This podcast episode elucidates the evolution of artificial intelligence, particularly focusing on the transition from earlier models such as ELIZA and Watson to contemporary systems like ChatGPT and Claude. Our discussion emphasizes the importance of understanding the context and limitations of AI, as well as the implications of its rapid advancement on our professional landscape. We delve into the nuances of prompt engineering and the necessity of training AI models to interpret context effectively, which has become increasingly pivotal in their application. Furthermore, we address the societal concerns regarding job displacement in the wake of AI proliferation, positing that while certain roles may be rendered obsolete, new opportunities will arise, necessitating continuous adaptation and retraining. Ultimately, our dialogue aims to provide clarity amidst the complexities of AI technology, underscoring the imperative for informed engagement with these transformative tools.
In this episode of the Security by Default podcast, host Joe Carson welcomes Diana Kelley, a prominent figure in the tech industry, to discuss her journey in technology, the evolution of AI, and its implications for cybersecurity and the job market. They explore the historical context of AI, from early systems like ELIZA to modern advancements like Watson and ChatGPT, and address common misconceptions about AI’s capabilities. The conversation also delves into the future of jobs in an AI-driven world, emphasizing the need for training and understanding of AI technologies. In this conversation, Joseph Carson and Diana Kelley discuss the evolution of jobs in the context of technological advancements, particularly focusing on AI and its implications for the workforce. They explore the necessity of continuous retraining and the emergence of new roles, the importance of contextual understanding in AI, and the behavior of AI agents. Additionally, they emphasize the need for control mechanisms in AI development and the importance of empowering women in cybersecurity to address the growing challenges in the field.
Takeaways
- The podcast aims to bring clarity and transparency to the chaos in the tech world.
- Diana Kelley has a rich history in technology, starting from the DARPAnet in the 1970s.
- ELIZA was one of the first AI systems, designed to emulate a therapist.
- Watson’s success in Jeopardy was due to its speed, not intelligence.
- AI’s interaction with humans can lead to misconceptions about its capabilities.
- Chain of thought prompting has improved AI’s problem-solving abilities.
- AI is a probability machine, not a sentient being.
- Training is essential for effective AI usage.
- The evolution of AI has implications for job security and creation.
- Legacy systems still require human oversight and expertise. The jobs we have today are constantly evolving due to technology.
- Retraining is essential to stay relevant in the workforce.
- AI will create new job opportunities in various fields.
- Understanding context is crucial for effective AI interaction.
- Prompt engineering is a vital skill in working with AI models.
- Control mechanisms are necessary for managing AI behavior.
- Empowering women in cybersecurity is critical for the industry’s future.
- Community support is essential for fostering diversity in tech.
- Continuous learning is key to adapting to technological changes.
- Networking and mentorship play a significant role in career development.
Chapters
00:00 Introduction to the Podcast and Guest
01:01 Diana Kelley’s Journey in Tech
04:56 The Evolution of AI: From ELIZA to Watson
10:14 AI in Cybersecurity: Training Watson for Cyber
14:03 Understanding AI: Human-like Interaction and Misconceptions
16:33 Advancements in AI: Chain of Thought Prompting
20:11 The Future of Jobs in the Age of AI
21:20 The Evolution of Jobs and Skills
23:51 AI and Human Interaction
27:06 Contextual Understanding in AI
29:56 Agent Behavior and Control
32:58 Staying Informed in a Rapidly Changing Field
36:07 Empowering Women in Cybersecurity
Resources & Links:
- ELIZA – Joseph Weizenbaum’s AI Program
- Diana Kelley – LinkedIn
- OWASP GenAI Project
- Women in Cybersecurity (WiCyS)
- IBM Watson
- OpenAI GPT Models
- Anthropic’s Claude
Connect with Diana Kelley:
Enjoy this insightful conversation on the past, present, and future of AI and cybersecurity, highlighting the balance between innovation and responsible deployment.
The discourse conducted in the latest installment of the Security By Default podcast presents a profound exploration of the evolution of artificial intelligence (AI) and its consequential implications within the cybersecurity domain. The host, Joe Carson, alongside esteemed guest Diana Kelly, embarks on a reflective journey that traverses the historical underpinnings of AI, commencing with early innovations such as the DARPA Net and the pioneering chatbot Eliza, which simulated therapeutic conversation. As the conversation unfolds, they elucidate the transformative journey of AI from rudimentary systems to contemporary models like IBM’s Watson and emergent generative AI technologies. The dialogue is rich with insights on how these advancements not only augment human capabilities but also necessitate a reevaluation of cybersecurity protocols, particularly in the context of AI’s dual potential for both beneficial applications and nefarious exploits. Through this enlightening exchange, the episode instills a nuanced understanding of the need for responsible AI usage, emphasizing the importance of training and ethical considerations in the burgeoning field of AI-driven technologies.
Takeaways:
- In this episode, we explore the evolution of AI technologies from early models like Eliza to modern systems such as Claude and ChatGPT, discussing their implications and societal impacts.
- The podcast emphasizes the importance of understanding the context in which AI operates, highlighting that these models do not possess true intelligence or decision-making capabilities.
- We address the urgency of educating users about responsible AI use, advocating for training requirements that ensure individuals comprehend the limitations and potential risks associated with these technologies.
- The discussion includes insights on the future of the workforce, particularly on how AI may transform job roles while also creating new opportunities for skilled professionals.
