Phil Venables: AI in Cybersecurity - Threats, Toil, and Talent

Episode NotesWith over 20 years of experience as a CISO, Phil Venables, Chief Information Security Officer at Google Cloud, talks about creating an AI framework, key use cases for AI in cyber, Google Cloud joining FS-ISAC's Critical Providers Program, how he approaches operational resilience, and gives advice on how CISOs can maintain work-life balance.Notes from our Discussion with PhilGoogle Cloud’s Security AI FrameworkAI has presented new risks and very specific types of threats. The objective is to create a foundational framework on a basic set of control principles that can be replicated in other processes. It’s important to extend detection and response capabilities to include AI systems. This is particularly important when deploying large language models (LLMs). AI is the best defense against AI. There’s a need to embed AI in tooling, so that everyone doesn’t need to be an AI expert.Expectations from the FrameworkGoogle Cloud is looking to partner with organizations to develop the framework. This may not become “the” framework, as there are others like the NIST AI Risk Management Framework. The aim is to build on the framework to include other, more detailed recommendations and tooling. It should have a broader use, beyond Google and the customer’s use of Google’s AI. Key Use Cases of AI in Cybersecurity There are 3 areas – Threats, Toil and Talent.Threats: Google is using LLMs, AI and GenAI to analyze, monitor and manage threats, like analyzing new malware discovered via Google’s VirusTotal service and using Sec-PaLM 2 LLM to decode and provide threat advice. LLMs need to be trained using a large corpus of security and threat data.Toil: Security operational jobs have a lot of overhead and ineffective tools. Google Cloud is focusing on using Sec-PaLM 2 to help organizations automate security operations.Talent: AI will be the great democratizer of talent. Giving people AI assistance to develop, expand and extend their skills can increase security talent.AI Risks for Financial Services OrganizationsAI as a democratizer of talent and a tool for enhancing people’s skills can also extend the capabilities of threat actors. Organizations will need to bolster their current defenses. For example, deepfakes across voice video and images are being used to confound authentication systems and organizations are strengthening their traditional authentication systems, like using hardware tokens.Impact of AI and Strategies to Secure the Cloud EnvironmentAI is driving an accelerated cloud adoption. Even the largest companies will need to migrate to the cloud for the processing capability to deploy the new LLMs. There will not only be a drive to the cloud to get access to AI, but also the use of AI tools to securely manage cloud configurations.Google Cloud Joins FS-ISAC's Critical Providers ProgramAs a cloud provider, Google provides support for many critical infrastructures and the financial services sector is among the most critical infrastructures in the world. With more banks moving to the cloud, it makes sense for Google to stay in touch with the community and make sure we’re meeting customers where they are. By joining FS-ISAC, Google Cloud wanted to be part of an organization that is promulgating best practices and sharing information and intelligence.Maintaining Work-Life BalanceTwo big lessons. Work-life balance is not about achieving the balance every day. You can think of it on a weekly or monthly basis. If you’re aiming for a balance every day, it may add to your stress during weeks when there’s a crazy amount of work. Secondly, maintaining work-life balance requires discipline. The answer is to talk to your future self. Often you say yes to meetings that don’t add much value. Talk to your future self to judge your decision about attending the meeting.