Large language models present a problem. With their scale, how can you do any kind of validation or monitoring with a human in the loop? So far, most solutions have used another LLM to solve that problem. But is that a sustainable approach?
This week’s episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Anthony Candeias, CISO, Weight Watchers.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Vanta
Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management.
Get started at Vanta.com/CISO
Full Transcript
Intro
0:00.000
[Voiceover] What I love about cybersecurity. Go.
[Anthony Candeias] The lifelong chess match. Threats are evolving, which requires the defense to evolve. This is a continuous cycle with no end in sight, and it makes cybersecurity so much fun to work in. What we did 10 years ago isn’t what we need to do today.
[Voiceover] It’s time to begin the CISO Series podcast.
[David Spark] Welcome to the CISO Series podcast. My name is David Spark, producer of the CISO series. And with me, who is becoming a regular co-host usually on the other show, but I invited him to be on this show and he’s been on this show before but not as a co-host, it’s none other than the CISO over at Frost Bank, Eddie Contreras. Eddie, welcome. Thanks for joining us.
[Eddie Contreras] Thanks for having me, David. It looks the same on this side of the pool as on the other side of the pool, so I think we’re familiar now.
[David Spark] He’s going to be able to handle it. I have confidence in you, Eddie. You’ll be able to handle this. We are available at CISOseries.com where you can find all of our other wonderful programming. We have a total of five shows now on our network. So why not check them all out and enjoy. Our sponsor for today’s episode, a spectacular sponsor of the CISO series, and that would be Vanta: automate compliance, manage risk, and prove trust continuously. More about just that a little bit later in the show.
But first, Eddie, here’s a topic I want to bring up with you, and that is food at conferences and trade shows. And I’m not talking about you go to the local neighborhood restaurant. I’m talking about the food that they actually serve you there.
Now here’s the point I want to bring up. If it’s a one-day event and you get good food, wonderful. You feel great. That’s fantastic. But if it’s bad food, it’s like you didn’t know you’re going to get served bad food, and you just kind of got to suck it up, right?
[Eddie Contreras] You do. It can be dangerous sometimes depending on the venue. Sometimes, I think they experiment on some of the attendees. You may see things that you may never see anywhere else. So you may be watched, right? You might be in a fish tank and say, “Hey, what happens to this person as they eat this new order?”
[David Spark] If we give them a lot of calamari, right?
{Laughter]
[Eddie Contreras] Exactly.
[David Spark] Well, that’s actually an attempt at good food. You’ve seen it where you just look at the spread and you go, “Why were we served this? I mean, I paid a lot to be here.” Now, when it’s a multi-day event—I’m going to use a big one that just passed, RSA—and on day one, you realize there’s bad food, what happens on day two, three, and four? Eddie, what do you do?
[Eddie Contreras] You find the vendors that have the steakhouses, and then you go ahead and make your reservations early on. So there’s always great eating outside the event.
[David Spark] Right. And if it’s lunch, you go somewhere else, right?
[Eddie Contreras] Correct.
[David Spark] And often you’re on an expense account with the company, and it’s no big whoop to you. It’s a free meal to you either way. Now, here’s the problem for the vendors who sponsored the event. If people are leaving to go get lunch, they’re not necessarily in a rush to come back. Especially if it’s an event like RSA where there’s a lot going on that’s not in the conference hall. So have you run into this nonsense as well?
[Eddie Contreras] I have. And I think that’s why you hear about dinner and a show. It’s not always about the food, it’s about the environment. And I think if some of the sponsors… Yes, you’re going to be carting out food, snack bites, finger foods, you have to make it exciting for people to want to stay there and have the chat. But if it’s just kind of off in the corner, if it’s just a tray in the middle, if you don’t have an experience built around the food, it’s going to go and eat, and you’re not going to be able to get them back in.
