Podcast
The Future of Cybersecurity
In this episode of The Future Of, we’re talking about the Future of Cybersecurity. I’m joined by cybersecurity expert Theresa Jones, also known as the “Cyber Lady.” Theresa is CEO at Evalv IT and Principal Consultant for Evalv IQ. She’s also a Cybersecurity Specialty Consultant for the DoD and for the Louisiana Small Business Development Center, where she’s based. She’s earned degrees in Auditing, Forensic Accounting, and Cybersecurity.
Jeff Dance (Host) – 00:00:01:
AI allows everything to be done so much easier, more efficient, fast. So it’s great in the sense of a small business or a governmental agency. Having not enough manpower and being able to do more faster, that’s great. However, when we talk AI in terms of what bad guys can do with it, whole nother level.
Theresa Jones (Guest) – 00:00:22:
Welcome to The Future Of a podcast by Fresh Consulting, where we discuss and learn about the future of different industries, markets, and technology verticals. Together, we’ll chat with leaders and experts in the field and discuss how we can shape the future human experience. I’m your host, Jeff Dance. In this episode of The Future Of, we’re talking about the future of cybersecurity. I’m joined by cybersecurity expert, Theresa Jones, also known as the Cyber Lady. Welcome to the show.
Jeff Dance (Host) – 00:00:56:
Thank you for having me, Jeff.
Theresa Jones (Guest) – 00:00:58:
Yeah. Theresa is the CEO of EVALV IQ. She actually consults on critical infrastructure from municipalities, ports, and airports. She also prepares clients to work with the DoD to make sure their cybersecurity measures are in place. She’s been a cybersecurity specialty consultant for the Louisiana Small Business Development Center. She’s even written curriculum for universities. So we’re grateful to have your expertise here with us. Theresa I understand cybersecurity is not only your profession, but also a passion. How did you become interested in the topic and become the Cyber Lady?
Jeff Dance (Host) – 00:01:31:
So a few years back, I worked at an MSP as a salesperson, believe it or not, sales and marketing, and decided after going on site and seeing medical practices, not following actual cybersecurity rules or protocols, that… Houston, we’re going to have a problem when it comes out to these small businesses and these entities not following protocols and making people’s data unsecure. So from there, I started looking at every time I went to the doctor, it’s like, doing this right? Is it HIPAA compliant? And it started making me freak out. So everything in my world became cyber. Everything was cybersecurity. And from there, I started doing speaking engagements and teaching and training specific to small businesses for cybersecurity. And people didn’t like me because I always scared people, right? So to make it cute, they started calling me the Cyber Lady. Everybody would say, you know, when you see the Cyber Lady all hell and broke loose, I’m like, no, we need to think warm and fuzzy when you think of the Cyber Lady. But technically, if I’m around, probably things are not in a good space.
Theresa Jones (Guest) – 00:02:34:
Got it. Well, I think that you deserve some sort of like logo or icon or superhero outfit that kind of goes along with a Cyber Lady. If you don’t have that already, I’ll be thinking about getting you something from our design team.
Jeff Dance (Host) – 00:02:46:
I have a cute little character, but I’ll shoot it to you for a cake.
Theresa Jones (Guest) – 00:02:51:
Thank you. Well, tell us a bit more about your work, some of the types of clients that you work with.
Jeff Dance (Host) – 00:02:57:
Primarily, I have become extremely efficient in the maritime industry with port authorities, most of them that have either ferries or airports. And it is extremely stressful. My whole hair is combed back so you don’t see the streak of gray and white hair that’s like right here, because there are so many projects that these port authorities and these municipalities haven’t been modernized. So we walk into environments where you see anything from Windows 8 device servers still on networks and we’re like, oh God, we’re going to have a seizure. We can’t put stuff on here. But our government doesn’t really budget for technology or changes and increases. So it’s very challenging and very interesting working with the grant side of the organizations trying to obtain funds to be able to get them in a happy place when it comes down to their cybersecurity postures. It’s a lot of stress. It’s a lot of snacks. And it’s a lot of caffeine. But it’s also very rewarding when we realize, like, when I do stuff for Port of South Louisiana and I educate the new employees, it’s like, hey, we’re protecting 60% of the world’s grain. That’s rewarding. Collectively, as an organization, we’re protecting $400 million of economic impact each and every day between collectively what our clients have. So it’s interesting to think about, you know, ships not moving. And if they don’t move, how does it affect America? How does it affect the citizens? And we’re an intricate part of actually making sure those ships are moving. So I’m like really, really excited about that. And that’s what makes me passionate about cybersecurity and what we do every day and keep doing it even when you don’t want to do it because you’re tired. It’s those things.
