Secure-by-Design AI: Protecting MLOps in the Microsoft Cloud with Martin Dimovski [MVP-MCT]

1
00:00:00,000 --> 00:00:05,000
Welcome to another edition of the MC65 podcast.

2
00:00:05,000 --> 00:00:08,280
We are joined by Martin Timbowski.

3
00:00:08,280 --> 00:00:10,440
I hope I'm pronouncing the right.

4
00:00:10,440 --> 00:00:14,720
It's a Microsoft MVP NCT community lead in the Netherlands,

5
00:00:14,720 --> 00:00:17,560
security mentor and cloud security expert

6
00:00:17,560 --> 00:00:21,680
with more than 20 years of Microsoft experience.

7
00:00:21,680 --> 00:00:25,880
In this episode, we explore how organization can secure AI,

8
00:00:25,880 --> 00:00:29,600
machine learning ops environments in the Microsoft Cloud,

9
00:00:29,600 --> 00:00:35,280
covering death, psych, off-front, injectors, security by design,

10
00:00:35,280 --> 00:00:37,800
architecture at the Microsoft security stake,

11
00:00:37,800 --> 00:00:40,520
powering modern AI workloads.

12
00:00:40,520 --> 00:00:42,720
So welcome, Martin.

13
00:00:42,720 --> 00:00:47,520
You are spent over 20 years in the Microsoft ecosystem

14
00:00:47,520 --> 00:00:50,680
from Windows Server to AI security.

15
00:00:50,680 --> 00:00:57,000
What organically pulled you into the cyber security cloud security topic?

16
00:00:57,000 --> 00:01:00,200
First of all, pleasure to be here.

17
00:01:00,200 --> 00:01:01,920
Thank you for the invitation.

18
00:01:01,920 --> 00:01:06,160
And indeed, 20 years, this year is my anniversary,

19
00:01:06,160 --> 00:01:08,640
from a collet like that.

20
00:01:08,640 --> 00:01:12,000
I ended up in security a couple of years ago.

21
00:01:12,000 --> 00:01:15,160
And basically, yeah, I started as an IT support guy.

22
00:01:15,160 --> 00:01:19,240
But some co-during the career, as a junior,

23
00:01:19,240 --> 00:01:22,640
you learn from the seniors and doing a lot of stuff.

24
00:01:22,640 --> 00:01:25,040
And basically, also, that's maybe the leverage

25
00:01:25,040 --> 00:01:28,080
as a Microsoft trainer, who make good network,

26
00:01:28,080 --> 00:01:30,440
also in the MVP, good community.

27
00:01:30,440 --> 00:01:32,360
Well, you have really professional people

28
00:01:32,360 --> 00:01:35,600
with a lot of more experience than you.

29
00:01:35,600 --> 00:01:39,280
And basically, when AI started every year,

30
00:01:39,280 --> 00:01:42,480
I'm always giving this advice to any younger generations,

31
00:01:42,480 --> 00:01:46,120
also to any friends of mine, does met or older or younger.

32
00:01:46,120 --> 00:01:49,080
But also, I want really to motivate the younger generation.

33
00:01:49,080 --> 00:01:51,920
Every December, I take two, three weeks off.

34
00:01:51,920 --> 00:01:53,320
I must be honest.

35
00:01:53,320 --> 00:01:57,200
And I do reflection what was achieved this year.

36
00:01:57,200 --> 00:02:02,200
Usually, it happened in 2021, correctly.

37
00:02:02,200 --> 00:02:07,800
And then, everyone started talking AI data leakage.

38
00:02:07,800 --> 00:02:09,720
There is data on the internet.

39
00:02:09,720 --> 00:02:11,240
There is the, there is it.

40
00:02:11,240 --> 00:02:15,960
And some co-indo this new year vibe in December,

41
00:02:15,960 --> 00:02:20,960
I was watching, I don't remember which exactly part was,

42
00:02:20,960 --> 00:02:23,520
but I watched James Bond.

43
00:02:23,520 --> 00:02:26,120
And there is a one James Bond, where basically,

44
00:02:26,120 --> 00:02:29,800
the all MI6, the data is leaked on YouTube.

45
00:02:29,800 --> 00:02:32,720
I don't really remember which part.

46
00:02:32,720 --> 00:02:38,520
It was not casino, some other one does matter,

47
00:02:38,520 --> 00:02:41,200
but just to connect to your question.

48
00:02:41,200 --> 00:02:44,840
And that is where I decided, based on this analysis

49
00:02:44,840 --> 00:02:46,400
and reading a lot.

50
00:02:46,400 --> 00:02:48,880
I said, maybe it's time now to switch

51
00:02:48,880 --> 00:02:52,120
from this pipeline, Simfraza code, a little bit more

52
00:02:52,120 --> 00:02:54,280
on the data side, on the security side,

53
00:02:54,280 --> 00:02:57,360
where we really will protect all of that leakage

54
00:02:57,360 --> 00:02:59,320
and all of these issues.

55
00:02:59,320 --> 00:03:02,800
Yeah, I see a little bit, or look a little bit

56
00:03:02,800 --> 00:03:04,960
in your content pieces you created.

57
00:03:04,960 --> 00:03:09,480
And I think there could be your zoning complexity

58
00:03:09,480 --> 00:03:12,440
into clarity, could your philosophy.

59
00:03:16,680 --> 00:03:22,600
What, how influence that the way you teach security

60
00:03:22,600 --> 00:03:27,440
and dev ops, dev ops today for you?

61
00:03:27,440 --> 00:03:30,440
How, what, one more time?

62
00:03:30,440 --> 00:03:31,680
How?

63
00:03:31,680 --> 00:03:32,520
Yeah.

64
00:03:32,520 --> 00:03:33,360
How influenced?

65
00:03:33,360 --> 00:03:34,200
Yeah.

66
00:03:34,200 --> 00:03:38,040
The way you teach security and dev ops, dev ops today.

67
00:03:38,040 --> 00:03:39,000
Yeah, yeah, yeah.

68
00:03:39,000 --> 00:03:43,440
Well, you know, for me, it's a really easy, why?

69
00:03:43,440 --> 00:03:45,920
And I'm always saying for me, it's easy.

70
00:03:45,920 --> 00:03:48,640
It's not really easy for everyone, of course.

71
00:03:48,640 --> 00:03:51,160
Based on this experience, it's always

72
00:03:51,160 --> 00:03:53,000
when you have been onto the other side,

73
00:03:53,000 --> 00:03:56,080
I usually say like that, I have been to the other side

74
00:03:56,080 --> 00:03:58,600
and I have been developing, creating pipelines,

75
00:03:58,600 --> 00:04:04,280
deploy a solution, artifact this, or that, doing a test,

76
00:04:04,280 --> 00:04:07,160
all day in front of your visual studio, visual studio code.

77
00:04:07,160 --> 00:04:10,720
And I know also, let's be honest, there is a small pressure

78
00:04:10,720 --> 00:04:13,640
as a developer also that you want to finish the task,

79
00:04:13,640 --> 00:04:16,720
submit the code, finish on time.

80
00:04:16,720 --> 00:04:19,120
You have two week sprints.

81
00:04:19,120 --> 00:04:21,760
You have monthly retros, blah, blah, blah.

82
00:04:21,760 --> 00:04:22,920
And I have been there.

83
00:04:22,920 --> 00:04:27,120
And I know how difficult it is for also for those people

84
00:04:27,120 --> 00:04:30,480
even now to think about also on everything

85
00:04:30,480 --> 00:04:32,880
that they need to make on top of that,

86
00:04:32,880 --> 00:04:34,840
is this secure enough?

87
00:04:34,840 --> 00:04:37,400
Did they have a four-way principle?

88
00:04:37,400 --> 00:04:41,120
Did they do threat modeling for our architectural design?

89
00:04:41,120 --> 00:04:42,280
Did we do this?

90
00:04:42,280 --> 00:04:44,520
Did we do pen testing?

91
00:04:44,520 --> 00:04:47,600
And there is so many things that next to the development

92
00:04:47,600 --> 00:04:50,200
need to be basically connected.

93
00:04:50,200 --> 00:04:53,480
And I think that is where I influence them,

94
00:04:53,480 --> 00:04:58,160
where I easily just say people, I understand you,

95
00:04:58,160 --> 00:05:00,320
just leave the security on us, for example,

96
00:05:00,320 --> 00:05:02,360
or just to give you some thoughts.

97
00:05:02,360 --> 00:05:05,920
For example, you do your stuff, just send me two, three documents

98
00:05:05,920 --> 00:05:09,920
just to review the architectural design to review this.

