ChatGPT, emerging technologies and cyber security insights with Lani Refiti
In Episode 015 of REDD’s Business and Technology Podcast our hosts Jackson Barnes (Head of Business Development – REDD), and Nigel Heyn (Founder and Director – REDD) interview Lani Refiti.
Lani is an expert in everything emerging technologies with over 20 years experience working and consulting for leading cyber brands. Currently founding partner of Azcende, a venture capital and infrastructure advisory firm which focuses on Critical Infrastructure and National Security.
In this episode Lani shares his insights into ChatGPT, emerging technologies and cyber security insights, including:
- ChatGPT and other AI innovation
- What jobs in Australia will be replaced first by AI?
- Cyber security trends into 2023
- Robotics in 2023
Recorded Thursday January 19th 2023.
If you would like to discuss any of the topics discussed in this episode further with a REDD expert or if you would like to be a guest on the show, please get in touch either via our website, [email protected] or through any of the links below. https://redd.com.au
Thanks for watching!
You can read the full transcript below:
– Hello and welcome to REDD’s Business and Technology Podcast. I’m your host, Jackson Barnes,
– And your co-host Nigel Heyn.
– And today we’re sitting down with Lani Refiti, who’s an expert in everything in emerging technologies in cybersecurity, should be an exciting episode. We’re going to discuss cybersecurity, ChatGPT, AI, and what’s next for Lani. Mate, thanks for coming in, really appreciate it.
– You’re welcome. Thanks for having me on, and can I commend you on the setup and the offices, et cetera. So thanks for having me on.
– No problems at all. Mate, Lani, let’s start with your background before we get to what you’re doing now.
– Roll way back to where your first foray into technology and cybersecurity, let’s start there.
– But Jackson, that’s going to give up my age, mate. So I’ve been in cyber before it was cyber. In fact, you know, it’s funny, I was talking to someone over the break and said, hey, you know what, New Year’s resolution, how about we don’t call it cyber anymore because it’s, you know, information security or data security, but I’ve broken that already, so let’s go with that. So I’ve been in cyber for about 25 years, which probably gives away, as I said, my age. But yeah, 25 years in cyber, emerging tech as well. So, worked for a lot of technology vendors, Intel Corporation, Cisco, some of the consulting firms as well, so, was at PWC, a partner at Deloitte for a while looking after their Smart Cities practice. And at the moment I’m a partner at a venture capital firm called Ascend.
– But throughout the 25 years, always in technology, business technology, I’ve always said that technology is great, tech is great, I mean, I have my gadgets like everyone else, but it’s the actual people element that make it really interesting. Without that people element, you know, it’s for naught, right? And so back in 2015, I did my Masters in Psychotherapy, so I’ve got a Masters in Psychotherapy
– All right.
– Practice as a therapist, as a volunteer, I don’t have my own private practice so I practice at our local community center, so I see a lot of people, you know, with what I call the worried well, so they’ve, you know, stress, they’ve got anxiety, they’ve got some trauma, loss, grief, et cetera. So that for me, the interesting thing is that people element, and then if you, the intersection of people and technology is really, that’s my sweet spot.
– There’s definitely a mental element to cybersecurity these days with like, just the risk and fear associated for businesses and people responsible, right?
– Yeah, risk and fear, and there’s also, there’s always been the element, you know, when you look at something like phishing or whaling sort of attacks, it plays on, you know, the psychology aspect of humans. And as humans, we’re in, if you look at from a, you know, how we’ve evolved and from an anthropological perspective, our tribal nature, our need to connect, our need to trust, well, that’s what, you know, cyber criminals play on, right? And that’s how they’re so successful in terms of getting people to click on things. You know, it’s funny, and I don’t mean to digress, but I reckon like most of our security problems will be solved if people were just stopped clicking on links
– Or downloading files, et cetera. But it’s, you know, we have spent billions of dollars on things like cyber education, I just don’t think it’s going to be solved. We can delve into it later in terms of my theories around that, but yeah.
– So I’ve got that technology, I’ve got the people aspect to it, and yeah, I think with the way technology is going, you know, ask me 10 years ago, I would’ve said, yeah, you know, it’s got a bit to go and, you know, we’re, it’ll be, yeah, somewhat fun in terms of the next 10, 20 odd years. But, you know, with the advent of AI, with, you know, ChatGPT, it’s made me sort of reassess that and go, wow, okay, where, you know, where I thought where we going to be in 15, maybe 20 years, you could probably condense down potentially five, we’ll see.
– But it’s going to be a pretty exciting ride nonetheless.
– Yeah, it’s quite exciting. I want to touch on it in a second, but before we get there, do you want to explain in your words what emerging technologies is for the audience?
