#176: Lester Godsey, Christian Taillon, Tina Carkhuff, and Gary Depreta - Weaving the Cybersecurity Tapestry: The Art of Public Private Collaboration

Joe Toste [00:00:00]:
Hey, what's up everybody?

Joe Toste [00:00:00]:
This is Joe Tossi from Techtables.com and you're listening to the public sector show by tech tables. This podcast features human centric stories from public sector, CIO's, cisos and technology leaders across federal, state, city, county and higher education. You'll gain valuable insights and current issues and challenges faced by top leaders through interviews, speaking engagements, live podcast tour events. We offer you a behind the mic look at the opportunities top leaders are seeing today. And to make sure you never miss an episode, head over to Spotify and Apple podcasts and hit that follow button and leave a quick rating. Just tap the the number of stars that you think this show deserves.

Joe Toste [00:00:34]:
Today we're thrilled to have Lester Godsey Siso for Maricopa County, Tina Karkoff, industry executive advisor at Splunk and the former CIO for the city of Houston. Fun fact, cause I'm gonna plug my own content. I went to the city of Houston last year, so all that content is on the live event page on techtables.com. how do you like that? That was pretty good, right? And then of course we have Christian Talon, threat response engineer at Grand Canyon Education. Thank you for coming on super last. Actually, I thought it was last minute. Gary's really last minute. We're gonna get to him.

Joe Toste [00:01:05]:
We'll get to him in a second. And Gary Deprada, senior vice president of us public sector at Cisco. Welcome to the public sector show. Buy tech tables.

Tina Carkhuff, Splunk [00:01:13]:
Thank you.

Christian Taillon, Grand Canyon Education [00:01:13]:
Good to be here.

Joe Toste [00:01:14]:
Looking forward to this. We're gonna do some brief introductions just for folks across the US who will end up listening to this. Lester, let's kick off with you. Short intro.

Lester Godsey, CISO, Maricopa County [00:01:21]:
Sure. Lester gots the chief information security officer for Maricopa county. For those that don't know by population, Maricopa county is the fourth largest county in the US.

Joe Toste [00:01:29]:
Shameless plug again. We just had on Richard Mchatty right before this. The CIO for Maricopa county. Did he make it in here or no? Him and Aaron. No.

Lester Godsey, CISO, Maricopa County [00:01:37]:
So I showed up for his, but he apparently didn't show up the line.

Joe Toste [00:01:40]:
Yeah, but look at that camera. Cause I'll just cut like a micro clip.

Lester Godsey, CISO, Maricopa County [00:01:44]:
Oh yeah.

Joe Toste [00:01:44]:
And rich, you missed this episode. Christian?

Christian Taillon, Grand Canyon Education [00:01:48]:
Yeah, I'm Christian Talon from Grand Kenya Education. And so we work in academia and I spent a lot of time working to defend the students and the student data and also training the next generation of cyber warriors, as we like to say.

Joe Toste [00:02:01]:
I love it. Tina.

Tina Carkhuff, Splunk [00:02:03]:
Tina Karkoff. I am an industry advisor with Splunk prior to joining Splunk, I was with Gartner as an executive within their executive programs. And before that I was with city of Houston. I joined Splunk because I love data. I just absolutely love data analytics. Three chapters out of five done with my PhD, and it all focuses on data analytics, so it's good to be here.

Joe Toste [00:02:22]:
That's awesome. Gary.

Gary DePrata, Cisco [00:02:23]:
My name is Gary Depreda. I lead Cisco's public sector business here in the US. So that includes federal as well as all of our state local education agencies. I do find myself in a unique position for two reasons. One, I'm a longtime Cisco veteran, been here since 2005, but I did leave and went to this little company called Splunk for two years before I came back to Cisco five years ago. So I played both sides of the fence, and the inside joke, obviously, on the panel today is I literally am pinch hitting. I just got thrown in about two minutes ago because Kristen Beckendorf is about to have a grandchild who was supposed to be here. So we're happy for her.

Joe Toste [00:02:55]:
Yeah, we're super happy for her. I'm glad that we were able to get her priorities right. She should be there, not at a tech tables event at all. And she's more than welcome to come back on the podcast. Fun fact again, shameless plug. I had to go look this up. Cause it's been a while, but Megan Steele came on the podcast. She's on the east coast side at Cisco, episode 94.

Joe Toste [00:03:15]:
Really great. We talked a lot about leadership, women, empowerment, and the great work that she's been doing at Cisco. So let's jump into it. We're going to touch on. The first thing will be cybersecurity and fraud detection. Lester, let's start with you. You mentioned during our intro call that Maricopa county has been dealing with the intersection of physical security and cybersecurity risks firsthand, with misinformation, and disinformation being one of the biggest threat vectors CISO has to deal with. Can you talk about some of the specific examples of how Maricopa county is fighting to stop fraud and misinformation at the intersection of physical security?

Lester Godsey, CISO, Maricopa County [00:03:48]:
Right. The reason why we're seeing that is the platform or the mechanism by which misdisc and malinformation gets propagated. And my ops team in particular spends a lot of time on monitoring media for potential cyber threats. And what we quickly found out was, while what's posted on different media platforms is an indication of potential heightened cyber risk, it's actually a better indicator of kinetic or physical threats. And so ultimately, being in Maricopa county, everybody's aware of Maricopa county even throughout the world based off of the 2020 elections, right. And that's a situation where we've literally have had mis dis malinformation. A good example of that is after the 2020 election cycle, there was an image that was being shared through those outlets where there was a picture of where all our dominion equipment was stored, and there was a piece of paper that if you zoomed in enough, it had router, username and password. Right.

Lester Godsey, CISO, Maricopa County [00:04:44]:
And so we had to use third party software to basically say, no, that image was manipulated. And so in terms of combating that, it's not like a typical, me and your boss actually been talking quite a bit about this. He calls it mental malware, which I think is a good term. But the traditional tools and tactics to combat mis disembal information aren't the same as, say, ransomware or zero day or a phishing attack and that sort of thing. And that's been an interesting issue to deal with. And we as an organization, we focus a lot on the non technical side of combating that, which is communication, the timeliness in which we respond to those sort of things and trying to prove and provide resources to our constituents so that they can understand what is the quote unquote truth as opposed to what's being shared online.

