Microsoft Purview in the Age of AI: Securing Copilot with Peter Rising [Microsoft]

1
00:00:00,000 --> 00:00:03,640
Welcome back to another edition of the NC65 podcast.

2
00:00:03,640 --> 00:00:06,000
Today, my guest is Peter Rising

3
00:00:06,000 --> 00:00:09,000
in your partner solution architect at Microsoft,

4
00:00:09,000 --> 00:00:11,520
focused on security, compliance, and identity

5
00:00:11,520 --> 00:00:14,480
across Microsoft UK partner ecosystem.

6
00:00:14,480 --> 00:00:16,400
Peter works with some of Microsoft

7
00:00:16,400 --> 00:00:19,360
most strategic partners, helping organizations

8
00:00:19,360 --> 00:00:23,240
securely adapt AI technologies like Microsoft co-pilot,

9
00:00:23,240 --> 00:00:27,200
so strong governance security compliance

10
00:00:27,200 --> 00:00:29,000
in zero trust principles.

11
00:00:29,000 --> 00:00:32,480
You also, one of the most recognized

12
00:00:32,480 --> 00:00:37,480
was in Microsoft strategic partner program.

13
00:00:37,480 --> 00:00:39,960
Yeah, I think everyone knows him,

14
00:00:39,960 --> 00:00:44,960
especially for Microsoft PUE and his awesome YouTube channel.

15
00:00:44,960 --> 00:00:49,600
For them, they don't know it, they have to look at it.

16
00:00:49,600 --> 00:00:51,520
Yeah, I learned a lot there.

17
00:00:51,520 --> 00:00:55,120
Yeah, Peter's also a passion about advocates

18
00:00:55,120 --> 00:00:57,480
for women in tech, mental health awareness,

19
00:00:57,480 --> 00:01:00,080
well-being, and trust in drum awareness.

20
00:01:00,080 --> 00:01:02,280
In the world where I is moving farther

21
00:01:02,280 --> 00:01:05,360
than most organizations can cover it,

22
00:01:05,360 --> 00:01:08,120
Peter, experience has never been more relevant.

23
00:01:08,120 --> 00:01:09,480
Peter, welcome to the show.

24
00:01:09,480 --> 00:01:11,640
Thank you, Marco.

25
00:01:11,640 --> 00:01:13,440
It's very, very kind of you to invite me.

26
00:01:13,440 --> 00:01:14,880
I'm happy to be here.

27
00:01:14,880 --> 00:01:19,880
Yeah, tell us a little bit about your journey into technology.

28
00:01:19,880 --> 00:01:25,200
Ooh, wow, yes, well, how long have you got, sir?

29
00:01:26,760 --> 00:01:30,120
I began my tech career in the mid-90s.

30
00:01:30,120 --> 00:01:35,720
After a few years of working in jobs with no real prospect

31
00:01:35,720 --> 00:01:39,240
or direction, I was working for a legal firm

32
00:01:39,240 --> 00:01:41,280
where technology was just started to come in

33
00:01:41,280 --> 00:01:44,400
and an IT manager was hired,

34
00:01:44,400 --> 00:01:47,160
and she told me that she needed some help.

35
00:01:47,160 --> 00:01:48,200
Would I like to learn this?

36
00:01:48,200 --> 00:01:51,280
And I said, yes, absolutely, because I had no other idea

37
00:01:51,280 --> 00:01:53,160
what to do with my career, so I thought,

38
00:01:53,160 --> 00:01:54,600
I might as well learn this.

39
00:01:54,600 --> 00:01:58,920
And wow, I really enjoyed it, discovered I was reasonably good at it,

40
00:01:58,920 --> 00:02:00,680
and that's where it all started.

41
00:02:00,680 --> 00:02:04,600
I started doing IT support, you know,

42
00:02:04,600 --> 00:02:07,360
just supporting the users with their PCs

43
00:02:07,360 --> 00:02:10,280
as they started getting them and printer problems

44
00:02:10,280 --> 00:02:11,920
and that sort of stuff.

45
00:02:11,920 --> 00:02:13,440
And then throughout the years,

46
00:02:13,440 --> 00:02:15,680
got a bit more knowledge

47
00:02:15,680 --> 00:02:18,760
and started working for IT solutions providers

48
00:02:18,760 --> 00:02:23,760
or being IT manager in the industry.

49
00:02:24,080 --> 00:02:27,560
In a company, many manufacturing companies.

50
00:02:27,560 --> 00:02:31,120
And then in more recent times, over the past 10 or so years,

51
00:02:31,120 --> 00:02:34,360
I've worked for a variety of Microsoft partners

52
00:02:34,360 --> 00:02:39,080
as a consultant, specializing in Microsoft technologies,

53
00:02:39,080 --> 00:02:43,320
doing hybrid migrations to exchange online

54
00:02:43,320 --> 00:02:46,400
and then getting into teams and SharePoints.

55
00:02:46,400 --> 00:02:50,920
And then eventually, security was where I settled

56
00:02:50,920 --> 00:02:53,480
and decided it was going to be my specialist subject

57
00:02:53,480 --> 00:02:58,280
and I managed to work for some really good partners over the years

58
00:02:58,280 --> 00:03:02,640
and some very interesting customers and some good roles.

59
00:03:02,640 --> 00:03:05,760
As a consultant, a senior consultant,

60
00:03:05,760 --> 00:03:08,440
a principal consultant and managing teams

61
00:03:08,440 --> 00:03:12,240
and now most recently, five months ago,

62
00:03:12,240 --> 00:03:14,360
I had the opportunity to join Microsoft,

63
00:03:14,360 --> 00:03:16,440
which was from a dream opportunity

64
00:03:16,440 --> 00:03:19,800
and I've loved every minute that I've been

65
00:03:19,800 --> 00:03:22,320
with Microsoft since joining.

66
00:03:22,320 --> 00:03:26,040
And I'm with partners all over the UK and Ireland

67
00:03:26,040 --> 00:03:29,040
to help them build out their security roadmaps

68
00:03:29,040 --> 00:03:31,720
and support them at events and that sort of thing

69
00:03:31,720 --> 00:03:36,040
so that a very brief whistle stop tour of my career

70
00:03:36,040 --> 00:03:38,920
from the mid 1990s to there.

71
00:03:38,920 --> 00:03:44,800
- So can you a little bit, you're five months at Microsoft,

72
00:03:44,800 --> 00:03:46,640
can you a little bit explain what do

73
00:03:46,640 --> 00:03:49,520
is the senior partner solution has to take do it, Microsoft?

74
00:03:49,520 --> 00:03:50,320
(laughs)

75
00:03:50,320 --> 00:03:52,880
- Oh, it's lots of great things.

76
00:03:52,880 --> 00:03:58,360
I mean, we evangelize the Microsoft security compliance

77
00:03:58,360 --> 00:04:00,200
and identity technologies, but not just that,

78
00:04:00,200 --> 00:04:04,560
obviously things like a co-pilot in Agent 365 as well.

79
00:04:04,560 --> 00:04:08,680
We tell stories around how we secure and govern those things,

80
00:04:08,680 --> 00:04:12,720
but it involves working with Microsoft's

81
00:04:12,720 --> 00:04:15,120
in the UK and Ireland managed partners,

82
00:04:15,120 --> 00:04:19,240
so partners that are specifically managed by Microsoft

83
00:04:19,240 --> 00:04:21,720
and would do good things together,

84
00:04:21,720 --> 00:04:24,320
helping them to build out offerings

85
00:04:24,320 --> 00:04:26,600
that they can take to their customers.

86
00:04:26,600 --> 00:04:30,640
We can help the partners with supporting them

87
00:04:30,640 --> 00:04:32,440
on strategic deal activations.

88
00:04:32,440 --> 00:04:35,680
So if they want a land a particular deal with a big customer,

89
00:04:35,680 --> 00:04:38,160
we can go and help support them on that.

90
00:04:38,160 --> 00:04:42,680
I support our partners at their events as well,

91
00:04:42,680 --> 00:04:45,320
so I'll go and go events and speak alongside them

92
00:04:45,320 --> 00:04:48,600
and do talks and keynotes and that sort of thing.

93
00:04:48,600 --> 00:04:53,600
So, but I saw about proving and showing what

94
00:04:53,600 --> 00:04:59,000
all the great things with Microsoft E7 now,

95
00:04:59,000 --> 00:05:01,960
and Agent 365 in particular can do,

96
00:05:01,960 --> 00:05:05,600
telling good stories and showing the partners how they can

97
00:05:05,600 --> 00:05:08,040
offer these help support their customers with it

98
00:05:08,040 --> 00:05:11,280
and hopefully get some value back from those stories as well,

99
00:05:11,280 --> 00:05:14,680
because hey, we want people to be using these great products.

100
00:05:14,680 --> 00:05:18,040
- Yeah, especially in security,

101
00:05:18,040 --> 00:05:21,920
a lot of companies, I'm it, they have this perspective,

102
00:05:21,920 --> 00:05:26,520
oh, we pay for the tools, so Microsoft handle the security for us.

103
00:05:26,520 --> 00:05:30,240
So what will you say, what is run on this mindset?

104
00:05:30,240 --> 00:05:32,920
- What is run with this mindset?

105
00:05:32,920 --> 00:05:37,000
Well, it's true that Microsoft provides the platform

106
00:05:37,000 --> 00:05:42,000
and the solutions, but it's not up to Microsoft

107
00:05:42,000 --> 00:05:47,240
to configure that for the end users.

108
00:05:47,240 --> 00:05:48,920
So this is where partners can come in

109
00:05:48,920 --> 00:05:53,280
and work with their customers to apply their specialists

110
00:05:53,280 --> 00:05:57,640
knowledge to help those customers deploy things correctly

111
00:05:57,640 --> 00:06:02,480
and good security and protection and governance

112
00:06:02,480 --> 00:06:05,040
across Pervue, across Defender, and,

113
00:06:05,040 --> 00:06:08,920
and, there's a shared responsibility model

114
00:06:08,920 --> 00:06:12,040
within a lot of what Microsoft do with their products.

115
00:06:12,040 --> 00:06:14,280
There are things that Microsoft provide,

116
00:06:14,280 --> 00:06:15,840
they provide the platform, the products,

117
00:06:15,840 --> 00:06:18,760
about the actual configuration and the settings,

118
00:06:18,760 --> 00:06:21,680
recommended configurations, that's,

119
00:06:21,680 --> 00:06:25,600
that's down to the customer with working with good partners,

120
00:06:25,600 --> 00:06:30,280
hopefully, Microsoft partners to help them do the right things.

121
00:06:30,280 --> 00:06:36,920
- And what did you think we have, yeah, the age of AI,

122
00:06:36,920 --> 00:06:41,600
I think, governance, security come become more, yeah.

123
00:06:42,640 --> 00:06:49,640
- In focus, in focus, why now and not before,

124
00:06:49,640 --> 00:06:54,640
and how did AI change their security conversations?

