Security Masterminds
The podcast that brings you the very best in all things, cybersecurity, taking an in-depth look at the most pressing issues and trends across the industry.
Connect with us on our LinkedIn page! - https://www.linkedin.com/company/security-masterminds-podcast/
Security Masterminds
Breaking down Blockchain and the Impact on Cybersecurity and Industries with Guest, Jean-Michel Azzopardi
You know about Blockchain, but do you really about blockchain? Then this episode is for you! You will learn:
1. The potential for blockchain technology to create a more secure world.
2. The misconceptions about blockchain technology.
3. The auditing and validation process for blockchain technology.
4. The four foundations of blockchain
"Blockchain has the potential to create a more secure world with its ability to be immutable, validated, and secure."
Jean-Michel Azzopardi is the CEO and co-founder of Infinity, a Web 3.0 startup. He has a background in enterprise, blockchain, cybersecurity, and video games. Azzopardi got into blockchain in 2011 after realizing the potential for this technology to change the world.
LinkedIn - https://www.linkedin.com/in/jean-michel-azzopardi-b33ab439/
Email: jeanmichel@infinity.com
KnowBe4 Resources
- KnowBe4 Blog: https://blog.knowbe4.com
- Erich Kron - https://www.linkedin.com/in/erichkron
- Jelle Wieringa - https://www.linkedin.com/in/jellewieringa
- James McQuiggan - https://www.linkedin.com/in/jmcquiggan
- Javvad Malik: https://www.linkedin.com/in/javvad
- Music Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.com
- Announcer: Sarah McQuiggan - https://www.sarahmcquiggan.com
This show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/
So like keeping it as simple as possible, a blockchain is a networked database with multiple instances of the same data stored in different physical locations. And all of those locations are directly connected and one cannot be changed individually without changing them all. It's mutable, it's checkable and it is secure. Hi, I am Jean-Michel Azzopardi. I am the Chief Commercial Officer and co-founder of Infrinity.
Announcer:Welcome to the security masterminds podcast. This podcast brings you the very best in all things, cybersecurity, taking an in-depth look at the most pressing issues and trends across the industry.
Erich Kron:When it comes to blockchain technology, it has the potential to create a more secure world with its ability to be immutable validated and secure. In this episode, we take a deep dive into blockchain technology, the misconceptions regulations and how it can help us in the future.
Jelle Wieringa:Jean-Michel is the CEO and co-founder of Infrinity, a web 3.0 startup. He has a background in enterprise blockchain, cyber security and got into blockchain in 2011 after realizing the potential for this technology to change the world.
Announcer:This is episode 10, breaking down blockchain and the impact on cybersecurity and industries with our guest, Jean-Michel Azzopardi.
Jelle Wieringa:Welcome to another episode of security masterminds in which we'll be interviewing Yami shell Azo party today, Eric, I'm really looking forward to this episode.
Erich Kron:So am I, this is one of those things where blockchain has just been one of those very interesting topics that I honestly don't fully understand. So learning about that I think is incredibly important today. And I'm really looking forward to this.
Jelle Wieringa:Yeah, I'm the same blockchain to me is. It's kind of like a magical thing. It's a really cool tech that I don't know anything about, or at least not, not enough. And I'm really excited that we have Jean shell. Who's a good friend of mine on this show. He knows so much about this stuff and can definitely enlighten us. I'm looking forward to that. So just to start off with, he already introduced himself, what we wanted to know, how did he actually get into cybersecurity and block?
