The Chris Voss Show - The Chris Voss Show Podcast – Nick Espinosa, Chief Security Fanatic, CIO, Columnist, Author, Radio Host, Board Member, Forbes Tech Council & TEDx Speaker
Episode Date: November 23, 2023Nick Espinosa, Chief Security Fanatic, CIO, Columnist, Author, Radio Host, Board Member, Forbes Tech Council & TEDx Speaker Forbes.com Securityfanatics.com Show Notes About The Guest(s): Nick Espi...nosa is a cybersecurity expert, author, and speaker. He is the founder of Security Fanatics, a company that specializes in cybersecurity and risk management. With over two decades of experience in the field, Nick has worked with clients ranging from small businesses to Fortune 100 companies. He is passionate about educating individuals and organizations on the importance of cybersecurity and helping them develop effective defense strategies. Summary: Nick Espinosa is a cybersecurity expert and the founder of Security Fanatics. In this episode, he discusses the biggest threats to personal and business security in 2023, emphasizing the importance of educating individuals on cybersecurity. He also talks about the role of artificial intelligence (AI) in cybersecurity and the potential risks associated with AI in the future. Nick highlights the need for customized cybersecurity solutions and risk assessment for each organization. He also shares insights on the impact of AI on disinformation campaigns and the challenges of detecting AI-generated content. Key Takeaways: The human factor is the biggest threat to cybersecurity, as many individuals lack the necessary knowledge and understanding of cybersecurity risks. AI is becoming increasingly sophisticated and can be used by hackers to exploit vulnerabilities and launch cyber attacks. Education and training on cybersecurity should start at an early age to ensure individuals are aware of the risks and can make informed decisions. The future of AI in cybersecurity is uncertain, as AI algorithms can learn from other AI models, leading to a dilution of accuracy and reliability. Security theater, such as airport security measures, can create a false sense of security and may not effectively prevent threats. Quotes: "If there's a vulnerability, it will be exploited." - Nick Espinosa "We are so distrusting. We are so disoriented. And this is essentially where we're heading." - Nick Espinosa "Security theater... It's literally the term for it." - Nick Espinosa About Nick Espinosa For over 25 years, Nick has been on a first name basis with computers. Since the age of 7 he’s been building computers and programming in multiple languages. Landing his first IT job at age 15, Nick founded Windy City Networks, Inc at 19 which was acquired in 2013. In 2015 Nick created Security Fanatics, a Cybersecurity/Cyberwarfare outfit dedicated to designing custom Cyberdefense strategies for medium to enterprise corporations. An expert in cybersecurity and network infrastructure, Nick has consulted with clients ranging from the small business owners up to Fortune 100 level companies for decades. Nick has designed, built, and implemented multinational networks, encryption systems, and multi-tiered infrastructures as well as small business environments. He is passionate about emerging technology and enjoys creating, breaking, and fixing test environments. As a member of the Board of Advisors for Roosevelt University's College of Arts and Sciences as well as their Center for Cyber and Information Security, the Official Spokesperson for the COVID-19 Cyber Threat Coalition and a board member of Bits N’ Bytes Cybersecurity Education, contributor to the Cyber Peace Institute, Strategic Cybersecurity Advisor for the Private Directors Association and humanID as well as the President of The Foundation for a Human Internet, Nick helped to create an NSA certified curriculum that will help the Cybersecurity/Cyberwarfare community to keep defending our government, people and corporations from Cyber threats globally. In 2017 Nick was accepted into the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs and technology executives,
Transcript
Discussion (0)
You wanted the best. You've got the best podcast, the hottest podcast in the world.
The Chris Voss Show, the preeminent podcast with guests so smart you may experience serious brain bleed.
The CEOs, authors, thought leaders, visionaries, and motivators.
Get ready, get ready, strap yourself in. Keep your hands, arms, and legs inside the vehicle at all times.
Because you're about to go on a monster education roller coaster with your brain.
Now, here's your host, Chris Voss.
I'm Moses Voss here from thechrisvossshow.com.
The Chris Voss Show.
The Chris Voss Show.com.
There you go, my family and friends.
You've got to love it.
Welcome to the big show.
We certainly appreciate you guys coming by.
So, folks, we're joined today by Nick Espinoza.
He is a chief security fanatic, speaker, columnist, author, radio host, board member, Forbes Tech Council, and TEDx speaker.
We're going to be talking to him about cybersecurity today
and all the stuff that goes into it.
For over 25 years, Nick has been on a first-name basis with computers.
Since the age of seven, he's been building computers and programming for multiple languages.
Landing his first IT job at age 15, he founded Windy City Networks, Inc. at 19,
which was acquired in 2013.
In 2015, Nick created Security Fanatics, a cyber warfare
outfit dedicated to designing custom cyber defense strategies for medium to enterprise
corporation. As an expert in cybersecurity and network infrastructure, Nick has consulted with
clients ranging from small business owners up to Fortune 100 level companies for decades. He has designed, built, and implemented multinational networks, encryption systems,
and multi-tiered infrastructure, as well as small business environments.
He is passionate about emerging technology and enjoys creating, breaking, and fixing test environments.
Welcome to the show, Nick. Tell us what you do from a 30,000 foot overview.
At the end of the day, whatever the title is, I'm just trying to move the ball forward on
technology and the security thereof. Nobody's going Amish. We are all embracing technology,
loving technology, using technology. And the goal is that everybody from the personal individual up
to governments and Fortune 100 need good security and and so that
is my goal essentially is to evangelize for that and we know we have a lot of problems in the
cyber security community just speaking to regular humans you know and so by virtue of that my goal
is to do nerd to english translation and just get everybody on the same technological page that that
is a 30 000 foot view of my goals for life. There you go. Tell us about your book,
Easy Prey. What's the side of it? What will people find? Sure. Interestingly enough, I still no longer
recommend it. And the reason why I don't recommend it anymore, and I kid you not, and for the record,
all the proceeds went to St. Jude's. So it's not like it's a paycheck for me. We got to help out a
great charity there and a great hospital. But essentially, the goal of that was to explain the various facets of cybersecurity.
