Host:0:10Hello, I'm the editor of the shield and welcome to the podcast from juniper networks. My guest today believes that the answer to technology overload, staff shortages and hackers who never sleep might lie in the untapped pool of passionate technology native specialists. Yes, the gaming community. Juniper's global security strategy director Laurence Pitt, Welcome to the podcast. .
Laurence Pitt:0:32Hi, it's an absolute pleasure to be here. Thank you for having me.
Host:0:35Well, we're lucky to have you here with us because you just delivered a session and seminar at RSA Conference 2018 Asia Pacific and Japan.
Laurence Pitt:0:43Yeah, and actually it went very, very well. I've presented two sessions actually. The first one I talked about, blockchain and how cryptocurrencies have been built on blockchain and both the good and the bad sides of that as well. Malware developments that rely on blockchain or ransomware, but also how people use it to the positive. And then at the end of the conference, I presented a second session where I was talking about some research that we've been doing, looking at whether the security models that people rely on today to protect their business will continue being suitable for protecting their business in the future as malware continues to develop.
Host:1:16Yeah. Those were fascinating presentations. Perhaps we can welcome you back on the podcast for an update on those sometime.
Laurence Pitt:1:22Yeah maybe well let's see how this one goes first.
Host:1:24Okay. Yeah. Let's press the start button today with some context from Steve Jobs.
Steve Jobs clip:1:30I remember the video game phenomenon. Probably all of you do too. What was the most interesting thing about the video game phenomenon to me was that within a few years after its beginning, kids and non kids, were putting in two and a half billion dollars worth of quarters into these things a year. You can look at these things as games and dismiss them or you can look at them as very simple simulated learning environments. So as an example, in a simple pong game, the game is constantly telling you how well you're doing by how well you score. And so the more you learn the underlying principles, the better your score.
Host:2:04Lawrence, tell me about level one of your interest in this skills crossover.
Laurence Pitt:2:10Yeah. So I've always been passionate about gaming and even today at my age, I still enjoy gaming occasionally. Um, but this is something my son Rowan has actually followed in my footsteps as well and he's a very heavy Gamer, but as much time as he spent gaming, he also spends a lot of that time understanding cybersecurity, the back of it. He become very aware of the need for strong passwords and things like that within the gaming and for telling other people how to do it. And that's driven a passion in him for looking at all things cyber security to the point where in his holidays, he actually now works as a security analyst. Now I've always felt that cybersecurity itself is an untapped pool for specialization. But this really with my son has absolutely confirmed it.
Host:2:53Well, that's amazing.
Laurence Pitt:2:54I mean one day I was talking to him and, he was aware of the research I was doing and he came up with this quote and it was imagine a workforce willing to invest thousands of hours into their job. Now imagine the gamers. Now think of them as your workforce.
Host:3:09that's amazing. So really you owe quite a lot to your son for what you're doing, what you're working on as well then.
Laurence Pitt:3:13I do, and that's why I actually made the point of quoting him and naming him when I do this because then maybe he'll do some more for me.
Host:3:20The coauthor of your future book. He sounds really quite a visionary.
Laurence Pitt:3:24Yeah. I mean, I think he thinks he's a visionary. He's actually at university at the moment. He's studying law and you might think he's doing a law why is he doing cyber, but very early on he recognized that cyber isn't just about coding and actually when you think about the future, somebody who can understand, for example, law and also it's application to the cyber industry it's going to become a very valuable resource.
Laurence Pitt:3:47Then on the gaming side of that, gaming itself requires a very high level of dedication that I don't think a lot of people realize. I mean esports have become massively popular. So the people who do this, who wants to get to the top, they're training and focusing on this every spare hour of the day that they can.
Host:4:02Wow, and they get paid for it in some cases as well.
Laurence Pitt:4:05Yeah, that's right. They do massively get paid for it in some cases.
Host:4:09So Laurence, how would you describe these cyber challenges?