Jean-Michel Azzopardi:On a personal note, I guess you could quote me a person that never really found their place. So I've spent the past 10 years in, in it and in startups, I'm on the whole, I'd say half gamer, half crypto punk, half blockchain, ju or actually third part block change out. I have a background in enterprise. It blockchain, cyber security course, and lot of video. So I'm first. Got into block church and it bit earlier than I expect, I always thought it was 2012, but apparently it's 2011. And the reason why I was so interested is because I was spotting the story of Ang extremely closely. And I realized that eventually once he had passed the information on from the chest Manning onto what back then, pat adding onto WikiLeaks visa just basically woke up on there and said, Hey, you know what, no more Don for. I was like, ah, that sucks. These guys were doing something really great. They showed us that the states lack the better words. Isn't a sort of true here that Western media usually portray lives and this guys were doing something great about it. And that did their whole thing and said, oh, what cash for you? And they announced that they were taking payment, a thing called Bitcoin. I started doing research back then at Brenda stop shoe white paper. And I was playing, I think like back then I was like playing world of Warcraft. Nine 10 hours a day kind thing. That was like, that was my life. It was a brilliant time because I was working and li I was living around digital assets and experiencing digital economies and what everyone's idea of the metaverses and at the very early stage of my life. And then when I heard about this thing, Bitcoin, I was like, I started doing a little bit more research and I was like, yeah, this is, this is something really cool. Like the bike system is broken. Like I was very young, but I could understand. We bail the banks out in thousand and eight. And that was something that we shouldn't have done. Like we don't build the people out when they don't pay their home loans. So why did the banks get special treat? I was fascinated. Like I dug into it a little more and it was, I realized that there's this whole thing called the silk road and there's people can buy drugs and stuff and they can also buy the Warcraft bots back then you can pay for wild gold in. I was like, ah, okay. There's has, has some utility. And I saw this utility like back there before, and that this is a question. People are still scratching their heads on what can we do with it? It's so I saw it really early, but I never really understood. I was too young to make any sense of it. And 32 now, so 2011, I was, as she say, really young, and as I got a little bit older and I gained a little bit more understanding of how the world works. I always knew that there was a way for blockchain to be able to change the world in a dramatic way, because I saw the little change it had on my like little where the woke up, right. Suddenly with this new currency, you're creating a whole new form of value in a way that kind be controlled by the authorities, which is governing. And then I got into the enterprise world. So I got a first job at IBM working as an SAP consult. I was fortunate enough to be able to experience like lots of different industries and utilities and oil and gas and manufacturing, aerospace, and the way that the blockchain story kept on evolving was still very early back then. I went to my corporate career thinking, Hey, listen, I hate the man, but if I want to make any kind of change, the only way to do it is from the inside. So even the idea of working with a company like IBM back then, okay. It was great from sort of pressure Schmid point of view. But then from Atos point of view is like, Hey, let's personally get behind here, but it's important to understand how, what you want to destroy works. And that was the plan. And eventually my first company at the same time, I got the job with IBM, liquidated it. Two years later, I've been on the startup world back and forth ever since I've had startups in tech, in JD printing, I had the food delivery platform always early, always learning always. And then eventually I had a cybersecurity startup. And just before that, I was lucky enough to be head of channel for a company called akinetic, which is now in security. Pretty sure it's worth over a billion dollars now at. And that really exposed me to the wrongdoings that happen in this industry without anything that may be incriminating. When you are an employee, you do not have the possibility to vault against the sale of tech to a regime. That's sorry, I'm gonna say about that. And after seeing that, I was just disgusted and it's rekindled my, my enjoyment for, for blockchain and what this sort of chest future looks. And then more down one day analysis that they're gonna do this whole blockchain thing. And I opened this cyber security company for the blockchain space and my boss like then finds out and says, Hey, listen, I know you're doing this. You have to choose you either go and work your own company or you work us. And I was the best sales guy at time. So you couldn't do this or to push too hard, but I could see the word in his face and I'm like, okay, bye ML. And that's when the evangelist. I mentioned came up earlier, but anyway, and like jumped like head deep face burst into the blockchain out, which I eventually crumble like a house OFS less because of the industry CR back then, and more because of the, the regulatory approach, crown blue, there was a little gap actually, before that I spent, when I opened up a cybersecurity company, my idea was simple. I was like, Crypto and blockchain is something really new. And it's also something really unique in the security space because every investment in security. Has an UN quantifiable ROI. Sure. You can find some sort of metric valid or liked and your theory on how your investment makes sense. But ultimately it relies a lot on theory and assumptions. And crypto is the exception to that, right? Because if you steal a hundred billion from a lot wallet, you lost hundred billion. So, so in my head I was like, okay, this is great. There's an education process here. I don't have to go through, like I did with three different. So the people we should get it straight away. And what I learned quite quickly is the crypto industry could not care less about it. And that was a lesson. Very hard learned. Which was extremely expensive and had not only a monetary cost, but a sort of mental side cost. But I can tell you the vast majority of not only, I think anyone in the crypto industry that says we're secure and we take things, although it's a little bit more apparent in this street, but I think it's the vast amount of people in general that's or businesses in general that say, Hey, this, we build cyber secure product and it's just marketing guys have no idea what they're. Because once you peel up a few layers, you go, ah, okay. That's what there is. Sure. Let's get the sort of tin can and break open to see, yeah. That facing all day happen. I was shocked enough to see it happen in the traditional industries like insurance and financial services and stuff like that. But when I saw it happening in the crypto in this shit, I was like, dude, I was like, you are holding tens of millions of dollars and belong to someone else. Are you afraid? Someone's gonna come and break your legs. If you get this wrong, this is what I was think to. And these guys are just like, just smooth, like this cool is a nice day. And I was like, I couldn't understand. It didn't make any sense to me back then. And eventually as I spent a little bit more time and knocked on a little bit of doors, it's a shame. There's no sort. There's no video on this show, but just a little sort of idea for you guys, right? Like to get my first sale for a 10 test in this industry. This is how many people, how many meetings I had to have physical meetings to send a single 10 test. And that's just the ones which the initiation, which happened physically in this following email. And that's something else. So believe me, when I say it was an expensive lesson, those meetings took lot of.
