Megan Samford

Remember, data protection, data privacy, there are about a million things that can come into play there.

DFARS, I mean, the point of declaring an incident sometimes is to make sure that you are gathering the right people, gathering the right data, and you are running everything down so that a small incident doesn't end up cascading into a larger catastrophe because you tried to sweep it underneath the rug.

Sure.

So I think, and again, I'm speaking from the industrials, right?

We're already adopting use of AI for secure coding.

I think that most companies are, I think that most companies have been kind of anxiously looking at those percentages, you know, what percent of our code is being AI assisted, where it's AI assisting the developer in that coding, which I believe can solve for

A lot of the nuisance buggy code and things like that, code quality, I think that that's great.

Within industrial environments, though, again, we have to start from a place of industrial realism.

I love it.

Where we should not at first assume that the issues in OT environments are coming from individual products necessarily or vulnerabilities there with them because that's not what the data tells us.

Instead, we would be looking for application and use of AI to support more of the hard work that still has to be done by human beings and cannot be automated to that extent with AI.

That's good network security.

That's exposure management.

That's understanding if you have devices inadvertently directly exposed to the Internet.

It's network hardening.

It's upgrading products from legacy comms to secure communications.

This is not something that AI can do for us.

The OT environments are still going to require a lot of rolling up our sleeves and getting in there and just...

human beings are still going to have to go in there and manually do the hard work of securing these porous environments.

That's number one.