Ready to embark on a fascinating journey through the tech world? Our guest, James Giles, shares his intriguing progression from tech sales and IT into cybersecurity. He offers insights on how his early fascination with computers, coding, and console modding laid the groundwork for his understanding of operating systems and servers. Buckle up as we explore Giles’ varied experiences on a help desk, tackling everything from Python problems to security threats, and emphasizing the immense value of such a role for anyone eyeing a holistic view of the tech universe.
Ever wondered about the two sides of the AI coin? Our compelling discussion takes you on a deep exploration of the pros and cons of AI, including its implications for privacy and human interaction. We scrutinize the potential risks from facial recognition technology, social credit scores, and digital IDs, weighing these against the convenience they offer. As we ponder the potential of AI to replace people in Tier 1 helpdesk roles, we underscore the crucial role of the human touch to back up technology and ensure accuracy.
The conversation takes a darker turn as we delve into the murky realm of AI and email compromise misuse. Giles illuminates how unsavory actors exploit these tools to gain unauthorized business access, highlighting the need for extra security layers. As we wrap up our discussion, we touch on how AI is molding the workforce's future, emphasizing the necessity for professionals to familiarize themselves with this tech, irrespective of their field of expertise. Engage with us in this important conversation as we tackle these critical cybersecurity topics today.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Ready to embark on a fascinating journey through the tech world? Our guest, James Giles, shares his intriguing progression from tech sales and IT into cybersecurity. He offers insights on how his early fascination with computers, coding, and console modding laid the groundwork for his understanding of operating systems and servers. Buckle up as we explore Giles’ varied experiences on a help desk, tackling everything from Python problems to security threats, and emphasizing the immense value of such a role for anyone eyeing a holistic view of the tech universe.
Ever wondered about the two sides of the AI coin? Our compelling discussion takes you on a deep exploration of the pros and cons of AI, including its implications for privacy and human interaction. We scrutinize the potential risks from facial recognition technology, social credit scores, and digital IDs, weighing these against the convenience they offer. As we ponder the potential of AI to replace people in Tier 1 helpdesk roles, we underscore the crucial role of the human touch to back up technology and ensure accuracy.
The conversation takes a darker turn as we delve into the murky realm of AI and email compromise misuse. Giles illuminates how unsavory actors exploit these tools to gain unauthorized business access, highlighting the need for extra security layers. As we wrap up our discussion, we touch on how AI is molding the workforce's future, emphasizing the necessity for professionals to familiarize themselves with this tech, irrespective of their field of expertise. Engage with us in this important conversation as we tackle these critical cybersecurity topics today.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
And we're back with another amazing episode of security happy hour. That's right, it's ya boy. It's the cyber warrior studio. Cyber warrior, and we are here on cyber warrior studios now. We got a great show planned, got a lot of big things planned, a lot of great conversations planned. But before we get into that, you know what we got to do, you know. You just know what's coming. I'll be back in about 10 seconds and we're back and hold on, hold on, as always. There it is the official sound security happy hour kicking off. There we go. Have a good fray's day. I hope this is an amazing episode. I plan for it to be an amazing episode. I got James Giles here. Giles, I don't know how to. There we go.
Speaker 2:Yes, it's bourbon dillies. I.
Speaker 1:Had a friend growing up. Her name her, her last name was Giles.
Speaker 2:So there's a lot of years here in the chat.
Speaker 1:Thank you for joining us this evening. As always, super chats and everything, all that all that stuff is turned on. Feel free at your Disposal if you should so choose. Otherwise, I'm here for y'all. We're just gonna have a great conversation. So before we get into it, james, why don't you introduce yourself and let us know kind of what's bringing you into cybersecurity? Because I know you're, you're there, but not there you're, you're kind of like in the middle.
Speaker 2:So, yeah, it's. It's a weird scenario of I'm in um, so I've been technical my whole life. I started out my dad introduced us to PCs back in the 90s. I was helping him put together his PC. He would play doom on it and some of the classes like D&D you know those old RPGs we have to type and so Essentially I grew up hacking I do.
Speaker 2:I grew up being the IT guy of the family, done a little bit coding because my dad was a software engineer for hr block and then, yeah, pretty much I did everything from modding consoles to, you know, taking apart PCs, figuring out ways to do things that you aren't supposed to do with tech, and so what ended up happening is I got into sales and I was working for Comcast and I worked my way through T-Mobile, at&t, every kind of tech sales job I could get my hands on, because I enjoyed it. I could talk about Android phones and technology all day, day in and day out, help people out. Old people, like old customers, would come to me and be like, hey, you did something awesome to my, my buddy's, friends, and so I'd go through and set to the simple mode where it mimics like a flip phone. So I grew up, I got into that and then I Kept jumping jobs, essentially, and so what ended up happening was I would jump from one job to another, to another.
Speaker 2:I just couldn't enjoy it and it was always technical work that I enjoyed the most. So eventually I got into IT and Luckily the company I'm working at now they do both IT support and they do security. The big focus, the whole culture, is around security. So, yeah, that's time. A bit of my background. I don't know, I'm bad at giving the the personal background history.
Speaker 1:Yeah, I mean, it's one of the things. You come from the same background, I do. Right, you grew up kind of in IT and it's one of those things is hard because I try to tell everybody they belong but I can't always relate to everybody's stories because a lot of people are trying to transition later and and so for me Coming up fixing computers at seven, eight years old, growing up on America online and dealing with punters and chat rooms and you know I will in in it you know I was always very, very vividly aware that if I had anything but my own stuff that I could go to jail, and I didn't want to make a mistake and do something stupid and step that was my issue one, two.
Speaker 2:So I didn't want to become one of those recovering non-ethical hackers.
Speaker 1:That was. That was definitely my issue is like, because, because I Understood the ethics and the laws behind it as much as I loved it, I didn't grow up in a community of, hey, let's bring down the man, and, you know, let's be an orc. I.
Speaker 2:Have a hacker yeah.
Speaker 1:You know I.
Speaker 2:Hunt out in those communities. I never participate. I like.
Speaker 1:I would have. I would have, I would have fell right in out of it.
Speaker 2:Full bore idea of D Dawson, someone off of the net, spots just a punk home was very tempting, but I know I'm not gonna have Microsoft sue me, I had it done it.
