The Data Diva E279 - Bob Carver and Debbie Reynolds

Show Notes

Bob Carver, CEO, Cybersecurity Boardroom

In this episode, Debbie Reynolds speaks with Bob Carver, CEO of Cybersecurity BoaDebbie Reynolds “The Data Diva” talks to Bob Carver, CEO of Cybersecurity Boardroom, about the evolving cybersecurity and privacy risks created by emerging technologies, connected devices, and increasingly sophisticated threat actors.

Bob shares his path into cybersecurity, beginning with a career managing commercial real estate before transitioning into information systems and eventually helping build one of the early internal security programs at Verizon Wireless. He reflects on how cybersecurity has evolved from basic perimeter defenses such as firewalls and intrusion detection systems into a far more complex environment where organizations must secure interconnected systems, APIs, cloud services, and AI technologies.

The conversation explores several emerging risks associated with artificial intelligence systems, including model inversion attacks that allow attackers to extract sensitive or proprietary information from AI models, as well as the potential theft of entire AI models through repeated API queries. Debbie and Bob also discuss the security risks associated with agentic AI systems that have administrative permissions to interact with files, databases, or enterprise systems, highlighting the importance of strong guardrails and controlled access.

Privacy risks related to connected devices are also discussed, including smart televisions and other IoT technologies that continuously collect and transmit user data to manufacturers and data brokers. Debbie and Bob examine the broader implications of large-scale data collection and the challenges individuals face in maintaining visibility and control over their personal information.

The episode also covers common phishing attacks that mimic legitimate security alerts and the importance of verifying requests through official platforms. Finally, Bob discusses the potential future of cybersecurity, highlighting the role that zero-trust architectures and post-quantum encryption may play in strengthening long-term digital security.

By popular demand, Debbie Reynolds Consulting is now offering executive briefings on emerging data privacy risks and how companies can avoid them. To learn more, visit the Executive briefings page on my website.

Support the show

Become an insider, join Data Diva Confidential for data strategy and data privacy insights delivered to your inbox.

 💡 Receive expert briefings, practical guidance, and exclusive resources designed for leaders shaping the future of data and AI.

 👉 Join here: http://bit.ly/3Jb8S5p

Debbie Reynolds Consulting, LLC

Transcript

[00:00] Debbie Reynolds: The personal views expressed by our podcast guests are their own and are not legal advice or official statements by their organizations.

[00:11] Hello, my name is Debbie Reynolds. They call me the Data Diva. This is the Data Diva Talks privacy podcast where we discuss data privacy issues with industry leaders around the world with information that businesses need to know.

[00:24] Now, I have a very special guest. Yes, from down south,

[00:28] Bob Carver.

[00:30] He is the CEO of Cybersecurity Boardroom. Welcome.

[00:35] Bob Carver: Well, hey, glad to be here, Debbie.

[00:38] Debbie Reynolds: Well, this is so funny. So we've known each other forever.

[00:43] I saw your stuff forever. We even exchanged notes on LinkedIn about stuff. And then we ended up on a show together and literally did a.

[00:52] A webinar we were on together and I was like, hey, so cool.

[00:55] And I love that you have started doing video because I always loved your writing and you know, you send me your videos. I'm like, these are great, these are amazing.

[01:03] But I feel like I'm in, in the presence of like a cybersecurity superstar, so I'm happy to have you here.

[01:10] Bob Carver: Well, I'm in the presence of the privacy superstar and data privacy. So there we go, mutual admiration society here.

[01:21] Debbie Reynolds: That's so true, very true. Well, I love for you to tell people about your, your background.

[01:27] I don't know who doesn't know you, but for anyone who does not know who you are,

[01:31] tell them a little bit about your background and the things that you work on, the things that you do.

[01:36] Bob Carver: Sure, you bet. Well, I can start way back.

[01:40] I was a career changer.

[01:42] I used to manage commercial real estate properties and I did that for many years. And today's value probably was about $8 billion worth of properties in central United States.

[01:57] It wasn't the east coast or West Coast, a little bit higher dollar values, but quite a few dollars worth commercial real estate properties.

[02:05] But I got tired of the boom and bust of the real estate industry and I decided to go back to grad school and get some master's degree in information systems.

