At the Australian Cyber Conference 2024 in Melbourne, Marco Ciappelli hosted an insightful conversation with Daisy Wong, diving into a topic often overshadowed in cybersecurity discussions—the human factor.
Guest: Daisy Wong, Head of Security Awareness, Medibank
On LinkedIn | https://www.linkedin.com/in/daisywong127/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
Kicking off the conversation, Marco noted the absence of his co-host Sean, whose focus often leans technical. This opened the door for a deeper exploration into the human and operational side of cybersecurity, an area Daisy Wong is uniquely equipped to discuss.
Daisy’s career journey, from earning a marketing degree to becoming Medibank’s Head of Security Awareness, is rooted in understanding human behavior. Her hands-on experience with phishing emails and time spent in a pen-testing team revealed how critical culture and communication are to effective cybersecurity.
The Power of Communication and Culture in Cybersecurity
Daisy highlighted how her ability to simplify complex technical language became the cornerstone of her work in cybersecurity awareness. She emphasized that soft skills, like communication, are just as essential as technical know-how in navigating today’s cyber challenges.
Drawing cultural parallels, Daisy shared analogies from her cultural heritage, like the tradition of removing shoes before entering a home, and compared them to cybersecurity practices. Marco added an Italian twist, pointing to customs like cheek-kissing as a metaphor for ingrained behaviors. Together, they underscored how fostering a security-first mindset mirrors cultural conditioning—it requires intentionality, consistency, and collective effort.
Breaking Barriers and Building Bridges
One of the key takeaways from the discussion was the need to break down the misconception that cybersecurity is solely a technical field. Daisy argued for creating environments where employees feel safe reporting security concerns, regardless of their technical background.
She shared strategies for fostering collaboration, like simple yet impactful initiatives during Cyber Awareness Month. These efforts, such as wearing branded T-shirts, can make security a shared responsibility and encourage open communication across teams.
Staying Ahead in an Evolving Threat Landscape
Daisy also spoke about how cyber threats are evolving, particularly with the rise of generative AI. Traditional warning signs, like spelling mistakes in phishing emails, are being replaced with far more sophisticated tactics. She emphasized the need for organizations to stay adaptable and for individuals to remain vigilant.
While AI offers tools to identify risks, Daisy and Marco agreed that personal accountability and fundamental awareness remain irreplaceable in ensuring robust security practices.
In this lively episode of On Location with Marco Ciappelli, Daisy Wong spotlighted the indispensable role of human behavior, culture, and communication in cybersecurity. Her insights remind us that while technology evolves, the human element remains at the heart of effective cyber defense.
Cybersecurity isn’t just about systems and software—it’s about people. And as threats become more sophisticated, so must our strategies, blending technical tools with cultural awareness to create a resilient and adaptable defense
____________________________
This Episode’s Sponsors
Threatlocker: https://itspm.ag/threatlocker-r974
____________________________
Resources
Learn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australia
Be sure to share and subscribe!
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
The Top 10 Skills Your Security Awareness and Culture Person Must Have (With No IT or Cyber Skills in Sight) | An Australian Cyber Conference 2024 in Melbourne Conversation with Daisy Wong | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Marco Ciappelli: Alright, well, uh, I am very excited about this conversation for a couple of reasons. One, Sean is not here. And that's always so much fun. Because it's going to be a little less That's technical and he's so much more operational than me talking about cyber security.
He just loves that kind of stuff. I don't know what's wrong with it, but
[00:00:21] Daisy Wong: there's nothing wrong with it.
[00:00:24] Marco Ciappelli: We like to, we like to make fun of each other. We actually compliment each other. I've heard that a bit. That's what ITSP Magazine is about. Technology Cyber Security Society. I like to look more at the technology and cybersecurity and of course, and society and you cannot extrapolate one from another.
It's all connected. But with you, Daisy. Daisy Wong Welcome to the show! We will talk about a presentation that you did here with JJ, which was on the show, uh, yesterday.