Speaker 1:I'd have done it all day. I'd have been full send. Let's go.
Speaker 2:Long term, my ass would not do well in jail.
Speaker 1:But no, it's crazy because you can. You know. The biggest thing right now is you know, we look at it and there's so many different avenues in this type of security. There's so many different ways in. One of the biggest things that a lot of us talk about is the foundations, and One of the best ways to learn the foundations is help desk, because if you get that a plus, if you get that sec plus or net plus or whatever, that help desk gives you that foundational understanding of operating systems and servers Right. So what would you say has been the biggest benefit for you working in a help desk in terms of trying to migrate and transition in the cyber?
Speaker 2:Oh my gosh. Um, so two things I would say. Um, one, you're exposed to everything. I've helped people with Python issues. I've helped people with active directory identity, access management, security threats or, you know, fishing attempts or whatever, and having to train them on the proper procedure, how to report it. Um, it's, it's been good for exposure, because I know a lot of people hate help desk and personally there's definitely everybody I hate about help desk, but, um, that's definitely the exposure to everything you you have to be able to handle a PC.
Speaker 2:You have to be able to handle, um, the software within PC, the OS, everything from the, the registry to Gosh. I like there's so much, I just can't list it all.
Speaker 1:There is there's a lot there, and Amanda said it, amanda. You know she's talking about. Right now she's going through the Google cybersecurity course. Hmm.
Speaker 2:And I heard a lot good about that.
Speaker 1:Yeah, it's been a fantastic course. Me and her kept up on our journey. What she's been learning and and it is it's very you know a lot of foundational stuff that's being taught in that course, and so I think in that going through something like that, if you're not going to get into help desk or IT first, something like those very basic things that help you understand the concepts and the terminology, are huge. They are what some of the most important courses you will take and that's why I don't talk down about security plus or GSEC or Google or anything like that because they teach you those foundational Basics that you need to understand Prior to entering the industry. Right, right.
Speaker 2:And when it comes to I know a lot of people talk about, should I get the the a plus or the network plus, I would say If you're young and you're in high school or something, sure, get the the a plus. Um, if you're playing on, working at a computer repair shop or something where that is your work, yeah, do the a plus and the network plus. But when it comes down to it, learn those. You don't have to necessarily get the certification because A lot of companies don't care. There there are a lot of companies are like, oh well, you need to know this, but Like they'll look for more experience a lot of time. If you have no experience, it can be good to get, definitely, um, the network plus for cybersecurity. I would go ahead and get that. That is one on my list, um, but I personally I'm a prime example and I've not. I've only talked to friends about how I got into um IT, but like I'm a prime example of if I can do it, anybody can, and it's all about skill, it's all about knowledge. And the reason I say that is because I mean it's different now, because I have it, but back in the day, when I first got into it.
Speaker 2:I had moved back to Salt Lake where I live here in Utah, and then I was working Smith, so I was doing electric. Before I moved back, um and I at Smith's, at night I was doing freight crew, so I was just, you know, stocking shelves, taking stuff off trucks. But while I was working I was listening to everything any podcast, any Set plus network, plus a plus information that I could get my hands on. I I have a treasure trove of YouTube and books and audio books and whatnot that I've developed over the years. But, um, but at the time when I applied that, I was hired purely for knowledge and the, the willingness to learn.
Speaker 2:Yeah, the reason why is because I didn't even have my GED at the time. Right, I was able to get in and then get my GED later on. But get in and get on into IT and get exposure to cybersecurity, work with doctors, work with um like Other corporations and whatnot, where you're dealing with administrators, programmers, hr staff, you're dealing with everybody under help desk. You did that Exposure, um, that's. I was able to do that with no GED. Just says something still definitely in knowledge played with everything you know. Have that, that interest to Figure out how to get something to do what's not supposed to do or what they didn't know it could, and that's that's the biggest thing.
Speaker 1:I think that's. You know, it is one thing, because, even though it constantly changes, it remains the same. And I say the same thing about cyber. Oh, you know, it always changes, but it remains the same. Foundations will always be there how to get from point A to point B, the OSI model, things like this. They're never gonna change.
Speaker 1:Now where they were, where they were died, whether it's in the cloud or on-prem or you know, whatever you're doing, that may change, but the underlying foundations of how computers talk, of how operating systems work, of how All of this stuff interconnects, that's not gonna change, that's, that's gonna remain the same. Now that, with a caveat, that with Things like, um, what I kind of remember right now what runs Bitcoin, well, I kind of remember right now what runs Bitcoin.
Speaker 2:Oh, Crypto you're talking. Decentralized yeah, the decent realized crypto currencies. Um, I forget what they.
Speaker 1:Yeah, yeah but it's decentralized computing with things like that. Yes, that will change the game. Oh yeah, that becomes the norm, because then it's not point A to point B. Right, there's a record here, here, here, here, here and here, and nothing is Permanent. A wall is permanent, but it's not stationary, rather blockchain. That's it, yeah, yeah, yeah that's that will Don't like.
Speaker 2:I find it funny because Stammers and whatnot, they think they're invisible. But you can track blockchain, like you can track where every sale has been made. It's in the.
Speaker 1:Oh, you can't you can't but what I'm saying is the meeting behind it is With the blockchain because of the way it's decentralized, because it's right out, because it's all these systems, you, you have more redundancy. Then just oh, I'm gonna connect this firewall and this firewall. I've got a live, I've got a failover and that's what it is. I think once the blockchain comes more into fruition and Starts running more decentralized computing, as we are seeing now come about, that will that'll be a game changer. If that, if that actually comes into full-scale Computing, blockchain will be a game changer. I don't know what's gonna happen, but I foresee certain things triggering it to happen.
Speaker 1:Oh, yeah, absolutely which AI I think will be one of them.
Speaker 2:AI is. That's an interesting topic, to say at least, there's a lot of there's a lot of confusion when it comes to AI and a lot of expectations are gonna be really interesting to See where that goes.
Speaker 1:There's a lot of good and bad with AI. I look at AI. I.
Speaker 2:Don't you want to talk about the bad first?
