Navigating Cybersecurity in the Age of AI and Quantum Threats with Anthony C.

Episode Overview

Anthony C. serves as the Chief Technology Officer and Vice President of Engineering at Protegrity, a leader in the cybersecurity space that focuses on protecting sensitive data in cloud, hybrid, and on-premises environments. With over two decades of experience, Anthony has become a prominent figure in the tech industry, particularly in cybersecurity, thanks to his deep understanding of evolving threats and data protection strategies. His journey into technology began at the age of 12 when he repaired a broken computer, igniting a passion that would drive his career. After years of exploration and self-learning, he transitioned into the corporate world, where he quickly made his mark by taking on increasingly complex roles.

Before joining Protegrity, Anthony spent 22 years at Citi, one of the world’s largest financial institutions. His tenure there allowed him to gain invaluable experience in a wide range of areas, including infrastructure, security, and business intelligence. Starting at Citi when it was still Salomon Brothers, he played a critical role in various transformation efforts, from managing cybersecurity risks to developing advanced technological solutions. Anthony also led significant efforts in automating processes and building resilient infrastructure to support the company’s operations. His work has consistently been at the intersection of innovation and security, helping Citi navigate the complex world of data protection.

Episode Transcript

Kevin Rosenquist: Hey there, welcome to Pay Pod, where we bring you conversations with the trailblazers shaping the future of payments and fintech. My name is Kevin Rosenquist and thanks for listening. Anthony C. has been a techie since he was 12, when he figured out how to fix a broken computer that was lying around the house. He spent 22 years with the city in various roles, and now he’s the CTO and VP of engineering for Protegrity, a cybersecurity company that focuses on protecting sensitive data across various environments, including on premises, cloud and hybrid setups. He has incredible insight into the most prominent threats, what fintech companies can do to mitigate them, and how to think about compliance along the way. It’s all about doing the right thing. Please welcome Anthony C.. Was there a moment in your younger life that you remember as being the point when you became just enamored with technology?

Anthony C.: Yes, very early I was actually in high school, and the company that my mother worked for went out of business, and she brought home some busted computers like, , old MS-DOS, you know, 3.5in floppy. And they didn’t work. But it was very intriguing to me. So I started to take one apart, got some replacement parts, placed some of it, learned about, you know, operating systems and boot up processes and, and got it running and kind of did my first Hello world on it. And um, that was my initial into it. And then I would say I probably took a break from it until, you know, fast forward ten years from there and then I went back to it.

Kevin Rosenquist: And how old were you when you first got started working on those computers?

Anthony C.: I mean, I must have been 12.

Kevin Rosenquist: That’s pretty impressive.

Anthony C.: , but then, then it took probably ten years for me to really, you know, do something with that. But, .

Kevin Rosenquist: That’s funny. You might appreciate this. I recently interviewed somebody who we were talking about on old school computers, and I brought up how my first one was a Commodore 64. And he reached up. He reached behind. He’s like, wait, so you see this? And he reaches behind him. And he had just bought one, like he found a working Commodore 64 that he wanted to, like, mess with for nostalgia. And , and it worked. It was pretty wild to see it, like, just to see that box. It was pretty funny.

Anthony C.: I think spy versus spy might have been my favorite color. I think that was the Commodore 64.

Kevin Rosenquist: I never I don’t think I had that, I know we had Frogger. We had this wild game called Forbidden Forest that was on like the five inch floppy or whatever. And it was very there was a lot of blood in it. I remember, you know, like getting attacked by spiders and stuff. And it was like, I mean, I was so young back then. I was like.

Anthony C.: What was the, , Intellivision, ColecoVision, ColecoVision.

Kevin Rosenquist: I remember that one pitfall.  my gosh, I think I had that for, , I think we had a pitfall for Commodore two, the cartridge that went in the back.

Anthony C.: Yeah

Kevin Rosenquist: Fun, fun stuff. Crazy how much things have changed, h?

Anthony C.: It is absolutely crazy how much things have changed. Absolutely. In fact, actually going back to probably in the middle of that ten year sort of hiatus from computers, there was a moment where I got my first dial up modem and it had. So the internet had just gone from sort of like, I think you could go on to like a government or NASA’s to get weather and maybe like a picture of, of whatever, you know observatory they had and it you could now get like localized weather and you know, it’s like one other piece of information. And I remember going, coming home from school and going through the whole dial up process, looking at it and going like a weather report. And I can talk to people, you know, through this sort of chat window. So yeah. So that was probably another second point where I kind of got into the whole computer scene.

