The Security Masterminds podcast’s first guest is KnowBe4’s SVP of Emerging Tech Insights Dr. Lydia Kostopoulos, who became interested in the cybersecurity space after experiencing 9/11 as a freshman in college. After that, she decided to pursue her educational studies in cybersecurity.
During this podcast, Dr. Kostopoulos explores the state that we are in today, known as the fourth industrial revolution. This consists of AI, DNA editing, nano technologies, mixed media, smart sensors and quantum computing, just to name a few.
We are at the dawn of a new infrastructure being built for things like smart cities, autonomous vehicles, etc. This new era is creating a cybersecurity skills gap given the plethora of new technologies and the rapid pace at which things are changing and developing. As long as technology changes, you need to continue to upskill.
The Security Masterminds podcast’s first guest is KnowBe4’s SVP of Emerging Tech Insights Dr. Lydia Kostopoulos, who became interested in the cybersecurity space after experiencing 9/11 as a freshman in college. After that, she decided to pursue her educational studies in cybersecurity.
During this podcast, Dr. Kostopoulos explores the state that we are in today, known as the fourth industrial revolution. This consists of AI, DNA editing, nano technologies, mixed media, smart sensors and quantum computing, just to name a few.
We are at the dawn of a new infrastructure being built for things like smart cities, autonomous vehicles, etc. This new era is creating a cybersecurity skills gap given the plethora of new technologies and the rapid pace at which things are changing and developing. As long as technology changes, you need to continue to upskill.
we've said that the cyber skills gap, that's something that's not going away and it's not something you provide training one day and you're done forever. It's, it's a constant thing. So long as technology changes, you need to continue to up-skill in terms of understanding what the new vulnerabilities are, but that's one thing. But then on the other side, you're looking at, , security culture. You're looking at, how do you create an environment where you are recognizing that there are people who come from different generations and also have a different understanding of how technology works.
JJ:Hello, everyone. And welcome to security masterminds. The podcast that brings you the very best in all things, cybersecurity, taking an in-depth look at the most pressing issues and trends across the industry. I am Jacqueline Jayne.
Erich:And I'm Erich Kron and we are your hosts on today's show. We're going to be hearing insights from Dr. Lydia Kostopoulos we're going to take a look at the fourth industrial revolution, the cybersecurity skills gap, security culture, and so much more. Dr. Lydia is awesome. Incredibly smart. So I'm really looking forward to this. And I know just like you are going to enjoy this. I'm going to enjoy this as well.
JJ:I can guarantee you will. There is so much to cover today. Eric, let's begin by finding out a little bit more about our guest, Dr. Lydia, Kostopoulos
Lydia:Well for me when I went to college, 9/11 happened my freshman year and that was a big influencer for me to get into the national security space. And I did my bachelor's in international relations and thought I really needed to, up that with something around international conflict resolution, which is what I did for my master's. And then I thought , I think security policy is the way to go about this. And so I did my PhD around that. After that all of my research had been around counter terrorism and any national security policy around counter-terrorism and then I became an analyst looking at terrorist organizations, and I noticed that they would disseminate their ideology through cyberspace and that they would organize, themselves. In that realm and plan .Attacks inside this cyber medium. And since then I was hooked on every single technology that asymmetric actors, as well as nation state actors were using in the warfare and conflict space., many years after I became a technology advisor for the UN Institute for disarmament research,, I addressed UN member nations on autonomous weapons systems. And I continued to engage with the international community on questions, around security ethics, and the social implications of all these emerging technologies in our time. I was working, full-time at the U S special operations command as a technology and innovation advisor. And now I remain as an adjunct faculty member at the joint special operations university, where I look at emerging technologies in the context of the special operations mission set and seeing the threats and opportunities around these new technologies and how they're changing the industry.
JJ:Um, amazing. She's quite incredible. What are you thoughts there?