125
00:06:54,640 --> 00:06:59,520
- Yeah, AI has changed it massively.

126
00:06:59,520 --> 00:07:02,840
It really has the best example I can give

127
00:07:02,840 --> 00:07:06,600
in terms of a particular Microsoft product is Pervue

128
00:07:06,600 --> 00:07:09,440
because Pervue's been around for a long time.

129
00:07:10,600 --> 00:07:12,760
A good, a good many years now,

130
00:07:12,760 --> 00:07:17,360
but it's never been as well adopted or well understood

131
00:07:17,360 --> 00:07:20,800
as Defender or Entra, for example.

132
00:07:20,800 --> 00:07:23,000
The customers have always understood

133
00:07:23,000 --> 00:07:26,240
why they've needed strong identities in place

134
00:07:26,240 --> 00:07:29,520
and why they have to protect their endpoint devices,

135
00:07:29,520 --> 00:07:32,560
but the compliance piece, the Pervue provides,

136
00:07:32,560 --> 00:07:36,960
protecting data, that has always been a little bit more niche,

137
00:07:36,960 --> 00:07:38,640
not as well understood,

138
00:07:38,640 --> 00:07:43,440
but now with AI being here with tools like co-pilot

139
00:07:43,440 --> 00:07:47,640
and things like Agent 365 coming into play as well,

140
00:07:47,640 --> 00:07:49,520
these things can get a hold of data.

141
00:07:49,520 --> 00:07:54,000
They use data as their life bullet, their fuel,

142
00:07:54,000 --> 00:07:57,720
their consumer, their vast quantities.

143
00:07:57,720 --> 00:08:01,240
And therefore, that data has to be properly protected and governed.

144
00:08:01,240 --> 00:08:06,480
So I've seen a massive shift in the last one or two years

145
00:08:06,480 --> 00:08:10,680
since we've been working a lot more with AI of customers

146
00:08:10,680 --> 00:08:13,800
coming to Microsoft and to Microsoft Partners saying,

147
00:08:13,800 --> 00:08:16,320
we get it, we need to protect our data now,

148
00:08:16,320 --> 00:08:20,240
we need to understand our data if we want to use AI safely

149
00:08:20,240 --> 00:08:24,360
and Agent 365 technology safely as well.

150
00:08:24,360 --> 00:08:28,400
So then I understand that they need to do this,

151
00:08:28,400 --> 00:08:30,240
they need to do their homework

152
00:08:30,240 --> 00:08:32,840
if they want to play with these shiny new toys.

153
00:08:32,840 --> 00:08:34,760
They've got some work to do.

154
00:08:34,760 --> 00:08:39,160
So, and it's really nice to see, it's really refreshing to see,

155
00:08:39,160 --> 00:08:43,080
it's finally clicking in customers' minds,

156
00:08:43,080 --> 00:08:45,640
like this is what Perth, you can do for us.

157
00:08:45,640 --> 00:08:51,040
- Yeah, I think it's a great tool and it's so, yeah,

158
00:08:51,040 --> 00:08:54,880
growing over the last year, so it's very interesting.

159
00:08:54,880 --> 00:08:59,840
Another topic you are, say, famous for is it's,

160
00:08:59,840 --> 00:09:03,280
yeah, zero trust, principals.

161
00:09:04,280 --> 00:09:08,280
Now, what is the, yeah, what is the story

162
00:09:08,280 --> 00:09:13,200
or the meaning behind the marketing,

163
00:09:13,200 --> 00:09:14,520
basamer, zero trust?

164
00:09:14,520 --> 00:09:18,080
What does it really mean, especially from Microsoft side?

165
00:09:18,080 --> 00:09:22,280
- Well, zero trust has three main principles

166
00:09:22,280 --> 00:09:24,520
that are attached to it and that is,

167
00:09:24,520 --> 00:09:30,960
verify explicitly, so that ties into things like

168
00:09:32,520 --> 00:09:35,200
multifactor authentication and ensuring that you're

169
00:09:35,200 --> 00:09:40,200
authenticating a safe and two factor methodology.

170
00:09:40,200 --> 00:09:41,880
So, that is crucial.

171
00:09:41,880 --> 00:09:44,640
That's one of the three principles.

172
00:09:44,640 --> 00:09:49,640
The other is to use the principle of least privilege,

173
00:09:49,640 --> 00:09:53,480
so only use the permissions that you actually need

174
00:09:53,480 --> 00:09:54,640
at any given time.

175
00:09:54,640 --> 00:09:57,880
Don't have global admins or other admin roles

176
00:09:57,880 --> 00:10:01,560
assigned permanently, use things like privilege information.

177
00:10:02,560 --> 00:10:07,400
Management to have these roles activated

178
00:10:07,400 --> 00:10:09,320
on a just in time basis.

179
00:10:09,320 --> 00:10:11,720
And the other principle, the third and final one is assume breach,

180
00:10:11,720 --> 00:10:14,080
always assume breach.

181
00:10:14,080 --> 00:10:17,880
- I mean, because it's usually a case of when,

182
00:10:17,880 --> 00:10:21,480
not if you will, you will be breached in any organization

183
00:10:21,480 --> 00:10:25,120
and many companies make the mistake of thinking,

184
00:10:25,120 --> 00:10:27,840
well, especially in the SMB market,

185
00:10:27,840 --> 00:10:30,480
that I'm too small, why would anyone attack me?

186
00:10:30,480 --> 00:10:33,880
And that's completely inaccurate.

187
00:10:33,880 --> 00:10:36,800
The attackers, the bad guys, they don't discriminate

188
00:10:36,800 --> 00:10:40,040
about who they think they can make money from.

189
00:10:40,040 --> 00:10:42,760
Why, yeah, putting nasty stuff in there that makes you have

190
00:10:42,760 --> 00:10:44,120
to pay ransom, for example.

191
00:10:44,120 --> 00:10:49,120
So, zero trust is a great framework to adopt

192
00:10:49,120 --> 00:10:52,760
when you are putting all of your content out there

193
00:10:52,760 --> 00:10:55,560
in the cloud, specifically in the Microsoft 365

194
00:10:55,560 --> 00:10:56,880
and Azure clouds that are out there.

195
00:10:56,880 --> 00:11:00,360
Because in the old days, when everything was on premises,

196
00:11:00,360 --> 00:11:02,120
we had firewalls wrapped around that

197
00:11:02,120 --> 00:11:04,000
and there were things we can apply in the cloud

198
00:11:04,000 --> 00:11:05,440
of things like conditional access

199
00:11:05,440 --> 00:11:09,040
and all of the sorts of great tools across purview

200
00:11:09,040 --> 00:11:12,880
and enter and defender, but it's a bit,

201
00:11:12,880 --> 00:11:17,040
it's a different methodology to put protection around what's out there

202
00:11:17,040 --> 00:11:19,120
in the cloud than it was on premises.

203
00:11:19,120 --> 00:11:23,400
And for a long time, people didn't quite get that.

204
00:11:23,400 --> 00:11:27,920
And zero trust is a really good way to help people

205
00:11:27,920 --> 00:11:32,920
protect themselves along with the principles of defense

206
00:11:32,920 --> 00:11:35,240
in depth as well, which is something I'm very passionate

207
00:11:35,240 --> 00:11:36,080
about also.

208
00:11:36,080 --> 00:11:41,360
And what can be, you say, some companies don't think

209
00:11:41,360 --> 00:11:45,120
about the topics, zero trust, but how can they start

210
00:11:45,120 --> 00:11:48,120
their journey into zero trust?

211
00:11:48,120 --> 00:11:53,320
I think they have to open their eyes a little bit.

212
00:11:53,320 --> 00:11:57,240
A lot of organizations that you talk to still have

213
00:11:57,240 --> 00:12:00,720
a little bit of a head in the sand mentality towards it.

214
00:12:00,720 --> 00:12:02,960
I was speaking to a customer just a few weeks ago

215
00:12:02,960 --> 00:12:07,480
who actually he said something that horrified me.

216
00:12:07,480 --> 00:12:09,320
He said ignorance is bliss.

217
00:12:09,320 --> 00:12:11,680
And I thought, no, absolutely not.

218
00:12:11,680 --> 00:12:15,360
You need to know what is threatening your data

219
00:12:15,360 --> 00:12:18,000
and your organization and your reputation.

220
00:12:18,000 --> 00:12:22,320
So the first step is understanding and awareness

221
00:12:22,320 --> 00:12:24,120
they need to appreciate that the some of them

222
00:12:24,120 --> 00:12:29,120
they have to do to protect their intellectual property

223
00:12:29,120 --> 00:12:33,640
because it's easy to think that won't happen to me,

224
00:12:33,640 --> 00:12:36,760
but when it does, then they've got to do something about it.

225
00:12:36,760 --> 00:12:40,200
And quite often, they end up a lot of companies

226
00:12:40,200 --> 00:12:43,880
and are paying ransoms because they need to get their data back.

227
00:12:43,880 --> 00:12:47,040
There's no guarantee that the bad guys will give it to them.

228
00:12:47,040 --> 00:12:50,040
But it's the only way they're going to get it in a lot of cases,

229
00:12:50,040 --> 00:12:53,400
especially if they don't have any form of backup

230
00:12:53,400 --> 00:12:55,280
and contingencies in place.

231
00:12:55,280 --> 00:13:00,280
So awareness, taking steps and defending in depth as well,

232
00:13:00,280 --> 00:13:05,400
protecting all of your attack services

233
00:13:05,400 --> 00:13:09,720
and being mindful that the attackers will always take

234
00:13:09,720 --> 00:13:11,240
the path of least resistance.

235
00:13:11,240 --> 00:13:15,440
So defense in depth, defense in depth, and defense in depth again.

236
00:13:15,440 --> 00:13:22,960
I think a lot of companies think when they made Star Wars Zero Trust

237
00:13:22,960 --> 00:13:28,360
or think about cybersecurity, they say it's an IT thing

238
00:13:28,360 --> 00:13:29,840
from the IT department.

239
00:13:29,840 --> 00:13:36,280
How will you help the IT or your partners to understand

240
00:13:36,280 --> 00:13:44,760
I will say that's become everybody's problem security.

241
00:13:44,760 --> 00:13:49,520
- Very much so, yeah.

242
00:13:49,520 --> 00:13:52,320
And you're right, it isn't everyone problem.

243
00:13:53,280 --> 00:13:56,400
And I prefer to see it in more positive terms, actually.

244
00:13:56,400 --> 00:13:58,680
I like to think if it is an everyone opportunity

245
00:13:58,680 --> 00:13:59,600
rather than a problem.

246
00:13:59,600 --> 00:14:02,000
I mean, it is a problem, right?

247
00:14:02,000 --> 00:14:06,480
But there are opportunities there to educate everyone

248
00:14:06,480 --> 00:14:13,480
in an organization from the CEO to people on warehouse factory floors,

249
00:14:13,480 --> 00:14:17,440
picking things with laser guns from warehouses and shipping product.