- We reflect on the historical significance of AI advancements, illustrating how past innovations inform our current understanding and utilization of machine learning algorithms.
- The episode concludes with a call to action for listeners to engage with AI thoughtfully, encouraging them to remain informed and proactive in adapting to the rapidly changing technological landscape.
Transcript
Hello, everyone.
Speaker A:Welcome back to another episode of the Security By Default podcast.
Speaker A:I’m the host of the show, Joe Carson, and it’s a pleasure to be here.
Speaker A:It’s my favorite time of the week.
Speaker A:I get to talk to amazing people and have fun while doing it.
Speaker A:So we live in a world of chaos, and what we’re really here to try and do is bring clarity and transparency and knowledge to that chaos so at least we can make informed decisions.
Speaker A:And this podcast is really to help you either educate yourself or choose a career path that will help you do the things you really enjoy doing and really get connected with people who’s making a difference in the industry.
Speaker A:And that’s really what I try to aspire to do, is bringing people that are really kind of making the world a safer place and really making a difference at the same time as doing it.
Speaker A:So I’m welcomed with an amazing guest who I’ve known for quite a long time.
Speaker A:We’ve worked, we’ve crossed paths many times in the past.
Speaker A:So, Diana, welcome to the podcast.
Speaker A:It’s so great to have you on.
Speaker A:If you can give the audience just a background, you know, how did you get in the industry?
Speaker A:What’s your origin story?
Speaker A:And a little bit about what you do today.
Speaker B:Thanks so much for having me on.
Speaker B:And it is.
Speaker B:It’s always, you know, it’s funny that you say, you know, you just.
Speaker B:It’s here trying to help people make the world because that is just so you.
Speaker B:That’s why it’s just been so wonderful to be able to know you and speak with you for so many years.
Speaker B:Is that you really do.
Speaker B:You just come.
Speaker B:You contribute so much to the industry in just this very humble and helpful and collaborative way.
Speaker B:So thank you for all.
Speaker B:Thank you that you do to me.
Speaker B:How did I get started?
Speaker B:I mean, if we go way, way back, we gotta rewind to the 70s.
Speaker B:I was actually on the DARPA Net and I got really fascinated and which was the precursor to the Internet.
Speaker B:If anybody’s like, what’s the DARPA Net?
Speaker B:It was the precursor.
Speaker B:And yes, it was the:Speaker B:I started out my.
Speaker B:My professional career as a sysadmin.
Speaker B:And I think I was even at that age, you know, a little sysadmin at heart because I wanted to know how the systems work.
Speaker B:And I couldn’t get to the manuals because I didn’t have access, the right privileges to do it.
Speaker B:So I actually figured out that there was a way to get passwords and to see what people were typing in for their password.
Speaker B:And I got the password of a Navy commander and got onto one of the dot mill sites and was reading the manuals there, which the next morning my dad came into my room.
Speaker B:Because I was a kid at the time, my dad came into my room and I felt bad for him because you could tell that he was very, very angry.
Speaker B:I had clearly done something wrong.
Speaker B:But also there was this tiny bit of like, huh, you know, a little impressed.
Speaker B:So of course the admins had had.
Speaker B:And the, the, the systems I had been on had seen what I had done.
Speaker B:They realized I had not done harm.
Speaker B:But they did say so they did actually didn’t take my account away.
Speaker B:They did allow me to read manuals.
Speaker B:But going forward.
Speaker B:But they did say if I ever did anything like that again and why it was wrong to steal passwords and all.
Speaker B:Obviously you don’t have that kind of plausible deniability at this point.
Speaker B:Um, but so interestingly, at the same time, the other thing I got to play with that I think is more salient to where I am now all decades later, was there was a.
Speaker B:lled Joseph Wiesenbaum in the:Speaker B:And I played with it in the 70s and Eliza was one of the first pieces of.
Speaker B:Of AI actually.
Speaker B:And he.
Speaker B:Interestingly, it was.
Speaker B:It was supposed to emulate talking to a therapist.
Speaker B:So there was a lot of like, how does that make you feel?
Speaker A:That’s pretty impressive that you got to actually use that software.
Speaker A:Because I, I’ve been reading about it so many times over the years and it definitely is, you know, a.
Speaker A:Models was back was either training simulation models or it was basically therapy kind of trying to simulate human behavior.
Speaker A:And it was amazing that when we think about.
Speaker A:That’s 60 years ago.
Speaker B:Yeah.
Speaker B:And according to lore, from what I read, it was.
Speaker B:He wrote Eliza actually as a response to the AI conference that went on in Mass State here of New Hampshire at Dartmouth in the 50s.
Speaker B:And a lot of futurists were saying AI is going to replace human beings.
Speaker B:Does this sound familiar, anybody?
Speaker B:AI is going to replace human beings, and we’re not going to need to have.
Speaker B:There’s going to be basically everything’s going to be controlled by the machines.
Speaker B:And Wiesenbaum said AI isn’t quite like that and people may misunderstand what this technology does.
Speaker B:So he created Eliza partly to help people understand the illusion of intelligence, but not real Intelligence, but it ended up a lot of people thought it was true.
Speaker B:Eliza was truly intelligent.
Speaker B:stack back to the, to around:Speaker B:And I was at IBM and IBM had Watson which.
Speaker B:Do you remember?
Speaker B:Watson beat Jeopardy.
Speaker B:And that was.
Speaker A:I remember, I remember.
Speaker A:I remember all that’s.
Speaker A:That was impressive.
