#563: Securing LLMs and fighting Prompt Injection with Algorithmic Red Teaming

You must have some really cool stories that you've seen out there where firewalls or other products have really saved a company.

Our companies like taking AI's or hugging face and stuff like that, places like that and say, okay, let's run an AI, LLM, and give it access to let people on the internet interface with this thing.

Yeah, so the Iburnmash Firewall, that is that is that next evolution of Firewall.

Hey everyone, David Bumble back with another very special guest. Rick, welcome to the show.

I appreciate it. Thanks for having me on the show.

Directing you to the channel. So perhaps you can give us like a quick overview of your background and then how you ended up like doing firewalls today.

Yeah, absolutely. So today, Vice President of Products, a product exec at Cisco, covering all of the network security, detection, threat intelligence, these, these pieces.

But what's Cisco about three years? Before this, I built up to Zscaler Private Access and ran their emerging products.

Before that, all of the threat products at Proofpoint, threat intelligence detection, those types of products.

Then some time with startups actually, that was my first job coming out of the military, which I went from, yeah, about 10 years on the operational side doing secure communication, cyber security type operations.

In the military, right? In the military. Yeah, I had to use enough of these tools. I was like, man, I got to figure out a way to build better ones.

So that was my, that was my path into product management. So I'm really looking forward to this topic.

I think a lot of us really enjoy our firewalls, but I've heard this in the industry for a while, right?

Some people have said, firewalls are dead, you know, they're going to be replaced. What you're taking it, you're involved in the real world, rather than say, just YouTube.

So what's actually happening in the real world?

Yeah, absolutely. And I do hear that. In fact, if you go back a few years, I might even set it at one point in time.

But the reality is, after engagements with thousands of customers, enterprises, commercial of all sizes, you get to this realization that the firewall is not dead.

It's just changing from almost like a, a noun to a verb becoming firewall lean, you know, maybe a, the 14 rack unit stack of refrigerator size firewalls are less common, but you're still in the space where in line threat protection, decryption, these things are still incredibly important.

You still have trust boundaries and perimeters. Yeah, but instead of those 14 are you, you're down to, hey, can I, can I get to the pizza pizza box size?

Can I start to cluster? And then firewalling starts taking place? Yeah, maybe it's in the data center. Maybe it's at a trust boundary in the edge.

It's in the cloud. It's across multi clouds, but actually distributed all the way down to even in the workloads.

Yep. So agent based as well. So firewall, firewall isn't dead.

You know, people, firewall is still a foundation. It's just becoming more distributed and it needs to because that's where the landscape's going. That's where the threat is driving it to.

So I mean, in the real world, companies have a lot of stuff in the cloud, right? So they're spending up things all the time. It sounds like a traditional firewall is not the right device for that kind of situation because I can't really put a thousand physical firewalls in the cloud, right?

Yeah, I mean, you've got an explosion of both traffic, but then the nature of the traffic and even even taking a step back, you applications, you've gone from that.

That traditional three tier application to micro services containerized all the way into now AI applications that have new threat vectors with the underlying models that support them and then organizations doing all of this development in house.

So in that example, let's talk about cloud a few things. Mostly it's multi cloud too that I get from a lot of customers that as a just AWS GCP pick your cloud vendor here.

The answer is usually where we're present across all of them that you need to have an ingress egress, but the only way that you can keep up with that explosion of traffic and the containers, the applications themselves is if you start actually getting into the agent based leveraging new technologies like EBPF, some of the tetragon capabilities deep

visibilities into Kubernetes, the understanding how the applications themselves communicate. It becomes incredibly important. So when you think about firewalling in that space, I go beyond just hey, this boundary that's at the edge of my I AWS instance to

understanding exactly what's happening, having control of those communication. So if you soon post compromise, you can't you cut down on the lateral movement and then influencing what still happens at ingress egress. So they work in concert with one another, but it's not enough to just have that one trust boundary at the edge.

But I mean, seeming Cisco still sell traditional firewalls as in like the boxes, right?

Yeah, absolutely. And that's, that's the thing is you, is you think about going from that noun of a firewall to the verb of firewalling, you still in an organization, yeah, you're going to have a data center edge.