Kevin Rosenquist: So I was just talking with my brother recently because we had a band back in the day, and I did our website on GeoCities. Remember GeoCities?

Anthony C.:  yeah.

Kevin Rosenquist: Our younger listeners are like, what are these old people talking about?

Anthony C.: Yeah.

Kevin Rosenquist: So you spent almost 22 years with the city in various roles, focusing on infrastructure and security, before becoming CTO and VP of engineering for, , for project Protegrity. 22 years is a damn long time. What? What enticed you about what they were doing at Protegrity to make the jump?

Anthony C.: So I had before I came. So it wasn’t always a city. Obviously I started with Salomon Brothers as an investment bank. Um, so on the investment banking side, and this was right around the kind of just post Y2K and right around the like.com sort of. I was working for a small regional bank, , while I was going to school, and I had started help desk there and kind of worked my way through, and I was doing some R&D stuff and, and running technology with them. And so I ended up saying, you know what? I want to get into kind of this, this whole investment banking.com scene. And, , I met with actually, , Paul Pereira , who’s CTO over at US Bank now. He was, , who hired me there and everything, he said. Just, you know, it was like, yeah, we’re, you know, we’re running, you know, we’re supporting some trading floors. We got to do some, you know, this kind of like quant support and, you know, everything is 24 over seven and everything, you know, and it was like this whole world of just like, wow, I want to I want to be a part of this. And so that got me in kind of did you know what I would call systems integration stuff. So, so taking like engineering work and, and before DevOps was a thing kind of automating it into prod and operation. And then that led me into, , tech infrastructure. So, you know, I actually got really deep and involved into Active Directory.

Anthony C.: So supporting all of that infrastructure, different PKI, DNS, web server farms back then were like the big infrastructure component. And that, you know, kind of started the, the path. Um, the interesting thing about city and why? You know, when I hear the 22 years, it’s like it doesn’t feel like 22 is the company changed so much over time. So it was like, you know, starting in Salomon, then Salomon Smith. Barney was actually right at the time when Solomon and Smith Barney were merging, and then Citicorp became Citigroup, you know, then divestitures and became Citi. And so the, the, the environment that you’re in changes with time. It was never static. And the role clearly in a company like that, you have so much opportunity to change your role. And so I went from sort of an integration to to infrastructure support. Then I completely changed what I was doing and I did business intelligence for the CTO. And then I did it even more while Jonathan went into cybersecurity and was doing operating system host OS cyber for the bank and then eventually data cyber Cybersecurity for them as well. And so I think just the fact that it affords you so much different paths, it’s changing so rapidly. And so you don’t feel like you’re necessarily in the same company doing the same job 22 years. It feels like I’ve been in six different, seven different companies and held.

Kevin Rosenquist: Does the rise of AI and advancements in technology in general make? Does it make data protection harder or easier or sort of a mix?

Anthony C.: I think what we were doing, like a go to market thing, was one of the themes that kept coming up and as I was sort of educating some AI and the history of AI, it kept coming to me. So the phrase, you know, sort of more money, more problems, right. So is that P.

Kevin Rosenquist: Diddy or I can’t.

Anthony C.: Remember. I don’t know, but it’s relevant to AI and data security. And really cybersecurity in the fact of it’s like more attack surfaces, more this, more that, more everything. Yeah. And the more everything that we have, it can help in some ways. But it also creates a much wider attack surface and a lot more areas that you have to cover. Right. Which, you know, back to your point of the changing role and environment, like being in the field. There’s so many new areas that come up. It doesn’t sit still. And so you always have the opportunity to learn new things and apply what you know to new things. But harder or easier I’d say 5050. I don’t know that, you know, it’s like there’s a balance and sometimes you’ll go out of balance one or the other way. Right. So maybe AI is leaning a little bit to make it a little harder, but there’s tools in there that are going to help make it a little easier. And so you sort of just constantly in this balance of what you always hope is you never lose that balance. Certainly on the on the bad side.

Kevin Rosenquist: Yeah, yeah, yeah.

Anthony C.: Well you meant.

Kevin Rosenquist: You mentioned that that’s constantly changing. You’re always learning something new. So I imagine it’s kind of like it’s a fun industry because you’re always getting new challenges. But it’s also likely to be somewhat of a frustrating industry because you’re constantly trying to prevent new issues from taking people down.