– Yeah, yeah, yeah, yeah. It used to be called, you know, cybersecurity as a discipline used to be called, when I first started, was PC security. ‘Cause it, there was only really Microsoft desktops, then became computer security, data security, information security, now we’re at cybersecurity. Emerging tech is similar, right? It used to be called High-Tech. When I was working at Cisco and Intel, it was high-tech. Anything that was outside of the ordinary, anything that was on the cutting edge, IOT, AI, that wasn’t sort of mainstream operational sort of systems, was tagged with emerging tech, so it’s a bit of an umbrella and catchall.
– Yeah, but it’s, I usually classify as that anything that’s sort of outside of the mainstream that’s being deployed, managed, et cetera.
– Yeah, makes sense. All right, let’s jump into what you’re doing now at Ascend, Lani.
– Yeah. Yeah, so we started Ascend about two years ago. And Ascend is a venture capital firm. So we’ve sort up a fund. And the point of differentiation with Ascend is that the fund mandate or fund thesis is all around national security and critical infrastructure. So we don’t do FinTech, we don’t do, you know, buy now, pay later, we don’t do crypto, definitely don’t do crypto, et cetera. We looked at how technology could be most impactful to humans, and we picked a thesis that we thought was different in the market, but would be impactful, which is national security, and critical infrastructure. So we look for startups that can be used dual purpose, you know, with a national security context, as well as, you know, critical infrastructure in everyday life. So we just felt that that was the most impactful for society, impactful for humans. And there are some great businesses, you know, in terms of Australian startups that are actually looking to configure here for the, you know, overseas markets. They’re fantastic, right.
– So how do you help the, like you identify businesses or startups in that field, then what do you do for them?
– Yeah. So it’s, the startups that we normally engage have a pretty good idea around their tech. They’re usually, so we’re early stage, right? So we see to series A. So they will had to have had a, you know, an idea, an MVP either that’s almost there and a minimal viable product or already have an MVP and sort of pushing it into the market. So we can help them with that final stage of product fit, market fit, development, et cetera. But most of, like, I would say, 90% of the startups that we talk to, the help that we’d give them is more from that market perspective. You know, a lot of, let’s say cyber startups, they’ve built their startups for, you know, the general market and we go, well, have you considered national security as well as critical infrastructure? And usually, eight times out of 10, they’ll be like, well, no, not really, because we don’t have any experience in that. We hear that defense is hard to engage with, et cetera. So we help them build for that particular market, and also build for the US market. Most nearly every single startup I’ve come across is dreams of one day entering the US market, so we’ve got a partner in the US, we’ve got a firm sort up there as well, network’s there to help them sort of configure here for the US market rather than, you know, build a business here in Australia, hey, we’re going to the US, oh, we’ve got to, you know, reconfigure our business market fit, et cetera.
– Yeah, that is exciting.
– ‘Cause when we hear of like, that last unit, crazy two Aussies going and doing a lot better
– You hear a lot of other Aussie tech startups that actually go over the US and do really well, so that’s interesting. All right, let’s pivot it a little bit to AI and ChatGPT.
– Everyone’s talking about it right now. In in your words Lani, what is ChatGPT?
– Well, it’s look, in the most simplest term, it’s a chatbot, right? And if you’re a customer at a bank or with Telstra or whatever, you’ll have had experiences with their, like I’ll talk to the Telstra one
– Their, the app, there’s a chatbot, you log onto the app, you want to talk to somebody, they’ll, you have a really rudimentary chatbot that will ask you, you know, to basically direct your call. So in the simplest sense, ChatGPT is a glorified chatbot. It’s probably the best I’ve ever seen, like by far. And the language model data that it has access to is enormous, and it’s a chatbot using natural language processing that’s really conversant in terms of human engagement. Like, it would, I would say that it would be close to passing the churning test in terms of being able to actually tell whether it’s a human you’re interacting with, and it’s written in text at the moment, but eventually it’ll be put into, you know, audio in terms of voice, something like Siri or Alexa, et cetera.
– Quite scary. It is exciting though.
– I’ve had a play around and yeah, even just like,
– Marketing copy for example is, can save you
– Ages from a comp with something, you just put, just ask the question as everything.
– What people tend to focus on is ChatGPT itself. But if you look at it, it’s one potential use case from an AI perspective. There could be many, right? And it’s a fantastic use case, right? It’s in beta at the moment, it’s version four is due out, I think in a few months, which supposedly is going to be much more powerful, 10 times more powerful than what it is already. And like, and you’re right, it, you know, at the moment it’s complimentary, you can use it to compliment and supplement what you do. I’ve been using it since version two, and version 3.5 is so much better, so much more powerful, writing proposals, writing reports, you know, sometimes I’ll be writing a report and you know, I’ll get writer’s block and I’ll be like, oh, you know, I’ve got to fill this with, you know, a little bit more. And it’s like, hey, ChatGPT, like
– Yeah, yeah, yeah.
