Security Webinar: The Evolution and Future of Security: A Conversation on AI, Data Privacy, and Threat Landscape
Welcome to our latest conversation on “The Evolution and Future of Security: A Conversation on AI, Data Privacy, and Threat Landscape”. Join our guests in an interesting discussion and learn how to provide valuable insights into the current security landscape, discover the importance of integrating security and data privacy into business strategies, and check the evolving role of AI and regulatory frameworks in shaping these efforts.
Our guests:
– Kristine Briggs: CEO and founder of OIC Advisors, with a background in strategy, innovation, and operations.
– Kelly Geary: Managing Principal at EPIC Insurance Brokers and Consultants, specializing in cyber and technology risk.
– Dominik Samociuk: Head of Security at Future Processing, focused on internal security and client security activities.
The conversation is hosted by Nicolas Ostrowski, President of Future Processing US.
Nicolas Ostrowski: We’ve got three amazing panelists today. Let me introduce you to Kristine Briggs, CEO and founder of OIC, a Cisco veteran known for strategy, innovation, operations, a friend, and I believe a solar eclipse viewer recently, if memory serves?
Kristine Briggs: Absolutely fantastic.
Nicolas Ostrowski: Then we got Kelly Geary, Managing Principal at Epic Insurance Brokers and Consultants, also a University of Buffalo School of Law, that memory serves correct?
Kelly Geary: That is correct, yep.
Nicolas Ostrowski: Right, and decades of—decade plus of claims and legal compliance. Very well. So all right, so I’m going two for two. And then we’ve got Dominik Samociuk, my good friend who has a PhD, Head of Security for Future Processing, family lover of all things security, SME of the knowledge of the world and how to help people ensure from a data and privacy standpoint. Yeah?
Dominik Samociuk: Yep, perfect.
Nicolas Ostrowski: And I’m your host, Nicolas Ostrovsky, President of Future Processing. Wow. Today we would like to talk to you about security, about data privacy, about digital tools and AI, and how that’s going on. And let’s start with just introductions of the panelists. Kristine, would you like to go first and tell about yourself, about OIC Advisors?
Kristine Briggs: Sure, sure. OIC Advisors was founded about a year ago and it sort of builds on our experience of—this is my sixth startup, sold a couple, couple went public. And what we found is that technology companies make a lot of the same mistakes over and over again, whether it’s organizational design or strategy, or lack of clarity of strategy or portfolio strategy. We see a lot of the same mistakes. So we founded a company to help both startups and larger companies really hone in on the strategy that is going to help them get to the next step. And so we call it operational velocity: what are those things getting in the way of your operational velocity? And we’re able to do it very quickly. We don’t give you a 100-page report that you then have to weigh through and tells you everything you just said. We get in, we give you the IP you need to be able to excel at what it is that you want to achieve.,
Nicolas Ostrowski: That’s amazing. And given today’s nature for speed and intensity and rigor, you’re spot on. Kelly, would you like to go next please?
Kelly Geary: Sure, of course. So, I am the National Practice Leader with Epic Insurance Brokers and Consultants. We are a full-service insurance brokerage firm. I run a team that is focused on cyber and technology. We assist organizations of all sizes in multiple different insurance industry verticals with respect to insurance risk transfer associated with cyber and technology risk.
Nicolas Ostrowski: Outstanding. Dominik, give us a little overview of your role of Head of Security for Future Processing and please have at it.
Dominik Samociuk: Okay, so I’m actually wearing two hats. One of those is the head of our internal security team, making sure that the IP of our customers is safe in Future Processing. Another one is simply delivering security activities for our customers. We really want to start as soon as possible with “security by design” a motto, making sure that the bugs should be found as soon as possible. It will be the most cost-effective option to make sure that there will be no vulnerabilities introduced even at the idea level of the application.,
Nicolas Ostrowski: And it’s important to understand just from an internal standpoint how we keep control regardless of at OIC, at Epic, or at any firm. I appreciate you giving us the landslide and insights around that. Let’s start off with a question. We’ll go with Kristine. Given that Dominik went and explained from an internals perspective, what have you seen from a security standpoint or from a landscape over the last few decades—I shouldn’t say decades, over the last few years, let me be—and how are you handling it from a consulting standpoint and then overall timing in the industry?
Kristine Briggs: Yeah, I think there’s a lot of things that haven’t changed and then there’s a few things that have changed big time. And I think the things that haven’t changed are just absolutely foundational. You know, I think you think 25 years in people would have gotten the memo about defense in depth and attack surface reduction and all of those really standard common things, and we still see those as issues. You know, I think previously security was just seen as a network issue and now, you know, it’s much broader than just the network. I think the talent shortage hasn’t changed. You know, we still have a talent shortage many years in, even though now we have full-on university programs.