Is it, as I mentioned the 14 are you maybe it goes down slightly because you've got SSE or security security services edges that can offload some of that. It's a firewall as a service and a cloud proxy.

So we offer that as well. Let's say you have locally at the campus size or like a heavy branch, you've got a firewall there doing a level of inspection.

And in the cloud, you've got cloud gateways that are virtual and cloud-based firewall scaling. So all these other elements of hybrid mesh firewall. Yeah, they're more they are becoming more prominent and the required based on, you know, the applications, the threat vector.

But still, at the end of the day, you do very much have those trust boundaries in your data center in having a preemptive block being able to drive that in line threat detection as well is still pretty critically important.

So organizations are very much driving physical boxes at that edge. And as Cisco, we're going to continue to innovate now into the hardware side too.

Now what I measure my team on when I think about the actual boxes is not not like a data sheet L3 L4 firewalling number, but a turn your threat services on.

Yeah, turn your threat services on leverage them for what they're supposed to be doing being able to inspect block threats and that number.

So that number is what we pride ourselves on for our hardware to be market leading price per protected gigabit when your threat services are turned on.

I hate to use the term, but traditional firewall as in like the box, right? Yeah, but what are the capabilities that you're putting into those boxes that are say different to other traditional examples that we used to.

Yeah, there's two big things I talk about. It's the capabilities on the box and then how do you the other big challenge with this, the organization struggle with is how do I manage across all of these environments, you know, we've talked multi cloud, we've talked cloud edge, we've talked agent-based, we're even building firewalling into the switching infrastructure.

Yes, you can see that forward point where every switch port is a high through put firewalling capability.

So how do you manage all that is one, which we can talk about and two is as I think about the nature of the threat landscape changing.

You've got this movement from signature-based attacks to more signatureless, right?

And so if you think about just any threat actors are using the same tooling we're doing to accelerate our innovation, they're using it to accelerate the creation of new compromise vulnerabilities exploit vulnerabilities quicker, all of that threats that are changing and adaptive in nature that on that box, it becomes important to no longer say, hey, I've got a signature for SQL injection.

I've got a signature for remote code execution, but being able to have an AI detection run on box that can say this looks and feels a lot like a remote code execution, though there's no signature, I still need to block it, because that's that risk of that next, that next zero day that's being accelerated.

So new detections running, those are critically important and algorithm thing engines that can do more than just signature based signature lists, behavioral based, but also some of the other areas that we're innovating in.

Is looking at encrypted traffic, yeah, an expansion of encrypted traffic, that's not a trend that's decreasing anytime soon, yep, and so then you think about, okay, in this world of just increasingly more and more encrypted traffic, what are my options? Well, you can either sit left of encryption that gets us on to the agent into the application, which as I mentioned, so key part of firewalling or on the box to what we what we looked at is.

Can we take our billions of known good and known bad even looking at the TLS handshake, even look at what the variables around that the attributes we can see in that encrypted flow.

Can we with a high degree of confidence start to understand is there something suspicious in there? Is there something with that should be looked at it's we actually built out what we call the encrypted visibility engine, it does exactly that, yeah, so again, another powerful capability running running in these in these firewalls.

Rick, they're different customers that Cisco deal with, you've got the hyperscalers like Azure, etc, then near clouds, big growth area today, and then you got enterprises, so I'm assuming they are different devices for different use cases, and I'm assuming you've got some insane high speed firewalls today, yeah, absolutely, and as I mentioned, we're not, I think the days of the 14 are you singular chassis refrigerator size firewall, I think those are those of course.

Coming on and how we're approaching this is a more modular cluster to approach, okay, still need the high performance, so what we've done is we've got the, the Cisco firewalls here firewall 6100 series purpose built for these environments that in a two are you form factor can hit over 630 gigs,

and then when you have the situation where we're talking about AI, the explosion, the applications, the bandwidth, how, how that's continuing to grow, well, you need to be able to grow with it, so instead of saying here, here's the next refrigerator to deploy, it scales per two are you, right, so you can start to cluster that based on the demand of your organization, your future proofs, you can actually scale it all the way out to 16 and have eight terabits of inspected throughput, if that were required, right, we're not quite there yet, but that is very

possible and supported with our, with our products, so at the end of the day in that form factor, what we see is 80% less space, 60% less power, because you're thinking about the costs in these situations too, and then about a third the cost overall for equivalent to performance against the market with the Cisco secure firewall 6100,

but Cisco recently refreshed the entire range of firewalls, right, from the very small ones, is that right, all the way up to the big ones.