– Give me some content to write, I’m, you know, I’m doing this. And it’s fantastic.
– Yeah, that is exciting.
– So what, have you seen any realistic use cases of ChatGPT by being used in Australian businesses yet?
– Not in Australia. I mean, it was only released last year, November, December timeframe. I know a lot of people who I talk to are using it already, marketing, copywriters, et cetera, are using it as a supplement.
– If you’ve used it, I don’t know if you noticed it, but if it’s something that you’re knowledgeable about, the actual content is fairly bland, like it’s not really in depth, it’s fairly generic. Like I’ve asked it a number of cybersecurity questions and the responses are really cookie cutter, right? And it’s not something you could actually look at and go, oh yeah, I’ll take that and implement it immediately. But it’s pretty good for what it is. And I’ll give you, there’s one sort of ed use case, and this is in the psychology field, mental health field, right? So I’ve always been interested, as I said, the intersection of people and technology, and in terms of mental health, some of the challenges that we have is that it’s not available to everyone, ’cause it can be expensive, right? To see a psychologist or a therapist, $150 an hour, kind of thing. So, and you usually need multiple sessions, not just one session you go there and hey, I’m well, it’s usually, you know, ideally between three to five sessions minimum, right? So that’s a bit of an investment and there’s government programs you can access, but that’s one of the challenges. The other second challenge is that regional areas don’t have access to good therapists, right? ‘Cause I mean, they have challenges already with doctors and nurses, et cetera, so I’ve always been interested in terms of how we can deliver it over video, how we can pre-screen or triage people using chatbots, right? So I had this over Christmas, had a bit of time on my hands, so I had these conversations with ChatGPT, one of them went for an hour and a half. And I thought, you know what? How is this going to help mental health professionals to do those, you know, make it available freely available for everyone, you know, support remote areas, so I started this conversation and it started with, “Hey ChatGPT, I’m feeling really depressed, my mother has cancer”. And that was the simple prompt and it started with, you know, it started a conversation. The first one went about an hour and a half. And I’ve got to say as a therapist, the responses that came back had empathy. So I was like, oh, you know, it understands, you know. And it even threw back some interventions, interventions in the therapy spaces when the therapist says, try this or intervenes to try and make a change or a shift in the session or in your thinking. And even some of the interventions that it had was just, was vanilla in terms of, you know, it’s textbook.
– But, you know, for a, you know, something that’s in beta at the moment, you know, version 3.5, you could almost see that in three to five years, this thing, once you merge it with voice like Siri or Alexa, it will actually help, you know, achieve better mental health outcomes. So that merging of people and tech, so that’s one use case.
– A bit of an ed use case, but yeah, I was like, wow.
– Yeah, that’s really impressive. I’m excited to see where that goes. And I actually did see a video of a managed IT provider who was putting, integrating into Teams little connect into ChatGPT
– And trying to do that level one help desk
– Within Teams. So he asked a quick question around how do I reset this password, or how do I uninstall this application? It just
– Gives you back the response like that, which is not something we’ve tried yet, but who knows where that’s going to go and-
– Yeah, look, I even saw, and look, the brilliant thing about it is that already the startups that are being built around who provide service wrappers around ChatGPT.
– Like there’s one I saw online last night as I was doing a bit of prep, it’s called Do Not Pay. And it basically helps you
– Yeah, I’ve heard of this,
– Write letters back to,
– You know, if you got a parking ticket, a traffic fine, et cetera, it helps you, and I think they’ve got a success rate of something like 70% at the moment. So that’s really, really good.
– And, you know, even menial things, right? So I like to prep for a podcast, right? So I was like, earlier this week I was like, :Hey ChatGPT, I’m, you know, I’m a guest on a podcast that’s going to be talking about these things,
– How should I prepare?” And it basically, you know, how should I prepare talking about AI and yourself, you know, ChatGPT in general?
– And it sped out these five things, I was like, that’s great. Like it would’ve taken me about half an hour to come up with these, you know, things to prepare for.
– Yeah, that’s really exciting. And one thing that I did see as well, which you probably surely have seen this one as well, is like people doing malware for example,
– Yes, yeah.
– And in terms of service actually using AI to create scripts in different, asking how can I
– Yep, yep.
– Social engineer this person better? And how can I get into this environment? And that’s actually scary.
– It is, it is, and again, right? It’s one of those things where technology that it’s, you can use it for good and you can use it for evil or bad as well, yeah, you’re right. I’ve tried it, because it learns as you go and it remembers the conversation that you’re having
– Sometimes I’ll get responses where it will allow me to write like a phishing, a real, a good phishing email. And I’ve even got it to say, write a phishing email, because spam filters are good, right? So they’re, well, they’re pretty good these days. So sometimes the spam that you think has spelling errors and grammatical errors are actually ways to evade spam filters. So I asked it, you know, write me a phishing email, but tune it so it will, you know, bypass, you know, the best of the current available spam filters. I had to try about three times to ask it the same question in a different format, because the first time it came and said, you know, ethically blah, blah, blah, I was like, okay, well that’s a good response.