Erich:Yeah, absolutely. You know, her, talking about the way that these actors are using cyberspace or the internet now for these things, if you think about what we had to do in the past, in past conflicts, , with respect to communication, , and how much easier it is now to communicate than it ever was before because of the internet, . So yeah, this is putting some of this into perspective.
JJ:It sure is Eric. And I asked her Doctor Lydia about how she sees the current technology landscape and here's what she had to say.
Lydia:I like to look at everything through a systems thinking approach where I don't see things in silos and I combine them all together. no. At KnowBe4 I'm the SVP for emerging tech insights and the ideas to see how emerging tech can pose threats and opportunities, but that a space in between where humans have agency, because technology isn't just, , working with other technology, technology is working with humans. And the interesting piece is a lot of people look to techno solutionism, which is where technology. will solve problems. It's just, that's the only solution that is needed is a technology solution. And if that is implemented, everything is fine. But in reality, we have humans that interact with these technologies. We have societies and beliefs, and you can even add in deep fakes and disinformation, and it complicates this execution of technology, if you will. As we can see now with the rise , in ransomware and targeted cyber attacks., there's a lot of new spaces and the threatscape is growing.
Erich:I kind kinda liked the way she put this about the human side and technical side. Now I'm a very technical person. I'm a geek. synchronize my Christmas lights to music. But I had to realize, , that it's not all about technology in the world. So often it's, it's the human side, whether it be policy and procedure that needs working or something along those lines, as opposed to just, we're going to put another piece of software in here, or we're going to tie something else in here and make it happen.
JJ:Exactly. You know, we talk about this a lot.,. The majority of. Successful cyber attacks are because of human error. And it is one of those things that whilst technology has done a great job, , the human side really needs to be looked at. And as I spoke to Dr. Lydia, we ended up focusing on the fourth industrial revolution, which brings together both of these things. And I must say it is something that's not necessarily understood. We speak about it a lot years. We're in the fourth industrial revolution, but most people then say, and what is that?
Lydia:Well, the fourth industrial revolution is where we are today. It's really exciting because comparative to the previous ones, this is the first one where we see so many different technologies converging at the same time. And also it's the first one that is. Accelerating at the speed that it's accelerating right now. For example, in the next 10 years, according to, , serial entrepreneur and futurist Peter Diamandis in the next 10 years, we are meant to have as much change technological change as in the past hundred years. And so the velocity of technological advances. And it's implementation , or critical mass use is accelerating in ways that, , we don't even realize., and so in this fourth industrial revolution, we've got several technologies., we've got artificial intelligence, we've got DNA editing, we've got nanotechnologies, we've got mixed media, you know, virtual reality, augmented reality. We have smart sensors, quantum computing advancements in robotics,, big data, additive manufacturing. Cloud computing. It's just a very exciting space., and, , already, , people are starting to talk about cities as the cognitive cities. But really it's it's the sensors, but the decision making capacity that comes from AI really makes it that cognitive city. And actually, , Andrew nigg, who's the, , former chief scientist at,, Baidu and the co-founder of Coursera. He was famous for saying that AI is like the new electricity. So if you think about how a century ago, everything became electrified today, everything is becoming cognified. And so, you know, before there was a kettle, you'd put it on a stove and warm up the water, and then you plugged in your kettle and it became electrified. That was much more effective and efficient. And then now your kettle will have some sort of smart sensors, I imagine. But you can see that everything that,, was electrified is now becoming cognifying just as, before it was becoming electric. And I think this analogy really does have a lot of merit. And there is a movie that came out in 2017 called the current war, and it is an American historical drama film that was inspired by the 19th century competition, , between Thomas Edison and George Westinghouse. And they were competing to see whose system was going to win in terms of,, the electricity system, the electrical system that they were building. And I think that that's really fascinating because if we look at it today, when back then, like I said, everything was becoming electrified today, everything's becoming cognified, but you can also see that we are at the dawn of a new infrastructure being built, just like then. Who's going to be building the cognitive railroads, algorithmic decision support for smart cities, , for our autonomous vehicles, et cetera. If you, if you think about it this way, that we're, we're building new infrastructure, we're laying down roads like, like in the era where there was cars that were coming, , into the streets. So if you look at it like this, then, , I think you can better understand comments like that, of Russian president Vladimir Putin. When he said several years ago, whoever leads an AI will rule the world. I don't know that he intended for that statement to become as popular as it did, but, and AI is not the only technology in this industrial revolution, but you can see how it compounds the acceleration and technological advancement and the capabilities of any economy.
