Episode 9 - AI & Cybersecurity

  • 00:00:18:04 - 00:00:41:19
    Jie Ren
    Hi everyone. Welcome to my podcast When Tag Me Tight and Professor again today, I have a good friend of mine for Flora to join us to discuss a important topic. I am a cybersecurity. He is an expert in this domain, especially along the line of detection and response social fu. Tell us about you.

    00:00:41:21 - 00:00:46:18
    Shoufu Luo
    Yeah. First of all, very, professor, be here and talk to you. Have been a very long time.

    00:00:46:20 - 00:00:50:08
    Jie Ren
    Yes. You haven't seen each other for a long time. Welcome back to the city.

    00:00:50:11 - 00:00:53:12
    Shoufu Luo
    Well, this morning, working in this field is really making me feel different.

    00:00:53:15 - 00:00:54:19
    Jie Ren
    That's like homecoming.

    00:00:54:21 - 00:01:03:16
    Shoufu Luo
    Yeah, exactly. Yeah. So about myself, I actually do my PhD in city, city University, New York. Okay. But I was a transfer from Stevens.

    00:01:03:16 - 00:01:05:02
    Jie Ren
    Yes. To my, Yeah.

    00:01:05:02 - 00:01:32:01
    Shoufu Luo
    We have millions. Exactly. Yeah. So, my my, concentration was about like, intrusion detection, like, I about I in the security them after graduate from the, pitch program. I joined industry research lab for two years, then kind of figuring out. Oh, I wanted to know more about it. What's this? People struggling in the front line of defense.

    00:01:32:03 - 00:01:36:17
    Shoufu Luo
    I, rather than just sitting in the lab playing the data and previous models.

    00:01:36:17 - 00:01:38:01
    Jie Ren
    What apply to business, right. Yeah.

    00:01:38:03 - 00:02:01:19
    Shoufu Luo
    My. Yeah. So so that's why I kind of switch my gear to like a circuit engineer and learn more into response then to talk to your detection response. So, so I can see more actually what was actually happening in the first line and then I can come back to doing it, apply those, those kind of observations. Then why connect with the theory then.

    00:02:01:19 - 00:02:08:12
    Shoufu Luo
    Like we need to be more welcome there. So it had been like seven nine years pretty pretty interesting.

    00:02:08:12 - 00:02:36:21
    Jie Ren
    Yeah. Yes. You are right now based in Silicon Valley right. Yes. In California. Yeah. Yes. You talk about your journey. Right. And then also that I know that, you are focusing on, detection and response. But you have been working in kind of different industries, right? Kind of in, in, in a way, we will talk about the industry, unique traits in terms of how those could affect AI's involvement in this context.

    00:02:36:23 - 00:02:41:22
    Jie Ren
    But could you please kind of explain that you kind of the hopping from one industry to another?

    00:02:42:00 - 00:03:10:11
    Shoufu Luo
    Well, not enough received from a complete different industry, but like I graduated from college, I, I was somehow looking into like an embedded system and building very, like always kernels and well, from, from, from which, I was kind of studying, diving into security for the assistant building security libraries. Right then at the time, what?

    00:03:10:13 - 00:03:32:16
    Shoufu Luo
    We were trying to find a different laws. I looking at the, like, industry jobs for security. There was. Oh, well, this this kind of topic is really interesting. Me. So I kind of like when the guy moved here. So, Yeah, I think that back then was more in into the financial world. We are building the software.

    00:03:32:16 - 00:03:56:08
    Shoufu Luo
    And how do we have all the financial. Yeah. Most of the banks. Yeah. Then, then once I switched to, PhD of the web. But PhD is very close to like, on, online social platform and also like security for building software for other companies. Gotcha. Right now is the only gaming gaming industry like protect the infrastructure.

    00:03:56:08 - 00:03:58:23
    Shoufu Luo
    Well, he built an online gaming platform.

    00:03:59:01 - 00:04:19:10
    Jie Ren
    Now, this is very fascinating in terms of hopping from wine industry to another. But when it comes to the perspective of cybersecurity, I'm sure the underlying mechanism is very similar. Like we would put a Pin here, we will look back to this. So I want since the topics are truly about I on the cybersecurity. So I want to I want to focus on I here.

    00:04:19:15 - 00:04:41:04
    Jie Ren
    So I have been while we know this right used quite a lot in many fields including cybersecurity. And then you know that in the context of detection and response, there are two perspectives, right? One is offense, the other one is defense. Maybe you can start from, defense to talk about AI's application. Yeah. And some examples.

    00:04:41:06 - 00:05:06:13
    Shoufu Luo
    Yeah. So when we talk about AI is a subject topic, I would say in my and in these days people may more thinking about a ChatGPT. Yeah. But I think are all this either back to like where we talk about machine learning, which is I mean, is is subarea rather than just a, you call it equally, so machine learning was applied in cybersecurity for many, many years.

