WEBVTT

NOTE
This file was generated by Descript 

00:00:15.638 --> 00:00:17.648
Jethro Jones: Welcome to the podcast today.

00:00:17.648 --> 00:00:19.028
I am your host, Jethro Jones.

00:00:19.028 --> 00:00:27.938
Today is a special day because we're doing one of these fun simulcasts, where we post this on cyber traps and on Transformative principle.

00:00:28.113 --> 00:00:38.198
And the reason is is because we're talking about something important today, which is AI and cybersecurity, and how we are protecting our kids online.

00:00:38.573 --> 00:00:44.843
Super important and something that is even more important with AI now.

00:00:45.083 --> 00:00:52.553
And I have, uh, a great friend of mine, Sam Bourgeois, who is, he's been a IT director.

00:00:52.553 --> 00:00:54.563
He's worked overseas in China.

00:00:54.563 --> 00:01:04.553
He has, uh, worked in private industry as well, and he's now creating something really awesome to teach kids about cybersecurity.

00:01:04.853 --> 00:01:06.833
So Sam, welcome to the program.

00:01:06.833 --> 00:01:07.523
Great to have you.

00:01:07.777 --> 00:01:08.197
sam-bourgeois: Thank you.

00:01:08.257 --> 00:01:09.877
No, thank you and welcome, welcome back.

00:01:09.877 --> 00:01:13.537
It's been years, it's been since 2020, I think it is.

00:01:13.537 --> 00:01:13.777
The last

00:01:13.823 --> 00:01:14.573
Jethro Jones: Yes.

00:01:14.677 --> 00:01:15.967
sam-bourgeois: we did something like this, so thank you for

00:01:15.983 --> 00:01:16.493
Jethro Jones: Yeah.

00:01:16.673 --> 00:01:22.613
So the last time you were on Cyber Traps was episode 67, which was August of 2021.

00:01:22.793 --> 00:01:26.993
So it has been a while and we've talked a few times between then and now.

00:01:26.993 --> 00:01:29.693
So, um, so you're doing some cool stuff.

00:01:29.693 --> 00:01:32.813
So let's, let's start by talking about this idea of.

00:01:33.623 --> 00:01:38.873
AI standards, and we'll get into the cybersecurity in a little bit, but let's start with the AI standards.

00:01:38.873 --> 00:01:42.053
What's your stance on that and why do you think that's important?

00:01:42.682 --> 00:01:46.312
sam-bourgeois: Well, I mean, know, my, my perspective as, as it.

00:01:47.362 --> 00:01:53.392
is when we have these kind of conversations, is, is formed from all those different experiences that I have.

00:01:53.392 --> 00:01:58.132
And one of those experiences in my current experience, I guess if you want, is working in the private sector.

00:01:58.192 --> 00:02:04.432
And so my job today, um, as you mentioned, I'm, I'm the cybersecurity and IT leader for a large.

00:02:05.107 --> 00:02:07.837
Uh, company that has, you know, an international footprint.

00:02:08.257 --> 00:02:13.087
And so we do everything from governance and compliance, security, managed services, et cetera.

00:02:13.087 --> 00:02:19.687
But really the important thing, um, that I'm seeing not talked about nearly enough is, uh, is ai.

00:02:20.107 --> 00:02:29.557
Now, again, not directly in education, we have education customers, but in my day to day I am approaching ai, I have to ask myself those questions like.

00:02:30.382 --> 00:02:32.122
so I get a new request for a new tool.

00:02:32.122 --> 00:02:38.272
Somebody says they want to use, uh, teams pro and they wanna record the calls and do transcription, and somebody else brings in fireflies.

00:02:38.272 --> 00:02:57.382
And I don't, if I don't have some kind of governance foundation to, to help determine the risk and to help understand what's the right process to, to, to say yes
or no to some of these things, I get myself in the situation where I'm the jerk who kind of stands in the way of innovation I don't wanna be the, the blocker.

00:02:57.682 --> 00:02:59.182
What I really wanna be is the guardrails.

00:02:59.887 --> 00:03:01.147
want, I wanna do it safely.

00:03:01.207 --> 00:03:01.987
I want to innovate.

00:03:02.437 --> 00:03:04.327
I wanna move fast, but I wanna do it safely.

00:03:04.327 --> 00:03:06.157
And for me, that means guardrails.

00:03:06.157 --> 00:03:09.517
Think, think bumpers on the on the, on the bowling lane, right?

00:03:09.967 --> 00:03:12.157
Where it's okay to, to kind of bounce off things safely.

00:03:13.567 --> 00:03:16.687
and so with that in mind, that is my perspective.

00:03:18.482 --> 00:03:21.127
I, I have to ask myself, you know, I'm not the smartest guy.

00:03:21.922 --> 00:03:25.672
In the world, much less the smartest guy in the room, or even on this call, Jethro with you.