Laurence Pitt:4:13Well, there's two major challenges that businesses have today. The first one is the way we look at risks or the way we deal with instances still based on a model that sits around time. Risk happens, something goes wrong and update gets created to fix it, and the risk is mitigated. This isn't working anymore because the amount of time that takes to happen, the risks are moving too fast and it's making it almost impossible for businesses to be able to stay ahead of these things.
Laurence Pitt:4:41The second challenge is people. There simply are not enough specialists out there. Quite literally, there aren't enough specialists being born to keep up with the gap in the industry for who we need, and then that means that the people who are there often get tied up in managing security solutions rather than actually doing things to make security better.
Host:5:01So Laurence, what can be done, I mean if the risk of moving too fast, how do we predict? How do we pre-empt?
Laurence Pitt:5:06Well, the simplest way actually to think about how you could do this in a business is to look differently at how you deal with things. What we tend to spend time on today is trying to understand what something is. When a threat happens, we'll invest a lot of time into what is that? What is happening with that? Actually what we need to understand is what it's doing. It doesn't matter what it is, if you know what it's doing then you can very much faster mitigate that situation.
Host:5:34Kind of headed it off at the pass kinda thing?
Laurence Pitt:5:35yeah that's right, but because we're focused in this cycle of understand it, make a patch for it, deploy the patch for it, move onto the next one. We're never getting to that stage, we're not agile enough and how we're dealing with things,
Host:5:48So we've got to re-engineer the process in a sense
Laurence Pitt:5:49That's right. Yeah, exactly right. And that was actually the focus of my second talk that I did at Rsa was talking about that need to rethink security models today.
Host:5:58Fantastic. So how can use the younger generation of Gamers to also respond?
Laurence Pitt:6:03Well, kids like playing games and some of them are making money from playing games but reality of the situation is that that's probably the top one percent who are making any amount of money that allows them to become a professional, you know, apart from making $5 here and there. It's just not really happening. Now some of them are earning as much as actual traditional sports people today. They're millionaires out of this.
Host:6:26It's crazy. Yeah,
Laurence Pitt:6:27It is. I mean the biggest prizes that we're seeing out there are running into, I mean this year's Dota, $25,000,000 is offered for the top 10 teams across that game, which is a huge amount of cash.
Host:6:38Huge amount of cash. Yeah. And do they also get the endorsements?
Laurence Pitt:6:42Yeah, they get the scholarships, they get the equipment, they get the mouse mat, they get the computer, the monitor, all of that sitting there because all the manufacturers recognize that there's an opportunity for them being seen with the other gamers who are doing that. But you know, the reality behind that is that's the top one percent who are actually getting that windfall. .
Host:7:01Right, Okay so how do we then attract the rest of the community?
Laurence Pitt:7:05So what we need to do is think about ways of pitching cyber and the importance of cyber within the gaming space. And this is actually something that's starting to happen. I mean kids, my son being the example here, they're naturally curious about what they're doing and places where they can apply the gaming skills they're developing. They don't even realize they're doing it all the time. I actually really enjoyed talking to teenagers about this topic. One of my things I actually love doing is getting in front of a bunch of 16 to 18 year olds because they will ask you the hardest questions, but what they forced me to do is to do the research into things I haven't thought about before, which is then driven into this kind of a conversation where you think actually these people are good at doing this. We should be encouraging them to do this for a job.
Host:7:50But then you've got the self motivation of the game, kind of the, you know, the conflict of the game that keeps you engaged. Do you then have to gamify security in some way to keep them engaged?
Laurence Pitt:7:59Yes, you do. It is important that you gamify security and this is something that um, we haven't been so good at. What's tended to happen is you have a bunch of middle aged people who will get in a room and they will consider what they could think about as being good as a security play, which actually isn't going to attract a 15 or a 16 year old into that space. This is why actually we should be doing it through the games that exist today, making it attractive in ways through what that actually playing rather than trying to reinvent that wheel to bring them in.
Host:8:31Right infact if we could convince them that it's actually a game we could get away without even paying them or the $5, as you said..
