Cyberattacks aren’t just about hackers in hoodies anymore. Today, we’re up against professionalized, well-funded organizations that run like businesses. They use AI to crack defenses, run labs that simulate the tools we rely on, and rake in trillions while defenders struggle to keep pace. The scary part? Even the strongest companies and governments can fall behind when the threat landscape moves this fast.
My guest, Evan Powell, has spent nearly 30 years in the cybersecurity world. He’s the founder and CEO of Deep Tempo, and a serial entrepreneur who’s helped industries from cloud data to resilience engineering make big transitions. Evan knows what it looks like when attackers have the upper hand, and he’s seen firsthand how enterprises try to shift the balance.
In this conversation, Evan explains why compliance checkboxes aren’t enough, why raising the cost of an attack is often more realistic than stopping one outright, and how AI is reshaping both sides of the fight. He also shares the creative ways defenders are adapting, from honeypots to sock puppets, and the simple steps every one of us can take to make life harder for attackers.
“Attackers are making trillions of dollars a year these days, while defenders are spending hundreds of billions. On the whole, we’re losing” - Evan Powell Share on XShow Notes:
- [00:57] Evan Powell introduces himself as founder and CEO of Deep Tempo, with nearly 30 years in cybersecurity and tech innovation.
- [02:39] He recalls a high-profile spearphishing case where the CIA director’s AOL email and home router were compromised.
- [03:51] Attackers are professionalizing, running AI-powered labs, and making trillions while defenders spend billions and still fall behind.
- [07:06] Evan contrasts compliance-driven “checkbox security” with threat-informed defense that anticipates attacker behavior.
- [09:40] Enterprises deploy creative tactics like honeypots and sock puppet employees to study attackers in action.
- [12:22] Raising the cost of attack through stronger habits, better routers, and multi-factor authentication can make attacks less profitable.
- [15:01] Attackers are using AI to morph and simulate defenses, while defenders experiment with anomaly detection and adaptive models.
- [20:56] Evan explains why security vendors themselves can become attack vectors and why data should sometimes stay inside customer environments.
- [24:50] He draws parallels between fraud rings and cybercrime, where different groups handle exploits, ransomware, and money laundering.
- [26:29] The debate over “hacking back” raises legal and policy questions about whether enterprises should strike attackers directly.
- [30:18] Network providers struggle with whether they should act as firewalls to protect compromised consumer devices.
- [34:59] Data silos across 50+ vendors per enterprise create “Franken-stacks,” slowing real-time defense and collaboration.
- [37:28] AI agents may help unify security systems by querying across silos and tightening the OODA loop for faster response.
- [39:10] MITRE’s ATT&CK framework and open-source collaboration are pushing the industry toward more shared knowledge.
- [41:05] Evan acknowledges burnout in cybersecurity roles but sees automation and better tools improving day-to-day work.
- [42:59] Final advice: corporations should rethink from first principles with data-centric solutions, and consumers must build protective habits like MFA and secret family phrases.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Evan Powell – DeepTempo
- Evan Powell – LinkedIn
Transcript:
Evan, thank you so much for coming on the podcast today.
Hey, thanks for having me, Chris. I appreciate it.
Can you give myself and the audience a little bit of background about who you are and what you do?
Absolutely. Currently, I'm the founding CEO of Deep Tempo. I'm a longtime founder, a technologist who builds companies primarily to help big enterprise, telco, national government, those sorts of folks. Over the last few years, it's been cyber, cyber, cyber, with a little bit of fraud, anti-fraud, mixed in.
How did you get into cyber?
Honestly, I was at that point in life where I knew I could do another company. I was looking for what should be the mission and brainstorming with—I think she's amazing, my daughter, and on approaches. At first it was, “What can you do about the climate, dad?” I struck out on that one. I'm not sure that my expertise fits.
“What can you do about this digital commons thing and how it's getting attacked?” That one struck close to home, given my background, and so I decided to focus on cyber. I did have a company in cyber in the past that's now a big open source project called StackStorm. Again, it was close to the strike zone.