Speaker 1:Yeah, let's talk about the bad, let's go, all right, all right. You, you had you sat down talks with a lot of people recently. Me and you discuss this, so what are the negatives to AI?
Speaker 2:Okay, so well. When it comes to negatives, there's the most commonly known things like, for example, there's a company called faceception exception. Anyone who wants to let that up, go ahead. They are actually selling their services to police forces or government agencies in order to Look at your face, figure out if you're rated as potentially becoming violent or positive individual or about to do something based on your facial features, and their maintenance of that police force is what not can intervene Before you ever commit crime.
Speaker 1:So you're talking a full-blown.
Speaker 2:What's that Tom Cruise movie.
Speaker 1:I'm not sure what it is.
Speaker 2:Because what an M?
Speaker 1:Oh, um, oh, my gosh, I can't remember I haven't seen it in one movie. I know what you're talking about, but they had. They had uh, people that could see the future.
Speaker 2:Oh my gosh, I can't remember for life. Um, it is the same idea.
Speaker 1:Now I'm assuming, because you haven't committed a crime.
Speaker 2:Minority report. Cody got it. Minority report yes, yes, yeah, so that is the same thing. I know that you're talking about the social credit score. I know two governments have already picked it up. There's probably more, and that is terrifying. Now China does the same thing for, um, facial recognition and what not, when it comes to, uh, your reputation, credit score, credit score, yeah, yeah, social credit store. So with that, um, there's a lot of people that are trying to get into the industry. So it's like things like that are terrifying. Now, to an extent, you know, I also see where people are going. Oh, this is good because it'll prevent, like you know, shoplifting or you know whatever, like it'll be able to centralize information, but that's bad because it destroys your privacy.
Speaker 1:Yeah, and it's a terrifying concept. It's like you know. You're not going to get the way AI and you look at the way social media was going on about that wallet. How you doing, brother, good to see you here, look, hey, which, by the way, caveat time out. If you were into working with your making your money, work for you go listen to about that about that wallet podcast.
Speaker 1:Um, homies, good one. Yeah, homies got a good, a good bit of information out there, so make sure you get the the, the way that all of the world, the world economy, the world countries and things like that when it comes to AI, social credit scores, social media, all this stuff, I think it's going to come to a point where we're all screwed. Yeah, every last one of us, because of AI, because of social media, because of the social credit scores. China was the start of it.
Speaker 1:Yeah, but it's not the end of the world yet, and it's not yet, but working towards implementing the same thing.
Speaker 2:Well, and they have. Also, I know some states, like Utah, for example. They've got your ID as a digital, like um ID you can have on your phone. That makes it easier for them to track you. And I don't. I like the convenience, I don't like the ability to be constantly on the map, because the government has a digital ID that they can check. Now, obviously, when you scan your ID, you know the gas station, the liquor store, obviously it's going to pop up and they're going to go oh, he was here at this time and buying this, but um, but in general, like having it on an app that exposes your security more ways than one, for example, location, um, all kinds of like they could access your mic. There's a lot of things and people are just going to accept the turns because they want that convenience. They're not going to review and some people might be picking. But no, like my dad, he's going to be picky and paranoid, but a lot of people are going to be ah, yeah, whatever, and pass through and it's up to it.
Speaker 1:So so actually we got a really good question here about that concept. Yeah, about that wallet. Would you think NFTs would be the best for tracking?
Speaker 2:NFTs? In what way?
Speaker 1:Tracking people, tracking location tracking. Whatever You've got an NFT, it now has embedded code. You can do whatever you want with NFTs, I mean like anything, I guess.
Speaker 2:Um, it depends on what it's attached to, because I would imagine an NFT itself. Now, I don't know. I personally, I hate NFTs.
Speaker 1:It's digital art. I could take a screenshot or download it today.
Speaker 2:I see the good side, but I also see where it has been blown out proportion and so I just haven't bothered with it at all. But, um, when it comes down to it, yeah, like anything digital can be tracked. If I send you a packet, you can track that packet. Now, if I'm on a VPN, sure that might change things a little bit, but or Tor or whatever, but that's not going to guarantee that you're safe. And I could with if I send an NFT that's also attached to like a file or something that redirects you, then I can get your PC name, your, your VPN IP address, I can get the device type, I can get the location of where that VPN is sending. So in other words, that VPN will say you're in Germany or whatever. But if you're not on a VPN, I can get almost down to your exact location. It doesn't matter what it is Like. If I sent you a packet of whatever it could be anything some file you can be tracked. So you got to be careful about it.
Speaker 1:But here's the other statement NFTs would be used for drivers licenses, for sure, and he's not wrong. That is potentially the route they're going to go, because, again, decentralization, we can put it everywhere. It runs on the blockchain.
Speaker 2:They're watching you. Yeah, I mean, they're going to be watching regardless.
Speaker 1:But it can't be modified without you know, modifying all the records, you know it's a lot harder to falsify a driver's license or an ID if it's an NFT and built on the blockchain.
Speaker 2:See, I need to look into the updates on that, because I only saw when they were talking about incorporating it into like an app, like structure, so like I didn't keep up on it. So that's one thing, honestly, our audience might be a little bit more aware of than me, and I'll definitely have to research it, but I'm not surprised, because with crypto, it's more secure in the way of like you can track everything, but it's not private. Does that make sense?
Speaker 1:Right, and that's the big thing, right, people here? This is where you get into the concept of you are trading your privacy for security. Yep, and that is what people don't understand is, anytime you are looking at making things more secure, you're less private. You're more secure because there's more eyes on that, can track, that can watch, it can do all these things. Right, there's less privacy for more security, and the same thing goes for freedom. You'll trade a little bit of security for freedom, for our freedom for security, or whatever the case might be. However you want to word it, the outcome is still the same. In order for the big gov, privacy for convenience. Another one, you know, if big gov is going to get involved, then you are trading all your privacy, all your, everything, your freedoms, and all that just for a little bit of security really is really secure, because if you look at it, in this industry nothing is 100% secure, right, right Nothing.
Speaker 1:Well and I'm talking about that 6 feet underground and a block in lead line, fucking south and bury it deep.
