SPEAKER_01 0:13

Welcome to Breach Ready Radio. This is where we sit down with the people shaping cybersecurity to talk about what they're seeing, what they've learned the hard way, and what's really happening behind the headlines. From real-world breach stories to sharp perspectives on where the industry is heading, we keep it practical, honest, and useful. I'm your host, Sean Ferguson with Secure Onyx. Let's get into it. Thanks for joining us, Ken.

SPEAKER_00 0:43

Tell us a little about yourself. Hi, my name's uh Ken Weston. I am currently a senior solutions engineer at Lima Charlie. Um, we are a uh cloud uh platform uh for security tools. Majority of our customers are MSSPs and MDRs. Um but uh been in security for almost two decades now. Um everyone's asking me how to get in security, and I'm trying to find my way out.

SPEAKER_01 1:06

Thanks, Ken. Appreciate you coming on today. We're gonna get right into it.

SPEAKER_02 1:11

Yeah, so one of the questions I had to, and we've known each other for a while and been in this space for a while, but kind of what's your take on the agentic AI in the real world and threat defense? Also, I mean, even from the attacker's perspective.

SPEAKER_00 1:23

Yeah, we're seeing a lot more um AI, agentic AI tools that are being uh used, not only by the defenders, but also attackers. Um, I think a lot of the kind of the low-level types of things, like you know, basic data manipulation, um, you know, basic analysis and things like that, at least on the defensive side, a lot of stuff that um, you know, analysts like at the level one and two um types of work, that seems to be kind of the kind of the low-hanging fruit for a lot of this. Um, I haven't really seen it evolve too much into a lot more of the advanced um types of um, you know, techniques like running exploits and things like that. But it's all probably only a matter of time as the technology evolves. Um, but um I think you know it's having an impact right now on uh on on the defense side of things because I don't know, it's more optimistic, I think, um, that the AI is going to be replacing people and things like that. I think um the better approach is just more how do we leverage AI and some of these technologies to make the people we have more efficient with what they're doing, let them focus on more interesting human problems, you know, versus, you know, trying to, you know, do things that can be automated and things like that. So I think there's sort of a balance here that needs to occur. And I think it'll usually tends to figure itself out. Um, but unfortunately, there's probably going to be some major breaches that happen before people learn a lesson. Um, but that's just kind of par for the course, I think, in security.

SPEAKER_02 2:45

That'll take a little bit to kind of unwind because we already have the cybersecurity shortage, as you know. Uh, and there is also this kind of less, I would say, there's less of this push for cybersecurity hiring, like you were saying, for level one stocks, which kind of makes the the barrier of entry difficult. And we're seeing this in marketing too, in the sense of you have you know junior designers, junior comms, junior demand gen who feel like they can't break through because of the AI aspect of it. Like their job's already being done, what they're taught. I mean, college is being done. Um, I'm mentoring some people out of college, and that's one of the questions. It's like everything I've been taught and I'm coming out of here is already being done by AI. Do you think when we'd have a hiring surge? Do you think that there's going to be a sense of even more shortage for cybersecurity professionals?

SPEAKER_00 3:35

I think so. But I think um like a lot of the live coding and things like that is actually creating more security and vulnerabilities. Um seeing it constantly. Um, you know, a lot of times people are doing things that are not necessarily, they don't understand how it's working or what it's doing, things like that. Um, and so those sorts of visibility gaps are going to um increase the uh potential for breach, right? It's gonna increase the risk. Um, and I think uh the need for people that actually understand these tools and things like that over time are going to become more increasingly in demand, I think. Um you can have all these AI tools and things like that, but you still need to have someone train those AI tools. You need someone that's gonna maintain those tools, um, that's going to observe them and make sure that they're doing things uh you know correctly, right? Um validating um, you know, what they do. Kind of when I I leverage it, I write a little bit of code with it. Like I hate regular expressions, so I'll use AI to be doing things that I don't like, but you know, it does a good job of it. But I'm not gonna have it write an application for me, right? I'll have it these sort of little components and little pieces, and I'm gonna be able to review its code and things like that. Um, but I'm not gonna have it go write an application and 100% trust that it's going to be, you know, secure, right? And I think um like that's where I think there's gonna be a lot more demand for people that actually know their stuff. Like just like in in art and music, I think there's becoming more of a demand. I've seen it already, like folk music and like live music. People are more interested in that than something electronica because you know, this AI stuff, you know, it's soulless. You know, it's just regurgitated stuff that sounds like everything else that's out there. And so if anything, I think what it's going to do is make humans become more creative, like do do things that the AI can't do. Um, I think you know, you can see that in in art, you'll see it in writing and creativity, but then I I think that also is going to carry over into cybersecurity because after all, cybersecurity really is a creative pursuit. It's not, you know, hacking and things like that is not all technical. Um, you know, it's creative uses of technology, right? And I think that creativity side of things is it's always going to win. And that's a very human element, right?