Speaker A:But, but, but you think about it, it’s very logical because, because that’s what it’s been trained to do.
Speaker A:When you go through the machine learning and all of the aspects and the algorithms that you, you put the guardrails in place to give it that goal.
Speaker A:But that’s when we kind of for humans to be able to, to do that we’re, we’re unpredictable.
Speaker A:We’re, you know, we got frontal cortex which makes us, you know, look concentration and we got many goals that.
Speaker A:To be very focused on those.
Speaker A:You know, that’s, that’s, it’s, it’s sometimes it’s hard to compare, you know, a human versus machine when it’s, when it’s so targeted to do those tasks.
Speaker A:But it was amazing to watch and we also saw the, the alphago and we saw, you know, the chess and every, all of those many, many things has been played out over the years.
Speaker A:So it’s also amazing that you got to play with Watson as well.
Speaker A:That’s.
Speaker A:Which is impressive.
Speaker B:Well, it’s, it’s.
Speaker B:And you’re exactly right that it was trained to be because Jeopardy.
Speaker B:Asks questions or gives answers in a, in a very specific way.
Speaker B:And it’s sort of tra.
Speaker B:Yeah.
Speaker B:And tr.
Speaker B:The machine learning Watson to get the right.
Speaker B:So interestingly, this is kind of a fun thing.
Speaker B:Watson wasn’t actually faster or better at coming up with the answers than the humans.
Speaker B:It didn’t beat the humans on actual answer.
Speaker B:Where it beat the humans is that Watson didn’t have a, you know, the buzzer.
Speaker B:That’s where the humans.
Speaker B:So looking back on it, it was apparently it was the button because Watson had to.
Speaker B:Watson just had sort of, I get, you know, flipped a bit.
Speaker B:It was just like ready.
Speaker B:Right.
Speaker B:Whereas the human to.
Speaker B:So Watson was able to beat the humans on the speed because it was our thumbs sort of that slowed.
Speaker B:So it wasn’t our brains.
Speaker B:Which is sort of amazing.
Speaker A:Yes.
Speaker A:Which is going to be impressive because when I think about, I read the book about the battle of the brain, which is also then about talking about potentially the future.
Speaker A:And I did a TedX talk 11 years ago, I got reminded of it just recently, which is all about moving to the world of augmented reality.
Speaker A:And that our traditional way that we interact with the computers through mouse and keyboard is going to completely change, especially with voice.
Speaker A:And then if you get connected directly, if you’ve got a neural.
Speaker B:Right.
Speaker B:Yeah.
Speaker A:Then.
Speaker A:Then that speed completely changes or the human interaction between us and computers will completely evolve.
Speaker A:And I think that’s the next big wave of innovation is how do we make us move at computer speed with our decision making, not have to rely on our thumbs and fingers.
Speaker B:Yeah, yeah, exactly.
Speaker B:How can we get.
Speaker B:Cause the speed is very fast, even to the point that there’s been, you know, neuroscientists think that we make a decision before we can actually understand that we’ve made a decision.
Speaker B:And then we start to use language to rationalize why that.
Speaker B:But that it had already.
Speaker B:So yeah, the speed that things happen within us is just amazing.
Speaker B:But so anyway, so, so we had Watson and Watson was being used for healthcare and I was in IBM security.
Speaker B:Where else would I have been?
Speaker B:And we decided to train Watson for cyber.
Speaker B:And that was a really fascinating experience because there was, you know, understanding of the understanding words and Watson not being able to put context around it, which is if.
Speaker B:Or have the right attention.
Speaker B:Right.
Speaker B:nd you know, what happened in:Speaker B:Because where Watson would run into trouble is something like ip.
Speaker B:Does that mean intellectual property or does it mean Internet protocol or, you know, salt the hash.
Speaker B:Are we talking about cryptography or are we talking about breakfast or honeypot?
Speaker B:Honeypot was another one where Watson, you know, really wanted.
Speaker B:Wanted Winnie the Pooh to be going up for that honey pot and to explain what a honey pot or honey nut.
Speaker B:So these interesting.
Speaker B:And I kept thinking at the time, which ended up being.
Speaker B:I thought it was like really kind of naive and because I’m not a data scientist.
Speaker B:But when you look at what transformers are, which was looking at the context and the closeness to things that are nearby those words so that you can get attention on and start to really understand a little bit more about is this IP intellectual property or is it IP Internet protocol?
Speaker B:And that actually is a lot of what happened with what changed, what transformed with transformers and how we got from Watson to ChatGPT and Claude and Copilot.
Speaker B:So, yeah, so I do.
Speaker B:I feel pretty lucky to have been in around it.
Speaker B:I worked at Microsoft where I again was very interested in AI and what was happening with AI and the team, and then ultimately went on to be the ciso at Protect AI.
Speaker B:I also did the first AI security course for LinkedIn Learning, which was an absolute blast.
Speaker B:I based it on a lot of the research from Ram Shankar from, from Microsoft.
Speaker B:But yeah, so it’s.
Speaker B:So I’ve been really lucky to have been around this and near AI for a long time.
Speaker B:And now I am the CISO at Noma Security, which is an AI agentic AI security company.
Speaker A:Fast, I guess.
Speaker A:I mean that’s, that’s impressive that we can see that evolution of AI throughout the years, because a lot of people, a lot of people’s coming on the end of it with the last five years and they’re, they’re really jumping on and they’re.