Anthony C.: It’s interesting that I never really experienced frustration in a lack of impact in that way. I guess when you go into it, or at least for myself, you have that understanding. I mean, there is no 100%, there is no cover at all. You can have frustration in many different areas for whatever reason. I don’t know if it’s unique to me or not, but I did not experience a tremendous frustration in the respect of, like us. You know, we just covered this and now we can’t cover that, you know, or or something like that. I probably sit a little bit in a unique position when you work for a very large enterprise, highly regulated, very high security company. They have a pretty robust budget to make sure that the right things are covered. You’re not.

Kevin Rosenquist: Piecing things together.

Anthony C.: With one of them. Actually, one of the roles I had within the bank was representing our cybersecurity organization for our research capabilities, as well as some of our ventures. And that was a really interesting aspect, what I was doing in terms of being involved in new things and learning new things, and that’s actually how I was introduced originally to AI. This was right around the time where sort of deep learning kind of just just was coming out on the scene like deep neural network. You know, back when Nvidia was like a little GPU graphics gaming. Yeah.

Kevin Rosenquist: You know, for years I was just going to say it was for gaming PCs. Yeah, yeah.

Anthony C.: Gaming PCs. And I had a gaming GPU in my day and I. And I’ll never forget trying to look at Cuda, you know, and be like, alright, how am I going to do this? And understanding the impact that that was going to have on cyber, you know, the security of. So from a, from a banking perspective, as the businesses were going to adopt, you know, what kind of security was going to be latent within that adoption? How could cyber use it to its advantage to improve our own, you know, keep that balance and the story played out, you know, whether it was neural networks, deep neural networks, reinforcement learning to, you know, generative AI, it’s generally a pretty common underlying foundation and theme applied in different settings with different capabilities and different levels of balance.

Kevin Rosenquist: Um, I’ve read about the shortage of highly skilled workers in cybersecurity.

Anthony C.: Security.

Kevin Rosenquist: Another guest I spoke with who was involved with data security was suggesting that, you know, cyber isn’t as sexy as working for an AI startup. You know, doing some crazy thing and the like. Do you agree with that? And maybe that’s why there’s a shortage?

Anthony C.: I do. It’s definitely not as it’s definitely not as sexy as being sort of the software AI engineer. And it doesn’t probably pay as well as being.

Kevin Rosenquist: Well depending on the startup, I suppose, depending.

Anthony C.: On the startup. Yeah. You know, go back to that. Nvidia. You know, you’ve been there 15 years ago. Yeah.

Kevin Rosenquist: That would have been a nice place to be.

Anthony C.: But you know there’s whether it’s you know so so within cyber obviously I mean there’s been such an expansion and need that has taken place that I think, you know, you have that misbalance I do see a lot of interest in the field. I see a lot more interest in the field. I mean, I only makes it more interesting. There’s a certain mentality in a certain person, I think that that it draws to. And so the opportunity to do what you’re passionate for in the context of cutting edge technologies like AI, I think is definitely a draw that will keep more young workers coming into the field. I don’t know, you know, everything has to reach balance. And so I think at some point we do reach an equilibrium and a balance there. How far out that is, I’m not sure. But for sure there’s definitely a you could feel, you know, when you go out to do hire, you know, and try to hire in a specific field, especially if you get into very specific cybersecurity functions. I think at the early stages where you don’t have to be so specific in the career, it’s easier. But when you get highly specialized, it gets much more difficult. And depending on how many years of experience you’re looking for. You know, if you think about ten years ago, I mean, just alone for when I started in cybersecurity, like, I’m not even sure it was called cybersecurity event. And, you know, it was like this thing that was forming that became cybersecurity. And so there isn’t a large coat of people with very experienced deep skill sets. Yet in the there. I mean, that’s going to change, right? So you had a whole swell, let’s say, come in, you know, in the last seven, eight years and they’re gaining sort of those individualized skills and those years of experience. But there was a gap. And I think that’s what we feel now.

Kevin Rosenquist: Yeah, that makes sense. And I think too, like, you know, as young people, you know, with technology or computer interests, you know, start thinking about, okay, what do I want to do with this? I mean, there’s also like there’s this there’s a level of security in the cybersecurity, you know, as opposed to like taking a chance on those startups. And sure, those startups are fun. And if you have the ability to work for, , you know, work for stock, then good for you, you know? But, I mean, not everybody does. And, you know, I mean, I imagine you can probably make a pretty good living in cyber security if, , if you’re willing to, , to put the effort in.