SPEAKER_02 5:40

I know it's yeah, and I'm I'm seeing that too is like with a lot of maturity, and we're we're doing that on our end as well. There's a responsibility now forming for that, while like AI might be taking over at the low level. And then it's same kind of like we talk about with the music and even you know what we're seeing in in PR and comms. There was a there was a time where people were just chat GTPing and putting it out there, and now every single competitor sounds the exact same. You know, there has to be a touch to it. Um, it helps. I mean, I I I use it too for very early drafts. It's like, okay, let's get it structured now, let's do best practices because I know best practices, but I'm not gonna take that. I I can take that 30 minutes to write it, but the AI will help me do that best practices I've already trained it on to get it out there, and then I need to go in there and put my touch on it. Um similar to cybersecurity too. You know, we can we can have that level one and level two, but each system is different, each gap is different and needs to be trained, it needs to be monitored, and nothing is perfect.

AI Hype Marketing And Plagiarism Risk

SPEAKER_00 6:39

Yeah, you know, I hate to say it, but I blame marketing. Like I think I blame tech marketing for kind of this uh position we're in because um a lot of the AI stuff. I mean, we saw this, I saw this when I was at Splunk when we were, you know, pitching UBA and things like that. And you know, the marketing folks will say, Yeah, just replaces your analyst, you don't need the uh SOC and blah, blah, blah. And you know, that was like when we get in there, it was further from the truth. We would get in there, people would have these tools deployed, and we'd be, you know, getting like all these alerts, and it's from an IP address, and they don't know where the hell that IP address is. It's in some data center, they have no idea what you know, they didn't have the basics of like asset inventory and things like that sort of right. Um, and so I think what happened was like anything AI, it's like, oh yeah, we can replace it and all these huge promises, right? Uh, I think particularly in LLMs with this sort of the new thing because it it looked like it thinks, and but really what it was, it's a mechanical turk, right? So it's um yeah, it's not really you know playing chess, it's you know, that's like under underneath the the chessboard is um all of these prior works, right? That's what we found. Like all these models were trained on, you know, like with um meta, they they pirated books, like their their models were all trained on pirated books and content and other material. And we even saw that like a few years back at a vendor when we hired them to write like blog posts for us, and it was such a niche topic that they were writing. They you could tell they did Chat GPT because we ran it through um uh what was it, like the plagiarism checker, and we found that it was a competitor's blog. It was basically copying that content. Yeah, so we know the LLMs that it's just it's based off all this existing content, and that you know that's why I think artists are like they're uh reasonably upset. It's dealing their work, it's doing all these things and trying to replace them. And uh, you know, I I think uh I don't know, lawyers are gonna have their a field day. I think that you know, just like every sort of tech uh new technology that evolves, it's the lawyers that always win. They're the they're the ones that are gonna make all the money. Yeah.