Laurence Pitt:8:36The $5. I mean to start with possibly. Yeah. I mean that is something that could happen, but the good guys and the bad guys are both doing this. They're both going to be trying to make money out of this, so thinking you're going to get them for free is actually running up a risk that they'll go to the dark side before you actually get to them.
Host:8:52Right. Now, you mentioned earlier some of the research that you said that you hadn't considered before, your conversations with this younger generation that inspired. Could you talk a little bit about that? What types of research?
Laurence Pitt:9:02I mean, big things I've got very much more aware of have been around privacy techniques. Call it, taking yourself off the grid would be a way of looking at it. I mean I've delved into areas like you know, how to register credit cards that actually don't look like they're yours or how to make it look like you don't live where you really live. All of these things that are actually possible when you realize how simple they are and how easy it is to obfuscate yourself from the real world. Then you start to realize what the things are that people who are really smart on the dark side of doing and what you need to be watching for and how fast you have to react to these things. You know, these are the questions I got asked and that's why I started looking into it and it's a scary place.
Host:9:42Well, your research, is awe fully very good because I saw you pull up in a porsche 911 outside. So erm.
Laurence Pitt:9:47Yeah I wish you did.
Host:9:50So it seems that the race is on for each side as you say to tap into the gamer workforce.
Laurence Pitt:9:55Yeah, that's right. I mean, as I was just saying, as fast as we're developing these new techniques, we have to remember that the bad guys, they're either already using these techniques or they're already sitting one step ahead of us doing this. We're using artificial intelligence. They're using artificial intelligence. Machine learning they are using machine learning. I mean remember, if they decide they're going to break into an environment, they can probably go and download evaluation versions of every piece of software and hardware you've got to try to understand where those weak spots might be. So you know, although these technologies are great it's humans that actually going to make the difference to do this. It's having smart reactionary analysts who actually can look at these things and react very fast to them. They're still not gonna make the difference. The humans are critical and this is how we're going to be able to stay truly ahead of these advanced threats,
Host:10:44But depart from just the technology side, what's being done to kind of win over people from the dark side. I mean, one is of course, you know, stick them in jail, but what else has been done?
Laurence Pitt:10:53yeah, i saw a career track where it actually said that once he finishes that will go to jail, become an advanced security analyst. I think that will might've moved off recently. No, I mean the way that they're being attracted now is you are seeing big companies are starting to advertise for people doing this. Um, Price Waterhouse in the UK have been running a big campaign. They have a fairly successful business game they've run the UK government and just spinning up around actually how to be able to develop attractive games for youngsters and their effectively crowdfunding that development to make that happen, to bring them into that as well. But all of this stuff is being advertised and it's having people at the right age working on it as well to make it more attractive. So things are moving in the right direction. Um, you might say we are a little too late in some places, but we're getting there with it and we are seeing more and more 16, 18, 20 year olds who were thinking, actually that is something that I could do that is something that could be interested in.
Host:11:47Let's revisit the role of the human and machine learning. Could you give me an idea of how this all comes together?
Laurence Pitt:11:54So as I said earlier, machine learning and artificial intelligence will not fix the skill shortage. Um, you'll see plenty of stories out there where people are suggesting that it might or taking it the other way and saying actually they may address it to a point where we don't need the humans working. And I really, really don't believe that's the truth at all. Until technology is in a position where you can ask a computer to generate a random number and it will give you a truly random number. We're never going to just have technology that can be successful against the hackers. This is why I think actually we have to look in different places. And this is really where this research that I've been doing thinking about the gamers as a good place to look at it is somewhere where we can grow in this space. You know, there's only the one percent that's really going to be massively successful. The other 99 percent are going to need a career space to move into at some point. And cyber security can be really good. I mean the problem is when we think of Gamers, we tend to think of a teenager, sweaty, crisps, fizzy drinks, hunched over a computer in his bedroom with no lights on and not coming out for 26 hours a day. That's not how gamers view themselves though. And you have to think about it differently. They are part of a team that may be a virtual team and they're doing that, but it could be a global virtual team where they're working with people from different cultures to be successful in how they play their game. Practicing the latest tactics, understanding the latest moves, working out what the enemy is and how they can work together as a team to be successful and win that game. The moment they have a lot of stake in the whatever ranking or a score or reputation, but this could be something as a career for them as well with the exactly the same things at risk,
Host:13:33But what's the motivation? How do we motivate them to do this?