Jelle Wieringa:So Jean Michelle talks about the change in the world in a dramatic way. And that to me is, is very much what blockchain signifies the potential it has at least as far as I know is massive. And I, I, I always wonder why the rest of the world hasn't adopted it, but it's such a beautiful technology at its core with, with such a good ethical premise. It fascinates.
Erich Kron:I think the blockchain very much is struggling with the buzzword problem. And that is it. It was grabbed by so many marketing places and put as a buzzword for everything that it really diluted the idea behind what it is truly capable of and caused a lot of confusion. Now, blockchain is. You know, it's been around for a while, obviously. And I do think it's interesting because I share the same experience where I got to hear about blockchain or even remotely understand it the first time when it relates to cryptocurrency like Bitcoin, I was like, what's this Bitcoin thing about, oh, there's this blockchain thing that was kind of the progression. That was really the first time I heard of the block. But it does seem like it's usable in a lot of other ways, especially when it comes to ensuring that things are valid, right. Kinda like digital signatures type of deal. And that's why I'm, I'm excited about this. And I really want to know more about it maybe without all of the marketing stuff that goes around it. Just
Jelle Wieringa:to make sure that we're all on the same page on what blockchain really is. We ask the expert and this is what he said.
Jean-Michel Azzopardi:So keeping it as simple as possible, a blockchain is a networked database with multiple instances of the same data stored in different physical locations. All of those locations are directly connected and one cannot be changed individually without changing them more. It's mutable, it's checkable, and it is secure
Jelle Wieringa:immutable, checkable, and secure. I like
Erich Kron:those concepts. Absolutely. And, and there's a big need for something like that. That's publicly accessible whenever possible or possibly publicly accessible. I guess you can use it in private things too. I'm sure we'll hear more about that, but ultimately, yeah, the immutability of it, that's a very powerful thing and, and not something that's easy for us to, to do in the past, not on scale, like what blockchain is
Jelle Wieringa:allow. Yeah. And the same goes for the auditability, right? The prospect of something where technology allows you to do those things, immutability, auditability, that's really powerful from a cybersecurity perspective, cuz it, it solves so many of the issues that we run into on a daily basis within our field. A question though, is there's a lot of people that have a lot of different views and ideas on what blockchain really is. But we wanted to know from John Michelle, what are some of the real misconceptions that he runs into
Jean-Michel Azzopardi:many people confuse crypto and blockchain. And that's, I think where the sort of first crossroads is. Right. So it's important to understand that crypto is if we had to think of these things in terms of vehicles, right? Blockchains are vehicles. And cryptos are cars and Bitcoin would be while Ethereum would be like Lambo. And this is like a fair reference to the industry. If there's any sort of like local crypto girls, get guys out there listening, as soon as they hear Lambo go. But reality it's, it's a class and a subclass, right? So blockchain is the class. Crypto is the subclass. Bitcoin is the instance of the. So people think of them as one the same. Now, as far as where's the value, you need to remember that anything blockchain relate like everything to do with blockchain is a very strong crypto. Now I know you hear about just fine heads box. Talk about, uh, price. Does this price does that? No one cares. That's the vaulted on afterwards, right? Like the base part of blockchain is cryptography. And as long as you understand the base of crypto, Then what blockchain can enable should be ready to listen.
Jelle Wieringa:Cryptography and validation go hand in hand. Right? You need to know if something is valid. So how do you actually validate something if it's on the blockchain?
Jean-Michel Azzopardi:That is, uh, an interesting question. And I think that is an answer on this sort of technical level and an answer on the business. So on the tech front, there's a good chance. You will probably not have the in-house tech skills verify any sort of claims, right? That's where you have to start find a reputable law firm, the CSP corporate service provider in a jurisdiction that has a strong regulatory foundation in the blockchain industry. And just ask them and say, Hey guys, these guys are telling me X, Y, Z, we're about the silent deal for 10 ML or whatever. That's the only way to do it's like if electrician came to my house and told me how to do, send that, and then it was a big bill and I wasn't sure I would not did this squat, so I'd have to. A third party to check it out.
Erich Kron:Well, it's interesting that we would be relying on third parties to validate this, but it's good to understand that, that it's not something that you can necessarily just pop in, um, on your local network and decide to validate something in the larger scale. I'm sure when it's in a, in a local sort of way, then that's gonna be more capable. But in the larger scale, like with Bitcoin, it's not necessarily something that's. That you're gonna do yourself. And like so many other things we do rely on other organizations, other vendors, other expertises, to look at this and to validate.