250
00:14:17,440 --> 00:14:21,440
Everyone needs to have an appreciation of keeping themselves safe

251
00:14:21,440 --> 00:14:23,600
and protecting themselves from attacks.

252
00:14:23,600 --> 00:14:27,640
So, and our partners here at Microsoft,

253
00:14:27,640 --> 00:14:30,880
we have some amazing partners in the ecosystem

254
00:14:30,880 --> 00:14:33,960
who can help our customers with those stories

255
00:14:33,960 --> 00:14:38,760
to build out roadmaps and migration paths

256
00:14:38,760 --> 00:14:41,880
and that sort of thing to get the customers

257
00:14:41,880 --> 00:14:46,440
from where they are now to their desired end state

258
00:14:46,440 --> 00:14:49,400
and in a state which is going to help them sleep better at night

259
00:14:49,400 --> 00:14:52,040
because there are some scary things that can happen to them

260
00:14:52,040 --> 00:14:54,200
before they go on these journeys at times.

261
00:14:54,200 --> 00:14:59,840
So, working with the customers, these partners can guide them

262
00:14:59,840 --> 00:15:02,400
on not only the technology,

263
00:15:02,400 --> 00:15:04,720
but also the project management

264
00:15:04,720 --> 00:15:08,320
and the adoption and change principles as well.

265
00:15:08,320 --> 00:15:12,040
And I can't ever understate how important things like that

266
00:15:12,040 --> 00:15:15,720
are adoption and change management in any organization

267
00:15:15,720 --> 00:15:17,960
when you're doing a big rollout of something like this

268
00:15:17,960 --> 00:15:22,960
is crucial because at the end of the day the users need to understand

269
00:15:22,960 --> 00:15:25,200
what is happening, when it's happening,

270
00:15:25,200 --> 00:15:29,440
why it's happening, what the impact on their jobs will be,

271
00:15:29,440 --> 00:15:30,920
how they can use it.

272
00:15:30,920 --> 00:15:33,440
So, and if you don't have these things in mind,

273
00:15:33,440 --> 00:15:37,840
then it's setting yourself up for failure before you even start.

274
00:15:37,840 --> 00:15:42,120
So, massive opportunity, I think, to do things secure

275
00:15:42,120 --> 00:15:43,360
and in the right way.

276
00:15:43,360 --> 00:15:45,760
I think there was a quote,

277
00:15:45,760 --> 00:15:49,640
"It's not under person perfect" by the someone says,

278
00:15:49,640 --> 00:15:55,600
"Cybersicurity expensive, no cybersecurity is more expensive."

279
00:15:55,600 --> 00:15:57,000
I think something like this.

280
00:15:57,000 --> 00:15:59,600
Yeah, yeah.

281
00:15:59,600 --> 00:16:02,120
And what's more expensive,

282
00:16:02,120 --> 00:16:04,680
though putting goods of cybersecurity in place

283
00:16:04,680 --> 00:16:09,680
or recovering from a nasty attack that you haven't prepared for?

284
00:16:09,680 --> 00:16:12,960
And there are many statistics out there

285
00:16:12,960 --> 00:16:15,040
in terms of the average cost of recovering

286
00:16:15,040 --> 00:16:16,360
from a cyber attack.

287
00:16:16,360 --> 00:16:19,720
My brain, which doesn't process numbers very well,

288
00:16:19,720 --> 00:16:20,920
can't remember exact figures,

289
00:16:20,920 --> 00:16:23,640
but there are some good statistics out there at the cost

290
00:16:23,640 --> 00:16:25,640
and the damage it causes our organizations

291
00:16:25,640 --> 00:16:29,040
who don't prepare themselves for that sort of thing.

292
00:16:29,040 --> 00:16:32,120
Yeah, and I think it's not only the financial cost,

293
00:16:32,120 --> 00:16:33,760
there's also the,

294
00:16:33,760 --> 00:16:38,800
I think the customer, they believe in any company,

295
00:16:38,800 --> 00:16:40,880
that in a trust, I think,

296
00:16:40,880 --> 00:16:45,880
that's also, you cannot say really money, how risky this is.

297
00:16:45,880 --> 00:16:49,840
But then, yeah, there's one thing,

298
00:16:49,840 --> 00:16:52,040
yeah, either in your favorite rule.

299
00:16:52,040 --> 00:16:55,240
This is Microsoft View View.

300
00:16:55,240 --> 00:16:59,920
For listener, they're unfamiliar with view of you.

301
00:16:59,920 --> 00:17:02,760
How would you explain it in simple terms

302
00:17:02,760 --> 00:17:07,440
and what which rule plays it in your trust?

303
00:17:07,440 --> 00:17:09,480
Oh, wow.

304
00:17:09,480 --> 00:17:12,520
Okay, so if you think of, before I answer fully,

305
00:17:12,520 --> 00:17:16,160
if you think of Microsoft 365 in terms of security,

306
00:17:16,160 --> 00:17:18,000
compliance and identity,

307
00:17:18,000 --> 00:17:23,000
I was described it as security equals the defender products.

308
00:17:23,000 --> 00:17:26,760
Identity equals the intro products,

309
00:17:26,760 --> 00:17:29,200
but an compliance equals the purview products

310
00:17:29,200 --> 00:17:33,960
and compliance ties in very much to the data

311
00:17:33,960 --> 00:17:36,280
that organizations have and how they protect it

312
00:17:36,280 --> 00:17:37,600
and how they govern it

313
00:17:37,600 --> 00:17:42,080
and how they apply lifecycle management principles to it.

314
00:17:42,080 --> 00:17:45,080
So purview is all about data

315
00:17:45,080 --> 00:17:49,880
and there are three core features in my view

316
00:17:49,880 --> 00:17:52,560
within Microsoft purview that everyone,

317
00:17:52,560 --> 00:17:54,360
if you're doing nothing else with purview,

318
00:17:54,360 --> 00:17:56,440
then these are the things you should be doing.

319
00:17:56,440 --> 00:17:58,440
Number one is sensitivity labels

320
00:17:58,440 --> 00:18:03,160
to apply label classification to documents

321
00:18:03,160 --> 00:18:05,960
and other things, a SharePoint sites and teams

322
00:18:05,960 --> 00:18:10,960
and whatnot and encryption also, content marking,

323
00:18:10,960 --> 00:18:16,960
that sort of thing and different levels of protection.

324
00:18:16,960 --> 00:18:19,320
So the document is classified, it's labeled

325
00:18:19,320 --> 00:18:22,360
and for example, in the world of co-pilot,

326
00:18:22,360 --> 00:18:25,520
if you ask co-pilot to look at one of these documents

327
00:18:25,520 --> 00:18:28,800
and it has a very, very sensitive, confidential label on it,

328
00:18:28,800 --> 00:18:30,920
co-pilot will know to respect that

329
00:18:30,920 --> 00:18:33,480
and can't accidentally do things

330
00:18:33,480 --> 00:18:35,560
it shouldn't be doing with that document.

331
00:18:35,560 --> 00:18:37,800
So that's number one, the sensitivity labels.

332
00:18:37,800 --> 00:18:40,760
The second one is DLP, data loss prevention,

333
00:18:40,760 --> 00:18:45,760
which helps prevent data, information, files,

334
00:18:45,760 --> 00:18:49,280
emails being accidentally leaked

335
00:18:49,280 --> 00:18:53,120
outside the organization inadvertently

336
00:18:53,120 --> 00:18:55,920
and that ties to the sort of sensitive information

337
00:18:55,920 --> 00:18:58,240
that is contained in that data,

338
00:18:58,240 --> 00:19:00,000
things like credit card information

339
00:19:00,000 --> 00:19:03,480
or personal information, medical, financial,

340
00:19:03,480 --> 00:19:04,520
that sort of thing.

341
00:19:04,520 --> 00:19:06,960
And there are many, many standards baked into

342
00:19:06,960 --> 00:19:10,200
and compliance regulations baked into purview

343
00:19:10,200 --> 00:19:14,080
that DLP can link to somebody in as a credit card,

344
00:19:14,080 --> 00:19:16,360
number in a email or a document

345
00:19:16,360 --> 00:19:19,320
that should match a DLP policy that recognizes that

346
00:19:19,320 --> 00:19:21,400
and gives the user a tip to say,

347
00:19:21,400 --> 00:19:24,880
well, depending how restrictive the policy is,

348
00:19:24,880 --> 00:19:27,000
it'll say, "Oh, you might not wanna do this,"

349
00:19:27,000 --> 00:19:27,840
so you sure?

350
00:19:27,840 --> 00:19:30,360
Or depending on the level of risk

351
00:19:30,360 --> 00:19:33,080
that the organization is willing to accept or not,

352
00:19:33,080 --> 00:19:34,680
you can totally block that, it'll say,

353
00:19:34,680 --> 00:19:36,480
sorry, you can't even send the email

354
00:19:36,480 --> 00:19:38,800
'cause it has this data in it.

355
00:19:38,800 --> 00:19:40,760
And then finally, the last core feature

356
00:19:40,760 --> 00:19:44,480
that I would describe is data lifecycle management

357
00:19:44,480 --> 00:19:46,960
which comes down to retention,

358
00:19:46,960 --> 00:19:49,680
how long you keep the data in your organization.

359
00:19:49,680 --> 00:19:54,680
And this is a big area of lack of education

360
00:19:54,680 --> 00:19:56,800
for many organizations, they don't really know

361
00:19:56,800 --> 00:19:59,280
how long they should be keeping the data,

362
00:19:59,280 --> 00:20:02,520
many organizations will make the biggest mistake possible

363
00:20:02,520 --> 00:20:05,040
and say, "Well, just to be safe, we'll retain everything forever,"

364
00:20:05,040 --> 00:20:07,080
which is completely the opposite approach

365
00:20:07,080 --> 00:20:08,440
that they need to do.

366
00:20:08,440 --> 00:20:10,160
They need to be only retaining data

367
00:20:10,160 --> 00:20:14,560
for as long as they are required to do so,

368
00:20:14,560 --> 00:20:17,400
depending on the particular regulations

369
00:20:17,400 --> 00:20:21,520
that apply to them as an organization or a country

370
00:20:21,520 --> 00:20:24,920
or European Union, GDPR, that sort of thing,

371
00:20:24,920 --> 00:20:27,480
HIPAA in the United States.

372
00:20:27,480 --> 00:20:31,080
So these are the three things that are,

373
00:20:31,080 --> 00:20:32,520
if you do nothing else, do these.

374
00:20:32,520 --> 00:20:36,240
But then there's wider features which help you discover

375
00:20:36,240 --> 00:20:41,240
data in investigations and legal cases like e-discovery,

376
00:20:41,240 --> 00:20:43,640
there are strong auditing capabilities,

377
00:20:43,640 --> 00:20:47,000
there are features like insider risk management

378
00:20:47,000 --> 00:20:52,000
to detect theft from departing users as an example,

379
00:20:52,000 --> 00:20:57,520
communication compliance, to detect inappropriate behavior

380
00:20:57,520 --> 00:21:00,040
in the workplace, threatening behavior,

381
00:21:00,040 --> 00:21:01,960
inappropriate language or harassment,

382
00:21:01,960 --> 00:21:03,680
that sort of thing.