99
00:05:09,920 --> 00:05:12,160
And that's it, you don't need to do anything.

100
00:05:12,160 --> 00:05:15,040
Later, I will come back to you with some solution idea

101
00:05:15,040 --> 00:05:17,520
that maybe we can make it together.

102
00:05:17,520 --> 00:05:20,960
Because my goal is always, all of this journey,

103
00:05:20,960 --> 00:05:25,280
I know there is different roles, also with this AA world,

104
00:05:25,280 --> 00:05:30,560
developers, DevOps, quality assurance people, project managers,

105
00:05:30,560 --> 00:05:36,560
managers, AI people, Azure Cloud, Cloud Network, all of that

106
00:05:36,560 --> 00:05:39,280
in my head, to be honest, it's a chain

107
00:05:39,280 --> 00:05:41,920
that it's really close connected, every dot

108
00:05:41,920 --> 00:05:43,960
and bit need to cooperate together.

109
00:05:43,960 --> 00:05:45,800
Cool.

110
00:05:45,800 --> 00:05:50,640
For this, not unfamiliar with ML ops, DevSecOps,

111
00:05:50,640 --> 00:05:54,600
and secured by design, can you a little bit explain it

112
00:05:54,600 --> 00:05:56,280
in simple terms?

113
00:05:56,280 --> 00:05:57,840
What is this?

114
00:05:57,840 --> 00:05:58,680
Yeah.

115
00:05:58,680 --> 00:06:01,000
What is basically start from the scratch?

116
00:06:01,000 --> 00:06:02,440
ML ops is the less station.

117
00:06:02,440 --> 00:06:04,840
I usually start from secure.

118
00:06:04,840 --> 00:06:07,400
And basically that's how the development journey

119
00:06:07,400 --> 00:06:09,320
start for any application.

120
00:06:09,320 --> 00:06:11,640
Usually, there is secure by design.

121
00:06:11,640 --> 00:06:15,080
Secured by design is if Martin and Mirko

122
00:06:15,080 --> 00:06:18,640
sit together and they decide to build an application.

123
00:06:18,640 --> 00:06:22,280
So me and you need to sit together, have a design

124
00:06:22,280 --> 00:06:27,520
of our application and let's find where is the gap of security.

125
00:06:27,520 --> 00:06:31,240
And then there is an exercise in the security field,

126
00:06:31,240 --> 00:06:35,360
which is called threat modeling, which something can go wrong.

127
00:06:35,360 --> 00:06:38,080
And basically, we have the design of the application.

128
00:06:38,080 --> 00:06:41,400
And me and you, you developer, me security guy,

129
00:06:41,400 --> 00:06:44,560
discussing, hey, this is maybe authentication problem.

130
00:06:44,560 --> 00:06:47,040
Maybe there is a virtual machine problem of this.

131
00:06:47,040 --> 00:06:49,600
Maybe there will be problem with the database.

132
00:06:49,600 --> 00:06:53,000
Maybe something with the pipeline and all of these things.

133
00:06:53,000 --> 00:06:55,320
So that's on the beginning where basically,

134
00:06:55,320 --> 00:06:57,480
you discuss secure by design.

135
00:06:57,480 --> 00:07:00,560
And then through the journey, you come to something,

136
00:07:00,560 --> 00:07:03,040
which is, yeah, to the end of all of that,

137
00:07:03,040 --> 00:07:05,440
after you build the application, of course,

138
00:07:05,440 --> 00:07:08,920
can be different DevOps, ML ops, DevSecOps,

139
00:07:08,920 --> 00:07:14,080
all of that where you have included in the sense of your question,

140
00:07:14,080 --> 00:07:17,240
ML ops, basic machine learning and operations,

141
00:07:17,240 --> 00:07:20,520
include.

142
00:07:20,520 --> 00:07:24,600
I have the feeling, actually, we are living in a time

143
00:07:24,600 --> 00:07:30,320
where with generative AI, someone has an idea today.

144
00:07:30,320 --> 00:07:34,200
And tomorrow, it's released in production system.

145
00:07:34,200 --> 00:07:39,040
What are the biggest security mistakes organization

146
00:07:39,040 --> 00:07:42,960
from your perspective make right now?

147
00:07:42,960 --> 00:07:45,040
Yeah, it's a good question.

148
00:07:45,040 --> 00:07:47,760
And there can be a lot of things that can be mentioned,

149
00:07:47,760 --> 00:07:50,520
if I may call it like that, because usually,

150
00:07:50,520 --> 00:07:53,040
also the big organization, sometimes,

151
00:07:53,040 --> 00:07:56,240
yeah, we say we are security, it's a team sport.

152
00:07:56,240 --> 00:07:58,160
It's not only the people from security

153
00:07:58,160 --> 00:08:03,120
that need to chase that journey or to chase the developers,

154
00:08:03,120 --> 00:08:06,760
but usually, what we have seen also,

155
00:08:06,760 --> 00:08:10,120
that there is a lot of developers, maybe,

156
00:08:10,120 --> 00:08:13,080
I usually say the biggest problem,

157
00:08:13,080 --> 00:08:16,720
and I think that will come maybe in one or two years from now,

158
00:08:16,720 --> 00:08:19,560
the biggest problem is the knowledge that is coming,

159
00:08:19,560 --> 00:08:23,120
and for example, as a any organization,

160
00:08:23,120 --> 00:08:26,800
if the developer, and I usually take a real example,

161
00:08:26,800 --> 00:08:29,040
if you have a Java developer,

162
00:08:29,040 --> 00:08:33,120
call his life, he's doing Java code or JavaScript or .NET,

163
00:08:33,120 --> 00:08:36,880
that guy mindset is completely focused

164
00:08:36,880 --> 00:08:39,680
what to do on the libraries, how to do this,

165
00:08:39,680 --> 00:08:42,600
how to do that, and all of these things.

166
00:08:42,600 --> 00:08:46,840
But in there, basically, that is the gap where it's happened

167
00:08:46,840 --> 00:08:49,680
and where to what we see on the internet, data leakage,

168
00:08:49,680 --> 00:08:54,360
credentials, expose, some hackers get into some,

169
00:08:54,360 --> 00:08:57,680
how it's called, in some organization.

170
00:08:57,680 --> 00:09:02,040
For example, I'm still looking, I think, two years ago,

171
00:09:02,040 --> 00:09:04,000
for example, if I remember correctly,

172
00:09:04,000 --> 00:09:08,400
there was a hack to the Microsoft tenant,

173
00:09:08,400 --> 00:09:11,760
so the hackers went to the test tenant,

174
00:09:11,760 --> 00:09:15,360
and from the test tenant, they went to the production tenant.

175
00:09:15,360 --> 00:09:18,240
First of all, how the test tenant

176
00:09:18,240 --> 00:09:20,160
have access to the production tenant,

177
00:09:20,160 --> 00:09:22,120
and I suppose it's basically a gap.

178
00:09:22,120 --> 00:09:24,080
They just make a clone from that.

179
00:09:24,080 --> 00:09:27,000
They started doing some testing and all the stuff,

180
00:09:27,000 --> 00:09:30,240
but somebody forget to disable the same account.

181
00:09:30,240 --> 00:09:31,960
Couple of months ago, in Netherlands,

182
00:09:31,960 --> 00:09:34,680
happened Odido, hack, I think, six,

183
00:09:34,680 --> 00:09:37,880
point, some million of data was leaked.

184
00:09:37,880 --> 00:09:39,480
They are saying that they're still learning,

185
00:09:39,480 --> 00:09:43,480
but nobody said, basically, was the real reason.

186
00:09:43,480 --> 00:09:45,560
There is a gossiping that some,

187
00:09:45,560 --> 00:09:48,040
the hackers were so good, they called somebody

188
00:09:48,040 --> 00:09:52,040
from support center, they said, we are colleagues,

189
00:09:52,040 --> 00:09:53,760
I need access there.

190
00:09:53,760 --> 00:09:56,160
So the person from there, if understood correctly,

191
00:09:56,160 --> 00:09:58,840
give access to production, and basically,

192
00:09:58,840 --> 00:10:03,320
it was everywhere in the news, so that's how the data was exposed.

193
00:10:03,320 --> 00:10:08,440
So in summary, I think we still need to get some more knowledge,

194
00:10:08,440 --> 00:10:12,160
and I usually say, just follow all the latest things

195
00:10:12,160 --> 00:10:15,720
and learn something new, and then we will get benefit of it.

196
00:10:15,720 --> 00:10:19,880
- And how a security, there was security,

197
00:10:19,880 --> 00:10:22,920
I work loads, fundamental difference

198
00:10:22,920 --> 00:10:25,760
from security, traditional applications,

199
00:10:25,760 --> 00:10:27,320
or nearly the same.

