Modern Cyber with Jeremy Snyder - Episode
43

Leslie Daigle of the Global Cyber Alliance

In this episode of Modern Cyber, Jeremy Snyder sits down with Leslie Daigle, Chief Technical Officer and Director of the Internet Integrity Program at the Global Cyber Alliance (GCA).

Leslie Daigle of the Global Cyber Alliance

Podcast Transcript

Alright. Welcome back to another episode of Modern Cyber. As usual, I am your host, Jeremy. And I have a guest today who brings a unique perspective on some of the work that she has done in over more than 20 years of work at the intersection of well, I'll let her sum it up, because we're gonna get into a lot of what her work has entailed. I'm delighted to be joined today by Leslie Daigle.

Leslie has been working at the intersection of technology, business, economics, and policy to drive effective change for more than 20 years. She's currently the chief technical officer and director of the Internet Integrity Program at the Global Cyber Alliance, GCA, furthering GCA's development and deployment of global solutions that contribute to eradicating cyber risk. She is also the principal at Thinking Cat Enterprises as well as the cofounder and cohost of the Tech Sequences podcast, and we're definitely gonna talk about that as well, which explores the many facets of Internet technology along with its intended and sometimes unintended consequences. Leslie holds a master's of science in computing and information systems from the University of Guelph and a bachelor of science in math and computer science from McGill University. Leslie, thank you so much for taking the time to join us today on Modern Cyber.

Thank you so much for having me. Awesome. Awesome. Well, I want to start off by getting into some of what it means to be kind of at that intersection that was described in the intro there. When we think about the intersection of technology and business and economics and policy, I think all of us, we don't really think about our job, policy, I think all of us, we don't really think about our jobs and our lives being impacted by all of those things on a regular basis.

But I guess, how do you think about that intersection, and what does it mean for you? Yeah. Well, it's it's as you noted in my intro, my background is chiefly in in technology. I mean, I got into got into computers because I liked pushing buttons and seeing what happened. So I'm I'm as fond of the the a a product is not a technology.

A technology is not a product. A product is a solution for somebody else's problem. So you have to understand the other perspective in order to build something that's useful and usable. And so in the context of trying to solve Internet security problems or get technologies deployed in the Internet at all, It's not enough to just come up with, here's the next best standard. You also have to understand what are the ramifications in terms of the business, what are the ramifications in terms of, you know, potential policy interests, so on and so forth.

And when you think about bringing those other two facets in there, let's say the economic side and the policy side of it, I guess, on the economic side part of it is that, like, you may have a solution to a problem and it might be to your point. It might be somebody else's problem that needs solving. But if it's economically unsound to do so, that's also not really a solution. It isn't or it's a that itself is a problem you have to solve. So I mean, diving right into an example, routing security is a problem that has faced the Internet for, you know, few decades.

And the problem we're trying to solve so routing security meaning that all networks that participate to create the Internet have to agree on sharing packets between them. That's how you can reach one end to the other of the Internet. And and they do that by advertising how to connect from one to the other to the other. That's a route. And routing security really includes the notion of, how do I believe you that you can send my packet from me to that other network?

And how do I know that you're not gonna, you know, send it via China or via some other country that I don't wanna deal with? Yeah. So the problem in that case is that, you know, I, as a network operator, cannot in fact create routing security. I can only do I can only do extra work that will improve the security of the overall Internet. So that's a case where everybody has to do a little bit.

It's going to cost them something, but everybody has to do their little bit in order to ensure that the whole Internet can become more secure. Yeah. It it's really interesting. You you bring up an example there, and I I spent some time living in Asia. And TCPIP routing is really one of those things where, like it's so funny.

I mean, this takes me back to the very, very beginning of my career. But I I came out of school with my little bachelor's in linguistics and got thrown into the deep end of technology. And there were 2 courses that I took at the time, and one was on Windows NT networking and, administration. And the other one was on TCPIP. And I so often end up coming back to TCPIP principles.

How does a network work? What does a subnet mask mean? What does a route table do? How does traffic get routed? And so often, it's a little bit like the DNS the TCPIP infrastructure, which I guess really kind of mirror mirrors the Internet backbone there, is really broken.