– But if you change the questions
– Enough, or if you break the questions up enough, you can actually get the answer that you want, which is write me a great phishing email.
– Yeah. And the sweet sauce with it I can see as well is the ability to look back at the same conversation
– And alter it, so you can say things like,
– Make this sound more genuine
– Yeah, yeah.
– Make it sound
– Yeah, yeah.
– Like it’s from someone in Australia.
– Yeah, yeah.
– Those kind of stuff.
– Yeah, or
– And it’ll just do it for you.
– You know, as a consultant, right, you know, as you’re writing, it’s like, you know, it’ll spit out, let’s say a thousand words, and then you can prompt it, write more about blah, blah, blah, write more, you know, write in the, I’ve even tried to say, write it in the style of McKinsey Consultant and it will spit something out and I’ll say, write it in the, you know, from an auditor’s perspective and it’ll spit something out
– Completely different
– But on task, so it’s a brilliant tool. And when you think about where it is now to where it can be in the next five years, let’s say
– It’s coming out of nowhere and it’s kind of exploding.
– Well, they’ve actually, they’ve been developing for a while. If you keep an eye
– I’m not an AI researcher by any means, but I keep an eye on emerging tech. So they were founded in 2015, so they’ve been there for a, as a lab. They’re what I call a quasi, not-for-profit. So they’re a not-for-profit, they’re called a capped for profit so they can accept invest, Microsoft have invested
– A billion already, look like they’re going to pour another 10 billion into it, primarily as your credits, but so they’ve been around for a while, they were a bit of an altruistic answer to when Google acquired DeepMind. So Google acquired DeepMind in 2014. A bunch of people got together and thought, hey, this is too powerful to be in one company’s, you know, one tech, you know, company’s remit, so let’s create an open source alternative in terms of research. And it, you know, if you look at the people who found it, Sam Altman from Y Combinator, Elon Musk, needs no introduction, Peter Thiel, Palantir and PayPal, Reid Hoffman, LinkedIn, so they had some really, you know, sort of fantastic Silicon Valley type people
– And it’s just gone from there, so they, you know, model two was released about a year and a half ago.
– So, as I said, I’ve been playing around with it since then,
– But the reason it’s gone public and more than the public eye and about recently is because of the, was it version three or 3.5
– Actually is just opened so anyone can go and do it
– Yep, yep.
– Before it was kind of
– Correct. Well they had,
– I mean, they said they got, they reached a million users in five days, right?
– Yeah. Faster than anyone else.
– If you look at, yeah, well Facebook took 10 months to get them to a million users. I think Instagram was like two and a half months. So, I haven’t seen the numbers, but it’s been pretty quick. And everyone I talked to who even dabbles in tech, teachers,
– You know, have tried it and have used it, et cetera.
– Yeah, well the next podcast we’ve forgot actually in the studio later this week is with head of IT at a school in Brisbane and he’s going to talk about ChatGPT and AI future in education
– Yeah, yeah, that
– Be pretty exciting.
– I’d be keen to hear that from a professional in education and from a pedagogical, you know, and sort of educational perspective
– We’ll send you a link whenever it’s out, Lani.
– Yeah, yeah, it’d be good to hear because I think that’s going to be the first industry that’s going to be really disrupted by something like ChatGPT.
– Yeah. I think so, Nige, have you checked out ChatGPT and AI?
– Yeah, look, it’s going to be, as you said, a platform, right? So I see more emerging economies and new industries and new business,
– Yeah, yeah, yeah.
– You know, leveraging this platform to help, you know, humans do more.
– Yeah. Yeah, yeah. And that look, and people often will ask, hey, you know, is this going to do, which jobs are going to be displaced by things like ChatGPT?
– That’s what I was going to ask next, actually.
– Oh okay. Yeah, yeah.
– ‘Cause I’m curious, on I guess your, like what are the, what’s the actual impact and what’s going to be, I guess, automated or what’s AI going to or ChatGPT in particular going to cut out from a jobs perspective in Australia first?