Speaker 2:That is secure, yeah Well, and that actually goes back to the whole, since the whole thing of this show is kind of generally AI. So, when it comes down to it, ai, there's two different sides. You have the side of well. Two sides, I mean, there's the good and the bad. So you have, on one hand, oh, this is going to be like good for massive amounts of information and being able to what's the word, being able to process it super fast. If you throw a prompt into chat GPT, when it spits it out, that's a lot of fast information. But when it comes down to it, and I use it now.
Speaker 1:Did you look at my description of this video? That all came from chat GPT. All I had to do was take out the expert stuff, because I hate the term expert right description came straight from chat GPT. I was like I'm tired of coming up with shit to say.
Speaker 2:Right, but like. So, for example, one of the things that they're they're looking into some of the companies I've talked to and you know some of the some of the companies I worked with is incorporating chat, gpt to be an assistant for the help desk. So, for example, you know when you're you called on the phone, you did the automatic thing. Have you tried this? Have you tried that? Blah, blah, blah and it goes through and gives you options on the phone. Yeah, it's a pain in the butt, but what they're trying to do is make that worse, because before you ever get to us, they're trying to make it so that you have that assistant overlay first and then, if it's something where it's like you want a person, then eventually you can get your way to it.
Speaker 2:But even that person alone is going to be typing away doing how do I like unlock an active directory account and whatever, and then it's gonna spit it out. So the good thing is, like SharePoint, we're not going to have to go on to SharePoint and manually search through everything and you know practice or Googling stills, but when it comes down to it or whatever their information base is but because we'll just type active directory, whatever, and it'll spit it out with an exact, solid step of x, y and z. This is what you might do, but here's the downside. So the downside is so I asked. I was blunt about it, I was like in one of our meetings. I was like so the most common thing on the internet when it comes to AI is will it replace you? And they said, potentially all the L1s could be replaced.
Speaker 1:And that's the big thing, and so I had this conversation really bad, and Angie will get to your question here in a second. I do want to address that in Twitch, but as far as AI.
Speaker 2:That's what they want, and you know why? Because you lost more to pay for a person, but you save it. You become a little bit more profitable.
Speaker 1:How soon would we be able to remove Tier 1 helpdesk with AI?
Speaker 2:I wouldn't say anywhere in the next like 10 years, no, so I'm not going to say that they'll be removed and there's a reason I'm no idea to that when it comes to Tier 1 helpdesk. So the issue is it's a robot. How many times on the phone do you get that automatic voice and whatnot and you give it the pre-decided answers. Now, in this case, you can give it more of a custom question or answer, but how many times do you get frustrated with that machine? They want to have a human behind it who can back it up. So in some cases that would be like an L2 or an L3 who's like more skilled with it, but they pay for pay him more, but pay the L1s less because they have no more. Well, they have less L1s, I guess. So the problem with that is the barrier to entry becomes a lot higher and I hate that because I want people anyone who's in chat or whatever who really is passionate about it and like me, who started out no formal education, I was self-taught my whole life.
Speaker 1:So here's the thing about this, though, right, that's what pisses me. Whether it's help desk or cyber security, I do not feel AI should ever replace any human. No.
Speaker 1:I think it should exist as another layer to provide information, but never replace and me and those of hacker valley media. So, chris Cochran and Ronald Eddings, we had this discussion in their discord and on LinkedIn and they said well, ai, you know, is AI the future and gonna replace cyber and da, da, da da. And I said, here's the thing no matter what you look at, you need human eyes because an AI only knows what you teach it. So if the AI only knows from the person that programmed it what to do, what to learn and what to do, and go on from there and it's a circle, and there's another comment here from Infinite AI that we're gonna touch on or actually griffin info sec.
Speaker 1:You know, if it only learns based on what you tell it and you give it bad information, then it gives bad results, right, right, right. So it takes a human eye and so when you're looking at SOAR or you know security operations or a SUC or IT help desk, look, I have gone rounds with humans on the phone. Trust me, you don't want me to go rounds with an AI, because I'm literally calling until I get to a tier 3 I won't get to manager and a meme.
Speaker 1:I will go to the very top of your executive chain and raise health, because here's the thing at the end of the day, ai is AI, it's not a human being. It's not gonna give me the same results. So, for context, when I was I think I was in college or no. I may have been graduating high school, but I already broke my computers. I knew computers. I knew how to fix them. I knew all these things my dad bought four laptops.
Speaker 1:These four laptops were pieces of shit, but at the end of the day, they got a bunch of malware on them for me and my three sisters, because you know day and age of limelight and Napster and all that other shit, right, right. And so the batteries were dying. They were cheap, 400 dollar laptops. But he bought the service plans on them through Dell and all this other stuff, and I called and I said, hey, I need four new hard drives and four new batteries. And they're like well, you need it. No, no, no, no, no. This is what you're gonna do. I'm gonna tell you exactly what's wrong with these computers and you're gonna then send me four new hard drives and four new batteries. I have a service plan If you need me to run these shit over with a car. I will do it, I don't care.
Speaker 1:They're gonna send me what I need and eventually they did it. But if you're dealing with an AI, you can't get that type of service. You're gonna deal with an AI there and tell you do this, all right, done. Don't be robotic. Do this, okay, done. Do this, okay done. Do this, okay done.
Speaker 2:Do this okay. Done At the same time, it can be structured.
Speaker 1:Shut the fuck up.
Speaker 2:Give me a human.
Speaker 1:That's gonna fix my issue please Right, right.
Speaker 2:Well, at the same time, it can be structured against you too as a customer. So it can funnel you through a sales chain, for example. It can funnel you through and, unlike a sales rep, who can read your emotion and be able to tell that you're getting a little tipped off and maybe skip ahead a bit, it will force you through that tunnel and make it so you have to hit every step for you to get to the end of that conversation.
Speaker 1:And I don't wanna stick out on Angie's question here and comment, but it's very valid. Who will control what kind of data goes into the open source? Chat GPT, which is sharing internal data that could be, has been leaked, so we know this has happened. We know chat GPT has shared internal data data from people. So who is controlling the data and the data flow?