Nice. Before we get too deep into our discussion today, I like to ask my guests that are in cybersecurity counter fraud, counter scam, a story of have you ever been a victim in one of those fields. Because if you and I can't get it right a hundred percent of the time, the audience shouldn't feel ashamed or embarrassed if they can't get it right a hundred percent of the time.
Yeah, no, absolutely. This story is of somebody I know, so knock on wood. This didn't happen to me. Long story short, a pretty senior position person. Their home router was hacked. The way it happened is somebody basically pretended to be support for that cable company. They were able to also intercept the email being sent, the reset email, to their AOL account.
It did make the news. That person was the head of the CIA at the time. It does happen to everybody. It has happened repeatedly to folks who really do know better, but we're all vulnerable one way or the other.
It's particularly challenging. I'm not too familiar with the story, but I assume he was not just a random target, but he was spearfished effectively.
He was effectively spearfished. Yeah, it was a campaign of folks. It was actually more like hack service, if you will. I think the particular attacker may have been a teenager, but of course similar things are happening with even more efficacy today. As opposed to you having to somehow change your voice, why not use your voice if you're an attacker or literally spawn an alias that sounds just like the person's systems you're trying to get into? It's gotten worse and more likely, unfortunately, in lots of ways.
It is a very, very tough world that we live in on this digital front.
Yeah, it really is. We're privileged enough to be brought in as relatively—at Deep Tempo—relatively young company, but we're in some environments where very smart people have worked their entire career to protect themselves and their environments from advanced attacks. They've fallen behind, and they have been successfully attacked. Unfortunately, at least as I see it, the cybersecurity market is, on the whole, despite $250 billion of spending a year, on the whole, we're losing. Native attackers are making trillions of dollars a year these days.
When you're talking about $250 billion, are the attackers spending the equivalent or do they have some advantages capital-wise or outside of capital?
It's funny. From Silicon Valley, I was at this event yesterday and somebody asked that question like, “Why are the attackers winning?” I'm like, “They're better funded.” Like, “What? What do you mean they're better funded? They have VCs?” I'm like, “Well, no, but if you're making trillions of dollars a year in ransomware and other payments, then surely some of that goes into systems and into your team.”
Of course a lot of these teams are not in high-cost Silicon Valley often, so they're able to get really good teams who are professionalizing attacking. They're able to set up environments like, “Hey, what's a very common firewall? OK, let's make sure we get copies of that firewall. Let's set up an AI-powered lab and let's simulate a tax that circumvents that firewall.” They're smart, professional, motivated, and whole well funded, unless they're spending all the money on boats or something like that.
Or drugs.
Or drugs, yeah.
Other illicit behaviors would not surprise me.
Correct.
When you're in a company and you're trying to provide a threat against a vastly superior army, so to speak, what in the world do you do?
It's a great question. I think there are two classes of approaches. I'm old enough that I think I get to be cynical—I don't know—so just bear with me here. Two classes of approaches. One, you do the check boxes. I call that CYA, or you might call it compliance-centric approach to security, which is to say you've shown, you've taken steps, and you have checked the boxes. If it happens, (a) Maybe you've already moved on to another job; (b) You can at least say, “Hey, on my watch, we bought all the expensive correct products, we went to the right training. I don't know how this could have happened.”
Two, there are a class of, of course, users. I think maybe all of us fall into this. We can't just check the box, we have to think it through or understand it from first principles. There, what's going on is something called threat-informed defense, where the surface area of today's enterprise is vast and getting bigger. It's almost impossible to put thumbs in every hole, in every dike. What you might be able to do is learn what the attackers are doing, anticipate that, and behave accordingly. March for your forces to put lots of thumbs and lots of holes in this particular dike because you're pretty sure that's where the water is coming from.
It's impressive. Once you go behind the scenes, it's not as if the big enterprises—at least in the US and in Europe—are standing there or just checking the boxes. A lot of them are being really creative and trying to figure out where the attacks might come from so they can anticipate, but they're having to refactor their security stack. They're having to move away in many cases from traditional prior generation security systems, take a data-centric approach, and really think creatively about, again, threat and form defense.
