So, we get to the end of this second hour of this morning track. The track was about AI skills in cybersecurity workforce. And our final speaker again is online, but this is no reason to think you can check your mail because this will be interesting. I want to welcome Benny Porat, he's the CEO of Stealth Mode Startup. And he will have a talk about, I like the title, I really love the title, Overwhelmed and Understaffed, Moving Beyond AI Hype to Combat Exponential Workload Growth. And I think this is something we all can relate to. So please welcome Benny Porat.
Hey, thank you very much. So we actually are out of Stealth already, so I'm Twine, Twine Security. So great to meet you all, I'm Benny Porat, I'm the Co-Founder and CEO of Twine. And formerly I was the Co-Founder and CTO at Clarity. I'm really sorry that I could not be in person, unfortunately, my flight changed and, you know, with all the situation in the region, I couldn't find a new flight that will make it work. I really apologize. I was really looking to be there in person. But we'll try to get as much out of it.
So basically, you know, our cybersecurity workloads keep growing and growing exponentially. But unfortunately, we all know the capacity to handle it cannot keep up. And what we see today, what I see today is like three main way company trying to handle it.
You know, we are doing a lot of prioritization, there is a lot of different innovation, a lot of different companies. So basically, the whole focus is about how to prioritize what to do and basically find a way to basically accept the risk for all the other stuff. We see a huge trend of moving to the platform play. And of course, there is a lot of outsourcing MSSP solution that we all see what's going on over there. And you know, a little bit about me, I'm in the last 20 years in the cybersecurity space.
And since I was young, and maybe a little bit naive, and maybe not a little bit, I was always thought of what type of tech we need to build in order to really protect organization from cyber attack. And when I started clarity 10 years ago, I was very naive. And I thought just about the tech about thought about what technology we need to build. But really fast, I realized that technology alone cannot fix it. More than that, technology is only a very small piece of the picture.
And at the end, what we really need in order to be really protected in our world is highly skilled people, and the right people process around them, in order to be able to execute fully our security program. I spent the last 10 years trying to figure out what we can do to fix it. And you know, with all the AI hype in the last two years, some days I can imagine, I know it's still imagined. And it's not every day, but I can see the top of the mountain, I think that there is a path together. And this is what I like to talk a little bit about in this session.
But start, let's think about the challenge. So we all know that we have a huge challenge in the people aspect.
You know, we have a huge shortage of talents, and talents cost a lot of money, we don't have the budget to just increase our team. And more than that, if you look about 10 years ago, when our requirements from the talent cybersecurity expert was, you know, was one thing, but today with all the new, all the improvement and progress of technology, with the cloud infrastructure, with AI LLM in the last two years as well, it's our requirement is much, much, much more.
You're expecting our employee to be expert basically in everything, in all the different tools, in all different disciplines, it's just very, very difficult. And trying to get the right people is just, it's just not there. Next is all about the technology, right? We have so many tools, I just read the last study, speaking about 81 tools, which is a ridiculous number, I really hope it's not right. But it's a ridiculous number of tools that we have, that large enterprises have in their environment.
And we all know the reality, at the end, we are using our tools to a very small extent, basically, we are utilizing just a small fraction of the feature sets. And we saw the attacks out there, like most of the successful attacks in the last decades, basically. We all times, okay, we had the right tools in place, but we just didn't operate it well. So it's great that we have so many tools, but at the end, it's still a big challenge in the environment.
You know, it's not really, we can't expect our team, as much as time as it can be, to really operate 81 tools in an effective way. And last, you know, process, I see like process to be the out of basically the operating system that is in the out of our cybersecurity execution, but then process is the one that's supposed to glue everything together, and make sure that we are delivering our objectives.
And ultimately, what I see today in the industry is what I really like to call like a tool centric cybersecurity program, basically, people buying a lot of tools, the 81 tools from the previous slide, and basically trying to figure out the best way to use them. And the objective is a little bit, you know, pushed to the side.
What we really want as an industry to move to a world, it's an objective centric program, basically understand what is our objectives, and make sure the operating system, the process that we build in the organization, combine our people, combine our tools to achieve the objectives. And, you know, when we are combining all of this together, basically, the traditional thinking is that, and we see, we spoke about it the last few years, all the time in the industry, in order to really execute, we need our people plus technology. And in reality, it's just not keeping up.
And we just see the capacity staying the same, and the workload just increasing. And what we see in the industry, it's what happened in the last three years is basically a huge push to the platform play.