[02:16] Started my career working for a large financial institution that manages multi trillion dollars worth of assets and managing IT projects,

[02:27] servers, hardening servers,

[02:30] monitoring the networks and all the items on the network. All the network items. And what happened is this is in the late 90s,

[02:41] the there wasn't that many security people in commercial networks back in the 90s. It was mainly in military networks that there were security folks. So what happened is, you know, there were starting to be security issues and me being an IT guy and I monitored one of the things,

[02:59] I monitored all the data flows. We Monitored what was going on in the servers.

[03:04] It was sort of a natural progression to start looking at some of the security events.

[03:09] And people would start saying, well, hey, we got this security project. Does anybody want to help out? And I would raise my hand and say, this sounds pretty cool,

[03:18] I'll help help out and check it out and see what it is. And I started seeing back then in the late 90s, early 2000, there were all sorts of worms going across the network.

[03:27] And since I had visibility into all those network packets and stuff that were going across the networks, I would help track down which computers were compromised to be able to take those situations out and be able to remove the computers from the network and clean them up and that sort of thing,

[03:46] to be able to squash those malicious.

[03:50] The malware that was running across the networks.

[03:53] Eventually, what happened? After doing multiple different security projects, there was a position that came open at Verizon Wireless. And the reason it came open,

[04:05] well, one of the reasons it came open,

[04:08] the Paris Hilton's cellular account got compromised. AT T Mobile.

[04:14] And it was in the news and everything. And then the C suite at Verizon Wireless and their ultimate wisdom said, oh, we might need some full time security guys to make sure that doesn't happen to us.

[04:26] And so they opened up a position for the employee number one. Basically for the first full time employee before they had melee disc contractors doing some of this work.

[04:36] And I applied for that and there was literally hundreds of people that APPL applied for that position. And I was able to call myself as employee number one.

[04:45] And I owe that particular position to Paris Hilton. I don't exactly travel in her circle. So one of these days, if I ever run into her, I guess I'll thank her for being able to have that position.

[04:59] Anyway, there was a lot of experience that I had in that position to start that position from ground zero.

[05:06] Debbie Reynolds: Oh my gosh.

[05:08] I find it very interesting that especially people who have gotten into these tech roles has mostly been people who have been like, curious,

[05:19] eager to learn and say, hey, let me take a crack at this. Because I think, especially since things are more digital now, I think as you were saying, a lot of companies weren't really thinking ahead about the potential risk.

[05:35] And so they. And I think that this cycle is continuing over and over where like a new risk comes out and you're like, oh my gosh, what should we be doing?

[05:43] Who's gonna do that? Let's call Bob.

[05:45] Bob Carver: Yeah, exactly. Exactly. What's interesting, since we've known each other a long time on LinkedIn. I have a LinkedIn story too.

[05:52] In the early days when I started LinkedIn,

[05:55] I was also starting that new position with Verizon Wireless.

[06:00] And I had reached out to LinkedIn multiple times to let them know that they were serving up malware to their customers. It was specifically malware that was designed for Windows computers,

[06:14] but I had let them know, gosh, three, four, five times,

[06:18] that they were serving up different pieces of malware. And I even tried to help identify some of them for them.

[06:25] I also had a Windows box at that time that actually got compromised by one of them.

[06:30] I boy, it was pretty good malware because every. There was only one antivirus at the time that would.

[06:38] Would be able to even recognize that this was particular malware that was downloaded was bad and then. But that particular antivirus would not be able to clean it up.

[06:50] So the computer I had at the time was totally compromised.

[06:54] And. But what happened as a result of all that? Reid hoffman that started LinkedIn,

[07:01] he reached out to me and asked me to be on his advisory board.

[07:05] And it frustrated me because I would have loved to have done that, but I was up to my ears, actually almost over my head because I was just one person at the beginning, and then later a couple people trying to handle a major corporation's internal security and also security for well over 100 million customers.

[07:26] So I just did not have the bandwidth to deal with that at the time, but had a lot of interesting things. You know, we,

[07:35] at the beginning, they just had intrusion detection and firewalls. We didn't manage the firewalls. Another team did that,

[07:42] but we started putting things into place one by one.