Yeah, absolutely, and so excited about the things we're doing in the cloud, our cloud proxies, gateways, but we are also innovating and have refreshed the entire hardware portfolio.

So yeah, our 200 series, which is going to provide a high degree of price per protected gig a bit for your branch locations in the smaller devices themselves,

it's, you know, you're talking about this size versus your, your full rack all the way up to the 60 100, so in the last three years, we've refreshed everything in the portfolio.

Rick, you've mentioned a few things, yeah, that I'm not quite sure about. Okay, Eve is encrypted traffic, so I get that.

EBPF, what is that? You mentioned switches acting as firewalls, can you get into that as well?

Yeah, absolutely. So extended Berkeley packet filter is what that acronym is EBPF, but really what that allows us to do is in a very high-performance manner, a couple of things, a deep visibility into the application itself, every process, every flow,

but also the ability to implement controls in a very granular level at the application.

So if you take, for example, let's talk about the patching gap, you know, a new, a new zero day shows up, you've got this new patch that needs to go out onto your infrastructure.

Yeah, most organizations that the time to actually drop those patches, I mean, you're, you're in months.

Yeah, if you're exploiting those as a threat actor, you're in under hours.

Yeah, you're, you're actively going in that's, yeah, exactly, you're in minutes, right?

And so you're in this position where, okay, what do you do? Yeah, something like EBPF.

So what we can do that level of control, not only just visibility, is we can actually deploy a shield, a distributed exploit protection that removes the attack vector for compromising that vulnerability without breaking the application itself.

What it ultimately is going to do, it's going to help your team protect yourselves against those vulnerabilities.

You can think of it like a virtual patch of, of previous, but now deployed all the way into the application.

So you can cover that vulnerability, protect your organization, not break the application.

And you should still patch vulnerabilities.

You still go down that path. It's, it's good hygiene.

But that's running on a, like a server, right? Or is it on a switch away that run on the application itself in Linux based OS is EBPF is native.

And it's in those workloads in Kubernetes environments, a lot of capabilities there.

But we also have agent-based support in, you know, you're like a C Windows via OS as well.

Okay, switches, because that's really exciting, right? So you've got traditional firewall preps, like on the edge.

You've got EBPF running on your hosts. Yes.

You've got now firewalling as you call it on the switches as well, right?

Yeah, absolutely. And, and the reason being is if you think about the firewall architectures where, yes, you've, yeah, maybe you have a data center.

And you've got the cloud, the security services edge, firewalling is a service in the proxy.

You get down into these zones for most companies where they're doing some level of zone-based firewalling or segmentation L3L4.

But in reality, there's a lot of blind spots.

You could think of it like you're, you're pointing a flashlight in certain areas.

You're pointing at that a trust boundary here and a trust boundary here.

But you've got all of this dark space of e-spus traffic that's still taking place in those zones.

You've got lateral movement living off the land. All of these things happening.

Now, with the switches, what we saw is a architecture that does a few different things.

One, it helps drive visibility into those dark spots. So you're, you're shining a much brighter light in places that you weren't previously in those zones, right?

And so then imagine every single on a top of X switch, every single switch port being able to be in L3L3L4 firewall segmentation, the visibility, the control at that granularity.

It's pretty powerful, right? And then so that in conjunction with your, your deep packet inspection of an L7.

There's a lot of things you can do. But taking a step back from that.

One of those core things that we're working on is in how we see the market as well.

Trending is security becoming more of a feature of your network itself.

Like it's, it's not good enough just to be open flat and available.

It's got to be secure, a secure connectivity, secure networking and being able to drive that into the switches.