383
00:21:03,680 --> 00:21:07,680
Perv, you have so much in it that people really don't understand

384
00:21:07,680 --> 00:21:10,280
that it can do so much and it's just getting better

385
00:21:10,280 --> 00:21:11,320
and better and all the time.

386
00:21:11,320 --> 00:21:15,040
And it's so relevant right now because of that AI landscape

387
00:21:15,040 --> 00:21:16,760
that we have in front of us right now.

388
00:21:16,760 --> 00:21:21,360
- I am a forward champion in the future or today.

389
00:21:21,360 --> 00:21:24,960
What, or how have you seen POV you has evolved

390
00:21:24,960 --> 00:21:26,600
over the last few years?

391
00:21:26,600 --> 00:21:29,560
- Oh, massively.

392
00:21:29,560 --> 00:21:33,400
I mean, I remember the first time that I became aware

393
00:21:33,400 --> 00:21:37,040
of what purview would become and how it would develop

394
00:21:37,040 --> 00:21:39,840
with the first thing I used was sensitivity labels.

395
00:21:39,840 --> 00:21:44,680
And I think if, from memory, I think we were talking about

396
00:21:44,680 --> 00:21:46,440
the late 20,

397
00:21:46,440 --> 00:21:50,840
late 20 teens for lack of a better word.

398
00:21:50,840 --> 00:21:54,520
Maybe around 2016, 2017 was when I first became aware

399
00:21:54,520 --> 00:21:58,000
of what we can now call sensitivity labels

400
00:21:58,000 --> 00:22:00,440
which was broadly known at that time

401
00:22:00,440 --> 00:22:02,240
as Azure information protection.

402
00:22:02,240 --> 00:22:05,920
And the term purview was a collective place

403
00:22:05,920 --> 00:22:07,120
for all these things to live.

404
00:22:07,120 --> 00:22:08,480
I didn't exist at that point.

405
00:22:08,480 --> 00:22:10,520
It was just as this is Azure information protection

406
00:22:10,520 --> 00:22:12,160
where you can apply these labels.

407
00:22:12,160 --> 00:22:14,160
DLP was around still,

408
00:22:14,160 --> 00:22:16,760
but that lived in Microsoft Exchange at the time.

409
00:22:16,760 --> 00:22:20,840
So if I think back to those times where the retention

410
00:22:20,840 --> 00:22:24,080
also lived in Exchange, DLP lived in Exchange,

411
00:22:24,080 --> 00:22:25,960
labeling was in Azure.

412
00:22:25,960 --> 00:22:28,720
This was the real beginning of what purview would become.

413
00:22:28,720 --> 00:22:31,720
And over the years, more has been added,

414
00:22:31,720 --> 00:22:35,640
more capabilities, e-discovery has become richer

415
00:22:35,640 --> 00:22:37,800
and more capable.

416
00:22:37,800 --> 00:22:41,960
The Azure side of what purview can do has developed massively

417
00:22:41,960 --> 00:22:46,240
and now is unified in a single purview

418
00:22:46,240 --> 00:22:50,400
compliance center or admin center.

419
00:22:50,400 --> 00:22:53,080
So the change is very measurable.

420
00:22:53,080 --> 00:22:55,840
It's very, very much night and day.

421
00:22:55,840 --> 00:22:57,800
If I think about those times where it is now

422
00:22:57,800 --> 00:23:01,720
so much has been improved and introduced.

423
00:23:01,720 --> 00:23:07,000
Is there impure view one capability that you see

424
00:23:07,000 --> 00:23:08,640
currently most underrated?

425
00:23:08,640 --> 00:23:14,120
Yes, one or two, I would say,

426
00:23:14,120 --> 00:23:16,840
I would say despite the awareness of it increasing

427
00:23:16,840 --> 00:23:18,440
in the last couple of years,

428
00:23:18,440 --> 00:23:21,400
I still do think that more and more organizations

429
00:23:21,400 --> 00:23:23,680
do need to be thinking about using inside

430
00:23:23,680 --> 00:23:25,640
a risk management because it is a very, very

431
00:23:25,640 --> 00:23:30,240
powerful and a very, very good way of protecting yourself

432
00:23:30,240 --> 00:23:35,240
against malicious or unwitting insider risks.

433
00:23:35,240 --> 00:23:40,720
I do also think that all of it is a bit more niche

434
00:23:40,720 --> 00:23:42,480
that the use case is for it.

435
00:23:42,480 --> 00:23:46,480
I think e-discovery is very, very misunderstood

436
00:23:46,480 --> 00:23:48,600
and not very well known or appreciated.

437
00:23:48,600 --> 00:23:52,560
There is so much it can do for, I mean,

438
00:23:52,560 --> 00:23:57,560
no organization wants to have to do these investigations

439
00:23:57,560 --> 00:24:00,880
legally or internally or but then necessary.

440
00:24:00,880 --> 00:24:04,680
And it's a very powerful tool which can surface

441
00:24:04,680 --> 00:24:08,520
a lot of information and filter it and redact it,

442
00:24:08,520 --> 00:24:12,000
export it and do all sorts of stuff with that data

443
00:24:12,000 --> 00:24:16,360
that is sadly required in the world that we work in.

444
00:24:16,360 --> 00:24:22,360
So I would say those are very much underappreciated

445
00:24:22,360 --> 00:24:27,360
and one of the emerging ones would be probably data,

446
00:24:27,360 --> 00:24:30,640
catalog data mapping is very powerful,

447
00:24:30,640 --> 00:24:34,240
not much use of that that I've seen in the wild so far.

448
00:24:34,240 --> 00:24:39,400
And yeah, those would be my examples.

449
00:24:39,400 --> 00:24:44,760
- Yeah, I think it also can play a huge role in chat MIT.

450
00:24:44,760 --> 00:24:47,600
- Oh yeah.

451
00:24:47,600 --> 00:24:50,680
- So I think that it's really,

452
00:24:50,680 --> 00:24:53,040
it's a really cool tool.

453
00:24:53,040 --> 00:24:58,280
At first, I started four years in data science

454
00:24:58,280 --> 00:25:00,800
and I was not so happy.

455
00:25:00,800 --> 00:25:05,240
But yeah, as larger, it's such a cool way.

456
00:25:05,240 --> 00:25:09,760
So we have, I think, a topic

457
00:25:09,760 --> 00:25:13,520
what's underrated and special appeal you can help

458
00:25:13,520 --> 00:25:15,360
is the data classification.

459
00:25:15,360 --> 00:25:19,240
Why is it become more important

460
00:25:19,240 --> 00:25:22,560
than, yeah, since we have or when companies

461
00:25:22,560 --> 00:25:24,320
both start with deploying AI?

462
00:25:24,320 --> 00:25:30,760
- Oh, because with AI, if you don't have those things in place,

463
00:25:30,760 --> 00:25:36,240
imagine just how much sensitive information could be leaked

464
00:25:36,240 --> 00:25:36,920
out there.

465
00:25:36,920 --> 00:25:42,520
I mean, once if co-pilot is able to access things

466
00:25:42,520 --> 00:25:44,400
based on the permissions that you put in place

467
00:25:44,400 --> 00:25:47,680
across Entra, Defender and Pervue,

468
00:25:47,680 --> 00:25:50,120
so if those are not set up correctly,

469
00:25:50,120 --> 00:25:55,120
then it can potentially share content outside the organization

470
00:25:55,120 --> 00:25:57,920
and once that's done, it's out there.

471
00:25:57,920 --> 00:25:59,160
There's no bringing it back.

472
00:25:59,160 --> 00:26:02,560
The toothpaste is left that you was as the saying goes

473
00:26:02,560 --> 00:26:04,760
and you can't shove it back inside.

474
00:26:04,760 --> 00:26:09,760
So it's absolutely crucial to have that taxonomy

475
00:26:09,760 --> 00:26:14,040
and classify things correctly

476
00:26:14,040 --> 00:26:17,920
and use those labels, use DLP

477
00:26:17,920 --> 00:26:21,440
and ensure that you have good visibility of it

478
00:26:21,440 --> 00:26:25,480
through activity explorers and DSPM, data security,

479
00:26:25,480 --> 00:26:28,600
posture management that is, which is a great,

480
00:26:28,600 --> 00:26:30,840
fairly recent feature within Pervue.

481
00:26:30,840 --> 00:26:34,080
I mean, it's probably been around a good couple of years now,

482
00:26:34,080 --> 00:26:36,600
at least, and has changed so much in that time,

483
00:26:36,600 --> 00:26:39,480
but so powerful.

484
00:26:39,480 --> 00:26:42,920
So I think it's massively, massively important.

485
00:26:42,920 --> 00:26:44,760
And thankfully, most organizations are starting

486
00:26:44,760 --> 00:26:46,920
to understand this that they need to do

487
00:26:46,920 --> 00:26:49,440
these things to protect themselves in this world of AI.

488
00:26:49,440 --> 00:26:52,160
- Yeah, that is awesome.

489
00:26:52,160 --> 00:26:56,920
I think, yeah, that's critical to all

490
00:26:56,920 --> 00:26:59,440
and I also see a lot of companies, they say,

491
00:26:59,440 --> 00:27:03,040
"Oh, we have a, I don't know, a SharePoint admin center

492
00:27:03,040 --> 00:27:06,440
"and we feel safe, but yeah, Pervue,

493
00:27:06,440 --> 00:27:09,280
"you give you a really cool overview,

494
00:27:09,280 --> 00:27:12,840
"especially in the day, I think this is such a cool feature,

495
00:27:12,840 --> 00:27:16,680
"and it is, let's jump in a little bit

496
00:27:16,680 --> 00:27:19,680
"in co-pilot AI and governance."

497
00:27:19,680 --> 00:27:24,680
So, yeah, I think actually everyone's try,

498
00:27:24,680 --> 00:27:27,400
like to try our co-pilot.

499
00:27:27,400 --> 00:27:32,400
Why should they also care about governance before they start?

500
00:27:32,400 --> 00:27:40,080
- Well, the similar reasons, I mean, co-pilot can only do

501
00:27:40,480 --> 00:27:45,480
with what it can access, how well that data is governed.

502
00:27:45,480 --> 00:27:50,680
So, if that data is not appropriately governed

503
00:27:50,680 --> 00:27:53,840
and co-pilot's surf is able to see it,

504
00:27:53,840 --> 00:27:56,800
and interrogate it and share it most importantly,

505
00:27:56,800 --> 00:27:59,920
then that is a risk.

506
00:27:59,920 --> 00:28:03,920
That is definitely something that is a risky situation

507
00:28:03,920 --> 00:28:07,400
for any organization and should be addressed.