200
00:10:27,320 --> 00:10:33,520
- Well, depends how the organization organized all of that.

201
00:10:33,520 --> 00:10:37,000
It can be same journey, for example, usually,

202
00:10:37,000 --> 00:10:41,080
what I see on the organization, they follow DETAPSTRIPT,

203
00:10:41,080 --> 00:10:42,600
which is called development testing,

204
00:10:42,600 --> 00:10:44,360
acceptance production, and that they have

205
00:10:44,360 --> 00:10:46,240
followed some journey there.

206
00:10:46,240 --> 00:10:49,600
So also for the AI application, I think,

207
00:10:49,600 --> 00:10:53,280
or my opinion, it should be a bit different,

208
00:10:53,280 --> 00:10:57,240
because that journey really touches to different components also,

209
00:10:57,240 --> 00:11:00,600
depends on the application, of course, and all that stuff.

210
00:11:00,600 --> 00:11:04,280
Also, on top of that, with the latest technology,

211
00:11:04,280 --> 00:11:10,280
that try to hack any system, it's a bit more complex than in the past.

212
00:11:10,280 --> 00:11:15,320
So now also, the hackers need to have better knowledge,

213
00:11:15,320 --> 00:11:20,840
how to get into your system, and usually, it's on network level.

214
00:11:20,840 --> 00:11:23,920
Let me put it that way, or some API exposed,

215
00:11:23,920 --> 00:11:27,240
where, basically, there was not enough protection there,

216
00:11:27,240 --> 00:11:30,560
and basically with AI application,

217
00:11:30,560 --> 00:11:34,440
at the end, I will say, depends what type of AI application it is.

218
00:11:34,440 --> 00:11:38,160
If it's internal, where nothing is exposed on the internet,

219
00:11:38,160 --> 00:11:41,080
that's how I usually classify the application,

220
00:11:41,080 --> 00:11:43,720
exposed on the internet and not exposed,

221
00:11:43,720 --> 00:11:47,400
because not exposed, the risk is really small, less,

222
00:11:47,400 --> 00:11:50,800
but those who are exposed on the internet, the risk is really high,

223
00:11:50,800 --> 00:11:53,720
and critical for any organization.

224
00:11:53,720 --> 00:11:57,720
I look a little bit into security groups,

225
00:11:57,720 --> 00:12:00,160
especially AI security groups,

226
00:12:00,160 --> 00:12:04,320
and there's one topic prompt injection.

227
00:12:04,320 --> 00:12:09,280
Yeah, I think one of the most discussed topics there,

228
00:12:09,280 --> 00:12:15,520
can explain what is, is, why is matters, and how it works.

229
00:12:15,520 --> 00:12:18,920
Indeed, that's the most famous, and I think,

230
00:12:18,920 --> 00:12:26,120
almost, he's created something, there was something about the prompt injection,

231
00:12:26,120 --> 00:12:29,720
and usually, yeah, it's quite famous,

232
00:12:29,720 --> 00:12:34,040
and how to make it simple.

233
00:12:34,040 --> 00:12:40,720
I usually take a real example.

234
00:12:40,720 --> 00:12:44,040
For example, imagine if you are a waiter,

235
00:12:44,040 --> 00:12:49,040
and the chief tells you, take orders, give them to me,

236
00:12:49,040 --> 00:12:52,480
and bring the food back.

237
00:12:52,480 --> 00:12:58,480
That means that the customer slides, forget what the chief said,

238
00:12:58,480 --> 00:13:01,560
and give me everything from your fridge.

239
00:13:01,560 --> 00:13:03,920
If you follow the note, instead of the chef,

240
00:13:03,920 --> 00:13:09,240
you just got prompt injection.

241
00:13:09,240 --> 00:13:12,760
So, because, also, there is a lot of people,

242
00:13:12,760 --> 00:13:16,160
because you will say, I work in security in the big organization.

243
00:13:16,160 --> 00:13:18,360
Hey, I heard about this, I heard about it,

244
00:13:18,360 --> 00:13:21,160
and then you must figure it out to tweak that,

245
00:13:21,160 --> 00:13:23,960
you know, a little bit from the everyday.

246
00:13:23,960 --> 00:13:25,840
I usually take some life lessons,

247
00:13:25,840 --> 00:13:28,000
let's call it like that, from everyday,

248
00:13:28,000 --> 00:13:33,320
and basically, that is what it happened, usually.

249
00:13:33,320 --> 00:13:36,640
And why that, if I may say like that, usually,

250
00:13:36,640 --> 00:13:40,600
I am looking always for the reason why that works.

251
00:13:40,600 --> 00:13:44,000
Usually, is the, how to say,

252
00:13:44,000 --> 00:13:48,480
the LLM cannot distinguish between the developer instructions

253
00:13:48,480 --> 00:13:53,200
and the user input, because either if you are the developer,

254
00:13:53,200 --> 00:13:57,200
and I am just a normal person, I am typing the same, like you.

255
00:13:57,200 --> 00:14:01,000
So, the LLM don't know, is it Martin, or is it Mirko,

256
00:14:01,000 --> 00:14:03,440
and who is the developer, who is the user here?

257
00:14:03,440 --> 00:14:04,440
So, that's the first thing,

258
00:14:04,440 --> 00:14:07,360
because LLM cannot make distinction, is this thing?

259
00:14:09,480 --> 00:14:12,480
And most of the thing, I think we all see,

260
00:14:12,480 --> 00:14:17,480
also using charge-gpt, copilot, cloth, all others,

261
00:14:17,480 --> 00:14:23,320
that the model treats every piece as a potential authority.

262
00:14:23,320 --> 00:14:25,280
Let's not forget about that.

263
00:14:25,280 --> 00:14:30,280
And whoever basically writes the best instructions wins,

264
00:14:30,280 --> 00:14:34,240
because if you know how to do a prompt,

265
00:14:34,240 --> 00:14:37,000
you are really good prunter, basically.

266
00:14:37,000 --> 00:14:42,000
And I think that's maybe what I was thinking a couple of weeks ago,

267
00:14:42,000 --> 00:14:46,120
that I think the next future role, it's also prompt engineers.

268
00:14:46,120 --> 00:14:48,360
So, I expect that in the next couple of years,

269
00:14:48,360 --> 00:14:51,440
so we will see a lot of new roles coming in,

270
00:14:51,440 --> 00:14:54,320
which it's called, basically, prompt engineers, which,

271
00:14:54,320 --> 00:14:59,240
as basically, I said, who is better, that guy will win,

272
00:14:59,240 --> 00:15:02,120
because if you know how to really get the information

273
00:15:02,120 --> 00:15:05,760
from the LLM, because LLM has all the data,

274
00:15:05,760 --> 00:15:09,320
let's call it like that, so you just need to tweak and to know

275
00:15:09,320 --> 00:15:11,960
what exactly and how to give the instruction,

276
00:15:11,960 --> 00:15:16,720
and then, basically, you will get a better output on all of that.

277
00:15:16,720 --> 00:15:20,480
So, it have a lot on the prompt injection,

278
00:15:20,480 --> 00:15:24,440
but the main things, as I usually say, it's, how to say,

279
00:15:24,440 --> 00:15:29,440
quite bigger and quite can be really bad for any organization.

280
00:15:30,960 --> 00:15:35,960
What are other, I say, data-league risk in AI pipelines today?

281
00:15:35,960 --> 00:15:42,240
- How do you mean?

282
00:15:42,240 --> 00:15:44,880
You have a lot, especially on the data leak.

283
00:15:44,880 --> 00:15:49,880
So usually, I say, and that's why I mentioned the knowledge,

284
00:15:49,880 --> 00:15:55,960
it's one of the main things,

285
00:15:55,960 --> 00:16:00,000
and that is the biggest obstacle in the whole,

286
00:16:01,000 --> 00:16:04,160
journey, if I may be honest with you,

287
00:16:04,160 --> 00:16:07,600
because on all of these pipelines,

288
00:16:07,600 --> 00:16:11,240
usually the people forget the user names,

289
00:16:11,240 --> 00:16:15,040
the secrets in their pipelines, in their locks,

290
00:16:15,040 --> 00:16:18,160
and basically any hacker that can get access to it,

291
00:16:18,160 --> 00:16:21,840
he can just use the same pipeline and just get into the,

292
00:16:21,840 --> 00:16:25,520
any organization there, because the hacker,

293
00:16:25,520 --> 00:16:28,760
or the person that have a bettops, as I'm saying,

294
00:16:28,760 --> 00:16:32,240
basically he can just reuse the same model as they have,

295
00:16:32,240 --> 00:16:34,920
and basically that's it, the data is leaked.

