ITSPmagazine Podcasts

Keynote: 2024 Predictions in Future-Hindsight View - Get Ready! | A SecTor Event Coverage Conversation with Laura Payne

Episode Summary

In this episode, hosts Marco and Sean embark on a road trip to SecTor cybersecurity conference in Toronto, Canada, and sit down with cybersecurity expert Laura Payne to discuss cybersecurity's future and artificial intelligence's impact on technology and society.

Episode Notes

Guest: Laura Payne, Chief Enablement Officer & VP Security Consulting at White Tuque [@WhiteTuque]

On Linkedin | https://www.linkedin.com/in/laura-l-payne/?originalSubdomain=ca

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this Chats on the Road episode of the ITSPmagazine Podcast Network, hosts Marco Ciappelli and Sean Martin embark on a road trip to the SecTor cybersecurity conference in Toronto, Canada. Along the way, they engage in playful banter about using a time machine or an autonomous car to reach their destination. Once they arrive, they sit down with Laura Payne, this year's keynote speaker at SecTor.

Laura shares her journey in the cybersecurity field and her experience working with various organizations. The conversation delves into the future of cybersecurity and the impact of artificial intelligence. They discuss the importance of resilience, the adoption of AI in small businesses, and the challenges of regulating AI. They also touch on the skills that security practitioners need to develop, such as understanding protocols and APIs.

Throughout the conversation, they emphasize the need to build security into new technologies from the start and to maintain a focus on the basics of cybersecurity. They also reflect on the recurring nature of cybersecurity challenges and the importance of learning from history to predict the future. Overall, this thought-provoking episode dives into the future of technology, cybersecurity, and society, providing insights and perspectives from industry experts. The conversation is a mix of playful banter, practical advice, and philosophical reflections, offering listeners a well-rounded and engaging discussion.

About Laura's Keynote Session: If 2023 was the year of AI exploding into popular use, what is on the horizon for 2024? There are a lot of predictions for what is coming, but what should we be preparing for as security professionals? We'll look at some of the most popular predictions, view them as if they've already happened and see if history is just repeating itself with past lessons to learn from.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Keynote: 2024 Predictions in Future-Hindsight View - Get Ready!: https://www.blackhat.com/sector/2023/briefings/schedule/#keynote--predictions-in-future-hindsight-view---get-ready-36117

Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Episode Transcription

Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.

_________________________________________

[00:00:00] Sean Martin: Marco.  
 

[00:00:02] Marco Ciappelli: Sean.  
 

[00:00:03] Sean Martin: I, I feel like, uh, the autonomous car needs, needs a boost of energy to get us all the way to Toronto.  
 

[00:00:12] Marco Ciappelli: Oh, you're gonna, you're gonna have to stop a few times.  
 

[00:00:15] Sean Martin: That's for sure. That's right. I think we have, we have to pause, uh, pause along the way to, uh, To kind of re energize and refocus on how we're getting from that new point in time to where we're going. 
 

Of course, I'm joking. 
 

[00:00:29] Marco Ciappelli: Can we, can we, you know, take the car for once? I was thinking to use a time machine to go there.  
 

[00:00:35] Sean Martin: You want a time machine? We can do that, for sure.  
 

[00:00:37] Marco Ciappelli: A couple of kicks  
 

[00:00:38] Sean Martin: and, uh... I think, I think that requires twice as many stops, though. Yeah, and  
 

[00:00:43] Marco Ciappelli: I think plutonium or something like that to make it work. 
 

All right, we'll figure it out.  
 

[00:00:48] Sean Martin: Imagine if the plane had to stop four or five times. I guess that's what layovers are for. Anyway, I digress. Um, there may be a lesson in my rambling. We'll see how we get on, uh, with this conversation. We're on the, on the road, quote unquote, to, uh, Sector, a Black Hat event in Toronto, where of course, uh, bright minds and cool people come together to talk all things cyber. 
 

And, uh, yeah, trying to figure out what's, what's next. Not that we don't have enough on our plate already, but, uh, There's always the what's next and, uh, Mark, we have Laura Payne on. She's a keynote, uh, for this year's event and she has a bit of insight on what's next and what's, what's up right now as well. 
 