508
00:28:07,400 --> 00:28:12,400
So, the penalties for not complying with regulations

509
00:28:12,400 --> 00:28:19,880
in different regions of the world can be very, very severe

510
00:28:19,880 --> 00:28:24,280
and organizations do need to take note of that,

511
00:28:24,280 --> 00:28:29,280
fines and in some cases, even prison sentences,

512
00:28:29,280 --> 00:28:34,880
depending on who is deemed responsible for that situation.

513
00:28:35,120 --> 00:28:39,840
So, chief information security officers or chief information officers,

514
00:28:39,840 --> 00:28:43,160
they definitely have to be very mindful of these sort of things.

515
00:28:43,160 --> 00:28:45,920
Co-pilot is so powerful.

516
00:28:45,920 --> 00:28:49,360
AI in general is so powerful,

517
00:28:49,360 --> 00:28:54,360
and the governance needs to be very, very diligently considered

518
00:28:54,360 --> 00:28:58,200
in order to avoid having these sort of situations where

519
00:28:58,200 --> 00:29:03,200
what it can access has those proper guard rails and controls

520
00:29:03,200 --> 00:29:08,200
and is very carefully measured against these frameworks

521
00:29:08,200 --> 00:29:10,360
that are out there.

522
00:29:10,360 --> 00:29:13,440
Yeah, I think we have especially when we talk

523
00:29:13,440 --> 00:29:15,880
about oversharing or data oversharing,

524
00:29:15,880 --> 00:29:19,200
there are huge parties out there.

525
00:29:19,200 --> 00:29:22,840
The one oversharing is a co-pilot problem,

526
00:29:22,840 --> 00:29:25,360
and the other day it's a data governance problem.

527
00:29:25,360 --> 00:29:27,040
What would you say?

528
00:29:29,680 --> 00:29:34,680
I would say that in an ideal world,

529
00:29:34,680 --> 00:29:38,560
it should be considered as a data,

530
00:29:38,560 --> 00:29:41,680
I don't like the word problem,

531
00:29:41,680 --> 00:29:45,120
but a data opportunity is the way I would describe it.

532
00:29:45,120 --> 00:29:47,320
And that for me is where you should always start

533
00:29:47,320 --> 00:29:52,320
because the data itself is where you can apply the controls.

534
00:29:52,320 --> 00:29:59,240
Co-pilot is only as powerful as the data it's able to access

535
00:29:59,240 --> 00:30:00,240
and share.

536
00:30:00,240 --> 00:30:03,320
So if the data is appropriately controlled

537
00:30:03,320 --> 00:30:05,880
and governed and permissioned and protected,

538
00:30:05,880 --> 00:30:10,880
then co-pilot is less of a risk than if it were not.

539
00:30:10,880 --> 00:30:16,880
So always think of protecting things in depth,

540
00:30:16,880 --> 00:30:20,880
defense in depth, co-pilot itself has very little

541
00:30:20,880 --> 00:30:25,560
influence of those sort of protection settings.

542
00:30:25,560 --> 00:30:29,240
Agents are a bit different. I mean, Agents 365,

543
00:30:29,240 --> 00:30:34,240
you can do a lot within the Agents 365 registry

544
00:30:34,240 --> 00:30:37,800
of agents in the Microsoft 365 Admin Center.

545
00:30:37,800 --> 00:30:40,320
There are lots of controls you can put in place there,

546
00:30:40,320 --> 00:30:44,680
which are complemented by purview and intra as an example,

547
00:30:44,680 --> 00:30:48,320
but co-pilot, I think you have to be very, very careful

548
00:30:48,320 --> 00:30:52,160
and make sure the data is addressed first.

549
00:30:53,600 --> 00:30:57,080
And what, what, thank you, how can organization just cover

550
00:30:57,080 --> 00:31:00,560
oversharing before they deploy AI co-pilot?

551
00:31:00,560 --> 00:31:04,600
Yeah, I mean, one thing they can do is they can look

552
00:31:04,600 --> 00:31:07,840
at the SharePoint Advanced Management Capabilities.

553
00:31:07,840 --> 00:31:09,640
That's one thing that they can start with,

554
00:31:09,640 --> 00:31:12,800
which can often be very easily overlooked,

555
00:31:12,800 --> 00:31:17,000
but they should also be looking into understanding

556
00:31:17,000 --> 00:31:19,120
where their data is.

557
00:31:19,120 --> 00:31:20,080
Is it on premises?

558
00:31:20,080 --> 00:31:21,680
Is it in the cloud?

559
00:31:21,680 --> 00:31:23,360
Is it a mixture of both?

560
00:31:23,360 --> 00:31:29,640
Depending where it is, certain apps, shadow IT,

561
00:31:29,640 --> 00:31:31,920
may or may not be able to access that data.

562
00:31:31,920 --> 00:31:34,680
So you have to think about things like

563
00:31:34,680 --> 00:31:38,560
Defend of a cloud apps as an example to control

564
00:31:38,560 --> 00:31:41,400
which of those apps are sanctioned or otherwise,

565
00:31:41,400 --> 00:31:46,240
which apps users can use to access and use that data.

566
00:31:46,240 --> 00:31:49,960
So it's massively important.

567
00:31:49,960 --> 00:31:50,800
It really is.

568
00:31:50,800 --> 00:31:54,960
And I come back to this motto, this phrase of defense in depth,

569
00:31:54,960 --> 00:32:02,960
and that's a really important thing to think of,

570
00:32:02,960 --> 00:32:07,040
alongside zero trust, it's all well and good

571
00:32:07,040 --> 00:32:11,320
to have labels configured well in purview

572
00:32:11,320 --> 00:32:14,720
or DLP policies configured, but if your identity

573
00:32:14,720 --> 00:32:16,280
is not appropriately protected,

574
00:32:16,280 --> 00:32:18,440
then you're wasting your time, really,

575
00:32:18,440 --> 00:32:20,440
because your front door is wide open.

576
00:32:20,440 --> 00:32:24,720
So defending in depth is the biggest opportunity

577
00:32:24,720 --> 00:32:28,080
that organizations have to diligently protect themselves

578
00:32:28,080 --> 00:32:29,240
as best as possible.

579
00:32:29,240 --> 00:32:35,840
I see we have label now everything when AI also,

580
00:32:35,840 --> 00:32:41,200
you can buy a monitor that's labeled AI,

581
00:32:41,200 --> 00:32:43,240
but especially in enterprise software.

582
00:32:43,240 --> 00:32:47,520
There it's, I see, that's what I've found a little bit,

583
00:32:47,520 --> 00:32:49,160
yeah, crazy.

584
00:32:49,160 --> 00:32:53,880
It's, they call it responsible AI tool.

585
00:32:53,880 --> 00:32:58,040
So what does responsibility, I mean,

586
00:32:58,040 --> 00:33:02,320
and is it really a tool that can,

587
00:33:02,320 --> 00:33:06,520
it's responsible AI, or it's more the humans

588
00:33:06,520 --> 00:33:08,680
or the carbon coming.

589
00:33:08,680 --> 00:33:11,440
It's a team thing, it's a team sport,

590
00:33:11,440 --> 00:33:13,040
as the saying is often applied.

591
00:33:13,040 --> 00:33:15,560
I mean, ultimately, I think it still comes down

592
00:33:15,560 --> 00:33:20,120
to the responsibility is, with the organization

593
00:33:20,120 --> 00:33:23,880
protecting their data and configuring them out correctly.

594
00:33:23,880 --> 00:33:28,880
However, I would also think that it's the responsibility

595
00:33:28,880 --> 00:33:33,880
ethically and legally and morally of the AI providers

596
00:33:33,880 --> 00:33:37,800
to make sure that their platforms are

597
00:33:37,800 --> 00:33:40,000
appropriately configured as well.

598
00:33:40,000 --> 00:33:43,400
So there's a duty of care on their part.

599
00:33:44,520 --> 00:33:48,560
And the humans are probably the weakest element

600
00:33:48,560 --> 00:33:51,520
in the equation because they are the most prone

601
00:33:51,520 --> 00:33:54,560
to mistakes, human error.

602
00:33:54,560 --> 00:33:59,560
So this is where training and development, education

603
00:33:59,560 --> 00:34:04,320
of those humans and good change control processes

604
00:34:04,320 --> 00:34:07,000
and adoption processes are key.

605
00:34:07,000 --> 00:34:09,960
So I would think of these things as all

606
00:34:09,960 --> 00:34:12,200
complementing to the whole story,

607
00:34:12,200 --> 00:34:15,000
again, defending in depth, thinking about the people,

608
00:34:15,000 --> 00:34:18,040
thinking about the platform and thinking about the data,

609
00:34:18,040 --> 00:34:21,200
don't think of any one of those things individually

610
00:34:21,200 --> 00:34:23,880
because you're setting yourself up for failure,

611
00:34:23,880 --> 00:34:26,480
consider all of those things and defend in depth.

612
00:34:26,480 --> 00:34:31,240
- Yeah, I think, yeah, that's really,

613
00:34:31,240 --> 00:34:35,320
yeah, it's really interesting and important topic.

614
00:34:35,320 --> 00:34:39,680
And yeah, I think, I don't know, I just describe it.

615
00:34:39,680 --> 00:34:43,760
I think often, yeah, we have this IT problem, it's an IT topic,

616
00:34:43,760 --> 00:34:45,640
but yeah, I think that's cool.

617
00:34:45,640 --> 00:34:50,640
But when we say, well, the company day,

618
00:34:50,640 --> 00:34:54,680
they will start with the eye deployment,

619
00:34:54,680 --> 00:34:57,160
what policies should exist?

620
00:34:57,160 --> 00:35:04,320
- The first thing I would say is an apologies

621
00:35:04,320 --> 00:35:07,160
as my threats syndrome seems to be particularly bad today

622
00:35:07,160 --> 00:35:09,000
and I'm very open about that.

623
00:35:09,000 --> 00:35:12,080
So if you notice in my head twitching, that's what it is.

624
00:35:12,080 --> 00:35:17,080
But AI policies to start off with,

625
00:35:17,080 --> 00:35:23,000
I would say that definitely think about the oversharing

626
00:35:23,000 --> 00:35:29,280
as the first thing because it's almost impossible

627
00:35:29,280 --> 00:35:35,240
once something has been leaked out there to reclaim that.

628
00:35:35,240 --> 00:35:37,120
It's practically impossible.

629
00:35:37,120 --> 00:35:42,120
So think about what the AI is capable of doing,

630
00:35:42,120 --> 00:35:46,440
what it can and can't do, what it can and can't share

631
00:35:46,440 --> 00:35:50,880
because reputational damage is something

632
00:35:50,880 --> 00:35:53,600
that companies definitely want to avoid

633
00:35:53,600 --> 00:35:56,000
because they'll have plenty of competitors out there

634
00:35:56,000 --> 00:35:58,440
who are doing things in the right way

635
00:35:58,440 --> 00:36:03,440
and investing time and people and energy and money

636
00:36:03,640 --> 00:36:08,440
into responsible and diligent AI roll outs.