And the peering arrangements between the providers are are, I keep think, kind of fundamentally screwed up from an economics and incentives perspective. And we would see consistently when I was living in Singapore, every day around 4 o'clock, the 2 main providers in Singapore would start sending domestic traffic via third party countries. And it was I I'm pretty sure I'd never got full confirmation on this. I'm pretty sure it was because of some kind of peering arrangement where, you know, as long as we're roughly even, we just kind of call it call it clean and, you know, gentleman's handshake kind of thing. But as soon as one side is sending more traffic to the other, we're receiving more from the other than, like, economics come into play.

But you bring up something there and what you said about, economics come into play. But you bring up something there and what you said about the risk side of it is that, you know, if you're getting routed via a third country, you don't have a guarantee that there's not somebody trying to sniff that traffic or maybe understand what's going on in there. Right? Yeah. And, you know, we saw that a little bit too when there was the, you know, the the the revelations this note in Revelation, what, 10, 12 years ago, where it was revealed that the US was in fact looking at metadata on on network traffic and, you know, painting a picture of who was talking to whom about, maybe not about what, but at least who was talking to whom, a lot of South American countries said, fine.

We need we need a better route to get to Europe that does not pass through Miami. Through the US. Yeah. Yeah. So it it it is real.

And so it I guess, the sum the summary point is that you can't look at the at the Internet purely as a technology play. You can't look at improvements purely from the standpoint of, you know, what's what's the right chalkboard way to solve this problem. You have to look at things like what are the economics, what are the what are the political plays. Yeah. This really dovetails nicely into, the 3 kind of, I think it's described here as the the 3 building blocks of the Internet that the Global Cyber Alliance leverages in terms of, I think, the work that you guys are doing.

Right? So what I've got here is names, numbers, and routes, trust in the domain name space, fighting malicious unwanted traffic, and enhancing routing security. First, I guess, talk to us a little bit about the GCA as a whole. And then I'd love to hear more about those three things, Why you pick those three things and what you guys have learned in the work that you've done in those areas? Sure.

That'll be that'll be quick. The no. The the so the Global Cyber Alliance is a not for profit organization that's focused on improving cybersecurity for everybody on the Internet. And we sort of divide the work into 3 spaces. One space is working with all the other organizations, not for profits focused in in working in the Internet space.

There's a part of the organization that's focused on, you know, toolkits and building out solutions for individuals and small businesses at scale. And then there's my part of the organization which is focused on Internet integrity, which is looking at trying to improve the state of cybersecurity of the Internet in a way that leaves us with one Internet, a whole Internet that's in you know, has has integrity, is not carved up into little islands of, you know, separate separate space by block overuse of blocking and whatnot. So when we look at the underpinnings of of the Internet's infrastructure, the names, numbers, and roots, we we look at it from the standpoint of, you know, each of these things is the is the underpinning of a number of different types of cybersecurity threats. Things like domain names, abusive domain names is is at the heart of a lot of phishing attempts. Yeah.

Things like, you know, we we have a a global honey farm. We've had a global honey farm for over 5 years that looks at, you know, what are the what are the attacks on IoT devices? And we can tell where they're coming from. We can tell which are the most polluting networks. We can tell which are the most polluting IP addresses.

If we can tell, so can others. So can others. And and and and we look at it from the standpoint of, how can we work with the networks that are hosting these polluters to say, why don't you stop it before it ever leaves your network? And then we can, you know, we can remove the pollution in the in the Internet, before it actually becomes an actionable problem. So we are sorry?

And that's no. I was just gonna say, and that's kind of by partnering with the ISPs and, let's say, the providers and the cloud providers. And, you know, hey, you've got a a very very suspect domain that looks like, you know, instead of brand name dot com, it's brand dash name dot com as a as a kind of a typo squatted, you know Yeah. Phony domain? Okay.

And and, you know, going after it on a case by case basis is is prohibited. Right? I mean, there's just as as fast as you can dream up a solution, there are malicious actors out there that will do something really horrible and and rat around you. So, for instance, with the routing security example, that was a project started at the Internet Society 10 years ago that focuses on working with network operators who know they wanna do something about improving the state of routing security and saying, great. Let us help you work together and solve the problem.