[David Spark] So you’re taking a different angle than I was thinking because not all vendors are offering up food. But the point I’m trying to make is if I’m a sponsor of an event that is serving bad food, and it’s a multi-day event, those people wandering the floor are going to not be as numerous because they’re going to physically be out of the venue.
So my call to other vendors sponsoring big events that choose all of a sudden to serve bad food… Which by the way, I just want to mention, RSA used to serve great food. I was very happy. It’s just this past year that kind of… Not so good. So I just call on them, please, and for the vendors as well, pressure them, just make the food not a situation where people want to run away. [Laughs]
[Eddie Contreras] I agree completely. [Laughs]
[David Spark] That’s all I… It should just be at the level of, “I don’t want to run away.” All right. With that being said, and the irony of who the guests I’m bringing on, we’re talking about food, [Laughter] didn’t even dawn on me that we’re talking about food and this is the guest we have on. He’s actually the CISO over at Weight Watchers. Actually been wanting to get him on for quite some time, and now he’s finally with us. It’s Anthony Candeias. Anthony, thank you so much for joining us.
[Anthony Candeias] Thanks for having me on, David. I appreciate the time, and looking forward to a fun discussion.
Do you trust this LLM?
5:03.169
[David Spark] Quote, “Start treating AI agents like junior team members. Train them, test them, watch their outputs, and never assume perfection,” end quote. Now, this narrative around agentic AI is it will be the next big thing giving AI systems the ability to make decisions and do actual work across a variety of workflows.
But that doesn’t mean we should let them run unsupervised, as Peache George of ManTech Digitial Transformation Consulting pointed out on LinkedIn. Now, I like her idea of treating them like junior team members, but I’m going to ask you, Eddie, where does that metaphor start to break down?
Because you really can’t treat an AI like an employee. So how do we scale that approach when your direct report of AI agents could be in the thousands? What’s your take? And what is it similar to a junior team member, and where is it not similar?
[Eddie Contreras] Yeah. And I’ll add senior members as well. And when I look at my leadership team, and they join our organization, typically, I’m going to ask them, “You’re going to hear a lot. You’re going to learn a lot. I’m going to ask you to hold your position for about 90 days. Really just take it all in. Don’t make decisions until you understand why we do the things that we do. Because there’s always a reason behind it.”
And I talk to our leaders that way because sometimes they’ll come in wide-eyed, have a really good opinion, they know where it was done better, and they have to really understand why we did that. And that’s why leaders typically have that 90-day plan. They’re learning the ecosystem. They’re learning the environment.
Same thing with junior employees. And really, when you’re bringing in a junior employee, they’re sitting there shadowing somebody. They’re really watching. They’re understanding. The environment matters. And that’s why you just can’t pick up one person from one company and just drop them into another. One Splunk environment doesn’t look like the next, right? So you have to learn context. You really do have to understand.
[David Spark] Can you teach your AI context then?
[Eddie Contreras] You have to, right? And AI has the ability to have context. It has the ability to understand environments. AI also has, as we’re well aware, the notion of feelings. Whether it’s mechanical or mathematical, it gets there at some point in time.
So you do have to be able to bring context to the decision-making process. But it takes time to get to that context. And so you can’t just launch an army of agentic AI agents and say, “It’s going to perform just like my team.” No, they need the context to be able to perform just like your team.
So you would never just bring an employee and say, “Go at it, read the runbook, and now make some decisions.” They have to sit, they have to shadow, they have to learn. They have to be molded into that environment. And you look at agentic AI as a very similar way, follow that model.
[David Spark] All right. Anthony, I take it to you. You agree, disagree? What’s your take on this?
[Anthony Candeias] I think first and foremost, treating them as junior team members is giving them too much credit. When I started socializing this in my organization, the way I teed it up was that they’re tireless interns. And the reason I approach it from that perspective is that it really level sets on the expectation of the output, right?