So Laura, it's great to have you on.  
 

[00:01:32] Laura Payne: Well, thanks, Sean. And thanks, Marco. And, uh, um, I don't know that I'm any more qualified than anybody else to peer into the crystal ball and see what's coming in the future, but, uh, it's my pleasure to have been invited to keynote this year. And, uh, certainly a pleasure to meet and speak with both of you. 
 

[00:01:49] Marco Ciappelli: Well, you know, it's never too late to talk about the future. That's what we do anyway. The end of the year arrives and everybody comes with a prediction. So especially us doing podcasts, you know, that's, that's usually, it's that time of the year. Right?  
 

[00:02:05] Laura Payne: Yes. The prediction season is upon  
 

[00:02:08] Marco Ciappelli: us. But isn't our job, and especially your job, our job is to share the prediction eventually, or isn't it like people in professional in the industry to always foresee somehow the future? 
 

at any given time.  
 

[00:02:23] Laura Payne: Well, and especially in this industry, right? When, uh, what we're doing is trying to protect and defend against what's coming and, uh, be prepared for when and if that bad day happens and how we can minimize the risk, um, and the impact if, if that, uh, does occur. Absolutely.  
 

[00:02:40] Sean Martin: I love it. But before we, before we get into predicting what might happen, uh, let's look at the past and more specifically your past, Laura, what you've been up to, where you've come from, how you've arrived at this, this point. 
 

It's not easy getting speaking gigs at some of these events. So congratulations for that. Tell us a little bit about your, your journey and, uh, and, uh, this, this particular topic. Why, why, why this, why now? And tell us about that.  
 

[00:03:12] Laura Payne: Sure. Uh, well, you know, the last, um, almost three years now I've been working in consulting with a number of companies of various sizes and industries. 
 

And I, prior to that worked in a large financial institution here in Canada for, um, nearly 20 years in a number of different roles about, uh, you know, just over 10 of those years were specifically security roles. And Seeing the amount of possibility in that sphere for growth and change and in a financial institution, of course, that's an organization that does take security pretty seriously. 
 

Uh, it's part of their core, um, offering to a customer is that they are more secure, um, from a financial perspective than keeping it in a mattress in your bed. Um, so really that was a Opportunity, I learned a lot about a lot of different areas, uh, but branching out during the COVID years and in particular, working with organizations in the healthcare sphere, which saw a huge increase in opportunistic cyber attacks during that period and specifically ransomware, because they knew that an industry under stress was a key. 
 

Thank you. Very profitable target, uh, unfortunately for our public infrastructure, um, but you know, it was a really interesting place to be working in that period of time and just seeing the dynamic of how the environment was changing. So, and. Alongside of that, uh, specific to speaking at Sektor, I've been involved with Sektor. 
 

I first spoke there in 2014 on risk management and quantifying risk, um, and then I've been part of the advisory committee for some period of time as well. And, uh, it's just a real honor that, uh, they, they reached out to me to consider keynoting this year and, and, uh, sharing some of that experience that I've accumulated over time, but, uh, using it to try to look forward and not just look back. 
 

[00:05:17] Marco Ciappelli: Well, that's good. I'm curious what qualifies you to, to foresee the future in a certain way.  
 

[00:05:23] Laura Payne: You know what? I don't, I don't know that anybody is qualified. They, they don't have a credential in crystal ball gazing. Um,  
 

[00:05:31] Marco Ciappelli: Unless, unless you go to some school that I know exists in fantasy. Maybe you get that. 
 

[00:05:39] Laura Payne: Yeah. I, I haven't been to Hogwarts lately. Um, uh, but, uh, you know, I, I think, Where... Uh, where my perspective is maybe, uh, different from what other folks have is just that I have, uh, now seen, you know, all scale of, of, of organizations from large to the small online bricks and mortar, um, established startups, uh, you know, working across a number of industries and. 
 