    00:05:06:13 - 00:05:33:22
    Shoufu Luo
    I mean, over decades already compared to other areas, six, machinery being six success. I think the success in superscalar would be not as fascinating as other areas, but it that do very successful studies in this theory and the and in particular in defense, time machine learning was used to learn different attacking patterns so that we can we can quickly to react to the patterns.

    00:05:33:22 - 00:06:03:17
    Shoufu Luo
    Because the first step of defense is you need to know what's the angle and how to recognize those attacking patterns. So which I myself was to machine learning to apply machine learning in the, in, in, in a particular topic in this intrusion detection, basically we are looking into different call logs. We, we keep for the system and the logs we were about like, and the user's activity in the system and the, the machine, how the machine being used, how the file is being read and the line.

    00:06:03:17 - 00:06:36:06
    Shoufu Luo
    Right. So this logs whatever science is happening in the system and the from those chase chases. So we want to find out that something is out of order. Something is what is not a wound it right. And this in particular is malicious and we want to get rid of it. Right. So so machine learning is, very good at finding patterns and, and I think that is, is a great tool for us to leverage so that we identify the pattern.

    00:06:36:08 - 00:06:47:02
    Shoufu Luo
    Then we put a defense by to kind of either reject and the activity or basically block out the system better guys out of the door.

    00:06:47:04 - 00:07:00:00
    Jie Ren
    Okay. Cool. So that actually gives the foundation for the use of AI. Right. So for sure. So how about let's switch to the offense perspective and then some examples that you could give from the offensive community.

    00:07:00:06 - 00:07:08:02
    Shoufu Luo
    Yeah. Well before we switch to I think when we talk about I will what I just said the machine learning way. Yeah I just this extension of of machines.

    00:07:08:02 - 00:07:09:11
    Jie Ren
    That there's a foundation for.

    00:07:09:14 - 00:07:29:11
    Shoufu Luo
    Not only like statistics but also other way like in particular like deep learning and also, yeah, other techniques. But it's yes switch to of offensive community basically like I in the end is a tool where everyone can use it not only defense but also offense and the which makes sense to you any interesting. And this is what.

    00:07:29:11 - 00:07:37:19
    Jie Ren
    Do you think that has like decreased the entry barrier for anyone to kind of pick up these. Yeah. Who's to be.

    00:07:37:19 - 00:07:38:05
    Shoufu Luo
    Definitely.

    00:07:38:10 - 00:07:40:05
    Jie Ren
    Offensive in this kind of context.

    00:07:40:08 - 00:08:03:20
    Shoufu Luo
    Yeah definitely. I think there are lots of like research and articles published talking about it. Like how is I actually low the bar for and the like. No. Begins to start attacking right attacker if we're looking at like like for example in phishing war, right. In the past, like phishing basically is you, you want to like check someone to, to, to perform some action, right?

    00:08:03:20 - 00:08:06:00
    Shoufu Luo
    For the sake of, attacking.

    00:08:06:00 - 00:08:06:15
    Jie Ren
    Right.

    00:08:06:17 - 00:08:23:09
    Shoufu Luo
    And but in order to, like, bypass the defense and the you, you want to say, for example, you want to get, like, credentials from the. Yeah. From the victim. Yes. You need to convince the victim the hack giving your password. Right. Yeah, but we will. You probably would just randomly give that anyway and.

    00:08:23:09 - 00:08:25:05
    Jie Ren
    Not I doubt.

    00:08:25:07 - 00:08:40:17
    Shoufu Luo
    Yeah, but but sometimes if you trust me. Well, you may just like, give it to me. Yes. So that the whole point of fishing is like you, you need to kind of make sure you convince the victim and give the credential or whatever the critical information.

    00:08:40:19 - 00:08:54:01
    Jie Ren
    And so you're pretending to be. So let's say if this is a hacker, right, or this, offensive from the offensive community, and then he or she could be using AI to or like, pretend to be someone else, right?

    00:08:54:01 - 00:08:54:15
    Shoufu Luo
    Yeah. You have a.

    00:08:54:15 - 00:08:59:06
    Jie Ren
    Breaking, but, his or her like that, that victim's friends. Right. So.

    00:08:59:11 - 00:09:17:23
    Shoufu Luo
    So it is a skill I convinced she was a skill for. For people like me. Maybe not that good at it, but with the power of the I, actually, I can do much better them than I without the tool. Right? When I write an email to use say, hey, I have run into this issue, could you just share your password?

    00:09:18:01 - 00:09:42:14
    Shoufu Luo
    Right. And you, you use it. Well, who is this? I don't don't recognize the way he, He speaks, but you speak away. Say we we I have a unique way to speak to you. Like a Samson jargons or something. Right. Then you will. Oh, yeah. I recognize is like she she must be chauffeur right now. You'll be more comfortable, more confident to to share the information to me, you know, and those, those kind of, skills.