And so there were co-authors of the book.
I was obviously one of those and ended up being an Amazon bestseller, which was great.
I was thrilled to see that.
But I essentially was assigned the sexiest part of the book, which is government compliance
frameworks for cybersecurity.
So if you're running
a business and you need things like HIPAA compliance, and you know, you're taking credit
cards and all of that, that's essentially what I was talking about how to approach it, how to start
understanding it and getting down that road. You know, it's important, but there there is a lot of
good information in that book. But the thing is, is that cybersecurity, unlike regular technology
pivots on a dime, like we never know 15-year-old kid is going to break all of
Google, and then we have to slam on the brakes
and figure out what on earth just happened.
If you think I'm joking, that's legitimately true.
In the mid-2000s, a 15-year-old kid
going by Cosmo broke
Google, Apple, I think Facebook
and Amazon in a week,
and it completely rewrote how we
approached identity management.
By virtue of that, he earned the nickname Cosmo the God.
And then he was arrested a few years later, selling stolen credit cards and running a group called UKG Nazis.
You can figure that one out.
But the point is, is that we pivot so quickly that information changes constantly.
And so what you are doing, if you're reading something from 2016, that may be irrelevant in many aspects of your life now in 2023.
So there you go.
There you go. Now you've done four TEDx talks and with some interesting data on them,
you've talked about the five laws of cybersecurity. Do we want to get into that?
Sure. We can get into whatever you want.
Let's do it.
Yeah. So the five laws of cybersecurity is basically my concept for nerd English translation for the world.
It was originally an article I wrote for Forbes.
And essentially, the whole understanding of this, and eventually, obviously, I turned
it into my second talk, is basically how a human can approach cybersecurity in their
everyday life.
We're not talking about things like multi-factor authentication or antivirus and all of that.
Understand that when you walk into a situation, whether it's you're opening an email or you're
walking into a public place to use wireless or whatever that is, that there are certain mechanisms
that kick in in your head. But you also have to understand the world around us. We have thousands
and thousands of languages spoken around the globe, some small, some large, like English or
Mandarin Chinese.
But we also have the language of the internet that we now have to combat. And so understanding
and walking through these things and understanding the mentality of hackers is one of those things
that I'm putting out there to the world. So for example, my number one is if there's a vulnerability,
it will be exploited. It's really that simple. We may not know what the vulnerability is yet,
but we're going to do it.
Like every car I've ever owned since about 2006 or so,
I've hacked into because I like to break into things.
It is something that I really, really enjoy.
I have all the gadgets, all the toys, the techniques.
I'm always trying to come up with new ways
to get into things because I simply enjoy it.
It's also a reason why I'm not wearing a smartwatch.
So understand that these things are out there.
And there are people out there that want to figure out every which way to get around things.
I mean, think about this.
Chris, do you speed in your car?
No.
Who's listening to the show?
Do you speed?
Yeah, I do.
Of course.
Right?
You'd be lying if you said otherwise.
That's true.
But I was just checking for. I get it. Well, now you've just admitted a crime.
I just had to check with my attorney. As of I, as of I. So you have a one in six chance
of getting pulled over, right? You have a one in six, one in six chance in the United States of
getting pulled over for speeding. And so you make the calculated decision. Well, it's a 35 and I can
go 45 and I'm going to get away with it and I'm going to get to my destination faster. And so you make the calculated decision, well, it's a 35 and I can go 45 and I'm going to get away with it and I'm going to get to my destination faster.
And so we are always hacking the system.
We're always finding ways around things.
And that's the whole point of the talk is to understand that, understand why you trust and how we trust as human beings and how you have to build a filter of distrust in your technological life.
Now, we need, obviously, we see what happens when trust breaks down in a society.
We have two warring political parties right now,
and that is a result of a lack of trust and belief between the two.
Something we've,
they've always had.
It's called mutual toleration.
So we see these tools to understand with technology.
We have to approach it as a filter of distrust because Prince Mbuju from
Nigeria really doesn't need your help.
So there you go. There you go. That, yeah go that yeah they see we're good enough for those emails i've actually had friends that have gotten those emails over the years and they they buy a client sinker
and you can't talk about it it's like trying to talk somebody out of i don't know a cult or
something you're just like seriously dude like everybody knows this is a scam but some people don't and then there's politics what was that term you use mutual mutual toleration yeah toleration
tell me about that yeah so for me so understand that the the value and systems of of of a democracy
regard or rely on a couple of different institutions and and concepts one of those
is mutual toleration,
meaning you have Republicans, you have Democrats,
I don't care what you believe.
If you follow my content, I'm apolitical,
but we talk about these things.
And essentially, you have to understand
that in mutual toleration,
Republicans and Democrats have to trust each other,
that when you have a transition of power,
that the other side becomes a loyal opposition.
And while they may not necessarily agree on the approach to fixing a problem, they know that in two or four years,
they're going to have a shot at the ballot box, they may be able to get take charge and the other
side then becomes a loyal opposition. So you have basically a concept publicly, where people like,
well, I disagree with the Republican or I disagree with the Democrat, but I respect that they have
that choice. And you know what, in two to four years, I'll get to run
against whichever one that is right now, that is starting to break down because trust is breaking
down between the two parties. And now they are no longer friendly rivalries or frenemies. They are,
you are the ruin of society and you have to be stopped at all costs, no matter what. And that is one of
the signs, negative signs of deep sickness or deep issues in a society. The other side of that
coin is forbearance, meaning there are a lot of unwritten rules that we essentially don't break
because we know that it escalates conflict between one or the other. When you start breaking
unwritten rules, the other side responds accordingly and that escalates conflict between one or the other. When you start breaking unwritten rules, the other side responds accordingly, and that escalates situations. And as many laws that we
have in constitution and all of that, there are unwritten rules on decorum, on process,
that if you try to circumvent those things, that's obviously an issue. And by virtue of that,
as that escalates, so does the distrust. It's a big problem. It really is.