Speaker 2:So, when it comes to that, never, ever ever, give your company's information or your personal information to chat GPT. And I'll explain what I did where I used it for my work, but I did not give identifying data. So I went through. I was frustrated with this new project because the training was crap, everything was chaotic and shambles and I had a lot of ideas about how it could be done better. And so I went to one of my buddies who's up. He's one of the higher up managers at my work. He's basically over our location. I went to him and I was like, hey, like I have this frustration and he's like, well, send me like a proposition or something. And I'm like, all right, yeah, but I was like the next day I hadn't seen it yet and the next day I got so frustrated I was just pissed. I was ready to quit that day because of how bad the training was for the new hires and what is new project and there's, you know, growing pains. But in this case it was just a lack of good trainers or knowing how to train or like people who actually knew what was going on, and so like we literally had some days where people would come in and start the training, the official trainer would have everyone waiting for two to three hours before you even start and not telling them one thing, and then or end it early. It was never like a day where one thing happened. It was either or either we ended early when we should have been practicing or they never started on time. I was just losing my mind and because I was brand new but I was training the new hires in and I'm like dude, like I don't know any of this and the guys who know are not doing the training well, and I just wanted to rant and rave and be angry. But I went through and I used chat GPT. After I wrote up this long, ranty letter and I used chat GPT and I was like, okay, I need to send this out professionally, I need to send this in a way that won't have the emotions I'm feeling right now. How can I do this? So I made sure to remove on any identifiable data, project names, anything like that, anything related to a tool, because you don't want some sort of context that someone can take, because chat GPT can spew that information out your private information, the company's information, whatever you give it is in its record. So there's gotta be a way to fish it out Now.
Speaker 2:I went through and this is both like the good and the bad. The bad don't put your information in there. But the good was I went through and was like how do you or not how rewrite this in a way that could be presented to C-suite executives or management, et cetera? I put off a list like that Rewrite this. And I put it like auto correct and whatever else, and it went through and rewrote the entire theme, got rid of the emotion. There was no more anger and frustration, no more like me getting pissed off at the computer, just angrily errrr type in a way.
Speaker 2:And it wrote it in a way that was awesome. It was still my words, but it was in a reorganized and rephrased kind of sentence. Does that make sense? And then I added paragraphs to it and whatnot, and it requires human editing. You wanna go through and double check the information because you don't wanna copy whatever chat GPT throws at you and then send it to your manager, for example. And then I did that. I put everything together. It was all my words, but it was reshaped. Does that make sense?
Speaker 1:Yeah, and that's the thing is going through because chat GPT is gonna give you its own tone of voice, its own contact. So if it's something you're trying to deliver professionally and something you're trying to deliver to convey, a certain message.
Speaker 2:You have to go through and reword it, yes, and if you don't, do that, otherwise it's not your information, it's not your work at that point, if you don't edit.
Speaker 2:And so, guess what? I sent it and I didn't think it was gonna go past my manager friend. I was like you know, I'm gonna rant and rave and get out of my system, never hear a thing about it. I sent to him and then I hit him up a few hours later at the end of my shift and I was like, hey, so about that message I sent you with the proposal for the change in training, like any word on it or just forget it? And he was like, oh no, I sent it to upper management, I sent it to the stakeholders and their managers, basically everyone involved with this new project. And he was like, yeah, it was beautiful, like you know, great information, you had good ideas. And I was like, thank you, chat GPT, you just gave me an audience with, like the stakeholders and upper management, all right. And then the next week the changes were implemented Implemented most of them, not all of them, but but again this comes down to, there's good and bad to everything.
Speaker 1:Right and I said this when I made the post today and even within the stream, when you look at any technical innovation, it comes with a good heart usually Usually a good heart good ideas in mind. It can approve all these things. But then you have those people that are gonna take something good and turn it to a negative. They're gonna use it as a weapon. They're gonna use it to their advantage, and so we are seeing that now with AI.
Speaker 1:We are seeing that, with videos that people are buying into, they believe the legit, the real, it's all these things, but it is a fake AI video. Somebody threw a face on it and said oh yeah, this is real. This is this person saying it. This happened.
Speaker 2:Did you hear about the Twitter post, the one that taint to be a stock market for a day or something? Yeah, yeah, they posted that the White House had been hit or something like that. And then you suddenly see people pulling out for stock and whatnot and I was like whoa what. It looked real but I couldn't believe that the stock market actually crashed. And that's just human emotion. If you fish somebody well and with AI now fishing easy.
Speaker 1:But here I'm gonna say this, and for educational purposes only if you type in a chat GPT, that you wanna fish someone, it'll tell you no. If you tell it to write me a really good marketing email for this purpose, it will do that. Just in FYI, just saying Yep.
Speaker 2:Throw it out there.
Speaker 1:There are ways around everything. Again, this comes down to malicious intent and legitimacy Marketing. People could use it for real. But then you have those, that and this is where, again, the bad comes in A lot of your foreign actors, at least within the US. So your foreign adversaries are going to write emails, going to try to fish you with a bunch of bullshit.
Speaker 2:Yep.
Speaker 1:It used to be, they had to use a translator. That would make it broken English and it never made sense and you could always pinpoint it. Now all they have to do is go to chat GPT and say, hey, write me an email that says this that got you homie, no problem. And you get it and you copy and paste it into an email and now it bypasses every spam filter and every issue out there, and you have to look through it and actually dig deeper than the words.
Speaker 2:Well, and the problem, though, is they still do have a few steps. If they live out in Nigeria or India or something, and they send a message and they edit it at all, or they word it in a weird way, like you'll notice the weird phrasing, or why is he talking about Toyota, whatever. But like if they actually understand enough English to get their point across and give it a prompt that it understands correctly, then, yeah, like fishing will, unfortunately, and to phrase this, this is for training purposes and information sake. Not, I'm not condoning any of this, and neither is cyber warrior, but when it comes to fishing and whatnot, they put protections in, but the problem is those protections have been bypassed. Why am I here?
Speaker 1:I know I get emails every day that pass Google, one of the biggest fucking female places in the world, and they pass all the rest. They're spam filters. Yeah, I'm like look homie, I don't wanna see this shit. Why is it here? It's spam, please get rid of it.