    00:09:42:14 - 00:09:57:03
    Shoufu Luo
    Actually, I will be very good at it. Like in particularly partial writing you to to make sure is convincing. And maybe if you if you have a particular piece in my past of writing, they can be copied into the email.

    00:09:57:05 - 00:10:16:17
    Jie Ren
    Got it. So it's not only. Yes. So writing definitely is one thing that I kind of, you know, you like, you kind of mimic as a potential hiker, for example. So I could like say that use I to not only, you know, first of all, get the credential to to convince this victim that is the source. Right.

    00:10:16:18 - 00:10:39:14
    Jie Ren
    Is found this particular trustworthy friend. And also I can use I to like train you and I to kind of mimic. Right. He's a hard writing style, right. Etc. to do the check. But it's not only about writing per se, and it could also be like biometric like data, right? For example, you know, sometime you could be like, receiving from scammer calls.

    00:10:39:14 - 00:10:44:04
    Jie Ren
    And if you say something, that voice will be recorded. And then I will say something like that.

    00:10:44:07 - 00:10:53:03
    Shoufu Luo
    Definitely. Like I think, is very interesting because people start talks, started talking about like how, how much of that I can do, especially with the, you.

    00:10:53:03 - 00:10:56:12
    Jie Ren
    Know, just the kind of capacity, the scope of the.

    00:10:56:14 - 00:11:20:03
    Shoufu Luo
    The idea that the will not like news, like in the past years, this is like in Hong Kong, this executive was, was scanned through the video conference. Oh. Because like, I think that the the attack of mimic, of the voice of the, CEO and convince the CFO to wire some money to a, different kind of, attacks account.

    00:11:20:04 - 00:11:46:19
    Shoufu Luo
    Right. And the, like, many times, like, we you get used to his her. Well, what? Because people got it. Okay. Did they realize? Oh, sometimes when I receive emails, the email may not come into the person. Right? But the people were saying, oh, voice is hot. But if I hear someone calling me and the the sound is exactly like my friends, like, exactly is my boss, I will be more just, oh yeah, it's you must be more trusting.

    00:11:46:19 - 00:11:47:01
    Jie Ren
    Yeah.

    00:11:47:04 - 00:12:18:08
    Shoufu Luo
    And the even even more like these days. ChatGPT even like solar can generate the videos. And if people are not aware of the the events of the technology, then they may have a hard time to figure out. Oh, this is like, fake, right? Yes. Had a good example. So so I think the advance of technology really changing the the landscape and the we need to keep up with those technology, make people aware of what kind of is possible being used for the scam.

    00:12:18:08 - 00:12:21:04
    Shoufu Luo
    For those like you should like a scenario.

    00:12:21:05 - 00:12:25:15
    Jie Ren
    Okay, so we definitely need to raise awareness for everyone about this for sure.

    00:12:25:16 - 00:12:42:19
    Shoufu Luo
    Yeah, because this one seems like, I when I in school, I think one faculty is out of useless, out of picture is like, oh is about using education like secular human faculty is really a big effect in, in, in the whole near fence pick, scenario.

    00:12:42:20 - 00:13:02:21
    Jie Ren
    Yeah, we definitely will, guide to this human factor. And then that could be a big part of today's conversation. But but before we go there, I also want to, based upon what you just talked about. Right. I saw applications in different fields. And I also mentioned that industries are different. And also you helped fund kind of industry for like from industry to industry, you know, guys.

    00:13:02:21 - 00:13:20:18
    Jie Ren
    So, still focusing on cybersecurity. So, we know that banking is different than manufacturing than social media platforms. So, could you please elaborate on that, like for a particular industry from the examples that I mentioned, how would these applications differ in terms of their focuses?

    00:13:20:22 - 00:13:50:12
    Shoufu Luo
    Yeah. Well, if from the bottom line, when I'm looking in the core of the technology, they all can be applicable in different areas. Right. In my opinion, most times the focus of the concern will be different. Like for example, when we look into, say financial industry, I think, we can allow a lot of, a lot of about it, like, data security and the transaction and, the, the chest traceability of the data.

    00:13:50:14 - 00:14:16:18
    Shoufu Luo
    But if you look in the social platform, well, the social platform where basically they have the platform part and they also have the aspect backstage, like who which is supporting the, the platform. Right. On the platform, we have a common security like how to protect the user's account on say, Facebook or. Yes, but but the, the whoever running the platform, they also have a Interpol's network running system.

