Welcome to The Innovation Today podcast where we speak with today's technology leaders about how they're innovating to stay ahead of changing industry Dynamics and reaching new levels of productivity and automation brought to you by service now your partner in digital transformation thank you for joining us today for another episode of The Innovation Today podcast I'm your host Jim vanover field Innovation officer at service now today I'm excited to welcome Jeff hoi Financial Service is leader at edile welcome Jeff well thanks Jim it's a pleasure to be here today uh very excited about the topic and uh happy to dig into it me too so Jeff well let's just start off uh by uh hearing a little bit about you and your role well I've been very fortunate I've had the opportunity to work on both sides of the desk I was a former ciso at Sant andere as well as spending a bulk of my career in the cyber security space working at a number of other consultancies uh particularly as spent most of my career working in financial services my particular role today leading Financial Services here at edile uh in our CRS practice that's the cyber security risk practice I have the opportunity to work with our clients as they deal with complex challenges migrating workloads to the cloud looking on how to prepare and address new mandates that may be coming from our policy makers as well as adopting new and emerging Technologies topics such as uh artificial intelligence so you I know that risk is a big topic for you it's it's your top priority it's something that you you talk about often can you share with us a little bit about the conversations you're having today with customers Partners prospects certainly uh what we're seeing today in the industry uh certainly kicking up a lot of dust is the operational resiliency act you know a lot of our colleagues over in the EU are looking at tighter enforcement around how they deal with third parties their incident response capab abilities and understanding uh their concentration risk in their industry and and the partners that they work with so what's keeping them up at night then well I think certainly the financial penalties are are one of the big drivers the other is really understanding how they're going to demonstrate compliance within their organization as well as to the supervisors that might be looking for the definition in their program and how they're monitoring and providing the oversight so so when it comes to risk and compliance working together understanding the mandates Etc what do you see the organizations what do you see that them they're doing well for the organizations that are doing this well I think they're taking the perspective that you know these are existing controls that they've already embedded in their Frameworks and it's really how to extend those with the right level of granularity so uh as an example that might be if there's an incident response timeline that gets compressed that now I need to notify a supervisor instead of 24 hours it's eight hours that I've adjusted my uh policies and controls accordingly so those those are the ones that are looking at this is this this isn't necessarily something net new this is really refining what I have today so I'm glad you brought up the policy maker aspects because that leads us right into what policy makers right now are so focused on of course is around the topic of artificial intelligence I mean it's inevitable that those mandates are coming so what should I what should leadership what should companies be doing now to get ahead of that so I'll answer that in two ways uh one is you know what's the guidance out there available to myself today and so organizations such as nist and ISO have been releasing uh a number of Publications around artificial intelligence a lot of times those best practices will get incorporated into the policies there's other organizations such as uh miter as well as oasp that are uh investing and providing capabilities to look at vulnerabilities in the artificial intelligence space large language models uh things of that sort uh the other is taking the perspective of the organization itself so how will artificial intelligence enable my team dealing with the threats that are in the environment the other lens I would look at it from is how will my business partners whether I'm in financial services or medical certainly we're going to see a lot of innovation coming in those areas and what will they be looking to uh adopt as part of their solution suite and then the last lens I would look at it from is uh how are my adversaries looking to adopt artificial intelligence as part of their tool set yeah so you've been a ciso so I want to double click into you you started to get into this but I want to ask you specifically as a ceso as a as having sat in the seat if you were in that seat again today what questions would you be asking yourself around artificial intelligence ah great question I think one of the first questions I would start looking at is where is my business today have they already I hate to say left without me right are they embarking on initiatives that I don't have line of sight to that I should be part of and that I should bring my team with me the other is what are the skills competencies that I need to adequately enable our business business partners and understand the technology again it it's not necessarily introducing new controls but it's really coming down to the application of those controls and those environments and you know with a lot of new emerging Technologies how we looked at uh the capabilities and how we deployed them may look quite different in the hyperscalers and the solutions that they have today my own personal user account may be used on behalf of a service that's out there and so that's kind of a different control model that I might not have the level of transparency at least you know intuitively to understand how this is being deployed so I want to I want to poke your brain a little bit about I so in the chief Innovation office for for service now we are constantly looking five 8 10 years into the future but we don't we're not typically in the in the security and risk side of it so with you as an expert here would you mind giving us a little bit of you know what what thoughts go through your brain when you're falling asleep what what is what is five eight plus years look like it it's certainly hard to see that far down the road sure especially with AI I I saw an interesting article anecdote from Warren Buffett yesterday at his annual shareholder conference you know just the comparison that he used of artificial intelligence to our release of nuclear weapons um you know that it's partially out of the bag so far I I think it's uh pretty telling that this is is going to play a Major Impact in what we're dealing with for decades to come I think that uh uh when we achieve General AI that that has a lot of implications to our Workforce to how we conduct business and so I think we're just now starting to see some of the implications how it'll enable us as well as what potential harm it could do to us so do you think that there are significant opportunities within the risk and security space through the these new AI tools can we can we use the tools that are a potential risk increase to also defend ourselves well certainly I think that you know the tools that you're seeing you know just even as today provide a tremendous interpretation of uh certain threats that we're dealing with they can interpret scripts they can interpret a number of different attacks in a context that will give our first second line third line support uh a a lot better Insight in what options are available and so whether that goes from you know having a human in the process in the loop to eventually looking towards you know where automation is is owning the decisioning from you know the incident of threat occurring all the way to the resolution I think that's to be seen but you know certainly our technology partner ERS I think we're paying Keen attention to what offerings they're providing and how they're enabling us so so yeah I I I think it's a an exciting landscape to to look at yeah me too I agree Jeff anything else that you wanted to share with our audience or thoughts you've had or I you know again I I think we're not to overuse I think uh you know maybe we live in interesting times I think this is kind of a a turning point you know a lot of comparisons to the adoption of mobile Warren Buffett you know comparing AI to the nuclear age I I think this is something that's going to be a Hot Topic that we're going to be spending a lot of time understanding how it enables us as well as what potential harm can come about it and that's where I think looking at how we articulate our our risks to the uh organization how we control the environment and and not to slow things down but to enable our business partners to actually move faster right take advantage of the opportunity and instead of getting stuck in the mud by the fact that we've got to protect the business exactly that's great Jeff thank you so much for joining us today this has been every time I talk to you it's informative and I learned something thanks a lot it's my pleasure thank you Jim and thank you to all our listeners Please Subscribe and share if you like what you heard today and be sure to join us for our next episode [Music]