JJ:So much to unpack there. Eric,
Erich:Thinking about how much we've moved just in the past, like five or 10 years, and, and she's right, we have jumped way ahead and all these, , smart devices, we have Alexa over here, we have these personal assistants, we have all this stuff and I think that's even more difficult to try to keep up with, I mean, how are we supposed to keep up with these changes if we're introducing quantum or tri-state computing? this is going to change how we have to think about everything and I do love the thoughts of having smart cities and there's already things out there that happen. Like some of those, those waste bins that are out there that, , you drop your stuff in there and they compact it and, , whiz and were, and all that they have the solar panels on the top. Some of those are even tied into an IOT device for the city and it will tell them, okay, I'm full now come empty me. So instead of having garbage trucks running around all the time, just dumping something or, or people going by and dumping something, that's a third full and wasting time. We're actually having garbage cans report that this is full. This stuff is happening right now, all around us. And we may not even realize it, but. As this goes on and more and more of this stuff happens, it opens up so many other, concerns about things too. To think about how fast it's already advanced in the last few years, especially in cybercrime.,, it is truly mind-boggling to think And when I think industrial revolution, I think of smokestacks and factories.
JJ:Exactly I looked, the kettle analogy really got me because you can take it even back further and say cave men. They would have found a vessel some way to put water in, to heat up over, wood and flame, which then moved to the next area, which will then moved. These days via my phone, I can on my way home or from my bed before I get to my kitchen, I can tell my kettle to turn itself on, , and boil to a certain temperature. Now that, in my opinion, really unpacks the, in the industrial revolutions easily, just by explaining the kettle or cars. I loved that analogy to Eric. So we think about the way we have traveled., but with that comes other elements of safety we need to bring around and a whole new area of skills. And it is something that I spoke to Dr. Lydia about when we talk about the skills that are going to be required in this fourth industrial revolution that we are already in, because there is a gap, there is a cyber security skill gap, and it goes further to that. So let's have a look at what Dr. Lydia had to say in this space.
Lydia:When discussing cybersecurity skills and in general,, I always think of,, future of work expert, Heather McGowan and her book, "the adaptation advantage." And I think that she does a phenomenal job at contextualizing our moment in time and mapping the relevant human talent needs that we have to. And so she, in her book, she has got this graph where she juxtaposes the four industrial revolutions, where she talks about, okay, the first one, we, the technological innovation really was the steam engine and mechanical manufacturing. And in that generation or. The industrial revolution, the generations that lived there, they learned a skill and that was a multi-generational job. So you, your parent did this and then you could do this because it was going to be around this job and it wasn't going to change too much. But then the second industrial revolution, which is where electricity came about mass production, division of labor, all of a sudden you were joining. And it was a multi-generational industry, not a job. So you could stay in the same industry, but you would need to kind of upskill yourself, but you would, you would be able that industry wouldn't change that much. By the third industrial revolution, which is where we see the end of last century. So computer automation of manufacturing,, you want to pick a good major and go to college, get a good major. And, , you went on this industry career ladder and you would work your way up this ladder.. And this started, , in the 1970s. And then now we're in the fourth industrial revolution, which is approximately starting 2015, where we've got cyber and physical systems connected. The internet of things where,, physical things start to become digitized, whether it's our DNA, our music, our code, et cetera. A lot of our IP is now. And the preparation that's needed for this is to, , be somebody who can learn unlearn, relearn, adapt, and create new value. So you don't just come into your job and say, okay, this is the value I create. No, that's the value created yesterday and tomorrow it may be different and you need to be creative enough to create that new value. So in that sense, we can think of Kodak where they, , we're at a moment in time where they needed to create new value. To meet the new changes that technology was bringing to society. And, , they weren't able to recognize that digital cameras were actually going to take the market by storm. So they understood themselves to be the best, , photo printers. They would print the most beautiful pictures and it's true. They were the best in the market, but they forgot that they were in the business of memory preservation. And if you think about it that way, if you're in the business of memory preservation, that takes the form in so many ways, it could be digital, But. now it could even be, , saving your self into, , a copy of a digital clone. So our mindset is stuck between the industrialized era and the information era where, where we are right now is we're already in between the liminal, between, and the information here and the augmented era. And so when algorithms and sensors and robotics and all these other technologies are augmenting our decision, making our situation awareness. And our value propositions change. And in That sense, we need to be more adaptable and agile. So it's a mindset.