Basically, the piece that people are trying to handle is the technology side, let's start to say, okay, let's start to consolidate, we cannot handle 81 tools, we cannot handle 81 different vendors, let's consolidate, let's move to the platforms. And this maybe will help us to execute in a better way.
But, you know, platforms are very important, but as an industry, we must push the innovation, we must push best of breed, because the attackers will not going to rest, and they will keep finding new ways, so we must generate innovation. And we call this, at the end, this type of startups, these best of breed startups are the art of our cybersecurity ecosystem. In the same time, we're starting to speak about AI, and it probably took me seven minutes to say the word AI, but we are starting to speak about AI, and now they are going to revolutionize our execution.
But basically, we all know that AI is all dependent on the data. And in today's world, at the end, whoever controls the data is the king, and platforms basically control the data today. So are we going to see the trends continue to the platform, and basically leveraging the fact that platforms already have all the data, and they are going to be the one that are going to continue with them, and basically neglect innovation, neglect the best of breed?
Or maybe, and this is what I would really like to see, can we find a way that AI can transform the industry, and find a way to use the best of breed, build a different operating system a little bit, and use the best of breed in an easy-of-use manner? So let's put some magic in place, and speak about the AI, all the trends that happened since the last two years. I think it was November 2022 when we first saw, the world first got to know ChangePT3.
And we all expected a lot of great things, but in reality, we don't expect that it's actually going to change the world, it's going to change domestically whatever we are doing. But in reality, we all saw that 85%, this is by the latest Gartner report, 85% of the project related to adopting AI in the organization basically failed. And the reason they failed, basically there are three main obstacles in the way. First is the data, like we say, data is the king. And unfortunately, the king is naked today.
Organizations don't have the data in place, they don't have a single good source of truth for the data. And even if they get the data, then they realize actually they have a challenge with the permission perspective, and it's over-permissioned, and then the AI gets access to sensitive data and then it's deposited from trees, so it's actually stored out of the project. The second problem is the integration. At the end, we need this type of solution to be able to integrate to our existing ecosystem from both process and infrastructure perspective, and it's not trivial as was expected.
And last, as any rush that's happening, too many organizations basically push really hard to adopt AI solution, but they forgot to set right the objectives. And we all know without clear objectives for any project, the chance of success is very, very low. But we all know, you know, at the end, we tend, and this is Bill Gates said a while ago, we tend to overestimate what new technology can do for us in the short term, in the next two years, but in the same time, we underestimate what it will do for us in the next 10.
So, how are the next 10 going to look like? So, I'm not sure, I don't want to predict if it's 10 years, 50 years, or five. I really don't know the answer.
But, you know, if we, in the future, I envision a world when we basically have digital humans that are joined to our team and help them to execute and basically act as more personnel. You know, if we look about, again, the process, the people post technology diagram, I see this digital human as the four dimension. And maybe with this four dimension, which is like a digital human that execute, we can actually finally fix the formula and be able to keep up with the workload.
You know, finally, we're going to get consistency of execution. And today, this is a very big problem.
You know, we all define great process. We all define what we want to achieve. But in reality, a security leader is very, very difficult to make sure that people are following the process.
Of course, AI will give us the speed, it will give us the skills. And I think what I really like the most, and this is the reason I sit at the top of the mountain, that at the end, in order to do really effective cybersecurity program, you really need to bridge between all the different disciplines in the cybersecurity space.
And today, there is so many different teams in charge of different layers of the security, which is really, it's not possible to do it effectively because we have so many, you cannot be expert in everything, you cannot consult with everyone. Basically, at the moment that we'll be able to build digital humans, that will be each one of them expert in different disciplines, that will be able to work, you know, seamlessly together in the most efficient way, it also will push the effectiveness of our cybersecurity program to a different level.
You know, but hopefully, which I think is very important, we just need to make sure that the digital humans, we're not going to introduce new politics to the organization because we all know that politics basically kill the dog. So, this is the future.
Like, and I think that most of the people that I speak with at least agree about this future. But what will happen in the next two years? What do we need to focus on now? Because we are not there yet, we cannot expect to be there. And basically, what I see is first, like I mentioned, data is the king. And unfortunately, the king today is naked. Organizations don't have the right data.
So, maybe instead of working hard and clean our data, and basically find a way to consolidate everything to one place, let's try to use AI actually to do it for us. You know, the way I like to think about cybersecurity space, both tools and data, is basically I'm looking about physical office space. And whenever I buy new tools, or I get new data, it's getting into a specific room in my office. Some time tools, some data get to the same room, some are not.