So for the malicious Mhmm. Unwanted traffic, it's like it's a question of what what is an appropriate amount of of this nonsense for you to let out of your network, and how can we help you figure out what our industry best practice is to stop it? Yeah. And and that's that's the way that we think works to create, you know, a solution at at scale. And and, you know, our fundamental thesis is you you cannot, you know, you can't 2FA your way out of, you know, of of an Internet that has broken routing security.

Right? I mean Yeah. There is there's no point in putting a really a lovely big brass lock on a paper house. So Yeah. That's that's why we're going going to the source, if you will.

But but now I'm super curious about all three of these aspects. Right? Because just as you said, you can't do this one off. Right? There there's billions of domain names being registered.

And I don't know what the actual number is, but probably millions a day is is probably safe to say around the world or or at least 100 of 1000. Right? And at the same time, there's I don't know how many network routing changes happening per day based on things like traffic volumes. And let's say, like, you know, BGP for failover or maintenance efforts or whatnot. So how do you think about, let's say, like, policy aligned around that?

Because it's very easy for me to just say, well, oh, Okay. You know, block all AS numbers associated to threat actors. Right? You know, if it were as simple as that, I think we would have solved this problem decades ago. Right?

But I I know that's not really how it works. So I guess, how do you think about either partnering with companies to give them guidance around this or or issuing policy statements and documents that provide best practices and guidance around these challenges? Yeah. So I think a couple of things there. 1, that whole notion of block everything that comes out of AS is associated with bad actors is exactly what leads to a an Internet that does not have integrity, that's sort of a flimsy, you know, shredded up old thing.

I mean, I think our aim is to to try to get solutions out there so that most of the problem is solved before blocking is the only answer. Okay. But in terms of the, you know, how how do you approach this, it's it's really a question of, instead of us writing up notes on what you should do because we don't have network. You know, we are not running part of the domain name system. Instead of us telling you what you should do, it's it's us being able to convene groups of people who really wanna do something with their networks and others and saying, what do you think are the right things to do?

What can you do? And, again, routing security is a great example because 10 years ago, there were standards being developed that would solve the whole problem, end to end security and the routing system. The only problem was that network operators said that I cannot implement that in my network. It is computationally infeasible for me to do that in my routers. You know, my my backhaul networks cannot do that at line speed.

So I can't do that. It's a lovely lovely thing you worked up. So that was the context in which we brought people together and said, what can you do? And then once you get what can you do, then you make a list and you say, well, this is the sort of thing that other network operators think that they can do. Who wants to sign up to do this?

And that's what created the manner's actions, a mutually agreed norms for routing security. And and we have almost a 1,000 networks signed up saying that they are, in fact, you know, operating in in consistently with the MANRRS actions. And that's how you get the industry to focus on what the industry can do. Interesting. Interesting.

I just found this manners.org, m a n r s.org for those that are interested, and we'll link that from the show notes as well. So it's interesting. So this is a a community of presumably kind of telcos ISPs and and similar providers who are kind of signing, you know, signing up for this program, opting in so to speak, and then doing what they can do. Yes. Does it does it feel like whack a mole?

It would be if we were going after all the problem children, but it feels a lot more constructive if we're actually creating momentum in the industry to say, okay. This is what you said you can do and you're doing it. What would you like to do next? You know, how can we all get to a better place? I mean, I'm old enough that I know that that's how the Internet itself is built.

Right? I mean, the Internet was built as a collaborative effort of networks talking to other networks and spanning the globe. So I think I see it as really sort of, amplifying that that approach and and, you know, continuing the the the whole approach to trying to solve problems. Is it if I'm trying to think about, let's say, an analogy to it to to help me wrap my own mind around it and maybe some of the audience as well, Is it kind of like, hey, we've got roads and they take you from anywhere to anywhere, roughly speaking. And on our roads, we kind of have agreed upon norms of like, what are speed limits?