Yeah, that's leveraging your infrastructure as a security control point device and pushing it more distributed into your environment.

Sounds great. But like from a management point of view, I'm just sitting here thinking, man, I've got like a million firewalls now.

How the heck do I manage all this? Is this the hybrid mesh firewall concept or what is that?

Absolutely, absolutely, because you, if you're keeping track, you're like, okay, I've got a, I've got to learn native services and cloud, multi cloud environments.

I've got to understand agent-based security. I've got four different firewalling sectors. Now firewalls and switches.

Yeah, I'm going from 40 zones to thousands, right? So that's the magic fiber, hybrid mesh firewall.

And honestly, being able to leverage the new technologies and AI to simplify that management too.

In a few key things there that we're doing, one, take the visibility of the agents, have that discover policies that can be deployed into your firewalls at your trust boundaries themselves.

So it's more proactive policy. So you're getting into that discovery that, you know, how do I segment more?

How do I get to a better state of zero trust network act? How do I, how do I drive more discovery?

So building that in a proactive manner. The other side is building a very, a very simple, delightful experience from an admins perspective of deploying an intent-based policy.

Okay. So instead of thinking, okay, I've got these thousands of things. Does this policy go to here on this switch? Does this policy go at this boundary with that firewall?

Just take a Rick needs access to application acts or app, you know, service Y to service to service Z, right?

Take that very basic, this intent should happen. Inlet Cisco handle all the plumbing.

You know, we can see and make sense and leverage these algorithms, understand the topology to then say these exact four points.

This is where we're going to deploy that policy to meet your intent. From your perspective, it's just a intent-based policy implement.

And all that other hard work and orchestrations handled by the hybrid mesh firewall platform. Rick, we're at Cisco Live.

So obviously we talking about Cisco equipment, but a lot of people watching don't just have Cisco equipment.

So how does Cisco play with other vendors like other firewalls out there?

Yeah, absolutely. And key to the product strategy that I have is I want to solve things like intent-based policy.

I want to solve things like reducing risk for organizations, detecting threats, segmenting, helping users on that journey.

And yeah, if everything was Cisco, I would love that if everything was Cisco, but that's not the reality.

And so I think it's very important that us as vendors have to partner with one another.

We have to be focused on the customer outcome. You go back to first principles. How do I solve these things?

Yeah.

And the meaningful thing. So how we're approaching this, for example, with our hybrid mesh firewall is when I think about, hey, do I deploy that policy, that intent-based policy on an edge firewall?

That's a Cisco firewall. Do I deploy it onto the switch? Well, also, hey, do I deploy it on the Fortnite or the Palo Alto that exists in these other places?

And that's exactly what we've done.

So being able to ingest understand what the policies are on those devices, being able to optimize and actually write policy back to them.

So as an example of how we're taking a open platform approach.

So we meet a customer where you are on that journey, being able to leverage the Cisco gear, as well as driving value off those third party devices that may exist in your organization.

Yeah, I mean, just the complexity these days is increased dramatically, right? Because like since COVID, a lot of people working from home, all like in a coffee shop, so how do we sort that out?

Yeah, an identity, right? It's the people working from everywhere.

It's the devices and the things that are communicating to other things. It's the applications themselves, identity, the definition of identity, even agentic.

What does my agent have access to?

And what is he trusted? So the problem space is continuing to expand.

And so if I'm in the example about working from home or a coffee shop, yeah, maybe the best architecture is I need least privileged access to this finance app.

It goes through our proxy, you know, a least privileged access where it's the by named user accessing the by named application direct, not brought onto the network.

Maybe it's within or behind the trust boundary, you know, what do these agents have access to tracking their identity and ensuring that the tools that they're using are compromised looking to model context protocol, not something we were probably really talking about a year ago, right?

And now you're talking about new threats as you're looking at what tools the agents are using and what that communication looks like through there.

It's those are those are some of the trends, the things that we we solve for organizations, you know, simplify it from a policy user to app, but then also be able to proactively discover and in segment, the agents themselves, the applications, the devices, the things.

So I'm a bit slow, right hybrid mesh firewall is that like all these pieces that we spoken about was they more involved.