Seeing the change, uh, I'm excited about what's coming in some spheres. I am terrified of what's coming in other spheres. It's just, you know, kind of what's coming down the pipe and happy to, to talk about it. Right. I'm told, I'm told I have a weird sense of humor and a way of talking about things that people enjoy, but. 
 

That's neither here nor there.  
 

[00:06:32] Marco Ciappelli: This is the place to bring it, because, you know, we're kind of weird ourselves. So let's do it. Now, um, so I don't know, Sean, uh, do you want to know about AI? What is it you want to know about?  
 

[00:06:44] Sean Martin: Well, I, I think there are two ways to look at the future, right? And one is to have no idea about anything and just fantasize about what might be possible. 
 

But then the other is to look at data and past, uh, past events, a bit of history and, and understanding how people and machines work and, and analyze that to say, this is likely what's going to happen. So. And then, of course, if you predict the future, what are you going to do with that information? 
 

Hopefully, you're going to make some decisions that, that, uh, help you, help you prepare for that future, whatever it looks like, or perhaps do something different to, to change the future and can be more like what you want. So, Laura, the reason I say all of that is, um, how did you arrive at what you want to talk about? 
 

This year. I don't want you to give anything away. We want people to come, come sit in the room with you and then soak it all in and, and, and laugh alongside. Hopefully not at, but alongside you. Um, and, and partake in what you're going to be sharing. So what, what does that list look like? Or what are the, what are the topics look like? 
 

And how did, how did you arrive there?  
 

[00:07:58] Laura Payne: Yeah, I, you know, I'll start with the how did I arrive at it question, which really was, um, you know, chatting with the folks at Sector about what was going to be relevant for the keynote audience and, you know, where are people's heads at? And I think it I think it's a reflection of sort of the anxiety that people have in general right now about what's coming. 
 

Um, not that a keynote about what's coming is particularly unusual, but there was really, you know, that kind of drive to say that this is where people really are, are trying to put some focus and attention. Part of it's the time of year as well. Um, so, you know, there was a piece of that, um, and, you know, from a topic perspective, uh, I mean, We're still, I'm still refining, I'll put it that way. 
 

So I could, I could tell you something now and it might not even make it in my final cut. Um, but I think if I was to summarize it, there are a lot of things that are, are old that are still, you know, being talked about as if they're new, right. And, uh, everything related to artificial intelligence almost falls into this category of, um, you know, fixer talking about how they're going to use AI for all of these, you know, cool, different, amazing things, but most of them aren't actually. 
 

That different. Some of them are really cool. Um, but they're not things that are new that we've never tried doing before. We just didn't have tools to enable us to do them as quickly as we did before. So that that's definitely going to be, you know, part of my recurring theme is that 2024, I don't think is going to be groundbreaking. 
 

In the sense of what we do, but I think we'll see significantly, significant change in how people go about it. Um, and then I think the other piece is being resilient to that change. So, Sean, you mentioned, you know, you can look at the future as just, um, not even really, you know, trying to predict just being prepared. 
 

And I think the way As it was a professional in almost any field, but especially for security practitioners to approach that if you if you would rather not try to predict is to be prepared right from a resiliency perspective. How do you how do you prepare yourself personally to be able to deal with whatever kind of comes down the pipe at you? 
 

And then. A third piece I'll throw out, there is just, there are some things that we do actually know will happen in 2024, um, so we'll touch on some of those quickly just to make sure that it is foremost in people's minds what's coming, um, as they're looking ahead at the year and to. You know, at least take those things into account. 
 

[00:10:39] Marco Ciappelli: Well, it makes me think a lot of philosophical approach to Life and the way we run our business and and that they do apply obviously you know in a field where it's all about security and predicting what the the enemy or the adversary may may do and maybe just by Making this prediction you change the future because Then, uh, the, the adversary may think like, Oh, maybe they're prepared for this. 
 

Like, how do I throw them a curve ball? So I think the lesson, yeah, the lesson is always to be prepared for the unprepared and, uh, and you can make as many prediction as you want. And that's, that's what it's all about, really, um, in an overview of things. But of course, uh, you're going to have to spill something. 
 