I think the junior level members can produce some high-quality work in particular areas and projects, but interns are just a little bit of a lower bar, right? And that just level sets expectations when I’m talking to the C-suite on the level of sophistication that we can get out of AI.
I think AI has a ton of use cases, obviously, but we should also step back and set expectations. I think to your point, we should really step back and think about, “How do we trust but verify these AI agents, allow them to do what we’ve programmed them, let them have some autonomy, obviously, and perform the actions that they’re trying to take, but also have supervision along the way?”
[David Spark] So let me dig into that. [Inaudible 00:09:02]. What is that supervision and trust but verify? What is it you’re doing there?
[Eddie Contreras] Yeah. It’s really quality assurance at scale, right? How do you understand that these maybe not actions, but outputs that these AI models are coming to the conclusion of are accurate, right? When you think about this AI implementation, the happy path is very easy to figure out.
Like, “We’re going to do these five things, and AI is going to solve these things.” But now, how do you close that loop on the backend to say, “Let’s start measuring how effective the outputs actually are of the AI to make sure it’s actually going back to the initial use case and it being effective”?
[Eddie Contreras] Yeah. The thought process around quality control, and you think about audit logs, you think about being able to produce artifacts that show exactly what Anthony’s talking about. Okay, it said it did A, B, and C. Now let’s look at the audit logs. Did it do A, B, and C? Did it skip B and go straight to C? And so quality control is vital to be able to say, “I trust what’s in front of me.” And I think if we look at assembly lines, if you look at IOT, they do that very well. Agentic AI is going to probably have to follow a similar path.
[Anthony Candeias] Yeah. Because one of the things that we’re very prescriptive on is that we want hospitable customer service bots, right? So now how do we measure hospitable? That’s actually challenging to do in some ways. So that’s a continuous iterative process that we have to use QA to help us hone in.
Would this person be a good fit for the job?
10:28:111
[David Spark] There’s no certainty when it comes to new hires, and it can lead to a lot of misaligned expectations. That came up on the cybersecurity subreddit with the comment, quote, “Being new isn’t the problem, but there has to be a willingness to learn. What I’ve seen instead is people talking a big game, then barely putting in the effort, while the rest of us clean up after them. And when they do try to contribute, we end up spending an entire day fixing what they broke,” end quote.
So, willingness and ability to learn are important skills that any CISO would obviously want in a new hire. Now, by the way, this quote came from a Reddit discussion. But my question to you, Anthony, is, what are the questions to ask to see if your staff can educate themselves to learn new skills, solve new problems, or try to make sense of something completely unknown?
[Anthony Candeias] Well, we know Reddit is a high-quality source of information, so… [Laughs]
[David Spark] I know there’s a lot of humor in that, but we have a good relationship with the cybersecurity subreddit. Yes, there is a combination of garbage and good stuff. Go on. I’ll let you say it. Go ahead.
[Anthony Candeias] So, I mean, the area of focus that I really hone in on when hiring is potential and desire to learn. So it’s actually very relative to the conversation in my perspective.
[David Spark] Yeah. And I would say pretty much every CISO we have… If you don’t have that capability, what are you even doing in cybersecurity? To tell the honest truth.
[Anthony Candeias] Yeah.
[David Spark] Yeah.
[Anthony Candeias] But I think it’s actually really hard to distill and measure that, right? When I think about some of the questions that I’ve been asked throughout my career about like, “Oh, [Inaudible 00:12:11] cloud and TCP,” that’s pretty easy to regurgitate, right? That’s pretty easy to go Google and read a textbook and be able to repeat that same phrase and those same kind of key items that show that, “Yeah, I did some research on that.”
I think that’s actually less relevant because I think most of those topics you can actually learn on the job, from my perspective. So for example, if a candidate I was talking to today mentioned to me, “Oh, I was just researching and reading Brian Krebs’ blog on the latest DDoS attack, that goes a million miles longer for me than somebody that can repeat, “Oh, I know the explanation of a sequel injection from a textbook.”