Joe Toste [00:05:31]:
That's really good. And how has Maricopa County's incident response protocols evolved over the years?

Lester Godsey, CISO, Maricopa County [00:05:37]:
Yeah, that, frankly, has been one of the biggest changes in the last four years that I've been at Maricopa county, where we have all the traditional services and functions. I have a security operations team, we have a third party that provides managed security services, things of that sort. And so what we've had to do is literally update our incident response protocols to account for the increased kinetic or physical threats. And so an unfortunate example that I can share is we've had elected officials have to hire physical security services to protect them and their families. And so we've updated our incident response protocols to reflect that. So if we see credible threats of physical risk to those individuals, we know who to contact in a timely fashion so they can take that information, make the best decision that they can with that, in terms of mitigating that physical risk. So that's just one example among many. We've had to really, out of necessity, we've had to create incident response protocols around elections in particular.

Lester Godsey, CISO, Maricopa County [00:06:36]:
So we have a playbook just specifically designed around elections that outlines how we respond to various different threats depending on what the threat vector is, et cetera, et cetera. And insider threat, frankly, has been another thing that we've had to deal with and has occurred within Maricopa county, and we practice that as well.

Joe Toste [00:06:54]:
That's a great update. Thank you, Tina. When we met, you mentioned that Splunk's data analytics platform has been instrumental in detecting and mitigating fraud for many states from New Jersey, for example, saving $7 billion in fraudulent unemployment insurance claims over four years. Since Splunk. Since they've been using Splunk, since the pandemic started. Walk us through how Splunk's platform aggregates data from multiple sources and uses AI and ML to identify fraud patterns that humans might miss.

Tina Carkhuff, Splunk [00:07:19]:
Yeah, that's where I live. Right. It's all about aggregating the data. Splunk's platform is able to take data from aggregate claims. So let's look at fraud within the unemployment space, for example, which is what New Jersey was doing. A human can look at a single claim and maybe identify whether it's fraudulent or whether it looks good. So let's just say that an investigator looks at a claim, says, yeah, I think that claim is good, we're going to go ahead and pay it. What we're not good at as humans is looking at the fact that maybe on Tuesday, 500 claims were submitted.

Tina Carkhuff, Splunk [00:07:50]:
They all had the same name, they all had the same date of birth, and they all shared the same bank account numbers. Humans aren't good at that aggregation of data. And so that's where we bring Splunk in to look at the data. Not only that's in the claim, but that surrounds the claim. The network, it came in on, the PC that was used to file the claim. We look at all those data sources, and then we come up with a risk based score to determine whether or not something looks fraudulent. And then it goes back to the human. We always want to keep the human in the loop, and we let the humans make the determination that, wow, this is a risk score that's really high.

Tina Carkhuff, Splunk [00:08:21]:
This is something that's probably fraudulent. We don't want to make a payment on that claim. And so that's exactly how New Jersey has done it, by setting up different data queries where we know those data queries are going to lead to a positive outcome for them in terms of fraud detection.

Joe Toste [00:08:35]:
Recently, if you didn't catch it in the news, Splunk was acquired by Cisco. Your LinkedIn feed probably blew up, right? Am I everyone with me on this, everyone. Okay. It was a very coordinated. I was like, this is impressive. And this presents an exciting opportunity to enhance security, particularly by integrating splunks powerful data analytics with Cisco's Talos threat intelligence. Gary, talk about how this integration will enable faster, more comprehensive protection against cybersecurity threats for your customers.

Gary DePrata, Cisco [00:09:00]:
So I think we'll talk about talos and the integration, but I think there's a broader theme here. But as someone who's on the road 40 weeks a year and meets with cxos from our state, local governments, I'll always start from a customer perspective and work our way back to an industry and then to Cisco, ultimately. And if you think about it, what our customers are dealing with are a couple of real challenges, not just for cyber, but in cyber in particular. Number one, they have a tool, sprawl problem, the complexity of cybersecurity tools. This is. I'm not telling our listeners or our viewers anything they don't already know, but it's just unmanageable, the complexity, which actually introduces more risk.

Lester Godsey, CISO, Maricopa County [00:09:36]:
Right.

Gary DePrata, Cisco [00:09:37]:
Complexity of trying to combat and defend. So we have this complexity problem, and then I'm a public sector person. That's what I've been in my whole career. We have a human capital issue. There's just not enough talent in our country to operate all of this. So why does this matter to the essence of your question, why I am so excited about having splunk being a part of Cisco, is it does really provide a platform approach. And so what does that mean? A platform approach means that it will do integration. And so if you think about where the industry is going and where Cisco and Splunk are going, is that we're going from a history in cybersecurity of point products, whether that's endpoint security or whether that's multi factor authentication or whether that's content filtering.

Gary DePrata, Cisco [00:10:23]:
And again, whenever there was a new emerging threat in the cybersecurity landscape, a new startup would be born, and we'd all go racing by that point product. Well, Cisco, over the past years, have been purchasing all of those, many of those at those point products. And where we are at now as an industry to meet this customer demand, is integrating all of those into a platform. So you're going to see a day in the not so distant future where those point products actually become features of a security platform, and customers will then operate a platform. In this case, we're talking about cybersecurity. But Tina and I were talking offline. It could be it operations, it could be compliance. It could be fraud and waste.

Gary DePrata, Cisco [00:11:00]:
It could be preventive maintenance for fleet management. And so it's not just for cyber, not just for it operations, but on what we call the OT side of things. So if you're a CFO and you want to be, you have to have real time monitoring for compliance. So we're super, super excited because it becomes a data platform for many use cases, clearly, for cybersecurity, but it also becomes a consolidation point for features that our customers, in my case, my government customers, will need. It will simplify the operations, and it'll be cost savings, too, because you're not dealing with two or three. I think the average is 36 cyber vendors in each enterprise right now. And so as that consolidation naturally happens in the industry, we think because of the acquisition of Splunk, Cisco and Splunk will be front and center and be a leader in that sort of dynamic.