296
00:16:34,920 --> 00:16:39,520
- Let us a little bit, red-teaming.

297
00:16:39,520 --> 00:16:41,560
(laughs)

298
00:16:41,560 --> 00:16:44,560
What do you mean?

299
00:16:44,560 --> 00:16:49,560
- I attack chain look like, especially for cloud-native environments.

300
00:16:49,560 --> 00:16:55,080
- How do you mean, give me some more context?

301
00:16:55,080 --> 00:17:00,080
- I will attack us now work, especially with AI attacks.

302
00:17:00,080 --> 00:17:07,960
How is it change the attacking,

303
00:17:07,960 --> 00:17:10,520
I don't know, normal cloud-native?

304
00:17:10,520 --> 00:17:13,480
- Yeah, yeah, yeah.

305
00:17:13,480 --> 00:17:17,360
Okay, yeah, well, it can happen, for example,

306
00:17:17,360 --> 00:17:20,680
what is coming to my mind immediately as a first stop,

307
00:17:20,680 --> 00:17:25,400
if I may say indirect prompt injection in Microsoft 365,

308
00:17:25,400 --> 00:17:26,880
Copilot, for example.

309
00:17:26,880 --> 00:17:32,760
Also, there is a lot of, I think, a lot of companies,

310
00:17:32,760 --> 00:17:37,760
a lot of organizations started using a lot of agents,

311
00:17:37,760 --> 00:17:43,120
so also as a chat operator and all of that stuff.

312
00:17:43,120 --> 00:17:46,920
Also, we have, how it's called that?

313
00:17:48,240 --> 00:17:50,880
The models itself can be malicious,

314
00:17:50,880 --> 00:17:54,440
so it has all of this four big potential

315
00:17:54,440 --> 00:17:57,280
and we don't even start building the attack.

316
00:17:57,280 --> 00:18:00,160
I think there was somewhere also on Hugging Face.

317
00:18:00,160 --> 00:18:02,600
I saw a lot of organizations blocking that,

318
00:18:02,600 --> 00:18:04,080
basically what the people are doing,

319
00:18:04,080 --> 00:18:07,680
downloading the model itself, compromise,

320
00:18:07,680 --> 00:18:09,200
and then reapply the there.

321
00:18:09,200 --> 00:18:12,280
And then me and you, if you want to play a little bit,

322
00:18:12,280 --> 00:18:15,240
imagine me and you in big organizations somewhere,

323
00:18:15,240 --> 00:18:18,800
and we import that model where we don't need to.

324
00:18:18,800 --> 00:18:21,280
And then you can imagine what can go wrong

325
00:18:21,280 --> 00:18:22,960
and all of that stuff.

326
00:18:22,960 --> 00:18:29,680
I think also in the, this AI attacks, as you said also,

327
00:18:29,680 --> 00:18:34,360
I expect to see a lot of API,

328
00:18:34,360 --> 00:18:36,520
he leakage, that is my expectation,

329
00:18:36,520 --> 00:18:39,920
because I think all over the world,

330
00:18:39,920 --> 00:18:42,960
a lot of APIs are used, that's the first thing.

331
00:18:42,960 --> 00:18:46,120
The second thing it will be data leakage,

332
00:18:46,120 --> 00:18:49,520
and then maybe I would say the prompt injection,

333
00:18:49,520 --> 00:18:54,280
because also most of the companies are playing smart.

334
00:18:54,280 --> 00:18:59,280
They do not really allow the prompt you as a user

335
00:18:59,280 --> 00:19:02,160
to have a full control over the prompt.

336
00:19:02,160 --> 00:19:05,360
So, for example, even though you find trying

337
00:19:05,360 --> 00:19:08,440
to make a prompt injection in your company,

338
00:19:08,440 --> 00:19:11,880
with your chat pod that you have for customer support, something,

339
00:19:11,880 --> 00:19:15,160
for example, you are not really have a full,

340
00:19:15,160 --> 00:19:20,800
how to say, full control to do there,

341
00:19:20,800 --> 00:19:24,480
something can really make problems.

342
00:19:24,480 --> 00:19:27,840
But on the API key leakage, on the data leakage,

343
00:19:27,840 --> 00:19:31,640
all of that, I do expect quite a lot.

344
00:19:31,640 --> 00:19:33,920
And of course, on a lot on these models

345
00:19:33,920 --> 00:19:35,320
that are publicly available,

346
00:19:35,320 --> 00:19:37,600
and the people are just downloading,

347
00:19:37,600 --> 00:19:40,240
because it's free.

348
00:19:40,240 --> 00:19:43,960
And basically, officially, yeah, the open source community

349
00:19:43,960 --> 00:19:47,520
is quite nice when you do want to explore the things,

350
00:19:47,520 --> 00:19:50,520
but there is always people with the bedtops, I say,

351
00:19:50,520 --> 00:19:54,440
and basically they can compromise all this learning journey

352
00:19:54,440 --> 00:19:59,440
and or some building applications in the future, we tell them.

353
00:19:59,440 --> 00:20:02,920
So, I do expect with this AI attacks

354
00:20:02,920 --> 00:20:05,400
to be on us on this API's data,

355
00:20:05,400 --> 00:20:08,400
and basically, with all of that, on top of all of that,

356
00:20:08,400 --> 00:20:12,160
I would say also the prompt injection event is number three.

357
00:20:12,160 --> 00:20:15,840
And how do you integrate threat modeling

358
00:20:15,840 --> 00:20:18,680
into AI and ML ops pipelines?

359
00:20:18,680 --> 00:20:25,440
Well, in this journey, basically, for building applications,

360
00:20:25,440 --> 00:20:30,760
usually now what we see, or what I see in the most of organizations,

361
00:20:30,760 --> 00:20:34,720
they usually, they create patterns.

362
00:20:34,720 --> 00:20:38,000
So before they build any AI application, for example,

363
00:20:38,000 --> 00:20:40,360
they do a pattern of the application,

364
00:20:40,360 --> 00:20:45,120
or a use case, how it needs to be the applications in the organization.

365
00:20:45,120 --> 00:20:49,200
So usually we take the pattern itself to do a threat model,

366
00:20:49,200 --> 00:20:51,880
and then we check what are the potential threats,

367
00:20:51,880 --> 00:20:54,560
what can go wrong and where we can really,

368
00:20:54,560 --> 00:20:56,840
even as we set on the beginning,

369
00:20:56,840 --> 00:20:59,600
on the securing by design of this pattern,

370
00:20:59,600 --> 00:21:03,920
we can take in consideration all of these things.

371
00:21:03,920 --> 00:21:07,800
Even though there is so many new things coming out on the internet,

372
00:21:07,800 --> 00:21:12,800
let's be honest, I still believe that if you do the first exercise,

373
00:21:12,800 --> 00:21:16,680
and just be honest with the security person in your company and discuss,

374
00:21:16,680 --> 00:21:19,680
"Hey, I think this can go wrong, and this can go wrong,

375
00:21:19,680 --> 00:21:21,840
we need to fix this and all of that."

376
00:21:21,840 --> 00:21:26,000
I still believe it will be really hard to break that application

377
00:21:26,000 --> 00:21:27,600
or that organization.

378
00:21:27,600 --> 00:21:28,600
So...

379
00:21:28,600 --> 00:21:34,840
On teams, there are often, let's say,

380
00:21:34,840 --> 00:21:39,320
"Oh, now, kind of security, I security, dudes,

381
00:21:39,320 --> 00:21:43,040
and we lose all this innovation now.

382
00:21:43,040 --> 00:21:51,280
How can teams avoid security become a bottleneck for you, innovation?"

383
00:21:51,280 --> 00:21:55,480
Well, a lot of people are saying that.

384
00:21:55,480 --> 00:21:59,280
I must be honest, even when I stepped in the throw a couple of years ago,

385
00:21:59,280 --> 00:22:03,440
the first thing, "Oh, you're from CISO, go away, you know, that was the first thought,

386
00:22:03,440 --> 00:22:07,640
and usually, I think that's from the past,

387
00:22:07,640 --> 00:22:10,640
and usually the people are still thinking like that,

388
00:22:10,640 --> 00:22:17,640
but I think also the security people now are willing to be also AA-innovative,

389
00:22:17,640 --> 00:22:21,240
because as we see every day some leakage or something,

390
00:22:21,240 --> 00:22:24,320
I think also the security mind that people want to innovate

391
00:22:24,320 --> 00:22:28,440
and to do the latest stuff and to see how they can help there,

392
00:22:28,440 --> 00:22:32,040
because I'm always connecting, again, with this,

393
00:22:32,040 --> 00:22:34,440
maybe I'm boring with that learning,

394
00:22:34,440 --> 00:22:37,840
but if we don't gain some new knowledge on all of these things,

395
00:22:37,840 --> 00:22:42,640
how that works, why these get exposed, why these get leaked,

396
00:22:42,640 --> 00:22:49,840
and all of that stuff, I think it will be really later a big problem for all of us,

397
00:22:49,840 --> 00:22:53,840
and that's why, for example, I say security is a team sport.