When you're the defender, how do you learn about what the latest attacks are other than by going, “Hey, what was that?”
Yes. This is where it gets really fascinating for me. At Deep Tempo, we don't necessarily do this per se, so it's not at all a sales-y thing. They, being the defenders at scale, do all manner of stuff. One thing is there are systems out there that are monitoring interesting web addresses and then trying to draw the provenance, like who set up those web addresses and trying to get back to attribution, like who are these potential attackers and keeping a real eye on them. Some of that is government, but some of it is big enterprise, and some of it is so-called threat intel vendors. That's part of what they do.
A good example, I know a couple of large enterprises in the US. You and your listeners probably have heard of honeypots, where you dangle a website out there or something and see if somebody attacks it. Based on that, you learn how do they attack. There's the next generation, if you will, of honeypot. It's sometimes called a sock puppet. We're talking about how, for fraud and cyber, people might call you with, unfortunately, your daughter's voice.
How do you honeypot that behavior? An example is they will have fake employees with employee records, LinkedIn, the whole thing. You create a persona of a fake person, see them get attacked, and then now you're starting to see the footprints of the attacker. It really is a pretty fascinating area.
Like you're talking about fake employees, I had a friend who worked for a company that was one of those companies where lots of people wanted to work for the company. People would do weird things to try to get in front of the HR person. They had a public-facing fake HR persona. You dial onto the phone system, you go sideways, and you get to someone else. “I was really trying to get a hold of Evan in HR, can you transfer me over to Evan?” Everybody in the company knows that there is no Evan in HR. If anyone ever asks for Evan in HR, you know that they're lying.
Right. That's perfect. It's those sorts of activities and there are others. There is a lot of creativity, and yet again on the whole aggregate level, we're probably “losing.”
What are the lessons that we can learn to get us back to a place where the adversary does not have the winning hand at the time being?
Think about how to increase the cost of attack. It's not necessarily about making it impossible—that’s a high bar—but make it such that the ROI, if you will, will be upside down. -Evan Powell Share on XOne thought, and this is true in anti-fraud and in cyber, is to think about how to increase the cost of attack. It's not necessarily about making it impossible—that’s a high bar—but make it such that the ROI, if you will, will be upside down. We've all gotten the training, the ads, and all of that, but locking down your home router, shifting from whatever your mother's maiden name to multifactorial authentication. Doing these things, they protect yourself, but they also prevent your system from being used for subsequent attacks.
Just this year—this is based on CloudFlare data; it doesn't really matter—but the denial of service attacks from US compromised routers is up 300%-350%. It's tough. Now you're an enterprise, you're getting the receiving fire. “Who are those people attacking us? Well, it's John Smith in San Mateo or whatever.” It's my neighbor here about why because we've been compromised.
I will say, without disclosing anything, but there have been public reports about this as well, there's a good amount of FUD—fear, uncertainty, doubt—about TP-Link to name a name, Chinese home routers. There is some real evidence that they are more susceptible to being used as well by attackers. It's probably worth, when you're on Amazon upgrading your home router to maybe pay a few bucks more, just so you can sleep better at night and know you're slightly less likely to be used as a pawn in this bigger game.
To me, that's really a horrific challenge for corporate America and consumer America, that the devices that are easily commercially available for residential services, the devices that are provided to us by our cable companies are just, the manufacturer says, “OK, we're going to build this, we're going to ship it, and if we discover two years down the line that there's a security hole, eh, oh, well, we're not making that router anymore.”
You've got corporate America who's now the victim of all these compromised routers, residential and consumer America who my parents aren't going to know—“Hey, you’ve got to keep the firmware and your router updated.” “What even is firmware, let alone how do I keep it updated? Does the manufacturer even supply updates?” A bit of a challenge of knowing there are multiple people that have to have responsibility.
Absolutely, yeah. If we all do a little bit more, it gets a little bit harder for them. Again, the wall they have to get over is that much higher. That's great. I think it helps. On the enterprise side, there's a lot of evidence that attackers are now also using, as I alluded to before, AI, to morph. Why wouldn't you? You'd vibe code, better attacks, and then you'd probably build a simulation environment where you know what the defenses of target A or B might be.