I think what has changed is obviously AI. Unfortunately, attackers are jumping on the generative AI bandwagon way faster than large companies and security vendors are. And it’ll be very interesting to see where that goes. I was thinking about it the other day in terms of like a DDoS attack and what you could do with generative AI in, you know, leveraging a DDoS attack. And so I think AI is going to be very interesting to see what happens and whether security vendors kind of pick up their game. I think there’s a lot of, when you look under the covers, there’s a lot of good marketing but they’re very, very slow to respond in terms of the threat landscape in my opinion.
What else is new? I think phishing is now like a huge attack vector. It always was a thing and you had to do security awareness training for your people, but it’s just, it’s gotten out of control. And then I also think, you know, back in the day when it was, you know, kids in t-shirts in the basement, you know, there was kind of this code that you wouldn’t attack nonprofits. You know, maybe you attack your high school, but you wouldn’t attack nonprofits. And now it’s become such a business and, you know, you’ve got nation-state actors involved as well that nobody is safe. And I think the new, the new most popular attack vector is kind of ransomware for nonprofits, for healthcare, for cities and towns. Um, you know, they just don’t have the budget. They might have one part-time IT person and so that is, that is definitely new. And then I also think people managing very large data sets with XDR and MDR, I think that’s a fairly new trend as well. And has, it’ll be interesting to see where that goes in terms of AI. I don’t know, Dominik, what do you think? What did I miss?,,,
Dominik Samociuk: Yeah, I would say it’s correct. However, I’m seeing that we have a better consumer awareness about the security. The security was always in the past the thing that will be done at the end if we will have money, enough money to actually implement security. First of all, it should work. It is changing right now. Also, we have a huge regulatory pressure to actually implement security on various levels, on a data privacy concern related to the GDPR in Europe, in the state legislation in States. Also, we have quite a few regulatory requirements to actually inform about the incident that occur in your company. So yeah, I think the awareness overall is getting bigger and bigger.
Nicolas Ostrowski: That’s a really good point. The complexity of data sovereignty, like for any company large or small, just dealing with data sovereignty issues that change on a regular basis is, it’s a full-time job for most companies. Yeah, it’s insightful and know—I mean as the, we’ll say again, the landscape changes, the velocity, intensity, the rules of engagement are no longer… it’s anything in at any time. And that brings up from a standpoint from client and customers, Kelly, what are you seeing regarding data privacy and AI because it kind of go hand in hand from an adoption standpoint?
Kelly Geary: That is absolutely true. I mean, I’d say that our large organizations and even the midsize and smaller ones are dealing with all the risks that Kristine and Dominik just sort of touched on. And I think that the insurance market certainly is asking a lot of questions. So we, you know, our insurance clients that are purchasing, seeking to purchase cyber insurance to try to transfer some of this risk, are being asked a lot of questions about their network security and data privacy. I think we’re starting to see a [few] more questions around AI. I think the insurance industry is trying to wrap their heads around what questions to ask that would be relevant. You know, they are putting some questions to clients. They are starting to change some of the policy wording and create definitions around “AI security event” rather than just pure security event, which I think can be challenging to apply ultimately. I don’t know what an AI security event really will look like, you know, six months from now. They may define it today and it may look very different six months from now. So, but they’re certainly struggling with the, with also the regulatory environment as a general proposition internationally and domestically here in the US. It is a patchwork of regulatory rules and it’s very difficult to comply, almost impossible really.,
Nicolas Ostrowski: Yeah, you bring up a couple of good themes. One is what does it look like historically and then what it will look like in six to 12 months. As you change the definitions, you change what’s important. Dominik, you and I had a conversation, I want to say December and January, and we were talking about security by design. Have you, and what Kelly brings up and what Kristine weaved in, has your viewpoint changed the marketplace? Have you seen different things? Are you looking at it from an internal and external client standpoint between now and the second half and 2025 and beyond?