JJ:Eric. You've been in the industry for a long time?, do you see merit in what Dr. Lee has to say?
Erich:Yeah, absolutely. And, and I love the way that she explained it in the sense of being., a job that your parents did and now you do, and how that moved into being an industry , and how that's not even going to matter in the, future. And I, I keep thinking about the mental gymnastics that we're going to have to do to stay on top of this stuff, because it's ever changing. Look at just even now. All of the things that we have to keep up with and how difficult it is for us to keep track of all of the changes that are going on the new technologies, the new way of doing this, this way of, , one thing or another. And if you think about it, when we first got into it and security, , my first jobs as an it guy, , I ran the firewall. I ran the servers. I made sure email worked. And I was in charge of the coffee pot because of plugged into the wall, right. Everything that was electrical was pretty much mine to deal with, but now we've moved into these, much more focused areas., and this is going to continue to go on, , as we move forward.
JJ:I agree., and we also spoke about, , strategic hires and, , a strategic hire is someone who really comes in is that conduit between people in technology, within an organization who, , is sort of got their finger in all the pies with the risk hat on or with the cyber thought hat on to say, okay, new project coming up. What about cyber or new people coming in new process happening? What about risk? What about the awareness? People need to know because things are moving so fast. If it's true that we're going to experience over the next 10 years, the change we've experienced over the past 100. That's a lot of things that are about to happen. And I don't know how all the skills will be able to increase or be, , moved to where we need to go.. And as we continue the conversation, we did come up to, , security culture that's for sure. And it is more than a buzzword these days. It's one of those things. That's a critical element of our day-to-day life. And I asked Dr. Lydia what organizations do actually need to consider when it comes to this
Lydia:so, , we've said that the cyber skills gap, that's something that's not going away and it's not something you provide training one day and you're done forever. It's, it's a constant thing. So long as technology changes, you need to continue to up-skill in terms of understanding what the new vulnerabilities are, but that's one thing. But then on the other side, you're looking at, , security culture. You're looking at, how do you create an environment where you are recognizing that there are people who come from different generations and also have a different understanding of how technology works. Some that work with legacy systems and then others who are, , X more exposed to newer technologies, but then. As we are experiencing so many new technologies coming online inside our workplace. So think about all of the digital transformation programs. Technological change management needs to have with it some sort of cybersecurity plan. And in that sense, I think that , we should have a category of people that are called, whether it's a strategic hire or a strategic appointment. If somebody that's already inside the organization, but where these people are either project managing the technology change management, or they're leading, , digital transformation, but these people need to have an awareness of what the technology risks are, what those cybersecurity vulnerabilities are and to be able to communicate that in a way that is accessible to the people. So the reason I say it's so important to have in-house and why it's strategic is because you don't come in and say, great, we're rolling out this new technology. People need to have training on that technology and you can say, okay, well, we'll just provide them the quick training on that. You know how to click around and get your job done. And it's like, no, you need to have someone who's there., the team can go to and say, Hey, I don't understand the value of this technology, or I still don't. I can't do my job because this is not as efficient as my previous program. That's now a legacy program and you need to have that person that's there to say, well, let me walk you through why this technology is actually quite useful., let me show you the ins and outs of it, but this is not something that happens in a. Eight hour or five day session where you've got information overload. This is something just like any other culture that develops over time and where you try and encourage the building of trust around these new technologies. And I use the word trust because,, there's some people who just don't trust new technologies. And this is