Wild Case EXIF Tracking For Recovery

SPEAKER_02 8:35

Yeah, we kind of jump on that. And like I wouldn't say it's just tech marketing. I say marketing in general, just public perception. Because when this new thing came out and it became consumer-friendly, you know, the average person can use it. It was like, hey, this will, you know, this will cure everything, this will fix everything. And it just became this hype dream. Um, not to put my my security hat on, but we we did do predictions, and I'm sure you guys did too with your philosophy. Now is the year of the AI hype, has to be backed by proof, you know, you have to be able to do what you already said you're gonna do. And the people that weren't and were falling into the hype and falling into the like, yeah, just deploy it and you're good to go. It's gonna bite them. You know, they're gonna start churning and they're just gonna start really affecting. And not only that, I mean, we really think about it too. It's almost a disservice to your customers because you are making them vulnerable, you are keeping them open to hacks and zero days and hallucinations and false positives. That's why are you even selling cybersecurity? You know, if you're not there to help the customer, protect them from breaches, and it's costly overall. Um, and I see it, but you're right, with the with the the training on that, we ran into some of that at my previous company where it was very much proponent of just write with Chat GTP. And it was like we Googled a uh blog that we did, and like said there's our competitors we write the exact same blog, just different words. One, you're not standing out, two, it's not genuine, there's no thought leadership behind it. And three, I mean, it is plagiarism. Who was the original writer of that? And anyone could go after us for that. It's it's it's wild. All right, switch gears a little bit. I and we've talked about this in the past together. Like, uh tell me a good hacker story. Like, what is the wildest investigation or exploit you've seen um that made you go? Did that just happen? And you can even go back to the uh the article that was written by about you as well, being the uh the cyber stalker.

SPEAKER_00 10:31

Yeah, absolutely. Yeah, I've kind of had an interesting uh history in cybersecurity again. Like uh, you know, I I got really interested in like USB-based Trojans at one point. Company I was at, they actually had technology that was blocking it. At that time, that was kind of like a new attack vector where we call it pod slurping, where I could plug in an iPod and steal data off the network or ESEC networks and things like that. But um, I ended up applying a lot of that for um theft recovery um purposes. And it led me down a lot of rabbit holes. So I built a lot of different tools. You know, I built it for FLIR cameras, things like that to track them. Like if you steal it, you plug it into a device uh computer, it hijacks the computer's connected to, uses internet connection to send data out, you know, so you can use it for theft recovery and things like that. Um, but I think one of the interesting things that we did too is um I got really interested in exif data and images. Um, and I found that um the really high-end cameras like uh, you know, Kane and all that, they actually embed the make, model, and serial number of the camera that took the photo, but there wasn't really a way to search it. And so I was working with uh another startup friend of mine. They had this thing, it was kind of like uh, you know, you can rent out your idle computer type, sort of like a steady at home type of thing, um, but you can make money off of it. And you had access to a bunch of university computer labs where I was able to deploy this agent. So I mined all of Flickr and all of these other photo sharing websites, extracted all the exif data, and created a database that you could then search. So you could put us um put the serial number of your camera in the make, and it'll show you all the photos we found online that were taken by that camera. Um, and uh it ended up being used for theft recovery. Um, we ended up recovering like$8,000 worth of camera equipment for people. And um, you know, what was really interesting about that is just, you know, people didn't realize that that data was in there. Like, and then once you actually had a way to search it, you know, then we're able to go back and solve all these crimes, like stuff that happened, you know, years before. Um and uh then they're also using it, of course, for like um like innocent images, like um, you know, child porn and things like that. Um I was able to give um some of these um government uh agencies access to this. So the idea there is that if you know Joe Pervert is in Disneyland taking a photo with his family and he's using the same camera that he was using to create these images, um, they'd be able to track them. They they couldn't tell me um specifically if it was uh they were able to get someone, but they said it was a really useful uh tool for them. Um so I think you know, it's just one of those things I think like just like I AI and anything like that, like technology can all of a sudden just pop it up and all not only can we, you know, like things change in the future, but also changes how we look at the past.

SPEAKER_02 13:10

Yeah, they're definitely using it. They're saying that's very useful. You know, you're you're not gonna get anything back if it's like, oh hey, yeah, thanks. That's crazy. That's that's great though, too, in the sense of that it went beyond what you intentionally were using it for, but now that they can, you know, focus on trafficking and and the selling and sharing of, like you're saying, CP. Um which is wow, that's just tied to the camera models. Do they I do have to ask, do they still is the extra still tied to the camera making models to this day?