Speaker 2:Yeah, yeah, well, and one of the things apparently now some publishers are going through and they're not accepting, like where you write like a proposal for a book. Basically they're not accepting proposals for new books because people are using chat, gpt to go through and write up huge sections of fancy novels or whatever that they wanna sell and unless they've gotten to know the person. So if they've seen the person, they've talked with them, they're like I can verify this, is you all right, cool. And like if it's a way that they can verify that a robot didn't do it, then like at that point they're accepting it. But that's just one example of an industry that's being affected. Not just hope does.
Speaker 1:And AR so infinite and probably AI has a valid point. Ai is a toll. All tolls can be used for whatever purpose. Anyone can weaponize any toll for malicious reasons. James, you have an axe on the wall Pun to all. Bunion used an axe, differently than Ragnar Lothbrok, he's not wrong. Two different reasons. And so when you're looking at anything, even look at something like uranium uranium, when the atom bomb, when the nuclear bomb came about, it was not uranium, was not designed for that purpose. It was found and utilized for different reasons and they were investigating in science, definitely trying to discover different reasons to utilize this. It was the war, it was Germany and the US that were like oh hey, homie, we can do a lot of damage with that.
Speaker 2:You're gonna we're gonna use it for something you didn't want Explosions here.
Speaker 1:Yeah, so when you look at these things, science takes over technology in and of itself isn't bad, whether it's AI, the internet or whatever. None of this is bad. It is the fact that you should understand that people are going to use it for malicious reasons, right. And if you do not understand that and if you design something, they're like oh this is all good, this is gonna be for all good, without realizing that the human mind is gonna go. How can I fuck somebody up?
Speaker 1:Yeah, yeah, Well and Like that should be your first thought. Your first thought should not be oh, it's all good. Your first thought these days should be how can I fuck someone up with this? Because I know it's. I know someone's gonna think this.
Speaker 1:So let's think of the negatives it can do and either try to fix that immediately or put in some type of warning, some type of statement, some type of whatever that says, hey, we know this has the potential to be used for these purposes. Please be aware and cognizant that this is what it may be used for, but that is not our initial intent and that is not intent at all, and this is what it was designed for. Again, more like a CYA, like we get what evil it can do, but that is not its purpose. Its purpose is for X, y and Z. Just because someone uses it for XX, y and Z is not my fault, but we understand that that is possible, and so that is what you know kind of the things should look at and when you're looking at oh, oh, oh, oh, oh, oh, oh, oh, oh, oh. Son of a bitch, help me.
Speaker 2:Do that across different email platforms.
Speaker 1:Signing an email signing encrypted signing. So you have an instinctive for now, a tie to your email, whether it's by certificate or other, and so if you sign an email, it is supposed to be authenticated, it is supposed to be only coming from you, right?
Speaker 2:But there's a-.
Speaker 1:I can feel a certificate. I can falsify a certificate.
Speaker 2:Yeah.
Speaker 1:I can own a certificate. So, in terms of the CIA triad, which is confidentiality, integrity and availability, you're talking about that integrity standpoint. Exactly so Good, it's called business email compromise.
Speaker 2:I was gonna say like, and also I mean, just because it's signed by the system doesn't mean that anyone's going to like necessarily pay attention to that. I'll do a van to firewall.
Speaker 1:But again, if you're looking, at BEC this is how a lot of companies are getting compromised now.
Speaker 2:Right and people won't be like Company A does business with Company B.
Speaker 1:What I do is I infiltrate Company B. I take an email address that you have interacted with before, maybe piggyback off an email and I now send that to you and I say, hey, you owe us money. Please review this invoice. You owe us money for X, y and Z. You're like what the hell? I'm gonna read this invoice as bullshit. You read that invoice and now all of a sudden, your whole system's compromised. I now own you because I own someone's email.
Speaker 2:And half the time you don't even know you don't have.
Speaker 1:No, no, because here's the thing we were discussing it today at work is I can sit there and drop a benign file. It does one thing, and one thing only. All it does is call out, and I'm gonna sit there and I'm gonna look at it and I'm gonna wait and see if your EDR, if anybody, catches it. They don't catch it, cool, I'm gonna send a command to it. Yep, now, when I send that command, does it get caught? Yet? No, it doesn't get caught, cool.
Speaker 1:So what are you running on your system? What are you doing? And I can even use AI at the same time. Let's be honest. I can sit there and write an entire artificial intelligence script, which, in reality, is a bunch of if, then else statements. That's all it is. If this, do this, if this, do that, whatever. So I'm gonna sit there. I don't even gotta do shit. I write this script, I deliver my payload and I'm gonna walk away If I come back in a day or two and I see I've pwned your entire network. That means your EDR and your SOC. We're not doing their job Right, and it's all because I compromised, not your accounts, but another email.
Speaker 1:Yep, that's all it is.
Speaker 2:Yeah.
Speaker 1:Like optimize somebody else. That then sent you an email and you believed it Because it was a reply or a forward from an account you already do business with. Right right.
Speaker 2:Well, and here's the other thing people don't think about too If, say, when your clients gets affected or your service provider gets affected, then guess what? You're not gonna know that that's a malicious email. Now, because you've been communicating with this guy for months now and they've been either supplying a service or you've been supplying a service or whatever. And then guess what, like now they've been compromised. They don't know they've been compromised, and now you have a malicious person attacker sending you emails. So I mean, there's a lot of different ways that that can go about.
Speaker 1:Yeah, that's the big thing and I think this is where AI is gonna come into play and, like I said, it's gonna come down to you have things like chat, gpc, google I forget what Google is called.
Speaker 2:I forget what these others are called.
Speaker 1:But they build these AI programs which, let's be honest, are if than else and then they start to learn. They program them to learn Because you're hackers well, not hackers, your malicious personnel and your attackers understand how to program. They probably know how to program AI better than you do, better than anybody else. Let's be honest, they know their shit. If they can work around your EDR and everything else, they know their shit. So what they're gonna do is they're gonna, right now, right now, because of chat, tbt and everything else, they're gonna read that source code or find a way to exploit it. They're gonna find a way to utilize all this stuff to their advantage, and then they're gonna write something that literally pivots back and forth. And now their hands are clean. You can't find them.