Joe Toste [00:11:47]:
Christian, you mentioned the strategic collaborations between private sector vendors and public sector entities at Grand Canyon as important to your cybersecurity operations. Talk about how these partnerships help improve Grand Canyon cyber defenses, particularly in protecting the systems and data accessed by students and staff.

Christian Taillon, Grand Canyon Education [00:12:05]:
It's serendipitous. We have Splunk and Cisco on the panel because those are two of the heavy hitting vendors that we use. And so we have a lot of our security operations center staff by student workers and interns. So you mentioned the tool problem that we all have. We're all doing this full time, and we're still having a hard time keeping up with all those tools. One of the problems with employing, one of the challenges with employing interns and a lot of transitory type workers is it takes time to upscale them and train them. And when you're at an organization who's already leveraging not just 30 or 40 vendors, 50 vendors, but dozens of products from some of those individual vendors, you can't teach the students to work on all of those. So for us, Splunk has really been the security operations center's gateway into accessing the data and telemetry from Cisco's products and from our other vendors and from our other partners so that the students can learn a single platform efficiently and be able to answer and ask the questions that they need about an incident or about the systems that they're investigating, and they don't have to learn those 30 or 40 or 50 different interfaces.

Christian Taillon, Grand Canyon Education [00:13:12]:
Another way, too, is that training takes time. A lot of us, we all in information technology, are struggling with workforce shortages, but it's also skilled workforce issues that we're actually struggling with, and we've been trying to. The goal is to try to merge what it looks like to learn how to do this job and what the actual job looks like as much as possible. So that way, when the students leave and they go into the real world, they're doing the same tasks and perform the same functions. The theory and the definitions and the vocabulary and learning the second language of what is cybersecurity. Acronyms is important, but then also understanding why, what data, why we collect what certain data, and how we do that, how we ask questions about our data, to answer questions about if there is a material incident, if something needs containment or response and partnering with those vendors. These are two vendors we have in the classroom, and the same technologies or the same systems that we can use to train ourselves on the engineering and analyst side, as full time employees, we've partnered with these organizations to get those same e learning classes and those same licenses for education and the same literal systems. The students can log into and experience exactly the same environment that they would in the real world, so that the transition's less disruptive and they're ready to hit the ground running when they join the fight against the cyber adversaries that we all share.

Christian Taillon, Grand Canyon Education [00:14:31]:
And that's where the public sector partnerships comes in, where there are certainly cases where there are adversaries who target specific sectors. And so we might not share all the same adversaries, but the democratization of the tools that are being, that we're seeing with ransomware as a service and exploit as a service, compromised as a service, a lot of them either end up using the same tools or they were being compromised by the same groups that sell that access. So we still definitely share a common adversary. And so information sharing becomes really important. And the community aspect is just the fundamental first step for that. Being able to text and call people and say, this is what we're experiencing, to talk about the social media threats and how we combat that and how we analyze that, those are hard problems to solve as we start to step into that. But then also there's many public sector and organizations and agencies that we can share information with, and we can share about threat intelligence in a way that's in a trusted community. So that way we don't have to wait for information to disseminate throughout the entire world before we can use it to defend ourselves.

Christian Taillon, Grand Canyon Education [00:15:36]:
If someone's hit with something, we can start sharing that information day one. I think that's one of the advantages and blessings we have in Arizona is a smaller, tighter community where we all feel comfortable, we know each other. We're like, hey, this is what we were hit with. And the more we share that information, the more we're also collectively just receiving that heads up on a more accelerated rate. And that's really helpful for trying to do more and secure more with less.

Joe Toste [00:15:58]:
That was fantastic. So I know you're a coffee aficionado, right?

Christian Taillon, Grand Canyon Education [00:16:02]:
Yeah, I saw that on the coffee. You'll buy coffee.

Joe Toste [00:16:05]:
Yeah, I love coffee. So if you ever come to Santa Barbara, I'll take you to handlebar. And we would probably have a three hour conversation. Yes, I'm a big fan of walking. So we probably take the handlebar and then walk alongside the beach. Would still have a great walk and sunset and conversation. Lester, Maricopa county is putting up guardrails in place via policy around the use of AI due to the concerns about data privacy and security. Right.

Joe Toste [00:16:27]:
Talk about the specific challenges that you face in balancing the benefits of AI with the risks of exposing restricted or confidential data in public AI models.

Lester Godsey, CISO, Maricopa County [00:16:36]:
Yeah, I think there's a couple of aspects to that question. And so, number one is AI, much like in my experience, with the accelerated adoption of cloud services by public sector, highlights and exacerbates problems that the public sector has had traditionally. And so as simple as 2024, and the fact that organizations still have challenges around asset management, data management, along those lines, AI just exacerbates that problem. And what I mean by that is it's hard to put guardrails in place if you don't know what's in your environment. So whether you're talking about physical or digital assets or data assets, data should be considered an asset. Right. And so if organizations aren't thinking that way, they're already behind the curve. And so that's one problem.

Lester Godsey, CISO, Maricopa County [00:17:24]:
And then in terms of the cybersecurity guard rails specific to AI, the challenge that we have, some government agencies actually have attempted to outright ban the use of AI, right, which I think, in my opinion, is a little short sighted because everybody's already using chat GPT on an individual basis. So let's just be realistic about what's what.

Joe Toste [00:17:47]:
And we saw this with New York, by the way, and then they turned around like a hot two weeks later or something like that.