[07:46] But over time, you know, I put in controls to help eliminate some of the botnet transactions that were going on in the Internet and the people connected to our wireless network.

[07:58] I had one of the largest botnet monitoring networks in North America for any ISP for the longest time.

[08:05] Put in a lot of different mitigations for internal networks just to be able to help, you know, reduce the risk as a whole.

[08:15] And of course,

[08:16] over time,

[08:17] we've been seeing the risks continually to get more sophisticated over time. And anyway, it's getting crazier and crazier by the day.

[08:27] Debbie Reynolds: It seems like you said something that triggered me that I want you to talk a little bit more about.

[08:34] And that was,

[08:35] I think, in the early days,

[08:38] maybe olden times.

[08:40] Bob Carver: Yeah.

[08:40] Debbie Reynolds: We used to think about security as walls. Right. So locks and walls.

[08:45] Bob Carver: Sure, exactly.

[08:47] Debbie Reynolds: But now we're beyond that.

[08:49] Bob Carver: Yeah. And some people are like castle walls and Moats and stuff like that too, right?

[08:54] Debbie Reynolds: Exactly.

[08:56] Now we're in the agentic AI age, right, where it's just changing completely the way people think about security. But what is your thoughts about this AI push and agentic AI and stuff?

[09:09] Bob Carver: Well, one of the things that strikes me off the top of my head every once in a while I'll post some things about AI security and agentic AI security and I'll hear some people reach out people with various understanding of what's going on in our current environment.

[09:29] And it drives me a little nuts when I say, oh well, you just have to do just this, this and this and everything will be fine.

[09:37] And it's like I said, I said, I don't know if you quite get the whole understanding of how sophisticated and complicated this is. This is like playing multi dimensional chess or multiple dimensional video game.

[09:53] It's like you could literally have thousands of different possibilities of things,

[09:59] of how things can go wrong.

[10:01] And so, and of course a lot of this is privacy issues,

[10:06] which is part of your, you know, expertise. I know you talk about model inversion attacks and I did a post on that recently, a little video and a talk about that.

[10:17] Basically it's your.

[10:19] The threat actors can reassemble basically what type of information is being ingested by the model and maybe unintentionally memorize proprietary or personal or PII data.

[10:35] So what happens is people, what they're doing is they'll put in malicious prompts of sorts to trick the AI model to revealing any private or personal data.

[10:50] And so people will do this and they'll automate it and maybe even use AI or genic AI to do it. And they'll keep on hitting it with different prompts until it gets drains all the information about they know possibly a certain company or certain person that is doing say special projects on an AI system and they say,

[11:13] oh well, we would like to, you know, get all the intellectual property from this or maybe all the PII for this particular company or project and to be able to bleed that out.

[11:24] So that's, that's just one of many things that could be happening with this. And we can talk about some more of those too.

[11:32] Debbie Reynolds: I think what you said that people don't really realize, so they think.

[11:38] Well, first of all, I think people still think the things that they do in data systems are private and no one will ever see it. And it's like that's not how those things work, first of all.

[11:49] Sure. And then they don't think that anyone will ever assemble the things that they've put together and do anything with it.

[11:58] Because sometimes they think, well, no one cares about this. Like, yeah, someone cares and they're,

[12:04] they're going to try to get it right.

[12:05] Bob Carver: Sure, I'm just, I'm just a little guy. I'm a nobody and nobody cares about what I'm doing.

[12:12] And unfortunately, that's not very true.

[12:15] Of course, this may not be the AI system, but one of the major. There was a major breach just recently that,

[12:21] gosh, I don't know how many millions,

[12:24] I don't know if it's 25 million or 250 million. Anyway, a lot of healthcare systems got breached and they went in there and stole all the PII data. And of course, as you probably know as a security professional,

[12:39] the medical information,

[12:41] including all the, all the PII data, is one of the most valuable types of data that cybercriminals can steal.

[12:51] But here's another one.

[12:54] They're stealing entire models right now.

[12:57] It was in the news recently that anthropic that Chinese threat actors were going into anthropic.

[13:06] And I don't know how they were.