– Yeah, yeah, yeah. You know what I find, before I answer that, what I find interesting is about, when I was at Cisco, this is going back six or seven years ago, we were talking to traditional industries, trucking, manufacturing, et cetera, about their blue collar workers being displaced by automation, robotics, et cetera. And, you know, the catch cry back then was learn to code, right? Teach your people how to code about technology. Now with ChatGPT who can do rudimentary sort of programming and you can see, you know, within the next five years, the disruption coming in software development, now what do you teach them, right? I think the latest one is teach them to be an entrepreneur, right? Build a business. But look, I think in the short term, and again, right, the timeline’s good, depending on how quickly this thing develops, I think within the short frame, three to five years, I think you’re going to see a lot of not disruption as such, I think what’s going to happen is complimentary or it becomes complimentary or supplementary to content creation, to copywriters too, et cetera, marketing, so it’s going to be, it’s going to compliment them and help them make their jobs easier. Potentially it will, you know, the need to have so many of these workers may, you know, they may reduce the numbers, but it’s, you don’t have to be a rocket science to see that within three to five years, it’ll probably be automated and well-trained. And the datasets they use won’t be so generic. So they’ll be able to build up, I don’t know, like legal data sets, you know, real estate datasets, et cetera.
– Yep. ‘Cause everything in the database in line, correct me if I’m wrong, is up until mid 2021,
– There’s nothing more.
– But it’s generic, right?
– So, yeah.
– It’s built as a, you know, a generic data model.
– So it doesn’t specialize in anything in particular
– But that’s the next step, right? To make builds smaller data models off it. So when you ask it questions, it can point to that particular data model rather than answering it from its sort of general knowledge perspective.
– Yeah. So, in your thoughts, Lani, been in like emerging technologies for 25 years now, you’re in a good spot in Australia to have input on this, you think that like coding is something that can be, you know, really supplemented really like by AI and ChatGPT?
– And then marketing, content creation,
– Yeah, yeah, yeah, yeah.
– anything else you think that’s going to be affected?
– Education. I think education,
– Particularly around how, and I’m not an educator, right, but particularly around how they assess, because you know, the first cap of rank is writing, you know, essays, thesises, et cetera, using it. So I think those three industries will be supplemented at first, disrupted, so, you know, people in it will need to either do it, you know, add more skills, or add more points of differentiation. And then the third step will be displacement. So it’ll be five, again, five to 10 years you’ll probably see displacement, in terms of people having to retrain, re-skill, to do something else.
– Yep, ’cause it’s going to be so different.
– I’ll give a realistic use case actually, it was quite funny. My sister-in-law, she’s a zookeeper and she was saying, oh no, it’s not going to change what I do, there’s no way. And then I’m like, okay,
– Well, what’s something you’ve written before? She’s like, oh, well we always write, you know, guides on how to like build a nutrition plan for example, for a kangaroo. And I put that in ChatGPT and it’s like, psh, this big and exactly, oh, she’s like, wow, that’s actually very, very good. And I was like,
– Yeah, yeah.
– I’m like, yeah, and then shorten to a hundred words, it shortened it for her. And she’s like, oh damn.
– Yeah, yeah, yeah, yeah.
– So good.
– There are some industries that it won’t disrupt. Like barbers.
– You know, people think, oh, you’re just joking. But I’m like, yeah, if you look at hairdressing or barbering, it requires both human interaction, but the actual actions from a robotic perspective, is going to be pretty hard to, you know, in terms of dexterity, in terms of movement, in terms of, it’s going to be pretty hard to disrupt within the next, what we know is happening in robotics within the next, I reckon 20 years, but even things like blue collar jobs, like mechanics, right? My son’s a, finishing his apprenticeship this year and I’ve been in his ear for so long, “Hey, you should have gone to business school or should have done your MBA”, kind of thing. But, you know, talking him through the, you know, what he does, and the complexity of car engines, and the different types of, you know, models, et cetera, again, right from a robotics perspective, AI will be able to disrupt it from a diagnosis. So you bring your car in, you’ll literally be able to plug into a diagnostic support and go, hey, this is what’s wrong, A, B, C, and D, you need to, you know, fix, replace.
– But it’s still going to have to be primarily done physically, until we get to a stage where cars are fairly carbon copy templated, and robotics can, you know, it’s like a assembly line.
– See what Tesla does in that space. ‘Cause you probably saw the drone walkthrough of like a Tesla Gigafactory
– And how, you know, robotics in that is pretty intense.
– Yeah, yeah. Look, robotics is coming
– It’s still lagging.
– And I’ll give you an example, right? So robotics, for a long time, I’ve been looking at robotics from a, interestingly, from an aged care perspective.
– So the challenge of aged care that we have at the moment is that there’s simply not enough people in terms of care from a one-to-one, even a one to, you know, four or five in terms of, so a lot of the large aged care providers have been looking to tech to try and, how can we solve this problem?