[00:00:55] Daisy Wong: Yes.
[00:00:55] Marco Ciappelli: And, uh, she mentioned a little bit about this, uh, this presentation that she, uh, was doing with you. And, uh, The reason why Sean is not here is that 10 skills about cyber security training that are not IT.
No. So, they're human, right? Yes. The human element, and I love that. So, again, welcome to the show. Thank you. Um, please a little bit about yourself, and then we'll dive in.
[00:01:24] Daisy Wong: Well, thank you for having me first. And I'm so glad JJ was here yesterday so it's a good continuation, but a bit about me. I'm Daisy Wong Born and bred in Melbourne.
I work and I live here, at Medibank, one of Australia's Marchionne I'm the Head of Security Awareness. New job. I started four months ago. Oh, wow. Congratulations. Thank you. It's, um, very exciting. Um, so I've been doing, you know, security culture and awareness for about eight years. I actually started in the pen testing team.
So, you know, Sean being the technical person who might, you know, Proud to note, I did start off in a very technical team.
[00:02:00] Marco Ciappelli: If it feels like he wants to jump in, I know he's listening.
[00:02:04] Daisy Wong: But yeah, I actually started in the pen testing team, but my background is marketing. So I did a marketing degree. I did a degree in human behavior.
And then I thought I was going to, you know, be in a marketing role. My first role was actually a project coordinator role at IBM. And then my next role was a pen testing team at one of Australia's largest companies. And, um, that was when I started to understand the technical, you know, what a penetration test means or the findings.
But the problem with the pen test is where they weren't good at communicating, which is one of the 10 skills in the presentation. Um, they would tell the asset owners, your vulnerability, CVSS score is 8 out of 10 and they're like, what does that actually mean to me? And I was like, please stop talking.
They were upsetting them. So I was like, please stop talking to them. Allow me. So I would translate that. Hey, this report means if this application is launched, there's a vulnerability. Our customers might get hacked. The brand reputation, et cetera. And they're like, right. You actually talk English. You speak our language.
Yeah, so I was, I did that for a few years in the pen testing team. I was like, operations manager, kind of all good. I didn't never did the actual pen test, but I did a lot of the reporting and translating the reports, did that for a few years. And someone said, Hey, you know, there's this thing called security, culture, and awareness that might be good for you.
And I'm like, what does that mean? And they're like, you know, you don't know you do a train people. And then I was like, Oh, okay. That's a bit flippant. Like, you know, just like, and, and at that point, if I'd be honest, I was Um, Marco, I feel like they were saying that there wasn't a role for me, because I wasn't technical.
So the security industry is so technical, we don't know what to do with you. Do culture and awareness. That's how you felt? That's how I felt. So I was like, you know how when someone tells you to do something, you don't want to do it? Like your parents? I was like, yep, not going to do it. I'm not
[00:03:58] Marco Ciappelli: going
[00:03:58] Daisy Wong: to happen.
Um, then I became a Cyber Security Project Manager. So I did quite a few projects. You know, I implemented like the vulnerability management tool, our policies and standards. And one of my projects was creating the security awareness program. And I worked with a vendor. I'm like, okay. And then that's when I started understanding all the 10 skills.
That was required for security culture and awareness to build that in an organization to help employees understand. And that's when I realized, you know, I didn't need to be a pen tester. I don't need to be a stock analyst to do this role. The skills I needed, I already had. Because of my marketing degree and you know personality as well and things like that and you know the top ten I think JJ would have told you but I'll quickly run through is you know, she didn't.
[00:04:43] Marco Ciappelli: She didn't? No, but I think she left it for you. All right. Well, I
[00:04:48] Daisy Wong: hope I do it justice. The top ten that we came up with because our backgrounds are very similar stakeholder management Collaboration. Communication, which is really important. Um, I often say this a lot in, um, you know, conferences and presentations I do.