Lester Godsey, CISO, Maricopa County [00:17:51]:
Right. And so I think just being realistic about that, the position Maricopa county has taken is, look, we want to embrace the use of AI, but we want to have those guardrails in place. One of the guardrails that you're referring to is our policy around when is it appropriate to use third party, publicly accessible AI services, right, like chat, GPT, and in those instances, our organization, we're proposing they can use those tools, but they shouldn't be uploading data that's considered confidential or restricted. Right. And so those are the guardrails we're talking about. And so then we're also coming up with strategies I know Rich and Aaron Judy, for example, specifically are working on. Okay, for those specific data types, especially confidential, how do we need to architect the environment in such a way where we can still allow access and use of that technology, but in a secure way where we minimize the risk of that information getting out? We have, I think last time I checked, 4.6 million residents in Maricopa county. And so we're the stewards of that data going to go out on a limb and assume that they want us to protect that data in an appropriate fashion.

Lester Godsey, CISO, Maricopa County [00:18:55]:
It also becomes an issue of privacy. Right. And one thing that's very popular, and you might have experienced this in Houston, I'm assuming, is local government in particular, jumped on the bandwagon with like, open data portals. Right? And so when I was at the city of Mesa, for example, we would publish a bunch of data on our open data portal. We would take steps to mitigate any potential data privacy risk. So they would upload, like, 911 call data, but they would do things like obfuscate the street address of where certain calls came from, especially like domestic violence. Part of my concern from an AI perspective is you can go through those manual processes to obfuscate that data. But if you aggregate that data with other additional data sources, it's not a far stretch to extrapolate where that call actually came from.

Lester Godsey, CISO, Maricopa County [00:19:43]:
And so those are some of the other things that we're trying to put in place from a guardrails perspective and at least awareness about. We need to take additional steps above and beyond what we just as a public sector have traditionally done. Right. That's a multifaceted problem that requires a multifaceted approach and controls, both from a technology perspective as well as process.

Joe Toste [00:20:04]:
Same invite. If you come to Santa Barbara, we will also get some coffee and go on a walk. Tina fraudsters are also leveraging these technologies to create increasingly sophisticated attacks. How is splunk ensuring data privacy while still leveraging AI and ML?

Tina Carkhuff, Splunk [00:20:19]:
So it's a good, it's a fair question. It's a good question. I think when you look at what the fraudsters are doing, they're also using AI, so they're using. They lease bots in the morning for cybersecurity attacks. They lease them in the afternoon for fraudulent attacks. Right. And so we have to make sure a lot of the fraud that happened early in the pandemic against some of our benefits programs were against specific individuals. Right.

Tina Carkhuff, Splunk [00:20:42]:
Real people, real data was stolen, sold on the darknet, and that data comes back to hurt us in the long run. So if my data is stolen now, maybe I can't file my taxes each year without going through several steps in order to make sure that I'm the person actually filing taxes. The same thing applies to our benefits program. If someone else is claiming that they're me and they're getting Medicaid benefits, they might be taking benefits out of my family's need. And so we have a very specific need to protect the residents that we should be protecting at all costs, and we should be protecting the money that we're spending on those resident services. What Splunk does is we look at that data, and we're always a few steps ahead of the fraudsters because we're looking at data privacy issues. And as you said, a lot of government entities are posting data publicly that then gets turned around and used against us. So because we have this data analytics platform, because we also operate within the cybersecurity space, we can recognize bad actors by the way that they come into our systems.

Tina Carkhuff, Splunk [00:21:41]:
And so we're looking, again, IP addresses that come in, we known bad actors looking at databases of known threats. All of those things can contribute to that data aggregation and add up to, hey, this is a risk that we want to look at, or maybe this is something that is, as we say within splunk, that it's clean and green. We can let it go through. But it's the power of data analytics that allows us to do that so fast, because if we did it with humans, we just don't have those abilities. We don't have that computational ability.

Joe Toste [00:22:11]:
Is there a short 92nd story of a specific customer that comes to mind?

Tina Carkhuff, Splunk [00:22:17]:
So, I think early during the pandemic, we worked with several states. And so it's a several state story, but same kind of concept. A lot of states started using identity verification, and they were looking at facial recognition for identity verification. There's a lot of privacy concerns around that. And so a lot of states stopped using facial recognition and chose a path of looking at data. Because data is completely objective. Facial recognition tends to be more subjective. We've seen a lot of customers move in the public sector space, move away from that facial recognition.

Tina Carkhuff, Splunk [00:22:52]:
That's not necessarily the case in the commercial side, in the private sector. And they've opted for using more data specific strategies for identifying whether or not someone is who they say they are. And so I think that shows the power of data analytics, the power of verification through data, right. Because when you look at challenges across every public sector agency, all of them have a data component. It's how we use that data, it's how we interpret that data that makes us more powerful against these threats that are coming in.

Joe Toste [00:23:20]:
Gary, the Cisco splunk acquisition combines the strengths of both companies, from data privacy to security. How do you see the merger? Helping organizations maintain the data privacy while also harnessing the power of AI for security purposes?

Gary DePrata, Cisco [00:23:35]:
I'll make a couple comments. First, about the principles of privacy and AI. And in 2002, Cisco executive leadership published our strategy and our vision for responsible use of AI that takes into consideration things like fairness, transparency, security, privacy. So all this goes on and on, as you'd expect. An industry like a leader like Cisco, we did that obviously for ourselves, for our customers, but we also did that for our business partners and for the community at large, because we are a thought leader. But when we think about the Splunk acquisition, we'll go back to your earlier question about sort of integration of a platform, and I'll build a little bit on what Tieden was describing, what we're seeing. Everybody wants to go to the chat GPT, which is a powerful part of AI. But where we see AI today is in automation and an automated response.

Gary DePrata, Cisco [00:24:23]:
So if you think about one example in Splunk's cybersecurity platform is their soar technology, right? So you have security orchestration, automation, and then based on the policies that implement automated response, because we go back to the human capital issue, even if you had the best talent, Tina described it quite well, is we don't have enough. Even if we had the skills, you just don't have the human capital to combat the real time threats. Where we see ML and AI making an impact today, this is not a future. An impact today is on that automation and orchestration on a response, and it's integrating things like Cisco's, or will be integrating things like Cisco's Talos threat intelligence tool, right? So we're getting real time data from around the globe. Cisco has largest infrastructure footprint around the globe. And so taking that threat intelligence and integrating it into the splunk sim and their orchestration tool, we're going to automate this. And it's being automated today.