Jelle Wieringa:Yeah. And, and I consider blockchain to be a product very near to cybersecurity. You have other use this too, but the fact that you can validate identity, for instance, validate other things for, for the auditability and immutability is actually something that's very helpful within our field. And the fact that you can't do it yourself and you have multiple people looking at it at the same time. Provides a lot of security assets and aspects that organizations can really
Erich Kron:leverage. I love the idea of something being able to be audited by multiple external entities. Actually, I think that's a very powerful thing when it comes to ensuring the immutability of information, data, anything like that, that we.
Jelle Wieringa:Yeah. And it being built into the technology itself is it's just a cool thing. So we talked about, uh, with char Michelle about various things. And one of the things he mentioned during our talks was the four pillars of blockchain. And we really wanted to share that with you as an audience. So this is what he had to say on it.
Jean-Michel Azzopardi:Essentially it boils down to four key pillars. I call it the four key pillars. So there's digital identity, for example. And that is the idea of tying either your device or your browser, unex specifically Revok to you as a human being. I E giving you a digital signature online with the same legal weight as pen and paper, that's your digital identity, right? And that's why you have to queue in line most of your day for a bunch of uses appointments. Should have been done online. That's why, because the idea of using certificates is okay. It was really cool back then, but it never worked out hassles even for people like you and I, digital identity is number one, two data integrity, data integrity is just leveraging the mutability factor of a blockchain. I E we grab data, we hash it through like chat with the P six or say whatever we hash it and we stick the hash on. That's utility. So in that scenario, let's say, Eric, me and you had an agreement and you are selling me your car, for example, right. You have a copy of your own contract. And I have a copy of my contract and now we both meet somewhere. And I also agrees and the prices 15 K and I took the care, my doctorate. I took the care on your document and I give you the picture. K. And I buy the card, you right. And then we go home later and you amend your own of the. Say that the sale price was 18 K and I lose my copy of the contract. So I have no way to prove this. That is to the use of data integrity. You can make sure that's never an issue. So basically through linking a hash with your own digital identity, with a hash, with digital identity, hash, with data, hash identity find, and that proves the proof of existence. That's what we call it. Third pillar. And this might be a little bit more complex to understand, but it's delivery versus payment. And the idea is it's simply the trade of value between one network and another. So if you think about the in technical terms, imagine blockchain didn't exist. Right? It's like sending a packet from one land to another, through a bridge and, okay. So, so the blockchain, the only difference is instead of sending a packet, you're sending a. Which is essentially like a bunch of packets, right. Built in a way that they form a block. I will transactions for a block. And the fourth pillar is automation. Most people refer to this as smart contracts, and there's a bunch of people that talk about what smart contracts are and what smart contracts. Aren't. I think it's one, the stupidest names that they could then they chosen because as what can, is neither smart nor of the contract, it is just a function which exists. On an entire network basis. That's it? The smart contract. That's a logistic question, a better name. I just came up with automation. That was my, my, like my idea is when you sell something, you don't sell something based on a sort of tech users, right? Like nobody comes and sell you Google home and says that. And like machine learning and keep learning and neural nets cares about that stuff. You just say, Hey, listen, this thing can accept TIS for you. And it can play music by using your voice. That would set my alerts in your calendar. Yeah. If I had to extrapolate smart qu checks to the general public, I would go with the words, automation for the technical of the public. I would go into network function. So that's what techies get, right? Why call this? Why track hit to budget one stop really works.
Jelle Wieringa:I love the four pillars. I love everything that's been simplified in a framework, and that's easier to understand cuz that's the thing with blockchain. It can be very hard to understand and I'm in, I'm in tech. I'm supposed to understand this stuff and even I am having a hard time, just the digital identity, tying something to you through a digital S. The data integrity, the immutability of something. So, you know, if something goes in X, it comes out as X it's, there's nobody touching it in between it's delivery versus payment idea. I love that. And the automation part, which just makes it scalable and whether or not you call it smart contracts. I, I kind of agree with, with Shawn, Michelle on this one, although smart contracts, it sounds nice in businessy. So a lot of people will get that one. It's those four pillars. Make blockchain, such an incredible technology, such an incredible application, actually.
Erich Kron:Yeah. This helps it become a little bit more clear for me as well. Again, I, I'm not an expert on blockchain and this is, this is why this is so fascinating to me. I will say for the listeners out there, if you didn't understand that there's, there's no shame in backing up a few seconds and listening to that again, because it is a lot to process and put together, but there's a lot of great information in the statements that he just.
Jean-Michel Azzopardi:So we now know about the pillars of
Jelle Wieringa:blockchain, but I figured there must be different types of blockchain. So we ask him to tell us,
Jean-Michel Azzopardi:so you can have a public open, public closed, private open, and private closed. So whether it's public or private determines the rights on. Whether it's open or closed D determines the rights or so if it's public open, anyone can read, anyone can write. If it's public closed, anyone can read only set. People can write if it's private and open, only set people can read, but any of the set people can write. If it's private, closed, only set people can read. And only a subset of those people can write.