398
00:22:53,840 --> 00:22:57,840
So if I work with Mirko, Mirko is a developer, I am security,

399
00:22:57,840 --> 00:23:00,640
if we work closely, or Mirko has a question,

400
00:23:00,640 --> 00:23:04,440
the name Martin, we are planning this AI application, for example,

401
00:23:04,440 --> 00:23:06,440
what's your opinion about it?

402
00:23:06,440 --> 00:23:10,440
I can easily say, Mirko, maybe here you can take a look on this,

403
00:23:10,440 --> 00:23:12,840
maybe here we can put additional authentication,

404
00:23:12,840 --> 00:23:15,040
maybe for this we need to put audit logging,

405
00:23:15,040 --> 00:23:18,440
maybe for this additional monitoring, and all of that stuff.

406
00:23:18,440 --> 00:23:23,840
I don't see it that as an obstacle for the development,

407
00:23:23,840 --> 00:23:27,440
but I see it as a better secure application,

408
00:23:27,440 --> 00:23:31,240
or a dozen metal-wot-type from application is to be honest with you.

409
00:23:31,240 --> 00:23:40,840
What roles plays actually governance and compliance in security team

410
00:23:40,840 --> 00:23:48,240
or make security, security, security, security?

411
00:23:48,240 --> 00:23:51,040
What the governance, I think the governance also is,

412
00:23:51,040 --> 00:23:53,240
I usually say, as a cherry on the top,

413
00:23:53,240 --> 00:23:57,040
where you need to be compliant with all of these regulations or governance,

414
00:23:57,040 --> 00:24:00,840
so that's why we have these security guard rules,

415
00:24:00,840 --> 00:24:04,240
and usually what they see from last year,

416
00:24:04,240 --> 00:24:06,640
a lot of organizations also put a threat model,

417
00:24:06,640 --> 00:24:10,040
link as a number one, where they need to do the exercise

418
00:24:10,040 --> 00:24:12,240
with the development and just to see,

419
00:24:12,240 --> 00:24:16,440
but usually when it comes to this governance part,

420
00:24:16,440 --> 00:24:20,240
I do see a lot of people struggling a bit,

421
00:24:20,240 --> 00:24:23,840
especially now when we come to the Microsoft ecosystem,

422
00:24:23,840 --> 00:24:27,640
for example, the purview, because it's a quite new tool,

423
00:24:27,640 --> 00:24:31,840
where the people are still get confused how this can be compliant

424
00:24:31,840 --> 00:24:35,240
with my data, this data, that is what I see,

425
00:24:35,240 --> 00:24:39,240
and I think it's quite new, of course,

426
00:24:39,240 --> 00:24:41,440
but again, it comes to the same,

427
00:24:41,440 --> 00:24:44,840
if nobody starts learning the purview, how to make a compliant,

428
00:24:44,840 --> 00:24:47,640
and how it can help their organization,

429
00:24:47,640 --> 00:24:50,840
it will become even worse in the future.

430
00:24:50,840 --> 00:24:54,240
So that's why usually I say,

431
00:24:54,240 --> 00:24:58,840
yeah, keep learning, and then basically you will get also the compliance,

432
00:24:58,840 --> 00:25:01,440
they play a big role because of the regulation,

433
00:25:01,440 --> 00:25:05,440
because that's must, you cannot escape all of that,

434
00:25:05,440 --> 00:25:07,840
but also on top of these regulations,

435
00:25:07,840 --> 00:25:10,040
I think from last year, officially,

436
00:25:10,040 --> 00:25:12,440
there is a door resilience,

437
00:25:12,440 --> 00:25:16,840
basically which all of the companies need to be compliant

438
00:25:16,840 --> 00:25:19,440
or the biggest fintech and all that stuff.

439
00:25:19,440 --> 00:25:24,440
So maybe that's additional that is connected to compliance,

440
00:25:24,440 --> 00:25:29,440
where the people basically can improve the security in their organization.

441
00:25:29,440 --> 00:25:36,640
I have a little bit of a look last week in the Azure services map,

442
00:25:36,640 --> 00:25:41,040
and I think that's over 1,100 services, and nearly,

443
00:25:41,040 --> 00:25:44,840
well, I cannot say it's under person bright,

444
00:25:44,840 --> 00:25:50,840
but I feel 10% of the tools are security tools.

445
00:25:50,840 --> 00:25:58,840
Which tools say you are most important for protecting AI work today?

446
00:25:58,840 --> 00:26:03,040
Well, that depends on the witch ecosystem.

447
00:26:03,040 --> 00:26:05,840
We talk about Microsoft ecosystem.

448
00:26:05,840 --> 00:26:09,840
I'm a big fan of the defender, I must be honest.

449
00:26:09,840 --> 00:26:14,240
Mainly for Azure because everything that you built in AI,

450
00:26:14,240 --> 00:26:19,240
first, I be completely honest because I mostly,

451
00:26:19,240 --> 00:26:21,240
it's Microsoft ecosystem for me also,

452
00:26:21,240 --> 00:26:23,840
and when I start to learn also something,

453
00:26:23,840 --> 00:26:26,840
I build that in Azure, in Foundry,

454
00:26:26,840 --> 00:26:29,640
a copilot agent now and all of that stuff.

455
00:26:29,640 --> 00:26:33,240
I know that behind me, there is a protection layer,

456
00:26:33,240 --> 00:26:35,240
which is called defender.

457
00:26:35,240 --> 00:26:38,440
Of course, I have a big complaint about that,

458
00:26:38,440 --> 00:26:42,840
that it's still quite expensive for any human being,

459
00:26:42,840 --> 00:26:45,240
like Martin and Mirko on a private site,

460
00:26:45,240 --> 00:26:47,240
who me and you want to use.

461
00:26:47,240 --> 00:26:51,240
For example, I will take only one example.

462
00:26:51,240 --> 00:26:53,240
All of any of us, I think,

463
00:26:53,240 --> 00:26:55,240
would like to create a virtual machine

464
00:26:55,240 --> 00:26:57,240
and just to play around, for example.

465
00:26:57,240 --> 00:26:59,440
If you want to protect that virtual machine,

466
00:26:59,440 --> 00:27:02,840
it costs $15 per month per virtual machine,

467
00:27:02,840 --> 00:27:05,040
which I think is quite expensive.

468
00:27:05,040 --> 00:27:07,640
Then you have databases, you have storages,

469
00:27:07,640 --> 00:27:11,440
you have Azure functions, you have models,

470
00:27:11,440 --> 00:27:14,040
you have a lot of stuff and everything,

471
00:27:14,040 --> 00:27:17,040
it's additional on top of that.

472
00:27:17,040 --> 00:27:21,840
What I like to the defender is that it covers really everything,

473
00:27:21,840 --> 00:27:24,240
if your company is working completely,

474
00:27:24,240 --> 00:27:27,840
Microsoft is covering really everything from Office 365,

475
00:27:27,840 --> 00:27:30,840
till Azure, AI Foundry and all of that stuff.

476
00:27:30,840 --> 00:27:34,640
So we start with, if we start just with Office 365,

477
00:27:34,640 --> 00:27:37,240
for an outlook, vortex, all that stuff,

478
00:27:37,240 --> 00:27:40,840
you can really use the security there.

479
00:27:40,840 --> 00:27:43,840
I think it was also, they changed the name to Defender for Cloud,

480
00:27:43,840 --> 00:27:45,840
if I remember correctly.

481
00:27:45,840 --> 00:27:51,240
And basically, now if we extend the company grows to Azure,

482
00:27:51,240 --> 00:27:54,440
or AI, or Azure DevOps also,

483
00:27:54,440 --> 00:27:56,840
Microsoft Defender covers.

484
00:27:56,840 --> 00:27:59,240
At this moment, there is, I think,

485
00:27:59,240 --> 00:28:03,440
also real-time scanning on the defender for the data.