    00:14:16:18 - 00:14:52:20
    Shoufu Luo
    Right. And they need to protect their, company assets. I, or employee accounts or, you see, like the manufacturer you have have they have a plan, they have factories and they have like industry, factories running and but but but, like, can I get into the, the cold business? Many things are a share like we are we are concerning about the business, values of business assets or intellectual property supply chain attack.

    00:14:52:21 - 00:15:18:12
    Shoufu Luo
    My basically for if a software industry you are concerned about what is software what is what is a vendor providing software for my company to in order for my business process. Right. If we are a manufacturer, we are so concerned about the the supply chain, how to support a manufacturer is running on these days of law. So issues are about right rather than where my business somewhere.

    00:15:18:12 - 00:15:49:21
    Shoufu Luo
    Yeah. So so I think those, those issues are commonly shared between different, industry of course, different Dutch have their own focus because of the nature of the business are running the unique uniqueness of the business process. They, they, they rely on for their business. Right. Yet but as I said, like the technical way. Why? So, the technology is shared across most high share of which the different, emphasize and cons because the concerns are different.

    00:15:49:23 - 00:16:08:20
    Jie Ren
    Yeah. So, I would agree with you. Right. So like different industries have different trades. So take for example social media platforms. So we know it's not so we you so far you talk about the businesses point of view. Right. And then from the user's point of view, like social media, very, very much leveraging user generated content.

    00:16:08:22 - 00:16:29:10
    Jie Ren
    And then because of AI skills, right. Like from the offensive community's point of view, there could be a lot of fake accounts, like kind of a, you know, trying to for example, this the the scam could be, involved in romance or involving gambling or involving like whatever in the end, to essentially to get money out of the victim.

    00:16:29:10 - 00:16:53:11
    Jie Ren
    Right. So, so, what will be the kind of the, the technique, you know, like, kind of to defend social media platforms, you know, from kind of it's now like entirely getting rid of, false information or misinformation, etc., etc.. We really hope that we can do this, but are there any techniques that are in place?

    00:16:53:12 - 00:17:04:22
    Shoufu Luo
    But yeah, the answer is definitely right. I think as a as a computer scientist, the security professionals, we believe that a way to, to solve the problem, you know.

    00:17:04:22 - 00:17:06:04
    Jie Ren
    Exactly.

    00:17:06:06 - 00:17:38:12
    Shoufu Luo
    But I think I would say this is really like, a battle between the defense in the tech. There's no, like, a golden key, silver bullet to solve the whole problem. While the the offensive community utilize AI to generate, like, abusive content in code from text to video to, to to images. So that's, that's that's will be also, the technique we can leverage to detect such, such, such abusive behavior.

    00:17:38:16 - 00:18:00:04
    Shoufu Luo
    Okay. I think you should know. I guess, although, I don't know, like, could the story whether which would you said is ahead of the game. Yeah. But usually this is what I see. Is it happened, right. You know, beginning we are not aware we don't have any technology to say prevent this actually since happened. But rather than the offline offensive community have become very creative.

    00:18:00:04 - 00:18:37:18
    Shoufu Luo
    Say to utilize this technology to, to generate as a fake image for what our purpose is for to harm people, then the defensive community will react and say, well, okay, let's let's looking into Twitter what's going on. And the and developed develop a certain technology to detect such, such fake, fake fake image. Right. I think the one I can think of right now is like, I remember this article from some research based talking about it if, if image generated by the deep learning model, the center of the picture, the center of the face, always in the center picture and I.

    00:18:37:19 - 00:18:39:05
    Jie Ren
    And the same pattern that.

    00:18:39:06 - 00:18:55:12
    Shoufu Luo
    I've cut in here for, for us. And most times what they should look for patterns so that we can idea. If you think about in the real world scenario, the police and I when the police went looking at this suspect, they were like, really be careful. But it was what's the collect list was a patterns behavioral patterns.

    00:18:55:14 - 00:18:56:02
    Jie Ren
    If you could.

    00:18:56:02 - 00:19:16:11
    Shoufu Luo
    A behavior could a behavior, could it be like appearance. Could it be. Yeah. And that's a false positive of course. So I those those scenes need to be kind of be cautious when we apply that such technology. Yeah. So basically we're thinking about a diverse of the was if we have a cold war between Russia and, and, southeast to a.

    00:19:16:11 - 00:19:22:15
    Jie Ren
    Constant battle, like we got some. Yeah. One does something and, and the other one does something kind of has a change of luck.

    00:19:22:20 - 00:19:23:10
    Shoufu Luo
    And before.

    00:19:23:11 - 00:19:23:20
    Jie Ren
    I sense.

    00:19:23:20 - 00:19:38:13
    Shoufu Luo
    I see, I kind of, surpass you. Then you open for the more resources, and they try to innovate and surprise me. There's always like, that's not always. I always like to surpass you and always submit to you. Right then.

