of new emerging technologies and the new revolution ahead, but not quite.

then I got a call would you like to be part of a big startup? the big startup happened to be D H Ss. So, that's really when I think I could say my cybersecurity career because I was hired as in legislative affairs to help set up and create two directorates. One was a science and technology directorate, which is still around, and the other one is a domestic nuclear.

Office, eaten up, [00:03:00] by s and t. my role was to work with SMEs and create stuff. mostly chem BioRad, new explosive focus initially, but there was a strong cybersecurity element and it was just the beginning where everything was getting connected.

I worked on those issues, prepared briefs and got really into the area. when I left, I followed that career path, 

and then most recently I retired out of General Dynamics Mission systems, where I was doing a lot of, growth. Strategy for cybersecurity in that role. 

I learned a lot. So I didn't come from the technical background, but you know, I think I caught up and, and now I'm doing my own. thing, teaching and consulting, it's an interesting career path. . 

Dr. Rebecca Wynn: You mentioned the Reagan administration, but what was the other administration you worked under?

Chuck Brooks: The Bush administration? Under d h s, when we set up first for Secretary Tom Ridge and then Secretary Michael Schoff. I stayed for two secretaries and I, I kept my ties. I've reacted with d h s still, and it's fun to see the, you know, the, the change the focus has changed from the [00:04:00] counter-terrorism focus to the cyber focus there too, in terms of least funding.

Dr. Rebecca Wynn: That's great because it's interesting under different administrations. I, when I did the D O D work with N C I information systems, I was doing all the base realignment, I ended up having Bush and Obama and a lot of times when you have administration changes, I.

World can change very quickly. Yes. in a lot of those projects. And, but the one thing is, is that failure's not an option and you gotta get her done. And so when people Exactly. People say, well, how come you, how did you cut your teeth so quickly in technology and all that kinda stuff. 'cause I was, I.

boots on the ground in hectic situations you gotta figure it out. you can't always Google You gotta know how to read. 

Chuck Brooks: Exactly. you have to learn from others too. there's a lot of institutional knowledge and legacy that you build on as well as looking forward 

policy. I think really it's interesting mostly in the technology and cyber world that that's the least partisan of all the issues I've ever had to deal with. You know? 'cause people. Our focus really on, on the application of the technology and the threats. It's not accolades or whatever.

[00:05:00] It's really, and keep us all safe. So it's really different perspective, I think politically when you work in technology and cybersecurity. 

Dr. Rebecca Wynn:  you're well known as being a thought leader looking at emerging technologies, things along those lines. And you said this publicly, the cyber ecosystem. A precarious situation. How do you see the advancements in artificial intelligence and machine learning? helping and hindering security operations?

Chuck Brooks: that's a, a really good question. You know, I think it's precarious for a lot of reasons. One is, is because we never thought of security first as either company or as government. And of course, the internet wasn't invented to be secure we're all going at this, you know, from the. From the backend trying to fix things.

But the, the reality is that, as you said, artificial intelligence is not new, but some of the capabilities are new as, as you grow into supercomputing power and other things. And, and so I, I see that being a really key transitional aspect of cybersecurity. [00:06:00] For several reasons. One is we just don't have enough cyber expertise and people out there to do stuff, or at least they don't want to go into it.

There's a global shortage. Second there's too much complexity out there and all these tools and, and be able to orchestrate them and run them and, and a lot of people in IT shops leave and then there's no one there. So, so artificial intelligence is, is an enabler. It's the tool and it's basically used for, for helping automate things.

So in that sense, it's really good for automating, you know, threat detection, identity aspects, you know, proving who is what, looking what's in the system. And it may be collating some of the data too structured, unstructured. But it, it also has, you know, it's like every, most technology, it's a dual edge because the adversaries and hackers can use it.

And the reality is the hackers already have advantage. I call 'em criminal hackers, but there's a lot of white hat hackers too. it's asymmetrical because they have many targets. governments, organizations, big companies.

they're targeted, but they have more expertise and capabilities. small and medium businesses, the bulk of a lot of what's out in the United States, [00:07:00] most of 'em have no clue. They don't even have a C-suite expertise. They're easy to, to target, and they're targeting 'em now in a rapid fashion.

Using these machine learning capabilities, to scout for vulnerabilities and exploit them to mass send out phishing attacks. they're also state sponsored, with geopolitics changing.

We know you have the two leading countries in that Russia and China devoting a whole lot of time to the digital aspects of cyber warfare and espionage, and then all the various organized groups under them, that sort of do their becking for them. it's a dangerous landscape.

they're using that technology and defenders have to do the same. we're at an early stage we'll see in the next few years and, throughout the decade that artificial intelligence is a requirement for any company to protect itself because there's too much data, too many technologies, too much threat for people to handle 

Dr. Rebecca Wynn: You talk a lot about quantum computing and the dangers along those lines. , and I know a few years ago everyone thought, [00:08:00] ah, you know, even all the, the new quantum computers are coming outta China and things along those lines. It's still many years away. now that AI has taken off and fruition, I think now it's like a thousand different companies out there who are developing projects.

What do you think about. The AI apocalypse. 

Chuck Brooks: Well, I mean, the, the risks are pretty high with both, you know, I, again, like, there's, there's a lot of people out there including Elon Musk that say that, you know, artificial intelligence is gonna be our undoing. It's gonna advance to such a stage that it's gonna basically take over everything.

I don't think it's ever gonna be sentient. What I worry about with artificial intelligence, is humans using it it's a tool it could have apocalyptic capabilities with nefarious actors using it, you know, for instance, they could, you know, inject polymorphic warfare, wa malware all over the place and disguise it, and being triggered by biometrics.

there's so many technologies and capabilities to fuse with. I think artificial intelligence could be very disruptive The debate now, is do we regulate or we don't regulate? And you know, [00:09:00] you know, obviously there's ethical considerations and then there's bias considerations in it.