Theresa Jones (Guest) – 00:04:35:
Thank you. You know, I think that protecting our critical infrastructure, we’ve become much more aware of that with what’s been going on in the world. And we all read about cyber attacks, even cyber warfare, cyber threats. And there’s a country level aspect of this. There’s a company level aspect of this. And there’s a personal aspect of this. And I think that’s why we’re excited to kind of talk about it more today. It definitely can affect or has affected even our personal lives. As we think about the definition of cybersecurity, you know, this notion of like protecting systems, networks and programs from digital attacks, just a lot that can go into the space. Do you have any sort of definitions that you use as you bring people along?
Jeff Dance (Host) – 00:05:14:
So I always tell people, basically, if it connects to the internet, we have to protect it. Bottom line, whether it’s virtual, wireless, you know, people want to get technical. Well, technically, it’s on a VLAN. No, it’s all part of cyber. Down to the physical security of your facilities. It’s everything. The little speakers that talk to you that we shouldn’t have in our environments at the office. Yeah, you have to protect those too. So it’s very interesting the things that you have to secure and what I consider what cyber is. To me, it’s the art of protecting anything that’s generating data on the Internet. That’s what I’ll say.
Theresa Jones (Guest) – 00:05:49:
So basically anything digital, any device that kind of connects to the Internet that has a data aspect deserves consideration and protection, especially when we’re dealing with sensitive information and conversations.
Jeff Dance (Host) – 00:05:59:
Exactly. People don’t realize you’re at home with everything super connected and you have your washing machine and dryer. Who doesn’t love some Samsung, right? I love my washer and dryer, but I refuse to connect it to the Internet. But how many homes have refrigerators and devices in the home connected to the Internet that’s connected to your phone, that’s connected to your business network infrastructure, that’s connected to your QuickBooks account and your banking accounts? And it goes from just not being personal, like you said, it encompassed your day-to-day walk, even down to you going to the office.
Theresa Jones (Guest) – 00:06:33:
That’s the present reality, but it’s also the future reality, right? Where it’s like everything’s going to be connected even more so. And so that’s why I think it’s such an important topic for today and also the future. You know, as we think about wars that are happening right now, we have our Marines, we have our Army, we have our Navy. And then it seems like we’re hearing about the cyber warfare that’s happening as well. And so like, is cybercrime sort of the new warfare as well? As we think about countries at war with one another, it seems like we’re hearing about these large teams of hackers, whether it’s this country or that country. And this is like, okay, if we can take down critical infrastructure, if we can slow things down, if we can affect things, then this is one way to affect another country.
Jeff Dance (Host) – 00:07:13:
Definitely. And people don’t look at it not just from that perspective, but how you fund a war. What do you get money to fund wars? What do you get money to fund these criminal enterprises? I never forget when the war in Ukraine started. I live here in New Orleans and I was like, oh, it’s Mardi Gras time. So I get to go take a break away from Mardi Gras and from the business. And I haven’t had a vacation since before Mardi Gras of the war breaking out because technically it’s critical resources. We can’t be away on vacation on a beach on a remote island. We have to be able to monitor and make sure that, hey, they’re not going to ransomware one of the clients in hopes to get money to help fund those wars and those issues that are happening overseas. I see a lot of drone attacks that are happening with the wars right now. And people don’t think of drones as being a cyber issue, but they connect to the internet. They run by Bluetooth and internet. So you have a lot of that type of technology being used with the wars right now. And then just good old fashioned hackers that are hacking in, trying to take down networks of the actual opposer. Because if you take down the internet, they can’t connect. They can’t communicate unless you have sat phones. I mean, just recently we had an issue where AT&T lost 72,000 people in the Southeast region of the US, maybe even in other areas. If you had AT&T in New Orleans a few weeks ago, you didn’t have a phone system for about four or five hours one morning. If you can take down internet, power, water, anything like that. Basically stop human life from moving and functioning in that region. So I feel like a lot of what’s happening in the wars, they’re utilizing hackers to the fullest capability.
Theresa Jones (Guest) – 00:08:57:
Yeah, just taking the internet down could cripple an economy. We experienced this here in the Seattle area when there was an island, San Juan Island, that had their internet cable cut. And the island itself, if you think of that as like a body or a country, it really crippled the economy for a while. Just because they didn’t have internet, they couldn’t process payments and everything else that kind of goes along with that. So that definitely resonates. I was looking at some stats before coming into this show and reading about how in the U.S. Data compromises are at a record high. If we look at trends, that monetary damages in 2022, as an example, saw a year increase of around 50%. The federal agencies are reporting tens of thousands of security incidents. And we know that a single breach can involve a billion accounts like what happened with Yahoo years ago. So thinking about all this, there’s so many people involved that need help or that are, you know, you mentioned, oh, you know, one device could link all the way to your bank account through the network because everything is connected. As we think about the responsibility, we got businesses, we got consumers and users, we have the government. Who holds like the market share of responsibility when it comes to kind of preventing and detecting cybersecurity? Is it evenly distributed? Do you have any thoughts on the global macro picture of working on this? I mean, the problems are only rising right now.