    00:19:38:15 - 00:20:03:12
    Jie Ren
    Okay. So, I think it's a really like, transitioning point in terms of we talk about social media, like, and they are there is a lot of, user generated content and a lot of user behavior, etc.. So following that line of logic, let's talk about the human factor in the context of cybersecurity. Maybe let's first start from the perspective of offensive community okay.

    00:20:03:14 - 00:20:25:00
    Jie Ren
    So we know that cybersecurity often is a human issue. It's not necessarily only a technical issue. Right. So and then from the offensive community's point of view, and they probably have been increasingly using social engineering to penetrate and this system. So could you please elaborate that?

    00:20:25:02 - 00:20:45:17
    Shoufu Luo
    Yeah. So, so as you, that you actually see the point of phishing where we just talk about is one of us, we engineer. Exactly. And for, for security professions in particular. Were you in a working for the industry? We've spent a lot of time to educate our employees about what a kind of sexy. And when you see something, you report something.

    00:20:45:19 - 00:21:09:21
    Shoufu Luo
    The whole reason is because the human faculty should really be kind of, the important effect we have behind, like, behind all the techs and the social engineer basically is a, is a technique is a child like tech to leverage, the more like psychologically to influence of people to, to convince them to perform an attack in the favor of the tech like.

    00:21:10:01 - 00:21:12:09
    Shoufu Luo
    And the phishing is just example I you send you.

    00:21:12:11 - 00:21:16:12
    Jie Ren
    Check them into believing, trusting you in terms of like getting whatever you want.

    00:21:16:13 - 00:21:43:13
    Shoufu Luo
    Right, exactly. And and the reason is, is very straightforward. Is it because we put like the defense community put a lot of time and effort? And if even from the the help from the academic to build all these secure systems, like from crypto to the cryptographic, other machine learning, building, kind of secure systems, then like one example would be like multi-factor authentication.

    00:21:43:13 - 00:21:46:16
    Jie Ren
    Yeah. So yes, you know, I'm for them has been using it.

    00:21:46:16 - 00:21:50:01
    Shoufu Luo
    Catalonia is offensive as key values since the design.

    00:21:50:02 - 00:21:51:01
    Jie Ren
    Is secure our data.

    00:21:51:01 - 00:22:16:02
    Shoufu Luo
    Right. But at the end of the day the tools used by human right you that's a I, I set up a like a SMS, authenticator code to have a double line of defense, but you guys is given code. Then the attacker just to get, get started into, like, just like the cell door of the university. Yeah. So you may have these, like a pin, in the door, say, hey, you have to provide a pin in order to enter the.

    00:22:16:02 - 00:22:17:16
    Jie Ren
    Building, right? Yes. Okay.

    00:22:17:18 - 00:22:18:11
    Shoufu Luo
    Then smart.

    00:22:18:11 - 00:22:18:18
    Jie Ren
    Lock.

    00:22:18:23 - 00:22:43:21
    Shoufu Luo
    Yeah. Similar because another, another another example. But that actually is a credit. Like you have a strong blockade but you really have the colleges regardless. Like so. Yeah. So and so social engineering become increasingly important I will say increasingly used by the office of Community. Yes. And this became increasingly important for the defense decided to concede.

    00:22:43:23 - 00:22:58:13
    Shoufu Luo
    How can we reduce the risk of, of that if a tech fact like it's a human fact? So that the I as we give the example, the action is low in the bar for the a.

    00:22:58:13 - 00:22:58:22
    Jie Ren
    Lot of.

    00:22:58:22 - 00:23:06:04
    Shoufu Luo
    Say, yeah, it's much easier for them. They need it like they even though they need to to know English you know to attack.

    00:23:06:05 - 00:23:20:07
    Jie Ren
    Oh that's very true. That's a very good point. Do you want to like, elaborate on that and that. Not necessarily. Like you have to know the language in order to do the tech. I know that sometimes you can use like deepfake technology to pretend to be someone that is speaking a different language.

    00:23:20:09 - 00:23:49:03
    Shoufu Luo
    Yeah. Well, I think like in particular when I was in she's the program might have and have or they're looking like at events. The persistence real time for learning is so fascinating to see how people tend to the to the highly secure system like even nation state and like but but we are talking about a lot of since attack France on like other nation nation like and those people are not necessarily actually native English speaker.

    00:23:49:05 - 00:24:15:03
    Shoufu Luo
    But it was they just started to try to phishing and the people in, in us, and they may just speak of some kind of a English, writings and language and that as, as a security, like maybe as a governance office officer, they me here, like, I think with the kind of peasants. Oh, this done this like, native English speaker email.

    00:24:15:03 - 00:24:36:01
    Shoufu Luo
    Right. And but is it the sense that you're coming from my colleague is from another, government department? That sounds like to me. Right. So can you do kind of like, the, suspicion then once this is being studied, then maybe they will. They can, then they will, like, stopped doing in the because they're not convinced that this is from my colleague.