So that’s sort of my high level perspective is showing that they have ingenuity and aspirations and interest in the day to day. That really hones in on their sophistication around cyber rather than knowing some textbook definitions.
[David Spark] Yeah. So active participation in just their own learning and their community. I mean, that seems like I very clear way. I got to assume you agree with that, Eddie. Is there anything else you would add?
[Eddie Contreras] Yeah. I talk to my managers when they go to their hiring process. “Don’t always fall in love with the smartest resume.” It’s really easy to see, “Oh my goodness, this person has been with company A, B, and C,” “Oh my goodness, they have these coding capabilities.” And it’s easy to see the resume that sticks out.
I think a better insight or perspective is the conversation and the dialogue and the interview around constructive feedback. And we always try to build in constructive feedback comments into the interview. Is somebody going to get uncomfortable hearing something, whether the feedback is about something they just said, something that’s on their resume, something like what Anthony just referred to.
I want to see whether or not somebody is able to hear the room, and understand if they can read the audience. And I think that’s a trait where you can say, “Okay, this person is not trying to be the smartest person. They’re actually trying to understand the problem.”
And I think if you can walk through that scenario during the hiring process, you start to weed out who’s there to earn a paycheck and make the big dollars versus who’s trying to solve a problem. There’s nothing wrong with either one. You’re going to have both profiles on your team.
But if you’re overwhelmed on one side or the other, then it becomes a challenge. And so, I always talk to my managers, “Look at these other skill sets. Understand that it’s these types of qualities that can really solve problems, and it’s not just the hefty and beefy resume.”
[Anthony Candeias] And I want to double down on something that Eddie said and really focus around the problem-solving aspect. One of the things I actually look for is that during an interview, you should assume that the candidate, whatever solution they come up with during maybe a problem-solving exercise, probably won’t fit in your environment, right? Because they don’t know your environment and that’s okay.
But the thing I actually look for when they do the problem-solving is did they create any safety nets in their solution, right? Did they figure out a way that they can assume that this might fail, and allow them to fail fast to be able to reverse and pivot and learn?
And I think that’s so much more important in going kind of that second and third effect around creative problem-solving to say, like, “Hey, I’m going to propose a solution, and it might not work. It might work, but if it doesn’t work, I have another plan B and another path to go take.” And that shows, I think, a level of sophistication higher than other candidates.
Sponsor – Vanta
15:38:760
[David Spark] Well, before I go any further, I do want to tell you about Vanta. They’ve been a phenomenal sponsor. And if you are not clued into Vanta, I’m going to do it for you right now. Compliance regulations, third-party risk, and customer security demands are all growing and changing fast. Is your manual’s GRC program actually slowing you down? Probably is.
So if you’re thinking there must be something more efficient than spreadsheets, screenshots, and all manual processes, you are right. GRC can be so much easier, while strengthening your security posture and actually driving revenue for your business.
Vanta’s Trust Management Platform automates key areas of your GRC program, including compliance, internal and third-party risk, and customer trust, and streamlines the way you gather and manage information. And the impact is real. A recent IDC analysis found that compliance teams using Vanta are, get ready for this, 129% more productive. So you get more time and energy to focus on strengthening your security posture and scaling your business.
You don’t want to spend all your time in GRC, do you? So Vanta, GRC, how much easier trust can be. So go to their website, Vanta.com/ciso. Do me a favor, do the Vanta.com/ciso so they know we sent you there. Go to Vanta.com/ciso to learn more.
It’s time to play “What’s Worse?”
17:08:226
[David Spark] Eddie, you’ve played this game before. Anthony, you have not, but are you aware of this game? Yes?
[Anthony Candeias] Yes.
[David Spark] Okay. So we give you two crappy scenarios, and what’s interesting is these have a pro and a con to both of them, but you have to determine which sort of combination of pro and con is better, if you will. I will make Eddie answer first and then you will answer second and agree or disagree with Eddie.