Joe Toste [00:25:17]:
And I'm sure at some point people like Christian will be able to have a conversation with that data to really open that up, which I think will be really.

Christian Taillon, Grand Canyon Education [00:25:24]:
That's the dream. That's the goal.

Joe Toste [00:25:25]:
Christian, how has Gen AI impacted how higher education specifically for Grand Canyon teaches? I'm curious around the broader applications around the various degree programs. Can you talk about how that technology is influencing the careers of the students?

Christian Taillon, Grand Canyon Education [00:25:39]:
Yeah, definitely. It was mentioned before that there was an initial, maybe knee jerk reaction, that it was scary, it was new. And so there's this initial reaction to let's look into banning it and let's look into blocking it, because this time we can't control. And now, in hindsight, we can look back on that and say, people who are trying to ban it, like, there's better ways forward. We don't want to be without this benefit. But it's, think about it from an academic perspective. One of the primary ways that we assess students success and their comprehension of the subjects that they're learning is through having them write essays and write about the subject, to maybe write code, but to present and express and show that they understand the concept they're able to use and demonstrate the information that they've learned. And now you can take that assignment and copy paste it into chat GPT, and it does it for you.

Christian Taillon, Grand Canyon Education [00:26:29]:
That really throws a wrench into the system. So it actually came back to those private sector partners and working with vendors who have the technologies to be able to do that and detect that so that we can put new security controls and controls that we didn't really even have the need for in the past. We had controls to try to help us identify when people are doing plagiarism, but those don't. That doesn't translate over to generative AI. But now the industry has come up with solutions. And so that's like the. The whack a mole game that we keep playing. As there's a new problem, industry comes up with a solution.

Christian Taillon, Grand Canyon Education [00:27:02]:
Let's figure out, let's make them successful. If we're successful, we can solve this problem with this technology. It was now that can be seen as a tool to help enhance the education. We often are talking about chat GBT writing code, or these models writing code for us. And while it definitely can do that, it's also just interesting to consider that it's got a lot of aggregate knowledge throughout that it's collected over the Internet. And we've found other use cases. Like, one practical example that comes to mind is there's a little bit of an aversion when students first get experience with command line interface, because you can set them in front of a GUI and it's intuitive. They explore, click around.

Christian Taillon, Grand Canyon Education [00:27:40]:
It's very welcoming and inviting, but a lot of the things that we do and a lot of the problems we solve require this familiarity and comfort. But to sit someone down with a professor again, we're going back to the idea of scaling the human capital that we have. That's something we could do. We can also now build a little client so that way when they're working at the command line level, they can start a session with chat GPT that's trained based off of the man pages and the help documentation for them. And they can ask it like, hey, in this assignment, these are the types of things and features and flags that I need to do. Help me understand what these do, and it can automate and really scale the ability for the students to explore on their own things that weren't comfortable for them in the past. We interface with a lot of the technology side and the technologist side of consuming chat GPT. But what I've been interesting to interested to learn about more recently is to see the other industries like it's not just happening in a silo.

Christian Taillon, Grand Canyon Education [00:28:31]:
There's nursing programs that are impacted by this and benefited from this, and there's other parts, other colleges taking advantage of that resource and what it can do and what it does well. And we're all collectively learning that there's things that doesn't. And I think that's one of the things that we have an advantage within cybersecurity is we've been using machine learning way longer than generative AI has been known to the public. And so we've been through the phases of, oh, everyone's skeptical about AI, and then AI is the answer to all problems, and it can solve all things. And we don't need coders anymore, we don't need analysts, we don't need the people. And we've seen that, and we've found out the things that do work. We've understand the types of problems that machine learning can be useful for in the fact that there's different types of machine learning and really do not bring your large raw data to chat GBT to help you perform analysis. Don't dump large amounts of private enterprise data into chat GBT because there's privacy implications of that.

Christian Taillon, Grand Canyon Education [00:29:24]:
But that's also just not the right tool for the job. And the industry's coming up with the right tools to the job. Or GCU, being an academic and research and client institution, they're looking at just building out our own and leveraging the open source projects and local learning modules. And that's what I'm excited for. I want a local learning model that just can index all of my files on my computer and I can just ask it questions every day. So I'm going to take your brain on that. There's good solutions, there's proper ways to leverage this technology. But I think also the accessibility was one of the things that made generative AI so different than a lot of the other advancements in AI.

Christian Taillon, Grand Canyon Education [00:29:56]:
Because to me, I'm still more, maybe selfishly, immeasurably grateful for what we can do with AI to help us detect cyber threats at scale and in ways that humans just can't. We no longer have to rely on writing detections and sharing out Yara rules to each other, though those have a place that's not how we're protecting ourselves proactively. But there are proper solutions and or there are proper problems that these solutions can solve and pairing those up, that it can be a benefit to learning and it can be a benefit to us in the industry, but we can maybe communicate to the other sides of the businesses and for my case, other colleges. Hey, AI is not chat. GPT isn't the company for this. Let's look at a proper use case. Let's talk about a defined use case and find a company that complements the types of problems you're trying to solve with AI. Just in the same way that we're not sharing all, every file that we execute in our environment, we're not dumping that chat to BT and asking to tell if it's malicious or not.

Christian Taillon, Grand Canyon Education [00:30:50]:
We have vendors that have executed that to a very high level that we can partner with and rely on and go that route.

Joe Toste [00:30:58]:
Gary probably doesn't know because I met him like a hot five minutes ago before this podcast, but the reason why there's a basketball here is because I coach high school basketball. And so one of the, I don't know, it's a reoccurring theme right now. Maybe next year we're going to go to San Antonio for the final four. But yeah, I love basketball. It's always super fun. But going back to the students. So I love the story of, oh, we just don't take generative AI or our text and just dump it in and then copy and paste it. And so one of the kids I'm thinking about this past season, in order to play he had to get his college apps in.