    00:24:36:03 - 00:24:37:13
    Shoufu Luo
    Right. Yeah. So so.

    00:24:37:13 - 00:24:41:22
    Jie Ren
    This is essentially the, the check the match between the source and also the content was.

    00:24:41:22 - 00:24:51:15
    Shoufu Luo
    This has some people looking at okay, is this the emails I trust so that I can give out. You imagine like but it was I such such a doesn't exist any of that.

    00:24:51:17 - 00:24:54:17
    Jie Ren
    Anyone can write of it in native like and pretending anyway.

    00:24:54:18 - 00:25:06:01
    Shoufu Luo
    But then there's a nest and the native. It can be some lane and English. Yeah, that's actually because the whoever when the to use a tool they can specify what kind of email they want the right. Yeah yeah.

    00:25:06:02 - 00:25:07:08
    Jie Ren
    Oh what a personalized.

    00:25:07:13 - 00:25:21:18
    Shoufu Luo
    They want to kind of voice. They want what kind of an image. They want to dance to the victim okay. So so that's that a give a lot of like powerful offensive community to, to leverage, you know. Yeah. Yeah.

    00:25:21:18 - 00:25:25:08
    Jie Ren
    So, sounds very scary, by the way.

    00:25:25:10 - 00:25:25:23
    Shoufu Luo
    It is there.

    00:25:25:23 - 00:25:27:18
    Jie Ren
    It is very much myself.

    00:25:27:18 - 00:25:44:18
    Shoufu Luo
    I actually try to catch up with the trends in the industry, like, and, like actually have the opportunity to, to guess in some kind of, FBI agent to talking about the issues they're going into. Yeah. Which would make me think, this any sense is I need to catch up by even further. Yeah, exactly.

    00:25:44:18 - 00:26:01:13
    Jie Ren
    Technology is evolving. And then it could be pros and cons in terms of, you know, their implications. So I know that we touched upon this already here. Since given what you have said right about this kind of scary flavor. So how do we as users buy to protect, protect ourselves.

    00:26:01:15 - 00:26:28:04
    Shoufu Luo
    Yeah. Well, I said, like, first of all, you need to be aware of what is seen. Suspicious. Right. So I think for for cybersecurity, especially for educator, like for, for you, was either the school or the university of. Well, we have anything like program to I think is the user education is very important and basically raise awareness of, hey, what since is suspicious.

    00:26:28:04 - 00:26:53:22
    Shoufu Luo
    Well, since you need to be aware, this is possible you are being scanned or you are being attacked by. And because otherwise people may just trust trusted and then. Right. And as we said, in fact is a, important in, in the, in the chain of defense. Yeah. So, I would say, I is a is a powerful, so powerful tool.

    00:26:54:03 - 00:27:04:21
    Shoufu Luo
    I think everyone should have learned what it can do, make it easy. When it comes to cybersecurity. We need to be aware what a better guys can leverage you to fall for this. And like very common attacking scenarios so that.

    00:27:04:21 - 00:27:06:17
    Jie Ren
    Everyone needs to be eye literate.

    00:27:06:20 - 00:27:26:00
    Shoufu Luo
    Yeah. So yeah. Exactly. Well I like the of the term little bit like because it's going to be on the everywhere in every, every like tools that you use or every, so nervous you may like it. So. Yeah. So, so I think that there is really something like, needed to the whole society.

    00:27:26:01 - 00:27:40:13
    Jie Ren
    Civil society 100%. Yes. Then let's kind of shift gears a little to look at the other side of the story, right from the perspective of the perspective of difference. Exactly. So what what is the human factor there?

    00:27:40:15 - 00:27:58:01
    Shoufu Luo
    Well, I think as the people are talking to start talking about like is the eye, the advanced eye or, or with a high, j eye, whatever the genitalia. Hain. Yeah. Intelligence. To start it, you're placing human?

    00:27:58:03 - 00:28:21:14
    Jie Ren
    Oh, yes. Currently, again, like our models, our arms are being, like, developed, right to somehow have this reasoning ability. Right. And then they they could have the potential to augment, like, sorry. Automate a lot of process. Right. And then. Yeah. So in that case, how could you know. Right. So yeah. Affect this, the, the human factor in science and on this.

    00:28:21:14 - 00:28:42:20
    Shoufu Luo
    From the defense side, we, we have a human factor as well. Basically. Yes. Well, the eye is tool. We can use the tool to attack. We, we will use the eye tool to more smartly, to, to defend. Right. The in, in, in the atmosphere of human being replaced by AI. Yes, exactly. That's kind of scary.