Jelle Wieringa:Okay. That's clear. That sounds easy enough. Actually, even though we're talking about something as complicated as
Erich Kron:blockchain, this may be the easiest part of blockchain that I've heard so far.
Jean-Michel Azzopardi:probably I
Jelle Wieringa:get this part. So we wanted to know that there's a lot of. Exchanges going on between blockchain and that dump fruit. Well guess what exchange is. So we wanted to know how do those exchanges actually work with blockchain?
Jean-Michel Azzopardi:There are two main kinds of exchanges. Okay. You have a centralized exchange and you have a decent, a sex. And the decks, a decks is not own by anyone or controlled by anyone. A sex is I get the Dex is for a second. Talk about the sex. Now you have regulated and unregulated sexes. Now the majority of the crypto world spent like wild west cowboy days thinking, forget regulation. Like we don't want any of this and this, but in reality, all we realize is like the world just discovered fire now and everyone's going around and burning themselves with it. Instead of making it like really cool tools and utilities were just attacking each other and then stealing each other's stuff. So for whoever the thinks regulation is not the way forward, you have no idea what you're talking. In this aspect, specifically gun laws. Is that something that's different time? So in the sort of R there's a few have commonized, which have set out their own individual regulat. There's small tos, Switzerland, that Japan is living at it. Now there's Stein. There's Abu Dhabi now, so slowly everyone's coming online, but most of the regulation in the same way, that sort of low variations ISO trace a thousand Walters, 1,002, three. And the way that those variations are very similar, it's the same way with the regulatory templates for the blockchain alert. And usually you will find in any regulated environ. That 99% of all the funds at a centralized exchange stores in a cold wallet needs to be insured at any given time. So only 1% of the total liquidity can never be connected to a wallet attached to the internet. Remember when there was a sort of mild go hack for several hundred 60 million in 2013 or whatever that was it's we're still there. The world is still coming to grips with this idea of regulation, but more importantly, what the world fails to understand is that all the blockchain industry fails to understand is that at the height of this industry, there was a total of $2 trillion worth of liquidity in circulation, unregulated liquid. Which cannot be touched by the regulated environment. Right? So all these companies have want to score money into this industry that want to leverage an citizenship, but they can't because they can't stick it on their balance sheet. Cause there's no way to do it. And that's one of the biggest reasons why Bocher hasn't been adopted yet. Because nobody wants to take a risk and say, I don't. So
Jelle Wieringa:listening to this, I can see that regulation really impacts blockchain, but we, as nations are not dare yet. So I ask him what his opinion on this was.
Jean-Michel Azzopardi:Absolutely. And I don't think we've, we've figured out like the ind software engagement on the regulatory side and that in itself is a whole can of worms. We haven't standardized an approach yet that works everywhere and there is no easy solution. Some situation is this is that if the bar is too low, then it means anybody can play, which is great for the people that have this idea that blockchain is for everyone and treat the ethos of the. But it's also great for the bad actors who want to say here's my like NFD J bag. And I, of course, for the, the rest need to be either that, or they are regulated. So yes, bin just got regulated three months ago and very early they started, they started in LA without it's bar, early days. Guys, the world is still coming to grips with this idea of regulation. So
Jelle Wieringa:regulation. Tough gig. However, you look at it, you've got the application side of blockchain, which, where companies want to do cool things with it and make money with it. And then you've got regulations on the other hand, which the way some companies look at it, kind of doesn't want them to do it. They wanna regulate everything. They want to lock everything down and have certainties, but a lot of entrepreneurship is uncertainty. So I see a black and a. Situation, uh, uh, coming here, what do you think, Eric?
Erich Kron:Yeah. You know, I, I think the unregulated part is definitely an issue with cyber crime, frankly, because they're, they're doing a lot of things, um, with some of these, uh, these cryptocurrencies. That are blockchain based that are related to cyber crime. And so the, the deregulated part can be a challenge there. Now I know there's been pushes to have regulation on things and, and obviously there are some regulated pieces of this as well. He mentioned kind of the, the wild west there in the beginning and, and some folks like, and to, to have that approach, I think it's interesting. And I, I see places for both sides
Jelle Wieringa:of this. We asked Jean Michelle, what his take was on this. How does cybersecurity fit into the blockchain?