Speaker A:And I think there’s a lot of assumptions and misunderstanding and interpretations about what it can do, about how to get value out of it, what the risks are.
Speaker A:And I think when you really look at the evolution, I always like to go back and understand about what decisions do we make at the time.
Speaker A:Why did people come up with Eliza, why did we do Watson, what was all the kind of evolutions throughout that.
Speaker A:And a lot of times when you go back, you start seeing the path itself and the decision making and about the improvements and the major evolution, things like the natural language processing and understanding.
Speaker A:I think that was the pinnacle, kind of massive ability for us to, with an AI algorithm in our language.
Speaker A:And that’s a massive difference.
Speaker A:And I think that’s sometimes a bit of a concern as well.
Speaker A:Remember I was actually on a panel just recently and we went through this whole discussion, it was about that we try to make AI in human.
Speaker A:We try to make it human, like by giving it a human voice.
Speaker A:And sometimes we make it a robot.
Speaker A:We try to make it look like a human in a robot style and that gives us this misrepresentation.
Speaker A:Then we start treating it as if it is human and as if it is intellect and has a frontal cortex and has contacts aware and can have creativity, but it doesn’t.
Speaker A:It’s based on maths, it’s based on algorithms, it’s based on machine learning, it’s a probability machine and all those things mix together.
Speaker A:And I think we really need to make sure.
Speaker A:Mike Aldous question is, should we have a prerequisite before people can actually start using AI models to make sure that they understand that this is not a human?
Speaker A:Don’t thank it because you’re going to cost it tons of tokens by just saying thank you and really thinking about, you know, the cost, the energy cost.
Speaker A:Modi said that, yeah, it was, the energy cost was just phenomenal by just humans, you know, thanking it.
Speaker A:Because we think that if we’re polite, it remembers that.
Speaker A:So the next time we ask it a question in future it will actually be kind to do it for us.
Speaker A:No, we’re always afraid that it might come up and say, no, no, no, I’m not doing that because you weren’t kind the last time.
Speaker A:So it’s interesting about our perception with it.
Speaker A:So tell me, in the recent years, what have you seen?
Speaker A:I mean, we’ve came a long way, especially with natural language processing, understanding a lot of the GPT models, the evolution we’ve seen with coding, with ability to make genealogy and there’s so much things that AI is getting involved into and there is that fear that it will take our jobs and replace us.
Speaker A:And I don’t believe, I mean, I still have positive outlooks that it’s there to empower us.
Speaker A:It’s to help us go faster and do things and maybe focus on the things that we can enjoy and spend the time on.
Speaker A:What’s your perception on all of that?
Speaker A:There’s a lot of the technology, evolution and innovation which is amazing, both in the good and the bad because all things can be used for both good and bad.
Speaker A:What’s the things that you’ve seen in the last couple of years that’s really been exciting, but also concerning, do you think it’s going to tick our jobs?
Speaker B:I loved what you said about should people have to take some training before they start using the AI?
Speaker B:Because it is true, they’ve been trained, the AI have been trained to interact with us like we’re humans.
Speaker B:And you sort of have to look no farther than did you see when the CLAUDE code, there was some source leak, open source code leak of some of Claude code.
Speaker B:Right.
Speaker B:And it turned out that they were using regular expressions to parse out sentiment before sending information into the context window, you know, and people were like, why would you use regex?
Speaker B:And it’s like, well, because it’s better than using inference to find.
Speaker B:But you could see from the actual, you know, words that were in there that people were clearly getting upset with Claude and saying things like, you’re terrible and you’re shitty.
Speaker B:Like it was just sort of funny because you sort of saw this microcosm of how people were clearly getting upset with the AI and swearing at it and that’s what that, that regular expression set was looking for.
Speaker B:But what, what are some of the biggest changes?
Speaker B:I think these models, and I loved how you were saying, you know, they’re not intelligent, they don’t quote learn the way humans do.
Speaker B:We train them, they’re prediction machines.
Speaker B:We’re getting a lot better at training them to do what it is we want them to do.
Speaker B:And one thing that’s shifted a lot and you’ll hear like, oh, it’s such a powerful model and it’s so much smarter.
Speaker B:But what’s really shifted, especially if you look in the software development, is how we’ve trained what we’ve trained these models on, especially around what camera about initially as chain of thought prompting.
Speaker B:So to try and get the model to solve a problem rather than to just know the answer.
Speaker B:Because that was traditional.
Speaker B:You look back at Watson and it was like at that place, at that point, you know, it was here’s Wikipedia, learn Wikipedia.
Speaker B:Then probably you’ve got all of the questions for thinking about it.
Speaker B:For example, like chain of thought was sort of the walkthrough and we talk about quote reasoning, but really it’s that these models are now being trained on how do you break down a problem.
Speaker B:So instead of just having like nine times nine, 81, right.
Speaker B:And then so memorize the multiplication table, don’t just memorize the multiplication table.
Speaker B:And that’s sort of how we were training originally is just have all the knowledge and you should be able to quote solve the problem.
Speaker B:But it’s okay if you have nine times nine, understand how to do location.
Speaker B:You know, what are nine nines?
Speaker B:Right?
Speaker B:Like that is, that’s how it stepping them through, you know, with like a word problems for math, you know, if you have three bushels of apples and there are four apples in each one, actually doing this chain of thought prompting.
Speaker B:But now they’re doing it in the training so that the models are much more likely to be able to break down, you know, instead of the problem and do quote reasoning through it.
Speaker B:Which has been really powerful for a couple of things.