The French aren't rude because you don't speak French. Does that make sense? Like, you know, if you try I'm Italian. I understand that. Yeah, I just think, you know, they're not rude. They just don't understand you. Yeah. Right. It's a communication problem. Um, so your stakeholder management, collaboration, communication, project management is really important as well to do things on time and on budget.
[00:05:27] Marco Ciappelli: And
[00:05:27] Daisy Wong: then we have marketing branding, which is, you know, My big thing, as you can see. Um, because I think, you know, cyber security can be a dry topic. Actually, all tech, to be honest, can be dry for people who don't understand it. So how can you make it interesting, branded, have a mascot, you know, things like that.
Uh, it's not a coincidence. I'm so pink. I feel like pink has become my own personal brand. Uh, leadership and influence. So I often say it's top down, bottom up. I squash everyone in between. Like you really need leadership from, you know, high above. Like, you know, so your employees know that they're given the time to slow down, think before they click anything.
You know, they're not in a hurry. Um, then we've also got human behavior and psychology. That's really important as well. Cause, you know, when we talk about security culture and awareness, we're really You know, like it's just like any other kind of marketing or even learning and development right which is our next one learning and development how people learn that's another skill you need to understand so some people like to learn Bitesize you know some people will like face to face learning some people like self paced learning that's another one you need to know and I'm trying to think what the other two were JJ did that of the two.
[00:06:40] Marco Ciappelli: I think there is already plenty anyway yeah it could come in your mind yet. And then, of course, we can invite people to go and listen to the presentation and learn more about you and JJ. I'm going to connect a little bit with actually what we talked about with JJ, which was almost like the difference between learning and understanding versus, I mean, memorizing, going through the checklist.
Yeah. And actually. Internalize it, which is when you turn something into a behavior or into a culture, and it doesn't happen over time, overnight. It needs time, and you need to think it in a very psychological way. It's education. And I think that's what the big barrier was. Like, you expect everybody to speak tech or cyber security, and people are like, I
[00:07:34] Daisy Wong: don't get it.
That's right. Well, Mark, if you think about it, so what is the definitional culture? It's your beliefs and attitudes towards a certain item or behavior or, you know, how you act. You're Italian. How many times do you kiss on the cheek?
[00:07:48] Marco Ciappelli: Uh, not often when I'm not in Italy, but when I'm in Italy, yes. Yeah. So I'm Chinese.
[00:07:53] Daisy Wong: We take our shoes off as soon as we go into someone's house, and no, it's not, you know, no questions asked. Um, I call all my friends, um, my friends parents, uncle and auntie. We're not related, but that's culturally what we do. Uh, you know, the Japanese and Koreans often bow, like, I just think it's, uh, and they give things with two hands.
Yep. You know, it's very rude otherwise. The credit card. Yeah. You go there, you learn right away. Yeah, and then if you think about that with security culture, it's the same thing. What is the culture of your employees? When they've received something suspicious, is the culture to report or is it to just delete?
[00:08:29] Marco Ciappelli: Mm hmm.
[00:08:30] Daisy Wong: Right? And it takes time because maybe they didn't know there was a report button. I worked in an organization when I started, there were two buttons. I'm like, well, get rid of that one for me. You know, you want to make it easy as well, right?
[00:08:49] Marco Ciappelli: Yeah, of course, of course. So, let's go back to your story.
It was interesting because at the beginning, you know, you had the skills, you were coming from branding and marketing communication, your personality, clearly, you're a communicator, I can tell. And, and then, but, but when they told you to do it, you felt like, this is, I'm not going to do it. But then, then there was that a moment that you realized, You know, this is really more important that you kind of mature yourself into understanding that this was what was really needed.
[00:09:24] Daisy Wong: So I think there was two, um, kind of moments. I think one, I fell for a phishing email. Yes. No shame. No shame. Okay. I was a bit younger. It was PayPal. I received an email to say, change your password. Someone's in urgency. I was out having, freaked
[00:09:42] Marco Ciappelli: out. I
[00:09:43] Daisy Wong: freaked out. I was having dinner with a friend, and I just clicked it, changed my password, I put my details in, sorry, and then I sat for a minute and realized, this, no, and then I think there was a few transactions on my credit card, but not a lot.