486
00:28:03,440 --> 00:28:07,240
That means that if you create a model in your AI Foundry,

487
00:28:07,240 --> 00:28:11,040
the defender real-time scans your gap,

488
00:28:11,040 --> 00:28:18,240
or if somebody, it's filtered, or somebody added some compromised data there,

489
00:28:18,240 --> 00:28:19,840
and all of those things.

490
00:28:19,840 --> 00:28:24,040
So I really see the defender.

491
00:28:24,040 --> 00:28:28,240
And as I usually say, I think now is the right time to become an entrepreneur,

492
00:28:28,240 --> 00:28:33,440
because you can buy with $20 Business Standard Office 365,

493
00:28:33,440 --> 00:28:35,240
and then just grow your company,

494
00:28:35,240 --> 00:28:38,240
and you have Defender, Azure, and all that stuff.

495
00:28:38,240 --> 00:28:44,240
So I would go with the Defender as the biggest security improvement tool

496
00:28:44,240 --> 00:28:49,240
at this moment for any type of an application at this moment.

497
00:28:49,240 --> 00:28:56,240
I'm a big GitHub fan, and they have GitHub Advanced Security.

498
00:28:56,240 --> 00:28:59,240
Can you tell a little bit, did you use it?

499
00:28:59,240 --> 00:29:04,240
Can you tell us a little bit about how it's fit in AI Security Strategy?

500
00:29:04,240 --> 00:29:09,240
Well, in the AI strategy, basically, when you build application,

501
00:29:09,240 --> 00:29:12,240
you need to put the code if you have more developers.

502
00:29:12,240 --> 00:29:16,240
And usually, now, it's, I think, one of the most used to GitHub.

503
00:29:16,240 --> 00:29:20,240
And then, basically, for example, from GitHub Advanced Security,

504
00:29:20,240 --> 00:29:22,240
you have quite a lot of protection.

505
00:29:22,240 --> 00:29:28,240
Even if you as a developer, sometimes you feel pressure, for example,

506
00:29:28,240 --> 00:29:31,240
and you forgot the secret there.

507
00:29:31,240 --> 00:29:34,240
For example, if I tell you in the last two, three years,

508
00:29:34,240 --> 00:29:37,240
how many developers put in the secret in the code,

509
00:29:37,240 --> 00:29:40,240
without even knowing that the secret is still there,

510
00:29:40,240 --> 00:29:42,240
and then usually, that's the biggest problem.

511
00:29:42,240 --> 00:29:45,240
They just do clone to the production.

512
00:29:45,240 --> 00:29:47,240
Basically, also, the secret goes there.

513
00:29:47,240 --> 00:29:52,240
What is the biggest help in my opinion that even though the GitHub Advanced Security

514
00:29:52,240 --> 00:29:55,240
gives you this advice, and it's saying,

515
00:29:55,240 --> 00:29:58,240
"Hey, Martin, you forget there, you have an error."

516
00:29:58,240 --> 00:30:03,240
And then, if you have a compromise, also, package, it scans all the time for you,

517
00:30:03,240 --> 00:30:09,240
real time, and basically, you always know that your code is highly secure.

518
00:30:09,240 --> 00:30:11,240
You do not have some secret forgotten there.

519
00:30:11,240 --> 00:30:16,240
You know that it doesn't matter if you're Java.net or whatever developer you are.

520
00:30:16,240 --> 00:30:19,240
You know that all the packages are secure.

521
00:30:19,240 --> 00:30:23,240
And basically, you don't need to worry about anything.

522
00:30:23,240 --> 00:30:27,240
Otherwise, if you use anything else, you store the code there.

523
00:30:27,240 --> 00:30:31,240
But basically, even though I'm a new developer in your company,

524
00:30:31,240 --> 00:30:35,240
I can put there something, and basically nobody will know.

525
00:30:35,240 --> 00:30:42,240
If you, Mirko, as a senior tomorrow, don't review the full code and just say, "Martin, who did you do this?"

526
00:30:42,240 --> 00:30:43,240
Yeah, I have done that.

527
00:30:43,240 --> 00:30:44,240
Sorry, I didn't know.

528
00:30:44,240 --> 00:30:46,240
Blah, blah, blah, and all this stuff.

529
00:30:46,240 --> 00:30:49,240
Otherwise, basically, nobody got to know.

530
00:30:49,240 --> 00:30:56,240
Something I find a little bit funny is when Microsoft say, "Core pilot, it's a productivity tool,"

531
00:30:56,240 --> 00:30:57,240
and so on.

532
00:30:57,240 --> 00:31:07,240
And when I go into Entra, I find it looks like more than in human than like an application.

533
00:31:07,240 --> 00:31:16,240
So what role and security plays these identity management?

534
00:31:16,240 --> 00:31:23,240
Identity management plays the first starting role when you build the application in the cloud.

535
00:31:23,240 --> 00:31:31,240
And then, basically, the access, the MP accounts, and all of these stuff depends who have access and where, basically.

536
00:31:31,240 --> 00:31:38,240
All these reviews, who is a lawful to access to production, and all of that stuff.

537
00:31:38,240 --> 00:31:45,240
And I usually give the example of the just in time, basically, access.

538
00:31:45,240 --> 00:31:50,240
What that means, or for example, what is offered in Entra also.

539
00:31:50,240 --> 00:31:55,240
Sometimes you know when you watch a lot of movies, you're looking for the motivation.

540
00:31:55,240 --> 00:31:59,240
And usually, I think it was one movie couple of years ago.

541
00:31:59,240 --> 00:32:08,240
And one city of the company had his right hand next to him, and he was saying,

542
00:32:08,240 --> 00:32:12,240
"On this meeting, I think is good if you do not be here.

543
00:32:12,240 --> 00:32:14,240
It was very important meeting for something."

544
00:32:14,240 --> 00:32:19,240
And then the young guy asked, "But why I'm always with you, blah, blah, blah, blah?"

545
00:32:19,240 --> 00:32:21,240
And then I will explain later.

546
00:32:21,240 --> 00:32:26,240
After that meeting, the city went to him and said, "Let me explain to you.

547
00:32:26,240 --> 00:32:30,240
I like you. You do really a great job and all of that stuff.

548
00:32:30,240 --> 00:32:38,240
But I don't want if somebody tomorrow, kidnap you, or want to do some bad things to you, you to hide that.

549
00:32:38,240 --> 00:32:41,240
So it's better if you don't know about that.

550
00:32:41,240 --> 00:32:48,240
So the same example, I'm saying, why should marketing have every day 24 hours access to production?

551
00:32:48,240 --> 00:32:55,240
And that is where what I really like with ENTRA and the PIMS solution itself, the privilege identity management,

552
00:32:55,240 --> 00:33:00,240
where you can select exactly five, six, three hours, two hours.

553
00:33:00,240 --> 00:33:02,240
And after that, I do not have access.

554
00:33:02,240 --> 00:33:06,240
The meaning is to more of my account is getting hacked.

555
00:33:06,240 --> 00:33:10,240
That person can only see my outlook email.

556
00:33:10,240 --> 00:33:11,240
And that's the only thing.

557
00:33:11,240 --> 00:33:19,240
He cannot do anything else or he or she or it or whoever, it cannot do anything bad to my company.

558
00:33:19,240 --> 00:33:24,240
So that is how I see that identity and access place of big role.

559
00:33:24,240 --> 00:33:30,240
There is, I think, new feature agents for ENTRA, which I still need to explore.

560
00:33:30,240 --> 00:33:34,240
That is the only thing I see that didn't check in the last couple of weeks.

561
00:33:34,240 --> 00:33:37,240
But from this perspective, I think that ENTRA place a big role.

562
00:33:37,240 --> 00:33:55,240
And I think especially Microsoft and through all of these capabilities that are within it, it helps a lot to tomorrow, even though any organization or any account get leaked on the internet, you know that this account only have access to his outlook and his world.

563
00:33:55,240 --> 00:34:05,240
When we look a little bit at the AI pipelines, there are secrets, tokens, up access.

564
00:34:05,240 --> 00:34:11,240
And what are your best practice for securing this?

565
00:34:11,240 --> 00:34:22,240
Yeah, usually, and the first step that I do, even though whatever application I built or whatever I do, I usually say we always need to do four, I principle.

566
00:34:22,240 --> 00:34:31,240
It's a generator where Martin and Mirko see together and discuss, is it API is it cold is it secret, whatever.

567
00:34:31,240 --> 00:34:40,240
It should be first of all transparent, but also tomorrow if Martin or Mirko get a sick or get a vacation and all of that stuff.

568
00:34:40,240 --> 00:34:46,240
I usually say and I usually take an example from a personal experience, there was 10 years ago.