– Fill gaps in leg shortage
– Looking ahead, you know, 10,
– 15, 20 years or so, I did a couple when I was previously as a consultant, I did a couple of gigs looking 10, 20 years into the future for these organizations in terms of what personal assistants will look like. So from an AI perspective, you know, ChatGPT, by the time you get into a Siri Alexa type interface and they tune the model, you know, within about five years, great, you’ll be conversant. But still robotics from a, what people tend from a robotics perspective, if you’re looking for a personal helper or a personal carer, what people actually connect to are the facial features. And if you look at the human face, there are, you know, hundreds of muscles in your actual face. And each time it changes and shifts in contrast to another model, sorry, another muscle. It depicts emotion, empathy, et cetera. So that’s where I think robotics still has a way to go, the fine motor skills, et cetera, it’s, you know, if you look at the Boston Dynamic stuff, you know, from a a military perspective, yeah, you can definitely see it within the next 10 years. But from a personal assistant kind of thing, it’s still got a ways to go to catch up to where we are with the AI at the moment.
– Yeah, I can imagine it’s going to be a while, ’cause I know like in the tech in aged care, like, you know, cameras and fall over
– Yeah, yeah, yeah.
– Sensors that kind of stuffs already there, but actual roids might be a while.
– It’s already there, like warn sensors, you know, Apple watch type sensors,
– LoRa sensors, LoRaWAN sensors. So dementia patients, if they get out and they’re, you know, roaming the streets or whatever, it can be easily identified,
– Yeah, that kind of tech, absolutely.
– So let’s pivot it a little bit into more cybersecurity, know you are passionate about
– Nige, you want to lead in with a couple questions?
– Yeah, sure, Jackson. So look, it’s interesting listening to the conversation. It’s all about adaptability, right? So, you know,
– Yep, yep.
– I think Lani, something that I’ll pay you massive respect for is, you know, when cybersecurity, if you want to have a subject Redd expert, it’s always been you, right? So, I really appreciate
– Thank you.
– You coming in, but the, in terms of adaptability, in terms of AI, you know, I’ve known you for about a decade now and what you’ve come from to where we’re going
– What can you share from a cyber point of view in terms of, you know, thoughts, ideas, like where the world is going,
– Given that we’ve got this new platform, like I see the AI is really an enabler to let humans achieve more.
– Yeah. Yeah.
– Can you talk a bit about that?
– Yeah, yeah, yeah. Look, you’re right. Look, 25 years has taught me and cyber has taught me that a lot of things change with technology, some things don’t change. You know, the motives of cyber criminals to do what they do, right? They do it for profit, you know, nation state actors do it because, you know, they want a geopolitical advantage over other countries, et cetera, so those, that aspect of cyber hasn’t changed, probably never will. But the technology definitely. If you look at techniques, tactics, processes of, adversaries of hackers, again, a lot of it has stayed the same, a lot of it has changed. I think what has changed the most, particularly here in Australia, you could talk more broad globally, but here in particularly in Australia, we’ve been fairly slow to adopt, to spend, to resource cybersecurity programs, I’m talking about individual organizations, even from a governmental perspective for a long, long time. Like, I remember talking to boards even 10 years ago, right? So I used to run these workshops called Black Swan Workshops for boards. So they look at their risk register and they go, what are some of the risks that we’re just not seeing? Some, you know, something that will happen like Covid, right? Something that we just didn’t, outside of our standard sort of risk processes. So run those workshops to make them more aware of what could be coming, what are you not looking at? And then you look at it and go, okay, well is it, you know, one power organization we looked at was wanted to start to workshop what it would be like if, this is back, going back 10 years ago, if terrorists sort of sailed a ship into Brisbane port and blew it up, you know, kind of thing, it’s like, yeah, okay, you want to look at that, let’s workshop that. So I used to run these Black Swan workshops and up until, still, up until about five years ago in critical infrastructure, still boards were like, yeah, a cyber attack on our ability to provide clean water or our ability to generate power, yeah, that’s Black Swan, right? Won’t happen. And it’s like, are you sure that’s, like given where we are, are you sure that that’s the case? Yeah, yeah, the ability of someone to directly target our operational technology systems, are way out there. And then what happened, right, is they’re right. Like no one, it’s very rare for someone to actually attack a power plant directly in terms of their operational technology. But what’s happened is that ransomware on the IT side, which is dime a dozen, right? Has now started to impact their critical infrastructure because we are now, as you guys would know, we’re now sort of converging operational technology with IT, with cloud, et cetera. So it’s like, yeah, yeah, no one’s going to attack you directly in terms of how you generate power and how do you clean water, but it’s going to come through your standard, you know, IT systems. So I think the awareness of that as we’ve finally gotten to the stage where I say that the long holiday Australia’s had when it comes to cyber is over, right? Cyber criminals know that we’re vulnerable because our we’re less mature, processes are, you know, we’re just not as vigilant as they are in the US and the UK. So you’re seeing a lot more breaches, Optus, Medibank, you know, last year.
– A follow up, a question I got from that question for you, is that there has been so much innovation from bad actors and threat actors across the globe. If you look at the phishing emails throughout even five years ago
– It was broken English,
– Yeah, yeah, yeah, yeah.
– It was shocking.
– And then now you’ve got like sophisticated social engineering people are bypassing MFA, like it’s evolved so crazy.