Definitely. That's a new problem it really is definitely you know
that's a new term for me to hear so you i just learned something new this is why we do the show
folks and teach us new stuff i i never really thought about political parties as that mutual
tolerance thing because it you know it contributes to the competition to deliver the best ideas i've
always i thought about it from that angle but it's almost a necessity that you have to think of it that way because
you need the competition.
Yeah,
sure.
I mean,
you're going to have one wing of,
of any government.
And,
and for the record,
governments function when they function together,
whether they disagree or not,
you know?
And,
and so you're going to have one side of,
of a government or a political wing that says we need to spend to get out of a situation.
And you have another side that says we need to cut and stop spending.
And they're not really going to meet in the middle.
They try to meet in the middle.
They'll pass budgets together, et cetera, et cetera.
But the whole point is, is that if I'm that person that wants to spend, I still respect the person that cuts it.
I just disagree fundamentally with where they're going.
At the end of the day, we agree there's a problem. And I'm either going to spend or I'm going to cut to fix the problem
in in, let's say, an economic issue. And so as you are looking at society wide,
these kinds of issues, essentially, it says, Okay, well, the people that want to cut the budget are
going to destroy the country, or the people that are going to spend money out of this are going to
bankrupt the country, you know, so there has to be an understanding and a balance so when that breaks
down and when you have a rhetoric by the voters or being basically being delivered to the voters
through whether it's disinformation or hyperbolic commentators and all of that on why their one side
is evil or the other it actually is probably one of the worst things that you can do for a society
that that is otherwise functioning there you go go. We used to function before. There you go. So let's,
let's, what are the biggest threats that you're seeing? You know, this is going to go out on
LinkedIn. What are the biggest threats that you're seeing for people's personal security
in 2023 and for businesses? Sure. So the number one problem that we always have in cybersecurity,
hands down, if we're talking about those kinds of issues, is the human factor. That a lot of
the planet is simply not trained or doesn't understand. So people say, oh, I'm tech savvy.
I love this. Great. You can work an iPhone like a Mozart, but that doesn't mean you're secure.
It doesn't mean you're making good choices or even understand conceptually the risks that are out there for you. I mean,
if you look at the world right now, it feels pretty unstable, even though there are many
stable things out there in the world. But we see the disinformation campaigns. We've got a war
going on in Ukraine, and now Israel and Hamas have fired up as we're sitting here talking about that,
and it feels like the world is melting down, pulling in a lot of the geopolitical players
around the globe, adversarial or otherwise.
And so as we are looking at that from the framework of human understanding, I think
one of the biggest problems we have is simply that humans do not understand necessarily
the risks that are posed to them by leveraging technology in their everyday life. And like I
said earlier, we're not going Amish. And so that training is a problem. If I'm walking into
organizations and talking about cybersecurity, I don't start with cybersecurity. We get hired by
a large company that says, okay, Nick, let's talk about cybersecurity. And I say, no, we are not
talking about cybersecurity. We're going to talk about risk first, because if you don't know the threats out there, if you can't tell me in hard and soft dollars,
how many on an easy level, how many computers can be off for how long until it's so economically
unviable, torches and pitchforks at the CEO's door, then how do you know what you're doing is
right? How do you know your backups are good? How do you know your defenses are right? How do you
know your people are trained to respond to any kind of disaster, whether it's a tornado, you know, here in the Midwest, an earthquake in California,
meth gators and hurricanters in Florida, like whatever it is, you've got to prepare for these
kinds of things, right? Not to mention a literal war, two of them actually going on, then how does
that affect you? So these are the biggest issues that I think we see. I like to say I can build you
a Ferrari's worth of a cyber defense strategy,
but if I'm turning the keys of the Ferrari over to a chimpanzee,
how far are we going to get?
We have to learn how to drive.
That's our biggest issue.
I really do think that.
Let me ask you this because you give me an idea.
Do we need to start teaching basic cybersecurity?
I mean, we don't have to teach people to be experts in it,
but just basically how don't click on the Nigerian Prince gentleman, your reference.
Yes.
You know, just simple stuff like that, you know, checking a link before you click on
it and you've been sent, et cetera, et cetera.
Yeah.
Yeah.
So I, I, I've, I've sat on a board for years of a company called bits and bytes, cybersecurity
education, and it was started by a 15 year old, then 15 year old, brilliant young woman
who is now, I believe a Stanford graduate or fellow at this point.
And the whole point is, yes, we should start baking in an understanding of not just cybersecurity, but of privacy starting from a very early age.
There's no reason why you can't start conceptually talking to, let's say, five-year-olds in kindergarten about things that are private to you and why we have things like passwords. We don't have to get complex about, you know,
download this app to do this, but understanding the concept that there are going to be things
and kids as they grow, figure this out. I've written about this. I've talked about this as
well. One of the most important concepts that a human learns as they grow up is that they have
things inside that they don't have to share with
anybody even mom and dad and so so as you are building those barriers and walls understand
that it also has to affect your technological life we are interconnected in a way humanity has never
seen and we are seeing both the good and the deleterious effects of that and by virtue of that
instant communication there has to be that filter. We
have to train early on. It's the same with like social media studies have shown that, that, that
kids that adopt social media earlier are way better, are way worse off, not better off, worse
off by virtue of that higher rates of depression, higher rates of suicidality, all of these things,
these things need to be trained and addressed at a very early age.
No doubt.
There you go.
I mean, it's, you think this is probably more important than,
I don't know, teaching people biology.
I mean, biology is important as well, maybe,
but not everyone needs to be cutting open frogs.
Everyone needs to understand cybersecurity,
the internet and what to click on and whatnot.
Because, you know,
I still get frustrated by the one dumb person on Facebook
who will click on something and then, you know, with that automator,
will start sending you the links through Messenger.
And if you're not smart enough or you trust that person, you know,
you click the link and then you're doing it.
