“Look to your right and then turn to your left. Those students seated next to you won’t be there next year.” College professors give this warning to first-year students to emphasize that a successful academic career requires discipline, focus, and preparation.
Preparation is key. Reviews of existing work by recognized experts, completing past examinations in preparation for the academic year-end and even picking the brains of students who have completed courses are all essential strategies for success.
In other words, you can learn from the past, and those who ignore the lessons of history are doomed to repeat its mistakes.
The same could apply to the business world. Past failures (and successes) provide actionable insight into what it takes to succeed – and nowhere is this more true than in the field of cybersecurity.
Although the battle between cybercriminals and security experts continues to evolve, the lessons of the past provide important best practice examples that can help businesses avoid the consequences of not adhering to cybersecurity best practices.
The past and future of cybersecurity are central to the work of Richard Bird, Chief Security Officer at Traceable AI. In addition to his full-time role, Bird serves as a Senior Fellow with the CyberTheory Zero Trust Institute and an Executive Member of CyberEdBoard. He is also an internationally recognized presenter, author, and keynote speaker. Yet, when asked to describe himself, Bird offers a different perspective.
“I like to think of myself as an anthropologist and archaeologist of technology,” Bird explains. “I travel the world, meeting companies and organizations to learn how they’re tackling security, privacy, and the adoption of new technologies. My goal is to gather these insights and share them in ways that help others solve similar challenges across the globe.”
Bird, an internationally recognized cybersecurity personality, has spent nearly 25 years in the corporate world, overseeing global teams and advising leaders on cutting-edge security solutions. Two years ago he decided to transition out of the corporate sector and into the startup space, bringing with him a wealth of experience and fresh perspectives. This shift has opened new opportunities, allowing him to engage with a wide range of industries and apply his expertise in different contexts.
A Fork in the Road
Richard Bird joined Traceable AI right after the company secured its Series B funding, allowing him to add significant value to operations. It was a stage in the company’s growth that suited Bird perfectly, given his interest in the growing market for API security.
Traceable is a new challenge for Bird as early-stage startups require different strategies to those employed by a company nearing the final stages of its startup cycle, as was the case during his previous role at Ping Identity, a late-stage startup that eventually went public.
“Startups are a high-pressure environment, but they also offer tremendous opportunity for innovation,” says Bird. “The field of API security is tremendously competitive because the threat environment evolves at a speed that only a few years ago was unimaginable. However, this rapid evolution and the growing sophistication of threats means that many organizations underestimate the risks and continue to rely on outdated technologies and approaches in threat mitigation.
Very Bad Things
In his current role, Bird works with organizations to help them understand their API security vulnerabilities. Many large companies don’t even know how many APIs they have, which creates serious security risks. As he often says, “If the answer to a critical security question is ‘I don’t know,’ usually bad things happen.” Unfortunately, as companies continue to ignore their exposure, API security breaches are becoming more common.
In his discussions about AI security, Bird often finds that organizations lack clarity on the potential risks associated with their AI engines and solution components. He frequently cites Grammarly, a tool he uses regularly, as an example of AI in practice.
“I often wonder how much of the information I input into Grammarly for proofreading and editing is being ingested by its AI engine for other purposes. That’s my data and my intellectual property, it’s my professional life on the page. While I hope Grammarly handles that information responsibly, simply signing a user agreement isn’t sufficient, especially for larger organizations.
As Bird notes, “My risk of losing control of my data or having my privacy rights violated is small compared to the potential exposure of sensitive data for major companies like banks or pharmaceutical firms. A small risk isn’t zero risk, and it’s something that organizations using AI need to take into account.”
With over 50% of companies in the U.S. with more than 5,000 employees currently using AI Bird’s warning should be taken seriously by C-Suite executives. AI adoption is growing at an exponential rate, but the risks are growing as well.
The Future
Bird notes that AI is currently being used predominantly in social engineering attacks, allowing bad actors to mimic speech and writing patterns convincingly. However, he believes that while AI hasn’t yet been directly weaponized for cyberattacks, it’s only a matter of time. As with all technological advancements, malicious actors are actively working to weaponize AI, and Bird predicts that in the next 12 to 36 months, new, more sophisticated forms of AI-driven attacks will emerge.
“It’s inevitable that cybercriminals will use AI in increasingly sophisticated ways. Finding case studies for best practices or examples of these ‘Bad Things’ is challenging due to the rapid evolution of AI, but there are lessons to be learned. Traceable AI is at the forefront of applying these lessons with current best practices – it’s the perfect environment for a tech archaeologist,” says Bird.
To learn more about Richard Bird’s approach to current cybersecurity challenges visit LinkedIn, his personal website or learn more about the groundbreaking Traceable AI platform on the company webpage.