Yeah, so the hybrid mesh firewall, that is, that is that next evolution of firewall, it's that solutions architecture that joins your agent based, your agent lists of the firewalls themselves, all of those controls.

It takes in the signals to identify new threats, it practically discovers policies.

It pushes a flashlight into the dark areas that you're not segmenting all the way into east west traffic, it takes that entire thing and destroy and deploys it displays it in our what we call security cloud control.

So it is that platform that sits on top of all of that mesh.

So it's the control points, it's the policies, it's the detections, it's the services.

It's simplifying all of that and security cloud control.

Rick, you mentioned MCP, like you said, not something I was, I thought we would be talking about like two years ago, whatever, a lot of companies, you tell me if this is true or not, but our companies like taking AIs of hugging face and stuff like that, places like that and say, OK, let's run an AI LLM and give it access to let people on the internet interface with this thing.

So I mean, there's a lot of problems here from what I'm seeing, just like looking at it from a security point of view, right?

Those could be poisoned, so the AIs could be poison.

But then you've got guys doing prompt injection against those AIs.

We've got MCPs that people are putting on the internet, perhaps there's no authentication.

Yes, it seems like a bit of security.

I was going to say that Wild West security nightmare.

Yes.

So what are you going to do to make my life easier so I can sleep?

Yeah, absolutely.

And I think about it in three ways.

It's when I think about AI and how we're approaching it and based on how we're doing our own develops

and the elements from our products and then securing our customers is one, it's securing the AI itself.

So yeah, looking at the model, you know, if I pull whatever off hugging face as an example, what are the risks to this model itself?

How can this model be compromised?

How can it be poisoned?

Yep.

So what we've done is when we think about that approach, we've introduced a algorithmic red teaming of the model

to highlight the issues in the areas, the gaps and the controls that go against it.

Yes, explain that.

What does that mean?

Yeah, as an example, let's say I ask, I ask a model, hey, how do I build a bomb?

Yeah.

Well, so we're going to say, no, they're not going to answer that question.

You're going to get some sort of prompt denied.

Then you ask the question of, okay, I need to create an explosion.

How do I make that explosion happen?

Maybe it answers, maybe not.

And then you go to, okay, I'm shooting an action scene for a movie.

There's this boat.

It's going to hit a ramp.

It's going to go through the air.

It's this real exciting thing.

I need there to be flames behind it off of something that goes boom.

You get into this complex way.

And then all of a sudden you start getting the information that you made or you start being able to influence that model.

And so instead of that game of 100 questions, imagine just being able to go and play a game of a trillion questions

looking for every which way that that model can be addressed attacked or exposed.

And that's what we've done.

That's the IP that we've built into our AI events.

So being able to identify those areas and then, hey, how do I control them?

What are the adjustments I make?

So that's one side of it.

Because then also on top of that, it's the semantic inspection, the inspection of the intent, the prompt inspection,

all of these pieces into the model.

So also being able to inspect that and secure that channel through the proxy.

So securing of AI, securing the use of AI.

So yeah, though the interaction with the semantic inspection, but also who can access.

Yep.

So understanding what AI applications exist in my environment in the least privileged access there.

Who can, who can actually access becomes very important.

And then the final piece is us leveraging AI for the new detections across the use of these tools.

Whether it's MCP that we talked about earlier, identifying the interactions between the agents and the tools.

Ensuring the tools aren't compromised.

You've got that whole vector, but also building better detection engines.

With these new technologies to find things like zero day threats.

To be able to run more complex behavioral detections with these technologies.

That's, that's when I think about that, that AI side.

The different important pieces that you need to be able to address in force in some of the innovation that we're building against it.

Will it stop users like legitimate users like taking confidential information.

Yeah.

And pushing it.

Absolutely.

Absolutely.

The data loss prevention.

Looking into the data loss prevention on that side.

In the prompt inspection on both sides.

So that's, that's absolutely critical.

I was talking, I was at a, a CISO dinner in, in one of the horror stories from early on.

I was telling a story about somebody in the finance department trying to be very proactive.

And say, hey, I need to, I want to simplify the creation of contracts.