Jean-Michel Azzopardi:This is something I think that people are still struggling to put into practice. There's some low hanging fruits, but not enough to add enough value where it stops and makes you think. For example, one really easy thing that you could do in the traditional security world is like grab maybe logs from either a. You can, before you feed the logs into the scene, you can verify that they've all come from the appropriate source. So using the digital identity of the device and using the data integrity for the payload, you can verify that you can, you will never get a malicious log thrown into the scene. One way to do it, but that's, again, it's a very small subset of people who want to use this. Military may be some level of government, but not enough where mainstream stuff, but let me give you a difference. You say something which I've been thinking about for a while, and I've yet to find many holes in it, but I think it's, I think it's really cool. And actually, it's very interesting. If you guys could try, we could figure this out here to. I've been pirate in games since I was 10 years old and had long hair. And I both as hell now for all the us out there that obvious I seeing some video, but this remains a problem for the industry at large period. Now on the multiplayer side of games, we solve this because if you're not connected to authorized servers, then yeah, you're either playing on your own instance with friends or whatever. But on the single day side, we haven't really saw this at all. My idea was to replace the license key with a dynamically generated secret that would only be distributed via an API icon from the user side to a blockchain on the run by the game company. But that's unique value is constantly changing. It's like it's all OTP. You also need to verify. To be able to play the single day game at the source of this uniquely generated dynamic generated data is correct. And I think if you do that with the chief blockchain, think that might be a pretty great way to solve licensing issue. Essentially. That's how I see it is if you create an net of your license, key proof that you own that specific license key, and you can only read that license key, you can only read the secret. Which is on a specific blockchain owned by that company. And that secret uses parts of knowledge, which you possess and parts, which they possess. And how do you, I don't see a way. Someone could go round it, but nothing is the hackable.
Jelle Wieringa:That's what I love about SHA Michelle. He's always thinking about practical applications of something as complicated as blockchain in this case. And actually, I like his idea for the gaming industry. I'm, I'm sorry for all the ones out there that do download a pirate stuff, but I, I believe it's actually, if you want it, you buy it, it
Jean-Michel Azzopardi:would work.
Jelle Wieringa:In theory, and he's also very practical. Like he understands very well that everything is hackable, and it's a matter of time until the bank. I figure out something to hack blockchain or to influence blockchain, even though it's immutable, et cetera, et cetera, the more it gets gets adopted the interest more interesting. It will be for cyber criminals to actually try to break it. So. I love his approach of a one time password thing. I hate NFTs by the way, but that's a different, different topical together, but I, I do love his, his one time password idea here. What do you think, Eric?
Erich Kron:Yeah, I think that that demonstrates a practical use that could be actually valuable for the blockchain. Again, there's so much marketing hype around this, especially in the cybersecurity industry that actually just made sense to me though, in how this can be used in the real world.
Jelle Wieringa:I. So we asked John Shelly, if you had other ideas of how blockchain can help us in the future,
Jean-Michel Azzopardi:I completely agree with you with regards to the fact that in general, you need a PhD to send that any kind of like blockchain transaction in today's day at age. I also think we are on the cusp of a really big change. We saw it very rapidly with digital transformation age cuz COVID and remote working and stuff like that. Like we are in a point in a point of humanity where there, there will be hyper innovation. And to that point, I also think that go back to my previous argument, which is that you, you don't sell the tech, you sell what the tech can do. So blockchain, for example, and face I. Face ID has completely or not completely in, in many instances, replace passwords and that's, and that was clear value right now. That's AI, they know AI, patient recognition, stuff like that. And no one cares it's face. I that's the real value as the literally the easiest thing that I think you can do today with blockchain minus the usability issue, which is something much, one person. It's remittance, right? If you wanted to send money from one country to another and you wanted to do it quick and you wanted to do it in a way where there's for minute piece, a blockchain is the best way to do it. The JBO aren't using it. They don't know how. But that's like saying people don't drive cars because they're on seat. So
Jelle Wieringa:John, Michelle obviously knows what he's talking about. And, uh, one of the things we always do in this show is ask for some experience or asking for some tips on what to do, what we and our audience, the sees. And it happens out there can learn from. We asked him what's the best tip he has for a new CSO to use blockchain.
Jean-Michel Azzopardi:Usually the way I would recommend at the beginning is if the business case or the bus or the business driver began internally, and then the CSO begins to reach out. If there's no business driver and someone just comes up to you tries to sell you something that you don't understand and you don't get it. You shouldn't hit your headset on the head, not understanding it. The guys in Egypt, for being able to explain it in a way that that's, that you understand, like CSOs are ridiculously smart people in general, because they require level really and technical knowledge, but industry knowledge in multiple areas. And you guys are those same people. Basically. So if someone's coming up to you and trying to sell you snake oil, you shouldn't try to make an extra effort to understand it. If you don't get it, you don't declare value, turn it down and say, bye. And if you do find someone that sort of gets your juices flowing, and you've seen like, okay, this maybe could be something good. Then, like I said, where principle. Find someone who's an expert in the domain that you are and make it a mission of mine to be the dumbest person in the role. However, late I can. And I always work with people who are much smarter than me in their own domains, because if they're not, then we're gonna end up with some bad product at the end. I like
Jelle Wieringa:that perspective. I especially like it, that he looks at blockchain as a. Business opportunity. And if there is no business opportunity, no one, whether you're a Caesar or anyone else in the organization should touch it. It, there's no valid reason to do it. If your business can't benefit from it. So I truly love that
Jean-Michel Azzopardi:perspective.