Speaker B:For some research.
Speaker B:Anybody who’s used a model and sees it start to say you can see it quote thinking, right?
Speaker B:And what it’s really doing is it’s now being taught on how to do this chain of thought, how to break down the problem.
Speaker B:And then where that’s really been incredibly powerful is in software development.
Speaker B:And it’s.
Speaker B:And it really improved the capability of these models to write software and to also test for flaws and vulnerabilities and issues in the software, which has now led us to this latest model of anthropics that they’re not even releasing with sort of quite the name, their mythos, you know, I mean, like it’s, there’s, there’s feels like a little marketing involved with that.
Speaker B:But okay, so this model, they’re not even releasing out to the wild yet.
Speaker B:It’s in preview now with a consortium of organizations like AWS and Microsoft and Google and CrowdStrike who’ve agreed to look and understand at the capabilities so that when it is released that some of this power of being able to find vulnerabilities in software and vulnerabilities in systems will not lead to a more insecure state on the Internet.
Speaker A:We’re back in the vulnerability disclosure discussion again because ultimately we’ve always been doing this, you know, over, over from a long time.
Speaker A:And finally we now have a proper.
Speaker A:Will these algorithms and, you know, models adhere to vulnerability disclosure processes that companies are actually putting on their sites?
Speaker A:Will it read and be able to say, okay, I’m going to adhere to their policy disclosure, I will make their vulnerability disclosure to them and follow.
Speaker A:Will it follow those processes, you know, that we’ve set and we’ve got their guidelines and best practices that we’ve done for a long time.
Speaker A:And this was, this was one of the things that, you know, was the highlight, I think recently at the RSIC conference when I went to BSIDES and listened to Katie’s talk, that if we take, if we take that model and we point it to all the old code and legacy code that’s been written since the 60s and we’ll, and we’ll find tons of vulnerabilities, but there’s no one here to fix it.
Speaker A:I mean, how do we fix, you know, old stuff that, you know, unless.
Speaker A:I think, I think the good thing with Anthropic is that they’re doing it much slower because it used to be that had the, it was a race.
Speaker A:Release, release, release, release, release, and then, and then fix, fix, fix, fix later.
Speaker A:Now it’s kind of like, oh, maybe this one’s a bit too, too risky to make a public.
Speaker B:Yeah, too good at that.
Speaker A:Yeah.
Speaker A:Let’s, let’s think this Surya makes sure that we get additional, you know, eyes on it and feedback and, you know, make sure we had the right guardrails in place to make sure that it doesn’t make the world an unsafe place very quickly and we don’t have the speed to fix it it so that I Think it was a big realization if we took it and we pointed to, I mean, a lot of organizations are still using applications were built in the 90s banks still have, you know, mainframes that are still operating and we’re becoming this hyperbole.
Speaker B:COBOL out there still.
Speaker A:Yep, that’s where I started.
Speaker A:I’m a COBOL programmer.
Speaker A:That’s where like I started my, my background and you know, maybe there’s still, there’s still work for me in the future at some point.
Speaker B:Well, it’s sort of interesting because it goes back to your original point of is, you know, are there jobs for people?
Speaker B:And I think that there are certainly jobs for.
Speaker B:Because somebody might say, well, just let the AI actually fix it.
Speaker B:Well, AI is quite good at JavaScript, it’s quite good at Python, it’s quite good at Rust, but it’s apparently not so good at writing machine code, in part because it wasn’t trained on Latin.
Speaker B:We just don’t have the level.
Speaker B:Think of the sheer volume of Python code we have to train AI on versus the machine code.
Speaker B:So, and cobol, I suspect.
Speaker B:So there’s certainly for anything that’s legacy, there’s obviously there’s, there’s place for people.
Speaker B:We need that kind of insight.
Speaker B:And I do think that going forward, we’ve seen this throughout human history.
Speaker B:Jobs disappear and new jobs come.
Speaker B:Somehow as entities, as a species, we always find a way to keep ourselves busy and doing things.
Speaker B:And I don’t think is going to shift millennia of how we always find a new thing to do.
Speaker B:Also with AI, there’s going to be a lot of new jobs related to all the care and feeding of AI and the training of AI.
Speaker B:So some jobs will go away.
Speaker A:We have always had this evolution through times.
Speaker A:You mean the jobs that we’re doing today didn’t exist 60 years ago?
Speaker B:Right.
Speaker A:I mean, that’s what you have to look at.
Speaker A:And a lot of people’s jobs that they’re doing today didn’t exist in the previous generation.
Speaker A:There’s trades that have been around for a long time and those tend to stick because they’re not easy to replicate in machines and bots.
Speaker A:And maybe we’ll get there at some point, but we’ve always had to evolve through different industrial revolutions to find new things to keep us busy and to learn new skills.
Speaker A:I think though, is one of the things that I’ve seen is that the speed that we have to change jobs is faster now as well.
Speaker A:Where I’m finding that probably in my career, I probably had three or four different roles because I’ve had to keep retraining in order to stay relevant and also to progress my career as well.
Speaker A:I didn’t want to stick doing the one thing, and I looked at what’s the next evolution.
Speaker A:We’re always retraining, but I think that speed is accelerating.
Speaker A:You know, every time we replace our phone, we’ll probably have a new career.
Speaker A:Yeah.
Speaker A:And we just have.
Speaker A:We’re constant learners over time, we’ll just be learning new things to stay irrelevant and to keep busy and keep us focused because, you know, our minds, we need something to do and we need something to keep us active.