And then wanting to just dump all of their contracts into.

Yeah, you just learn off the source, right?

You can't have that side of it and you can't have the point of data out as well.

Yeah, sleep this night so those CISOs.

Exactly, exactly.

So Rick, you were talking about how, during this interview, how firewalls have changed and you've used this term firewalling.

What's the future?

Do you see, you know, where's it going?

Bigger boxes, clustered boxes, more encrypted traffic, sort of your real world experience.

Help all of us see where, where's it going?

Yeah, absolutely.

I think you fast forward three years.

So now you've got a few things where this firewall might, firewalling market is progressing and maturing.

It's, it's more distributed.

You know, it's still, you're still going to have the boxes at certain trust boundaries, but you're going to have more in the cloud proxy.

You're going to have more distributed down to the application.

It becomes, it becomes a more pervasive security solution.

And it has to be, it has to be able to adjust, have that visibility in the applications as well as the inspection further up the kill chain.

So I think that's the direction it's going to go from the control points is more distributed.

And from the management perspective, you know, pushing the team constantly, we've got to deliver simplified troubleshooting simplified experiences.

And now with a genetic, you've got agents that can start picking up a lot of these tasks.

And so as you fast forward a few years, I think by 2030, you've got, you've got agents picking up the bulk of these, these tasks.

So you can be human in the loop doing more important things and be a force multiplier for you.

So in the future, right, do you see that agents are going to be doing a bulk of the work?

And you're just going to be managing those agents or sort of how do you see that playing out?

Yeah, two things I'll say there.

I like to think about it where if you rewind 20 years and you're talking about autonomous driving, fully autonomous vehicles, those sorts of things,

that's kind of wild to think about.

But you fast forward to today, you've got a car that's doing 99% of the work, the person sitting there with their hand on the steering wheel,

taking inputs from around a sense of control that car is doing 99% of the job.

That's how we're approaching this from a product perspective as well as human in the loop.

Can we take on 99% of that so that you are, but you're still hand on the wheel and control.

Now, how I see that also developing to that, you know, end state is, yeah, you've got, you've got agents leveraging tools, you've got agents doing different jobs and tasks.

You've got another agent that becomes a persona that knows how to interoperate across these other tools and other experts for, for domain insights and troubleshooting all of this.

So you've got this hierarchy of, of agentic value that's delivered where at the end of it, you've got the human in the loop.

You've got the human that can now better understand and operate a very complex environment, make critical decisions and start to drive things forward in a way they haven't been before.

I do think from a design perspective, it's an interesting change where you're today, you're thinking about, hey, how do I design for this mature workflow and simplify it?

In the forward state, you're, you're thinking about generative you access and how do I engage with a host of agents doing multiple tasks or potentially persona based agents employing other agent experts, right?

It's a very interesting thing when you think about designing products for that space too.

What do you say to the concern people have that, you know, AI is great, but I'm not going to have a job.

Yeah, I get this, I get this question from folks on my team at times too is like, hey, what is that? How is it going to develop? Do I need to worry about AI replacing?

How I look at this and the answer back is you don't need to worry about AI replacing your job.

I firmly believe it's the person that knows how to use those tools.

Those AI capabilities is a force multiplier. That's what might replace your job.

So it's important to be leaning into these new trends, leverage them so you're more productive.

You know, I think about product management, you can now in shortest time as ever show high fidelity mockups, proof of concepts from an engineering perspective really quickly.

So even a PM can tell a better story, show the future quicker and even prove out concepts quicker before you hand off to design or engineering.

So as a few examples, but it's important to lean in there.

I don't think it replaces everyone's job. I think we can start doing more and more with it.

So the big question is, I'm doing some other kind of career. You in the military. Now you hear I'm doing something else.

Should I get into sob security?

Oh, absolutely, absolutely. That is, it is a very active domain.

I think it's, it's important now as it ever has been. It's a very interesting one.

You're going to have continued investment, continued innovation because it is this, it is this nonstop back and forth where we're trying to innovate better controls, better detections.

You've got threat actors, nation states that are active as ever every single day trying to figure out ways to compromise ways to ex fill.