[13:09] They were probably just showing themselves as coming from a friendly nation or something like that. But anyway, they were making all sorts of repeated API queries into the system and actually making so many queries that they could sort of reverse engineer it and learn anthropics model their entire model.

[13:30] And there were some queries into this one Chinese model that it leaked out that, oh, you're sort of something like you're talking to CLAUDE or something like that. And this is a Chinese model and it's like basically it was stealing that part of CLAUDE for part of the questioning that they were doing or the prompting that they were doing.

[13:54] So stealing the entire model,

[13:56] not just the data that was put in there for model training, but stealing the entire model. So it gets so crazy some of the things that they can do.

[14:06] Debbie Reynolds: That's true.

[14:08] Hopefully we can talk about OpenCloth a bit or just even if you don't talk about OpenCloth in particular,

[14:16] this idea that people will put agents on their computer and give them admin access.

[14:22] I could have fainted when I heard this.

[14:24] Bob Carver: Yeah,

[14:26] gosh,

[14:27] boy, People. I mean,

[14:29] I mean, there was. Somebody was talking about doing something similar that with agents and the guy was dealing with it, claude. And what happened is they ended up deleting. Oh, he said he wanted to organize his wife's photos for her and he used the agency AI to do that and he ended up deleting all the photos of his wife.

[14:53] And of course his wife was totally livid because she didn't ask him to organize the photos. He was just wanting to do it to try to help her out. And luckily he did have some sort of backup at the time, so he was able to restore those photos.

[15:07] But he decided that he would no longer try to organize his wife's photo, especially through a genic AI. So, and then there's other instances where people had their entire hard drive deleted from these agents.

[15:22] So,

[15:23] you know,

[15:24] that's the thing,

[15:25] what people don't realize. When you're dealing with a genic AI, there a lot of times you're giving,

[15:32] it's like green light for anything.

[15:35] And that could include deleting your entire hard drive or it could be possibly, if you have access, say if you have username and password to certain databases that might be somewhat proprietary,

[15:49] it might be able to cause terrible things. Whether it's deletion or changes to those databases that would normally a normal person would not allow or administrator definitely would not allow.

[16:03] So the number of things that can go wrong easily can go into the thousands or tens of thousands.

[16:11] And that's why when I hear people saying, oh, you only have to do 1, 2 and 3 and all will be fine. If you're running a genic AI and it's like, what about the other thousands of things you're doing 1, 2 and 3, what about the 10,000 plus things that could go wrong?

[16:30] What are you doing to make sure that there are guardrails in place or firewalls or sandboxes or whatever protections you have that you can think of to properly have in place, or things like zero trust,

[16:45] you know,

[16:46] it's,

[16:47] I mean really, we're going to need all those things. You're going to need zero trash, you're going to need sandboxing, you're going to need limited permissions,

[16:55] you're going to just do read only.

[16:57] You're going to have read write, you're going to have execute. I mean, whatever.

[17:01] Debbie Reynolds: All these different,

[17:03] I think like what happened to the sandbox like this was we used to always do that. Like we would never unleash something out into the wild without it being like in a sandbox.

[17:13] What are we doing?

[17:14] Bob Carver: What are we doing exactly?

[17:16] And anyway, there are people that are trying to address this issue.

[17:20] I'm saying, I'm thinking that the vast majority of them only are dealing with not even half of the issues that can go wrong.

[17:30] So if somebody's really planning on coming out with different products, I Mean, they have right now there, there's people that have, they're just working on gateways just for LLM prompts only.

[17:41] But a lot of times you're talking, if you're talking about AI, organic AI, you're talking about entire systems that are reaching out to other systems. And you may be talking about,

[17:52] if it's a large company,

[17:53] you may have hundreds, if not a thousand different supply chains.

[17:58] And you think about all the permissions that you would have for the different supply chains,

[18:03] it's just mind boggling.

[18:05] It's. Anyway, it's going to be a much bigger issue than people realize at this time.

[18:11] I'm definitely running any clawbots on any of my systems right now.

[18:16] There's just way too many issues that you have to deal with. I mean, you would definitely want to keep everything in some sort of sandbox or very limited where it's like a lab type environment where it's secured against reaching out to the rest of the world.

[18:32] Because it certainly can go wrong.