Speaker 1:Good luck, homie. Go after open AI. I'm out and they own your entire system. I guarantee you, with open AI being open AI in the way it is, in the way this code is open sourced, in the way they're able to do things and other companies are open, sourcing their stuff they are legitimately going to sit there and allow it to pivot back and forth. I'm going to type a command to this system. It's gonna go here. It's all through VPN or some other anonymizer.
Speaker 1:It's like yo, I'm out, homie, go ahead. Good luck finding me. They didn't cover me. The commands never came from me. It came from them, the same as piggybacking off of your neighbor's wifi. Guess what? I didn't download that. That was them. You can't blame me.
Speaker 2:The only well, that's true, but the only thing about it is intense Proximity is the difference is proximity between me and chat. Gbt is miles, thousands miles, whereas my neighbor it's like, well, it's probably somebody there, so we're gonna come knocking on everybody's door. So just because you're on someone else's wifi, it doesn't mean you're safe.
Speaker 1:It doesn't, but if you're not paying attention, it does. Yeah, Because you've got to consider if somebody has enabled you to get into their personal wifi, enabled it meaning they're not watching. They literally probably have the default creds. There's nothing else there, then how are they gonna know it was you? Oh, yeah, yeah well and.
Speaker 1:But now, if somebody came after you, or a lot of the people, a lot of the warriors in chat, or me or somebody like that, I'm gonna have logs, I'm gonna have notifications, I'm gonna sit there and literally all of my passwords have been changed to where, unless I gave you a password you're not getting in, which means I'm gonna know everyone on my network and I'm like you're gonna go look at this on me's computer.
Speaker 2:Right, right. Well, they would go look at your neighbor's computer. But the problem is they would know that the MAC address doesn't match Right. So now, rbcom, I need to search your house for your computer. No, but they're not. At the very least you would deal with it, but the neighbor would not get in trouble. So I mean, at the very least, at least they don't get in trouble, but they would have a bit of a some explain to do about the scenario.
Speaker 1:Yeah, yeah, and again it comes down to how much it looked at and you figure I got a house, I got a wife, I got five boys. Yep, there's a lot of people on the fucking internet. Yeah, great, because of the two computers I have, plus the cell phone and a bunch of other shit running through my house. So probably come to me first, because I've got external hard drives and everything else hooked up. I'm like look, bitch, what were you doing? What Shit? What happened? Please explain and I will give you access to whatever you want. We can talk about this. I will let you go, but explain to me what is going on before I start giving you access.
Speaker 1:Exactly so, and again, that just comes down to the fact of I understand, and this is why it is so important, for whether it's me and you and those in cybersecurity that understand AI and malicious intent and wireless security, or whatever the case may be, this is why it's so important to understand these things, because you may not know that somebody is doing something, but if you understand how the concepts work as a very, very baseline level, you can protect yourself. Oh yeah, because I can sit there me personally can sit there, piggyback off your wifi while I'm in the driveway, do-do-do-do-do change my MAC address, change my computer name, change my IP address. I'm literally just stealing your internet and doing whatever the hell I wanna do, and then I'm gonna change my MAC address back, I'm going to rotate it to something else, I'm gonna go do something else, I'm gonna go somewhere else and you'll never know. But guess what? You're the one that got the FBI showing up through your door.
Speaker 1:Yeah yeah, exactly, so it's not hard, it's not a difficult concept.
Speaker 2:No, it's not. There's ways to do it.
Speaker 1:But you have to be able, and this is why I get frustrated with the younger generation well, not my kids, cause I teach them but the newer generations that are like, oh, privacy don't matter, or I don't care about wifi, or I could do whatever I want and all this other stuff. Look, ai is gonna fuck your day up.
Speaker 2:AI hands down is gonna mess your day up.
Speaker 1:It is going to ruin it.
Speaker 2:There is some good. So, when it comes down to it, nowadays, unfortunately, because all companies are trying to grow and innovate with AI, because they're trying to incorporate it in one way or another, oh yeah, look at all your ADR vendors.
Speaker 1:We have AI and ML. No, do you know? You have behavioral analytics. Shut the fuck up, right right.
Speaker 2:But the good thing is, if you can interact or you can program or be able to manipulate AI at a high level, that will make you more valuable. And it will also I mean nowadays, unfortunately, the sad thing about going back to the whole help desk L1's being replaced thing, which honestly, that pissed me off when I heard that. But that being said, with that kind of scenario, you're going to make yourself more valuable by becoming an AI subject matter expert and SME. If you can do that and you are the guy that they go to because they're like, hey, something weird happened. Like you know, if a new guy comes in and something happens and you can help them, then you're way more valuable. Or if you can manipulate it in a way that's advanced, then that will make you more valuable to the company because you're able to use this tool very efficiently, effectively. So definitely my recommendation to anyone getting in I don't think L1's and L2's are going to become obsolete, because during that conversation that we had, when I was having that conversation with the guy is talking about these future plans there were two people in the room.
Speaker 2:You have the engineer and then you had the guy who was trying to headpiece the guy who knows what he wants but he doesn't necessarily know how everything works. Right, yeah, and so the engineer got asked next. So, like the mouthpiece was like yeah, like L1's, your job could be at stake. But the problem with that is there still has to be a human back end, because a client isn't going to hire you if your entire staff is just artificial intelligence, you know, bot set they basically. So the problem is, if a bot spits out, do X, y and Z to recover this active directory account, then a human is going to have to verify the information is actually accurate and apply to that scenario. So we will still be here, it's just there may be fewer of us. I know corporations are trying to become more like. Basically, their idea is trim the fat and like try to become more valuable. And I hate that, like I honestly, because I like.
Speaker 1:Well, I hate that too, but let's be honest, and this is where I'm going to play devil's advocate. Oh, go for it. Go for it, because I've had these arguments A business is in job to make money or in business to make money, yeah, yeah. So if your goal is to make money and you're going to try to make as much of it as possible, because we don't live in a, I'm going to give everything away economy. We live in a. I'm going to make as much money as I can. So do I think people are greedy? Yes, hands down nine times out of 10, they're all fucking greedy. Get bent. You did not build that company. Get out of here. I don't care. Right, right, but it still stands.
Speaker 1:So business people are in business to make money.
Speaker 2:Exactly.