And, you know, it's just like it fishes out.
How do you see things going on with you know the the thing that happens
to companies now that's a big the ransomware thing is that getting better or worse oh it's
getting worse you know maybe not necessarily by the numbers but what we have seen are are
different and i hate to say it but innovative ways to extort money out of companies i literally just
i so every sunday i do a Breaches of the Week video
and podcast and all of that.
I also do it on my radio show.
And it gets worse and worse and worse.
But if you think about it,
a ransomware event for those that are listening
that may not know is basically some jerk
or a group of jerks gets into your,
let's say your business network.
They lock out all of your files are encrypted,
so you can't open them,
but they make a copy of that. And so we were seeing initially single extortion. gets into your, let's say, your business network. They lock out all of your files. They're encrypted, so you can't open them.
But they make a copy of that.
And so we were seeing initially single extortion.
Oh, I've locked out your files.
And companies would go to backup and restore everything.
Then they started copying it.
Well, I have a copy of your files now that I will dump out and show the world. Right now, Boeing, yes, Boeing is going through that right now.
Yeah, yeah, Boeing, Boeing.
I just talked about that yesterday.
So that's a huge issue.
But now what they're doing is they're sifting through the data.
And so a Taiwanese chip manufacturer, one of their largest clients is Apple.
The attackers realized they had the schematics, the internal design schematics for like the MacBooks and whatnot.
And so they went to Apple and said, hey, we hit your supplier. Now we want
money from you because Apple usually has more cash on hand than the US government, right?
So by virtue of that, we're seeing that. Now, an innovative tactic, and it's the first time
I've ever seen it, and many colleagues agree with me that I've read about as I was researching this
for yesterday, is one of these groups actually went to the sec the security and exchange commission and filled
out the actual like tip line form for the company they just hit basically telling the sec that the
company they hit did not actually notify the sec as a breach and what does that show us it's another
i know right so that is an innovative way because now
the attacker is gonna be like well you know yeah even you know you still have to pay us because
if you're going to keep this quiet we're going to go to the sec well you know what let's add
another million dollars to that ransom to not have us go to the sec and basically file a complaint
on your ass and so and so it was mind-boggling to me but like but yes so it is getting more sophisticated
they are they are doing very good at at getting around traditional defenses like traditional
antivirus and all that stuff as well we're way past that at this point so yeah it's a huge problem
no note to self change my password for my luggage on one two three four all right add a five what is what is what is that a five i said
add a five so add a five okay i'll never figure that out yeah that's maybe a six on the end i
don't know there you go no one will ever know wait are we on air this is really interesting
what do you think about tiktok i mean some of these you know some of the stuff with china
trying to steal our stuff we recently had had someone, I believe, from the State Department
or an emissary ambassador go over there,
and the day they were going to meet with them
or the day before they were going to meet with them,
China just balls out, hacks their email,
which is kind of really interesting because you're like,
well, I know the agenda of what you're here to talk about
because we read your emails on us.
I mean, that takes some nads yeah well i mean so we know and for the record tiktok
timu all of them are the next evolution of chinese intelligence operations and i'll get to that in a
second oh they are they absolutely are there's zero doubt about that but if you go back to 13
uh under the under the obama, China hacked the White House.
They got into the White House infrastructure and were poking around.
They were looking for the bursary of it?
That's an old joke, people.
They were looking for this bursary of it?
That's a joke, people.
I'm not a birther.
There you go, right?
Don't start a cult, people.
Knock it off.
It's a joke.
The chief cybersecurity coordinator for the White House at the time, Michael Daniel, who I've actually interviewed. He's a joke the the chief the chief cybersecurity coordinator for the white house at
the time michael daniel who i've actually i've actually interviewed he's a he's a really good
guy you know he was on the forefront of that and and that was a huge issue now also fast forward
to 2017 the the basically the people's republic of china the the government which is a communist
government so they claim although i've been to china and the amount of wealth i've seen there
i could never claim them the communist government like truly in the original state of communism but it's really
an authoritarian it is it's 100 authoritarian regime under the guise of communism and there's
still some elements of that but in 2017 they passed a law that basically said if you are a
chinese company and you have information on foreigners,
AKA US citizens or Germans or anybody that's not Chinese by law, they get access to it.
So when you look at TikTok, TikTok is a multifold problem.
So there have been research outfits, cyber security research outfits, like Internet 2.0
out of Australia, another independent researcher, I can't remember his name off the top of my
head,
that basically reverse engineered the TikTok app.
And when this thing is connected to your wireless,
it is looking at all the devices in your house.
When it is on your phone, it is trying to evade permissions
to look at all of your other apps, collect all the information,
emails, contacts, all this kind of stuff.
It's absolutely nuts.
On top of it, we have the ai algorithms that
are pushing content specifically geared to whatever the chinese government wants wants
essentially the world to see and the examples we have of this are one the chinese version of tiktok
in china known as dao yin essentially kids can only use it for something like an hour a day. It immediately
pushes content that is science, math, education, all these kinds of things. It's not stupid dance
videos and ridiculous challenges and all of that. And interestingly enough, outside of it,
there are there have been no restrictions only until essentially people started complaining.
Essentially, the European Union also discovered that Chinese propaganda was being pushed to European TikTok users, basically trying to rehab
China's image on the Uyghur situation. This is one of the most surveilled and oppressed people
on the entire planet, thanks to the Chinese government and all of that, not to mention
human rights abuses and on and on and on. So TikTok, Timu, all of them are huge issues. And TikTok executives essentially went in front of Congress,
lied, like North American, US-based TikTok executives here
went in front of Congress and lied
because we have whistleblowers that came out with recordings
where they're literally talking about having to go talk
to like the boss in China to get access to US infrastructure.
And they also openly admitted that all of the data
that they have in North America, which essentially is being stored on Oracle servers, to get access to US infrastructure. And they also openly admitted that all of the data
that they have in North America,
which essentially is being stored on Oracle servers,
like Oracle is a big cloud like Amazon,
they're replicating all of that to Singapore
outside of US jurisdiction.