And this comes from Einat Segal of iProov, and here are the two scenarios, Eddie. Number one, you are a highly competent and effective security professional, and have an incredible plan to improve your company’s security posture. Sounds damn good, doesn’t it? But, no one in the business trusts you or cares to know who you are, [Laughs] okay?
By the way, I’m sure many listeners feel this, all right? I think there’s some pangs of, “Ooh, I think that’s me,” okay? So there may have a lot of reality to this. That’s scenario number one. Now, next scenario, you are a very popular security professional, and have forged an incredible relationship across the business, but you have little to no technical expertise and you struggle to deliver anything that will improve your company’s security posture. So they love you, they want to keep you, but you’re an ineffective buffoon pretty much. [Laughter] What is worse?
[Eddie Contreras] All right. While tempting the buffoon path it is, I’m going to go… What is worse is going to be option number one. I think having a great plan that just does not land is really unfortunate. And I know, like you said, half the audience may be like, “Oh my goodness. Are they talking about my company? Is that my team? Is that my last three roles?”
I think the reality is that is a very difficult situation to be in. Understanding that you have really a good way to achieve success within information security, and it’s just not resonating. And that is hard.
[David Spark] Yeah. And you’re miserable every single day and [Inaudible 00:19:27]. But the second scenario, you’re not doing much for the company at all, whatever. So it’s interesting, there’s two of these. What’s worse for you as an individual versus what’s worse for the company overall? And…
[Eddie Contreras] Okay, so that’s a different lens, right? So [Laughs]…
[David Spark] Yeah. I mean, there’s two different lenses here. But when you get right down to it, neither scenario is the company getting a good security program. Because in the first scenario, you pretty much don’t get to implement it because no one trusts you. Or maybe you implemented in a way it’s not supported, which is kind of the equivalent of not being implemented. And the second scenario, it’s just you’ve slapped duct tape to the business. So I think the business is kind of failing in both scenarios.
[Eddie Contreras] It is, which is why it’s a good question, right? [Laughter] It’s a good question of what’s worse. But if you think about that second option, the second option is you’re cordial, you’re loved.
[David Spark] Yes. I mean, day to day, you’re having a great time.
[Eddie Contreras] [Laughs] But I think when you look at that one, the reason I didn’t pick that one is most likely you’ve hired some very talented people. And so even though you may have some incompetence aligned to you…
[David Spark] Well, you’re adding a lot to this. [Laughs] That may not be the case.
[Eddie Contreras] Yeah, I’m adding to the scenario. My assumption here is [Distortion 00:20:49] the team.
[David Spark] No. But I think it’s good because the second scenario, you’re happy as a clam because everyone loves you, even though you’re not doing much of anything. All right. Anthony, he thinks the first scenario is worse. What do you think?
[Anthony Candeias] I think so as well because you have the self-awareness to understand the situation that you’re in. In the latter, ignorance is bliss in this regard. You can just live in La La Land doing nothing, and everything’s hunky-dory, and everyone loves you.
[David Spark] And everyone adores you until the day the S hits the fan, and then you’re in problem.
[Anthony Candeias] Right. In both scenarios, that will occur and then…
[David Spark] Yeah. Because you got a crappy scenario either way.
[Anthony Candeias] Yeah.
[David Spark] Hold it. Now, you bring up a very good point. Both scenarios happen, but in the first scenario you’re competent, and so when it does hit the fan, you can handle it. In the second scenario, you cannot.
[Anthony Candeias] Well, I guess it really just depends on that runway that you have until it occurs, right? [Laughs]
[David Spark] Well, it sounds like it’s going to occur [Laughs] one way or the other.
[Eddie Contreras] Well, it’s inevitable to occur in both paths.
[David Spark] It’s inevitable. It’s going to hit you. So one day you’re going to be able to deal with it, one day you won’t be able to deal with it. So the thing is, it’s good until it happens, and until it happens, it’s not good. So does anyone want to change their stance here, or are we sticking to it?