637
00:36:08,440 --> 00:36:13,440
So if you're not preventing that accidental exposure

638
00:36:13,440 --> 00:36:17,760
and accidental all sharing of information from the get go,

639
00:36:17,760 --> 00:36:20,120
I think these are the sort of policies you need in place

640
00:36:20,120 --> 00:36:22,480
from day one.

641
00:36:22,480 --> 00:36:27,360
And I would say DLP is probably the most important part

642
00:36:27,360 --> 00:36:31,000
of that story because that's gonna be what prevents

643
00:36:31,000 --> 00:36:32,200
things from being leaked out

644
00:36:32,200 --> 00:36:35,040
at the credit card information, sensitive data.

645
00:36:35,040 --> 00:36:38,920
And you need a good plan.

646
00:36:38,920 --> 00:36:40,360
You need a rollout plan.

647
00:36:40,360 --> 00:36:45,360
You need champions groups who can be part of proof of concepts

648
00:36:45,360 --> 00:36:47,360
or pilot phases.

649
00:36:47,360 --> 00:36:49,160
Don't just roll it all out.

650
00:36:49,160 --> 00:36:53,200
Think of good people in the organization

651
00:36:53,200 --> 00:36:57,840
or good teams in the organization who can work with you

652
00:36:57,840 --> 00:37:00,800
on these pilot groups and do it properly

653
00:37:00,800 --> 00:37:04,800
ask the right questions, people who can evangelize it

654
00:37:04,800 --> 00:37:07,480
to other groups within the organization

655
00:37:07,480 --> 00:37:09,000
and have some people come along as well

656
00:37:09,000 --> 00:37:11,160
who will be challenging as well.

657
00:37:11,160 --> 00:37:12,840
There's nothing better than having people

658
00:37:12,840 --> 00:37:16,280
who ask difficult questions in these processes

659
00:37:16,280 --> 00:37:19,600
because you need to consider these things

660
00:37:19,600 --> 00:37:25,280
because if you launch these initiatives without considering it

661
00:37:25,280 --> 00:37:28,000
then they'll be the first people to criticize on day one

662
00:37:28,000 --> 00:37:29,840
when something isn't right, they'll say,

663
00:37:29,840 --> 00:37:32,200
well this isn't good.

664
00:37:32,200 --> 00:37:35,520
This is happened or the old way of working this never happens

665
00:37:35,520 --> 00:37:37,880
so you need these people on your side

666
00:37:37,880 --> 00:37:39,840
rather than working against you.

667
00:37:39,840 --> 00:37:45,160
- I think when we especially think in AI,

668
00:37:45,160 --> 00:37:49,600
there are people they say how to balance

669
00:37:49,600 --> 00:37:52,080
between innovation and risk.

670
00:37:52,080 --> 00:37:56,440
But did you see that GRC of government's risk compliance

671
00:37:56,440 --> 00:38:00,080
can be also a chance for innovation?

672
00:38:00,080 --> 00:38:03,040
- Oh I do very much so yeah.

673
00:38:03,040 --> 00:38:05,240
I think there's always the opportunity to

674
00:38:05,240 --> 00:38:08,240
define where to innovate.

675
00:38:08,240 --> 00:38:12,840
I mean, and the Microsoft platforms provide

676
00:38:12,840 --> 00:38:14,760
really really good ways of doing that,

677
00:38:14,760 --> 00:38:17,440
especially in the world of agents that we're seeing now.

678
00:38:17,440 --> 00:38:21,840
We are seeing all sorts of really really good use cases

679
00:38:21,840 --> 00:38:24,080
for agents, custom built agents

680
00:38:24,080 --> 00:38:27,280
and built in either in co-pilot itself

681
00:38:27,280 --> 00:38:30,560
or in co-pilot studio or the really clever people

682
00:38:30,560 --> 00:38:34,760
who were clever than I could be at this stage

683
00:38:34,760 --> 00:38:37,080
because I haven't learned anything that clever yet

684
00:38:37,080 --> 00:38:39,600
is people who can build the agents within Foundry

685
00:38:39,600 --> 00:38:41,200
with all that great fabric stuff.

686
00:38:41,200 --> 00:38:46,200
So, and there's some great examples

687
00:38:46,200 --> 00:38:50,280
that are appearing already in the short time since agents

688
00:38:50,280 --> 00:38:51,280
have been out there.

689
00:38:51,280 --> 00:38:53,240
Workflow's power automate,

690
00:38:53,240 --> 00:38:55,800
I mean, that's been around a good few years as well

691
00:38:55,800 --> 00:38:57,520
and automation,

692
00:38:57,520 --> 00:39:02,760
to augment human effort.

693
00:39:02,760 --> 00:39:06,080
It's been going on for a good few years in those terms,

694
00:39:06,080 --> 00:39:10,680
but the agentic world that when I see income into players

695
00:39:10,680 --> 00:39:15,280
just making the ability for those very clever people

696
00:39:15,280 --> 00:39:19,880
who innovate and invent to do some amazing things,

697
00:39:19,880 --> 00:39:21,160
some amazing use cases

698
00:39:21,160 --> 00:39:23,920
and take what Microsoft have provided

699
00:39:23,920 --> 00:39:27,800
and put their stamp on it and build something really special.

700
00:39:27,800 --> 00:39:32,000
So it's really exciting to see how people take these products

701
00:39:32,000 --> 00:39:33,480
and solutions that Microsoft have built

702
00:39:33,480 --> 00:39:35,440
and just take them a step further

703
00:39:35,440 --> 00:39:39,040
and build some really clever things that are going to be able

704
00:39:39,040 --> 00:39:41,600
to help people with their day-to-day jobs and lives.

705
00:39:41,600 --> 00:39:45,800
- Yeah, you say agentic AI in the thinking builds

706
00:39:45,800 --> 00:39:49,560
to the hot new topic, but is there

707
00:39:49,560 --> 00:39:52,720
from security view,

708
00:39:52,720 --> 00:39:56,040
is there a massive change to normally AI

709
00:39:56,040 --> 00:39:58,880
and be a hot with agentic AI?

710
00:39:58,880 --> 00:40:03,400
- Not as much as you would think because for agents

711
00:40:03,400 --> 00:40:08,000
in Microsoft platform in agent 365,

712
00:40:08,000 --> 00:40:14,520
there's no new security tools to do anything special with them.

713
00:40:14,520 --> 00:40:18,520
They are all protectable and governable

714
00:40:18,520 --> 00:40:20,680
by the same things that we've been familiar with

715
00:40:20,680 --> 00:40:24,760
to protect humans and human identities over the years.

716
00:40:24,760 --> 00:40:26,680
So agents can have their own identities

717
00:40:26,680 --> 00:40:29,200
and these can be controlled and protected

718
00:40:29,200 --> 00:40:32,280
by the principles within Entra and within Purview.

719
00:40:32,280 --> 00:40:36,760
So that's a really good thing about agent 365.

720
00:40:36,760 --> 00:40:39,840
I mean, there are some controls that you can see

721
00:40:39,840 --> 00:40:43,480
within the agent registry in terms of who can install the agents,

722
00:40:43,480 --> 00:40:47,640
who can do various things with them,

723
00:40:47,640 --> 00:40:51,680
who can see them and work with them and et cetera, et cetera.

724
00:40:51,680 --> 00:40:56,680
But the real wider security features are all in Purview

725
00:40:56,680 --> 00:41:02,400
and Entra and it's very, very easy to apply to be asked.

726
00:41:02,400 --> 00:41:07,400
It's just as easy as it is to do it from a human perspective.

727
00:41:07,400 --> 00:41:11,400
- Yeah, I've wanted to really finally ask,

728
00:41:11,400 --> 00:41:14,800
yeah, I think it's called by a Kamauji,

729
00:41:14,800 --> 00:41:18,880
a little bit later in Entra, it looks more than human,

730
00:41:18,880 --> 00:41:19,960
than an application.

731
00:41:19,960 --> 00:41:24,040
So that's a wonderful, more fun, really, really funny.

732
00:41:24,040 --> 00:41:29,040
And so what did you think in the future,

733
00:41:29,040 --> 00:41:35,080
how will security operations change over the next,

734
00:41:35,080 --> 00:41:37,040
I don't know, five years is a little bit long.

735
00:41:37,040 --> 00:41:41,080
- It's a really interesting question

736
00:41:41,080 --> 00:41:44,440
and it's always harder to predict rights,

737
00:41:44,440 --> 00:41:49,440
but the thing that I probably expect to become

738
00:41:49,440 --> 00:41:54,520
more relevant, more quickly than people expect

739
00:41:54,520 --> 00:41:56,960
is possibly quantum computing.

740
00:41:56,960 --> 00:42:01,080
I think we need to start getting ready

741
00:42:01,080 --> 00:42:06,080
for how we apply new security principles to that.

742
00:42:06,080 --> 00:42:10,440
Version of computing once it starts kicking in

743
00:42:10,440 --> 00:42:11,840
and becoming more mainstream.

744
00:42:11,840 --> 00:42:14,080
So I don't think we need to panic just yet.

745
00:42:14,080 --> 00:42:16,120
Certainly not in the next two to three years,

746
00:42:16,120 --> 00:42:18,600
but maybe once we're getting to five years

747
00:42:18,600 --> 00:42:21,080
and start heading towards seven and 10 years,

748
00:42:21,080 --> 00:42:27,040
I think we need to be ready for that next wave of innovation

749
00:42:27,040 --> 00:42:28,880
in the world of computing.

750
00:42:28,880 --> 00:42:33,240
How AI will evolve is gonna be interesting to see

751
00:42:33,240 --> 00:42:36,040
because what we're dealing with at the moment is

752
00:42:36,040 --> 00:42:41,040
generative AI, whether AI evolves beyond that,

753
00:42:41,040 --> 00:42:43,960
is gonna be interesting to see.

754
00:42:43,960 --> 00:42:46,960
I think inevitably it will, if it hasn't already,

755
00:42:46,960 --> 00:42:49,960
because what we're seeing released to the mainstream world

756
00:42:49,960 --> 00:42:55,960
right now has probably been around for five plus more years already

757
00:42:55,960 --> 00:43:00,160
in testing and development and proof of concept groups.

758
00:43:00,160 --> 00:43:03,160
So we're probably always a good five years behind

759
00:43:03,160 --> 00:43:06,000
what's actually capable, at least.

760
00:43:06,000 --> 00:43:08,000
I would guesstimate.

761
00:43:08,000 --> 00:43:10,000
So those would be my answers.

762
00:43:10,000 --> 00:43:15,000
I would think quantum computing definitely need to keep an eye

763
00:43:15,000 --> 00:43:19,000
on that and whatever the next version of AI is,

764
00:43:19,000 --> 00:43:23,000
whether that has the ability to become self aware,

765
00:43:23,000 --> 00:43:26,000
maybe some getting too much into it, movie territory there,

766
00:43:26,000 --> 00:43:28,000
but hey, we can't rule it out.