I think they were trying it, like a couple of dollars Australian, so not very, like not a huge amount, but I knew I had to change my credit card, and I changed everything. And that was the first time. But the really significant moment that really got to me was in one of the roles when I told you I did the first kind of security awareness program.
Um, I was tasked to go to train a call center. Um, and it's actually regional in Victoria. So about an hour and a half away from Melbourne. I went there and they hide a lot of backpackers, backpackers and holiday visa people. And I remember talking to them and I had, um, and an elderly lady kind of came over and I was doing my presentation about, you know, phishing, common cyber security attacks, you know, how people can social engineer you.
And the session finished and she came up and she said, Hey dear, I know this might sound stupid, but I don't understand how people can get my email address. It's not like the old days. My, my addresses are published in the yellow pages, the white pages.
[00:10:57] Marco Ciappelli: I know, right? And I was like
[00:10:59] Daisy Wong: Yeah. And I was like, Oh my gosh, like, I take it so for granted that everyone knows what an email is, you know, and that they can keep up with Gen AI and the new phones.
Like, you know, do you remember when the, when the phones used to be really big? Then they went really, really small, the smaller, the better. And then now we're going back to bigger. And I think I take it for granted, for granted that technical literacy. And I think that was the moment because I sat her down and I was like, that's all right.
Let me explain. Do you sign up? You know, do you know what an email address is? Yes, and I explained it to her and I think that moment really got me. I was like, okay, you know, I may not be technical because I'll be honest. I was constantly told that I wasn't technical. There was no space for me in the industry.
Uh, I was about to leave because I was like, well, where should I go? Do you know what I mean? Yeah. So, and that role in the Pentastic team was also made redundant. So it wasn't like I had a choice to stay. Uh, but I think at that moment it was just really poignant for me that, you know, Being able to explain these, you know, technical, or not even technical, but just, you know, concepts of technology, how to use technology safely and really make a difference to a person really got me.
And, and I used to work at a bank and I always said this, um, I didn't really care how much the bank made money wise, but I cared that we protected our customers. Um, I ended up working in Victorian government for a while. And I really liked that because, you know, I was helping Victorians. I've lived in Victoria my whole life.
Right, you were doing like a public
[00:12:28] Marco Ciappelli: service.
[00:12:28] Daisy Wong: Yeah.
[00:12:29] Marco Ciappelli: Right? Yeah. So here's something that comes to my mind. First of all, when we started ITSP Magazine, I am like you. I come from branding, sociology, and political science, and I've done marketing myself. And then we started working on certain branding projects together with Sean, and, and I was like, We're still selling the box, we're still selling the picture of the server, the technicality of it, but what is the problem that it solves?
[00:12:57] Daisy Wong: That's right. It's like if you
[00:12:58] Marco Ciappelli: sell pharmaceutical, like a drug or insurance, banking, you sell that sense of security. You're not showing the security. So, you know, there is that thing about communication. But the other one, and I want to ask your opinion on that, is I feel like what you do is very similar to science educator.
Carl Sagan back in the 80s, where he would go and speak in public about astrophysics. Yeah. But it will make it easy to understand. And that's a gift. Yes. And I think it attracted so many more people that wanted them to study that, but also people to understand basic concepts. And do you feel like that's what is happening now?
That people finally realize in cyber security that ultimately the goal is to protect the users? Or am I being idealistic? I feel
[00:13:52] Daisy Wong: like you're a bit idealistic. I think we're,
[00:13:54] Marco Ciappelli: are we ever going to go there? I hope so.
[00:13:57] Daisy Wong: So, you know, I, uh, I've seen a shift. Um, so I'm very, very fortunate in my current role and my previous role as well.