[Anthony Candeias] I’m holding firm because you’re miserable much longer in scenario one than you are in scenario two. Because in scenario two, you’re probably gone, [Laughter] eventually. I mean, scenario one, when everything does hit the fan, they’re going to be like, “Oh, yeah, I’m glad we have this guy.”
[Eddie Contreras] Yeah, I think I will stick firm as well. In scenario two, if they really love me that much, and something really did hit the fan, I’m going to get funding to bring in a third party. And great, we’re going to be past this event [Laughs] in a couple of days. In scenario one, I think, yeah, you’re still… “I’ve been telling you all this for a long time.” Yeah. I just…
[Crosstalk 00:22:46]
[David Spark] And they still don’t want to listen to you.
[Anthony Candeias] “I told you so.”
[David Spark] Okay. You don’t need to name any names, but… Because one of the things that a lot of security professionals used to say, and thank God I don’t hear it now, is the classic, “I told you so.” And thankfully, I don’t hear it like I used to hear it.
But have you had any situations where there was an “I told you so” moment, but it wasn’t said, and yet the company did not wake up to it? And it could have happened to you or could have happened to a colleague. I mean, have you had a situation like that where even when it hit the fan, the company still didn’t get it?
[Eddie Contreras] We’re going to protect Anthony here. I’ll say if you look at every breach that’s been out there, there always artifacts where this was being discussed. Every breach out there has some remnants of, “There was a dialogue. Go back to the target breach. There was the red flashing on the [Inaudible 00:23:44].”
There’s always something that says someone knew… There was insights and perspectives, and unfortunately, they didn’t land. Which is why I still think that first option is the worst because the fact that upper management is just not really grasping onto the concept… I’ve seen leaders not take jobs because upper management just really doesn’t understand truly what information security is. And so it’s hard.
[David Spark] Okay. I’ve heard many CISOs say they won’t take a job unless they get it, because they want the support, understandably.
[Eddie Contreras] Exactly.
[David Spark] All right.
[Anthony Candeias] Yeah. I have similar sentiments. I mean, when we look at some of these major breaches in the news, someone knew something was going on, and just couldn’t get by to fix something, right? The reality of it is, is that you always have to create this balance and trade-off of, like, “Can we lock down everything and get all the money and resources, and maybe create a poor user experience, or accept some risk?” And unfortunately, from a business perspective, accepting the risk is most likely on the table.
What works? What’s not working?
24:45:762
[David Spark] AppSec is critical. So why does AppSec training seem like a dubious proposition? Now, a post on the cybersecurity subreddit asked if it’s completely useless and only there for compliance purposes. Now, in the comments, several developers said the training is there just to check a box or is too basic to be useful.
Quote, “The best training is threat modeling and working directly with dev teams and architects,” said one Redditor. Now, even those with positive experiences with relevant training admitted it’s often seen as a sunk cost by the business, and even with a good platform, you’re not turning every dev into a security champion.
All right. I’m going to start with you, Eddie. Is AppSec training useless? And if so, why? And I know I’m painting a broad brush. I know some do it well, some don’t. But there’s this argument on Reddit. So does it have to be this way? What could make it better? Or what should AppSec training be? Maybe just simplify it to that.
[Eddie Contreras] And I think I’ll focus on that last part of the comment because I feel if you’re engaged in this conversation, the question should be, “What are you training on?” If there is a debate of value, then the question really is, “What is the content?”
Because you can train on a multitude of things, on the delivery process, on coding practices, on fast fails, you can even train on, “Here’s how we test you,” “Here’s the issues of our last audit finding.” You can make it energizing. “Okay, here’s where we saw time to market collapse by X percentage. And these are the coding practices that they used during that timeframe.”