Jeff Dance (Host) – 00:10:19:
It’s a combination because unfortunately, individuals are not educated on the risk of connecting your banking information because I hate to say it, as a society, we have become really laxed. So it’s like we want to be able to verbally tell the speaker to pay such and such bill. Okay, is that really safe to connect your bank account to a speaker that’s connected to the internet? Nine times out of 10, you didn’t even change your username and password on the router. You haven’t pulled that yellow sticker off. You haven’t done any of that. No one is really educating individuals. So then when they go into the workforce and are educated on how to properly and securely operate the devices and the technology, but then on the same side, the businesses don’t budget for technology, cybersecurity. So then they have their responsibility. But at the same time, the federal government is allowing technology to just go into the market without being vetted. Like right now, we’re trying to take stuff out of the market because of artificial intelligence. We need to be on a proactive end. And then govern it before it even hits the streets. So it’s like, how do you tell people you potentially cannot watch TikTok in the U.S.? Do you want to see people burn buildings to the ground? I mean, people live and swear by their social media. So you have a combination of everybody’s at fault. Everybody has a certain level of risk. However, when it comes out to these critical infrastructures, I feel like we need to make sure that our executive leadership teams are educated, when it comes out to cybersecurity. So like in a couple of weeks, we actually are doing a training class for two port authorities here for their executives to teach them cybersecurity. Down to their phone security, why you use a VPN, why you use remote access, you know, how to properly use your cell phone, what to click on and what not to click on. Because if they, the heads don’t do it, they can’t educate the staff. They can’t do it at home. And we know technology, everybody wants to use, you know, free open source technology right now in the work environment. No offense, my clients are mad right now. You can’t use Chat, PT GPT. You cannot use the free solution because we can’t govern it. So it’s a combination. But in society, we have all the fairy dust and glitter, all the greatest technology out. And when you see that, hey, it can help me write stuff and it’s free and it’s going to make my life easier. Yeah, let’s do that. Let’s sign up for that. And not realizing the amount of risk on the back end that it’s putting to the organization, you as an individual, your family, the whole nine. So I think everybody has a key part, that they have to play and own the amount of risk that’s happening when it comes down to cybersecurity and the lack thereof.
Theresa Jones (Guest) – 00:13:04:
We can’t just blame individuals or businesses or the government. We’ve got to work collectively and have a lot more awareness because the problems are only on the rise and they’re only going to go up, essentially. So it needs to be more of our curricula and our know-how at every level. Exactly. There was a recent cyber attack on pharmacies, which was interesting in the last couple of weeks. And it kind of brought to light, you know, this industry specific threats. What are you seeing as far as like industries that are kind of most vulnerable to cyber attacks?
Jeff Dance (Host) – 00:13:32:
The way I describe it is the fact of if it’s an industry that service the masses, number one, if it has mass reach, if it can stop any type of payment, comforts in life or necessities like water, gas, oil, electricity. I feel bad for the cyber people who work in the power industry because I know they are heavily under fire from hackers all over the world. Like, you know, I just people, everybody just naturally assume it’s in Russia and China. No. If you ever look at the maps of where the attacks are coming from and look at reports, it’s even from right here on the U.S. Soil. But what incentive do people have not to want to attack when we are constantly giving away ransom amounts of 4 million for, you know, the Colonial Pipeline? Or for the medical one recently with UnitedHealth, it was $22 million. I mean, that’s a lot of money. And technically, how are you going to track them down? And you can’t even track the money because it was sent in Bitcoin.
Theresa Jones (Guest) – 00:14:30:
So there’s an economic aspect that’s driving some of this as well. And payment stream that enables that to be anonymous.
Jeff Dance (Host) – 00:14:36:
So I think if I’m not mistaken, it was over $400 billion last year that went to waste because of cyber attacks. And they’re projecting by 2025, it’s going to be a trillion dollar industry, cyber crimes.
Theresa Jones (Guest) – 00:14:49:
Wow, amazing.
Jeff Dance (Host) – 00:14:50:
And it’s an industry.
Theresa Jones (Guest) – 00:14:52:
It’s an industry. I’ve definitely seen the dark side of entire corporations, at least in, I’ve read a lot about foreign entities, corporations that are just dedicated to this. And that recruit and enslave people to be involved is fascinating. So, Theresa as we think about businesses of different sizes, you consult for companies of all sizes and organizations. How does your advice change as you think about the size of the organization you’re working with?
Jeff Dance (Host) – 00:15:15:
It changes drastically because a small business cannot afford what a municipality should be able to afford. But unfortunately, they can’t afford true cyber either because cyber is a layered approach. So for small businesses, I try to find cost effective ways to help educate them as well as get them proper insurance. A lot of people don’t want to get cyber insurance because for them, it’ll be the detriment to a small business if you wipe their bank account out and they can’t get their money back because they don’t have cyber insurance. In a governmental sense, it’s a little different. So I start with small businesses with insurance, but with the government, I start with them with the actual infrastructure itself, like going through the what’s there, what’s not there type of conversation. So for the businesses, it’s more of a high level consulting and make recommendations on governmental agency. We go in and start testing. That’s the approach. That’s the difference in the conversation.