    00:28:42:20 - 00:28:53:10
    Shoufu Luo
    I mean, for myself even like going into these kind of, transition like, phase studies, self-doubt. Hey, where's my career go? Is this is going to hurt of my future.

    00:28:53:10 - 00:29:01:04
    Jie Ren
    We all somehow have that sort of like a doubt. But it's not always like knowing more information than we have, like, more assured that we can still do this. You know, this.

    00:29:01:04 - 00:29:25:12
    Shoufu Luo
    Is not imaginary. This is a real happening in the industry. Like very particular is so, so good added coding. And as I pass a part of me, a software engineer, right, and software engineer being replaced by I code coding, we have so many, industrial solutions provided to just like quickly. Right. Yeah. Like code. Yeah, yeah, yeah.

    00:29:25:14 - 00:29:45:04
    Shoufu Luo
    The story might be a slightly different for cybersecurity, but I wouldn't say this cybersecurity you knew from this chain. So in the end of the I think I will have the if I say in the end there's a hope. The whole human society is trying to save our human from this labor work like that, where we have more freedom to do something.

    00:29:45:05 - 00:29:46:11
    Shoufu Luo
    We like.

    00:29:46:13 - 00:29:46:19
    Jie Ren
    Art.

    00:29:47:00 - 00:29:53:23
    Shoufu Luo
    Yeah. Like, there's like another question will be there will will be the other will be a mental occupation for everyone, for.

    00:29:53:23 - 00:29:54:10
    Jie Ren
    Everyone.

    00:29:54:15 - 00:30:16:19
    Shoufu Luo
    Family like that. But I have voted to take it. Take a sometime. And the first ever security I think of it will be May. The story might be different because like in the end of the day, cybersecurity is not just like your developer. See it and then use your user to use it with the with the to meet the crime and all of the user.

    00:30:16:21 - 00:30:55:07
    Shoufu Luo
    But I really this is like a double sided battle and we are constantly battle each other being creative, being kind of looking for new ways to defeat another, the other side. Yeah. And whatever tool we use, I will assume both sides will have the same learning power to learn the table for the user. So of course, many times we try to kind of that we have to cut government to regulate how to use like a AGI is the ones in the like US government have a think about how do we can introduce some regulations to to kind of I don't know whether this is a good or what a control or of the user

    00:30:55:08 - 00:31:17:13
    Shoufu Luo
    monitor. All right. But that regardless, I think the assumption is we should assume when we will we in the defense point of a, we should assume the attacker should will also have somehow access to site equivalent the tool like we have. Right. So as well they will be said, well we have both side have the same power of technology to solve the two in the same problem space.

    00:31:17:15 - 00:31:29:09
    Shoufu Luo
    Then it will be up to the human to figure it out how to effectively use the tool, how to possibly use the tool, right? How to even isolate another dimension, how to protect the tool.

    00:31:29:11 - 00:31:30:02
    Jie Ren
    Yes. Yeah.

    00:31:30:02 - 00:31:53:11
    Shoufu Luo
    Because when we introduce the agent or the agent have its own reasoning, we are relying on agents to do more work. We are more putting more charge on the agent, but it is just its agent. Very trustworthy. But it is another issue. Yes. And I think for for the sophisticated profession. No, no really always like can think about like in the future.

    00:31:53:11 - 00:32:21:04
    Shoufu Luo
    Like we, the I definitely will do a lot of work for the profession. Security profession. Yes. For like one very simple example. We without the I, we have like a cyber inverse investigators. Right. Doing all the kind of work at the on the day we are going to write a report. But you can imagine why you need to summarize what I find is so I can share with anyone who were concerned about like, so like maybe it's engineering teams.

    00:32:21:04 - 00:32:43:01
    Shoufu Luo
    So they say can read cases and they can build solutions. Maybe the executive team to understand what's going on. Yeah. So that they can associate with the business risks. Yeah. But anyways in need of licensing and the to compile all the evidence. That's all that you have right. Yes. That is really not an easy task because is is take a lot of skills and domain.

    00:32:43:01 - 00:32:43:17
    Jie Ren
    Knowledge, domain.

    00:32:43:17 - 00:33:03:17
    Shoufu Luo
    Knowledge and a different level of understanding so that when you, when you write a different angle of the report. Right. Yeah. You have a different angle to write a report for different the audience. Right. Then you need think about, oh how do I organizers materials, evidence presented in a certain way so that it is easier to convey the, the thing I wouldn't do for me.

    00:33:03:17 - 00:33:19:04
    Shoufu Luo
    Right. Is it very time consuming, but with I. Well, this is easily, insanely cheap. Way quicker. Oh. Like the way quicker way. And I with a way better myself is not a native English speaker. Right. Okay. And and I.

    00:33:19:05 - 00:33:24:15
    Jie Ren
    It's not only about the linguistic style, it is also about like domain knowledge and expertise. Right.