767
00:43:28,000 --> 00:43:31,000
Some people on podcasts think that that's already happened.

768
00:43:31,000 --> 00:43:34,000
So who knows, time will tell.

769
00:43:34,000 --> 00:43:35,000
Yeah.

770
00:43:35,000 --> 00:43:39,000
That's one product I have a question.

771
00:43:39,000 --> 00:43:42,000
And it's the Microsoft security co-pilot.

772
00:43:42,000 --> 00:43:47,000
Did you say the Microsoft security co-pilot

773
00:43:47,000 --> 00:43:51,000
will in future handle all securities,

774
00:43:51,000 --> 00:43:56,000
or if there are any plays for humans in insecurity?

775
00:43:56,000 --> 00:44:00,000
I think certainly in the short term,

776
00:44:00,000 --> 00:44:03,000
the humans in the future,

777
00:44:03,000 --> 00:44:10,000
the humans in the equation are not going anywhere anytime soon.

778
00:44:10,000 --> 00:44:13,000
You can't rule that out completely,

779
00:44:13,000 --> 00:44:17,000
but I think as time evolves over the next few years,

780
00:44:17,000 --> 00:44:20,000
I think there's always going to be things for humans to do,

781
00:44:20,000 --> 00:44:24,000
but I think the things that they're doing will change.

782
00:44:24,000 --> 00:44:27,000
It will enable them to do more things,

783
00:44:27,000 --> 00:44:32,000
and make decisions that AI is not making,

784
00:44:32,000 --> 00:44:34,000
but will have making,

785
00:44:34,000 --> 00:44:41,000
because autonomous AI is very much on the agenda, I think.

786
00:44:41,000 --> 00:44:46,000
But I think we're a good way off that yet.

787
00:44:46,000 --> 00:44:50,000
I think for the hero now, in the next few years,

788
00:44:50,000 --> 00:44:53,000
I think analysts, security analysts,

789
00:44:53,000 --> 00:44:56,000
don't have too much to worry about,

790
00:44:56,000 --> 00:44:59,000
but I think on the longer term,

791
00:44:59,000 --> 00:45:02,000
I think it's going to be a good thing,

792
00:45:02,000 --> 00:45:06,000
because I think it's going to free them up to do more innovative

793
00:45:06,000 --> 00:45:09,000
and interesting things.

794
00:45:09,000 --> 00:45:13,000
But can we predict 100%? No.

795
00:45:13,000 --> 00:45:17,000
But I'm a positive person for the most part,

796
00:45:17,000 --> 00:45:20,000
and I do see that there will be opportunities there

797
00:45:20,000 --> 00:45:23,000
for growth in those areas.

798
00:45:23,000 --> 00:45:26,000
So I also,

799
00:45:26,000 --> 00:45:30,000
I like to ask a little bit about your...

800
00:45:30,000 --> 00:45:33,000
You do also great text-ups,

801
00:45:33,000 --> 00:45:38,000
but you are also doing all these great community stuff.

802
00:45:38,000 --> 00:45:40,000
You have this YouTube channel,

803
00:45:40,000 --> 00:45:42,000
you're helping them take,

804
00:45:42,000 --> 00:45:48,000
you have your also work for mental health and a troret around us.

805
00:45:48,000 --> 00:45:50,000
So,

806
00:45:50,000 --> 00:45:54,000
is there something you say,

807
00:45:54,000 --> 00:45:57,000
okay,

808
00:45:57,000 --> 00:46:03,000
AI will help on these topics in the future?

809
00:46:03,000 --> 00:46:06,000
I think possibly, yeah, very much so.

810
00:46:06,000 --> 00:46:09,000
I mean, I think...

811
00:46:09,000 --> 00:46:15,000
potentially, I mean, AI has access to vast sources of knowledge

812
00:46:15,000 --> 00:46:18,000
that it can access very, very quickly.

813
00:46:18,000 --> 00:46:21,000
So in terms of education,

814
00:46:21,000 --> 00:46:26,000
I think it's a way to help people access information on a lot of these subjects,

815
00:46:26,000 --> 00:46:29,000
a lot more quickly.

816
00:46:29,000 --> 00:46:36,000
I think, again, the human element is going to continue to be the most important part of the conversation.

817
00:46:36,000 --> 00:46:38,000
It's an interesting question.

818
00:46:38,000 --> 00:46:42,000
I've not ever really been asked about those topics from the AI perspective before.

819
00:46:42,000 --> 00:46:45,000
So it is a really cool question.

820
00:46:45,000 --> 00:46:47,000
I mean,

821
00:46:47,000 --> 00:46:50,000
women in tech is particularly important,

822
00:46:50,000 --> 00:46:56,000
it's a really, really, very important question for me because you might remember from my...

823
00:46:56,000 --> 00:47:01,000
how I got started in IT in the 90s, I was recruited by a woman,

824
00:47:01,000 --> 00:47:07,000
which in those times was not necessarily too unusual,

825
00:47:07,000 --> 00:47:09,000
but it was... I mean,

826
00:47:09,000 --> 00:47:13,000
when you see how much work we have still today,

827
00:47:13,000 --> 00:47:17,000
a quarter of the way through the 21st century,

828
00:47:17,000 --> 00:47:20,000
like the first tech and beyond,

829
00:47:20,000 --> 00:47:30,000
then it's hard to imagine what life was working in tech was like back then

830
00:47:30,000 --> 00:47:33,000
for the individual that recruited me.

831
00:47:33,000 --> 00:47:36,000
So I was blown away at what a trailblazer she was,

832
00:47:36,000 --> 00:47:38,000
and I always wanted to pay that back,

833
00:47:38,000 --> 00:47:43,000
which is why I've always tried to help women in the tech industry

834
00:47:43,000 --> 00:47:48,000
to call out incorrect behavior when I see it because it still does happen.

835
00:47:48,000 --> 00:47:58,000
And there's quite often no malice intended from the males who are getting these things wrong.

836
00:47:58,000 --> 00:48:00,000
Broadly speaking,

837
00:48:00,000 --> 00:48:04,000
it's what you call an unconscious bias taking place,

838
00:48:04,000 --> 00:48:10,000
but that needs to be an education piece there to not assume

839
00:48:10,000 --> 00:48:16,000
that a woman is not technical, and this happens a lot where a woman in tech

840
00:48:16,000 --> 00:48:20,000
will be at an event or a conference or something,

841
00:48:20,000 --> 00:48:22,000
and they'll have a male sales colleague with them,

842
00:48:22,000 --> 00:48:25,000
and they're having a conversation with a customer or whoever,

843
00:48:25,000 --> 00:48:31,000
and the customer will look at the man and ask the man the technical question,

844
00:48:31,000 --> 00:48:33,000
and he doesn't know.

845
00:48:33,000 --> 00:48:35,000
He's a salesperson,

846
00:48:35,000 --> 00:48:41,000
and he says, "Oh, I must refer to you to my technical colleague here."

847
00:48:41,000 --> 00:48:44,000
Who is the female person in front of you?

848
00:48:44,000 --> 00:48:49,000
And there's a lot of education and bias, unconscious bias,

849
00:48:49,000 --> 00:48:51,000
work to be done in that space.

850
00:48:51,000 --> 00:48:57,000
Similarly, a lot of education to be done for a number of mental health awareness causes

851
00:48:57,000 --> 00:49:00,000
and newer diversity causes.

852
00:49:00,000 --> 00:49:03,000
I've been through a mental health journey myself,

853
00:49:03,000 --> 00:49:07,000
where I've been able to be a whole other podcast to go through the whole thing,

854
00:49:07,000 --> 00:49:11,000
but I'm passionate about awareness on that topic,

855
00:49:11,000 --> 00:49:15,000
and taking some of the stigma aware of talking about such topics,

856
00:49:15,000 --> 00:49:17,000
and you're a diversity as well,

857
00:49:17,000 --> 00:49:20,000
I mean, particularly for me is Tourette Syndrome,

858
00:49:20,000 --> 00:49:23,000
which is fairly obvious to anyone watching this today,

859
00:49:23,000 --> 00:49:25,000
that I have ticks and twitches,

860
00:49:25,000 --> 00:49:30,000
and they come and go, depending on a certain environment or criteria.

861
00:49:30,000 --> 00:49:35,000
It's usually how excited I am about something or passionate about something.

862
00:49:35,000 --> 00:49:40,000
It kicks in a bit more, or when I'm nervous about something.

863
00:49:40,000 --> 00:49:44,000
And I'm very, very happy and thrilled to be talking to you on this podcast today,

864
00:49:44,000 --> 00:49:48,000
because so it's probably happening a bit more because I'm passionate,

865
00:49:48,000 --> 00:49:53,000
and it's harder to control these ticks.

866
00:49:53,000 --> 00:49:59,000
But there's a lot of awareness gaps across a lot of these things.

867
00:49:59,000 --> 00:50:04,000
So I'm really, really passionate about educating people on what these things are,

868
00:50:04,000 --> 00:50:09,000
and this is why I'm very open about all of these things that affect me,

869
00:50:09,000 --> 00:50:14,000
because I don't want people to be afraid to ask questions,

870
00:50:14,000 --> 00:50:17,000
or worry that I would be sensitive about it.

871
00:50:17,000 --> 00:50:20,000
I mean, some people may or may not be, but for me,

872
00:50:20,000 --> 00:50:26,000
I'll happily talk about anything, as openly and honestly as I possibly can.

873
00:50:26,000 --> 00:50:31,000
Yeah, I really love all sort of way Microsoft do all this.

874
00:50:31,000 --> 00:50:35,000
Women in tech stuff, I think it's especially good how do it,

875
00:50:35,000 --> 00:50:44,000
because a lot of companies or programs frame it more than, yeah,

876
00:50:44,000 --> 00:50:47,000
there is a little bit unfair about it.

877
00:50:47,000 --> 00:50:49,000
They frame it a little bit.

878
00:50:49,000 --> 00:50:51,000
It's a disability.

879
00:50:51,000 --> 00:50:55,000
You are a woman, style, and I think Microsoft has,

880
00:50:55,000 --> 00:51:05,000
that is nice, yeah, make women show up in all these conferences and so on.

881
00:51:05,000 --> 00:51:08,000
And it's not just, I don't know, I can say,

882
00:51:08,000 --> 00:51:10,000
but it often feels like bad touch,

883
00:51:10,000 --> 00:51:16,000
so that's really, I love how Microsoft do it.

884
00:51:16,000 --> 00:51:20,000
And yeah, you have also another passion, I would say,

885
00:51:20,000 --> 00:51:24,000
with women in tech and your YouTube channel and your community contribution.

886
00:51:24,000 --> 00:51:27,000
It's, it's, I will say, mentoring or teaching.

887
00:51:27,000 --> 00:51:33,000
What have you learned from, I say, from, from this teaching other?