And what does it mean if there is a traffic sign that says no left turn here or things like that? They're these kind of safety guides that are that to your point, they're not going to try to stamp out every speeder on the road or every reckless or dangerous driver on the road, but they're going to establish this kind of like baseline agreed upon set of how traffic should work. Is that kind of an analogy? I think I think that's pretty good. I might push it a little bit to thinking about maps and thinking about, you know or even thinking about, you know, your your navigation, Matt, that says, I'm gonna get you from where you are now to where you wanna go.

It's like, and do you believe it? Yeah. Do you believe it's not gonna try to root you through some farmer's field? Because, you know, they're every day. Google Maps did try to do that.

Yeah. Yeah. So so it's more the making sure that we are all agreed about what is a, you know, what is a route from from where I am to where I wanna go and, that you're not gonna, you know, like I said, run me through a farmer's field or send commercial traffic up the, you know, a tiny road. Yeah. Yeah.

I I can definitely I'd, kind of identify with that. I drove with a disconnected GPS, a TomTom device at the time in round, like, 2008 to 2011 time frame in Australia and New Zealand. And, you know, these were not self updating maps. These were maps that you downloaded updates for every so often. And we definitely got routed through the forest here and there and on some unpaved roads and on some roads where, thankfully, we didn't get stuck.

And we didn't know any better. We're following the guidance of the GPS device. So that's really interesting. Thanks for the clarification on that. This is really interesting.

And when it comes to DNS, this is something where I know that there are actually companies that are actively building for profit businesses on the back of just like, hey, I'm going to monitor your brands and domain name registrations that are either affiliated with your brands or look like they are attempting to be affiliated with your brands. What are some of the solutions or some of the policies and thoughts that you're that you are providing there from the GCA or some of the guidance that you provide to people there? Sure. And and I think that that kind of commercial approach is is probably gonna remain necessary from the standpoint of sort of brand protection stuff and and and making sure that everybody's interests are are well taken care of. The the question on our mind really starts from the standpoint of once you've identified that a domain is, you know, is op it was registered for criminally malicious purposes or has been taken over and is being used for criminally malicious purposes, how do you handle it?

And, you know, what's what's the best operating practice at that level? Because, for a number of reasons, it's been pretty hard to get registries and registrars to take, domains out of to get out of the registry, so to take them out of the DNS. I mean, you can say, look. You know, here's this address that's only being used to to sell counterfeit, you know, or harmful products. Or whatever.

Yeah. Whatever. You know? It's like you you really need to take it down. And and there is another another case where you're right back at the economics of it.

Right? Because you're asking a company to to to refuse service to one of its customers, which is a 100% against its business interest. So how can you how can you get around that problem? And and you don't get around it on a, you know, a one off basis. You have to take a step back and say, you know, let's show you just how much, how much problematic demeaning registration exists in the world.

And, let's let's make sure that everybody understands that this is not, you know, tens per day. This is hundreds of thousands of domain names being registered per day for malicious purposes. How do you get focus on identifying them and then saying, this is a real problem and you need to do something? And and so and create an industry norm so that a a registrar doesn't say, look. If I do this, you're not gonna solve the problem because they're just gonna go to my competitor, and then they're gonna get the money.

I will have lost the business. So that's where you really have to get all the industry lined up together to say, we know there's a problem. We know we have to deal with it, and, this is what we'll do. And and, you know, I I know this isn't something that you kind of provided in the background information that got sent over before we recorded today's episode, but I'm really curious to hear your thoughts on it. I was reading a book recently and I can't remember which one it was, but it talked about some of the challenges around kind of the gray area of hosting online and what what was often referred to as bulletproof hosters who were in countries where, let's say, like, intellectual protection, you know, intellectual property protection laws are not as strong.

Brand name protection laws are not as strong. And so, you know, registering something close to our one off. And then also, let's say just from the standpoint of like what can and cannot be sold or provided as a service may also be very different in in that, domain sorry, in that territory. So things like, let's say, wears or pirated, movies and things like that. You know, the Pirate Bay famously was gonna be hosted on this offshore platform off the coast of England.

Right? Where no laws or no Internet, UK or international law applied to it. Is that still a real common problem that we're facing on the modern Internet? Yeah. It's still a problem.