SPEAKER_00 13:43

Yeah, but now like a lot of like the photo sharing websites and social media scrub it. Um this is really interesting, though. Like though, um there's been multiple cases where they found that like um meta, like when you upload a photo to Facebook, yeah, it strips it on the image there, but they archive that data and they actually will use that data for marketing purposes as well. Because a lot of times there's geotag data in there, um, you know, and then you know, if you see someone like with an expensive camera, right, they then you can start to gear ads towards them, like you know, for photography or whatever. Um, so they are using that data themselves um and they do archive that data. Um, so I also think that that data can also be uh used by law enforcement or a government agency as well. So, and there have been cases where they do need that image, like it uh information, like uh a missing teen or something like that, and they uploaded an image and maybe has GPS coordinates or something like that. Um, so they they still leverage that, I think, for their own purposes as well as law enforcement, but it's not surfaced to the consumer. So you can't necessarily go out and mine all this information. What's interesting is I I did at one point mine uh Twitter, and even though Twitter was um removes the exif data from images you upload, it at one point it didn't do it for your profile photos. So I was actually I went through and I actually uh mined all of the um the PFP photos, even like tiny little images, and it had GPS coordinates embedded in in the image. So I could get like uh you know people that are trolls and things like that, they think they're anonymous. Well, if that was taken anywhere near your your house or whatever, then I know where you live.

SPEAKER_02 15:22

And there was a time where the GPS coordinates would be baked into almost every photo that were they were uploading to Facebook, but that's still crazy. That's still being still to this day. And I guess with the meta thing, like yeah, that sucks that they're using it for their own advertising purposes, but there's still it's it's good to hear there's still a realm for subpoenas, you know, to access that data and it's still being archived somewhere. But I ran into some of that too using uh tin I too when making sure there's any copyright issues too. But now 10 is starting to slowly and slowly get more difficult to use because, like you said, everything is being stripped from that. So there's no there's no true way other than pixel to pixel that they can you know backtrack and and search the internet for. I mean there's also things too that people are opting out from 10 i, they're opting out from Google, you know, reverse image search, but that's neat that they're still using the excess data there. Um anything, any other crazy story that you'd like to share?

SPEAKER_00 16:17

You know, lately I've just been focusing a lot more on you know um this AI cloud stuff. So I haven't I haven't been doing too much on the outside, mostly like political stuff, but I don't like to get it too much into that. Um yeah, no, not right now. About it.

What Shapes The SOC In 2026

SPEAKER_02 16:32

Awesome. Um if you had to predict what will shape SOX in 2026 tech people attacks, what are your big bets? I mean, I know you touched base on one of them with with uh with AI and how it's gonna kind of shape the L1s, L2s, but kind of curious thoughts.

SPEAKER_00 16:47

I think uh like incorporating AI, I think uh like in more of a hybrid model. Uh I've written articles about this, like where I think what AI is being marketed towards is like it's being marketed as this Android autonomous agent thing when it that's really not the case. When it in actuality it's more of a cyborg, right? The cyborg thing more like Robocop, where you're extending human capabilities, right? The human is still the one that's in control. And then you're extending their capabilities with the technology. And I think like the organizations that that take that approach, like leveraging AI to again extend and make their existing uh folks more uh efficient in what they do, um, and allowing them to focus on more interesting um topics, uh, I think that's gonna be uh really helpful. So again, you know, freeing them up, using AI to kind of you know do a lot of the mundane tasks and then freeing up the threat uh hunters and things like that to do threat hunting or you know, doing more um advanced detection engineering work, um, you know, integrating additional tools and telemetry. I think, you know, those sorts of things, uh freeing them up to again be more creative. I think it's gonna make them happier, but also it's gonna increase your overall security posture. And I think also allowing them to dabble in some of these with these, some of these AI tools. Yeah, you need to control it. You know, I'm not gonna, I even tell people like, you know, don't, you know, release clot into your production environment, right? But you know, a little uh dev test environment where where you're testing some of these tools, um, having a better understanding of how they work. I think just setting up an LLM. I took this really great TCM security course just on, you know, the basics of LLMs, understanding how neural networks work and things like that. I think that's gonna be uh critically important, really understanding how all these different pieces kind of fit together. And then I think then uh you're gonna be in a better position to leverage AI. But we've heard this song before, right? That's the the AI silver bullet now, right? And that's never, it's never gonna be a successful strategy. I think again, taking more of a measured approach into hybrid and integrating these different tools and technologies over time, um, it's gonna increase people's efficiencies and um and also hope hopefully likely you know decrease the you know the the uh potential for increasing risk in your into your environment as well by doing that.