[18:34] Yeah, I know, I know. If I did something like that and deleted all my wife's photos, she would not be happy with me.

[18:44] It would pick. It would take probably years to.

[18:48] Debbie Reynolds: Right.

[18:49] Bob Carver: Make amends for that.

[18:51] Debbie Reynolds: Yeah.

[18:52] So anyway, I think there was a story about someone,

[18:56] they had installed one of these agents on their computer and they had it like in their email and it was literally deleting their email box.

[19:05] Right. So it's like,

[19:06] I think people don't understand.

[19:08] It's like when you're dealing with an agent, it's thinking about the thousands of different possibilities of what it can do.

[19:17] And so you're trying to give it an affirmative thing. Do this. Yeah, there. It's not a brain of a person. Okay. It's not wise. It has no context or anything.

[19:27] Bob Carver: Exactly.

[19:28] Debbie Reynolds: So it's thinking about these other things that it can do to,

[19:33] in their wit, their lack of wisdom to do what you ask them to do. Like I told someone, this is so funny. Like, okay, you have an AI agent and it's like running your life or whatever.

[19:44] Let's say you said you wanted to take a vacation to Greece. And it will say, well,

[19:50] and this vacation, let's say, cost $10,000. And they say, well, I sold your car for $10,000 so you can go to Greece. And you're like, what?

[19:59] Bob Carver: Yeah, exactly,

[20:01] exactly. And the other thing, part of this too is the. You're dealing with, you know, there's a lot of APIs in AI type systems and also actually a lot of SaaS systems and supply chains and those APIs themselves,

[20:19] anybody that's in security that's dealt with those,

[20:22] a lot of those APIs have vulnerabilities themselves.

[20:27] And then you have, on top of that, you have the various levels of permissions on those APIs, what those APIs can do.

[20:37] And so you're not only dealing with the security in the APIs themselves, but all the permissions that are involved with that. And then in similar situations, if it's dealing with databases,

[20:48] sometimes there may be SQL queries involved.

[20:52] And it's the same thing. You know, you have read write, execute, type, almost like type permissions, depending on the situation.

[20:59] And a lot of things can literally go wrong. And of course I've always been concerned for the longest time threat actors would delete certain things. But what can even be much worse than deleting things is manipulating those databases or those data sets on the other end.

[21:20] Think about, especially if you're talking about financial institutions or maybe say you have a large organization that has a large catalog of things that they sell.

[21:31] And if they just mess up everything, they mess up part numbers or say it's financial institution,

[21:38] all of a sudden you can take somebody's banking account of certain account number that has maybe only a few hundred dollars in their account and all of a sudden now they have one and a half million dollars show up in their bank account where the person that had one and a half million dollars all of a sudden went down to $200.

[21:57] I mean, if you could do that among the hundreds or thousands of people, that would wreak extreme havoc in a banking institution, those sort of things. So all of a sudden, like I said, if mixed up the model numbers of somebody that sells different,

[22:11] say industrial parts or that sort of thing, all of a sudden all your customers have these orders that are fulfilled and everything shows up.

[22:20] The wrong part shows up to all these thousands of customers. Imagine trying to get that all unraveled and seeing why, who, what, when, where, how that was messed up.

[22:31] So yeah, it's, it can be crazy.

[22:34] Debbie Reynolds: Yeah, yeah. Well, let's talk a little bit about privacy. Where does privacy come in into this world? This conversation? Sure.

[22:44] Bob Carver: Of course,

[22:45] when we were talking about not only the model extraction, but you're talking about model inversion attacks where people, if you're targeting somebody that actually uses the different AI system or LL systems out there to be able to find out what they've been putting in there and to see if there's anything personal.

[23:05] But also,

[23:06] and we've talked about this before this a lot of consumer related devices.

[23:12] You know, all the phones, the TV sets, the, the IoT systems.

[23:17] I know my TV, it seems like it's being a little bit too much but. But it seems like every few months it wants me to update the terms and conditions to be able to listen to programs, you know, on the tv.

[23:32] I liked it. I sort of liked it when, when I had a dumb TV where I never had to do that.

[23:37] So. But anyway,

[23:38] tv, it's amazing. I actually block a lot of that type of things.