So I think it really does matter what you’re training the developers, and it can’t just be cookie-cutter stuff. If you’re just pulling stuff off of NIST and OWASP and saying, “These are the things that we want to talk about,” it can be dry.
But if you’re making it relevant to your organization, if you’re talking about business success, if you’re talking about things that are in their annual review cycles, “Hey, this is things that they’ve come in to do from a goal perspective,’ that’s when you start to talk about, “Okay, this is energizing, it’s engaging, and most likely bi-directional.”
And when I mean bi-directional, they’re asking questions in the training. “Okay, I see this,” “Okay, there’s value there.” So I think if you find yourself in that conversation, you should really look at the content that’s being presented as opposed to, “Should I be presenting, yes or no?”
[David Spark] All right. I like that take. Your take, Anthony, on AppSec? Training specifically.
[Anthony Candeias] Absolutely. So, I mean, I definitely do agree that threat modeling and awareness are an effective way to get developers buy-in and have them understand the why, but I actually would kind of challenge it and say, “Do you get a good return on investment by having your entire engineering and development force spend, what, maybe an hour a quarter doing AppSec training? If you’re really ambitious, probably more of an annual type of thing?”
Because that’s opportunity cost, right? That’s time that developers are not improving product, not fixing bugs, not building on new go-to-market features. So now you have to find this balance. And I think what I hope to see, kind of going to the later point of the question, is everyone’s vibe coding.
When we went out to SF, I looked at the plane and there was 12 laptops all just vibe coding with Cursor. And that’s fantastic, and it should be embraced. But where is the vibe security code coach in this kind of stratosphere?
Why isn’t there this instant feedback in the IDE as these developers make mistakes, learn how to get feedback immediately and get reinforced on secure coding practices so it doesn’t take seven days later for someone to get an alert to triage, to go reach out, and talk about a security bug? We can shift even further left on security awareness in terms of development training, right into as developers are writing every line of code.
[Eddie Contreras] Anthony brings up a good point. There are certain things helpers really like to do, and you can see when they’re energized. Inversely, you can see when they’re not, right? And maybe even some of that training could be, “Let’s see what you…”
Maybe you don’t like peer reviews. Maybe that’s your Achilles heel. You just hate doing peer reviews. Well, maybe your training is, “How do we shorten your peer review cycles? How do we get you to the point where you can get through that peer review process?”
And so, not always just amplifying the fun stuff, but how do you start to eliminate some of the nuances of the role that you just feel you could do without? So yeah, look at what’s passionate for those teams. And you can see very easily, like Anthony said, on the plane, you can pick up really quickly who are true coders, right? They get mad when they hear that bell ring and it’s like, “Oh, put your laptops away.” But the reality is you can find passion, and then either train on to allow them to focus more time on their passion, or you start to eliminate things that they just really prefer not to do.
[Anthony Candeias] Right. And me working in a B2C business, we always talk about going to where our customers are. We need to follow that same philosophy when we think about us as security practitioners, “Who’s our customers?” And developers are those people.
How is AI going to solve this problem?
29:50:156
[David Spark] Quote, “Don’t use AI to solve your AI problem,” end quote. Google DeepMind debuted a new CaMeL tool that isn’t powered by machine learning—it’s a simple debugger that lets humans see what’s actually being passed between LLMs and APIs. And that’s the point, according to a blog post by Simon Willison, the creator of DataSette, an open source tool for publishing and exploring data.
Now, instead of adding more models to oversee misbehaving agents or filter bad outputs, what we need is less AI and more visibility. As Willison said back in 2022, prompt injection is fundamentally unsolvable. I get the sense that getting one AI to look at another AI is simply stacking LLMs on top of each other.
So does this method work or is it just layering on more complexity instead of inspecting what we’ve already built. And we’ve heard this a lot, like, run something through one AI tool like ChatGPT, and then have co-pilot look at it or Claude look at it, or whatever the heck it is. Just have them sort of… And they’re all kind of built on different LLMs, and what will one say to another?