Anthony C.: And so certainly when I was going to school, like, there was no such thing as a cyber security program. , yeah. You couldn’t get a degree like it wasn’t even, you know, the best thing you could do was like, just, you know, computer science was like the best thing you could get, and you could try to manipulate, apply that to cyber. And so I think that’s where you know, especially so then even when I made the switch to data security, there wasn’t even a team or a function or anything called data security, right? It was like, hey, we you know, we’ve got this function, it’s sort of distributed within our entire data environment. And like what we think we need to pull it into security. And, you know, are you interested. And so it was you know, everything is sort of forming one of the key decision points with which why I went into cybersecurity was exactly what you said, which is I definitely see a future of forever. Longevity forever. Yeah, yeah, yeah. I mean, we will always need to maintain that balance, right? And so there’s always a job there to do. So I think that is very appealing when you look at, you know, what do I want to do and how do I want to apply this.

Kevin Rosenquist: Yeah. Depending on the focus of the young person. You know, I certainly wasn’t thinking that way when I was that age. But I think young people today seem to have more level headed than I was.

Anthony C.: Well, and now they’re getting, you know, programs that are specific to cybersecurity, getting classroom and instructor-led and certainly even on the internet and widely available. So what do you.

Kevin Rosenquist: Think is the most prominent threat today? Is it? Is it ransomware? Is it insider threats? Mr.. Robot style anarchists like what is your what’s the biggest threat that you see.

Anthony C.: By far is and so it’s interesting because to me insider threat means you have an actual malicious insider right. So they have intent and they have capability. I think the hardest thing to cover is the Non-malicious insider. That has been sort of whether it was through a phishing or what have you, that has been duped. And so trying to cover like your trusted in a company, that is the hardest thing to do, to try to differentiate between someone and something that is trusted. And that is normal behavior for someone and something that’s been compromised, but still experiencing or exhibiting normal behavior, that is a significant difficulty. And then that leads to, , like ransomware, because that gives you the path now to to be able to blackmail and ransom company. Certainly that has pretty high value immediate dollar return to it. And so if I have that path to take, I’ll take it. It’s funny, it used to be zero Day was like, you know, we were far less concerned with the insider being compromised and then doing something and far more concerned with sort of just this external facing, kind of patching and zero day vulnerability mentality. And I think because technology has just gone everywhere, you know, and bring your own devices and all of the different ways that we connect and remote connect, it’s really become more about the compromise of a trusted individual and then trying to differentiate whether or not what they’re doing is, is normal behavior from a trusted individual or behavior from a compromised. What would have been trusted individual?

Kevin Rosenquist: Are you saying it’s like negligence or or clicking on a link they shouldn’t click on when they didn’t mean to? Is that kind of what you mean by the non-threatening or the or the or someone being compromised or am I? Yeah. Yeah.

Anthony C.: Okay. Yeah. That’s it. And it’s interesting. I it’s like it’s such a blurry line between is it negligence or not? Yeah. You know, some of this is getting and you talk about I, you know, changing a little bit of the balance and making things harder. It’s becoming very difficult to understand the difference between an email that’s valid coming from somebody I know that’s valid or a text message, a phone call, an actual video. Like, yeah, it’s becoming very, very difficult. So it used to be that maybe we could call it negligence. And it’s starting to become much more difficult to be called negligence, which is the scary part. And I think that’s why that’s such a an initial entry point in such a difficult problem to solve.

Kevin Rosenquist: Yeah, I you’re right. Like, I mean, I get pretty good at, you know, noticing those things. But you know, we’ve all been.

Anthony C.: So I pride myself in being pretty.

Kevin Rosenquist: Yeah. I’m pretty good at. But man, sometimes I’m really impressed. I’m like, this really looks like this came from Amazon, you know? And yeah. And it’s pretty it’s pretty incredible how good the technology is in that respect and how difficult it is. So yeah, it’s hard enough. Just from my personal email, I can’t imagine being in charge of taking care of a gigantic companies, full on employees, employee lists of people and their emails. I mean, there’s just and to your point, two people have, you know, company tablets, company phones, company laptops, company desktops. I mean, there’s just so many ways to be compromised.