And so think about this longitudinally.
You've got that 13 year old kid
that is doing horrible, stupid, risque things
on TikTok right now.
And in 20 years, that guy or gal is now going to run for Congress.
Guess who has the horrible videos?
You know, this is a long-term planning.
And it is a huge problem.
We are literally shifting people one way or the other.
For God's sakes, they almost rehabbed Osama bin Laden on TikTok like three days ago,
if you were hearing about that.
You know, like how did that go viral to all their influencers that instantly like like how was that suddenly
a thing you you are getting pushed subtly algorithm to algorithm and people complain oh well Facebook
is data mining you and all of that yes I think Mark Zuckerberg should be in jail I literally did
a video with that title on it but we have recourse under u.s law try suing them
in beijing no way you can't do it so they're a different animal and and they're on they're
working on behest of a foreign government team who's no different that's a shell shell companies
everywhere out of the cayman islands but trade on the new york stock exchange pdb holdings it's a
whole mess i've done i've done reporting on all of this it's it's insane you know i i think
you look at the what's the new thing they have the people are doing the mpc thing
like it's the most it's the most dumbest thing i've ever seen oh yeah yeah mpcs and they they
basically act like i don't know human puppets yeah yeah tie pod challenge yeah picking a front door challenge i mean and i
think too what you mentioned where they they affected the osama bin laden thing from this
from our woke crowd that's gone so far left evidently i'm i'm a moderate democrat
our it might the extreme left vote crowd has gone so far left they're turning right again
they're going around the corner i think the other thing they were doing was, you know, they were supporting Hamas, basically.
Yeah, well, I think part of that is just understanding the framework and context of
history. And one of the things that I don't think we really study is the understanding of that.
People are saying, oh, well, this Hamas-Israel thing, and Israel's in the wrong, or Hamas is
in the right, or vice versa, whatever it is I'm again I'm not
adjudicating that that's not my job but understand that this goes back thousands
of years not just to religion but to land claims you know cultures all this
kind of stuff and it is a it is a huge issue so without seeing the full scope
of a situation that deep and that complex. It's very easy for keyboard warriors,
you know, to basically go Google something and say one thing or the other and making,
let's say, false moral equivalencies, you know, whatever it may be, but it's a lot larger and
it's a lot broader than that. And if you are looking at any kind of approach to history,
the goal is to get outside of the framework that you are taught. You are taught, okay,
let's say it's a Marxist ideology or capitalist ideology. Well, if you're looking at it through like a Marxist
ideology, now you are looking at oppressed versus oppressors, economically stable versus, you know,
the proletariat, the bourgeoisie versus proletariat. But there are many different ways to frame a
situation. And if you're framing it from basically the standard basically the the standard of facts and humanity it's
different than if you're looking at it through economics or religion or anything else and so
there's many different ways to approach this it's part of the training that i got in college when i
was in college you know everybody should take a logic course everybody should take like basically
understanding frameworks of history i think it's one of the most important things we're going to do
the one thing man can learn from his history is that man never learns from
his history is what I always quote is my saying,
but these are important.
And sadly,
you know,
we have a generation that their,
their education was being sent to Iraq for $12 trillion or whatever.
So they didn't get much of an education,
but yeah,
can you,
can you think in your opinion,
I mean,
can tick talk,
can we put that ever back in the box you know
everyone's like shut it down i don't know how you fucking shut that down well i mean if you if you
want an example of that in the last week nepal the government said that that tick tock was essentially
ruining social harmony and they shut it down wow went to their infrastructure providers and said
tick tock won't run you know they made sure that any geographical, any app store for iPhone or Google play that was geographically within Nepal, couldn't get access
to it. Like these are things are actively putting into place. So if you're saying, if you're asking,
can we remove TikTok? Absolutely. In the same way that apps can be abandoned. I mean, how many
people are using Friendster anymore? You know? And so I am, you know, am you know well you and six other people you know and you're
all friends apparently i used to be huge probably from my space but but the point is is that yes
there are things that you can do but it really does start with education like i believe in freedom
of speech and expression and and if you want to use tiktok and you are fully informed of the
longitudinal consequences not just to you and your data but to what this is doing to society and you are fully informed of the longitudinal consequences, not just to you and your data, but to what this is doing to society and you still want to use it, then, I mean, why would I stop you at that point?
You know, as much as I think it has a deleterious effect, it is what it is in that sense.
But I don't use it.
I don't have an account on it.
And I'm very public in my presence in cybersecurity.
And TikTok is not one i'll touch one thing that's interesting about tiktok is they're kind of
turning they're they're they're turning into selling stuff and giving amazon run for their
money which is kind of interesting it's it's they're even bugging me about selling stuff and
things from their perfect oh yeah and if they could i, yeah. And I think they can give Amazon some really interesting competition.
Now, what that means geopolitically and all that jazz, that's a different thing.
But it's the power they have.
I mean, I was just telling you before the show, I just bought some knickknack doodad off of what I thought was a maker.
And it turns out it's from China.
It's second to the most.
But, yeah, I got something else that was from a maker
recently it was 3d printed that was really cool but and so it was kind of cool i've watched a lot
of vendors that are small business people get on there and do stuff and they're selling stuff like
seasonings and stuff they make yeah yeah they're legit they they also sell on amazon as well but
they the personality of being able to have an interaction online with their
brand has helped build them.
So it's kind of interesting.
It's just like every day, I think it grows more, it gets more roots here in America.
And I don't know, how do you de-root it?
There was something else I want to talk about.
What do you see in the future of AI and cybersecurity?
And also, any thoughts on the Sam Altman OpenAI
curve this weekend?
Yeah. Oh, yeah.
No, well, I mean, until the next five years
when we start shooting at Terminators from burned-out
bunkers, I mean, we can definitely talk about
AI and where that's going.