I report directly to the chief Information Security officer. Okay. However, and I'm not quite sure in, you know, in America or Europe, where you're from, um, a lot of the times the, the role sits under governance, risk and compliance. Right. Um, that's a bane of my existence because I think, you know, it's not governance, risk and compliance and it also doesn't elevate the role.
Do you know what I mean? If you just put it underneath one function. Um, I went to a conference last week and there was an amazing. And it was like, you know, um, cyber security in 30 minutes. And it was kind of for, you know, people trying to get into the industry. And it was a great presentation about SOC and threat analyst and architecture and all the other functions.
Governors were just like, there was nothing about culture and awareness. And I was like, dude, what is going on? Um, and I think people still forget. So people process technology. I think a lot of people still think security equals tech, just tech, tech, tech. It's like they fight cyber with like, you know, tech with tech,
[00:15:06] Marco Ciappelli: right?
[00:15:07] Daisy Wong: Like, so the cyber criminals as obviously using all different tactics, right? Including psychology, social engineering, You know, but then I feel like a lot of corporations are still focusing on the tech and the security controls, which is important. Uh, policies and standards obviously are, but what about the people?
[00:15:25] Marco Ciappelli: Do you think it's because it's easier to get a budget
[00:15:27] Daisy Wong: for that? I think it's a lot easier to get the budget. And I think it's It's much easier to measure the success. So you can like, you know, I've implemented a new, you know, SOAR or whatever platform. And
[00:15:38] Marco Ciappelli: you reduce the threats right there. And, and, and the people, culture, it's going to take, Take time.
It's kind of like between branding and, Psychology. And marketing, like, Yeah. Branding may be something that you do, But then people will buy your product, Correct. Five years from now. Yeah. Like they stick with one of your brand.
[00:15:59] Daisy Wong: That's right. Versus. Yeah, that's right. And I also think security as a whole function, I don't know if you agree, for me, I don't think it's a cost function.
It doesn't generate an organization income, right? Revenue. And then you've got, so I spent all this money on, so you want money, I give you a budget. For tooling, makes sense. To do policies and standards, makes sense. You want money to do an event, a campaign about security, it doesn't resonate.
[00:16:24] Marco Ciappelli: Although in the long term, it would definitely pay.
[00:16:28] Daisy Wong: Exactly. Because
[00:16:28] Marco Ciappelli: you will have people more.
[00:16:30] Daisy Wong: Yeah, that's right. So
[00:16:31] Marco Ciappelli: tell me a little bit more about the presentation. When, when you do this with JEJ, what kind of question do you get? Like, what's the reaction of people that normally are, Quite technical an event. Yeah,
[00:16:42] Daisy Wong: so I think it was really good. I think we gave a lot of people the sense of hope that they don't need to Go and do another technical degree to come and do this role.
In fact, I think it's given them the not maybe the idea of Or the opportunity, but okay, I can actually hone my skills elsewhere. So you could be the best pen tester, but you're not gonna probably have the skills to do a security culture and awareness campaign. You could be this best threat hunter, but you know, the skills you need are communication, you know, collaboration, marketing, uh, influence.
And I feel like it's given that, I think they just really resonated. Okay, there is a role for me, even though I'm not the best. That was really good. And I think, you know, they really enjoyed the examples JJ and I gave, because we've both worked. Um, well, I've, uh, she's, I think previously she was more on the vendor side, but she sees a lot of customers, and I've been on the customer side, working within an organization, and I was able to give, um, examples.
So, uh, October is Cyber Awareness Month. Busiest month? Um, I started at my new job and I made everyone wear yellow t shirts. Good branding. All right. Yes, even the CEO. Yeah. I hand delivered. I didn't see him wear it, but I hand delivered it.
[00:17:59] Marco Ciappelli: Yeah. All right. Other example, like one that JJ brought up, um, was for the kids, for example, she did an art presentation about kids and cyber security, and we were talking about learning how to get acquaintance to the rule of the road, right?