And I mean so there's I would I would bring up 3 points in in regards to that. One, the fact that, the Internet itself doesn't recognize jurisdictional boundaries, which is a good thing because it means that it's, you know, uniform and global. But at the same time, you know, we have to respect the sovereignty of different regions and and that they have their the right to both protect their own citizens, plus also have their own, approaches to to the legal system. And then 3, that these bad actors can be, you know, registering a domain name in one jurisdiction, living in another jurisdiction entirely, and then posting, to your point, in in a third jurisdiction altogether. So from a legal standpoint, it's really hard to crack them down and do something about it.

And and by the way, you know, who gets to pull the plug on the domain Yeah. If the if the, you know, the content is hosted somewhere else? I mean, that's been that has played out in the domain name system for years. Yeah. But it's that is the the sort of the nature of the challenge.

And I argue that the solution on that front has to be multifaceted as well. The right the right level of of, you know, policies to make sure that there are there is a global understanding of of intellectual property and agreement to with, you know, upholding some level of of agreement of, you know, you know, what's what's theft of what's what's copyright theft? What is piracy? Yeah. Yeah.

And and dealing with it. And then and then everything else can follow. But it's it's it is complex. Remind me, I think there was a dispute. I'm sure you would have tracked this a lot closer than I was.

Wasn't there a dispute a few years ago about either the hosting or kind of the management of I can't remember if it was either the the base ASIN numbers or maybe it was around the root routers for for a lot of the IP space and, you know, how in the end the US government wanted to maintain control for a variety of reasons. Is that worrying about with you? There there's it brings a few things to mind and it's and I'm thinking it might have been around the whole notion of the root of the DNS and who who actually controls it. Yes. I think that's what it was.

And the the the top of the domain name system, the very, very tippy top of the whole tree of, you know, top level domains and and all the things is managed by ICANN, the Internet Corporation For Assigned Names and Numbers. And that was set up, that was set up as a joint effort when the the initial standards organization and the initial, you know, researchers who built the Internet realized that this whole thing was getting too commercial and international and political. So that was created in the late nineties. The challenge was it was operated as, on a contract from the US government, from the Department of Commerce. So a lot of countries still felt that the US government still controlled the whole Internet.

Right? So how do I know? I'm, you know, I'm in country x. How do I know that the US government isn't gonna go to war with me and decide that they're gonna take me Yeah. Right off the Internet by taking my country code out of the domain?

Which, of course, it's a war up and down, never would do and never did do. But then yeah. Within the last 10 years, there was a push to really, really cut that cord of of the last side to the Department of Commerce, and that was a successful effort. ICANN is now an independent organization, that is not tied to the US government. It is still a corporation with a home base in a jurisdiction, of course.

But there was there was some concern both for and against whether that should whether that should, in fact, transpire. Yeah. Yeah. Alright. So we've talked about the domain name space.

We've talked about traffic. We've talked about routing. Are those the 3 pillars of Internet integrity in your mind, or is there more that we need to think about as well? I think those are the key those are the key from the standpoint of how do we make this Internet thing work at its very basic level. There are, of course, many other challenges, and, you know, cybercriminal challenges at at higher levels, whether it's, you know, looking at, the dangers of of phishing itself, whether it's looking at content on online platforms, etcetera.

I mean, they're very real and also need real solutions, everything from, you know, malware distribution to this and disinformation. But from our standpoint, again, it's a if we're gonna look at the very basic level and make sure we have a foundation to build on, that's where we start. Okay. And how does measurement factor into this? Because that's one of the things that I know got mentioned to me that GCA actually spent some time and energy focusing on.

And and I'm really interested to hear because I think a lot of people would approach these problems and say, okay. Boom. It's policy. It's opt in. We've got a community.

Great. Where does the measurement factor in? So I think you have to begin and end with measurement is kind of the is the real answer there. So I mentioned before that we have this this global honey farm, and and, you know, we can we can tell you who are the bad actors, in over a period of time who's persistently a bad actor. And and we use that not to name and shame because we don't find that to be very constructive, but but really just being able to put concrete numbers around the the the fact that this is a real problem.

Right? This is the background radiation on the Internet is is not, you know, small. 0. Okay. It's it's it's it's pretty large.