If we all do a little bit more, it gets a little bit harder for them. Again, the wall they have to get over is that much higher. -Evan Powell Share on XThis is one reason, by the way, that security professionals often, on their LinkedIn, are missing because they don’t—why would I tell you all my experience? Now, probably what I'm using to defend enterprise X. Now you train your system to get around what I'm using. You've got to obscure your background.
There are approaches to use AI in creative ways as well to be able to really see even very advanced attacks. That's of course what I'm spending my life on, but approach is promising. You've got to decide, are you a checkbox CYA person? From first principles, we're going to get the data. We're going to take the right actions to prevent, to detect, and to respond. If you refactor from first principles, you will drive up the cost of an attack massively. That's what we see happening amongst some of these organizations that you might imagine and we all know about.
You're talking AI. I couldn't help but think back to honeypots and sock puppets. Are there defensive AI sock puppets that look at the attacks and say, “OK, how can I make this more expensive for this person to try to figure out my fake surface?”
Yes. Yes, indeed. One approach is to actually come up with super high fidelity understanding that is adaptive of actually just what's normal. If you can really understand the surface of the ocean, if you will, and then be able to distinguish, “Is that a submarine, a whale, or just a wave popping out of it,” you've got a good shot. Models are good. You give them normal data. There's a lot of normal data. There are massive amounts.
You can build models that get really, really good at so-called advanced anomalies detection, and that's a somewhat state-of-the-art approach. You can also do things like what you see in companies like Wiz, which is now about to be part of Google at a $30 billion-plus acquisition. They're doing something where they're looking at threat and form defense. Unfortunately, there's ever more vulnerabilities.
At any enterprise, you're like, “Cool, cool. We have more vulnerabilities than we have time and people to patch them. What do we do?” There are some AI that you can use to help you prioritize which ones to go fix, and then there's now AI to fix them. At some point you need a human in the loop. Of course, this all has to be locked down because even from what I've just said, those are attack vectors, big time. Security companies getting attacked is a thing. Some of them, of course, caused problems in the global economy over the last few years. You have to be very, very security-conscious. It is promising, some of what's happening today.
I suspect companies that provide security infrastructure really have to have their own really good security infrastructure. If I can compromise your security infrastructure, I now get access to all of your customers, all their platforms through you.
Yes, and/or as a startup, there are these architectures where even if you get attacked, you can't become secured. For example, SaaS, which is what we're referring to, where the customers send you their data, you have also data about their environment, and you have to be really trusted.
Another approach which is to basically put the intelligence in the customer environment, let it run and not bring back anything that needs to be secured. That's a pattern that we're seeing, but you've got to think about it from first principles again. If you are pulling proprietary data back or being given the keys to the kingdom there, you can't be an attack vector. You've got to be really smart about it.
Got you. In comparing cybersecurity to fraud, are there parallels that we can draw and lessons that we can learn to apply back to each other?
Yes. The question back to you would be like, at what level? Certainly from the tech standpoint, what folks have we do, or Stripe, as an example, what are they doing? They are building these models to see what's normal, to be able to flag what's anomalous very quickly. The Overwatch use case and the technology is very, very similar. From an individual standpoint, the same thing that will be used for fraud can be used to get into your system.
Red teams use very similar techniques. If you're hired by an enterprise to try to see if you can get into that enterprise, you will do social phishing. A social phishing is what you use also to get into somebody's bank account, let's say. You do something similar to try to get through the door into the lobby of an enterprise and somehow get to a USB and exploit the environment. It's tricky from that standpoint because again, AI is being used also just to research the targets.
For me, historically on my LinkedIn, I mentioned, I'm a Georgia Bulldog fan. If somebody shows up, they're a Bulldog fan, and they build social trust with me and so on, I guess I should make sure to ask them specific things about where were you, but it's that thing. You've got trust but verify for sure to defend yourself from either fraud or phishing.
