Episode Transcript
[00:00:00] Speaker A: What's going to likely happen over the next 10, 15 years is we're going to experience a significant leadership vacuum. So that means either there's more leadership positions than there are qualified people to step into those roles, or we're going to put suboptimal people into those roles. And if we're putting suboptimal people into leadership roles to meet transitive property is you're going to get suboptimal outcomes more often than not.
[00:00:23] Speaker B: From KBI Media, I'm Carissa Breen and this is KBCast.
My guest today is Dom Vogel, a 22 year cybersecurity veteran who argues the field is heading into a leadership crisis. We talk about why the best CISOs are walking away, why the next generation of leaders may be suboptimal by default, and the unresolved question of who's left to make the critical AI decisions of the next decade.
If today's episode lands for you, do two things. Hit follow and send it to one person in your network who needs to hear it. That's how shows like this grow.
And now here's Dom.
Dom, you were literally one of the earliest guests on the show. Episode two, to be precise. So welcome back.
And I know, and I mean, look, I'm hitting almost 400 deep dive episodes, doesn't include any bonus content that we've delivered. So it's been some time, but from my understanding when we had our interview, we spoke a lot more maybe on technical elements and sort of today's interview is a little bit different. So I want to sort of fast forward to what's been going on since episode two. Tell me where you're at. I want to. What's changed for you?
What are we going to discuss today?
[00:01:39] Speaker A: First of all, kb, I mean, I'm just. Thank you so much for having me back on this show. It's been amazing. To see your show grow for 400 plus episodes is amazing. And just the fact that we've been able to grow our friendship over these, over the years as well, I'm so grateful for you. But you know what, to answer your question, the longer I've been in cyber, I've come to this realization that it's actually really not about cyber or technology.
It's really about people. Right. And that's where I've been spending my time. I don't mean security awareness.
I mean really the squishy people, the squishiness of our brains that we look at everything that we're dealing with. And whether you were talking about AI or The fact, you know, dealing with any type of security issues, fundamentally they're people issues. And where I've spent more of my time now, as I've evolved in my career, you know, 22 years now in the field, I've come to realize that I really want to truly understand people as people. And that's where I've focused so much of my time and energy because that allows me as a security practitioner to do my job better than just only focusing on security. So that's where I've been focusing my efforts as I've, as I've evolved.
[00:02:44] Speaker B: Yeah. And I think that's interesting because obviously this space has changed a lot since we spoke. So what sort of comes to mind when we're talking about people now? I know obviously technology has changed a lot, there's a lot more advancements, et cetera, but what do you think sort of missing when it comes to people in the cyber field? Or tell me a little bit more about what you're seeing with the people that you're speaking to.
[00:03:05] Speaker A: The most succinct way I put it too is when I look at the broader cyber profession and you go into an organization and it's something I do when I go into an organization, I'll talk to head of security, a cso, security director, what have you, and I'll ask to see a training plan for themselves and for their team. And I mean, more often than not there is no training plan. But let's, let's assume there is a training plan. That's a separate issue. Let's say there is a training plan. The focus is entirely on technical and security certifications. Here's how we're growing our people to be better, you know, experts in their trade. And then the question I always go back to, I always say, well, how are you investing in your people as people? Like, how are you helping them evolve as people? How are you helping them hone their communication skills? How are you helping them hone their relationship building skills? How are you helping them hone their presentation skills? Right. Ultimately these may be future leaders. How are you making them comfortable present to non technical people? And I always get this blank stare back and they're like, huh, Never really thought about it that way. Right. And in tech, in cyber, right. We have, and this has been the case for, for years, we have overemphasized the importance of the technical skills. Right. We develop these technologies phenomenally technically brilliant people. But I don't think anyone would argue with me in which it's like, you know, what if we evolved our people to the same extent that we involve evolve their technology skills? So many problems that we still deal with would have been solved by now, like kb, like when I entered the field, people were talking about, oh, patch management, passwords, right? These are all problems. Two decades later, we're still grappling with the same GD problems right now. They're only getting worse because of AI and stuff like that. Right? We're fundamentally not solving these things because we're not evolving as people. We're evolving as technologists. Technology and security is one lens, right? We've developed myopic vision in this field where every problem needs to be solved through a security lens, when in fact the first lens we should be looking at is how do we solve this through a human lens. Right. To me, we're at this critical juncture with stuff like artificial intelligence and AI where you have brilliant technologists creating this technology.