So like, you don't just give a keys to somebody when it's 16, drive the car, you need to do Test you, but you also been learning about, you know, pay attention when you cross the street that go on a bike on skateboard and you go on this side of the road or the other. So it, it, it, she highlighted the fact that, again, it's a culture building and it's not just about, here study this manual, and all of a sudden you're, you know, everything about security.
[00:18:47] Daisy Wong: That's right.
[00:18:47] Marco Ciappelli: So that, that, I thought it was a very easy to understand example. Do you, do you, do you have any other example? Yeah, so
[00:18:57] Daisy Wong: I've never done any, um, work with children. Uh, I know JJ's really good at that space. For me, it's more employees and really helping those, I call them, you know, non technical employees.
So if you think about it, you know, accounts payable or like I work in a healthcare, we've got nurses, doctors. They're not employed to SOC analyst. Right. Do you know what I mean? So it's not for me. It's not fair for you to employ them. The position description has nothing about security. But then they join and it's like, it's your responsibility.
And then the culture from, you know, the leadership down is, you're gonna be reprimanded, if you click you're stupid. So I think for me what's worked is really create a safe environment. I stole this from a friend and I've changed it a little bit but I always say, um, deleting protects you, reporting protects us all.
[00:19:48] Marco Ciappelli: Right. Because deleting is like To help others not to make mistakes.
[00:19:53] Daisy Wong: Correct. Because, you know, because I think they're scared. They see a suspicious email and they don't think it's helpful. So, or they've reported something and the security team's not responded. And I'm constantly trying to tell my team, I know this may sound strange, but we're a consultancy firm.
We need to have customer service within the security team. And they're like, what are you talking about? And I'm like, what? But if I'm going to spend the time to forward an email to you, or report something, I want a response. Um, you know, and I think that is a perfect opportunity to educate as well. Thank you for reporting this.
This is a legitimate phishing because And it's teamwork. You can't change culture by one person. Let me ask
[00:20:38] Marco Ciappelli: you something. Like the new technology, right? So now we go back in the attackers obviously use technology, AI, generative AI to be more effective. The defense team use it as well. Do you see a role in generative AI?
Yeah. AI agent on your computer that could help the regular people, not the cybersecurity team to, to get maybe a little help in, in, in flagging.
[00:21:11] Daisy Wong: Yeah, I reckon flagging nudges, like just a simple, you know, how, like when you forget to, when you type an email, I've attached and then you forget and they say, Hey, have you forgotten?
Right. Things like that. Now I don't know how privacy works. Because does that mean the AI is then reading all my messages, but then it's a work computer? It should be instructed anyway, right? But I feel like those nudges would be really good. Like, you know, like before you provide your personal information, uh, we've, I've seen a lot where employees would scan their passport driver's license at work because they think it's safer, which I can see some logic in that.
But also, you know.
[00:21:50] Marco Ciappelli: But you also do it at work. At work. That's right. Which then kind of transfers the risk to the organization.
[00:21:56] Daisy Wong: Exactly.
[00:21:57] Marco Ciappelli: Yeah. Yeah, but you know, in the end I think that if we can get a little help. Um, and makes life a little easier. I still, you need to be in power of your own security.
There's not the easy button.
[00:22:09] Daisy Wong: And
[00:22:09] Marco Ciappelli: years ago, I used to hear this comment from cyber security people that say, you know, what will do our best job when the user doesn't have to worry about cyber security, I think is a little naive. I agree. Right? I mean, yeah, ideally, but is it ever, ever really going to happen?
[00:22:34] Daisy Wong: No, I mean, do we really have self driving cars yet?
[00:22:38] Marco Ciappelli: No.
[00:22:39] Daisy Wong: That's what I mean, right? Like, as in, you know, my car's got adaptive cruise control. I set it and it kind of adapts. Yeah, but you
[00:22:46] Marco Ciappelli: still need to be there.
[00:22:48] Daisy Wong: I mean, we still have pilots, right? You know what I mean? Like, you know, pilots still have very strict protocol, no drinking 24 hours before, things like that.