[23:42] Parts of my network where I noticed I used to have a Roku box and I'm not using that right now. I'm going to be changing eventually somewhere down the road here again.

[23:52] But the Roku box, of all the different privacy things that it did, all the, basically all the data flowing back to and back to Roku and mainly most of it was outbound, but some of it was inbound too.

[24:06] The largest number of blocks that I had of anything that I had on my network was that Roku box. So it's basically snooping on everything you're doing, everything you're watching on that tv.

[24:19] But it's the same thing true with all the major TVs. That's one of the reasons why TVs are relatively less expensive compared to where they were five or 10, 15 years ago because they're selling all that information to data brokers.

[24:34] And of course all I can say part of that is like why are you. That seems like we should be able to opt out of that for 1, 2.

[24:42] Where's my cut of all this money that's going out to all these data brokers? I don't know. I think data brokers are sort of the scourge of the universe right now anyway.

[24:53] There's way too many.

[24:55] There's literally, I think there's at least a couple thousand in the states of brokers and there's of just the main ones. There's hundreds of them easily.

[25:03] Debbie Reynolds: Right.

[25:06] I guess people think I'm tinfoil hat when I tell them stuff like this. Like your, your team, you're not watching tv. Your TV is watching you. Okay.

[25:15] So that's exactly what's happening. Yeah, people don't really think about it that way. So that's very eye opening.

[25:21] Bob Carver: Yeah. And every, almost everything you do. And of course,

[25:24] I mean even things like,

[25:26] I mean even LinkedIn and all the social media.

[25:30] Amazing. All the different stuff that's going.

[25:32] Buddy of mine, he has, and I don't know if he sees everything but he has a general. He has sort of an agent that goes out and looks and sees how much data is being sucked up by all these different things.

[25:46] One of the top ones I just did tried several different, half a dozen different things. But X,

[25:52] former Twitter X was one over the top ones for just sucking up data, you know, of trying to find out what's going. That's why more and more people need to use browsers like, like Brave or some of these plugins anyway to help cut down on some of the surveillance that's going on.

[26:12] Debbie Reynolds: Yeah.

[26:14] At least for them to get some visibility into what's going on. Because some of them will say we blocked 80s 50 beacons or something.

[26:23] Or some 50 cookies. You're like, why is there 50 cookies on this article?

[26:29] Because I'm reading about things under $25 on Amazon or something like that.

[26:34] Bob Carver: Exactly. And there's some of them, I mean, there's some articles where they say, well, if you want to continue reading side articles, you better make sure you disable all your ad blockers.

[26:43] And a lot of times I'll just say, you know, I don't think I want to read that article that much. To disable everything.

[26:49] Debbie Reynolds: Right.

[26:50] Bob Carver: There's too much going on here. You think you got to disable all of that.

[26:54] But yeah, Brave is just a good one just for easy one for people. There's other.

[26:58] Mulvad is another browser that does some pretty good amount of blocking for that sort of thing. The only thing, some of these browsers, if they knock down too much, then you might not be able to work properly on certain websites because it's like you're not giving them a little bit.

[27:16] Sometimes you have to like, okay, give and take a little bit. So, okay, we'll knock down this, this and this and block this. But I guess we'll let you do this.

[27:24] So I can use the

[27:27] Debbie Reynolds: sort of

[27:27] Bob Carver: the way it is sometimes. Unfortunately.

[27:29] Debbie Reynolds: Well, I had done.

[27:30] This is not really about this particular VPN because I know other VPNs work like this.

[27:36] Right. But I was trying to use the proton vpn. It worked really good. Right.

[27:41] But a lot of people like me, I didn't think about the fact that, oh, my printer is wireless. So it was like blocking everything. So I couldn't figure out why certain things weren't working.

[27:53] But it's like you don't put it in your head.

[27:55] Oh my God.

[27:57] When they say everything,

[27:58] they kind of mean everything. So like you have to kind of figure out what it is that you want them to block and try to figure out how that works with your setup.

[28:07] Bob Carver: There are some that and I forgot that the terminology is sort of like dual homed where you can still have access to the local network and the VPN.

[28:17] There are some VPNs that let you access your local network too but. But yes, I had the same problem the other day. I was on a vpn and I couldn't get and what's wrong with my printer?