But I'd argue we're not having truly people who have strong people skills. And I even take it a step further. We have unhealed people creating AI, people who haven't had the chance to look at themselves introspectively and say, well, how can I evolve more as a person? What trauma are they carrying through People in other fields, people in more of the humanities fields, they tend to take more of that deeper look in terms of evolving themselves as people.
We don't do that in cyber. And that scares me, because unhealed people creating AI is going to just magnify the problems of unhealed and unprocessed trauma. Right? And that's what we're not talking about. That, to me, is something that Merit's talking about.
[00:05:51] Speaker B: Okay, I want to get into that, but I want to go back with over the years. You're right. The industry definitely has overlooked, like, soft skills and people skills.
Now, where do you think that cynical sort of mindset is stems from? Because it is.
You can't control a human being. At the end of the day, I can't say, Dom, you have to do this somewhat easier to probably configure a firewall than it is a human being. So none of them are better than the other. It's just different. But you're right, there has been this ongoing stigma in the space. I've asked people over the years why that's been the case. I've had various answers. What's sort of your view? Why do you think there has been a focus? Like you said, you'd go into a company and they'd be Very focused on technical training or whilst that's really important, a lot of it still comes down to, well, we have to try to encourage our people to do the right thing. And if we're not communicating them in a way that makes sense or we're belittling them, et cetera, et cetera, you get sort of the opposite effect and it's counterintuitive. So I'm really here to understand what's in your mind when I ask you that question.
[00:06:55] Speaker A: Yeah, that's a great question, KB and to me I use ecosystems as my example. Right. If you think about diversity in ecosystems, I think in natural ecosystems, right, for any, any ecosystem to not just survive but thrive, it requires diversity. If you look at the ecosystem of IT and cyber, over the course of its existence, let's say over the past three decades or so, the level of diversity on multiple levels has been fairly limited.
It is generally being males, white people who focus on technology.
Again, as time has gone on, we've brought in other levels of diversity, don't get me wrong, but the ecosystem, especially in its early maturing days, it was all people who had the same experiences, same what have you, Right. Like there was very limited diversity there and as a result, right. You get group think and as an ecosystem evolves, if it's not going to reach, I'll say peak maturity if there's limited, limited diversity, right. Parts of it may never flourish, parts of it may not, may never come to an existence. Right. And I think that's what's held the industry back for so long. I mean, heck, we still talk about things like that where, oh, you know what, cyber, that's the techies, right. These stereotypes took hold because of the limited diversity that was introduced into this field in its nascent days. Right. And now, Right. Again, we, I can certainly say after being in the field for as long as I've been in it, sure, the diversity has increased, right. There's more women, there's people who don't have necessarily technical backgrounds, right. It's, there is diversity, that's great, but it's still not at the levels where it should be. Had that diversity been brought in earlier on. Right. And that to me is part of the problem where it's being held back by its early inception days. Right. And for, like I said, for the ecosystem to truly mature, right. We need to break right through from those stereotypes that, like I said, that defined this field for many years.
[00:08:56] Speaker B: So the thought that I had is, do you think that perhaps people just don't like the field, maybe there are less women. Because if we look, traditionally speaking, more women are in PR and comms. So I obviously work with a lot of comms professional. Yes, there are men primarily, there are more women. So do you think that cyber slash technology is just a field where it attracts generally more men? And so whilst yes, we'd love to have more women, but maybe they just don't like it at the end of the day, maybe they're like, well, I would rather do a PR sort of role or marketing or comms or whatever it is. I mean, are people asking that question in PR saying, well, where are all the men at? Do you think that perhaps it's the inverse then in security slash tech?