Erich Kron:Yeah. And I, I like the fact that he mentioned again, because this is a confusing technology. Don't be afraid to reach out to others that are professionals or, or experts in this domain as well. Because I, I can see where, you know, just based on some of the other issues we've seen with hacks and things like that, and the targeting of blockchain. You really do need to know what you're doing if you're going to be implementing it. So reaching out to somebody that can look it over or give you some, uh, some ideas or even set up a blockchain that you need. I think that's very good information.
Jelle Wieringa:Definitely talking about business opportunities. We wanted to know if he could see some great opportunities for organizations to use blockchain.
Jean-Michel Azzopardi:Okay. So this is, I think, an area that you guys can really understand where I'm coming. I think healthcare is by far the greatest opportunity out. I think healthcare is especially in the United States. People are get Ubers and don't call ambulances because of ambulance cause three and a half grand. Why is an ambulance got three and a half grand? Because there's so much inefficiency in the system. And most of the inefficiency is human inefficiency. So why are we not automating and replacing tech? And before we can even think about adding blockchain, we need at least a sort of base level of a sort of tech like infras. Yes. Okay. There's things like, I believe hiphop. So I guess in the states, the idea infrastructure of the healthcare side has come a long way, but let's go this way. I haven't been to the state a long time, but I'm pretty sure if I walk into, uh, like around the hospital Anta percentage report in that MRI machine, it's gonna be like five or six years old. So when you have that kind of mentality toward efficiency, It's like dealing with a brick wall. And I really think the healthcare industry is this, this sort of like beginning is its own demise. I interviewed the gentleman the other week named Brett king, fantastic guy. I gave it to the chat at a consensus stroke, seven books we were talking of, like his idea is in the near future. The cost of healthcare love being is going to outweigh the cost of free he care and judging by the rate at which the us is going in this direction. I don't think it'll take very. Luckily, I come from a place where there's pre-health care, healthcare's a human, right. But in a system where there's so much inefficiency, right? Like at the end of it, what's important to understand is blockchain. All it does as far as business value goes, is reduce fraud, increase automation through the automation of admin. It's it, which we automates admin reduces fraud. That is it. There's nothing else. Healthcare in. Full of fraud and full a ridiculous amount of admin. It's the most administratively painful industry out. And it's also the one that I think humankind can benefit from the most quite. So, yeah,
Jelle Wieringa:healthcare is definitely one of the areas where I see a great application of blockchain. It won't be easy. It's a very traditional industry in my perspective. So a lot of people that look at ransomware, for instance, if a hospital has a ransomware attack, what happens is, well, doctors will just reach back for their pen and paper and start writing recipes on that instead. In a machine. So getting something like blockchain adopted in healthcare, well, that'll be a painful, long process, even though I truly do see the benefits of it. Something
Erich Kron:that has really kind of come to mind with this and, and sunk in with me is that, you know, blockchain itself, isn't a security mechanism, blockchain. It's a way to validate information., but it's not necessarily a security control. If you will. It's not gonna stop you from being hacked. Just like it doesn't stop Bitcoin from being stolen. You can see where it goes, following the different pieces there. And I think that's a really important thing. Now that doesn't mean that it's not incredibly useful with respect to cyber security. And that's where, you know, we talked about the immutability of things previously, imagine log entries being tagged so that the attackers can't go through and change. Where essentially we have a verifiable record of certain things, you know, and it's a cyber attack happens. What do you want to do? You want to clean up the log? So it, it hides how you go. And this is again where I see this being very
Jelle Wieringa:valuable. Yeah. I, I look at it as an enabler. It's a technology that enables you to do things, but you can still misuse it or abuse it. The immutability part, I think, is really powerful and actually brings to mind a question that we ask shall Michelle, given that the internet is such a well west thing. So how important is blockchain regarding the immutability for the future of the.