Speaker 1:I can find out to make yourself more value. That dies the job, and I got 10 people that do the job. Now, if I can implement something that lowers that 10 down to three, I'm going to lower that 10 down to three. It sucks. I hate it, I despise it. I think it's greedy, but it's business and so I get stuck on it because I'm in the job of business enablement homie and cybersecurity, that's what we do is enable business, yeah, yeah.
Speaker 2:Yeah, unfortunately, it's like the devil on your shoulder kind of thing.
Speaker 1:Yeah, you know, it's the devil you know and the devil you don't. Yeah, I know humans and how they act. I'd rather have them Right. But I'll save you money, money, what? Ok, cool, let's go with that, yeah.
Speaker 2:Well, and so, going back to L1s, where people entering the industry, my recommendation even if it's something you don't want to touch, get familiar with it.
Speaker 2:Yes, that way, when concepts about a tool that is backed by chat, gpt or some other AI algorithm system is when those questions come up, you can answer it in a, even if you don't really know it in depth, you can answer it in a educated manner, in a way that they'll go OK, this guy can work with the stuff because he at least knows what this is and what it's doing.
Speaker 2:Yep, and so I don't think replacement in the entirety of the workforce is going to be cut out entirely. That's not going to be the case. There's going to be a lot of people who leave one company because that company decided to go and trim some of the fat and then they're going to go to another company who's like no, we want customer service, we want those voices on the phone, we want techs who can verify that this bot is doing its thing. If we have AI incorporated and it will become a facet and more probably I hate to say this, but probably every industry will have one form or fashion well, not a chat bot, but like a mass information processing AI.
Speaker 1:Yeah, and we have one more question here we're going to talk to you.
Speaker 2:Yeah, absolutely.
Speaker 1:So I do have one Well, not actually a question, but a comment and this I feel with my dad. My dad is Gen X, so I feel with him. But not just the younger generation, even Gen X are saying I have nothing to hide and they think it's safe. And this goes back to the privacy issue and the government involvement and AI involvement and things like that.
Speaker 2:Yeah Well, everyone says that. At one point, I think I've taught to my dad I'm like dad, you're the most paranoid person I know and you're saying I have nothing to hide, come search me. I'm like dude, no, it's your right to privacy. That's the thing. It's not a matter of whether or not you have something to hide. You do have something to hide. That's your information, your life. You don't want anyone to be able to access it just because they don't click, click, click.
Speaker 1:Yeah, and that's it and me and my dad my dad is in GRC, my dad works in this industry. I mean him still have these arguments where he's like, oh, the Patriot Act and all this stuff they're trying to do with TikTok and oh yeah, it's all good things and let's let the government monitor everything. I'm like and it blows my mind because my dad is, we're not going to discuss where he lies on the political spectrum, but we're just going to say technically he should be for smaller government.
Speaker 1:And yet everything he is doing is like let the government monitor everything.
Speaker 2:Fuck it, I want my safety and I'm like, oh, homie, yeah, I know, homie, you're killing me Like that does not abide by what you're for.
Speaker 1:I'm confused here Like what's going on.
Speaker 2:When you're in a field, whether it be IT, or you get a cyber, you get those evangelists who are like oh, x, y and Z, apple Rocks, even though Apple might be doing X, y and Z. That's anti-consumer or something.
Speaker 1:Dude, look at everything. And here's the thing For anybody that's going to be like, oh Apple is secure or Google is secure or whatever.
Speaker 2:No motherfuckers, I'm not, I'm not, I'm not, I'm not. And they're all giving it to the government Shut the hell up.
Speaker 1:None of them care about you. They're all for money. They're businesses and they're going to get their money any way they can. Well, I use. Do I use Apple? Fuck yeah, I do. Why? Because for me it works for what I need, Right.
Speaker 2:I would go for Android. I'm not bashing on Apple, I'm just saying use it as an example of maybe evangelists. You know what I mean. Oh, you can go up other sides.
Speaker 1:You look at Google, if you look at those on Android and those on Apple, the fanboys will always be like, oh, my brand can do no wrong and I'm a fanboy, but I'm a healthy fanboy.
Speaker 2:I don't try to bash on people just because I'll be like, hey, be careful, update because of this vulnerability. But I'm not going to say don't do Apple, don't use whatever.
Speaker 1:So, but we're coming over to top of the hour. I got to go get with my brother. He finally came in today.
Speaker 2:So we're going to go talk.
Speaker 1:I want your last bits of information and wisdom for those trying to get into cybersecurity. Please, James, let me know. How can people help themselves?
Speaker 2:My recommendation learn the basics and learn, get a good base. A foundation will get you far and then, from there, find the area that you want to do, whether it be GRC, it'd be malware analysis or whatever. Find a specific niche. Don't say I want to be in cybersecurity. Do that and learn that. And learn it in and out as much as you can and be passionate about it. If you find that passion, you'll do it far. If you don't, then it's going to be a struggle.
Speaker 1:Yeah, definitely. I think that's the big thing, is the passion behind it, and don't be afraid of it.
Speaker 2:Treat it as a tool, because this is not a intelligent life form. This is just a tool that we are giving human influence. So use it to your advantage, for school and everything. Anyway, that's all, definitely not, I don't disagree.
Speaker 1:Everything is a tool to your advantage and, at the end of the day, the passion, the drive is going to take you far. You don't have that if you're chasing money or if you're just looking for a job, it's not going to work out for you, but you're going to be miserable because there's a lot of research, there's a lot of stuff that goes into it that you have to be able to keep up with, and so you're going to make yourself miserable by constantly learning something that you don't give a damn about.
Speaker 2:Yeah, yeah, exactly. And keep in mind we're not going to be replaced. There still has to be a human to give that stamp of approval, to give trust, and that's what the engineer was saying, not the headpiece. So I wanted to say that to give a positive hey, we're not going to. L1s are not going to disappear, but it is going to affect the market and it's going to change roles, if that makes sense, correct?
Speaker 1:So otherwise, look, I love you all. As I say every time I leave any of my videos, you're all my workers, you're all my family. I love every single one of you. Make sure you follow me on all social media. Make sure you look in the description for any time you want to support this show. Follow me on TikTok, follow me on all those things. I love you all. Take care, have a fantastic weekend and I will catch you all next time. See you guys, bye.