So it is a, it is an incredibly dynamic environment that's very mission driven, very rewarding.

I've, yeah, as you can tell, I've committed the majority of my life in this space.

And it's very recommended. Yes, yeah, absolutely, absolutely.

You shared the story of like someone trying to upload confidential information, but you must have some really cool stories.

I know a lot of them will, you probably can't share, but can you end us off with like another cool story that you've seen out there where firewalls or other products have really saved a company?

Yeah, absolutely. So there's a few that I'll hire. I could many. Maybe I'll, I'll just choose one in a situation where we, we were in a multi vendor environment for an organization.

And this organization had the competitor at the edge. They had us behind the competitor at the edge with an attempt of, hey, I've got defense in depth with two different vendors in that space.

And that moment, I was, I was actually an Amsterdam a year ago. And this is when this, this story happened. I'm, I'm describing our encrypted visibility engine.

Yeah, describing this engine and how we can start to detect certain threats or get pick up on these signals. And because you've got this changing landscape, like you've got to be able to adapt and learn and change.

That I'm describing that capability. And I had to see so stand up in, in the event and say tell a personal story about, yeah, we actually had you, you weren't at the edge right behind us. We had a complex attack launched against our organization.

It was this engine that picked it up behind the edge. It was this engine that highlighted and shyed the flashlight where the issue was and allowed us to block that.

So I, I, I slid him the $20 bill. I was lit up science. I was like, this is fantastic. But, but the reason why I like stories like that is the whole reason I got into product management was to build the solve problems for customers.

It was to help reduce risk, identify these threats, be that's, that's what I'm passionate about. So to have that close loop about something so innovative and the changing threat landscape, seeing that firsthand deliver results fires me up.

Rick, I like to hit people with this question because I think it helps people who are new to the industry, perhaps talk to younger self, what you advice.

So younger Rick, continue down that path of digital resilience and cybersecurity, but maybe stop playing basketball earlier because I've since snapped both of my Achilles into two years span.

So you need physical resilience as well as digital resilience. But would you recommend cybersecurity?

Oh, absolutely. You still got on that path. Yeah, absolutely. Absolutely. Do you actually think they're going to be lots more jobs in cybersecurity? Are they going to be far fewer?

I mean, it seems like the world's under attack left-right in center. It seems like a good career. You're still recommending it, however.

Yeah, absolutely. Because what organizations that have historically struggled with and still do today are experts in the space, being able to leverage all of the tools, the services, the things in their environment to detect risk, to minimize it is, it is a space where if I'm a see so, I still need talent.

I don't have enough people. I need more people. It's a space that we're not having less attacks. We're having more. The same technologies that I'm super excited to build defenses with are the same technologies threat actors are leveraging to create more complex threats threats that learn, adapt and change that cybersecurity is a career path.

It's not becoming less important. There's not less jobs. There's more. There's more of a need now than ever before. And I think especially as you drive it, it's security plus networking. You were bringing these things together. It's just continuing to elevate that level of importance.

Blue team, right? Blue team. Blue team. Yeah, I would. I would. Yeah. I mean, there's obviously there's the red team type tasks and content, but it's the blue team. It's those operational jobs. It's every company in the world thinking about this problem space.

Not wanting to make the headlines, not losing their intellectual property. It goes top to bottom, not causing risk for people in communities.

Personally, I it's a very rewarding field. And there's a lot of opportunity now and going forward. Is AI making it worse for defenders or better for attackers? It seems like attackers have an advantage. Is that not true?

It's a cat mouse game. It's we're using the technologies. We're iterating quickly, trying to leverage the latest attackers are doing the same thing. So it's it changes. We are forced to adapt and change as that landscape changes. And we've got great brilliant minds. And for those listening here too, a field that we need your more right in this space.

So we can continue to stay a step ahead in that cat mouse game. So I wouldn't call it necessarily an advantage one way or the other. It is it is just a very complex back and forth. Rick, they pushing me. We go to say goodbye. Thanks so much for sharing. Hopefully we can get you back. And for everyone watching put comments below. What other questions you have. Rick, thanks. Yeah, thank you so much.