00:03:26.632 --> 00:03:27.022
But,

00:03:27.038 --> 00:03:28.268
Jethro Jones: That's, that's not true.

00:03:28.912 --> 00:03:32.992
sam-bourgeois: but, uh, but you know, I have to ask myself, somebody's gotta have done this before.

00:03:33.022 --> 00:03:35.152
Like somebody has to have asked these questions before.

00:03:35.182 --> 00:03:38.152
And so I look to the experts.

00:03:38.182 --> 00:03:44.002
I look to the experts like, uh, like nist, which is, uh, the National Institute for Science Technology.

00:03:44.482 --> 00:03:45.502
They have an AI.

00:03:46.177 --> 00:03:56.377
Risk management framework, RMF, I look at iso, ISO's got an annex specifically that talks about, you know, applying AI safely in, uh, in, in an environment.

00:03:56.377 --> 00:04:01.327
So I, I couldn't possibly be smarter than those guys, right?

00:04:01.327 --> 00:04:06.472
Like they've, they've got entire think tanks directed, you know, at the, at solving those problems and thinking through those things.

00:04:06.787 --> 00:04:07.777
GDPR, same thing.

00:04:07.777 --> 00:04:10.327
We've got GDPR regulations around AI as well for Europe.

00:04:12.037 --> 00:04:13.087
my approach is.

00:04:14.272 --> 00:04:24.832
You know, is, is there a standard that's globally accepted and how can I do my best to align to those standards if there's something out of line or out of band, or maybe something that's more important to me or that doesn't necessarily fit.

00:04:25.222 --> 00:04:26.362
In the use case or whatever.

00:04:26.362 --> 00:04:42.052
I'm gonna, I'm obviously gonna add to that, but what I don't want to do is I don't wanna shortchange myself and I don't wanna put my organization at risk, so
I wanna follow, um, I'm not looking for a checklist, but I wanna follow some, some standards that I know that, that people have thought long and hard about.

00:04:42.142 --> 00:04:47.302
And if it's my prerogative to pick and choose which ones I like and don't like, at least I have them.

00:04:47.392 --> 00:04:52.012
And that gives me kind of that thoroughness, um, in the way that I approach those, those problems.

00:04:52.012 --> 00:04:53.092
That's just my perspective.

00:04:53.498 --> 00:04:53.918
Jethro Jones: Yeah.

00:04:54.128 --> 00:04:58.838
So when it comes to those standards, what are the things that you think are essential and.

00:04:58.928 --> 00:05:15.698
Important, uh, for you thinking of yourself in a, in a company now, but also for educators as we have, you know, a AI is changing really fast and progressing very fast, and schools take traditionally a very long time to change.

00:05:15.698 --> 00:05:19.388
And so, you know, a lot of them are still.

00:05:19.913 --> 00:05:23.753
Today talking about just blocking AI wholesale.

00:05:23.903 --> 00:05:30.533
And I don't, personally, I don't think that's a good idea, but I've never thought that just blocking everything wholesale is a good idea.

00:05:30.683 --> 00:05:42.263
Even back when the internet first came out and my first year of teaching, I had kids blogging on the internet and um, that was a very different thing but, um, that I got in trouble for.

00:05:42.293 --> 00:05:44.453
But I still think it was a worthwhile thing to do.

00:05:44.453 --> 00:05:48.233
And, and I put parameters and safeguards in place 'cause they were under 18.

00:05:49.118 --> 00:05:51.848
But ha them having a real audience matters a ton.

00:05:51.908 --> 00:05:56.738
So, so what are the, the, the thoughts you have about which standards are essential?

00:05:57.262 --> 00:05:57.712
sam-bourgeois: Yeah.

00:05:57.742 --> 00:05:59.482
So yeah, and I'm, I'm glad you brought that up.

00:05:59.482 --> 00:06:04.732
I mean, I, you know, we go ba we go way back in, in, uh, in education and I, a classroom teacher, same thing.

00:06:04.732 --> 00:06:09.172
I was always getting myself in trouble 'cause I was a risk taker and I wanted to expand.

00:06:09.172 --> 00:06:10.612
And, and here's the, here's the reason.

00:06:10.612 --> 00:06:13.402
This answer to your question, I guess for me.

00:06:13.492 --> 00:06:13.972
Um.

00:06:14.977 --> 00:06:23.917
It, it's, it's an admission that in a school setting, we're, we're probably not gonna do everything that's required for this kid to be successful outside of this classroom.

00:06:24.157 --> 00:06:24.817
Full stop.

00:06:24.967 --> 00:06:25.207
Right?

00:06:25.207 --> 00:06:27.697
Like, certainly not in the context of it.

00:06:28.627 --> 00:06:30.427
Certainly not in the context of security.

00:06:30.427 --> 00:06:33.007
'cause we sure as heck aren't protecting our kids, you know?

00:06:33.397 --> 00:06:41.347
And, and, and worst of all is, is ai because don't get it in a, in, in a regular context.