[00:09:38] Speaker A: That's a really good question. And to me I think it's like an onion, there's so many layers to that. Part of the problem too is I'll say broader education systems. Right. Like I have the opportunity to speak to college students and people in university and talk about, you know, fields in cyber. There's still those, that pervasive stereotype, oh, I have to be a hacker. I know it's not a field for women to go into. Right. We're not doing enough at that part of the pipeline to say, you know what, there's so many different areas within cyber for you to go into. Sure, PR sales, but also. Right. If you want to be more in the tech side. Right. We're not doing enough introducing that and changing perceptions at the beginning of the talent pipeline. Another problem is that burnout is rife in early days of, in cyber. Right.
A lot of people who get introduced into the field in their early days, it's a meat grinder. Right. And the way it's set up more often than not is that, and I see this time and time again, it's not designed on the most, for the most part for women to be successful in the long run. Right. They are set up, unfortunately to fail more often than not. And again, I have a lot of conversations with women who I know and trust who've been in the field and they've said that to me time and time again. Right. So we're not doing enough to make sure that if talent is coming in as an example and you're focusing on women, but again, there's other levels of diversity. Right. It could be non technical people or people of different socioeconomic backgrounds or what have you. But as a whole, the system still is not set up in a way to allow for greater diversity to flourish. Right. You know, there is still systemic Roadblocks, lack of a better term that's preventing true diversity from being unlocked. Right. And again, these are the hard conversations that we're not having in cyber. Right. In this field we always like to try and put a technical spin on it, right? Because that's. Unfortunately, most of us are technologists. We see the world through a technology lens and that's okay. But as it is in life, there are multiple lenses, there are multiple truths, and we need to have, like I said, these types of conversations because if I look long term as well, one of the things that scares honestly the hell out of me, much More so than AI, is that over the next 15, 20 years, we're going to experience a significant leadership vacuum in this field. Why? First of all, people who are, or, and we're already seeing this, people who are senior leaders, people who've risen to roles of, you know, CSOs or security directors or leaders or what have you, they themselves see that they're set up to fail, they're leaving, they're becoming consultants or going into different fields because they don't want to set themselves up to fail. And at the other end of the leadership pipeline, if we're replacing future leaders, they're operating for them to enter the field with AI. How are these people going to learn? How are they going to evolve into their career? Right? And we've been seeing this in other fields and I'm seeing this discussion happening in other fields, but it doesn't seem to be happening in cyber. So to me, what's going to likely happen over the next 10, 15 years is we're going to experience a significant leadership vacuum. So that means either there's more leadership positions than there are qualified people to step into those roles, or we're going to put suboptimal people into those roles. And if we're putting suboptimal people into leadership roles to meet transitive property is you're going to get suboptimal outcomes more often than not. And we've seen that in other fields, Right.
My example is politics. Right. Politics way back when used to be considered a noble profession. I know in Canada and the U.S. right, politics used to be considered a noble profession. I don't think someone would call it a noble profession now. Right. What happened was people who were great leaders, like, you know what, this just, it's not worth it. Why would I put my family through all this stress rise of social media, put my family through that? Why would they do that? So you end up with suboptimal leadership and suboptimal leadership, as I mentioned earlier, leads to suboptimal outcomes. And we're seeing this in other fields. Right. And I truly believe that's what's going to happen in cyber. And that's really scary because over the next decade we're going to be needing to make significant decisions around stuff like AI. If we don't have great leadership in place to make those decisions at critical points in human history.
I don't need be a historian to tell you that we could be leading ourselves down some suboptimal paths.
[00:13:40] Speaker B: Okay, I do want to get into that. I mean, there's a fair few questions with everything you just said.
I want to go back to your comment around at the moment. The industry isn't set up for women.
I want you to elaborate on that. What do you mean by that? Do you think cyber is a boys club?
[00:14:00] Speaker A: I think that there is a still a significant population of leadership people that prevent true diversity in this field. For lack of a better term, and I'll just call it for what it is, there are still a lot of older, whiter male gatekeepers in this field that prefer to see the field the way that it's always been. Right? It is. And that's not a non zero number. That's still a fairly significant number of gatekeepers that are in the field. Will that always be the case? Not necessarily. But there's still enough of those people in significant leadership positions that are preventing the ecosystem from evolving to a truly diverse ecosystem, in my opinion.