[28:29] Am I going to have to reboot the printer?

[28:30] Debbie Reynolds: Right.

[28:31] Bob Carver: And I was. Oh, I was still on the VPN from doing some other work. So anyway had the same issue.

[28:41] VPNs that's the other thing. I know there's misconceptions sometimes VPNs do can help with privacy a lot of times especially the better ones. And you Proton is probably one of the better ones.

[28:53] I would say I would avoid like probably 80% of the ones out there.

[28:57] Honest with you.

[28:59] Yeah, I had one of the ones that does a lot of online advertising and stuff starts with the N. I won't go beyond that.

[29:07] There was actually a lot of threat actors that were hacking the accounts and then using other people's accounts to try to hide behind other people's logins and to and then using that to do all sorts of bad stuff and try to hack into other businesses and accounts and that sort of thing.

[29:25] So anyway,

[29:27] I don't use that one anymore,

[29:30] thankfully.

[29:31] Debbie Reynolds: What is it that's kind of top of mind for you in the security space that you want people to know about or think about right now?

[29:39] Bob Carver: Oh boy, there's so many things, it's almost hard to weed out one single thing.

[29:47] One of the things just make sure that your email is locked down pretty well.

[29:53] One of the things that happened recently and I posted on this week,

[29:57] within the last week there were some fake Gmails that were going out and saying, oh,

[30:03] make sure you do this security check for your Gmail account.

[30:08] And what happened? It was a fake one and they were using that as a phishing thing and it looks like the real thing,

[30:16] but it's a phishing thing to be able to get your username password and get a login to your account,

[30:21] your Gmail account,

[30:22] it wasn't the real thing as far as being able to do a security check on your Gmail account.

[30:28] So I think if you do get emails that are related security wise in your email,

[30:35] regardless whether it's Gmail or the Microsoft or any of Yahoos or whatever, all the other email systems that are out there right now,

[30:44] go to the source,

[30:45] don't click on the link.

[30:47] Even if, even if you think it's probably okay without.

[30:52] I tell you there's some of these are so sophisticated that I have to double, triple, quadruple check to make sure it's the real deal or not.

[31:03] Go to the source. Whether,

[31:05] whether it's in your email account or whether it's your banking account or your social media account.

[31:13] Don't click on the link that's in the email,

[31:15] just go to the source.

[31:17] I think that would help a lot of people because there's. Because a lot of these come things come from email. That's the other thing. They will come in text sometimes too.

[31:26] If you've provided a phone number to could be used to receiving texts.

[31:32] Instead of using the link on the text, go to the source and then verify whatever a possible security issue is or the security updates or the security checks.

[31:43] So that's my big thing for the week. All the other thing. Of course the other thing would be just dealing with AI in general. Don't put anything in there that you wouldn't be happy putting publicly posting on a major social media or newspaper or news feed.

[32:04] Debbie Reynolds: Yeah, that's very good advice. That's very good advice.

[32:08] Well, that's almost like people say, well, my email has a password on it. And I like laugh. I'm like, you people don't know anything.

[32:15] These people can't like grab anything. And I think also because people are putting so much of their information in these tools is making it easier for phishing. So it's making it easier.

[32:27] So when you get that email that kind of looks like Google,

[32:30] they may say something that maybe you think that they didn't know because you put it somewhere else and they're like trying to really grab your attention.

[32:39] Bob Carver: Exactly.

[32:40] Debbie Reynolds: Yeah.

[32:41] What? Oh, this is so funny. So one thing that drove me bonkers. So people have been saying for years,

[32:47] remember when people used to say check out if you can like a, a phishing email or something. Sometimes like the grammar is bad or whatever. I'm like these people, they, they use Grammarly just like you do.

[32:57] Like they're used chat GPT to check, spell check. That hasn't been true for a long time. These things are like, they're really, really good.

[33:04] Bob Carver: I've heard that too. It's. It's crazy.

[33:07] Yeah. Yeah,

[33:09] that's so much better. I mean usually when I spot emails like this nowadays there's probably at most one thing that's a little off.

[33:19] One single little thing. Everything else is perfect.