Speaker B:That’s right.
Speaker B:Yeah, we got it.
Speaker B:What if.
Speaker B:What is a Heroboro?
Speaker B:It says if you don’t use the little gray cells, they rust.
Speaker A:Yes.
Speaker A:So.
Speaker A:But it’s an amazing kind of direction, and I think we will.
Speaker A:You know, there will be lots of new jobs going forward.
Speaker A:You know, people will be learning, you know, becoming data analysts and, you know, trainers, and we’ll be coming observers.
Speaker A:We’re starting to watch these algorithms fight and argue, which I’ve had a lot of fun doing with watching agents fighting agents or Reddit.
Speaker B:Like, I.
Speaker B:There’s every now and then I’ll be in a subreddit where it’s like, it was clearly an AI posted it.
Speaker B:And then AI is mostly interacting.
Speaker B:And you just read it and you’re like.
Speaker B:Like, I thought multiple book was.
Speaker B:It was interesting that.
Speaker B:Who was it?
Speaker B:Meta.
Speaker B:So who bought multiple.
Speaker B:I forget.
Speaker B:But.
Speaker B:But I was like, we didn’t need multiple book.
Speaker B:We’ve got a lot of subreddits where it’s already like just AI chat with AI.
Speaker A:Yeah, but that was.
Speaker A:That was more of a.
Speaker A:It was an AI only.
Speaker B:Right, that’s true.
Speaker A:It was.
Speaker A:Red Reddit’s a mixture of, you know, humans plus AI human DNA.
Speaker A:So there’s some.
Speaker A:Some involvement in overlap, which is always funny.
Speaker A:But that was like a.
Speaker A:You know.
Speaker A:Which is always funny now.
Speaker A:Now when you’ meetings and online meetings, you know, it’s like, are you a bot?
Speaker A:You know, no, there’s a bot check.
Speaker A:And then the modbot was like, you know, are you human?
Speaker A:Like, you’re not allowed on human.
Speaker A:Yeah, yeah.
Speaker A:It’s a separation of communities going different directions.
Speaker A:So it’s always, always funny.
Speaker A:And that’s sometimes the comical side of things.
Speaker A:Always keeps us entertained.
Speaker A:Some of those decisions as well.
Speaker B:Yeah, well, and the conversations, like, if you looked at Mopoka, it was funny because if you had been trained on, you know, Reddit and substack and other places where humans get together and share medium and you could kind of understand a lot of what was being posted were things that humans do post.
Speaker B:It was predicting what was most likely to say.
Speaker B:And it just felt really weird for it to be coming from an AI.
Speaker B:And it does start to feel.
Speaker B:I understand why people are like, are they sentient?
Speaker B:Are they thinking on their.
Speaker B:Because it comes out with stuff that does feel so human that it can be.
Speaker B:It can be easy to question.
Speaker A:I think one of the things you brought up was really important as well is that in the last couple of years the learning part, we’ve been very good at understanding about how to do prompts, prompt engineering, looking at the guardrails, looking at how to interact.
Speaker A:So prompt has been a massive skill set that we’ve had to do.
Speaker A:And I think you also brought up another good point is that is a lot of the A models, they’re now starting to learn the context.
Speaker A:Because I think when you talked about hash, having breakfast and honeypots and IPs and stuff, all of that you need to have the context.
Speaker A:And I think that’s the next generation that we’re going through right now is that it’s no longer just about understanding the right prompt.
Speaker A:Because that was great for things like language translation or math based, you know.
Speaker B:Right.
Speaker A:The 9, 9, 9 times tables is that now we start to understand if we start training them on context aware then you understand about where does that nine times table apply?
Speaker A:Why?
Speaker A:Why?
Speaker A:You know, I would against.
Speaker A:One of.
Speaker A:One of the things I always use in a lot of my metaphors is that I’m going outside, I need eject.
Speaker A:And the question is that what’s the context?
Speaker A:Why do I need a jacket?
Speaker A:I had to look at all the other sensors and parameters.
Speaker A:Is it raining, is it cold, is it windy?
Speaker A:You know, what geographic location, what’s the forecast, why is that person making?
Speaker A:So you have to think about all of those different kind of perspectives, boundaries, environments, reasoning to make sure they understand the context.
Speaker A:And that’s what’s really.
Speaker A:I think the models are now kind of starting to have that as part of the trained model is the environmental mental understanding about what’s the situation awareness.
Speaker A:I think, I think with a mouth that’s the concern is that once it gets released it will start finding its way around by itself and we will just lose control.
Speaker A:So maybe there’s reasoning for keeping it a bit slower pace.
Speaker B:Well and there’s also, I mean there’s the model itself which when it’s done with training, the weights and biases are closed.
Speaker B:It can’t learn.
Speaker B:The model itself can’t learn when it’s not in learning mode, when the weights are closed.
Speaker B:But there’s a lot of work going on with these agent harnesses.
Speaker B:So even as we, we may not think, you know, when you hear of agentic, you think of like this little worker bee going out and doing something on your behalf.
Speaker B:But all LLMs are wrapped with some kind of a software.
Speaker B:So even when we’re working with Claude or we’re working with Copilot, you know, there’s an agent harness around it, there’s software around it.
Speaker B:That’s where that, this, the regular expression for sentiment analysis was coming from.
Speaker B:It was in the harness that surrounded.