That's true, because they need to be able to manually fly, take off, and I think it's the same with cyber. I don't think, like you said, it will ever be automated, and we'll never have problems.
[00:23:07] Marco Ciappelli: Yeah.
[00:23:08] Daisy Wong: Yeah,
[00:23:09] Marco Ciappelli: yeah. And, and, and, and And I think also will be really weird if we are not aware or have a basic knowledge of the things that we use.
And we're kind of there, which is scary. People use a smartphone. They have no idea what's going on. They have no idea how the internet works, how we use it. But also we don't have any idea how electricity works and we have it in our house for the past 100 years. Yeah,
[00:23:34] Daisy Wong: I love this example. So my dad's 80. He turned 80 this year.
It took me probably five years to get him on WhatsApp because I was like, Dad, I bought you an iPhone. Yeah, we need to use it. Please use WhatsApp. You live in Hong Kong. Like I can't just pick up the phone whenever you want me to talk to you. I have a job. Taught him how to use whatsapp and now he just sends me photos of his letters.
Can you do this? Oh, by the way, you need to verify me. Here's a photo of my passport And it's like so I feel like it's two part right and it can be a lot right? You're so you're learning how to use the technology and then it's how to use it safely.
[00:24:10] Marco Ciappelli: Yes
[00:24:11] Daisy Wong: So it is quite hard and You know, um, again, I grew up with most technology, like, you know, I think I take it for granted, but I understand not everyone has been so fortunate, you know, whether it be age or socioeconomic, um, and technology keeps changing.
[00:24:27] Marco Ciappelli: Yeah. Yeah. And I feel like, uh, as we wrap up a presentation like the one you just did here, and I think you can keep doing it forever because new technology is going to come in, cyber security is going to evolve, the bad guys are going to evolve. So if we want to still have our humanity be part of the equation, I think you will keep maybe implementing new skills or upgrade those.
And I think it's very important what you do. I mean, it's. It's definitely in line with what I try to do. I like, I try to educate people, try to break it down to when it's understandable. So what you guys do, it's, it's amazing.
[00:25:13] Daisy Wong: Well, I hope I have a job for a very long time. I hope so too. Um, last example I'll give you is AI.
As we've all heard about gen AI, people using it. I think the red flags that we used to give people no longer apply. So we used to say, think about, look at the spelling mistakes, the grammar, you know, um, and the tone. Now none of that really applies anymore because it takes someone 10 seconds to generate a pretty well written email.
So now I'm often telling people to think about their intent. And the purpose.
[00:25:44] Marco Ciappelli: And the timing too.
[00:25:45] Daisy Wong: Yeah, that's right. Yeah, so if you're, are you expecting it? And, you know, why are you receiving an email from the CFO when you're not in accounts payable finance? Like for me, I probably shouldn't receive an email.
from the CFO with the quarterly business results. Probably not.
[00:26:01] Marco Ciappelli: And, and if it's something that it's guessed correctly, because obviously it's random and mass, uh, trust but verify. Yeah, that's
[00:26:13] Daisy Wong: right. Yeah. And I feel like everything works together. Yeah. So, you know, you hope, I feel like, you know, even if you do click, you're not stupid.
It's okay. We're humans. Yeah. Don't be afraid to click. Yeah. I feel like, you know, I'm hoping if you do click then the technology will pick it up.
[00:26:29] Marco Ciappelli: Very cool. Well, thank you so much. Thank you so much for having me. For stopping by. It was a pleasure meeting you. Uh, we are very happy again to be here and covering this, this event, Cyber Conference in Melbourne.
We hope, uh, we hope we'll do it again, but we still have, uh, two days to go. Yes. A day and a half. A little more conversation coming up. Stay tuned. And of course, here, uh, will be in the podcast or the video a way to get connected, uh, and, uh, and learn more about your presentation and, uh, and get in touch with you, Daisy.
Sounds
[00:27:05] Daisy Wong: good. Thank you so much. so much.
[00:27:07] Marco Ciappelli: Bye bye, everybody.