Dominik Samociuk: Um, really it depends on the aspect of security we are talking about. Definitely the things related to the AI. When we were talking maybe at the December event, I would say that there was a huge boom to actually use AI no matter what. Right now we have a little bit more focus on AI ethics, on a thing that I would call data minimization. So making sure that we are collecting and using only enough data to actually train the AI due to the fact that we have privacy concern[s] that needs to be focused on when developing such AI application or GPTs simply. Also, I’m seeing that we started using a lot of AI in almost all aspect[s] of security. So advanced threat detection using AI, making sure that it is more sophisticated—we are creating more sophisticated threat detection tools. We are also implementing supply chain security using AI so we can browse through [a] huge amount of data not using a human factor but using some kind of automation mechanism. Once again, we are focusing on zero trust architecture; doesn’t change really, so it is still a valid point. We have a cloud security, we have data privacy. Maybe the details changes but the focus stays on the same mechanism, I would say.,
Nicolas Ostrowski: Yeah, and and then from a standpoint from a consultive standpoint, Kristine, in our strategy, how are you in OIC when you’re having conversation with your clients and doing workshops from either from an architecture standpoint or from a security standpoint or from an MSSP? How are you approaching it? And I’m sure it’s evolving quite rapidly.,
Kristine Briggs: Yeah, I think for MSSPs it it’s been interesting to watch the landscape. There are companies who previously would never have considered using an MSSP to manage their security landscape and now they’re much more willing, um, you know, as Kelly said, to transfer that risk and say, “Okay, this is getting too complicated, I want to focus on my core business.” And so we’re definitely seeing that. I think the way we think about security from a strategy perspective is you’ve got your corporate strategy, which is where you’re trying to go and how you think you’re going to get there and how you’re going to differentiate and be competitive. And then security needs to be, as Dominik said, absolutely foundational from the design stage. And you know, it sounds really basic but a lot of people still haven’t gotten that memo. And so making sure that they understand that, and making sure that because of all the money and the effort they’re putting into having good robust security, that they actually talk about it, that it’s part of their marketing story, it’s part of their value proposition. And so I think, I think those are the things that we’re seeing just from a strategy perspective. But I think people are still to some extent uneducated. You know, they’re really excited about the shiny idea of the product or whatever it is that they’re doing, and security really needs to be a forethought and not an afterthought. And I think you know, I would think after, you know, 25 years of doing security-related stuff we would have seen improvement there and we just still haven’t. You know, there’s still a lot of people that just don’t understand the importance of it from day one. Um, but you know, always trying to make progress there.,
Kelly Geary: If I could just jump in really quickly on what Kristine said, I think one of the things that I’ve seen across our client base really is that sort of rush to adopt AI and generative AI um, so that it can give them some sort of competitive advantage or they’re, or they will be left behind. And they’re doing it um without really thinking about the implications and the risk. Um, and so I think that’s a real problem.,
Nicolas Ostrowski: Yeah, that it’s one thing to adopt something, it’s another thing to understand where, what is the strategy for implementation, how do you do it from a regulatory, from a compliance, from a transfer, from [an] over data privacy. It’s overarching. And there’s a lot of tools out there. Maybe for the last question for the three of you: what is something that you’re looking at as far as ensuring from either from an architectural standpoint or from a consultive standpoint or from just an overall market standpoint? What is something that is a focus for each [of] you and what would you like to say to the people listening today that they should take away from this call?
Kristine Briggs: I could go. Um, I think for for me from a consultative standpoint, what I try to get across to our clients, both like Fortune 20 and startups, is the world has foundationally changed. It’s never going to be the same again. The world has changed and the pace of change has just gone so much faster. It’s like exponential growth, exponential change. And so the ways of working, the ways of teaming have also changed. You know, the days of getting everybody flying people in, you know, getting in a conference room for three days and you know, doing your strategy and then flying people home, like that’s not the way the world works anymore. You don’t do a five-year strategy anymore. And so you’ve got to find new ways of working, new ways of having an agile strategy that… that you’ve got your eye on the market and your competitors and you know what they’re doing and you can move as quickly as they can in an agile way to be able to change your strategy to stay competitive. And any company that doesn’t develop that muscle, that strategic muscle, that agile muscle to be able to move much faster is going to just go out of business over time. And I think for big companies it takes a lot longer um for them to to fail because of of pace of change, but for small companies it goes very quickly. And so that’s what we try to tell people, it’s like: you’ve got to be agile, you’ve got to be nimble, you’ve got to have all of your leaders marching in the same direction on your strategic direction, but you also need to be able to change it as the market changes. And that’s something that that um for especially larger companies is very challenging.,,
Nicolas Ostrowski: I appreciate that Kristine. And Kelly, from what claims are regulatory, or you seeing some things emerging? And you talked about uh earlier on about inserting language or incorporating digital tools—not digital tools, digital language—within the contracts. How are you seeing the landscape?