[00:14:36] Speaker B: How do you think they see the field? Give me an example. So their mates, they go out in the golf course, they drink beer with their buddies or whatever men do nowadays, I don't know, but walk me through it, like paint the picture for me. I mean, you're a man, you understand.
[00:14:51] Speaker A: I wish I could understand. Besides, some of them, it's like I jokingly refer to them as the Ron Burgundy's. For anyone who ever watched Anchorman, right? They're living in the past, they're anchored in the past. And I'll give you a real quick example, you know, So I was introduced to a CISO at a fairly large organization in the States and I was talking to him on the notion of investing in your people as people. Like if you truly want to have a high performing team, you need to invest in your people as people, not just as technologists. Right. And when I sat down, was talking with him, first thing out of his mind was he said, I think, you know, investing in people is a bunch of Voodoo. And he put an expletive at the end. I said, well, what are you talking about? He said, well, why would I spend money investing in my people when I can just buy another tool? It's that type of mindset, kb right? Where it's the again, tool first technology, first people, they're replaceable, right? Not going to really focus on investing in them. That mindset is still highly pervasive, right? That type of mindset, I'm sure, has other, like I said, preferred ways. When I looked at his team, there was very little, again, diversity on multiple levels, right? They all came up through the same schools, they all had the same experiences, they all came from the same socioeconomic backgrounds. And like I said, it's not just about putting in a token woman or what have you. Any ecosystem needs to have different levels of diversity, otherwise it will not thrive if they all see the world through the same lens, right? They're not going to be able to solve the problems, right? That's why I said, I fundamentally believe if we had introduced greater diversity into the field of Cybersecurity 20 years ago, problems like patch management, problems like passwords and the credential management, a lot of what we're seeing with AI, these are problems which are just different manifestations of problems we were dealing with 20 years ago. If we had introduced different people who could have looked at the problem at a different way or different angle, those problems would have been solved. And I fundamentally believe that some of the issues that we're grappling with with AI would have fundamentally been solved 20 years ago. But because we didn't introduce those levels of diversity and we just sort of put in some technical solutions to lack a better term, half asset, we're now dealing with different manifestations and we're like, oh, how are we going to deal with securing the access of agentic AI? Fundamentally, this isn't a new problem, it's a different manifestation. But we never looked at it through a different lens, right? And that, to me, like I said, and that's true of any field, any walk of life, right? You only grow and evolve when you introduce different mindsets or different views or different truths in the world. And that's, like I said, what I think has fundamentally held our field back.
[00:17:25] Speaker B: We'll come back to that after a quick word from our sponsor. When you're building a startup, every hour counts and so does trust. Whether you're chasing your first enterprise deal or just trying to stay ahead of the compliance curve, Vanta helps you prove your security posture. Fast by automating up to 90% of the work for SoC2, ISO 27001, GDPR and more, Vanta gets you audit ready without the late nights and spreadsheets. Visit vanta.com kbcas V-A-N-T-A.com kbcast to learn more.
Now back with Dom.
Yeah, this is interesting. So, okay, so then another thought that I had this year. There's been a lot of layups, like some of the most we've seen over the years, which means displacing people. I think there was a woman online that said, I work for a hyperscaler for 30 years and this is the service that I get. Talk me through that. Because, I mean, look, you got companies like Oracle, aws.
I mean, when I'm going to these conferences, these companies really talk about, you know, people, process technology, all of the things. Because I mean, go. You know, recently I went to both of their conferences here in the US they, their annual conferences. So. And people are angry and they're outraged. So I want to talk about that through the people lens, how you see it, because there's probably going to be more, I think at last year, and they've had a bunch too as well. So we're going to start to see more of that. But what I'm just keen to hear your thoughts on investing in the people. But then it seems like people are doing the opposite again of investing in the people. And I know things evolve and grow, et cetera, but I'm keen to just explore what comes up for you.
[00:19:11] Speaker A: Yeah, we're at an interesting point in time right now, kb, where I've been seeing more people talk about the true flex in the next 20 years, being able to just be a good human. I mean, we're talking about, you know, I was among the first generation who grew up on screens.