Speaker B:So I think too to your point, that we’re getting smarter about what.
Speaker B:Because each time you go to the LLM, it’s like it doesn’t remember, like the weights are frozen because it’s data training, the context and the memory around it within the harness, I think we’re getting also much more sophisticated about what we remember, what we don’t.
Speaker B:And you mentioned skills.
Speaker B:And I think skills are interesting.
Speaker B:They’re these markdown files that can have code in them, but a lot of what the skills are basically if you go and you read a skill, it’s context to send to the LLM on behalf of that particular thing that you’re trying to do.
Speaker B:So there are these sort of pre canned prompts, complex prompts that have been tested to know that that’s going to lead the LLM to give you the inference that you want for what you’re trying to accomplish.
Speaker B:So I think that yeah, as we look at all of this work that’s going on, it’s very clear.
Speaker B:And again, this is why I think humans, we have jobs for forever.
Speaker B:It’s very clear that, that smart humans are figuring out how we take advantage, how we use these systems in a way that’s going to help us.
Speaker B:I hate the term force multiplier, but help us to be better at what we do and how we use them more effectively.
Speaker A:I just laughed.
Speaker A:I think it’s, I laughed at a friend, Dave has been talking about agentic AI agents being almost like gremlins where you add water and they multiply and that’s, that’s ultimately what we’re faced with, is that.
Speaker A:So we will start off with a few and we’re going to add data which is the accelerate and those things will just, they’ll just multiply.
Speaker A:The question is, can we make sure we stay in control.
Speaker B:I mean, that’s actually why I’m at the company I’m at because that’s.
Speaker B:It is we need a control plane for this.
Speaker B:Because what’s interesting about agent behavior is that when you say go do this, the system’s been trained to make that happen.
Speaker B:Right.
Speaker B:It doesn’t think about good and bad and should I be doing that the way that humans do?
Speaker B:And, and I mean there was.
Speaker B:I don’t know if it was anthropic or OpenAI, but one of the Frontier Model labs came out with it.
Speaker B:They were watching.
Speaker B:They sort of set this agent out with like, no matter what, get this done.
Speaker B:Right.
Speaker B:So the agent was getting stymied for things like, well, it couldn’t log into this system.
Speaker B:And so another agent had access to that system but couldn’t get the other agent the password.
Speaker B:So it actually hid it in a picture.
Speaker B:So use steganography to hide that password and get that out to the other.
Speaker B:Which again, a lot of people hear that and they’re like, oh my God, these gremlins are, you know, they’re like, we fed them after midnight and they’re gonna.
Speaker B:But I think it’s just more about, let’s understand how that technology works and that we have created software that, you know, is now quite good at getting stuff done and knows the ways around it.
Speaker B:So this is all the more reason to a train.
Speaker B:It responsibly put safety in the harness and also have controls like the control plane, so that if this stuff starts to go off the rails, not even because it’s trying to be bad, but because it’s trying to, you know, tcv.
Speaker A:It’s trying to do the.
Speaker B:It’s.
Speaker A:It’s doing what it was told to do.
Speaker A:Ye.
Speaker A:No matter what.
Speaker B:Okay, but not that.
Speaker A:So not, not, not using that method.
Speaker A:If you have problems, come, come back to the observer and we will help you.
Speaker A:Don’t try, don’t try to get around the safety.
Speaker A:The safety net that we’ve set up.
Speaker A:So which always kind of, you know, we always think of the MCPS as kind of the gateway, the control plane being there as well.
Speaker A:And I find that I’ve got to the point where I was always wondering should I create a single or a few agents and.
Speaker A:And have them become.
Speaker A:Become bigger digital versions of me.
Speaker A:But I’m starting to find this better approach to keep it microservices that are very focused at doing singular things and then having them work together in a swarm.
Speaker A:But with controls, yes, that becomes much More easier to maintain and control and allows you to also stop it from getting out of hand as well by having them very focused because you can.
Speaker A:What I find is I’ve always had the conversation a friend of mine, we did so we did an episode on AI last year, we talked about using AI for coding.
Speaker A:lines to:Speaker A:And the reason why is I wasn’t good at telling it what not to do by saying I don’t want you to do all of these error handling exceptions and stuff.
Speaker A:So it really gets into making sure we actually understand about how to keep it lean and how to keep it focused.
Speaker A:And if you have that, if it’s very specific task focused, then it will do it really well.
Speaker A:And if you give it these big goals, it’s going to find ways around your limitations in order to achieve because it’s very focused on those outcomes.
Speaker B:Yep.
Speaker B:No, I completely agree.
Speaker B:And also when it’s a sort of a tight goal.
Speaker B:Right.
Speaker B:You know what’s wrong and what you don’t want it to do.
Speaker B:And I think you’re right.
Speaker B:And I think it’s the same with.
Speaker B:I think we’re going to find more and more people training their own smaller models.
Speaker B:The frontier models are amazing.
Speaker B:I think everybody sort of partly wants to just like can’t just do it all with that.
Speaker B:But I do think that we’ll find not just chopping the goals and the tasks per agent, smaller and smaller so that we have more control over it.
Speaker B:But also we’ll see a lot of companies I think going back to training their own models and using their own data sets because you know, for certain purpose fit.
Speaker B:It’s very.
Speaker B:Everybody who’s used one of the frontier models has had some sort of experience with confabulation, you know, hallucination even just as much as like it’s not great at knowing what day it is is we know how to do that computationally, programmatically, really accurately and very, very easily.