[33:23] All the fonts, all the graphics,

[33:26] everything they've stolen all that information off a legitimate website.

[33:30] Debbie Reynolds: Right.

[33:31] Bob Carver: It's the real deal.

[33:33] So and,

[33:35] and put it this way, I've been in situations where you're working with a relatively new security analyst and you know, they'll just say, well everything looks fine to me. And I said well.

[33:48] And I'd go through, I say, have you checked this? Have you checked this? Have you checked this? And I come up with about five or six more things that they haven't checked.

[33:55] And it's like, here it is, here's an analyst that's supposedly in security and there's things that they even miss at the beginning when they're new,

[34:03] until they have many years of experience that they probably won't pick up. So for somebody, just the general public to be able to pick up on those things, it's not easy.

[34:15] Debbie Reynolds: Yeah, totally true, totally true. Well Bob,

[34:19] if it were the world according to you and we did everything you said, what would be your wish for either cyber or privacy anywhere in the world? Whether that be human behavior, technology or regulation?

[34:32] Bob Carver: Oh, wow.

[34:34] I think if we could figure out being able to just sort of abracadabra,

[34:39] figure out all zero trust with post quantum encryption,

[34:45] I think that would be a big leap towards what we need to be able to secure these networks. That's a big if. And that's going to take some time.

[34:54] Debbie Reynolds: That's a good wish.

[34:56] Yeah, yeah, that's a good wish. You know, I guess my concern is like technology is going ahead rapidly and we still have people using 1, 2, 3, 4, 5 passwords.

[35:07] It's like, oh my gosh, like how do we get there? How do we get there?

[35:11] Bob Carver: Yeah,

[35:12] one of the things too that bothers me a little bit is I know they're put, there's a big push on passphrases and they can be good. I think for a lot of people they can be good.

[35:23] The only thing I would ask whoever that's about ready to try to change to passphrases.

[35:29] What is your disaster recovery plan?

[35:34] What is your business continuity plan? How will if all of a sudden you get locked out of your account or something goes awry with those passphrases and they no longer work.

[35:46] Who can you call seven days a week or who can you contact seven days a week to be able to get that fixed?

[35:55] Right now I don't have a good answer on that. So I don't do passphrases. I whenever possible I use good quality passwords, you know, long sophisticated passwords and then I try to use security Keys, if at all possible.

[36:09] Hardware security keys with the FIPS type of keys.

[36:14] Debbie Reynolds: Yeah, that's, that's good advice. I never had the head for past keys anyway. I'm like, stop, stop. It's too much. It's too much. Right, right.

[36:23] Bob Carver: To be honest,

[36:25] if Google's taking care of your passkeys, who are you going to contact with Google?

[36:29] I mean,

[36:30] if you ever had a problem with anything, Google before. And it's, and I'm sure it's the same with Microsoft probably too.

[36:38] It can take days,

[36:39] literally days to get a situation unraveled and you're probably not going to be able to call somebody on the phone unless you got a like really high level account that you're paying thousands and thousands of dollars a month.

[36:56] You know what I mean?

[36:58] For most people,

[36:59] they just wouldn't have that access.

[37:01] Debbie Reynolds: That's true. Very true. Well, wow. This has been amazing. Thank you so much for joining the show.

[37:08] Love your work, people. Please definitely follow Bob. You have so much great information that you put out. Your videos are incred.

[37:16] I always love to see your tips and tricks that you have come up and the new things that you put out there are incredible. So thank you for everything that you do.

[37:25] Bob Carver: Thank you so much. And yeah,

[37:27] check me out on LinkedIn. I do have a YouTube channel. Not nearly as big as yours, but I do.

[37:32] But mostly people find me on LinkedIn. And even if you just do a DuckDuckGo, which if you want to be privacy or Google. Bob Carver, Cybersecurity. I'll show up somewhere in the first few pages.

[37:44] Debbie Reynolds: It's true. I've done it. I've done it. He's there. Definitely check him out. Definitely check him out.

[37:49] Bob Carver: Anyways, it's been a pleasure.

[37:51] Debbie Reynolds: Yeah, it was a pleasure. We'll talk. We'll talk soon. Talk some more. Okay, Bye. Bye.