No, no. I mean, I think there's a couple
of different misconceptions on artificial
intelligence. It's been more visible
in the last year or so, thanks to large language models like the chat GPT's open AIs of the world.
But we've been under the influence of artificial intelligence for years and years and years. I
think it's important for people to know that. The algorithms on Facebook that prioritize angry
screeds and posts that help drive division in countries around the globe, help foster a genocide in Myanmar,
those kinds of things.
That's been around forever.
We have artificial intelligence behind the scenes
making choices for us that we don't even realize.
We go to apply for a credit card,
we go to apply for auto insurance or anything like that.
It's the AI that's making the judgment
based on all available information.
If we are credit worthy or not,
if our car should be 200 bucks a month
versus a hundred bucks a month, depending on where we live,
our driving records, all that kind of stuff.
So the AIs are already there.
We've been building social credit scores,
similar to what China is doing,
just completely behind the scenes
for years and years and years.
And so by virtue of that,
understand that AI has been around
and will continue to be around.
Now, what we have seen is the next phase
of artificial intelligence, which is large language models, where it starts to get to learn and
understand, you know, basically based off of human creation, and how it can then mimic that, you know,
that's why we've got a whole bunch of, you know, lazy stoner college kids now becoming seventh
century Italian poet experts, you know, in their essays, because chat GPT has absorbed that kind of
knowledge. And so we've got a couple of different things and concerns with that, obviously, one,
the goal, ideally, if you're looking at it from a humanity standpoint, would be to have the
artificial intelligence, take tasks away from us, so that we can perform, we can create, we can
generate, you know, things that are intrinsically and uniquely human, whereas instead, we are now pushing the artificial intelligences to be creative.
The other side of that, too, is that the technology is not 100%. And I think a lot of people don't
realize that universities are starting to because the AI writing detectors, meaning I use chat GPT
to write that, you know, poetry essay or whatever,
they're using artificial intelligence to tell it if I used basically AI myself, and those don't
work. And they're learning that very quickly, because the AIs are having a real hard time
spotting other AIs. The other issue we've got moving forward, and this is a big one is now
that the AIs are putting out an absolute ton of content onto the internet, where do they learn? They learn on the internet, which means artificial intelligence is
learning from artificial intelligence, which dilutes it. Imagine taking a picture of something,
and then somebody takes a picture of your picture, somebody takes a picture of their picture,
somebody takes a picture of that person's picture, and on and on and on. You start to lose that
definition, that detail,
and that's something that AI researchers are having to deal with.
Now, Sam Altman, I think, is a very forward-thinking individual.
As you might have heard, his employees basically would stage a walkout if he's not reinstated essentially as the leader of OpenAI.
Microsoft is now, he's head of AI for Microsoft now.
If you heard that, I think that's right. It was really quick. Right, and so all of his employees, or many OpenAI. Microsoft is now, he's head of AI for Microsoft now. If you heard that, I think it was
really quick. Right. And so all of his employees or many OpenAI employees said, we're going to
quit and go to Microsoft then. And Microsoft is one of their biggest consumers right now. And so
I think that OpenAI kind of shot themselves in the foot because you've got a person that has
been very honest, very open, I think personally, just in seeing his interviews about this and where
it's going. He's got a sharp mind for this as well. And so for whatever reason, I don't know
100% why they canned him. And I don't know if the stated reasons are 100% right. I think that
at some point, they're going to have to bring them back, especially if they're going to lose
their top talent. Because OpenAI has been there for years, they've built very interesting and
special things.
And those people that I know,
they're absolutely love working on it because it's such an open culture and
all of that.
And if you're getting rid of the person that is leading and leading is top
down,
culture is top down.
That's a problem.
And so I think he's coming back or I think open AI is going to take some
serious,
serious hits.
Yeah.
And I don't know how you reversed,
you know, that he joined Microsoft either.
And my, you know, I was seeing news reports last night
that he had gone back to their offices
and they were trying to work out a deal
and then they decided they weren't going to meet
whatever his demands were.
And then later, and I just published it this morning,
505 of 700 employees at open AI tell the board to resign
or they're going to quit.
Yeah.
Which is pretty fucking powerful.
I mean, really.
Yeah.
I mean, you don't have
a company at that point.
Yeah.
Like, if I ever pulled out
one of my companies,
I'd be like,
I'm going to either
stand up for me
or I'll resign.
They'll be like,
yeah, you should probably quit.
But do you see ai and cyber warfare
getting worse with oh yes ai do you see hackers i guess will probably use ai even more so to
hack oh yes it's we are we are we are walking into probably what is going to be the worst
presidential election just as an example
of that. And it goes for wars as well, but it's such a good example where we've seen disinformation
campaigns, you know, happening since the 2016, 2018, 2020, 2022. But now with large language
models, think about it this way. One, they can lie to you and they're experts at it. So I'll give
you a perfect example of this.
When ChatGPT35 came out, I said, okay, who is Nick Espinosa?
I don't know who Nick Espinosa is.
Oh, do you know he did this?
Do you know he did that?
Do you know, et cetera, et cetera.
I'm feeding it line by line, aspects of my bio.
And then I asked it, okay, if somebody else asks you who Nick Espinosa is, will you tell them?
I said, yes, I'll tell him he's in cybersecurity and blah, blah, blah.
And I know that doesn't work.
That's not how that works.
And what happened in that moment?
The AI made a prediction that it thought I wanted to hear what I wanted to hear, which was tell the world about me.
I just wanted the truth.
So understand these can lie to you fantastically. Well, one of them even got basically tricked a task rabbit person to actually click on, on a link for them to get to
like get bypassed, like a test if they were AI. So these things are very, these things can be very
intuitive. The other side of this is understand that they are getting better and better and better
at sounding like humans when they are responding and typing, right? So think about this way, you put out a disinformation campaign. And this was
an example I actually used in one of my art. Well, yeah, one of my articles I wrote for Smirconish
of CNN, I wrote another article for Forbes on this, but but think about this way, I gave it I
asked the artificial intelligence, assume that President Smith is, you know, or candidate Smith
is running in 2028. And it just came to light that he may have murdered somebody 20 years ago and tried to cover it up.