And I'll say my people skills were maybe not great early on, but I've refined them over time. I look at, you know, my kids and how they've even grown with even more screen time and how their people skills, I think, are not where mine were or my generation was growing up and this disconnect with humanity, right? And we're seeing that with how companies are treating their people. Right. And, you know, one of the things that I'm a big believer of, and I've talked about this in many of my talks, especially over the past year, and I expect to give more of them, is that we really, truly need to reboot what leadership means in the AI era. Leadership up until the AI era could have been, again, people who were really good at rallying the, you know, the troops, metaphorically speaking, people who were really good at the inspiring, you know, hurrah messages. People who are really great at getting the best out of people and, you know, pressuring them and what have you, maybe some people ruled through fear or intimidation or what have you. What I really believe in this next, in this era that we're on the dawn of here. You know, I'm just like, I'm just talking about Jim calling it the AI Era. I truly believe that the best teams, the best organizations are those that are going to reboot what leadership looks like. We've talked about servant leadership. That was a big thing up until now. What I'm sort of phrasing it as is connected leadership, where leaders need to be deeply connected to their people as people. And we're in a time where, as a leader, you need to be able to really lean into your human skills. And to me, that stuff like authenticity, vulnerability, right? Being able to be someone who is able to lead through kindness, right? Leaders who are compassionate, people who are able to provide emotional triage. We're seeing people burn out at higher rates than at any other point in at least the past 25, 30 years, right? In multiple fields, not just in cyber. In cyber in particular, it's very acute.
So we need to equip leaders to be able to truly be able to connect with people as people.
And I look at Gen Z, Gen Alpha, as they enter the workforce. I truly believe, like I said, it's the leaders that are able to best connect with them as people. Because what's going to be truly transformational, and this is what I think is, again, being overlooked. Everyone was talking about how AI is going to transform the workforce, right? To a degree. Maybe it has. I think it's maybe helped fuel a bunch of unnecessary layoffs, but that's where it is right now. But what I see as being truly transformational is Gen Z and Gen A as they enter the workforce. So millennials, and I'm considered an elder millennial based on where my birth year is. We didn't really ask for anything other than a little bit of remote work and a little flexibility, right? Gen Z and Gen Alpha, they have no desire to go into the leadership structure or the work structure as is. Right. I look at my daughter, and she's about to be 16. She'll be entering the workforce soon, and her friends. Where I'm hearing this from people is people who are in, like, Talent management and hr, they're saying we need to transform how we do work, right? We're not going to get best on best talent if we're going to just be trying to get people, you know, nine to five, right, and own them, you know, Monday to Friday. We need to be able to restructure what work looks like, right? And the best organizations of the future are those are going to be saying, yep, we just bring people in for projects or you know what, for whatever skills that they really like. We're just sort of like capturing a shooting star, right? You capture them in those moments in time, but we don't own them as employees kind of thing. And that to me is what's going to be truly revolutionary. The companies that do that and those that don't. And so right now we're in this tumultuous time period right now where I think, like I said, there's a lot of organizations, Amazon, Microsoft, I mean, you look at all the layoffs that have been experienced over the past 18 months to two years, you have a massive amount of people who are looking for work and much of that has been upended by, well, we could just replace them with AI, right? So we're in this tumultuous time period right now. But like I said, I truly believe, I look at the big companies like Microsoft and Amazon and those big players and I truly believe, like I said, a decade, 15 years out, if they still want to be dominant giants, they need to restructure what work looks like. And because again, you have older people who are going to be retiring, you have people like me who just, I'm going to just be an entrepreneur to the day I die. I have no desire to ever work for anyone there ever again. So how are they getting talent, right? How are they getting that new talent? And so I think, like I said, these are hard conversations. There's no easy answer. But like I said, and I look at the amount of people who are laid off right now and are actively looking for work, I have never seen it. You pick an average security role, right? And I, and I'll give this as a quick story. I have a client that's in northern British Columbia, so that's the province I live in. And the metro area is Vancouver. So this area is about an eight hour drive from Vancouver. It is not in the metro area. It's for a fairly small college. They put up a role for a junior security analyst. At any other point in time, they'd be lucky, honestly to get 10 applicants, right? You know how many applicants they got, KB? They got almost a thousand. A thousand.