Theresa Jones (Guest) – 00:16:09:
That’s helpful. What about from a personal perspective? You mentioned we have so many devices, they’re all connected. Any practical advice you kind of give to friends?
Jeff Dance (Host) – 00:16:18:
Believe it or not, my siblings all have Trend Micro firewalls at their house. And they were like, why do we need a firewall at our house? I’m like, we’re not going to go through that conversation, but you’re going to have it. The selling point to them was when the kids get punished, they can turn off the devices that the children want to play on, the games, the iPad, cell phone, whatever. And I’m like, it’s for you to govern your traffic so you can know what’s on the network and what’s not on the network. But they use it to do something a little different. But I’ll tell anybody, even a small business that works remotely, get a Trend Micro firewall for your home. They’re like 109 bucks on Amazon with like a $39 a year subscription. But they’re very effective and they’re easy to install. And it’s an app on your phone. That is like the first thing I tell a small business owner or a consultant or just family and friends. Everybody has a Trend Micro at the house.
Theresa Jones (Guest) – 00:17:11:
Thanks for that practical advice. I’ll have one from Amazon by the end of the recording. Let’s shift to the future. Talk a little bit about the future. Let’s start with AI. You know, AI is going to be a big part of the future. We’ve seen all the rapid advance this year. How does that bring new concerns or maybe benefit this space? Tell us more about AI and the future.
Jeff Dance (Host) – 00:17:32:
So in terms of the future, I said the future is going to be hell because AI allows everything to be done so much easier, more efficient, fast. So it’s great in the sense of a small business or a governmental agency. Having not enough manpower and being able to do more faster, that’s great. However, when we talk AI in terms of what bad guys can do with it, it’s a whole nother level. I mean, I don’t know if you saw on CBS a couple of weeks ago on the morning show, they are literally able to take voice clips from people’s dead loved ones’ voicemails and make whole conversations. And, you know, it’s warm and fuzzy for that person. But I think about what criminals would do with that. We have your loved one hostage. If you don’t send us X amount of dollars in Bitcoin, then they use that person’s voice because they got a clip off of your phone. That sounds extreme. It sounds like something out of the FBI show or something like that. But technically, that’s what they can do with it.
Theresa Jones (Guest) – 00:18:25:
It’s readily available to the everyday person now where you can mimic someone’s voice. You can create a video of them. And so those can be tools, weapons in the wrong hands.
Jeff Dance (Host) – 00:18:36:
Definitely. And even right now with spoofing, fake text messages, I looked not too long ago, the largest spoofing app has over 43 million downloads for regular people to use. We’re not talking hackers, just regular people. So I can call your phone from my phone and put somebody else’s number on the call ID and send you text messages as if I’m somebody else that I know number is in your phone. So it populates as that number. This is a dangerous game we’re playing at this point. And who’s regulating? So it’s not like it’s stuff that only cybersecurity people with credentials and secret clearances and stuff can get access to it. If you got an iPhone or Android phone, you can download whatever you want. As long as you pay the fee, if there’s a fee involved. So how do we govern that? That’s what terrifies me about the future of AI. I love AI. I use Jasper AI. And I was fascinated because Jasper AI has integration now complete in Microsoft Word. And I don’t even have to change screens. It’s fascinating. However, what about people who are not trying to use the technology for good? It’s making things too easy. I remember when I first got into cybersecurity, I thought hackers were people with hoodies and they’re in the dark drinking Mountain Dew, eating fried chicken wings and donuts. And they’re typing away, typing away. And they know all this code and they’re super, super smart. Only to find out most of hacking is automated. You’re artificial intelligence. And I was like, so they’re not that smart. They just know what tools to use. And unfortunately, as time progresses with the dangers of us being more connected with more devices, we technically can’t live without certain things at this point. Like you said earlier, internet goes out on an island. You can’t shop. Some people can’t even move their Teslas. You can’t move your vehicle. You can’t entertain your small child that’s used to walking around the house with an iPad in their hand. I mean, it’s chaos. And I believe AI is going to aid in some horrible, horrific chaos for as much as it does for good for health care and stuff like that. I think it’s going to be equally bad because criminals will use it in a different way.
Theresa Jones (Guest) – 00:20:46:
Yeah, I think, you know, as we look to the future, we’re on the precipice of some new industries that are more like babies. We saw mobile phones, the cloud, the web, the dynamic web just grew up in like the last 15 years. But, you know, 15 years ago, they were kind of non-existent. Even social media was mostly non-existent. Today we have AI, IoT has been around for a long time, but it really hasn’t been smart yet. We got robotics, AR, VR, all this stuff that’s sort of at the early stage, but these are all connected devices. And so if those grow 10 to a hundred times in 10 years, we’ve sort of proliferated our connection, but also the dark side of technology as much as the good. And at the center of that, right, is cybersecurity. So where do you think threats will be more rampant and what do you think will have solved as we look to the future? Do you have any predictions?