But it's difficult to regulate anything, let alone in the United States. You talk about the globe, and the problem is, is geopolitically, is that mentioned that you know, the Russians, Chinese. Iranians and North Koreans are not gonna regulate anything that's gonna be advantage to them.

it's a one-sided thing when you call a moratorium to start, researching we need to invest heavily in learning and building computing capabilities with quantum it's the same 

it's a race. We're working with allies But China is advanced they've done quantum communication, the technologies are not necessarily having one big quantum computer. It's really using the, the, the physics of it to do analytics and predictive analytics.

there's different types of computers even photonic computers, available now that could do similar things. the fear is whoever gets Q Day capability will dominate decrypt everything have secure communications and dominate every industry.

So I see seriousness in both those AI and quantum, and then if [00:10:00] you combine them, if you think about that capability, that just is, is a frightening scenario. they're here you can't stop researching and doing stuff. You just gotta make sure that others realize they can't overtake you, and you have to prepare to defend yourselves.

Dr. Rebecca Wynn: Yeah. we have a lot of startups and startup can be, you know, a stealth mode. . Part of it is your mindset on, on being in that kind of growth or hypergrowth, or really not putting the time and effort into security, privacy, and compliance.

I've seen it personally and I've heard from other people where it's like, You know, we, we don't think the CISO is a critical hire. We have other things that are more critical than, you know, we deal with a w s or Google or another cloud provider and they handle all security for us. I think that those end up making those companies prime targets for, like you said, nation states and things.

when you look at supply chain risk because you do business with those guys, that's where I really think that we're gonna be seeing a lot of breaches and spidering breaches 

What [00:11:00] do you see from your world, 

Chuck Brooks: I agree a hundred percent. the supply chain is still very risky. It's very difficult to, to police supply chain, particularly with, with companies that have a lot of vendors and maybe large vendors.

But I'm particularly aware you mentioned healthcare and, and that's still a really. A largely targeted area, largely 'cause when they don't have the budgets for security, never focused on it. Like hospitals and healthcare facilities usually use their money to procure technologies for medical use. And then they have all these various networks, the devices themselves, but also, you know, the patients, the doctors, the nurses, and, and so it's really, you know, a sieve for a lot of, hackers to go after.

And they're using ransomware. many attacks. not disclosed. they get paid have no morals people trying to help the hospital, pro bono, but it's difficult to catch up.

So I think, you know, that area, education's another area. And then financial, but you mentioned really the, the crux of it, which is small medium businesses that just don't understand the implications and, and think, well, I'll go to the cloud, I'm safe, [00:12:00] but your data is your data and you gotta protect it and you're responsible for it.

You have to have the mindset if you're a company anywhere. cybersecurity is not a revenue issue. It's an operational issue. if you don't have the capability to run your own operations and make sure that you're not, at least you have, you know, resilience or be able to instant response, something happens, you're gonna be outta business quickly or your reputation's gonna be ruined.

small businesses are easy Pickens For hackers, They're doing a lot of ransomware attacks. and not getting caught. And so it's, it's, you know, this is where crime has gone for brick and mortar to digital now.

companies need a wake up call and take responsibility. learn the basics of cyber hygiene, to protect themselves and get outside expertise. But it, it's not gonna change. It's only get worse. 

Dr. Rebecca Wynn: I've been brought in more, in one case in the last 15 months where the company's been totally bricked and brought me in after 

when I started looking at the architecture, some security architect myself, it wasn't secure and safe. backups are backups, but if they brick you out of even getting to the backups or they go ahead and they [00:13:00] grab your credentials, That's I've seen too.

Let's grab all the credentials instead, and you can't unlock those backups. What then, Like you said, it's not getting those hygienes upfront. What do you think that they should do to set themselves up for success? Because I would just tell you when I talk to CISOs and CTOs, CIOs, it's all over the place.

I think it's extremely dangerous right now. So what do you usually recommend? 

Chuck Brooks: start with understanding. Every industry may be different, but start with a risk management plan. at least they're looking at the right things. There are plenty available.

You know, NIST has Mitre, all of them. But there are a lot of industry specific ones too. And then in that plan, do the basics, you know, which is first, you know, do an inventory of what's in your network, what devices, who, who's got access. Then you're gonna likely do penetration testing to see your vulnerabilities, 

To do that, you have to go through basic fortifications of cyber hygiene, multifactor authentication, which helps in a big way, and you can get around it, of course, if you're a really good hacker. But for most of 'em, they're not gonna bother. They're gonna go where, where it's [00:14:00] the easiest to go.

So multifactor authentication works good, and you can do that with biometrics too. Then of course, you have to consider firewalls, segmenting your data. So it can't be with, with different, different certificates. So it can't all be taken at once. And then you have to look at, you know, training your employees, of course.

very important is, is look at, you know, everyone's vulnerable. Anyone could get hacked. I mean, the best of the, of companies have got hacked. Even the, a lot of the cybersecurity companies have been hacked. So expect to get hacked have an incident response plan, a resilience plan in place, and, you'll be much better off.

you can react quicker understand the implications and keep your reputation intact. 

Dr. Rebecca Wynn: Our time has run out. It's gone real fast. 

Chuck Brooks: I'm very active on LinkedIn. I have a 100,200 followers And, I run several groups there too. And I have a newsletter, so that's the easiest way to, to find me or just send me a message there.

Dr. Rebecca Wynn: Well, Chuck, Thank you. 

Chuck Brooks: Thank you. Thank you for having me, Rebecca.[00:15:00]