    00:33:24:20 - 00:33:43:07
    Shoufu Luo
    But, but but I do offer her. But I, we consume all the knowledge in the whole world. I mean it's the same I mean not a good at is maybe those things like I think one very interesting point is add and have ability to, to experiment, to interact with the world, to the experiment. But that's another thought.

    00:33:43:08 - 00:33:43:16
    Jie Ren
    Yeah, that's.

    00:33:43:18 - 00:33:58:21
    Shoufu Luo
    Different. But with the existing knowledge is quite a powered can deal in knowledge them fully in a way in in a renewable way, in a structured way to, to convey the message. And then I would say much better than maybe many of the people you know.

    00:33:58:21 - 00:34:24:10
    Jie Ren
    Yeah. That's true. That is true. Yeah. And then I have one final question for you. And the one to like this, I'm trying to make every single episode to tie back to the context of education. So here's a question related to education. So, I want you to give any suggestions to students that are starting cybersecurity and then very soon facing this workplace.

    00:34:24:16 - 00:34:35:15
    Jie Ren
    Right. Where I is very much adopted in this very context. Any suggestion to them? How do they better adapt, adjust themselves to adapt to the situation? Yeah.

    00:34:35:17 - 00:35:00:07
    Shoufu Luo
    Well, well, I, I think about it, I think open minded. Maybe that's something I really wanted to like, especially for students. But when they start, like, New Journal of the life, like, like, get out of the college open mind being open minded to embrace this new technology and why? Because, as we discussed, if you don't know something, you do know something.

    00:35:00:09 - 00:35:27:20
    Shoufu Luo
    And what? When? When, when? Such powerful tool, been so successful in many areas, you know, you mentally can have also been, used for cybersecurity. And you need to know the tool, right? What's the why is so powerful? And how has it been? How how can we use that for for the sake of this cyber cyber defense.

    00:35:27:22 - 00:36:06:09
    Shoufu Luo
    Right. And the more importantly what is the limitation of such. Right. So the point you make, you may use a tool in a certain scenario, but without knowing the limitation, you may not still probably use a tool for the purpose of your intended to be right. Then also is because if you know the limitations, you may have the opportunity to see the uniqueness of the technology being applied in the field and developed, like more either complementary or a new perspective of technology, how to use it, even like maybe advanced the technology in that way.

    00:36:06:14 - 00:36:32:17
    Shoufu Luo
    Right. Because we have supposedly have its own characteristics and, have its own needs. Invention is a technology adept for that, for this, field. So, so I think it been open minded to and that embrace of the new technology and keep up with those two like powerful tools is very important and we Z I think another thing you will say, well, don't be afraid of this.

    00:36:32:18 - 00:36:34:03
    Jie Ren
    Ya exactly. I think.

    00:36:34:03 - 00:36:35:00
    Shoufu Luo
    Lots of time to be one.

    00:36:35:00 - 00:36:35:13
    Jie Ren
    Hundred percent.

    00:36:35:13 - 00:36:41:17
    Shoufu Luo
    Like human nature is more kind of like when you get a comfortable zoom, and I get used to what I have to.

    00:36:41:17 - 00:36:50:14
    Jie Ren
    I use a ton and the rest mate to ourselves in terms of what we can do. I would be zillions on our, you know, ability, our potential.

    00:36:50:17 - 00:37:14:01
    Shoufu Luo
    Yeah, exactly. And if you were to push those things away, you're basically one against the, whole lot. Like, you know, the, the whole what is the having all the kind of technology and you are just staying in your own cocoon and the only things that would be dangerous. Right? That's how I feel. So yeah. So I think that like, then us and then will we just the stick, like, study hard and work hard and play hard.

    00:37:14:03 - 00:37:17:01
    Jie Ren
    Lessons, maybe do art at some point? Well.

    00:37:17:05 - 00:37:31:09
    Shoufu Luo
    I have very high like, kind of view of art because I actually have a different kind of mindset of when we talk about tech and knowledge. Right. But but that's maybe the potential people follow. More ideas can be, you know.

    00:37:31:09 - 00:37:45:06
    Jie Ren
    What it's by exactly by the create the creativity drive each one right. You know it's as a human being. Thank you so much of all for the wonderful talk. I really enjoyed our conversation. And then then another thing. Welcome back to the city.

    00:37:45:08 - 00:37:51:04
    Shoufu Luo
    Well, yeah, I would stay here for one week and, try to go places that I used to go.

    00:37:51:06 - 00:37:55:18
    Jie Ren
    So I know we go to flushing because it does Tencent.

    00:37:55:20 - 00:37:56:07
    Shoufu Luo
    Good to see.

Also available on

Apple Podcasts | YouTube | Spotify | Amazon Music/Audible