Joe Toste [00:31:26]:
I can't believe I'm gonna cop to this on camera right now. But I'm like, okay, you can't play, but I need you to play. I don't have time to write your essay. So I literally sat down with him and went through a bunch of prompts and helped him write it. And then I didn't copy and paste it, and I didn't use Chiagbt either. I think Anthropic's better at writing. Claude's great. Yeah, their new Opus 3.0 is fantastic.

Joe Toste [00:31:48]:
And took that, and then we sat down and we just went through the process of writing in your own words, thinking it through. But I love the. It just speeds up zero to one so fast. It's incredible.

Christian Taillon, Grand Canyon Education [00:31:59]:
And to that point, it's interesting because we've all experienced for decades the problem and continued pain of shadow it. And so in the past, that might look like we're concerned about confidential or sensitive data being shared because someone's setting up a website, they didn't get permission, they didn't go through the vulnerability thing. Someone got a P card and they're trying to stand up resources, they're trying to do their job well, but it makes us, it gives us some extra work sometimes and we gotta play catch up. But now this type of technology is accessible to everyone. The skill set required is no longer being able to set up a WordPress site. The skill set required is, can you send a text, can you send an email? Because those are the technical skill level that you need to engage with chat GPT, can you use copy and paste? So everyone has access to this. And so now it's not even just the staff, but maybe like students didn't have purpose or reason to maybe share, create websites with sharing all of the intellectual property that GCU might consider important to protect, but now they might be inclined to dump all their documents and dump all their assignments. And hey, this is all the information I got over the course of the week.

Christian Taillon, Grand Canyon Education [00:32:57]:
Help me write a concise 500 word essay. That wasn't a problem that we had before, and so it creates a lot of new problems, but it also gives us opportunity to see how this technology and how this innovation is really going to be something that we can leverage. Because GCU has done some work with Anthropoc and we've tried to create a resource for students to help and scale our human resources and be able to help service them more often at crazy times of day, so that they have a resource that they can always go to, but it doesn't, certainly doesn't replace the human at the end of the day. And so that's something that I think the world's kind of more caught up on and realizing that this isn't a rip and replace of human employees, but it is a cool and interesting technology that we can explore a lot of different ways of using.

Joe Toste [00:33:41]:
Okay, this is the last thing I'm going to cop to because I'm just. And then I'm going to move back to Lester. It's just so geeky. I just love it. So we're going to have Jack McCain come on after this podcast during lunch, and which is with Tim Romer. It's going to be absolutely fantastic. Tim sent me some thoughts on Jack McCain really quick. And then I came in here and hid, and I went to my database, and I also went to YouTube, started grabbing transcripts, reformatting and robot.

Joe Toste [00:34:05]:
It's probably the quickest I've ever written. Any amount of questions. Sorry, Tim, but they're really good. They're really good questions. I got you.

Lester Godsey, CISO, Maricopa County [00:34:10]:
Yes.

Christian Taillon, Grand Canyon Education [00:34:11]:
And how long would that have taken if you had to do that all step by step? Watch YouTube videos? It's crazy here.

Joe Toste [00:34:15]:
Okay, here's my last thought when I started the podcast. When I started the podcast, I listened two episodes. Now, granted, I'll still do this. If Tina comes on for a hot 20 minutes episode, I'm gonna listen to that. If she's on for some two hour episode, I'm like, sorry, Tina. But part of it, what like, the claude doesn't get is you can do all of that tech stuff, but in an interview like this, what it doesn't get is the human connection. This dovetails so well into my next part. But this is the human connection piece.

Joe Toste [00:34:44]:
Like reading the room, understanding people's body language, it doesn't tell you that. It doesn't say, position your body like this and look, Gary, like this, and move to lesser like this. But there's just so much opportunity. And so that was the old way of me doing it, was actually listening to every episode. So as a small business with me and my wife, you can imagine we've now drastically accelerated what we can do very quickly. And that's just one piece of it. Like, we have a whole process, process down. So it's a fun time.

Joe Toste [00:35:14]:
Sorry. You can tell I'm totally geeky about this kind of stuff. I love it. So, Lester, you mentioned that trust in government is at an all time low, affecting the perception and success of cybersecurity programs. I'm sure this is actually a huge challenge across the country. So I'm glad we're going to put this out, but how can the public private partnerships help bridge this trust gap and foster better collaboration in tackling these cybersecurity challenges?

Lester Godsey, CISO, Maricopa County [00:35:36]:
Yeah. I'm of the opinion that trust is the currency by which government operates. And if the public. It was a Pew research study done. And so, like, in the seventies, I'm generalizing here, but in the seventies, I think trust in the federal government was somewhere in the ballpark of 70, 75%. Right. Today, I don't. I think for the last x number of years, it hasn't exceeded, like, 33, 34%.

Lester Godsey, CISO, Maricopa County [00:36:01]:
We're at an all time low.

Joe Toste [00:36:02]:
We peaked in 1999. I think that.

Lester Godsey, CISO, Maricopa County [00:36:04]:
Oh, yeah, yeah. Oh, yeah, we talked about that. So anyways, so 99 was a long time ago, but anyways, yeah, so it's really difficult to deliver services to our constituents when they don't trust us as an organization. And so the public private partnership question is a very interesting one, too, because from my 27 years in public service, I think that public private partnership, the fundamental issue or thing that needs to be addressed in that is between the vendor ecosystem and us in the private, in the public sector. And so that trust needs to be established, that we have a real. There's talk about they're not vendors. We want to establish partners. But the fundamental core of a partnership is that fundamental trust, whether Cisco, splunk, or any other of my vendors in our ecosystem, one of the things that we did in preparation for this past presidential preference election was get, and both of you were very gracious.