I know with the fraud rings, they've often gotten pretty decentralized. It's not one crime entity that's doing everything from the phone call to transporting money out of the country, but they've got, “Well, we've got this group of people that we're loosely affiliated with that. These are the couriers that move the money from one bank account to another bank account. These are the guys who get the consumer to give up access to their bank accounts. These are the guys that get money out of the country.” Is that thing going on in cyber? If you can disable or fight against one little piece of the organization, does it take out the whole organization?
Yes. Something very similar is apparently happening in cyber. For example, you can buy an exploit for a particular enterprise. Here's a front door or back door actually, or I don't know. So cool, but they will sometimes then sell. What will happen is qualified attacker will get in or maybe leave a backdoor for themselves and then sell access to a ransomware organization. Yeah, you have this professionalization, often not the same organization.
There is a policy debate at times in the US about whether a certain class of enterprises should be allowed to hack back. It turns out, a lot of the environments of these cyber criminals, like you can find them on the dark web, they have exploits too, vulnerabilities too. There's a web server. Why couldn't we take down that web server? It's illegal for the US enterprises to hack back in that way. There is some thought that, is this the take-the-gloves-off moment in the US? It's beyond my pay grade to figure that one out. It's a big policy debate, but it's pretty interesting to think about.
I've definitely seen news stories of instances where the government entity is the lead on it, and they work with Microsoft. Maybe it's not Microsoft. They've identified, “Hey, there are these hundred thousand machines that have been compromised. Because they've been compromised, we can go in and patch them.” It's, “Hey, we're just going to go in and patch people's machines for them.” It'd be like, I'm torn by whether or not we should be doing that or not. Clearly if we do it, we reduce attack vectors, but we don't have permission to go onto this person's machine. They didn't authorize us. It is this weird gray area and then even more so when you say, “Hey, let's take the fight to the adversary.”
Yes. The adversary that we bump into that of course is in the news a lot is out of China or some set of adversaries. There, it's something I hadn't really thought about, but I suppose it's pretty obvious, but the great firewall, this approach to censorship and to really limiting the free flow of information in and out of some of these regimes.
That also makes it harder to hack back, even if you're not hacking back, to really try to ascertain provenance or attribution of the attacker. Why? We can't be looking at all the packets, but we're looking at the packets coming and going. That can include like, “Hmm, there's a lot of stuff coming out of Langley.” It wouldn't be that obvious, but you get the idea.
“Why is somebody port scanning this potential attacker within China?” My point being that because we have a much more open internet than other parts of the world, we're just more susceptible. The government doesn't have an as obvious of a break point where they can actually see everything coming and going, which makes it tricky.
This will be a touchy question: Do network providers, do you think have an obligation to do preventative network stuff? Let's put it down on, ‘Hey, I'm cable provider A. It's easy enough for me to see all my customers being port scanned. It's easy for me to know, in theory, what should or should not be happening on residential computers. Should I, as part of the service that I offer, act like a firewall? Should I actively be aware that, hmm, gee, this customer's computer is clearly compromised? Do I have an obligation as a network provider to do something about it?”
I would like to think so. That said, it is tough. On the one hand we can say they do have the ground truth. They do have the data coming. They have metadata. They don't necessarily have your voice call, but they have information about it. With that, I can tell you very much firsthand, you can find attacks.
That said, (a) We're talking almost unimaginable quantities of data that they have to sift through; (b) The ways in which their customers break their devices is so hard too. They're not the network provider's devices. We can do stuff that is shocking or at least unexpected and then see they are for sure an obvious attack vector for nation states. They're in the crosshairs. They have the data and their customers are doing crazy stuff. It's a very challenging problem.
One model we've seen is them starting to offer a little more beyond the last password or those things. We've noticed something strange, and then sometimes even offering a platinum-level protection. That's one option. I have tremendous empathy for them having seen the sheer amount of data systems that they bought just to retain the data about what we're all doing online. It's fast and hard to handle, but I'd like to think they'd step forward a little more.
I guess it's a little bit of a double-edged sword because if I ever got a phone call from someone claiming to be from my internet service provider saying, “Hey, one of your computers is compromised,” the first thing I do is just hang up on the phone call because I don't trust you. Why would I trust that phone call? Because that phone call usually leads to a compromised computer, not the other way around.