Jeff Dance (Host) – 00:21:38:
So my prediction specifically for 2024, we laughed at the beginning of the year, is specific to critical infrastructures like the power grid. They’re going to be attacking cellular. They’re going to attack more medical because the medical records, instead of it used to be like $350 on the dark web for a record, it’s like, I’m not mistaken, $550 right now. You’ve even seen attacks, physical attacks on mail couriers to get access to the mail keys for the blue boxes to get people’s personal data out of them. You can sell a mail key on the dark web right now for $1,500 to $8,000 a key. So they’re doing different attacks because they want the physical data to make cyber crimes from. So I’m feeling like anything that would disrupt life, it’s definitely going to be worse. Election attacks is going to be huge for the upcoming election. Special events, believe it or not. If you can cut the power and cut the internet off at a special event, it’s utter chaos if you have thousands of people. So I’m really concerned about a lot of different things. And futuristic-ally, it’s only going to get worse. This is not something that’s going to, we’re going to have a cure all and it’s just going to stop. It will never stop. I always have a saying, if one man can make it, another man can break it. And believe it or not, all of this stuff is man-made. We are making stuff. We’re creative. And I think it’s fascinating. When you look at how far we’ve come as a society to the fact that we’re in cars that don’t move if you don’t have internet, Bluetooth connectivity, and you don’t even put gas in it. But how dangerous is it if the internet goes out and there’s no power for you to charge it? What do we do?
Theresa Jones (Guest) – 00:23:16:
So basically, are you suggesting that we have a million more cyber ladies that we kind of clone you? Is that the answer? What hope is there for a future that’s going to be harder from a cybersecurity perspective? Like we have to invest a lot deeper in the space, is that sort of the call to action, given what we’re facing in the future? Do you have any ideas that, you know, will help solve what I’m hearing is sort of like, hey, it’s just going to get worse and worse and worse?
Jeff Dance (Host) – 00:23:41:
It is. One of the key factors is educating the next generation and getting them into cybersecurity jobs. The workforce is like really short on qualified cyber talent. And it will be. I think in 2025, they said almost a third of the cyber jobs won’t be able to be filled because there’s going to be such a big shortage. So talent is definitely going to be one of them. Educating yourself individually on tools that you can use. So right now, like we were just talking about AI, we’re as an organization changing software out because there’s only so many people you can hire. Right. So the software technology we’re looking at has more AI and we’re doing like extensive research on it. But it’s specific because right now we don’t have enough people. I’ve been interviewing people for weeks to fill one specific IT job, not even a cyber job. And I cannot find adequate talent. So you’re going to have to, as an organization, whether it’s a business or corporation, small business corporation or governmental, make sure that you’re educating yourself on the tools that can be used so you can cover more ground faster with less people. And I know people are concerned about technology and AI putting people out of work. It won’t do that in cybersecurity. We need every person that has interest in securing a computer or a device in the field. Like we need as much help as possible in this industry. And it’s only going to get worse. Because, less people want to do traditional nine to five jobs. Everybody wants to freelance. You know, we have the gig economy, which is not a bad thing. I mean, I’m a business owner. I own three companies. But we need people who want to go work for those companies so we can help secure things quicker.
Theresa Jones (Guest) – 00:25:23:
Got it. So basically what I’m hearing is an increase in demand for cybersecurity talent. So that will be something we’ll see more in the future that’s going to proliferate much as the dangers and the threats and the attacks proliferate. Also using tools and increasing tools to sort of prevent or protect or remediate issues, including AI tools, you know, using AI against AI or AI as an issue, essentially using AI agents. That could be part of the future as we think about trying to remediate issues that will only grow.
Jeff Dance (Host) – 00:25:54:
Yes. A lot of tech companies are going to, instead of like a penetration testing year model, to continuous pen testing software. So it’s happening 24 hours a day, seven days a week. So that’s where that automation comes in. So it’s a little more expensive as a software tool. But if there’s only 100,000 pen testers in the world, everybody needs pen testing. Somebody is going to come up short. So that’s a good example of how technology is changing and growing with the demand for the human element that we need. You still need the humans to go in and check all the findings and make tweaks and changes. But that’s an example of how we’re utilizing artificial intelligence to help bridge the gap until we can get more people in the field.
Theresa Jones (Guest) – 00:26:37:
Makes sense. Just speaking from experience, we’re a company of 400 people, primarily designers, software engineers, and hardware engineers. But we do a lot of advanced technology work, work with robotics and automation and hardware products and software systems. But we’re a tech company that has a human-centered focus. And we have a lot of attacks ourselves of different forms, and they’re only getting more clever. Mimicking me as CEO to kind of request money, this is a common thing that I think every company is facing. And the notion of continuous testing versus like a one-time analysis and stuff like that is something we recently taken up on. But that sounds like something important for our listeners to hear. Countries seem to be at play as well. I’ve recently been reading about the House bill to ban the use of foreign manufactured cranes in ports to safeguard against threats like cyberattacks because there’s devices or cameras that are tracking the whereabouts. Of how things are flowing. So what other legislative issues do you see as it relates to cybersecurity that need to be addressed? This is like, a recent example, but are you seeing the right legislature kind of be put in place to help pave the way for things that need to happen at the governmental level?