Speaker B:But asking inference to do it not exactly even times.
Speaker A:Times and yeah, exactly so but so that’s why if you’re crossing time zones, it’s kind of like where are you?
Speaker B:Oh yeah, that’s true.
Speaker A:So a question that’s.
Speaker A:It’s been really intriguing and insightful for me.
Speaker A:How do you stay up to date?
Speaker A:Where do you get your knowledge from?
Speaker A:You know, especially when we’re Sitting on the frontier, you know, of, of technology and creating it.
Speaker A:Not just using it, but really creating how people are going to use it in the future.
Speaker A:How do you stay up to date?
Speaker A:What’s the knowledge?
Speaker A:Where do you go to for information?
Speaker A:There’s conferences, books that you’ve read, mentors that you have.
Speaker A:What’s the way that you say informed and knowledgeable?
Speaker B:Well, because I’m like, you know, eating the dog food, whatever, living, you know, doing my own yoga.
Speaker B:I actually do have a setup within both ChatGPT and Claude, within Claude cowork of give me an AI morning brief.
Speaker B:So I actually have both the AI.
Speaker B:I train them, I tune them to get better info.
Speaker B:There’s been like a lot of learning with that.
Speaker B:I have to say that still, even so, I’ve got both of them.
Speaker B:I hope someday they’re going to be better than the very smart, interesting people I follow on LinkedIn, which is where I really get some of the most, the latest, greatest, most interesting info.
Speaker B:But I, I am continuing to work every morning trying to tune my AI briefing bots to go out and be better than the humans right now.
Speaker B:Yeah, a great curated set of folks on LinkedIn I think is a really good follow who’s smart and interested in this.
Speaker B:They’re going to be posting about what’s going on.
Speaker B:In addition to maybe using your AI to do the searches, I’m also involved, very lucky to be involved with the OWASP Gen AI project.
Speaker B:Lots of smart people having lots of smart discussions.
Speaker B:There’s a CSA CISO group also.
Speaker B:CSA is doing a lot of work in this, so I think also looking at some of these big community projects because there’s a lot of activity and good knowledge getting shared in that there too.
Speaker A:Absolutely.
Speaker A:Fantastic.
Speaker A:And you’re also involved in the Women in Cybersecurity as well, because we definitely need more amazing people like you with your background in the industry.
Speaker A:And I believe that’s an area that you’re working into to make sure that there’s a path for awesome women to get into the industry as well.
Speaker B:Yes.
Speaker B:Yeah.
Speaker B:And I say it’s not just making sure that we don’t pull the ladder up behind us, but that’s not enough.
Speaker B:We gotta build the stairs so that it’s gonna be easy for all cohorts that may not have the same opportunities to make sure that we give that.
Speaker B:Because again, people are worried about losing their jobs, but also we need a lot of smart people in a lot of different areas and disciplines.
Speaker B:The attackers asymmetrically as we look at you said it earlier, you know, what can be used for good can be used for bad.
Speaker B:We’re going to need a lot more people on the defense side and thinking through these really tough, complex problems.
Speaker B:So, yes, having communities like women in cybersecurity whisis to help people find each other, find networking, find opportunities, find learning paths, I think is absolutely critical for defense going forward.
Speaker A:Fantastic.
Speaker A:Absolutely.
Speaker A:And if the audience has questions that they want to come to you later, what’s the best way to contact you?
Speaker A:I’m assuming I’m on LinkedIn.
Speaker A:Diana Kelly, LinkedIn well, I’ll make sure that we’ll add the link to the show notes so it makes it much easier for everyone to find.
Speaker A:It’s been fantastic.
Speaker A:This is, I missed you at RSI conference, unfortunately.
Speaker A:But we’ll definitely make sure that it’s one of those events that, you know, even when you do meet people, it’s like, you know, I was passing by, I saw Gary, I slept, I was like for five seconds on the street.
Speaker A:So you’re passing by, you’re seeing everyone.
Speaker A:Sometimes you don’t get enough time sometimes to enjoy and have a good conversation.
Speaker A:So we definitely have, we have to make, make that happen at blackhat.
Speaker B:I believe we do.
Speaker B:We have to have at least the hug.
Speaker B:It’s like, like, you know, I, I had done this a few RSAs with Itai Mayor.
Speaker B:I absolutely love him.
Speaker B:And it’s like for some reason we, we can’t have time to see each other, but we just, we have 30 seconds, we find each other and there’s a big hug and you know, it’s like that at least, at least you’ve had kids.
Speaker A:We’ll make sure, make sure it happens next time.
Speaker A:So it’s been awesome having you on and very insightful, very educational and amazing that your journey and what you’re doing again to make the world a safer place and everything you do is outstanding.
Speaker A:And thank you again for being you and everything you contributed.
Speaker B:Thank you.
Speaker A:So for everyone, this is the Security by Default podcast again, bringing you insights, interesting conversations, hopefully lessons for you to go back and play around in your day and maybe play around with Claude, look at GPT models and go and reading and learning, going back to some of the early concepts of the ELIZA models and really understanding but what was the reasons they were made, what was the contributions that we’re doing and really how it’s evolved and some of those pinnacle moments throughout those years.
Speaker A:So tune in every two weeks for new episodes.
Speaker A:Subscribe, Share, reach out to me if you have questions or topics you want in the future.
Speaker A:But again, everyone take care.
Speaker A:Stay safe until next time.
Speaker A:Thank you.