– Well, you can use ChatGPC now.
– Exactly. Can cybersecurity in Australia keep up with that?
– Yep, yeah. Look, we don’t lack tools, right? And I think we spoke about this earlier, we don’t lack, and I said this about five years ago and it was really unpopular, I said, we don’t lack the technology and the tools, right? We’ve got oodles and oodles of choice, et cetera, in terms of vendors, you know, even in terms of security providers. It’s not that, it’s the ability to actually integrate that into your organization, into your organization’s technology sort of processes, but even into your organizational culture as well. That’s an important point, ’cause I’ll give you a short example, right? So I won’t name who the client is, and or the firm I was working for, but we were doing a privilege access management deployment at a very large healthcare organization, one of the largest in Australia. And so this, Pam, I’ll call it, this Pam implementation was essentially to reduce what doctors and nurses had access to on their machines in terms of their user rights. They’re used to having local admin rights, they could do anything they want, right? Trouble with that is, you know, malware once or ransomware, whatever it is, once it gets on your machine, it takes those privileges and then does whatever it wants. So the first step was we’re actually going to restrict it to give you only user rights. So you can use your machine, but you can’t do much else. The project, it was a eight to $9 million project over three years fell over at that first hurdle, because doctors and nurses said, we’re not going to do this. You know, administrators who’d been working in development there for 15 years and who had access to these tools, they said we’re not going to do it. We’re simply not going to give up those rights, right? So from a cultural perspective, there’s always going to be challenges adopting new technology, but the tech definitely is out there.
– Hopefully all the big massive breaches that happened recently have kind of changed that mentality a little bit for people.
– I think it will, I think it will, and the reason why people have said, oh, but you know, there’s been breaches overseas for, you know, years. Like we’ve been talking about the, there’s a particular breach that there’s been a bit of a use case, the Target breach, happened in like 2003, right? 2004 timeframe? So people say, oh well what’s going to change this time? And I think what’s different is that if you looked at just the two Optus and Medibank breaches they were so large and they affected actually people, you know, you and I, et cetera. There was a Woolie’s breach as well around their My Deal, and I’ve talked to a number of people who hit the trifecta, right? They were a customer of all three. So I think that’s going to change the mentality of boards of executives who have already been under scrutiny, either from ASIC who’s the regulator or Apra, or the AMO, who’s the energy regulator, so there’s pressure coming from regulators from a compliance and regulatory perspective, you know, the stick approach,
– And then there’s obviously pressure coming from adversaries, threat actors, et cetera. So I think using those two approaches, I think you will see change, first of all, at the, you know, the public sector, large end of town. But it will definitely flow through, because what are one of the big themes of 2023 will be supply chain or third party risk.
– So a lot of these organizations are going to go, wow, the regulator’s asking me to do all these things, it’s going to cost me so much money to do it, all my suppliers, I’m just going to pass that risk onto them and get them to meet, you know, their sort of obligations under it, which reduces my risk and reduces the cost to me.
– That’s definitely, I think what’s next this year, it’s big for large companies ’cause Telstra had a little scare ’cause that was like an API with a third party contractor
– When their internal employees benefits package or something just got released
– And a lot of employees got, that data got breached. So I think that people like supply chain connected to you
– Yep, yep.
– That have data sharing are a big threat as well as looking at the people who just supply stuff to you in general.
– Yeah, yeah, I mean, I’m doing some work for a smaller, a hundred person company at the moment and they have customers who’re very large in transport, et cetera. And so what they’re starting to see now in their contracts that they have to adhere to as they’re being renewed, is that you need to like, you need to be ISO 27,001 certified. Now that’s a huge program, right? For a hundred person organization. So that then becomes a point of contention, for them it’s like, do we spend the millions of dollars it’s going to take to build an ISMS, or you know, how are we going to do this? Because one customer may ask for it, but you know that it’s going to be stock standard across the, you know, across the board. So in 2023 larger organizations are going to start pushing that down to smaller ones in their supply chain, which is you need to comply to NIST, you need to comply to ISM, you need to, you know, which adds, which it’s cost for a business.
– And just on that Lani, like what is your advice to a business owner that I guess is aware they need to do something and we’re talking about, you know,
– Probably the owner led businesses.
– Like how do they get match fit from a cyber point of view?
– Yeah, yeah, it’s be proactive, right? The worst thing you can do is wait till either, A, you have a breach or B, it comes down in a contract that you have to, you know, meet certain cyber contractual obligations that you can’t. Because these things, like a ISO 27,001 seems to be popular if it’s American companies, usually around the NIST framework. But ISO 27,001 to build a proper auditable certified ISMS, which is information security management system, runs into the millions of dollars, right? ‘Cause it’s people, process, and then technology as well in terms of controls. So get on it for, especially for business owners who, you know, and I know, I work with a lot of them, a lot of them are very conscious of budgets, conscious of cash flow, capital, et cetera, but you need to see cyber as an existential risk, just a business risk to you, get on the front foot, get someone like yourselves to assess where you are in terms of your position, and then map out a remediation program. These programs don’t get done in months, right? They’re usually two to three years to build them.