Jeff Dance (Host) – 00:27:50:
I’m going to get in trouble for this?
Theresa Jones (Guest) – 00:27:51:
No.
Jeff Dance (Host) – 00:27:52:
And the reason being, you have people making legislative decisions who don’t understand technology. And it’s hard to govern something you don’t understand. And that’s a huge issue. So I have written White House Senate testimony notes for port authorities to go and talk specifically about the cybersecurity needs. So the good thing is, because they’re critical infrastructures and our legislation recognizes the importance of keeping them secure. During when the pandemic first happened, I don’t know if you remember this, on the West Coast, they had ships just hovering. Just they couldn’t do anything. That gave purpose to investing more into cybersecurity for port authorities. Right. Well, White House just announced, if I’m not mistaken, President Biden is releasing, I think, $20 billion. In funding specific for port authorities right now. This happened this week or even last week. So the legislation is they’re investing in it, but they’re still not governing it. So I love the fact that they’re really thinking really long and hard about putting cranes, unmanned crane, a high level drone, if you will. From other countries, because technically, when you get a crane, are you going to take the crane apart and go through every chip and everything that’s in that crane? No, you’re not going to do that. And part of like the Buy American Act for us, when it comes down to cybersecurity and what we’re putting in people’s infrastructures, we have to buy American items. Hard thing is, American made items are extremely expensive. But it’s the thought process that an American organization wouldn’t try to do the things that they’re thinking foreign adversaries would. Truthfully, we’re not safe from anyone, but I get the logic. But back to the legislation, I feel like when all hell breaks loose, they throw money at it. We need to be more proactive than reactive and throwing money at it. And it’s too late. We’re a few years behind in technology in terms of being proactive when it comes out to these solutions. I’m excited about the crane situation because, of course, I work with so many port authorities. When we talk secure and OT devices, they’re constantly putting new things in. We have ferries that have, people don’t think about it, internet connected, the engine rooms, they want to watch it from the dock. So if somebody can get access to the ferry with the people on it, with cars and families and crash it, just saying hypothetically, you know, from a bad actor perspective, that’s a solid no. No, well, we should have proactively put rules and policies in place that says this is the only ways of making communication electronically for these devices. These are the things that need to be put in place. So it’s a lot of policies and policy writing that has to go in place. I just wish it would go on the front end before we put it into the market. But unfortunately, we already have cranes in the U.S. That are from overseas. I mean, we had a parade in New Orleans when some of the cranes arrived for Porter, New Orleans, a few years ago, it was a whole thing. But it’s just very, very important that we don’t have equipment. I tell people all the time, don’t buy network equipment off of Amazon. You don’t know who’s buying and reselling equipment to you. You don’t know what they’ve opened and put in the equipment. So it’s the same principle with getting these devices from overseas. A crane can do a lot of destruction. I don’t think people think about what it does. It picks up stuff, right? But it picks up tons of stuff at one time. Well, if a bad person gets a hold of it and starts swinging it and flinging it, what happens when that cargo container goes flying in the air and there are people around? We don’t think about that. So, like, the legislation has to catch up and get it ahead of the technology is a huge part of it all. So I hope we get proactive with our legislation.
Theresa Jones (Guest) – 00:31:42:
It sounds like we need to do more preventative medicine, essentially, as we think about this space, especially as it’s growing. We talked about AI for a little bit. What about other technologies that you see affecting the space or maybe growing the threats? Can you think of other things that are going to be changing in the future that will magnify or help?
Jeff Dance (Host) – 00:32:00:
Drones, not just the cute little Drones that you’re flying with a little camera on it. We’re talking all of these devices, these robotic devices that basically can function without a human actually touching. And I know there are consulting firms, simulators, you know, organizations that are connected to you guys that develop that level of technology. But who’s governing it on the front end? So what happens when the cute little robot, that’s the police robot. I love those. I think they’re so cute. It’s trying to, you know, help apprehend someone and it’s malfunctioning. And it’s facing people like what are the protocols and things are in place to guarantee that that won’t happen or that people can’t hack these devices. So I think artificial intelligence with a company with like those unmanned devices and robotics is going to be a big concern futuristically. And, you know, 20 years ago when I was in my 20s, we watched the Jetsons as kids growing up. But we didn’t really think it would be possible to fly around with a jetpack. It’s happening. We didn’t think about cars that can drive themselves. We have vehicles that park themselves and can drive themselves. The technology is constantly evolving. So what do you do when the next phase of vehicles, because like I’m waiting for the little hovercrafts. I’m waiting for like the Tesla to turn into a little, put some wings out on it and we can fly and I don’t have to sit in traffic. Like when that happens, how do we govern that? How do we secure it in advance? But that’s how fast technology is moving. We’re putting people in space right now for vacations, like just a little fun excursion. I mean, at a price point of what, a couple hundred grand or a million dollars, but it’s happening. So now we have the component of space technology mixed with cybersecurity. How do you secure a rocket ship?