Lester Godsey, CISO, Maricopa County [00:37:03]:
Your organizations, in terms of, I didn't want, if something bad happened, I didn't want to have to submit a call, provide my case opened up or whatever the case is. So I basically had all our vendors on speed dial, and I'm like, can you commit to providing a direct resource that I can call and a human being is going to pick up? I don't want to talk to AI. So that's just one example among many. I think the other thing in terms of building that trust is from a vendor perspective, understanding what our challenges and what we are hoping to accomplish, which is addressing this erosion of trust, and where a splunk, where Cisco or any other vendor can come in and understand what part that they play in the bigger question about whether it's cybersecurity. And really, at the end of the day, from a public sector perspective, I really believe it's this new. Not that the concept of reputational risk is new, but I think our focus on that is maybe newer. Right. So we're very good about defining cybersecurity risk, et cetera, et cetera.

Lester Godsey, CISO, Maricopa County [00:38:09]:
I think to a large degree, we've been good about defining physical or kinetic risk, but reputational risk is something that I think is lacking. So if you look at the existing frameworks that are out there, there's not really the same standard, like in NIST or whatever else that is articulated in definitive terms. That's lacking from a reputational risk. And as a public sector agency, that problem isn't going to get better. That's just going to get worse. And so that's where I think our vendors and our partners can assist us along those lines. Understanding that's what's motivating us. And that in a lot of instances, it's not just a pure technology problem where, okay, install this agent and you're good to go.

Lester Godsey, CISO, Maricopa County [00:38:51]:
It becomes more of, to your earlier theme, it's a human problem. Right. How do we build trust? And in a lot of ways, it's just how we respond and engage with our constituents, I think is really ultimately what it comes down to.

Joe Toste [00:39:04]:
Tina, do you want to jump in on the collaboration of the public partnership piece from Splunk's perspective?

Tina Carkhuff, Splunk [00:39:10]:
Yeah. I think that the pandemic has given our state and local government and higher education customers the opportunity to rethink what public administration means. And so those public and private partnerships are so critical, I think, in the government space, because the one thing that we don't do well in government is address new problems with a different perspective. So I always talk about best fit over best practice. So, public administration is built upon the foundation of best practice, which means I go call my neighbors, I call Lester, I call Christian, and I say, hey, what are you guys doing? But best practice may not fit the problems that I have. So best fit is a better strategy for how we address those issues. So if you look at an example from the fraud space, one state that we're working with had a problem where employees of that state, while they were still employed, were filing unemployment claims and they got paid. Another state, big problem with fraud.

Tina Carkhuff, Splunk [00:40:06]:
Right? Another state had a problem where, on the very first day that pandemic assistance funds were released by the federal government, their systems completely shut down. So they went to paper processing until they could get their systems back up where they weren't overwhelmed. They had a lot of fraudulent applications coming in, but they were coming in on paper. You could realistically say, or objectively say that both of those government customers had very big problems with fraud, but best practice might not solve either one of their challenges. Right. It can't implement data analytics with a government where they don't even have a working system from which to implement data analytics for the other customer could implement data analytics, but they'd have to know what they were looking for specifically. Right. So when you have best practice, you have a very big hammer, and everything looks like a nail.

Tina Carkhuff, Splunk [00:40:51]:
When you work with best fit. I'm going to realistically solve the problem that I have, which might look like Lester's problem, but it could be completely different. So that's how the Walmarts and the targets of the world approach it. When they were dealing with large amounts of fraud within their organizations, both of them came up with solutions that better fit their individual needs as an organization. That's where government, I think, is learning and is getting ahead by leaps and bounds, because we're not just looking at best practice anymore, we are looking at best fit. And so from a splunk perspective, we're completely customizable to that best fit, rather than just saying, hey, here's the brush we're going to paint the world with. And so I think we've had a lot of learnings coming out of the pandemic. We've had a lot of workforce challenges.

Tina Carkhuff, Splunk [00:41:34]:
We've had educational opportunities not just for our customers, but also for us within the commercial sector. And those public private partnerships are teaching public sector how to do things much more efficiently.

Joe Toste [00:41:46]:
We're going to talk about the better together story now. I was trying so hard, and I was disciplined yesterday during the podcast with Owen. Owen, I almost thought I put you on the wrong podcast because you kept saying, better together. Better together, bettered together. And I was thinking, oh, man, did I just make a huge mistake? Does he know about the better together story? So I held off, but I was like, that's what I was thinking about the whole time. I was like, oh, no, did I mess this up? Did I swap somebody in? But you were on the right podcast, though, Gary. We're hammering the better together story. But just love to get your thoughts on the alignment that really enables the collaboration between the two companies.

Gary DePrata, Cisco [00:42:21]:
And if I could call a little bit of audible, and it's not just about collaboration between the two companies, because we're clearly going to be integrated. And again, I'm in a unique position. I spent some time at Splunk as an employee of Splunk and a lot more time at Cisco. It's a great cultural fit. The two companies are very innovative. Their commitment to customer success, especially in our world and the public sector world. This is going to be one of the best coming together stories that I've ever witnessed in my career. So I think it's going to be a career trophy experience for both Tina and I on our teams.

Gary DePrata, Cisco [00:42:51]:
But I'd like to take that over back to the collaboration with government, because that's the world I live in. It's the world Tina lives in. And we feel like we're in a stewardship role covering public sector for the past 25 years of my career. And it goes back to that public private partnership. It really does not make financial sense of building infrastructure, but just coming together, number one, which I think we have great relationships, both Splunk and Cisco, in terms of engaging and executive information exchanges and really coming together to take our thought leadership and solving sort of problems within our community, problems within the government, and we all make our living in technology. And I'm thinking of two stories as I was listening to the last couple of comments, that the pandemic did give us a gift in public sector. And you think about restoring confidence in government. And certainly there's the political side of that, why people are cynical.

Gary DePrata, Cisco [00:43:44]:
But at the end of the day, it's all about like a fishing government too, especially at a local level. And I think of two stories where, you know, beginning to do our small part to restore customers. Resident citizen confidence in government happened as a result of the pandemic. And it really is had the ingredients of us coming together with government leaders, but also doing what we do best, which is technology, right? How does leverage technology? Technology is a disruptive force. It's an efficient force. It always drives more productivity. And so what the pandemic did is forced us and our customers, especially in the public sector world, to immediately break down the boundaries, whether those were cultural boundaries, demographic, where older teachers and workers don't want to teach remotely. That was all just pushed away very quickly.