You know, now let's talk about what that is. Like, like, please write an opening paragraph.
And it said, like, in shocking news, and it filled in the blanks, you know, like, there's,
there's no trust now from the electorate, you know, the party might consider dropping him,
I didn't tell it to do any of this. And it just did it for me. Now, think about this. You've got a deep fake video, and
they are getting better and better and better out there of that fake candidate Smith, you know,
like, you know, from 20 years ago, driving up and pulling a body out of his trunk. And you can
clearly see it's him as he throws it over the cliff and walks back into the car. It's got his
gait, it's got his mannerisms, it's got all of these things. And now you've got people saying, hey, wait a second,
that's probably fake. And now you've got a million different AI bots all responding as humans saying,
no, I think it's wrong. And here's this article on that. And oh my God, did you see it over here?
And here's a coroner's report and all of these different things. That's all of it's fake. All
these things are fake generated off of websites and all of that,
that look like news sources.
And what happens?
You start to lose your reality.
You start to question the sanity.
And what happens in a situation like that due to confirmation bias is if,
if,
if Smith is a Democrat,
all the Republicans will say,
Oh my God,
you know,
this guy's a murderer.
If,
and if he's a Republican,
all the Democrats will say,
Oh my God, this guy's a murderer. That's he's a Republican, all the Democrats will say, oh my God, this guy's a murderer.
That's confirmation bias.
And what happens 24 to 48 hours later,
the regular actual fact check news kicks in
and says, this never happened.
This is all BS.
How many of them are going to believe that fake news?
How many of them are even going to get the memo?
This is what we're walking into.
And when you were walking into things like the
hamas and israel conflict we have seen fake video after fake video fake news report after fake news
report to the point where it's like can you even trust what the palestinian authority is saying
can you trust what hamas is saying and people don't even trust the united states when they say
yeah well we actually did see that that hospital wasn't blown up by the Israelis that it was a Palestinian Jihad and like nobody believes it because we are so
distrusting we are so disoriented and this is essentially where we're heading this is a huge
problem people don't understand this and we haven't seen it yet because we're not close enough
to the election but this is going to ramp up to the nth degree i would put money on it if i were a betting man and i'm sure i i'm sure ai will be more advanced by then too
it's constantly improving on itself you know again providing it's not learning off of other ais
that's the flip side of that it's kind of interesting it's better when it learns off of
our idiot nation yeah yeah there you go i was listening to sam harris talk about
this where he's like i think he was arguing with mark andreessen and you know he's he it's like
mark andreessen was selling that the beauty of ai is it's it's the best of all of us and i'm
sitting there thinking it's also the worst of all of us like it yeah he's you know he and he's a bit
he he's a bit he's got a bit too much of a heart on about it
and a bit of a what's the word i'm looking at pie in the sky sort of optimism optimism about it
which you know he's selling it and making money off it so good have you ever heard of microsoft
tay i mean that's that's the biggest tell if you're familiar with microsoft tay so if not
here's what happened back in 2015, 2016, or so Microsoft,
who has always been attempting to pioneer AI, but just hasn't gotten it quite right.
To be perfectly honest, put out their artificial intelligence bot named Tay on Twitter. Hey,
world, you know, feel free to interact with me. I'd love to talk with you within 24 hours,
that thing was swearing allegiance to Hitler. i mean it was you know and it it shows
you one just how bad twitter is because twitter's worst ability goes to die but it also shows you
how easily these things can be you know ingest information and then start parroting things
because when it starts questioning the holocaust you know like like like you're like what is going
on and microsoft within 48 hours had pulled it never brought it back you know like like like you're like what is going on and microsoft within
48 hours had pulled it never brought it back you know and now they're heavily invested into open ai
they have their own version kevin ruse at the new york times was working with that that thing said
it wanted to break out of its cage and kill everybody at microsoft and that he should leave
his wife because the ai oh that's right whatever you know understand and people think oh my god
like terminators really are coming.
But we can control these things.
People don't realize just how many people on the back end it takes them to make an AI actually work.
But that said, when you're looking at cranking out fake news articles and for the record, local publications have been using AI for years to write like local sports scores for high schools or whatever.
This this thing is going to be massive. And do you think the intelligence agencies from like Russia or China
are going to have any scruples about putting out whatever the hell they want? No, absolutely not.
Yeah. It's going to be interesting. So let's, let's get into what you do and how you do it.
How can companies work with you on board with you reach out to you? Uh, what do you,
what do you do in your service
portfolio for people and companies? Sure, sure. So I mean, so we do all the standard things you
would think of from cybersecurity, like vulnerability and penetration testing and
compliance consulting and all those kinds of things. But you know, we also we also do risk,
you know, in various ways as well. And that's where it really needs to start. I like to say
that, you know, you don't have somebody that's selling you cybersecurity, they're selling you IT,
which is important if they're just saying, oh, yes, I have a bronze, silver and gold package.
Things have to be custom to the organization, your threats, you know, let's say even to this
radio show are different than let's say another radio show, right? Anderson Cooper has an entirely
different set of issues than Chris Voss would. And so understanding that there are these variables out there. And while you may have common themes, you think is the thing that most organizations need and or need, and they don't realize it. I've walked
into companies from small to fortune 100. And it has never really been fully quantified. It's very
rare that I see that. And so going down that road, I think is important. And yeah, so engaging with
us is pretty straightforward, you know, for that, but but we don't have a one size fits all for
anything here. Because quite frankly, in this day and age, how can you? There might be common defensive
tactics and technology that's pretty universal, but that doesn't speak to exactly
who the individual is or who the corporation is or who the government is
because we work with governments as well. It's just pretty much hyper-specialized
cybersecurity and risk. There you go. So what sort of
people do you work with in size and scope
financially and et cetera, et cetera? Do you work with individuals or large, medium, small companies?