Theresa Jones (Guest) – 00:33:44:
Right, right.
Jeff Dance (Host) – 00:33:45:
It’s interesting.
Theresa Jones (Guest) – 00:33:46:
It’s interesting, especially when you think about what’s going on right now from a warfare perspective and how that’s advancing drones and how people have used vehicles to crash into our own buildings, our own infrastructure, right? It’s like these are real things we’ve seen in our lifetime, but the threats are growing and the problems are growing. You know, how do you personally keep up with all this? You know, there’s a lot going on. Can you think of any sources that people that are interested in the space can stay connected to as they advance their own measures or are interested in the profession?
Jeff Dance (Host) – 00:34:17:
So I get a lot of information from organizations like InfraGard when the FBI puts out reports about different things in terms of cybersecurity. I get a lot of information from CISA. I actually read a lot of magazines. So I’m the crazy person that will go to Barnes & Noble and drop $200 on Tech Magazine just to see what’s the latest and greatest. The other day I spent like $168 on Seven Magazine. I’m like, what did I buy? But they’re specific to MIT Technology, the Harvard Business Review. Like, I read stuff like that to keep me entertained at night. But it also keeps me cutting edge when it comes down to technology. Whenever Time Magazine or Forbes does a special issue on technology or artificial intelligence, I’m always looking at that stuff. It’s usually not as advanced as what we would like to see as tech people. But newsletters and blogs, being on Reddit, you can ingest it from everywhere. But I’m an old school person, so I like to flip paper. So like magazines are my go-to.
Theresa Jones (Guest) – 00:35:19:
Nice. Thanks for the reminder to pick up something physical. Tell us more about advancements in cybersecurity technology that you’re most excited about.
Jeff Dance (Host) – 00:35:27:
Email security. People drive me mad with their phishing links and phishing attacks and clients. I got breached. No, you didn’t. Don’t say that. So like Proofpoint, CrowdStrike, different ones have come up with some new innovative technologies that can not only block the Gmail, because the hackers are smart. They know you don’t want to block Gmail or Yahoo because you don’t know who it’s coming from. Even though it’s not a personal domain to a business, that’s how they were getting a lot of stuff through. Well, now the technology has filters in the security that actually can track and show before it populates into your email system. But it checks to see the origin, the type of content that’s in it, and whether or not this is probably a real email that you should receive. So I’ve been putting that as one of the things we’re ruling out today for a client. Now, those types of technologies in place. Because a lot of attacks aren’t really hackings. It’s phishing attacks that people are clicking on their own thing. So advancement in email security is huge to me right now. Because that’s also connected with that human element. It’s not the hacker sitting outside in the parking lot with a hoodie. It’s the people who are sending those emails or the text messages that people are getting. And they’re clicking on links because UPS is sending you an update on your package that’s being delayed in traffic. And they ask for your social security number. UPS is not going to ask for your social security number. People stop giving more than that information. But people are just like, oh my God, I don’t want a package late. And they’re filling it in, not thinking UPS will never ask for your social. Where you need a birth?
Theresa Jones (Guest) – 00:37:06:
So email security has been exciting because there’s some more advancements there. And it’s definitely a present issue with phishing. So much phishing happening right now of all sorts via text and email that we’re building some systems that can kind of help us resolve a good chunk of that.
Jeff Dance (Host) – 00:37:21:
Definitely, of the continuous testing models, that’s exciting because a pen test is expensive. Like I can’t charge you under 16 to 20 grand to do a pen test, but to have the ability to purchase software, to do it continuous and do one hard human one a year and have something running year round at a fraction of the cost because of automation is phenomenal as well. So there’s different little tools. I’m really personally fascinated by robotics because I’m just like a little nerd. So I’m the person that wants to build a robot from scratch. If I ever had enough hours in a day, we have a running joke that I want a robot butler to bring me espresso and breakfast in bed. So I need to get somebody to make me a robot. To be able to produce breakfast in bed on a Saturday morning with coffee. That I would be the happiest woman on the planet.
Theresa Jones (Guest) – 00:38:17:
We got your back. We can do that.
Jeff Dance (Host) – 00:38:20:
Don’t give me no ideas. So in my mind, when I see people making advancements with technology, with smart cities and robotics, that’s very, very exciting. Unfortunately, it brings risk because you have to secure it. We’re not thinking about putting the cyber parts to the development in place. And I really think it’s really interesting how far we have come as a society with technology.
Theresa Jones (Guest) – 00:38:47:
Thank you. Last couple of questions here. What’s been your most kind of rewarding experience being in the industry so far?