Anthony C.: And that and that attack surface is very, very difficult to Manage. It gets bigger, better, wider, you know. More money, more problems. Um, yeah. And it’s, I think in our day and age today, that’s probably the most significant surface and path to resolve. Right. And you know, it is both helping and hurting that. And hopefully we continue to maintain that balance. It’s a natural balance. But it’s definitely changing things. Yeah.

Kevin Rosenquist: Makes your job a little harder. When I was on your site, you referenced quantum hacking. I went down a bit of a rabbit hole with that one, because quantum physics is something I’m very interested in, despite much of it going over my head. But it’s certainly quantum computing has the power to change the world both for good, whether it’s revolutionizing cryptography, healthcare, and AI. But it also is very can be very bad the speed at which, , attacks could occur. The ethical concerns, worries about the big tech giants getting more powerful. I mean, there’s there’s a lot of different like sides to quantum computing. Where do you where do you land on it? Is the potential for good strong enough that it’s worth, you know, trying to figure out how to mitigate the bad?

Anthony C.: I think it’s always that the potential for good mitigates the potential for bad. Like, you can ask whether it’s in the context of quantum, even in the context of AI. I think a lot of people ask the same question in terms of, you know, is is it? And I’m always landing on I think the propensity for good is always going to outweigh the propensity for bad. When it comes to sort of quantum and and cryptography and, and cybersecurity, I’m not overly, you know, it’s like you can raise the alarms and go on fire. And I’ll be honest that it’s not fully clear yet. All of the different ways in which this could or will impact both for good and for bad. And I think any new technology and it’s weird to say new, I mean, quantum has been around for so long that it’s hard to say new, but but any untapped or unrealized technology always has this unknown good and bad measure. I’d say the context of cyber, what is present today in terms of risk in quantum, which is the symmetric algorithm, sorry, asymmetric encryption for factoring and prime number issue. And so when I look at the use of that technology and how to change that technology, it’s not going to be I don’t think a the house is on fire kind of fire drill.

Anthony C.: Um, it’s being conducted over time. It’s pretty orderly. The only risk I think, today is sort of, you know, the notion that, well, people are Harvesting network communication that’s been encrypted with this asymmetric encryption so that they can later on decrypt it. And that is a concern how long that takes and how relevant that data is at the time that that takes is sort of a, you know, a push pull in the risk of what that actually represents. But we have technologies today that can also help in that way. So certainly in new algorithms, NIST coming out with more improved algorithms, even in the context of, you know, cyber is an interesting technology or domain in like a lot of what we do is fairly old. So when you think about network encryption, like the whole, you know, so go back to our conversation, like when the internet was just starting, it was like, , we’re we’re transmitting things over a clear line. Right. Okay. And we have people who might want to eavesdrop on that line. So we’re going to encrypt the line and continue to send clear data through the line. We haven’t changed that posture as much. Right.

Kevin Rosenquist: It’s a little more a little more complicated now.

Anthony C.: Yeah. And you can encrypt in the line. Right. Like so I can take field level data that’s sensitive, run an encryption algorithm on that and feed it through an encrypted line. Still, if I’m worried about the sort of algo of the transit encryption being cracked. And so we already have strategies, I think that from from the asymmetric encryption weakness perspective, not only do we have algorithms we believe will solve that and there’ll be an adoption, you know, wave to get there. But we already have technologies today that can augment the path to getting there. If that becomes a real risk of something of Sure we’re not real, you know. I don’t see all too much that kind of mentality driving what I would call sort of data centric type protection in motion in transit. But if we had to, we could get there.

Kevin Rosenquist: When you work, when you start working with a company, do you find that they’re they’re woefully behind on their cyber or most or most companies doing what, you know, at least at least the the basics of making sure that they have a good system in place and you don’t have to call anybody out.

Anthony C.: Yeah, I won’t call anybody out. I’ll actually make an observation. If you asked me that question five years ago, I would be like,  my God. Like it’s horrible. I mean, you know, and that’s even from the context, you know, even when we colleagues, I would go to shows and I would go to conferences and, and hearing, you know, where some of the cyber maturity was and and I’d be like, , wow. You know, and I think if you ask me that now, I don’t know how much we’ve actually moved the needle. I think we definitely moved it. But I would say the awareness and the understanding and the conversations are all there. Now. The foundation is being laid to continue to or to to significantly move that needle. And when I rewind and look at maybe some of the factors as to why that might be five years ago or maybe seven or whatever it is, like global geo privacy politics weren’t really, you know, huge thing. And ransomware and like wasn’t really a huge thing. And like government regulators and SEC and like none of that for for the largest cort of companies that exist didn’t have to worry about these things, right? And and only highly regulated sort of financial.