Laurence Pitt:13:36They have the skills in place already. They are very, very good at problem solving. They're very reactive. They can look around corners and they can make things happen. They love working as part of these teams. They're technology natives. They wake up and they think technology all of the time. They look at a computer. They understand what the challenges are with that device. They're already attracted. A lot of what we have to do is change the language of how we're talking to them so that we're talking in a way that attracts a Gamer. An 18 year old. We're not talking in a way that's attracting you or me to that industry as somebody who i'm afraid is older than 18.
Host:14:10Yes, 18 and a half. So in a recent slate article, Josephine Wolf rights, since when did video games require a strong dose of logic as opposed to an ability to easily suspend reality and engage in fantastical scenarios? How would you respond to that?
Laurence Pitt:14:29Um, well I wouldn't agree with it's to start with. I think that's almost a kind of comment that comes from somebody who probably hasn't played a lot of games much further than candy crush or angry birds on their mobile phone. I mean, I know from just my playing, there are the challenges games have themselves become a lot more intelligent. You have to be able to analyze the situation, you have to be able to change some things on the fly, you have to think about the principles of what you're actually trying to do and you have to overcome challenges. And there is that whole risk and reward thing that happens as well. You go in to do something, you see an opportunity and you do it and you get the same buzz out of it as if you were actually doing that thing without obviously putting their same risk in, in some cases. So these are qualities that the top gamers have. If you think about it, somebody who can act cool under pressure, who can deal with a complex situation, who can look around corners and see what the problem is, aren't those the same kind of skills a really good security analyst would also have?
Host:15:25Across many fields actually not just as a security analyst. Let's pause for a moment to listen to a clip from a recent General Electric campaign.
GE ad clip:15:32Whether it's strategy, RPG, or sports games both give and demand an immersive experience from their players. So what's firing away inside their heads besides the next move ever have your surroundings fall away from you as you progress in your favorite game, it's no surprise that frequent gameplay affects multiple areas of the brain. And in turn your census. It turns out that spacial awareness, strategic planning, heightened sensory movement and decision making involved with playing video games can actually help you navigate the real world. We're just beginning to understand the different connections in the brain that make this possible. So the next time you sit down with your keyboard controller or phone, remember that you're not just playing, you're training your brain.
Host:16:27So Lawrence, today how are these trained brains being lured into legitimate industries?
Laurence Pitt:16:33Well, what's tending to happen today still is we're seeing things that don't necessarily attract, but we are seeing changes with big organizations. As I was saying earlier, companies like PWC who are developing games, who are developing scenarios that gamers can be more interested in. I mean the most successful one I'm aware of today still was the game that the US army created a few years ago, which was a first person shooter game that people played that was encouraging them at the end to say, right, you've done this well now why not sign up? We've seen the UK have their Cyber One program, which is to attract university graduates to go to do things for the government. The NSA have program spun up. So we're getting there. We're getting much, much better at this and I do think that its recognized that we have to attract 18 year olds as if we're 18. That's really the key thing here and it is happening. I'm confident that is going to happen.
Host:17:26It's almost you got to give it a James Bond spin or a mission impossible spin and bring the guys in on that.
Laurence Pitt:17:31Yeah, that's right. Excite them and then they'll come on over.
Host:17:34And then pay them peanuts, crisps and pizza.
Laurence Pitt:17:38Pizza's definitely..
:17:38Lawrence that sound means our time is up, you know really thank you so much. I've really enjoyed this conversation today.
Laurence Pitt:17:45Thank you ever so much.
Host:17:47Ladies and gentlemen, that concludes our podcast. I want to thank you for taking the time to listen today. We'll be back soon with more news and insights from The Shield.