You put that in the metro area and now we're talking tens of thousands, right? If not more. And so the job market with people who are looking is saturated, right? The people who are willing to apply for anything. And what's even more frustrating is that these people are applying online and these AI tools are filtering through these applicants and hiring managers, I'm hearing this from hiring managers, they're frustrated because the AI tools are spitting out what they feel are suboptimal candidates. And what I'm seeing too, and what I'm hearing is that more and more hiring managers and people who are in hiring positions, they're not relying on the online applications, they're relying on their networks, right? So we're at this interesting point in time where your experience, you could have all the technical certifications in the world, right? And this is the thing I'm telling people who are in cyber and are looking for work don't just apply online. If that's your strategy. You're literally firing resumes into a black hole to me, where the point in time where it's, who knows you? Who knows that you exist, right? So if you're not on platforms like LinkedIn, if you're not out branding or trying to appear on podcasts or what have you, or doing your own thing, if no one knows you, you're not going to get hired, right? So that's one of the big wake up calls I tell people is that if you're, if you are among those who have been laid off, don't rely on your technical skills, right? Your security skills aren't what sets you apart. And that's what I hear so often, like, oh, I have all these security certifications, don't care, right? So there's, you know, million other people. But what sets people apart right now, this may be starting to sort of bring it full circle is the people skills. You have security certs and you're able to hold an audience or you're able to talk to a board of directors without using acronyms. That's frigging rare, right? The security certs are what bring you to the conversation. But if you want to get hired, it's leaning into your people skills.
[00:26:22] Speaker B: I want to ask you about, again, going back to the example you gave around back in the day with politics. It was a noble profession. People didn't want to do it because they didn't want to be judged, et cetera. So they had suboptimal leadership you say there is currently suboptimal leadership in cybersecurity companies today.
[00:26:42] Speaker A: That's a good question, kb that percentage is growing. So yes. Is it the majority? No, but it's. That gap is growing. I left corporate 11 years ago and not to try and say I was a pioneer or anything, but in the decade I've been out, I see many senior people leaving leadership positions and becoming more so consultants or working for a security vendor or what have you. Some I know have left the field entirely. One of the smartest CISOs I've ever met, someone who's a longtime mentor of mine, he could no longer tolerate being in the field. You know what he ended up doing? He ended up becoming a long haul truck driver. And he said he doesn't have any stress in the world. He makes a little bit less, but he's like, I'm healthier, I get to. He gets to drive to California, you know, every other week. So I would never go back to cyber. Why? Why would I? Right.
So I don't see anything slowing that pace. So if we're having this conversation a decade from now, kb, if not sooner, I'd say, yes, that we do have more suboptimal leaders than not.
[00:27:42] Speaker B: And why do you think it's growing more? Because people are leaving the field. Therefore someone's got to become the leader and the CEO and all these sor of things.
So someone's going to fill the job, right?
[00:27:52] Speaker A: Exactly. Someone's going to fill it. And it's like I said, it's generally someone that's not going to be, you know, it's going to be someone who's not going to be asking the hard questions. It's someone who's not going to be, you know, doing what the profession needs. It's going to be someone who's just there, you know, for their own personal gain, as we're seeing in, in the field of politics. Right. I truly believe that's where we're evolving. And it's a slippery slope because when you have suboptimal leadership, other things start to falter. Ethics, integrity. Right. Leading for the right reasons. Right. Growing something that's beyond yourself. Right. What ends up taking place with suboptimal leadership? Egos, personal gains. Right. That's what ends up evolving and taking foot. Right. So we're on a very slippery slope, in my opinion.
[00:28:33] Speaker B: Okay, I want to talk about ethics because this is something I'm hearing a lot of these vendors and I'm interviewing, talking to. It's about AI ethics, what does that actually mean. Because look, I mean, you said something before that was super interesting, so. Unhealed people creating AI systems will only worsen the gap. I'm going to repeat that. Unhealed people creating AI systems will only worsen the gap. So talk me through it. First of all, it means that we're in a bad state now. It's going to get worse. So I really want to talk through this because, I mean, it's a big conversation. Yes, people are talking about in certain ways. But I mean, you, you're independent, you don't work for a vendor, you don't have a corporate leader, you don't have a boss, you don't have a PR person.