And clearly, there are some networks who know how to address this stuff because we're not seeing stuff from them. So we can paint a very concrete picture, you know, by geography or by network as you as you like to say here's where the problems are and this is the size of the problem. And that's that's useful in in, you know, getting that agreement that there is a problem here that needs to be solved. And then we do it at the end as well. So in the manners activity, there's there's an observatory, that shows, are those networks that said that they were going to do those actions, are they in fact doing them?

And we can measure it and say, yes, they are. Or here's a network that's having a problem. By the way, you're having a problem. Did you wanna fix this? And the the level of manners readiness we call it, who's which which networks are actually able to do the right things is a metric that gets used by other parties to sit to to say the the state of routing security is improving.

So it's it's it's important to not just, you know if we were gonna just run around and talk about all the things we think are problems, you know, we'd be here all day. So we stay focused on the ones that we can actually show objectively. Here's the challenge, and and what can we do to improve it. Yeah. Yeah.

It's really interesting. I you know, what you mentioned there is kind of funny was, as you said, you you start and end with measurement. There's a saying that I'm sure you've heard at some point, what gets measured gets rewarded or what gets measured gets investment. Right? And I think that's very true and especially in corporate America.

But I don't know that I've ever thought about it from the perspective of, like, more holistic programs across the Internet, especially when they're opt in programs. But I do definitely get that these things if you have a measurable impact on the reduction of a certain type of undesired behavior, that's a really strong indicator that the program is actually delivering value, right? Yeah, absolutely. Yeah. Yeah, awesome.

I'm curious about a couple of other things. Right? So you've been at this for a little while, and you've got more than 2 decades in your career at, again, this intersection of all of these forces. I'm kind of curious about what are the challenges that you've seen evolve over time and the biggest challenges that you see that we're facing today? Yeah.

So I think, you know, one of the biggest things that I would say has changed in the last and and I probably need to change 20 years because I've been a bit longer than that now. Anyway, so I think one of the biggest things is just scale. You know, the scale of what we're dealing with now is entirely different than it was 20 or 30 years ago. And that's, you know, both pluses and minuses. The Internet was constructed because it wasn't technically or or, frankly, operationally feasible to build one network that spans the globe.

So that's why you have an Internet work of networks working together. And now there are companies that have, you know, globe spanning networks. Right? You know, the major the major tech companies don't need to rely on other other companies' networks because they have their own. Thank you very much.

And that's, you know, that's that's great and excellent, but it also mean it changes the playing field a little bit and and distracts us a bit from that spirit of collaboration. Right? That it it makes it harder to bring people to the table and say, no. We really do all have to play together to make one fabric for the whole thing. And at the same time, the scale of of attacks and the scale of, you know you know, what kinds of things are being tried.

This is no longer this is not about, you know, little miscreant high schoolers just playing in their basements with it when their parents are still at work. You know, really, this is about organized teams of of miscreants in in, you know, all over the world who have as sophisticated tools as as anybody else to do their work, which is to say, perpetrate, you know, ransomware or, you know, other phishing attempts or, any any other kind of malware distribution. So Yeah. Scale is probably the biggest thing in terms of, you know, the the changing landscape. Yeah.

Yeah. And and it sounds like also, you know, just the fact that you mentioned teams getting into stuff, the ease of doing bad stuff has probably come down quite a lot as well. I mean, I I remember setting up our first data center, and it was so hard back then. You know? And, like you, I I should probably update, you know, how many years I've been working in tech, to be accurate about it.

A couple of other questions that I've got for you as we kind of wrap up this episode. But one of them is I read something somewhere that, you know, something along the lines of what we know as the Internet really represents and when I say that, I think about, let's say, like websites or, back end services for powering the mobile apps that we use or the entertainment that we use or whatever it is. But all of that together comprises maybe half of what's actually out there and that there are deeper level systems, Slack and the dark web and things like that. Do you have any sense that you can share with me and with our audience about, like, how big in in in, you know, in kind of air quotes is the dark web relative to kind of the exposed Internet? And do you guys track that and spend time looking at it?

Yeah. Sadly, I don't have any concrete data there. We don't spend a lot of time tracking that. The thing that I would say is that, I mean, most of my most of my life has been focused on trying to make sure that we could continue to have the the ability to have networks that are not just part of, you know, the entertainment industry or the Right. You know, the content delivery world that the ability to have, you know, distribute our own cat videos.