Single Purpose Agents Or Multi Agents

SPEAKER_02 19:03

I know no, I agree completely. Yeah, the things you're seeing is this kind of needs to be, uh I wouldn't even say it's a re-education, I'd say kind of just an education that needs to happen in 2026 for sure, especially with all these things now being deployed with almost every company, um, cybersecurity and elsewhere uh offering some form of AI. And we're kind of doing ourselves a disservice by not being smarter about it. We're gonna have the kind of same scrutiny as we do with even social media that Facebook went through and Twitter went through. Uh, it needs to happen now with AI and LMs and just people understanding, okay, if I am gonna put this out there, where is it gonna live and who gets access to it? Thoughts on AI agents in cybersecurity. Do you prefer AI agents to be singular in the sense that they focus on one task, or do you prefer agents that can do multiple things at once? Of course, you know, human and loop is is an aspect in there.

SPEAKER_00 20:00

Yeah, like lately we've been like uh link with Charlie, some of the stuff we've been dealing with, Cloud Code in particular. And so that that allows you to do a lot of different things. Um, and you know, we I've even got a demo where not only do I give uh Cloud Code access to our MCP server, but we also have a bunch of cloud CLIs. So I have AWS, I have Azure GCP, and I let it go out and deploy agents. I let it go and um I need you to uh you know bring in the cloud trail logs. I need you to deploy our EDR agent to um the EC2 instances. Um and it it does out, it just goes out and does it like automatically. And it's more of an experiment for this. Um, I wouldn't, again, I wouldn't do this in like a large production environment, but just in these smaller controlled environments, I think it's uh it's been really interesting. It's been doing a really good job of it. And then uh we have smarter folks on our team. One of our founders, Christopher, he's great. Um, he's been building a lot of skills as well, specifically for uh Cloud Code and our tooling. Um, and it sort of makes sense because a lot of our customers are more focused on like more like SecOps, right? They're um not always like the analysts and things like that. They're doing a lot of the data plumbing on the back end and things like that. And a lot of them, like they they have hundreds of customers that they're managing, and that's we have multi-tenant environments and things like that. Um, and so it kind of makes sense that they would leverage AI for a lot of this type of uh work. Whereas especially if they're having to build like a custom adapter or something, kind of how I use it, like create a regular expression to parse this log or something like that. Um, and so we're providing those tools for the customer, right? Because we find a lot of them are already using cloud code. So now we're just providing a lot more hooks for them to be able to do that. We're gonna be doing a large demo uh kind of about that. I've been working on that all week. And I I I I like that, like it can do a lot of different things, but I I can't see the need for like an uh an agent to do one thing and do it really well and kind of keep some guardrails on it. So it really I think it depends on what you're trying to accomplish. Like in the DevOps.

SPEAKER_02 22:00

world like you can you can do a little bit more here especially if it's in like a a dev test environment versus like something that you're gonna be it's gonna be communicating with the production environment things like that that's where you probably want to have like more single focus and then some a lot more guardrails around what that particular agent can do and I appreciate your your your thoughts on that as well yeah we've been experimenting as well with you know with our with our agents and uh we talked about last year alienogenic mesh and and having them be like you're saying singular focus but still communicating into a larger neural network so there is communication there. When you're talking about these kind of control productions uh anything that you can share?