Kelly Geary: Yeah I would say, I mean I agree with what Kristine said entirely. And I think um when you’re talking about risk transfer via insurance, um you know the insurance market moves at a snail’s pace generally speaking. Um, and and so they tend to be pretty reactive to new technology and new risk. Um, but they are moving a little bit more quickly than they have in the past and they are trying to insert some wording in the insurance policies and trying to underwrite a bit better to the risk. And I think that they’re moving in the right direction that way, incorporating technologists at at insurance companies in the underwriting phase of things um, where that was never the case before. And so I think that that, you know, the risk is very dynamic and and so is the the way that you transfer that risk has got to be, you know, you have to really think about that because you can’t rely on the way that you used to transfer risk before. It’s going to be a little bit different.,
Nicolas Ostrowski: And it brings up from a—you make [a] mention about from a transfer standpoint. Dominik, as we’re onboarding potential clients and what are you seeing in the landscape as far as making from an ease—you mentioned earlier about a regulatory as well from an EU standpoint—we know things are shifting as Kristine said at a lightning pace. How are we managing it or how are you seeing them manage it?,
Dominik Samociuk: Yeah, so I’m actually happy lately to the fact that always we need to convince our customer to make security into their product. However, lately we are seeing this huge consumer awareness. They are making sure that the product is actually even by themselves designed with security in mind. Also we have a great conversation uh few weeks ago with the VC company uh who is saying that one of the question[s] they are asking to the potential product that they will be developing or funding really is to: how you are dealing with security? Due to the fact that without security, or when getting [the] answer “we will think about security later,” without security the product would not go into the market.
We have a huge regulatory push. This uh landscape, regulatory landscape is still evolving, adapting new privacy regulation, data privacy regulation security handles, AI Act in Europe, Cyber Resilience Act, etc. Developing even at the first stag[e] of this product without security in mind, without security by default principle, makes the the product uh that cannot go uh into the market when needed really. So uh we are really seeing this awareness about security. Really selling the security activities started to be easy by by sales, which is a good thing for our company.
But really yeah we we are seeing that the threats are the same through the years. So still we are dealing with phishing, still we are dealing with problems with updating in time when there will there is new vulnerability found. But the mechanism underneath is is different. We are using AI adoption, we are using automation instead of human factor to make a few checks, to to do the penetration testing differently. So yeah the landscape, the security landscape is once again evolving and I don’t think if we catch up in a year the the answer will be different. Still the mechanism will be the same, the details how the mechanism is working would be uh better hopefully changed with the technology.,
Nicolas Ostrowski: Yeah maybe I’ll wrap it up on a positive note or maybe just an interesting note. Uh we know things are going to continue to evolve, we understand that the landscape is still important but there’s still some passions in the world. Maybe I’ll ask a passion question. We all have one. What is, maybe not a passion, I’ll say what’s a favorite food or favorite pizza topping? We’ll go with baby hopefully everybody likes pizza, hopefully that still exists, it’s not a data privacy thing, nobody’s collecting that one. Maybe I’ll go with Kelly, do you have a favorite pizza topping or favorite style of pizza?
Kelly Geary: I like buffalo chicken pizza.
Nicolas Ostrowski: Okay. Kristine, are you a pizza person by chance?
Kristine Briggs: I love pizza, favorite food, but I’m I’m like a 5-year-old: cheese pizza all the way. You know I could put veggies on it but if I can avoid veggies, you know, just cheese pizza all the way.
Nicolas Ostrowski: Okay. Um I I can eat any type of pie. Dominik, yourself?
Dominik Samociuk: Yeah I will double down on Kristine[‘s] answer. So the the basic one for me due to the fact that I’m a risk-aware person, I don’t want to risk it.
Nicolas Ostrowski: Love it, I love it. Well I want to thank everybody today for the time, I appreciate the insight—
Kristine Briggs: Wait a second Nick, what’s your, what’s your pizza topping?
Nicolas Ostrowski: Oh pizza topping! I’ll go classic but if I do put topping on I’ll go with mushrooms.
Kristine Briggs: Oh okay.
Nicolas Ostrowski: Yeah I make can eat any type of pizza. It can be pizza bagels, it can be frozen pizza. I don’t discriminate on pizza.
Kristine Briggs: Excellent.
Nicolas Ostrowski: Well again thank you Kristine for getting my answer as well. I’ve enjoyed today’s session, we look forward to seeing each of you again. Um everybody out there listening, we’ve got three amazing people. Please reach out to them for insights from a strategy standpoint, from an insurance standpoint. But if overall we’re happy and here to help you. So thank you, thank you, thank you.