And you can probably hear my cat is having opinions now. Yeah. Yeah. The, yeah. So the ability to create new spaces and and continue to just have new services pop up is kind of key, I think, to having a an an Internet with diversity going forward.

But the I think part of the challenge too is that what what exactly constitutes the dark web? I mean, is it is it individual websites that are trading on, you know, credit card numbers and and other services for hire? Or is it, you know, something that's like a secondary secondary network that is shadowing the real one? You know. Yeah.

It's Yeah. The more we can take care of challenges in the Internet we know of, the the fewer places there will be for, for miscreants to hide. And there we go. You can have a couple of guest appearance on today's podcast. I don't know if you wanna shout out your cat or your cat's Instagram.

Feel free to if you like. In all seriousness, I wanna change here for a second. Talk to us about the Tech Sequences podcast. Yeah. So, that was something that I started with Alexa Rod, in early 2020.

Okay. She and I both have worked for, you know, however long it has been in in Right. In the Internet and have watched as individual technologies have sort of come and gone, have been great things and have had, you know, have been wildly successful at something that they that they were intended to and then had unintended consequences on the side. So, so we thought it'd be fun to put together a podcast on that topic. So we are not quite at a 100 episodes over the last 5 years, but, but closing in on a 100 episodes.

And, yeah. We invite guests to talk about different topics. We've talked about AI. We've talked about the episode we published recently. It was on wearables and the impact they may have on on, health care.

So Okay. Lots of fun topics. Awesome. Awesome. And we'll have that link from the show notes as well.

Was there any episode in particular that, let's say, you know, you've got a fun story from or a great lesson learned? Because I think for me having hosted now, I think we're roughly about 50 episodes of Modern Cyber as well. I always tell people the most rewarding aspect of it is the things that I learned from the guests that have come on here. And I'm kind of like, yeah, I actually have gained more out of hosting the podcast than probably our audience has. So anything, any stories to share or any, like, really fun lessons learned from hosting?

No. I think that probably the most interesting, work that that I would, you know, pull from it is is the discussions around mis and disinformation and just, you know, the in in the the whole way it's been systematized and and is being used to, you know, drive our world, our real reality, has been just it was it was eye opening here, all the challenges in terms of what's being, you know, how that's being perpetrated and also the challenges in trying to address it. It's, it's a big space. Yeah. Awesome.

There's a couple episodes here just to highlight for the audience here. Authenticity and post truth in the digital age. AI's threat to election integrity. I think, you know, those are on that topic. I'm sure there are other episodes in there as well.

And like I said, we'll have that hosted for or sorry. Linked from the show notes. Leslie, I've really enjoyed today's conversation. I really love going back to some of these first principles and, you know, a little bit of nostalgia thinking back to again those early TCPIP training days and maybe some not really like PTSD, but some negative memories of managing domain names and bind. And that kind of constant thing of, oh, you missed the period at the end of a line in a particular DNS record, or you forgot to update the serial number of the bind file when you published your change.

I think you've probably been through some of these as well, some of these battle scars. I love kind of getting back to some of these principles. I guess just any closing thoughts for our audience and also anything you'd like to share? Any links or anything anything you'd like to plug from your work at the GCA or anything else? Yeah.

I think it and, you know, I just I keep plugging the Internet as a as a very constructive force in in in our in our world as long as we keep, you know, being creative and constructive with it. And, you know, I invite everybody to have a look at the globalcyberalliance.org website and see all the good work we're doing there. Awesome. Well, we will have links to the global science Global Cyber Alliance as well, the Tech Sequences podcast, Manners. Leslie, sorry.

Leslie Daigle, thank you so much for taking the time to join us on Modern Cyber. To our audience, you know what to do. Rate, review, share with a friend. We will be having a little bit of a break over the next couple of weeks as we go into the holidays. But for everybody else thank you so much.

We look forward to you joining us on the next episode. Bye bye.

Discover all of your APIs today

If you can't see it, you can't secure it. Let FireTail find and inventory all of the APIs across your organization. Start a free trial now.