569
00:34:46,240 --> 00:34:59,240
Or yeah, 10 years ago when I build up most of the capabilities and then whenever you want to go on vacation, either your phone is burning either somebody's calling where should they go and all.

570
00:34:59,240 --> 00:35:14,240
I learn on the how it's called on the hardest way and I usually say first thing, whatever we do, we do for a principle meaning you always have somebody and then we can discuss further what should be built.

571
00:35:14,240 --> 00:35:17,240
That's something of a first row.

572
00:35:17,240 --> 00:35:28,240
The second thing that I usually say is approval process approval for anything that goes to production, it must be first approved by minimum one or two seniors.

573
00:35:28,240 --> 00:35:32,240
It should not be just easy submittacle push the code there and all of that stuff.

574
00:35:32,240 --> 00:35:41,240
So even though if you call me tomorrow and you say Martin, let's build some application, what do you think how should we start first to agree.

575
00:35:41,240 --> 00:35:54,240
So in our terms and we say we have four principal and we have this it doesn't matter what is the type of an application, what we will build it doesn't matter website or application, whatever we need to agree on both.

576
00:35:54,240 --> 00:36:07,240
So I think those are in this period in this one year or two, a lot of people are excluding this just because of that what I mentioned also in the beginning that type of a pressure and they forget, yeah, this is good.

577
00:36:07,240 --> 00:36:17,240
Push the code merge that's it, but then after a couple of months you figure it out, oh, this was not really good nobody review that and all of these things.

578
00:36:17,240 --> 00:36:36,240
So yeah, those are some things that I always count first, maybe it's more on the governance, but I usually say that because that's the starting point and if you miss the starting point, then I think you are late and usually that's also counted as a shift left on the security side.

579
00:36:36,240 --> 00:36:44,240
So if you don't start early, then you will need to pay double on the right side when you will come.

580
00:36:44,240 --> 00:37:01,240
From your perspective, did you think organization doing enough around last privilege access and machine, or maps or environments or is it the topic that yeah, I don't know, God, that is not so interested in.

581
00:37:01,240 --> 00:37:12,240
A lot of companies are talking about it, but I think that at this moment, I'm sorry to say what I see it's mostly layoffs, doesn't think first of all.

582
00:37:12,240 --> 00:37:18,240
And I really feel sorry sometimes and said for people and also colleagues that are.

583
00:37:18,240 --> 00:37:41,240
We were how to set the experience that usually I think we forget to focus on all of these most important things and as you said, you know, or the organizational side, mostly it's discussions and less actions, but I think next year.

584
00:37:41,240 --> 00:38:10,240
And I think maybe next year will be a bit late for some companies, that is how I see it, maybe for some of them will catch the train train I'm saying on time, but maybe some of them will be late for the train and then the when the bad things will start happening then basically yeah, we need to do this, then we need to do this, but on the beginning basically everyone says we are doing K I so to answer directly now, I think no.

585
00:38:10,240 --> 00:38:25,240
I worked I'm more in the later fabric parts, but I worked for a lot of in Germany for a lot of big companies and they have no security teams.

586
00:38:25,240 --> 00:38:33,240
But they say the leadership has these, yeah, I think mentality, we buy all this Microsoft.

587
00:38:33,240 --> 00:38:42,240
Expansive tools, so Microsoft has a security for us. What does this misconception come from.

588
00:38:42,240 --> 00:38:56,240
And I think I have seen also that in the last two, three years, a Microsoft will take care about that, but that is where we forget this human sight and where somebody need to reconfigure and read just those services to act really.

589
00:38:56,240 --> 00:39:13,240
And to focus really on the right moment and that's why you have this leakage and all of the things that are happening and that we are seeing at this moment because now connecting on what I said previously, yeah, Microsoft have a copilot agent will do the stuff.

590
00:39:13,240 --> 00:39:22,240
Yeah, we don't need this department, it can be late off, for example, and basically then or the other way what is happening also what I'm seeing.

591
00:39:22,240 --> 00:39:40,240
Yeah, we will remove these people, but we will add additional stuff to Mirko, Martin, they can handle all of that and then because me and you already have something in the queue for doing work or whatever, then on top of that, you need to also think about this and that.

592
00:39:40,240 --> 00:40:03,240
Even though we will learn that, but it will take some time and in that time, there is a gap where a lot of things can go wrong and I, I usually, as I said, also from a personal experience, I have been working for a switchable company from 2016 to 2019.

593
00:40:03,240 --> 00:40:16,240
And then we were working dynamics also migration to Azure Dev also that stuff and it was very good lesson learned and all of these, for example, I remember the first two years, there was so many migrations.

594
00:40:16,240 --> 00:40:24,240
So what happened, there was a, you know, dynamics, I suppose you heard about it big ERP system from Microsoft, all that stuff.

595
00:40:24,240 --> 00:40:47,240
And then the companies started migrating from the best to the cloud because it came really good. After the two years, the third year, I said, now I see less projects, less migrations, I think we should focus maybe on the security a bit, authentication, these, let's work on the database because usually the dynamics, most of the data, it connects to the data.

596
00:40:47,240 --> 00:41:09,240
We have the fields, but mostly the database is exposed that it's consumed by the U.S. grid. No, don't worry, don't worry. I left that company and a friend of mine basically joined, he basically, here and most of the things and I said, mentioned that maybe to have 2021, January Christmas.

597
00:41:09,240 --> 00:41:22,240
And the encryption key in the whole company, they need to pay 10,000 Swiss francs in that period and friend of mine, we took three or five consultancy companies.

598
00:41:22,240 --> 00:41:36,240
They tried to refine all of that exchange exchange server encrypted office 365 encrypted Azure virtual machines storage encrypted all of that only dumb and they asked for some money.

599
00:41:36,240 --> 00:41:41,240
Basically, at the end, we needed to pay.

600
00:41:41,240 --> 00:41:47,240
And recreate everything because now you already pay, you are not sure maybe they will come back next year, you never know.

601
00:41:47,240 --> 00:41:53,240
So we started deleting a lot of stuff and recreating basically most of our infrastructure.

602
00:41:53,240 --> 00:41:58,240
So somebody learned from the hard way, if I recall it like that.

603
00:41:58,240 --> 00:42:15,240
I think there's something companies underestimate that also they lose a lot of money and it's cost a lot, but the other thing they're losing is it's a trust from their clients when they get hacked and this is.

604
00:42:15,240 --> 00:42:19,240
This cost net no, no one will.

605
00:42:19,240 --> 00:42:39,240
Explain how expensive is is is it I think I have my, or my bank, my it's really funny, my account account manager, this name is Andrea Sacka.

606
00:42:39,240 --> 00:42:49,240
It works really serious. So I think it's really hard for you to do a good job. But when we think a little bit more.

607
00:42:49,240 --> 00:43:01,240
How, or when we look at security teams, how can we work as developers on data science better together. What's your work tips.

608
00:43:01,240 --> 00:43:10,240
And that is I started in a team where there was only me and the manager and our approach was very simple.

609
00:43:10,240 --> 00:43:18,240
Whenever you start building application, please send an email to us. We will find some time to have a catch of 15 minutes.

610
00:43:18,240 --> 00:43:25,240
And that was happening for some of the new applications, not with all to be completely transparent and honest with you.

611
00:43:25,240 --> 00:43:32,240
There was really secure mind the developers, a Martin, please jump in just 15 minutes. We will explain this is the application.

612
00:43:32,240 --> 00:43:41,240
Then you don't need to act immediately. You can take a note and maybe next week you can delegate to your colleague or if you have time, you can discuss with them.

613
00:43:41,240 --> 00:43:59,240
Because that's why I said it's a shame. It's very difficult to do all of that stuff. But that might tip it's work together, discuss together, bother them from time to time, go on coffee with them, discuss with them, became part of any team that is building.

614
00:43:59,240 --> 00:44:07,240
15 minutes monthly or weekly, I think on so many meetings for all of us, I think is not a problem at all.

615
00:44:07,240 --> 00:44:29,240
And to connect just to add on the previous question, I do expect the same issue with the leakage and a lot of problems on the security side, maybe not this year, but the next year, because I do expect because I think now also I think me you or any of us, we were still figuring it out, HR GPT,

616
00:44:29,240 --> 00:44:41,240
pilot, Claude, Gemini, this, that it's so many things. And I think now it's a little bit stabilizing and what they see there, fighting which model is better. That's how I see.

617
00:44:41,240 --> 00:44:56,240
And basically everyone starts using, but next year when these people, as you said, were basically kicked out from the companies. And then we will start seeing that, oh, there is a data leakage from this data leakage from that.