888
00:51:33,000 --> 00:51:44,000
So much, because I really love comparing the me of today to where I was when I was the age of,

889
00:51:44,000 --> 00:51:48,000
usually the sort of age of the people that I mentor,

890
00:51:48,000 --> 00:51:52,000
which is usually quite young, young people at the start of their careers.

891
00:51:52,000 --> 00:52:00,000
And it's, it makes me reflect and realize just how much I've learned,

892
00:52:00,000 --> 00:52:03,000
how much privilege and opportunity that I've had,

893
00:52:03,000 --> 00:52:09,000
but equally more important than any of that is what I learned back from the mentees,

894
00:52:09,000 --> 00:52:13,000
because I learned some, there's a term called reverse mentoring,

895
00:52:13,000 --> 00:52:18,000
and then that naturally, you know, organically happens in most mentoring relationships,

896
00:52:18,000 --> 00:52:22,000
and I think because the younger generation that I talk with,

897
00:52:22,000 --> 00:52:24,000
they have different perspective on life.

898
00:52:24,000 --> 00:52:30,000
I mean, I mean, they've grown up in a world of social media and always on technology.

899
00:52:30,000 --> 00:52:34,000
I mean, when I was a young boy, we only had three TV channels

900
00:52:34,000 --> 00:52:37,000
and you couldn't watch what you wanted when you wanted,

901
00:52:37,000 --> 00:52:40,000
you had to watch what was on, so things have changed.

902
00:52:40,000 --> 00:52:44,000
And they've grown up with this instant access to things,

903
00:52:44,000 --> 00:52:50,000
I think it's made them more confident to ask for things and set boundaries a bit better

904
00:52:50,000 --> 00:52:52,000
than my generation did.

905
00:52:52,000 --> 00:52:56,000
So there's some healthy habits that I think they've got.

906
00:52:56,000 --> 00:52:59,000
So yeah, it's been deeply rewarding,

907
00:52:59,000 --> 00:53:03,000
and the different kind of mentorship relationships you can have,

908
00:53:03,000 --> 00:53:07,000
I've mentored people of all sorts of different ages as well,

909
00:53:07,000 --> 00:53:08,000
because you never told to learn.

910
00:53:08,000 --> 00:53:12,000
I mean, I still look for mentors and I'm going to be 54 this year,

911
00:53:12,000 --> 00:53:15,000
I'm always wanting to learn new things.

912
00:53:15,000 --> 00:53:18,000
And it's just such a great experience.

913
00:53:18,000 --> 00:53:21,000
And I encourage anyone to look into doing it,

914
00:53:21,000 --> 00:53:26,000
because you get so much out of a mentor, a mentor, a mentor, a relationship,

915
00:53:26,000 --> 00:53:28,000
so something to learn.

916
00:53:28,000 --> 00:53:32,000
Okay, well, let's jump in the quick-fire round.

917
00:53:32,000 --> 00:53:36,000
So I say some short questions and you become say,

918
00:53:36,000 --> 00:53:38,000
"What comes in your mind?"

919
00:53:38,000 --> 00:53:42,000
Coffee, or energy when red-teaming.

920
00:53:42,000 --> 00:53:44,000
Coffee.

921
00:53:44,000 --> 00:53:46,000
Dives our outlook.

922
00:53:46,000 --> 00:53:48,000
Feeds.

923
00:53:48,000 --> 00:53:52,000
Your Microsoft favorite product?

924
00:53:52,000 --> 00:53:53,000
Per view.

925
00:53:53,000 --> 00:53:56,000
What's the most underrated Microsoft product?

926
00:53:56,000 --> 00:53:59,000
Per view.

927
00:53:59,000 --> 00:54:04,000
And what's for you the most overused buzzwords?

928
00:54:04,000 --> 00:54:08,000
This is a good one.

929
00:54:08,000 --> 00:54:10,000
Oh, what's the one that I hate?

930
00:54:10,000 --> 00:54:13,000
It's low-hanging fruit.

931
00:54:13,000 --> 00:54:20,000
What dish shall everyone try when he comes to Newcastle?

932
00:54:20,000 --> 00:54:21,000
Newcastle.

933
00:54:21,000 --> 00:54:25,000
Oh my gosh.

934
00:54:25,000 --> 00:54:26,000
That's everything.

935
00:54:26,000 --> 00:54:31,000
I don't know. Maybe a chip butty, which is chips, as we call them in the UK,

936
00:54:31,000 --> 00:54:35,000
or French fries for North American folks in a sandwich, basically.

937
00:54:35,000 --> 00:54:37,000
A chip butty, we call that.

938
00:54:37,000 --> 00:54:40,000
I really love that, or chips and gravy.

939
00:54:40,000 --> 00:54:41,000
Or peas pudding.

940
00:54:41,000 --> 00:54:45,000
Hammond peas pudding is a very northeast Newcastle dish.

941
00:54:45,000 --> 00:54:47,000
That's interesting.

942
00:54:47,000 --> 00:54:49,000
I have to try it out.

943
00:54:49,000 --> 00:54:51,000
Yeah.

944
00:54:51,000 --> 00:54:55,000
One security habit, everyone should adopt.

945
00:54:55,000 --> 00:54:57,000
Zero trust.

946
00:54:57,000 --> 00:55:03,000
If they are a favorite book or podcast, you say that showed everyone listen to it,

947
00:55:03,000 --> 00:55:06,000
which start with security.

948
00:55:06,000 --> 00:55:09,000
A favorite book or podcast?

949
00:55:09,000 --> 00:55:14,000
Interesting for security.

950
00:55:14,000 --> 00:55:24,000
I mean, I don't, in the podcast side of things, I tend to listen to personal content rather than tech content.

951
00:55:24,000 --> 00:55:30,000
Most of what I consume is on YouTube, which I guess you could call a podcast.

952
00:55:30,000 --> 00:55:37,000
So, so based on that, if I'm recommending a YouTube channel for security,

953
00:55:37,000 --> 00:55:42,000
I would recommend my good friend Andy Malone, who is a Microsoft MVP and a Microsoft trainer.

954
00:55:42,000 --> 00:55:43,000
Really great guy.

955
00:55:43,000 --> 00:55:46,000
He got me started off on my YouTube journey.

956
00:55:46,000 --> 00:55:49,000
So he is who I would recommend.

957
00:55:49,000 --> 00:55:52,000
There's lots of good books out there.

958
00:55:52,000 --> 00:56:01,000
My manager at Microsoft, Jose Lazaro, he wrote one recently with another great guy called Marcus Burnup,

959
00:56:01,000 --> 00:56:04,000
all about Microsoft Sentinel XDR.

960
00:56:04,000 --> 00:56:06,000
So go check that out.

961
00:56:06,000 --> 00:56:13,000
In the view, yeah, meet your 20 years old younger Peter Rising.

962
00:56:13,000 --> 00:56:18,000
What will he most excited about your today?

963
00:56:18,000 --> 00:56:25,000
Oh, wow, the younger, I think just how far technology is advanced because when I was younger,

964
00:56:25,000 --> 00:56:30,000
I always used to get quite frustrated at how slow the pace of technology was.

965
00:56:30,000 --> 00:56:39,000
And the sort of things that I'm seeing today, a lot of it is what I imagined back in those days in the 80s and 90s as I was growing up.

966
00:56:39,000 --> 00:56:42,000
And one of my favorite TV shows ever is Star Trek.

967
00:56:42,000 --> 00:56:45,000
And back in the 1960s, the original Star Trek, it had,

968
00:56:45,000 --> 00:57:00,000
it had first time, it had mobile phones and communicators had it had examples of technology that we could only dream of and I thought it would be so great if we had these things and we now have so many of those things so so good.

969
00:57:00,000 --> 00:57:05,000
Yeah, there is one guy I have forgotten the name.

970
00:57:05,000 --> 00:57:13,000
I do a Star Trek channel on Microsoft ecosystem, but it's also, I don't know, I have to put it in.

971
00:57:13,000 --> 00:57:16,000
That might be me actually, I have a Star Trek channel as well.

972
00:57:16,000 --> 00:57:18,000
Yeah, yeah.

973
00:57:18,000 --> 00:57:20,000
Star Trek revisited its cold.

974
00:57:20,000 --> 00:57:23,000
Yeah, yeah, yeah, yeah.

975
00:57:23,000 --> 00:57:27,000
So I'm most not losing with videos.

976
00:57:27,000 --> 00:57:34,000
So I am more the audio dude, but it's really, really cool.

977
00:57:34,000 --> 00:57:38,000
And you have to have the other channel right to the normal security channel.

978
00:57:38,000 --> 00:57:48,000
You are so, oh yeah, yeah, my main channel is the Peter Rising M365 Microsoft security and they are related content.

979
00:57:48,000 --> 00:57:51,000
And I try and publish content on their on a weekly basis.

980
00:57:51,000 --> 00:57:54,000
I don't always succeed, but most weeks I do.

981
00:57:54,000 --> 00:58:03,000
Yeah, so yeah, then then my last or outro questions is if people have listened to this episode.

982
00:58:03,000 --> 00:58:10,000
What's the one message for today just cause more, what should it be?

983
00:58:10,000 --> 00:58:17,000
For me, the message would be that you can put, you can achieve anything you put your mind to.

984
00:58:17,000 --> 00:58:21,000
There's no barriers to what you can learn.

985
00:58:21,000 --> 00:58:23,000
If you want to do something, go and do it.

986
00:58:23,000 --> 00:58:26,000
If you want to start a YouTube channel, go and just do it.

987
00:58:26,000 --> 00:58:27,000
Don't think about it.

988
00:58:27,000 --> 00:58:28,000
Go and try it.

989
00:58:28,000 --> 00:58:29,000
See what works for you.

990
00:58:29,000 --> 00:58:32,000
And you'll be pleasantly surprised at the results, I would say.

991
00:58:32,000 --> 00:58:42,000
Never let ridiculous little excuses get in the way of starting something just get stuck in and do it and try it.

992
00:58:42,000 --> 00:58:47,000
Yeah, then, yeah, I say that was a fantastic conversation.

993
00:58:47,000 --> 00:58:48,000
I love it.

994
00:58:48,000 --> 00:59:01,000
Yeah, I say, who would thank you, Peter, for joining me today and sharing all this insights about Microsoft security, POV, UI, governance, zero trust and the future of AI adoption.

995
00:59:01,000 --> 00:59:13,000
Yeah, I think one key takeaway for me for this episode is a simple, I think AI success starts with data governance.

996
00:59:13,000 --> 00:59:25,000
And yeah, I think organization have to understand, protect and govern their data and it will be, yeah, help to be successful, especially in the AI, which is so, yeah, thank you for joining me.

997
00:59:25,000 --> 00:59:29,000
I really, thankful for the discussion.

998
00:59:29,000 --> 00:59:34,000
I'll meet to you, my friend. Thank you for inviting me, my co. I really enjoyed the conversation.

999
00:59:34,000 --> 00:59:36,000
Okay, goodbye.

1000
00:59:36,000 --> 00:59:38,000
Bye bye, take care.