So are we creating an AI-on-AI arms race when what we really need is basic engineering discipline, logging, boundaries, and human-readable insight? Anthony?
[Anthony Candeias] So there’s a lot to unpack there. I disagree with the initial quote. We should be using AI to solve our AI problems, 100%. But I would say the different approach that I would take is that it shouldn’t just be these broad, large language models to do so, it should be very specific large language models for the use case.
I think we’ve all seen the news that Gemini is going to be rolling a security-specific large language model. So now can the application of that be applied to something that’s generated by maybe a broader one? Could there be large language models that are maybe SOC-trained specific or AppSec-trained specific or red team-trained? I think that’s where the differentiators are.
I do agree with the observability problem. That’s probably one of the biggest challenges to be able to see the prompts and responses and what’s going on behind the scenes. That’s definitely very needed from a visibility, logging, architecture perspective.
But then how you… Going back to that kind of QA aspect and be able to leverage multiple AIs, they need to be intentional large language models, not these broad large language models that are prompt. So they need to be very contextualized and purpose-specific.
[David Spark] I think you’re on the same wavelength here, Eddie, yes?
[Eddie Contreras] It sounds like the movie Inception where you stack on stack on stack. The part at the end of that movie that I think is the most energizing is the last 30 seconds when you’re watching that top spin, and you’re looking and you’re saying, “Okay, any second now this top is going to stop.” And it sparks a debate. It sparks a dialogue. It sparks conversation. “Did it stop it and not stop? Are you still in the dream? Are you not in the dream?”
And I agree with Anthony. I think AI is a part of the ecosystem. Whether we realize it or not, it’s going to be there for the foreseeable future. And it’s really understanding how to make the most out of it, as opposed to just putting it back on the shelf and pretending that the spinner stopped, or pretending that the spinner keeps going.
I think the reality is you don’t really have to know what happened to the spinner other than the fact that there’s a conversation that has to happen. And so yeah, it sounds like an absolute Inception question, but I do agree. AI is fine as far as how to bring it into your ecosystem, into your technology stack, so long as you know what its role is.
And kind of like the questions we started off with, is it making determinations? Is it doing quality checking? Is it helping me find things that I’m not even looking for, I don’t have the time or bandwidth to do? Or is it just repetitive, and is it just repeating things that are already going on in the organization, and just cutting some steps out of a elongated process?
And so I think it has a role AI-on-AI, and if you know how to do it correctly, you’re going to get some benefit out of it. I think what most people don’t realize is large language models are huge catalogs. They’re huge number catalogs. And so if you’re nervous about a huge catalog and you’re okay with data warehouses, then you may not really understand where the risks lie. And so I think AI-on-AI is perfectly fine.
[David Spark] All right. So go to it AI on AI. Both of you believe the AI versus AI arms race. Well, there’s a certain level of respectability to it and value for that matter.
Closing
34:35.142
[David Spark] I want to thank my guest, Anthony Candeias, the CISO over at Weight Watchers, for joining us. Thank you, Anthony, for being here. And also to Eddie Contreras, the CISO over at Frost Bank for stepping in as the co-host for this very episode, of which you will hear a lot more of him over on Defense in Depth.
And a huge thanks to our sponsor. That would be Vanta. Remember, go to their website, Vanta.com/CISO. Remember to add that /CISO so they know we sent you there. Remember, automate compliance, manage risk, improve trust continuously with Vanta. Huge thanks to our audience. We greatly appreciate your contributions and for listening to the CISO Series podcast.
[Voiceover] That wraps up another episode. If you haven’t subscribed to the podcast, please do. We have lots more shows on our website, CISOseries.com. Please join us on Fridays for our live shows, Super Cyber Friday, our virtual meetup, and Cyber Security Headlines, Week in Review.
This show thrives on your input. Go to the Participate menu on our site for plenty of ways to get involved, including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to the CISO Series podcast.