Some beans there. So again without going into details Uh, and and even like risking that maybe Some of the things you're presenting now will not be presented. Uh, what what's your what's on your list? And then we'll see what makes it too  
 

[00:11:51] Laura Payne: What's on my list? Well, you know, I I think one of the gimme's for 2024 um and Being north of the border, um, we get a bit more of a spectator seat to it, but, um, the U. 
 

S. federal election. I think that's going to be a huge factor in what comes down, uh, into the cybersecurity domain in 2024. Um, everything from ramping up of foreign interference, um, to leveraging and abusing the discussion and, and all of that to create opportunities for social engineering to happen, um, to, you know, Really just almost anything can, can kind of come up out of an event, um, that is shaping up the way that is going to be. 
 

Um, so it'll be really interesting to see some of the ripple effects that come out of that. Um, but then, you know, reflecting on the theme of, you know, have we seen elections like this before? You know, 2020 was one of those years where, um, we absolutely saw that sort of ramp up of, you know, a very interesting election machine. 
 

Did it have the same kind of, you know, flavors that are coming in 2024? Well, no, there, there weren't nearly as many, um, cases before courts, um, and I'll kind of leave it at that, um, you know, but, but, uh, you know, and I think that's a factor, um, looking globally. So it's not just the U. S. that has an election, um, Ukraine and Russia both also have elections, and because of what's been happening in those spheres, um, they may be more interesting elections than usual, um, and we'll see what sort of foreign interference maybe tries to play, uh, there, right? 
 

You know, we, we are used to talking about it as interference coming into the North American sphere, um, but is this going to be an opportunity where it's used vice versa? Yeah.  
 

[00:13:46] Sean Martin: So when I'm, when I'm on my show, redefining cybersecurity, which will be published on that channels, of course, um, one of the things I like to look at is, and it's in your title, Chief Enablement Officer, right? 
 

It's not just, it's not just preparing for what's bad, but it's making sure what should happen happens and, uh, in a safe and secure way. Um, I don't know if you touch on anything that says, here's what we need to look at from a resiliency perspective, so not just the, not just the bad actors and the threats that are coming, um, and, and the events that might take place that put us back on our heel, but what are some of the things we see from a business perspective that say, You know, we're, we're moving, we're, we are embracing AI. 
 

Those have risks. We're moving to the edge. Um,  
 

[00:14:44] Laura Payne: all the words, right?  
 

[00:14:47] Sean Martin: You name it, right? Yeah. We want those to work properly. So designing and building those things from the start with security built in. Do you get into any of that?  
 

[00:14:58] Laura Payne: Yeah, absolutely. Yeah. And I think it's important too, as we look. You know, ahead, and especially at the uncertainty that new technology brings. 
 

But again, this isn't the first time, you know, we've bridged that. Let's look at, well, I'll use cloud as the example. And, you know, just to use another generic term that means all the things to all the people. Um, but, you know, when, when you. These data centers were first being presented as, you know, just a virtual place to set up your infrastructure and businesses were starting to look at that as, hey, is this going to be more cost effective? 
 

It's certainly, you know, faster to spin up a server off of somebody else's infrastructure than it is for me to order something, get it racked, stacked, connected, hope it works, install a thing, you know, all that stuff. So when we look at kind of what happened there, the immediate knee jerk reaction for the vast majority of practitioners was, I don't know anything about this space. 
 

Um, so how can I possibly believe it's secure? And we look forward now and, you know, we're more than a decade into cloud adoption. And I'd say the majority... of practitioners now at least have a passing understanding of it. Um, they've come to realize that the organizations that this is their bread and butter and what they do for a living, at least, you know, the, the key ones that we think of the Amazons and, and Microsoft's and so on, uh, that they. 
 

They understand the core underlying principles needed to secure it. And because the variety of what they're doing is more restricted, and they've made it clear where their boundaries are, that they're able to do a really solid job. Um, and then on top of that, we've seen, you know, the tooling come in place to support security. 
 

In the part that's now the, you know, the domain of the customer to protect. Um, so you see that shift over time. I think AI is right at the beginning of that journey, right? Where we have a small number of players in the space, the companies are established and have a certain track record behind them of how they approach things, but there's still a lot of unknowns about it. 
 