why we have the, , the diffusion of innovations model. Everett Rogers in 1962, where he talked about how you've got the innovators, the early adopters, the early majority, you've got the late majority, you've got the laggers and then we have that in our organizations. And so it's about. Pulling everybody together and not leaving anyone behind. And this is why when you've got a strategic, a hire or appointment, somebody who is their job is to be that storyteller, that cybersecurity awareness person, that technology explainer, translator, diplomat, however you want to label it. To help those late majority, , not get stuck in ways that would create security vulnerabilities to the company and also to help them get online with the new tech. And sometimes I just think that, , a lot of the times when technology change management happens or a digital transformation plan, , gets put into place, people are forgotten in that equation. Whether it is the figuring out if they're going to be laggers late majority, early majority, where do those people are in your organization? Cause that'll slow down the adoption process and the efficiency, but also the cybersecurity portion of it. Like you just introduced all these new tech, like do the people understand what new vulnerabilities are in this new technology that they need to be aware of, how can they best posture themselves? So I think you need to have someone who can speak to these things and be a strong communicator to be this, , technology mentor educator coach, as this transition is happening. And I will say, it's not just a one-time transition. This is a continuous transition. So you, you need to have these focal people who are there to kind of help make that smooth. If that makes sense.
JJ:Does that make sense, Eric?
Erich:Absolutely. you know, she's talking about these people that are in these roles, these strategic roles to explain things to folks. And I think we're already seeing some of that. And I think we're seeing success in that in a lot of ways. Like we, we both know people in the security awareness industry, , that have taken this role or security professionals that have taken this role and they're in the middle and they have soft skills. And already we see that, , the people that are they're very successful as like CISOs, , are those that can speak to leadership and to the board and talk to them in their language, but also turn around and be the liaison between the technical teams and the managers, , on the floor, or, , however you want to put that
JJ:Eric, the interesting thing is. I say what I'm about to say with absolute respect people who've had, like you've said with technology, their skillset, their brain is wired in a certain way to do certain tasks and that's where they Excel and we need them there's the communicators of the world who can do the storytelling, who can see the dots, bring them together and break things down, understanding who they're talking to to get the best result. So the, yes, there needs to be that one person who potentially holds enough information to empower others, to get the job done. So, whether it's someone who can sit with a great communicator and say, okay, you're going to see the board and you're doing a presentation, let's work together. Let me make sure you've got the information you need, because you'll be able to communicate it in the way it needs to be done., let's shift gears and let's move into ransomware because what podcast is there? If we don't talk about ransomware, however, This is Dr. Lydia. So who knows what she was going to say?
Lydia:I think we've already noticed this year really has been the year of ransomware. It just it's every day in the news and heads of state are talking about it and militaries are starting to talk about it because it's really something that affects economic prosperity when your businesses are taken offline or in effect are not able to deliver their services. So for example, since the start of COVID, we've seen a, several fold increase of ransomware attacks.. And this, this is something that gets through the encryption, the defense in-depth systems and endpoint protection. It's the human in the loop that they're, , targeting. And, a notable example in the U S was the colonial pipeline attack. They provide, , fuel supply to the Eastern seaboard of the U S the majority of it.. And they had several weeks of fuel shortage that increased fuel prices and they weren't able to deliver their regular, , fuel supply. And this was because of ransomware attacks. So I would like to believe that more people are starting to recognize the, the merger, the interconnectedness between the cyber layer and the physical layer and the ramifications that it can have for millions of people. In this case, millions of people were affected.