Gary DePrata, Cisco [00:44:30]:
So two quick stories that had some great benefit. One was with the city of El Paso, where the city manager and the mayor said, Cisco, we have this kind of homeless issue. And the homeless issue is not static. It's very dynamic. And we don't have the ability for them, when someone's in crisis to quickly get a resource. It's funny you say that. You wanted a warm body. Think how frustrating it is if you're in crisis with a substance abuse issue, mental health issue, you're homeless and you have to go through a response unit.

Gary DePrata, Cisco [00:44:58]:
It's never going to happen. So they created with the city, partnered with a click to connect or an El Paso helps as a program and by one click. Interestingly enough, about 97% of homeless people do have access to have access to a smartphone, because that's how they get. They stay connected and you get a live person that gets them immediately connected to not only city resources, but nonprofit resources with one click. And so what technology did in that case is not just make it easy for someone in crisis, but also brought together not only city resources, but nonprofits altogether through this kind of one click event to help someone in crisis. So that improves the lives of and the quality of lives of a community. The second example is with the city manager of the city of Buffalo when they had to push everybody out of their call centers because of the pandemic. And they said, hey, Cisco, can you come in and create this virtual.

Gary DePrata, Cisco [00:45:52]:
So contact center modernization. Call center modernization was huge during the pandemic for Cisco. And we did. What we didn't recognize is while every agents can now work from home because they were overwhelmed with call volumes, what we started to do is automate that with bots and processes, and an unintended consequence came out of it. Not only was it became more efficient in terms of how they were handling inbound calls from the community, but they started to look at the aggregation of data, and they were like, hey, what city blocks need certain city services, whether it was potholes or trash pickup? And so they started to do like a monthly review of pockets of the city that needed more focused services rather than peanut buttering it. And then they started to do community outreach and proactively get there to that zip code or city block to be proactive with the services that were needed most. And the city manager shared the story with me at the smart Cities conference last year, and he went out one of these monthly visits on the proactive outreach for city needs based on the aggregation of data. And this one older woman said, oh my gosh, I called you yesterday.

Gary DePrata, Cisco [00:46:59]:
I didn't think you were going to show up. And just the experience sometimes of like, the services, because of the inefficiency that we've had to deal with, siloed systems are beginning to melt away. I love those stories because, like, that restores confidence in government, too. And that's what's cool about government industry coming together, using technology to break down those silos and drive more efficient resources and sharing of information to really deliver a better outcome and a better service for our community. So I love the geek out on that, but I love those stories.

Joe Toste [00:47:34]:
I'll take him on a walk. Yeah, you were right there with me. He wants to go on a walk. Panel bar. That was, like, right in tune. We were thinking the same thing.

Lester Godsey, CISO, Maricopa County [00:47:42]:
I thought I was going to be special and get to hold hands while we did it on the beach, but.

Joe Toste [00:47:46]:
Okay, Christian, this is no pressure. We're going to wrap up with you, and you're standing between you and everyone who wants to go to lunch right now. Public private partnership, Grand Canyon.

Christian Taillon, Grand Canyon Education [00:47:56]:
I think with the public. I think the fact that I can think of the faces of a lot of our public sector representatives is a big thing for us, because when we're thinking about being a part of a community where we're sharing information that's sensitive or we are trying to share and collaborate, the fact that it's not just some faceless entity, but that I can think of the Lester and I can think of Ryan Murray, and I know the relationships, and we have conversations that are ongoing. I can smile when I see Owen walk in the room.

Joe Toste [00:48:24]:
I smile at Owen, too. Look at that smile. That's a great smile. And Justin, fair.

Christian Taillon, Grand Canyon Education [00:48:28]:
From an organization perspective, like, that's. We build trust that way. Like, I can trust an individual that's representing an entire apparatus when I see that face. And then from the private sector side, and really both, actually, for me, it comes back to this workforce development issue. There's two ways to try to help help that problem. One's with the technology. And we've discussed that being able to do more with less people and being able to get the right tools for the right job, not just throw everything at Jack GPT and not also build everything custom in house. There's a lot of technology and a lot of vendors that have.

Christian Taillon, Grand Canyon Education [00:48:58]:
And so we partner with them and we solve those problems with the technologies that make sense, and then the. And we. When we're training these students, though, that's the only way I see that it's not a zero sum game, because right now there's a lot of entry level positions that we talk about often that have a little bit of experience requirements. So an entry level junior SoC analyst might require multiple years of experience. So if we're taking a SoC analyst from one other company, maybe it's an agency or a private sector, and we're placing them somewhere else. That company now has to find a replacement for that, whether that's potentially with technology or another person. We're just exchanging things, and it's a zero sum game. But then when we create new people to be able to contribute to solving this problem, that's where we actually start to, over time, make an improvement overall and we can actually have more people to help us because we're all overworked and we're all being fueled by coffee because we're not getting enough sleep because there's too much work.

Christian Taillon, Grand Canyon Education [00:49:50]:
So long term, hopefully that'll help improve that problem.

Joe Toste [00:49:53]:
That's fantastic. Thank you for coming on the public sector show by tech tables.

Lester Godsey, CISO, Maricopa County [00:49:56]:
Thanks.

Joe Toste [00:49:57]:
Hey, what's up everybody?

Joe Toste [00:49:58]:
This is Joe Tossi from techtables.com and you're listening to the public sector show by tech tables. This podcast features human centric stories from public sector, CIO's cisos and technology leaders across federal, state, city, county and higher education. You'll gain valuable insights in current issues and challenges faced by top leaders through interviews, speaking engagements, live podcast tour events. We offer you a behind the mic look at the opportunities top leaders are seeing today and to make sure you never miss an episode, head over to Spotify and Apple podcasts. Hit that follow button and leave a quick rating. Just tap the number of stars that you think this show deserves.