And so the knee jerk reaction right now is. For large companies with an established, you know, security need and footprint, and they've got enough challenges already dealing with what they already had, let alone bringing in a whole bunch of other new stuff. The knee jerk reaction is shutdown access, limited, you know, very controlled potential pilots, right? 
 

Maybe some, you know, niche areas of the business when we talk large enterprise. And on the other hand. Your, you know, your startups, your small businesses that are very flexible, very open minded are just jumping in with two feet. And, um, a lot of them weren't thinking about security in the first place. Um, let alone, you know, now when they're kind of experimenting with these new technologies. 
 

So we're seeing that same kind of dynamics start to play out. Um, I think in the AI sphere, really interesting timing as well. I thought that the, uh, risk paper from NIST happened to be ready. Um, and I, I, I think it was coincidence in a sense, right? Like I don't think anybody really could have timed it the way it was on purpose just because of the lead up time it takes. 
 

But that paper came out right at the same time that CHAT GPT was exploding with its free usage tier and just capturing the imagination of, you know, a huge audience of people globally. So the thinking around how to manage risk has started, you know, in a good place. At least there's some published works. 
 

Um, that have come into play and then forget regulation. I mean, even so in Canada, um, they are starting to put in place some, some work around that. Um, but it's, I know how regulation around security already is and how it is very challenging for lawmakers to keep up with meaningful regulation. Um, and I suspect AI is It's only going to be worse. 
 

[00:18:58] Marco Ciappelli: Fun. Now, I, I like something you said at the beginning, which is, it's kind of like every year you make the prediction and it's really not that different. And I heard this from other, I mean, my good friend, Matthew Rosenquist, we always have fun with him in, in doing the prediction, but we do it in a funny way, knowing that it's just because we have to do it, maybe the audience expect that. 
 

But then. It's kind of the same thing, it's just with different tools, right? So I I'm curious to know if, from your perspective, these conversation about generative AI, you mentioned small, medium businesses, enterprise as well, wouldn't somehow at least. Um, make it easier, not easy, but easier for smaller organization to, to do something, uh, at the basic level of security, while we know that the large organization, they're still going to try to be ahead, way ahead, but that gap may be reduced a bit. 
 

[00:20:06] Laura Payne: Yeah. Um, well, I think small companies definitely have the advantage with adopting. Um, generative AI, uh, early on, right. And finding uses for it that are meaningful and actually make a difference for their business. Um, and the reason I say that, I mean, it's a small business. If it's not directly contributing to the objective of the company and how it makes money, they don't have time to waste on it. 
 

Whereas large enterprise has a lot of opportunity to pick weird projects that don't make any sense. And to use those as their pilots. Right? Um, you know, it partly it's the luxury of having, you know, that kind of that capacity in a company to do an experiment in in weird and interesting places. But also it's because the risk appetite is there only to do weird. 
 

You know, kind of off the cuff side of the desk experiments with new technology, right? They don't really have an appetite to try to do something meaningful for core business with an untested, um, technology or arena. So, I mean, that's my thought on it. Um, so when you look at startups, yeah, I think, I think there is a ton of opportunity there, I think. 
 

Where it will be very, uh, you know, where you'll see a division is those who are using it as a supporting, uh, service. So for example, you know, amping up their sales ability through having better scripting written by generate, you know, something like CHAT, CHAT GPT, um, and really learning how to drive. You know, the, the easily available tools to support them, uh, versus companies that are going to build their services off of AI. 
 

And they're really going to not just use existing services, but they're going to be leveraging them into making new and different products. They're going to be innovating on top of it, not just using it, the service that's available.  
 

[00:22:09] Sean Martin: What about skills for. Practitioners. There's a lot of these tools, a lot of them, certainly IoT and, and OT and when we start looking at critical infrastructure, a lot of it's hardware based and they use a lot of different protocols to connect and communicate and, uh, certainly through with things like CHAT GPT and everything becoming an app driven by APIs, there's the whole world of. 
 