Anthony C.: Some health had to worry. And what we’ve seen is companies that never had to think about these things. They didn’t even have cyber maturity. They didn’t have programs or any of these things now all of a sudden have federal SEC regulations on them, and they have global privacy regulations that they have to adhere to. And so I think more and more, what I’m seeing is like the foundation, the conversation, the understanding is all being laid. And I think that’s that’s all for the better. I we have a long way to go. I mean, I am so sick of, you know, every morning I look at the, you know, cyber news report and I see this one’s admitting to, you know, here’s 13 million of these were leaked and 12 million of those. Yeah, 100 million of this was leaked. And I think that’s a manifestation of both the difficulty to cover that trusted insider path. And that’s a very difficult path to cover, um, as well as the path of a large cort of companies not having to worry about it. And so we’re seeing the pain of that now. But we’re bringing we’re beginning to lay the foundation to bring them.

Kevin Rosenquist: I think it’s also it’s more in our face now. You know, you read about these data breaches in the you know, you know, you don’t have to read cyber news to read about data breaches, you know, even even down to like people’s concerns with TikTok or anything else, like it’s just more in your face. And I think also like you see, some people see it, see like these small companies getting hacked, you know, and you’re like, wow, if that could happen to them. I mean, how many times have you heard from someone with a small company? , we’re too small. You know, no one’s going to care about us. And that is obviously.

Anthony C.: That’s actually the. Yeah. That’s and that’s, that’s the opposite now. Right. Right.

Kevin Rosenquist: Because because the, the hackers know that they’re not they’re not stupid.

Anthony C.: It’s the easy path. Yup. , you take the low hanging fruit for sure.

Kevin Rosenquist: Right. You mentioned the government stuff as far as compliance goes. I mean, that’s generally a word that makes people start sweating, especially in the world of of finance, which most if not all of our listeners are living in, you know, technologies. Technology certainly moves a lot faster than the lawmakers who can put forth regulations, which it’s my hot take. Very enlightening, I know, but given how rapid technological technological changes, especially with how fast AI is moving, how can finance and fintech companies sort of future proof impending changes to the laws? Considering, I mean, we don’t know exactly where it’s going to go as far as whenever they get around to regulating this stuff, which they will. But how do you how do you plan for that? Agreed.

Anthony C.: And you know, the word is resiliency. You got to build resiliency. But the question is how do you build resiliency and it’s been a theme, I think, that’s been pervasive throughout my career and throughout cyber. And that is you generally know what the right thing is. And I and I’ve been involved in a lot of business led, value driven projects that have significant risk, compliance and cyber concern. And so obviously, first is like you, you do have to identify, you know, what is the right thing to do or what are the risks that I’m taking or that I’m trying to build resilience for. Right. And so observation is going to be key. But I there’s a fundamental. And I’m going to use another cheesy phrase but do the right thing. You don’t really know what the right thing is. And if you want to in the in the context of let’s say, privacy and global privacy laws and different geopolitical privacy laws, I mean, there’s a general theme about you know, citizens have privacy and violating that privacy. There’s there’s a rubric that’s sort of rooted in, in I don’t think you need to be an advanced cybersecurity expert to know what it means to, you know, transfer someone’s data to a, to a, to another party who has no cyber maturity and you’re not auditing.

Anthony C.: And it’s sort of like, no, out of my hands. You know, there’s a responsibility there. There’s an accountability there. And I think if, if, if companies if fintech really wants to build that resiliency and be a trusted partner to the customer, they have to do the right thing. And generally speaking, you know what that right thing is at the time. Do it. And if that means, you know, going deeper into the third party relationship that you have, if that means assigning an external auditor to make sure that you and any other relationships around your sensitive customer data are adhering to basic principles, I think that begins to build resilience. Dare I say that actually quite impressed at how Apple has has kind of started to push privacy as a forward thinking entity to its customers? Yeah. Even in the context of, you know, their latest push in AI and how they’re describing sort of local models with consent to off device model, like, I mean, there, there, it feels like they’re a company trying to do the right thing. Now. They’re a big company. I’m sure there’s all kinds of skunkworks things behind the scenes where I’ll get burned and say like, they’re horrible.