Token Costs Data Centers And Opex

SPEAKER_00 22:40

Yeah well one thing we do is uh like we have we'll have it integrated into the product we actually have like a a smart uh cloud um agent that's actually integrating into the product and that that does have some controls it has access to the MCP server but of course it's not going to have access to like community light tools and things like that like I would have on my laptop. And so that that's a really useful I I've been experimenting with even more just to um you know administrative tasks like you know what orgs do I have access to how many sensors do I have deployed what's my MITRE attack coverage look like and it actually creates really nice visual uh for me like it it almost replaces reporting than the need for reporting because if you can just ask the AI questions especially if you can trust it right then you can make um some decisions based on that um and so that's really kind of cool and then yeah the other stuff we're doing is again more on the DevOps side where again we're gonna be having it you know hey go go into an AWS environment and you know get Lima Charlie configured uh you know um bring in the logs parse them deploy the EDR agents and things like that and uh I think the more we do that um we're gonna start to see more of our customers start to leverage that as well um and that just increases the amount of or decreases the amount of time that they're gonna get value out of our product right they're able to get that stuff deployed they don't have to monkey with a lot of the the data plumbing and things like that you can leverage AI to handle a lot of that with regards to like the data too we're talking about with with AI agents and AI in general too do you think we're gonna start having or even running into a data scaling problem or even data cost issue down the line. Yeah I mean what we're already seeing that's like well you know if the quad code isn't cheap you know you have to eat all the to eat up all the tokens um and you also see a lot of the data centers that are right that are ramping up right that's why we have memory shortages and things like that like there's sort of this arms race um you know I have a friend that works at Google he actually works at the data center here in the gorge um and and uh yeah he's talking about how much they're ramping up because they're compute just for for AI specifically right so I think uh there's a bit of a gold rush I think in some respects for it um whereas I think whereas with Lima Charlie our approach is more selling pickaxes in a gold rush so providing capabilities where you can leverage these different tools without like we're not gonna be you know competing with anthropic we're not gonna build our own clawed code right but if we can provide um tools for you to to plug those um sort of AI brains into our platform right um and they're gonna get more value and have our platform resource as a result of that then that's something we definitely need to do.

One Practical Step To Modernize

SPEAKER_02 25:18

Yeah very cool. Yeah we're we're taking kind of a different approach from there is is more of just uh data management and hey what's important to you and then funneling it in there and flexing where you need to is there something happening a little bit more on this side. So let's shrink this data pipeline increase aesthetic data pipeline and so on. Because we are the same thing that you guys were hearing too like there's this gold row shopping right now and our customers kind of don't know how to manage this or even there there's a look at it from an opex perspective when there's still a solution there similar to like what you guys are running into. And it's just going to increase I have a feeling I mean there will be a I'll say people keep talking about an AI bubble. I think it's probably gonna be a data bubble where eventually you're gonna run two people just being like we're not gonna pay that you know to the data centers and the price is going to have to come down especially with how just the world is evolving. In cybersecurity we're a little bit more in front of that and more in front of the data parsing and and the data management. The rest of the world is now now just kind of seeing it and seeing kind of the sticker shock there. All right if you're cybersecurity listening to this and thinking how do I modernize my stock without losing control what's the one action that they could take either tomorrow or next week or next month.

SPEAKER_00 26:34

I think it's good uh like a lot of the the vendors right now that are uh you know they're ramping up their AI capabilities usually first thing is like an MCP server. Um but unfortunately a lot of times some of that is like marketing crap because like yeah they have an MCP server but it doesn't do anything is like it can give me a list of users right like that sort of thing. I think we have an MCP server. But I think you know starting to look at you know what um what capabilities uh is being developed by some of these vendors I think particularly on the sim side um you know seeing um how they're able to uh provide new capabilities and things like that one thing that you got to be careful of I think is that they're gonna try to use that as another way to nickel and dime you um so I think if uh you know look at what they're offering for free um what what's available to you um I think dipping your toe into some of these tools like Cloud Code I think is critically important just to at least understand how they work. You know even just having one system like like a low level subscription uh being able to run them and things I think it kind of opens your eyes to the technology. In some respects I'm a Luddite right I I I I I don't like AI in some areas, uh like art and things like that. I I think and I I also think that we need to focus on the human creative side of things and hacking and and and security. But um at the same time you also do need to you know immerse yourself in the technology so you understand it not only its strength but also its weaknesses.

SPEAKER_02 27:58

With the amount of data being consumed and the amount of information kind of crossing channels this is my own prediction straight from just what I know and going to call I see threat intelligence starting to pick up speed um in 2026 just because of the the volume that's going through there I feel like that we're almost going to start encrypting vulnerabilities rather than solving them in that realm. I was curious on your kind of take on that as well.