Right. Yeah, I actually wish more people had that instinct, but yes, a hundred percent.
All of those things are just super, super challenging for organizations. Do you see a direction or a time coming where the tide can be shifted, and how would that come about?
Right. I do. At some level, what we talk about is the OODA loop, not to geek out a little bit. I have a dark memory, but I remember when 9/11 happened. General Powell got up there and said, “We're going to get inside the OODA loop and reassure.” Of course, I think everyone was looking up like, what is an OODA loop? It's basically the speed at which is observe, orient, decide, and act. And we can.
Some enterprises, some government entities for sure build these loops, where they can see an attack starting to emerge, adjust their defenses. If they do penetrate, see it very quickly before an exploit happens, and then really learn from that so that they're even better prepared for the next one. Potentially, I was in a meeting yesterday with two big failed banks. What they're trialing is a federated learning approach. Now you have safe ways to share information.
There is some of this happening pre-AI, the more manual and just sending data back and forth, but now sharing the intelligence amongst models to tighten that loop. That's what I'm working on day to day. I think that's part of the solution. I think a lot of it is what we've talked about, which is hygiene at some level and just constantly updating that and upping that.
A lot of it is somewhat generational in security. Having more technical data-centric buyers of cyber systems, they naturally want to see, like, “Show me it working,” as opposed to, “Oh, it checks this box. I'm good. I can go home at night.” There's a bunch of things happening. I think there's an awareness of the problem. There's nothing we can't do if we set our minds to it. We will get there, but it'll probably get worse first before it gets better.
I'm trying to figure out how to phrase this in a way that makes sense. I'll give my little rant, or not a rant, but CloudFlare works to protect a whole bunch of websites and millions and millions of websites around the world, maybe billions, I don't know. Part of the reason why they could be effective is because they have so many customers.
Once you get a sufficiently large data set, it's easier to start seeing, “Hey, we saw this anomalous pattern over here, so we can learn from it and not impact something over here.” The opposite of that is one of the challenges within the cybersecurity space is that there's so many vendors, so many platforms, and if they're not working together, “Well, we saw this, and we're going to keep it to ourselves to protect our customers and not spill our secret sauce”? Because of that, this other vendor doesn't catch that issue?
It's even worse than that. I think the average number of cybersecurity vendors for mid-to-large enterprises in the US is 55 or something. Traditionally, these have all been vertical stack companies. This is this notion of the Frankenstack. It's basically, “Oh, you want us to help protect from that attack, great. Put an agent on the system, we control the wiring, the format of the data coming back. We have a place to store the data to make sense out of the data, and we'll present it back to you. This is what we found.” Then you end up with dozens of these.
They're not actually saying, “Oh, wait a minute, you saw that over there? I'm seeing this over here,” and you're reinventing the wheel. The shift and one reason I have hope is companies like Snowflake. It was a partner of ours at Deep Tempo, but others that do these data lakes are in the ascendancy in the enterprise. We've now got enterprises saying, “Yeah, yeah, yeah, security vendor,” but all the data will go into one place. We will ask questions of the data as opposed to putting tens of thousands of alerts in front of a human and asking them to be a correlation engine all the way up there or some existing rules-based system. It's a data-sharing issue amongst enterprises, but also very, very much so within enterprises for better and worse.
It's like, well, if we could all just get along, we could do better, but we're competitors. Maybe we can't. It's a challenge. No one wants to be the guy that says, “I'm willing to go away so that others can be better.”
Right. No, exactly. These systems have built themselves in a way so that your careers often feel tied to why you use a normal query language, just basically how you ask questions of the underlying system. “No, I'll come up with my own.” Now you as a user of me, you have the skillset. I know how to use this product.
“When renewals come up, should we continue to use that or buy something else? I know how to use this one.” Thankfully, that's another area where AI may be helping. Basically, you have these agents that just ask questions of the underlying systems. They can help unify at that level. We've got to unify the data layer, but also we're starting to have agents that can ask questions across systems. The silos one way or the other cannot stand. We've got to share the info, the intel within orgs and amongst orgs for sure.