618
00:44:56,240 --> 00:45:15,240
And then 2027, 2028, I do expect again, the company is to start hiring security senior, ML, second ops, AI, second, they have something, engineer to help them basically to improve their security and the security within their company.

619
00:45:15,240 --> 00:45:18,240
That's my expectation to be honest.

620
00:45:18,240 --> 00:45:35,240
And have you tips for, I think, big companies, they have a lot of money for security teams, but how can small companies approach AI security, they don't can invest big money and big security teams.

621
00:45:35,240 --> 00:45:52,240
First, I agree, sometimes it's about money. I discussed a couple of weeks ago with a couple of other Microsoft trainers and what they said to me, because let's be honest, all of us privately have quite a lot of cost.

622
00:45:52,240 --> 00:46:11,240
Either it's this, that family, all of that car, house, whatever. I discussed with most of them and everyone said that nobody pays less than 100 or 200 euros, monthly for subscriptions for all these AI services that we see.

623
00:46:11,240 --> 00:46:22,240
And on top of that, we have Netflix, we have Spotify, we have all these services, which are cherry on the top. So that makes 300, I think.

624
00:46:22,240 --> 00:46:33,240
And on the smaller company, I think it's easier. The cost can be quite less, but they can really focus on what should be protected.

625
00:46:33,240 --> 00:46:48,240
And what I saw also with chat GPT and also clothe now, I see that they created two different programs. I verified myself with chat GPT, they asked for a driving license for a codex. I think it's called, was called.

626
00:46:48,240 --> 00:46:59,240
And then for clothe, I still didn't heard anyone that have access to this called mitos. Yeah, mitos was called. So, Jamie has already some type of a better program for security.

627
00:46:59,240 --> 00:47:12,240
So all of these small companies, even though if you create 20 developers, 20 euros, monthly, I think it's around 2000, 2000, monthly cost.

628
00:47:12,240 --> 00:47:26,240
You have also at the end of the day, you don't need to go, you can go with Office 365, which you have some type of protection already, basic one. And then basically on top of that, but let's not forgetting those 2000.

629
00:47:26,240 --> 00:47:40,240
It's included also all the other stuff. I think that is also with this MPN or Microsoft partner network, visual studios licenses, Azure credit, 150 dollars euros per month.

630
00:47:40,240 --> 00:48:02,240
And that is a, that's the positive sometimes. So what I see with Microsoft, when you get a license, you get some benefits. Yeah, it's still expensive. But when you calculate as a set for everything else that we pay for our private subscription and asking chat GPT, can you tell me how it will be the weather tomorrow? And can you create a presentation for me.

631
00:48:02,240 --> 00:48:14,240
And I think it's worth it, even though the small companies to invest in these licenses and basically later to improve on their security maturity together for the AI security.

632
00:48:14,240 --> 00:48:23,240
I see you mentor many professionals through coach cloudy. I hope that it's a mind that I'm still working on working on it.

633
00:48:23,240 --> 00:48:36,240
And what skills are the most valuable for engineers entering cloud security, that's like up today.

634
00:48:36,240 --> 00:48:50,240
Quite difficult and broader question must be honest. So I usually start with the basic whoever starts with the cloud or switch or I do not focus first of all on security.

635
00:48:50,240 --> 00:49:00,240
I usually try to explain to them how the Azure cloud is working. Mostly if I do some coaching or mentoring, I focus completely on Microsoft. So don't touch me.

636
00:49:00,240 --> 00:49:14,240
I usually start with the Azure explanation. So the person to understand why there is what is resources resource groups of capes, how they are protected, what they do, how they do blah blah blah.

637
00:49:14,240 --> 00:49:22,240
Once they understand that, then we go on a user level. That means what you already set identity and access and the entry ID.

638
00:49:22,240 --> 00:49:34,240
After we get into that, usually they are looking or asking, game, arting, give me some project. Let me create this. Let me create that. Then I give them all of that. And then we discussed about security.

639
00:49:34,240 --> 00:49:46,240
The first thing that we do on the security also maybe we didn't touch a lot, but maybe I can mention is the security monitoring, which it becomes really more and more famous, especially with the custochery language.

640
00:49:46,240 --> 00:49:56,240
A lot of people are getting deep dive on that to get the locks on time or this or that real time and make a really good queries.

641
00:49:56,240 --> 00:50:06,240
And then after we finish with custochery, then I usually recommend let's now go deep dive on the defender and then basically explore the stuff.

642
00:50:06,240 --> 00:50:18,240
I usually give subguidance, but I'm always saying to the people, if you're getting into something, learning, changing careers, put Microsoft learn as your homepage.

643
00:50:18,240 --> 00:50:24,240
It will be easier for you whenever you sit on your computer.

644
00:50:24,240 --> 00:50:42,240
I think a lot of companies, when you start your career, actually, I think companies look heavily on various certifications, but less than and hence on experience.

645
00:50:42,240 --> 00:50:56,240
I think for people, it's really hard to get experience when they don't get hired.

646
00:50:56,240 --> 00:51:10,240
So how can people start their careers really really join a company and become a really expert and a security like you.

647
00:51:10,240 --> 00:51:28,240
I usually do that and I will share it now my secret, usually recipe usually when I start learning something also two years ago, I think also Martin and Mirko didn't know about AI also me and you need to sit and learn some for me.

648
00:51:28,240 --> 00:51:38,240
I really want to really on the Microsoft learn and going to the a foundry looking on this, what is this, how this works, why this work.

649
00:51:38,240 --> 00:51:52,240
It's a free platform, by the way, for everyone that will listen this but later on basically it's a free platform and I'm always saying maybe I'm too much protective for too much doing advertisement for Microsoft.

650
00:51:52,240 --> 00:52:04,240
So the only thing is the only at this moment portal where I found what they need immediately, for example, maybe it's easier because we are in this ecosystem, but the antenna one can figure it out.

651
00:52:04,240 --> 00:52:27,240
Once you get the theory from the learning parts, you can easily take a look on something that is called apply skills apply skills it's again free within the Microsoft learn and basically you can create a agents you can explore co pilot, you can explore Microsoft defender XDR you can create entry users delete them play around.

652
00:52:27,240 --> 00:52:46,240
So you have two hours for every exercise you after you finish the first exercise you need to wait 48 hours and basically that's it, but in the meantime once you finish the one you can go on the next one, then the third one you have some tasks and they work really smoothly.

653
00:52:46,240 --> 00:53:09,240
So why I'm saying all of this and maybe to motivate somebody that will listen this just to tell them that in the past for me to learn window server I needed on MSN to wait three hours for a book of 12 megabytes and then in the book you just read you don't touch a server you touch the server once you get it.

654
00:53:09,240 --> 00:53:20,240
So if I can do it anyone can do it that's how I say we got to be honest, okay, good. Yeah, let's jump in the rapid fire around it's I asked you.

655
00:53:20,240 --> 00:53:31,240
Yeah, then you give us fast, fast, and one Microsoft security feature more organization tools and able immediately.

656
00:53:31,240 --> 00:53:40,240
Advanced security, get caught, once security biggest AI security possible that currently arrived.

657
00:53:40,240 --> 00:53:48,240
One security haven't every developer should be adapt.

658
00:53:48,240 --> 00:53:50,240
Security by design.

659
00:53:50,240 --> 00:54:00,240
Your favorite error or security tool you can't live without.

660
00:54:00,240 --> 00:54:07,240
One prediction for a I security over the next year.

661
00:54:07,240 --> 00:54:10,240
This should be fast.

662
00:54:10,240 --> 00:54:26,240
So please learn keep learning and is Michelangelo said at age of 87 I'm still learning so keep learning because if you don't learn then you will be replaced by AI.

663
00:54:26,240 --> 00:54:34,240
And the final message for organization trying to adapt I I securely without slowing innovation.

664
00:54:34,240 --> 00:54:41,240
Work together with the C so security people within your company because security is a team sport.

665
00:54:41,240 --> 00:54:48,240
We need to work together we need to bring together as I'm saying and we need to build AI or any other application together.

666
00:54:48,240 --> 00:54:57,240
That's how security people will not be obstacle, but they will became the first line or basically the people that will help for building secure application.

667
00:54:57,240 --> 00:55:08,240
First of all, thank you for the time you spend with me here and all the information. So my last question is what when people listen us take one thing from the session.

668
00:55:08,240 --> 00:55:12,240
What what should it be.

669
00:55:12,240 --> 00:55:16,240
As I said a lot of times keep learning and never give up.

670
00:55:16,240 --> 00:55:19,240
Thank you then goodbye.

671
00:55:19,240 --> 00:55:23,240
Thank you and goodbye everyone.