APIs. Are there other things security practitioners need to prepare for in that sense? Not just these are the threats and this is how our programs impacted, but I now need to analyze code and APIs and different protocols and things like that. Any thoughts there?  
 

[00:22:59] Laura Payne: Yeah, well, I think it depends on the kind of practitioner you are. 
 

So, uh, I think a question where you're starting with that question is from the perspective, maybe of, of a more general practitioner, right? Like they have a large scope of responsibility, um, but you know, they're, they may not have a ton of resources available to them. Um, and I think in that space, it's critical to keep yourself brushed up on the basics because the basics haven't changed of what needs to be done to secure things, right? 
 

Knowing all the things you have, um, understanding. You don't have to know in detail how they work, but you know, basics of how do they communicate, right? So, you know, what, what's normal for this device? Um, and then, you know, wrapping protections around them from that perspective. So, uh, you know, when you're trying to protect a new area, you can't do everything, right? 
 

So you got to get back to the basics. Um, that's always where I would start with something like that. Um, for practitioners in more deep dive areas, right? So if we talk about our pen testers, right, we definitely see, um, I, and I think another trend for 2024 that's continuing from previous years is that more businesses are, um, putting some focus and attention on security. 
 

So the ones who already were. are continuing that journey, um, and the ones who weren't are starting to think about it. And part of that is just being driven by more and more business to business demand for knowing that their, um, suppliers are secure. Um, so what that brings then is, is, um, you know, for those practitioners seeing, say, more manufacturing, for example, um, getting into looking at how should they be securing. 
 

Um, those areas they invested in the IOT and now they're hearing, right, all the, uh, at the conferences about manufacturing, they're all hearing about how IOT is, uh, is a prime target. Um, and if it's the lifeblood of your company that you've now, you know, invested in this computing resource for, um, for somebody who's say a penetration tester, making sure that you're prepared for how do you speak to, uh, you know, companies like that about testing, um, You know, their infrastructure, um, you know, critical infrastructure is only going to continue as a, as a increased area of attention and focus and investment for security. 
 

Um, so similar there doesn't mean the other stuff's going away, right? Web apps, mobile app, pen testing, that's all still relevant, right? Um, being able to test your APIs, um, and all of that, that's still there. So, I mean, it's expanding field. And the other thing I would really love to see, um, so if I was making, um, you know, a prediction that was the, what does Laura wish would happen? 
 

I would love to see a continued trend of IT professionals becoming more conversant in security, because I think the call to have so many security professionals doing all the security, I think that's a trend that's got to start fading out. In exchange for we need more I. T. professionals who understand security and then security professionals are there to augment and bolster their resources. 
 

[00:26:04] Marco Ciappelli: Wow, you kind of really make me think about this recurring. I mean, we always need to look at the history to predict the future in every. Even the election, for example, I don't want to go into all the talk of engineering there and even creating fake news is not just something that happened outside of the country, it comes in within the country. 
 

I mean, it's been used already for much more propaganda. But I see it as what you said. you mentioned IoT. Nothing really goes away. We're just adding another layer on top of that. But the way that many time marketing presented is, there's the buzzword and it's almost make it look like, well, everything else has been taken care of. 
 

Now we got to worry about this. Truth is, you know, it's still there, right? Absolutely. So the prediction is buckle up.  
 

[00:27:03] Sean Martin: Pile it on.  
 

[00:27:05] Laura Payne: Yeah, there's, there's, there's just more being added to the plate. You're absolutely right. And, um, um, You know, it's, it's funny talking to startups and they say, Oh, we're too small to do security. 
 

I'm nobody's too small to do security. Why wouldn't you do it when you're small and you can actually wrap your hands around all the things you have and start to establish, um, processes and just, you know, make it your routine so that you don't have to think about, you know, you don't want to get to a 50 percent company and then try to figure out how you're going to make sure everybody knows what they're doing. 
 

Right. Let's start. Right from day one that way. Uh, you know, so I, and we're starting to see more of that, but it's, you know, there's still a long ways to go on, on that awareness for those organizations. Um, other interesting changes like in 2023, we saw the SEC get more involved in, in pushing for, um, cybersecurity requirements, um, for venture capital organizations and, you know, having, um, you know, some rules around. 
 