The silos one way or the other cannot stand. We've got to share the info, the intel within orgs and amongst orgs for sure. -Evan Powell Share on XIn the cybersecurity vendor space, are there organizations or groups of organizations that are starting to come together to do that?
There's actually an enormous amount of sharing that happens. It's on the one hand a very traditional industry where a lot of decisions are made top down. On the other hand, there are things like DEF CON, which we just attended in Las Vegas, which is very open-source focused. It's just an enormous number of practitioners talking about what works and bragging about what works.
Of course.
From that, there's a lot of really interesting tooling out there that's open source. Shout out to a company that's a nonprofit that's been around since World War II, which is MITRE is what it is. It's basically associated with MIT.
MITRE is an unbelievable source of knowledge about what's occurring out there. They do get some funding from the US government, but also private entities. They've, for example, “classified” a vast majority of attacks that have been seen, that have been classified into this schema called the MITRE ATT&CK schema. It's totally open source, totally free for a developer or an enterprise to use.
There's a good amount of sharing of knowledge that is occurring. But when it comes to the actual sharing the data that makes a model smarter and near real time to tighten that OODA loop, we're moving it. Let's update the website so then next week someone can read the website. That's a little slow versus the attackers using AI to morph their attacks. The challenge is how to take that rate basis of open-source information and practices embedded in systems that can act closer to real time.
It seems like anyone who has a job in cybersecurity has a very safe career path for at least the next 10 years.
I think so. I think that's very true. There is a lot of fear around the LLMs, agents taking level one security. There is an infinite amount that has to be done. I think everyone's productivity is booming at the same time that the lower level tasks are being automated.
Ultimately, that probably results in people doing, if you take the frontline work away from me, and now I can do tier two support and tier two stuff, me as a developer, an engineer, whatever, I'd much rather do the tier two stuff than the frontline stuff.
Absolutely. Yeah. Burnout is a huge issue. I don't know the stats, I think, as compared to even other IT jobs. You can imagine why. Security, who really talks to them until they tell you stop doing something or bad things have happened? It's one of those two things.
Is it constant training, or things are on fire, we'll be back with you in a minute? It's not great. I actually think this new tooling and better intelligence getting in there may remove some of the lower level stuff, but the day-to-day job will get better. Hopefully that will alleviate some of the burnout.
Yeah. As we wrap up here, any parting advice for corporations and for consumers?
Yeah. I think for corporations, I've already said it. Take a step back. Think about how you think about security. Which side of the line are you on? If you really think you can get away with more of the compliance checkbox, now we have our cyber insurance and their payout, that's fine. But if you're in this other side of the world, you just can't.
We have a partner user who has many trillions of dollars under management. If they go down, financial markets go down. They're very much on the other side of the continuum, which is to reexamine things from first principles and figure out why you have 50, 70, a hundred security systems. Can you move towards a data centric solution that will give you that faster loop?
For the rest of us, just build new habits. It's a pain, but eventually they become habits. How to protect yourself? It's all the stuff I think you've covered. I have a word with my daughter and it will phrase. When she calls and says, “I need money wired immediately,” is it really her? Those sorts of things.
Again, one takeaway is you protect yourself, but you're also stopping yourself from being a platform for other attacks. Collectively, we will increase the cost of attack. Frankly, there are forces at work here that (1) they want to make money, but (b) they don't want an open digital society to flourish in our part of the world. Those multi-factor authentication things and not using the same password, everything. In a small way, we're doing our part to protect this society that we just take for granted.
Awesome. If people want to learn more about you and Deep Tempo, where could they find each of you?
Yup. Deep Tempo is just deeptempo.ai. Take a look. We do have a lot of resources if you're interested in geeking out on how these systems are built and otherwise. Yeah, I'm just @epowell101 all over the place. You can find me on mostly on LinkedIn these days. I really appreciate the opportunity, and as I said, off camera, if you will, what you do, because it's going to take us all continuing to work together to change the game, to push back on this tide of attackers, which unfortunately seem to be winning today.
Yup. Evan, thank you so much for coming on the podcast today.
Yeah, thanks so much, Chris. I appreciate it.