Kevin Rosenquist: Yeah, yeah, yeah.

Anthony C.: Yeah, maybe.

Kevin Rosenquist: You never know if it’s marketing or if it’s like really a desire to to keep data private. Yeah.

Anthony C.: And I haven’t gone so deep into what they’ve sort of come forward with that. I’m literally hands on keyboard testing whether or not, you know, how resilient the technology they’re talking about is But the way they’re thinking is the right way to think, for me at least. Like like understanding. Like, you know, hey, I want to do things on my phone. We’re the worst, by the way. Consumers are the worst people with their privacy. Like, for convenience or for. I just need to do this right now. Like, we will sell our souls. Right?

Kevin Rosenquist: Agree. Agree. Agree. Agree. Agree. Agree. Agree. Agree. Agree.

Anthony C.: And that’s. Well. And even the agree. That’s a manifestation, unfortunately, of the hardness of what consent is, which is a terrible, terrible thing in and of itself. But even, you know, in the, in the, in what like even in the context where I know, like, I really shouldn’t be doing this, but I just need to get this thing done and I’m just going to spend the $2 and give them, you know, whatever information they’re going to collect from me. , it’s a terrible thing. And where companies like Apple can help sort of balance the need for convenience and yet still maintain that privacy and safety. I think that builds resiliency into the future. So whether or not the next, you know, federal privacy law is ever passed or whether or not, you know, a GDPR version is passed and some other region, I think if you if you thought about it, you’ve identified it and you’ve taken steps to do the right thing. That’s the most important aspect of of building resilience into it. So not just going after the shiny object at any cost. Absent of any security or privacy. And that’s sort of that foundational language and understanding that’s shifting because seven years ago, that’s what it would have been. You go after it and and pay the consequences thereafter. The amount of people who are now opening their eyes to that and scrutinizing it, and the the penalties of which doing that, or at least driving some better behaviors and conversation that hopefully, if you’re not a company that says we’re going to do the right thing or actually in your tech is doing the right thing. I don’t know. For consumers like us, hopefully there’s there’s some pain for them around the corner.

Kevin Rosenquist: Yeah.

Anthony C.: Unfortunately the pain is ours right now.

Kevin Rosenquist: Yeah, I was gonna say that puts all the pressure on you. But yeah, as as the younger generations become more, , you know, more in the working world and stuff because I think, I think some of the older people, even even like our generation, we just don’t we’re not we didn’t grow up with these kind of threats. So they’re not ingrained in our heads where, like, I have a three and a half year old and he’s gonna, he’s gonna be he’s gonna understand that at a very young age, you know. So hopefully that will, you know, we’ll teach him like, you know, hey, you can’t just hit agree. You gotta like, you gotta, you know, think about what you’re doing here. And and he’s already figured out the tablet. I mean, like, he knows he like, I went on there one time and I’m like, what are you? Are you ordering something? Like, don’t do that. No, you can’t have that game. And like and so I mean hopefully that helps. I mean of course threats change over time but hopefully that can help it.

Anthony C.: I agree. And I mean there’s you know, we mentioned before a lot of what we see in cybersecurity today is rooted in manifested in something that was solved too long ago. And the attack surface, the technology that we’re in has changed so rapidly, so much, you know, not only lawmakers that are, you know, behind sort of the scenes of the times, but the cyber technology is sort of behind the scenes in times of big as well. And, you know, I look at like different ways that we can think about protecting our privacy and our and our data. And certainly the way Apple thinks about it, the way some of these messaging companies think about it in terms of like, end to end and being very data centric and thinking about the data itself, not just all of the controls and the transit mechanisms in between that are trying to protect it. I think as we go deeper and deeper to those levels, that’s where we’ll start to see better technologies and more resiliency.

Kevin Rosenquist: To, you.

Anthony C.: Know, unknown threats that we don’t even know about today, whether they’re in continental or in AI or where they make sense.

Kevin Rosenquist: Well, Anthony, with Protegrity, thank you very much for being here. I really enjoyed our cyber conversation. And yeah, I’d love to have you on again down the road when more, you know, we’ll discuss all the new threats that come out in the next month.

Anthony C.: Yeah, you got it. I really appreciate it.