JJ:Eric, your thoughts on the interconnectivity between cyber layer and the physical layer of security..
Erich:We're seeing ransomware in a lot of, , more critical areas. The city of Atlanta here, got taken out by it for a long time. All of their, services were hit., some of the police departments,, got taken out by ransomware and, they're having a process, our, our 9 1, 1 or emergency response calls, , with pen and paper. There's so much more that happens in this, ransomware could take down our electrical grid, these things are, are becoming huge
JJ:And they're actually targeting individuals and, and finding these opportunities to say, wow, look what I just found about Eric. You know, he actually has, he has Christmas lights going to music. Let's have a go at this., my brain is going off into a hundred different areas, but yeah, ransomware, like I said, what good podcast would not be around these days if we didn't talk about ransomware?
Erich:Yeah, not in the cybersecurity space for sure. I mean, I guess if you're talking about farming, , home vegetables or something,, maybe not ransomware yet, but it will be, there will be there eventually,
JJ:so as we move through the different, , industrial revolutions and where we are that evolution should I say, we find ourselves in a quandary of people and technology and trying to get the interconnectivity there., and I think that's probably one of my biggest challenges.. So wrapping up, I asked Dr. Lydia how she sees the most effective way engage the hearts and minds of people as we work towards bringing humans and technology together, let's hear what she had to say.
Lydia:Well, I think the first step is like humanizing employees instead of. Seeing them as the, kind of these cogs in the system. And once we humanize our role in this, technology adoption period, and also, we're also recognizing that we're in an era that everything is changing so fast and kind of saying, Hey, we're all in this together. And, you know, like, this is what I know, and this is what I don't know. And even talking about how sometimes it's uncomfortable, it's uncomfortable that maybe you're chatting with a bot about your health issues. And you're not sure if you want to do that or not, or whether or not this makes sense, technologically, for the company to go forward in that direction. I think people want to understand the why, and they want to see the bigger picture because they want to be part of that. And if you, treat employees like cogs in a system like, here you go, this is your tiny bit of it., without having that full vision, that transformation, how the company is trying to move forward and deliver value. And I think it's really exciting, , it doesn't matter what industry you're in., it's fascinating what's happening in transportation. What's happening in healthcare, , across every industry, so this is where I think that that storytelling piece is really important to help people understand where their role is inside this new vision for the company, this new technology transformation, but then also say, what is your role in protecting that? So it comes hand in hand.
JJ:Well, lots to say there so much to take in Eric.
Erich:Well, I love that, that part about just what she ended there,, that the technology and your role, Now that's not to say that every accountant needs to be a cybersecurity expert, but we're going to have to start teaching those skills. And I have to wonder if in the colleges, if the universities are going to start making people learn some of these cyber security skills as they get into these, these types of jobs. And I want to be clear, we have this generation that's been brought up with technology. My kids are fantastic in user interfaces. They are amazing with that stuff. But that doesn't mean they understand how the technology works or even all of the risks with it. We all have a role in this, regardless, just like we used to have a role in, if you worked late, you made sure the front door was locked. We now have to have the role of making sure that when we work, we keep the doors around us locked as well.
JJ:Let me tell you, Eric, I have learned so much today. We could actually keep talking for another hour. Dr. Lydia Costopoulos is incredible and, , chatting with her was an honor., her brain is quite remarkable. What's your key takeaways. Well, we have been discussing today, Eric.
Erich:I think it's that we have to be aware of how quickly things are evolving and will be evolving and how we need to get the people that are going to be using these tools up to speed. Soon. We need to start tackling this now, before it's too late. And I liked what you talked about with doing it at a young age.
JJ:I love it. My brain's ticking away doing all sorts of wonderful things., my friends, we have come to the end of our first episode I am JJ, and I'm joined by the wonderful Mr. Eric Kron and remember to subscribe and leave us a review because that's important to us bye for now
Erich:Take care.