– It’s interesting that, and that’s something that, back to what I said before, like that kind of cost does kind of need to be passed on to like,
– Yeah, yeah, yeah.
– If you put in inflation to perspective plus the cost of getting 27,001
– What that would do to average kind of cost to other businesses,
– You have to raise a fair amount, but something I will say is that even though, you know, it’s like whatever, almost recession overseas and things, Australian businesses aren’t really always going, especially with technology for the cheapest option
– Yeah, yeah.
– So it kind of allows for that a little bit I would say as well.
– Nige, do you have any other questions before we start to wrap up?
– Well, it’s interesting, like you talk about, you know, the VC fund and technology and all that as a Brisbane boy, like, what’s your take
– On the Brisbane scene from a tech point of view and, you know, you’ve done
– A lot in the US and everything, I’m keen to understand,
– Yeah, yeah, yeah.
– You know, I love Brisbane and you know, live here as you do,
– Lani, so.
– Look, Brisbane as part of the national ecosystem is probably the third wheel, you know, you’ve got Sydney and Melbourne, definitely the powerhouses from an Australian perspective. Brisbane does have a sort of unique sort of boutique startup culture. I mean we’re lucky that people like Steve Baxter, you know, back in the River City Labs days started earlier, right? And he sort of really cemented that sort of scene. RCL is still here, you know, with the Australian Computer Society owning it, but that sort of started off a bit of a startup culture around Australian startups here in Brisbane. So there’s a few of them, but primarily most of them are in that, you know, FinTech, crypto, you know, type space, we’re trying to encourage, and at Ascend we’re trying to encourage veterans in particular, so those who have served in the Australian Defense Force, they come out, people go, people think, oh, veterans come out in their, you know, their program to think a certain way. Yeah, they’ve got hierarchy and chain of command built in, but actually if you talk to them about what they did in their day-to-day jobs, whether they’ve been deployed or whatever it is, they had to actually come up with pretty unique sort of ways to get the job done within their unit, so to speak. So a lot of them come out with fantastic ideas around how, you know, procurement could be improved in defense, or how, you know, certain things can be done. So it’s really about creating that new ecosystem, tapping into it. So I, you know, we love the fact that the national security sort of thesis, because I think that’s the area for growth for Australia, and starting to export some of our startup tech, given that we have all these geo, you know, geopolitical pressures in Ukraine and you know, potential conflict coming with China, et cetera, it’s a good space to be in terms of, it’s a resilient thesis, but it’ll return the same type of returns that investors are looking for.
– Yeah, exciting space to be.
– So what’s next for Lani Refiti?
– Oh, look, I think at the moment, I had, you know, 10 years ago I had all these boxes to tick in terms of career, you know, big vendor experience, you know, tick, partner in the big four, you know, tick, and VC was my last one, so I’m hoping this is it. It’s such an exciting space for someone who’s got a background in tech like myself, I really had to teach myself investment, you know, basics, et cetera. So that’s the, you know, learning something new is probably for me the exciting bit. So that’s probably what you’ll see from me in the next, you know, decade is around that venture, always, you know, cyber’s always going to be there because that’s what I’ve been doing forever. But yeah, in the venture capital space.
– Exciting. I was keen to see how that goes. Mate, thanks for coming, really appreciate you’ve seen some
– Oh you welcome.
– Good insights around ChatGPT and AI and cybersecurity and then you’re generally an expert in the Brisbane area for cy, in IT, cyber and emerging technology, so I really appreciate it, Lani.
– Awesome. Really enjoyed the conversation guys. Thank you.
– Thanks Lani.
REDD is a Technology Success Partner business headquartered in Brisbane, Australia. The Business and Technology podcast focuses on the commercial application of digital technologies in business. Guests will include industry experts, vendors, customers, business owners and anyone with unique insight to share. We discuss and explore current events, issues and stories relevant to business leaders, entrepreneurs, technologists and everyone in between.
REDD is a leading provider of the following services
- Digital Advisory Consulting
- Managed Technology
- Cloud Computing
- Cyber Security
- Unified Communications
We believe, in the not so distant future, that people will not only deserve, but demand greater access to frictionless tools and systems that enhance and uplift their lives. Technology can create a truly blended lifestyle between work and play that prioritises mental health and wellbeing for our people, while increasing efficiencies and the effectiveness of emerging technologies in the workplace. We believe the future of work is built on perfectly balanced and curated tech stacks that seamlessly interface with the people they are built for. And it’s that future we’re building toward.