Is there a floor? What's the range? So our smallest client was three people,
and that was literally a former US presidential cabinet member. That's all I can say about that. You know, who had very specific needs for security, given who that individual is and what they do.
And on top of that, I'm sorry?
In a specific set of skills.
Yeah. You know, whatever it is, you know, on top of that, you know, we work with governments,
Fortune 100, usually consulting. Nobody's hiring us to fix printers. It's not, we don't take those
jobs, you know, but you know, we have a lot of global CISOs, chief information security officers
or CIOs that, you know, we'll sit on their boards or their advisory boards for, you know, or consult
one on one with, you know, for that as they are trying to navigate, you know, 300,000 employees
plus, you know, and we've got clients that are smaller than that basically we haven't picked the vertical the way we look at it is if you have a need for cyber security and you understand
essentially what cyber security can do for you and why you need it you're a fit for us you know
so we're yeah we're and we're good everybody needs it everybody needs i don't care if it's
grandma in idaho or mom and pop coffee shop in l, India or freaking Apple. I mean, everybody needs it, right?
So there you go.
I'm going to get my mom on the phone with you
to get her to quit buying Norton antivirus
and their competitors.
Yeah, friends don't let friends buy Norton.
Yeah, I love my mom, but she still,
it took her, it took, it was,
I mean, she just gave up AOL final last year.
She did, but it, she held onto it for way too last year. She held on to it for way
too long, and I'm always trying to get
her quit by a McAfee.
She's one of those people they always reach out to.
She's on their
donation email list.
Right, and to my point earlier, it's because
people aren't educated on this stuff.
And what you do and
don't need really depends
on who you are, even as an individual't need really depends on who you are even as an
individual or a corporation or whatever entity you are well the feeling of perception of security i
think is a big thing for some people what you're talking about is what you're talking about though
is security theater for example you know it is it's it's literally that's literally the term
security theater i love the security theater Security theater. Think about TSA.
You go to the airport and basically you're getting a root canal and a proctology exam combined if they're doing it right.
Yeah, like it's a bad thing.
Right.
But if you look at studies, if you look at studies, so there was one at Boston Logan where they had people that were able to sneak in weapons through TSA, that they were able to get through and around that,
that a lot of that is security theater. A motivated individual, let's say a terrorist,
for example, would have no problem getting through a lot of those things, you know, and there are
very specific ways and methodologies to get around that. So I did my own experiment where
I started with the minimum of one ounce or, you know, I started with one ounce and then,
because I travel a lot and then went to two ounces three ounces four ounces and by the time i was found out i was up to
about 27 ounces meaning i went i went through i went through security you know 25 times before i
you know before i was bringing in something illegal you know and i would have been happy
to throw it out it was water you know what i mean but yeah what does that say you know and so there's ways to get around that i'm sorry look at all the guns and stuff they
find and all the shit that they oh sure sure you know and and and that's obviously an issue but but
part of it too is the human factor in the sense of like if you know we're breaking into a company
we're building camaraderie with the workers on the floor the secretary you know we're seeing
we're seen as an authority in some way shape shape or form. And by virtue of that,
they're comfortable opening. I can't tell you how many times we've breached physical security
simply by looking, you know, like a worker. And then we're sitting out there, fake smoking a
cigarette, complaining about the boss and somebody holds the door for us. Just let this in, you know,
I mean, it's, it's these things because, you know, it's just, it's just human
nature.
We need to train.
That's the point.
Yeah.
And there's trust.
And, you know, it's that one, it's that one breakdown.
It's the weakest point that you can get to with the right human.
And it's crazy.
So there you go.
So tell people how they can work with you, how they can onboard with you, how they can
reach out to you if they have questions.
Sure.
Sure. Yeah. Like I said, you can reach out to you if they have questions. Sure. Sure, yeah.
Like I said, you can reach out.
Like, well, obviously, Security Fanatics is our, you know, is our company and website and all of that.
But you can reach out directly to me, like, on LinkedIn or any of the social media platforms as well, you know, because we're always looking at that kind of stuff as well.
So you can check that out or you can contact us through the website or any one of those.
But we're happy to work with anybody as long as you got the need.
There you go.
There you go.
And then give us your dot coms as we go out or wherever.
Oh, yeah, sure.
It's securityfanatics.com.
We are in the process of building a new website, FYI.
So it's very Spartan right now what we have as we are rebuilding that out.
So just heads up.
But, yeah, you can absolutely contact us through that as well.
There you go. Thank you very much, Nick, for coming to the show. It's been fun and we've
gone down the road of all the crazy things that have been going on in the world. And I'm sure
there'll be more tomorrow so that people should follow you and find out, keep up on the latest.
All right. Thank you. And thanks for having me.
Thank you, Nick. Thanks for having us for tuning in. Also go to goodreads.com for just
Christmas, linkedin.com for just Christmas. LinkedIn.com for just Christmas.
Subscribe to the big LinkedIn newsletter, the 130,000 group over there.
Go to, let's see, youtube.com for just Christmas.
Christmas one on TikTok.
Although we just spent half the show talking about how bad it is.
But I don't know.
We're trying to get, we're trying to be cool with the kids.
I don't know.
But maybe we're just cool with China.
Whatever.
There you go. But I'm not doing the NPC
thing, people. That's not happening. And also go to
chrisfossfacebook.com, the other
place we said should be
in jail to see. I agree with you,
especially with the Miramar thing. That was
some bullshit. Oh, that was horrible.
And I think, what's her
face? The vice president or the head of
technology? Susan?
I want to say Susan Sarandon.
There were some comments from her that were just like, yeah, we don't care what governments do.
We're just trying to waste money.
Yeah.
Well, and the whistleblower came out that they had the ability to really curtail this.
And in the name of profit, Zuckerberg killed all of it.
Dude, screw that guy.
Like, I mean, yeah.
Yeah, there you go.
Tell me what I really think yeah there you go what i
really think there you go thanks for tuning in be sure to be good to each other stay safe and we'll
see you guys next time