What, uh, some of the funds have to have in place from a, uh, from a security perspective. Um, so you, you're seeing more of a push also from that angle too, that, uh, more industries are being pushed to do at least the bare minimum, though there might be an argument about where the bare minimum is.  
 

[00:28:29] Sean Martin: And forced to notify as well. 
 

[00:28:32] Laura Payne: Yeah. And that's usually where it starts, right? Is the regulators usually start with enforcing, uh, you know, requirements to report. Um, and, and really, you know, putting some meaningful penalties in place for not reporting. Um, but that's, you know, that's a very reactive stance. Um, unfortunately,  
 

[00:28:50] Sean Martin: yeah, that's all another conversation as well. 
 

I'm going to say, I think it's going to be easier to predict the future than it will be to predict the past. 
 

I'm saying misinformation and disinformation, it's going to be easy to change what happened and easier to see and make sense of it. History is going to be rewritten.  
 

[00:29:14] Marco Ciappelli: 1984. Exactly. Controlling, controlling the past, present and the future.  
 

[00:29:22] Laura Payne: You know, and I think that's a really fair statement that communication really does shape it. 
 

Certainly when it comes to human outcomes, right? Communication and what messages are getting through really do have an impact on what does happen. I, I, I'll use polling as an example, right? So when the polls come out and the closer you get to the election, um, there are a number of elections you can look at historically where the stronger the polls were in favor of one candidate winning, um, The especially in a two in a two horse race, the more likely it was that the poll would be wrong because what it did was incentivize people. 
 

This is my theory. Anyway, it incentivizes people who see that they're going to be on the losing side to get out and make the change that they want to see. Um, so.  
 

[00:30:16] Sean Martin: In other words, the human brain is always a key factor.  
 

[00:30:22] Laura Payne: Our desire to be adversarial is not to be underestimated.  
 

[00:30:29] Sean Martin: How can we harness that for good? 
 

That's the question. Uh, well, we start by having conversations like this and, uh, and sharing stories on a stage like you're doing at Sektor and engaging with the community. And, uh, hopefully that's all happening. And I'm thrilled to, uh, to have this conversation with you, Lauren, to have you on the show. 
 

Really, really appreciate it. And, uh, Marco, what do you think?  
 

[00:30:57] Marco Ciappelli: Time machine time? It's time machine, but also... Go back and rewrite history? We left so many possible conversation to start, and of course we have limited time, so we're going to call it off, but I mean, I would love to dig deeper in the future about some of this conversation, even an election. 
 

It would be perfect for a more societal view of things. And yeah, it's a lot of thinking, and I love that. That's, that's why we do have this conversation. That's why conference and events like the one that Sektor and many others are for. Put together people, idea, theory, thesis, and, um, and, and kind of maybe become a little bit what we are not used to as human, which means proactive instead of reactive. 
 

And that's, that's the lesson right there. Absolutely. So excited for your talk, which Sean is going to be when?  
 

[00:31:55] Laura Payne: Yeah, it's going to be Thursday morning, 9 a. m. Eastern. Uh, and, uh, yeah, no, and I really appreciate the opportunity to come on and, uh, chat with you guys. And I think what you said about communication is so key, right? 
 

We can, uh, we can work together and solve a lot of problems if people come together and honestly ask questions and discuss and come with an open mind, uh, not to just convince other people, but also to potentially be convinced. So we'll see what comes.  
 

[00:32:29] Sean Martin: Two words, honest, honest and open. I latched onto those. 
 

Don't be afraid to share an honest opinion, but be open to the feedback as well. Yes, absolutely All right. Well, Laura, thanks again so much and thanks everybody for listening or watching to this episode October 23rd to the 26th at Sector We have a few conversations from the events that we're sharing some really cool stuff from Others just like Laura and, uh, yeah, it's called all to get you to think so stay tuned to our on location page. 
 

Uh, listen, share, subscribe, all that fun stuff. Thanks everybody. Awesome. Thanks.