SPEAKER_00 28:25

I think threat intelligence is interesting right now like yeah AI might be able to help us um make sense of some of that data. However there's a lot less data that's being shared um there's like a hate to say it, I mean get political, but there's a mistrust in the government. So a lot of people that um at least in the US, a lot of people that were involved in information sharing um with the government with regards to what cyber criminals were doing and things like that. There's um a lot there's a bit of a reluctance now to share that information with a lot um some of the government agencies. A lot of them have also had their uh budgets cut and things like that too. So even if they do have any additional intelligence or telemetry, it's more difficult for them to share. So you have like a lot of um sort of uh institutions like InfraGuard and things like that that were really critical for sharing information um are becoming much less trusted or even valued uh within the security community. So I think that's one kind of interesting thing too is that the intelligence side of things is a human component, right? It's not always just speeds and feeds and you know IP addresses and things like that. A lot of it gets deeper into um you know what are the motivations, what are what are they targeting, you know, what kind of information are they after you know we've even seen like them take totally different um uh spins like with the North Korean IT worker stuff right like that isn't necessarily a um uh something you're gonna pick up on a threat intelligence feed but there's some things that HR needs to learn about for how to conduct those types of interviews and maybe there's some additional security controls that need to be in place uh for that right and that's a totally new thing right and it's a human component right and that's not something that you're gonna again you're gonna get from a technology you need to you know again have a strategy and you really need to um be able to look at it from a human lens right and that's not always going to be uh a like a speed or a seed or something like that that a lot of times people think threat intelligence is it's like oh it's a gray noise or it's a you know it's an RS feed or whatever of IP addresses and that's not always the case.

North Korean IT Workers And Insider Risk

SPEAKER_02 30:27

Yeah I feel like it opens this gap now that that is being filled which is which is which I'm very surprised about and also happy about of threat researchers and almost threat vigilantes now taking up the slack from the government and the Timo tree and the and the research information there and then putting it into those feeds. For those who don't know about the North Korea with Korea story is it was a a North Korean citizen hired by Google, right Kendall? I think yeah there's tons of companies that have hired hired these North Korean IT workers and I proxied through their laptops that look like they're showing up in the US and I think one of them too one of the things that happened too is they were they were getting fake IDs from this farm in Arizona and that's where they were proxying through is through the through those laptops and they're basically working and almost moonlighting at the same time which again creates so much internal risk there.

LimaCharlie Plug Sponsor And Contact

SPEAKER_00 31:22

And I would say I mean for the argument too is it calls for more UEBA especially you know in this day and age too of remote work and proxies and you actually have US citizens uh not think it's political don't be abuse since US citizens seeing this be a moneymaker and literally just buying up a data farm and selling it to North Korea selling it to China selling it to uh Russia and so on um they'll let them into these companies and while some of these will be probably financially motivated you do have and there there is um geopolitical attacks that happen there so yeah yeah definitely all right do you want to plug to Lima Charlie real quick I'm with uh Lima Charlie um again Lima Charlie is a security operations platform uh we focus a lot on the needs for MSSPs, managed security providers MDRs uh we're a truly mobile tenant solution and uh we're incorporating a lot of really cool stuff on the AI side uh recently so we're gonna be doing a big launch where we're gonna be talking about um how we're leveraging Cloud code um in some of our tooling and we have a bunch of demos that we're gonna be showing as a result so uh hope to see you all there.

SPEAKER_02 32:31

Ken thank you so much for being on here for the first episode of Breach Ready Radio really appreciate you uh we've known each other for a long time and um that's great to be able to kind of have a platform so you share some of your insights on. Thank you.

SPEAKER_00 32:44

Thanks for having me appreciate it.

SPEAKER_01 32:46

Securonix helps security teams detect real threats faster cut through noise and respond with confidence. With unified analytics intelligent investigation and AI built to support human decision making teams can move from reacting to attacks to staying ahead of them learn more at Securonix.com interested in being on the podcast? Have a wild story to tell? Reach out to us at podcast atsecuronix.com