Today, cybersecurity execution is all about the people that move in between the different rooms and bridging all the dots, connecting all the dots to achieve what we're trying to achieve. Can we use AI to revisualize the way we are doing it today, and basically find the data for us?
Let's not, we, bring it to AI. Let's say I find a way to access all the different rooms, understand which data is where it's sitting, understand which source are more reliable, which source are not, and let the AI do it for us. I see a huge plus, because, you know, there is a lot of risk about AI, but if we start with AI as the data cleaner, basically it's reducing the risks tremendously, because you don't need to have any write access to our environment and execute access, just read access.
Of course, also the user is mainly the security in the IT team and not the whole business. Reducing a lot of risk, a very good test case, and going to generate the core stone of our cybersecurity program for the future. The second piece, which is very important, and I already started mentioning, is about the trust. Nobody is going to hire or to contract a person that you don't trust to be able to execute if you can do any harm.
So we must find a way to generate a trust with the AI execution, and at the end, you know, in 10 years from now, maybe AI will do everything for us and we will not need to overlook what it's doing, but before we are starting to adopt this kind of solution expected to just work, we should try to figure out which type of task we can give them, like the data cleaner, which is what I call the passive task, it cannot do any harm for me, or maybe instead of doing the execution itself, maybe we should use the AI to help us to plan to our specific environment, what is the best way to achieve this specific task in our domain, and build a platform that the execution itself is much more deterministic.
I'm not sure exactly when we can get the trust and when we will be able to deliver the AI to execute whatever we want, but I'm sure that any solution that will not generate a trust between us and the execution will never work. And the last, and, you know, the only reason for this presentation is because I really like Lego and I try very, very hard in the last 10 years to have a slide deck with the Lego pictures, so I finally succeed, thank you, but we really need to be realistic in our demand.
As the best Lego player, if we will get the simple blocks of our Lego and we will ask him to build for us the Millennium Falcon, he will never be able to do it. He will for sure will be failed. In the same time, at least Lego says that from 18 and above, if we're given the instruction set and if we're given the right building blocks, anyone can do it. So we really need to be realistic about what we're expecting AI and we're expecting to work. Let's not just throw all of the data that we have and give all the API access into our environment and expect AI to do the magic for us. It will not work.
Maybe 10 years from now, maybe 20, I don't know, but it will not work for now. Let's focus today on giving the AI the right building blocks, the right instruction, all the infrastructure around it, so it will be realistic that it will be able to perform.
And last, the fact that AI and CGPT today are great in writing for us poem, it's not a good reason to just run really fast and adopt it. At the end, AI is not magic. AI is a technology and we need to find the right way to use this technology. So the first thing, it's no, don't embed the technology just in the second technology. Let's define the objective that you really want to achieve, understand the project, because without a clear objective, no project is successful.
Let's make sure that we have the right strategy around the data, around how we trust the execution and we know that it will deliver what we want. And at the end, let's make sure that we're giving this project all the different skill set or building blocks, the right building blocks to be able to achieve the results that we are expecting. And that basically it. I hope it was, it's worked well from remote.
Yeah, thank you very much, Denny. First of all, of course, we're approaching lunch, so questions will be rare, but I have one, so no problem. Other questions in the room, first of all? I will ask one anyway. You've mentioned cleaning up data using AI and many organizations are struggling with bias in their data for AI and within AI. Which approach would you choose or do you want to choose for not applying bias while cleaning up your data? So it's all about, we need, in order to AI to really execute well in the end, we need to have the right data set in our place. If we're not, it will not work.
We need to define what data we need in order to execute, what type of data we need, and then let's ask AI the question, how do we get this data in this specific environment? Because every environment, every organization have different technology, different systems that is using, different sources of data. Let's use AI to understand our environment and ask him, what is the best way to get these data sets in our environment so we can build this one single source of data that in the future we'll be able to execute with AI.
Okay, thank you very much. So thanks again for your time, Benny. Thank you for doing that remotely, for being available for that. And thank you very much and looking forward to seeing you sometimes in person. Thank you. All right. Thank you. This brings us to the end of this session before our lunch break. Before lunch break means there's something after the lunch break. So we meet again at 2.30 to continue our discussion about AI risk and opportunity. We will have a great panel later on. We have great presentations.
So see you again at 2.30 here in this room again, again with me as moderator, maybe with no no-shows. That is good. And then have a great lunch and see you later at 2.30. Thank you.