Jeff Dance (Host) – 00:38:53:
I would have to say I’m feeling rewarded now that people aren’t just looking for me for cybersecurity speaking engagements. But now they’re calling me for critical infrastructure conversations because I do so much in cybersecurity. I understand critical infrastructures and risk as a whole now. So I feel like I’m graduating from being a cyber lady to the risk management lady. Or another big one was actually developing Port of South Louisiana’s entire cybersecurity infrastructure. That was huge to do something from scratch. And now we’re doing it more consistently with other customers. But to take advancements like we’re having conversations with Port Authority about putting in EV charging stations and the benefits of taking while trucks are docked and they’re unloading and loading and charging at the same time. To understand that that will, you know, it’s not going to fix the ozone layer, but it’s helping our environment. And it’s still technology. How we’re going to be able to make people and more businesses more efficient with technology, to me, that’s rewarding. When I get to see, I saw the other day a hydrogen 18-wheeler. I know people don’t care about that. I was so excited. I was like, okay, it’s using a different type of fuel source, and it’s going to help the environment. And when you look at them and you see the amount of technology that’s in them, it’s kind of scary at the same time. But I’m excited to see the different things that I’m actually actively having conversations with in the market. And I don’t want to see the power company get hacked, because we talk about that all the time too. But I want to see the good thing that we are accomplishing in technology and how it’s making our lives better every day. Unfortunately, there’s only so much we can do to roll back time what we did to the ozone layer. But if we can do something different and grow every day in technology and security, I feel like that’s rewarding to me, to see that happen. And to be a part of it.
Theresa Jones (Guest) – 00:40:55:
Yeah. I think, you know, how do we keep technology on the good side, right? I think part of the intent of this podcast is to talk about how do we design the future with intent. And I think for the technology to reap the benefits of the good, my takeaway from kind of listening to you today is like, hey, we really got to invest deeply in cybersecurity because there’s a lot of promise for the future of all of these technologies. But to make sure it stays on the good side. Investing deeply in cybersecurity is something that will help us assure that we err way more on the good side than the negative, given what’s happening from a growth perspective right now.
Jeff Dance (Host) – 00:41:29:
Another thing I’d like to share with you about that, too, is last year I did with the Louisiana State Police a cyber summit called Securing Louisiana. And to have law enforcement, military, municipalities and small businesses all in one room and have a discussion about how to make technology work for them and how to aid law enforcement with catching cyber predators who are going after people’s children. Like that’s the side of things we don’t want to talk about. But that’s an unhealthy aspect of technology. We are making technology so easy and readily usable for small children. They’re in danger. So we had conversations about how to secure them with technology and how to educate parents and stuff. That was another really big highlight for my career to be able to bring those entities together. And now we’re going to do it again this year, too. So we’re doing cyber camps for kids to educate the youth. I have a workbook that I created for elders that I’m going to put out later this year. I’m finding reward in different things, but it’s still all educating people, which is very exciting.
Theresa Jones (Guest) – 00:42:32:
Great examples of how the education needs to happen at every level. The seniors that are getting taken advantage of because of their lack of information and then the kids at the same time. So thanks for sharing those examples. Any last thoughts on the future of cybersecurity before we wrap up?
Jeff Dance (Host) – 00:42:48:
A career in cyber is a career that will never die. As long as we’re connecting to the internet, we’ll always have a job. So I’ve always wanted to tell people, get into cyber, look at it from different perspectives. There’s compliance. There’s everything from being technicians and testers to actually policy writers. At the end of the day, technology is only going to continue to grow. And it’s going to be in multiple domains. So if you think about it, I think land, air, sea, space. So you’re going to be able to continue to go on a Carnival Cruise and use your phone and work from the cruise ship. But in the future, we’ll be able to work from a spaceship. All because of technology. And cybersecurity is going to have to protect you and secure you on the spaceship working. I mean, the world we’re living in, we have no limits. And I’m excited about cybersecurity not being limited, technology not being limited. And I’m looking forward to a time where we can see the technology and cybersecurity run hand in hand instead of cybersecurity coming behind the technology. So that would definitely be my last thoughts.
Theresa Jones (Guest) – 00:43:52:
Thanks, Theresa Jones, for joining us today, for all your insights, your passion, your wisdom in the space. I think there’s some great takeaways for everyone from being parents to grandparents to business owners to port authorities or government leaders. I think there’s some great insights from today. So thanks for being with us.
Jeff Dance (Host) – 00:44:11:
Thank you so much for having me.
Theresa Jones (Guest) – 00:44:15:
The Future of Podcasts is brought to you by Fresh Consulting. To find out more about how we pair design and technology together to shape the future, visit us at freshconsulting.com. Make sure to search for The Future Of in Apple Podcasts, Spotify, Google Podcasts, or anywhere else podcasts are found. Make sure to click subscribe so you don’t miss any of our future episodes. And on behalf of our team here at Fresh, thank you for listening.