People really want to hear the unfiltered truth around what is really happening out there.
[00:29:31] Speaker A: My unvarnished truth is that again, it goes back to who are creating these LLMs, who is creating these AI tools and these interfaces of the future. Right. Again, I go back to the level of diversity. If it's all people who have had the same life experiences, they're introducing their own biases and views on the world. So we can talk about guardrails and ethics all we want. But again, it's someone or groups of people are creating this. How are we making sure that they're truly reflecting the best of humanity? And I talk about stuff like unhealed humans.
I'm a big believer that we all have levels of unhealed trauma. And I know that I did, you know, growing up. It's not to say I had a terrible childhood, but as I got older as a person, right. I started to look at certain, maybe biases I had or certain ways that I viewed the world, right? And I tried to evolve as a person. I tried to heal that trauma. That to me is something that we don't talk enough about, right? Especially like I said in something like AI, where if it's going to be mimicking humanity, do we not want it to mimic the best of humanity or do we want it to mimic the endless horrors of what humanity can be where we've seen it rear its ugly head countless times over the course of human history?
Those are the types of questions that we're not asking.
And it's the, what's the psychology behind the people who are doing this? Right? Like, what are their own biases? Right? So to me, again, when what's frustrating me when we're talking about AI, and again, you talk to anyone about AI in cyber, what's their first response? It's a technical one. Oh, here's how we should be the technical guardrails or here's how we should be, you know, locking down on agentic AI? Again, all important questions. Don't get me wrong, it's again, through a technical lens, right? It is not through a lens of humanity or the people behind the AI, right? What do they believe? What are their ethics? What, how are they, you know, how are we evaluating that? Right. We're not. Right. And that to me, like I said, is the scary thing. And that's where we need levels of transparency and that transparency is not there.
[00:31:34] Speaker B: So what do these companies really think at the end of the day? Because yes, they can say like, oh, we've got guardrails and all the hoo ha that goes in. We've heard all that. But what do you honestly think?
Are these people creating this technology for their own personal gaming? Look, what about, you know, issues with the Mr. Sam Altman going through his diaries and all that sort of stuff like, that's getting real, like stuff that we've never seen before in this space. So what are your honest view then of and who's calibrating these people? Who's calling Sam Altman up to say, hey mate, we think this needs to be looked at? No one. So then you got companies that have got this power. And I think I was talking to someone, I was up in Alaska, they're like, we've only going to have a few companies that are going to control the Perth strings here. So what does that then mean for people like you and I, other people out there listening to this episode, what does this mean at the end of
[00:32:27] Speaker A: the day, to me, at the end of the day, one of the paths that this opens up is again, to a degree, we've already been experiencing this with social media is the ability to morph and shape perceptions among people, right. If we are not careful with how, how we are conveying again, thoughts, thinking, you know, if someone is working alongside an AI tool, right, like how the AI tool is going to be presenting certain, maybe worldviews or perceptions or what have you. And if we have not, like I said, had the conversations around again, misinformation, disinformation, right. The ability to, like I said, see the world and accept that there are different truths in this world. Right. What scares me the most, and we've been on this path, is that humanity as a whole has checked out of critical thinking. If I look back over our sort of this Internet era, you know, going back maybe to the mid-90s, right, email was among the first spots where we started to mentally check out. Right. How many emails have you typed out, KB where your fingers were typing but your mind wasn't really thinking it through. I know, I've done that countless times. Right. Then came the social media. Right. And we stopped thinking critically. We'd see something saying, you know, that something happened somewhere. Oh, we just accepted it as gospel truth. Right. Same thing with the Internet. Oh, if it's on the Internet. Oh, must be true. Right. We stopped thinking critically. Now with the advance of AI, Right. AI prompter tool tells you something like, okay, that's going to be true, right? What? We're on this slope where we've stopped thinking critically as a species and among one of the most important things that separates us from other species on this planet, Right. Our ability to think critically. And one of my greatest fears is that if we stop collectively as a species, stop thinking critically, that just opens a vacuum for someone or something like AI to tell us what to think. Right. What happens then?