Jean-Michel Azzopardi:The reason why that's become so important now. And the reason why that would become so much more important in future is because we are at beginning to approach the end of the cycle of web two. So remember in the beginning of web two, even at the end of web one, the end, it was a very different place. You didn't have to train your kids and say, Hey, what if someone approaches you online? And this and that, that wasn't a reality. That was just something that people never worried about. Yeah. You jump on some weird chat rooms in IRC, meet some weird dudes and you back up right. And say, okay, welcome to the internet. That was, it was a beautiful place. Yes, there was malicious intent, but it was simple. It was easy to recognize. Now we have country swinging elections. With the leveraging of social media data, we have the problem of fake news. We have that problem of the lack of traceability of where media comes from. We have the issue that media houses like newspapers are broken financial model, because it's much more of an economically sound decision to Resh the news than it is to go out and dig for it. And this. Oil because of the evolution web too. Yes. On this with the flip side, I can order a burger from someone I've never met, cooked by someone I've never met. Hey, this person without ever meeting them, which is brilliant, which is great. But we need to remember that we built an internet. Or a sort of patchwork system, right? The internet was never designed for transactions. The internet was designed for publishing data and components like identity, like payments, like security, where worth dollars as an . They were designed and built that way. And that's just like grabbing a really old shit. I live in a country, which is a certain, very oldest. So our old capital was built in 1565. It was a great sea. Let's just say we have a really old city in the 1500. One of the best historian people live in the city and this, this limitations as to the perception which we can offer them. Why? Because they're living the limitations of the world on the 15 hundreds, the roads can only get so wide. There's only so much face to pass plumbing. There's only so much face fast fiber, and that's where we are with web too. But with web three, we have a, I think a really good idea of what is possible, right? Everything in the Jetsons, basically, literally everything in the refresh, your body, you walk around at whole night, little, and you press that. And your mail comes through a pipe. Imagine that, but figuratively for every digital experience in your. That's what she is.
Erich Kron:I've talked a lot of times about how the internet was never created with identity and access management in place. And we've certainly tried to bolt things on, but essentially that's never really been something that's been fixed. That's why we have so many issues with. Spoofing with the, you know, cyber crime with fishing, with things like that, where somebody pretends to be someone else and individual platforms have tried to deal with this, like Twitter, with the verified and, you know, you get the checkbox and things like that. But ultimately this technology could be made to identify you in a verified way. That's independently viewable and verifiable.
Jelle Wieringa:And add to that, that it can also very well track and all the, the things you did online because of its data integrity. Right? You do something it's logged it's in there. It's immutable to combine that digital identity and that data integrity and. We very well might have something where what pre could actually use to make it more safe and where blockchain can actually be a very good addition to the existing security measures that we have in place on the internet. So that was a really interesting talk we had with Shawn, Michelle, and for me, actually, I learned a bunch of new stuff for me. The things that stick out in this conversation is that. Even though it's a great technology. The technology in itself doesn't do that much is the way that you apply it. That makes it so powerful. Sure. It has some really good features, like the digital identity, his data integrity delivery versus pavement, and the automation site that he mentions in his four pillars. It's up to you to use that technology in a way that actually creates an added value to your business or, or to whatever you're trying to do that for me was a revelation. It's not a product you buy. It's not a box you buy, you switch on and you're done. You really need to think about how do I apply it? How do I apply it correctly? And what will it do for me? AKA? What value does
Jean-Michel Azzopardi:it bring?
Erich Kron:You know, I, I would agree with you there. I don't believe I know everything there is to know about blockchain following this, but it makes a lot more sense to me. This actually gives me a great foundation now to turn around and do some more research to learn more about it, because frankly, I kind of thought it was this magic that happened behind the scenes. I really didn't understand much of it. And. Now I really feel like a lot of the things that I've read in the past seen in the past makes a lot more sense to me already.
Jelle Wieringa:So all we have to do now is come up with a business opportunity and create our own blockchain company. There we go. If you like this episode, as much as we do let us know in the comments we would love to hear from you. We love making this, but we're making this show for you guys out there for the audience. So if there's anything you want us to talk about, anyone you want us to interview, let us know. And with that, we're at the end of another episode of security masterminds. Thank you very much for listening. We really enjoyed it. We hope you did too.
Erich Kron:If you found this episode valuable, don't forget to like subscribe and share with other people. Every month, we try to have new people on here with new visions for things.
Jelle Wieringa:Until next time now say goodbye, Eric,
Erich Kron:goodbye. Eric coming
Announcer:up in our next episode of security masterminds, I would say advocacy and creating a secure SDLC. And so advocacy basically is if you do it within an organization, the
Jean-Michel Azzopardi:idea is you are changing your culture
Announcer:to be a more security focused culture. We welcome you to join us with our guest Tanya Jenka. You've been listening to the security mastermind podcast sponsored by no before. For more information, please visit no before.com. This podcast is produced by James McWiggin and Jabba Mallek with music by Brian Sanon. We invite you to share this podcast with your friends and colleagues, and of course you can subscribe to the podcast on your favorite podcasting platform. Come back next month. As we bring you another security mastermind, sharing their expertise and knowledge with you from the world of cybersecurity.