Again, no easy answers. And I recognize that in itself is probably an hour discussion, but these are conversations that aren't happening enough. Right. And again, the security lens is important. How are we securing agents and all that? Absolutely right. But what we've conditioned ourselves, unfortunately to is only look at problems through certain lenses. And as security practitioners, I think we're doing ourselves, the field and the world and humanity a disservice by continually looking at problems through only a security or technology lens.
[00:34:52] Speaker B: Yeah, that's. I mean, look again, there is no easy answers. And it's not about having the answers, it's just about having this discussion. Because there may be something that's insightful that you've shared that someone can take away.
So one thing I'd like to ask you about now is you mentioned before about we have to restructure how we're going into the workforce. I mean, like I was saying, someone, it's my 16th year of working and I didn't go to university or anything like that. But I was saying to someone, I used to have to go to work every day, five days a week, whether I went out, you know, went out the night before, I was hungover, you were there. But now it's very different. Like people. And I mean, my husband's in recruitment, right. So he was saying that even people will take less money because they don't want to go to the office and all these sort of things. So. And I think that also people see and I know cost of living and all that's going up but also I think that people even at a junior level are having a lot more expectation than when you just start off. Yes, you may not get the best pay, but it's going to increase. Then over the years it kind of feels like people just want to jump to sort of the middle cohort very quickly without sort of doing the work. So is it valid that perhaps if you're a top performer, you will get those roles? But you know, things are very different now. I'm just, I'm keen to sort of get your thoughts here because I'm hearing that from people too in this space. But then I'm also looking back, I'm not that old myself and I'm thinking that things are very different when I first started out, so. And I just knew that I had to work my way through the ranks. But it feels as if people perhaps aren't as inclined or it appears that way that they just want to skip to like collecting go very quickly for sure.
[00:36:34] Speaker A: You know. And as with a lot of these things, there's multiple layers or lenses to it, right? One lens is that as a whole the generations coming up, they've been conditioned for lack of better term, instant gratification, right? Like just the way because growing up on social media and what have you, right. The notion of being able to spend time, to be able to earn something, I don't say that's a foreign concept because you know, there are hard working people in those generations, but as a whole, the notion of instant gratification, they've been conditioned for those quick dopamine hits, right? So that's, that is part of the problem, right? The. And again, that's not on them. We created a society that as they were being, as they were being raised, was very much focused on that. Another part of that problem too is that you had gen Z and gen 8 to a degree. They watched their parents, so Gen X and millennials, they watched them get burned out. They watched especially right now, if they were in tech, they saw what, hey, my, my dad or my mom worked for Amazon, Microsoft for 20 years and that's what they got, right? They had to miss a lot of my soccer practice, whatever. And this is how that was returned. Why would I, why would I want that? Why would I, I saw what it did to my parents. I hear that from so many people. I saw the sacrifices that my parents put in and how they were treated in return. Why would I want that for myself? Right. Arguably, I think you we're gonna. And I think what's really exciting about Gen Z and Gen A is that we're gonna see. I think that is gonna be the entrepreneurship generation. You're gonna see more entrepreneurs in that generation than any other generation beforehand. Right? They want to create their own destiny. They want to carve their own paths. Right. They don't want their destiny in the hands of someone else. Right. It's again, with a lot of things, there's a lot of different factors, but. But those are two of the more dominating factors that I'm seeing when I'm having conversations with people, as being sort of that reason why Gen Z and Gen A aren't going to just be like any other generation and why the workforce is likely going to look very different 20 years from now than it does now.
[00:38:40] Speaker B: That was Don Vogel, everybody. The thing I'm going to be sitting with from that conversation is his warning about the leadership backroom that over the next 10 to 15 years will have more senior roles than qualified people willing to fill them. And suboptimal leaders make suboptimal decisions at exactly the moment AI demands our best ones. If you're a sizer listening to this, look at your team's training plan. And if it's all technical certifications, you've found the gap. The people you're developing now are the field's future leaders. Invest in them as people, people, not just as technologists or the vacuum Dom describes becomes yours to inherit.
I read every reply. If you've got some thoughts on this one, send me a message on LinkedIn.
Kbcast cyber for the c suite.