00:06:41.347 --> 00:06:42.157
People don't really get it.

00:06:42.217 --> 00:06:42.937
I mean, you can ask.

00:06:43.282 --> 00:06:49.342
A hundred Americans, uh, you know, in your audience probably beyond that, but like you ask a hundred Americans, what is ai?

00:06:49.342 --> 00:06:55.762
I think they'd have a real hard time explaining to you, and it's, it's actually quite simple, but they would have a hard time explaining that to you.

00:06:55.762 --> 00:07:09.082
So I, guess what I would say is, um, me it's a, it's, it's that back to the, the governance, it's that context of there is a right way and a safe way to do things.

00:07:09.142 --> 00:07:11.572
And, um, if.

00:07:12.577 --> 00:07:24.967
If your priorities as a community, as an organization, a school district or a school or whatever, if your priorities are not such that you're encouraging, empowering, and enabling innovation, that's your problem.

00:07:24.967 --> 00:07:27.727
Like, you know, the, the AI adoption, that's, that's not the issue.

00:07:27.787 --> 00:07:35.977
The, if you're in a culture of innovation, then you should also be in a culture of governance and putting up guardrails and thinking through things and being safe and you know someone like you.

00:07:36.007 --> 00:07:40.537
Knowing, knowing your background and where we first met, I know that that was.

00:07:40.927 --> 00:07:52.897
That was your MO was finding places where we could innovate and do things interesting and fun and the, the boundaries of, of normal education, but in a safe way.

00:07:53.197 --> 00:08:02.197
And so that's, to me, that's the biggie for education is, is the, the NIST frameworks and the industries are not appropriate for a classroom teacher.

00:08:02.887 --> 00:08:04.627
A hundred percent, no question.

00:08:05.287 --> 00:08:08.257
So what I've done, um, and what we've talked about is.

00:08:09.517 --> 00:08:11.767
You know, how could we, can we translate that?

00:08:11.767 --> 00:08:12.487
How could we do that?

00:08:12.487 --> 00:08:15.217
How would we, how would we communicate those things that are most important?

00:08:15.217 --> 00:08:24.397
So, I don't know the number off the top of my head, but, um, what I did is I correlated the, the NIST framework, the, the, uh, risk management framework to the ISO standards.

00:08:25.327 --> 00:08:32.677
I'm, I'm in the us you know, some of your listeners might be in the GDPR, uh, EU governed regions, but, uh, I didn't correlate any other standards.

00:08:32.677 --> 00:08:33.757
I'm sure they'd be easy to do.

00:08:34.597 --> 00:08:36.127
and then I just basically asked myself.

00:08:36.802 --> 00:08:39.742
What would I do if I was an IT director, which is my past life?

00:08:40.732 --> 00:08:49.852
would I convert this standard to a K 12 context for an operationalization for implementation in a school context, in a school setting?

00:08:50.272 --> 00:08:53.692
And then when I wrote that, I was like, uh, this is, this is actually really good.

00:08:54.532 --> 00:08:57.112
What about examples in the real world of why that's important?

00:08:57.262 --> 00:09:03.232
So then I, I added in things like what could go wrong and I, there's a. Obviously a ton of examples of what can go wrong.

00:09:03.802 --> 00:09:06.622
Um, and then I thought, okay, but what do we actually do with this?

00:09:07.252 --> 00:09:09.232
Like, how does this, like where's the rubber meet the road?

00:09:09.712 --> 00:09:15.802
So then I thought, which ones of these are actually appropriate for, for teachers to convey to the next generation to their learners?

00:09:16.552 --> 00:09:21.982
so I wrote those from, you know, kind of based roughly off of those things that were applicable.

00:09:22.942 --> 00:09:26.332
And then I thought, any of this worthwhile for a kid to learn?

00:09:26.482 --> 00:09:31.222
And I think the answer is, yeah, I mean, I think I. When, when you adapt those standards, it might come out.

00:09:31.252 --> 00:09:32.632
This is off the top of my head, so forgive me.

00:09:32.752 --> 00:09:34.612
It might come out something like this.

00:09:35.092 --> 00:09:49.972
Um, a student should know and recognize that there are correct and incorrect ways to use AI in education and in their community, that sometimes there are legal implications to the incorrect use of ai.

00:09:51.357 --> 00:09:53.242
I that's, I would agree with that.

00:09:53.272 --> 00:09:56.842
Like in, in all cases, I would say a student can comprehend that.

00:09:57.652 --> 00:09:58.072
Of course.

00:09:58.072 --> 00:09:59.302
Would I like to spiral that?

00:09:59.362 --> 00:10:03.052
Would I like to grade level that would, I like to apply that to some specific outcomes.

00:10:03.112 --> 00:10:03.472
Sure.

00:10:03.832 --> 00:10:05.902
But in terms of a standard, that's kind of where I'm at.

00:10:05.932 --> 00:10:06.232
Right.

00:10:06.232 --> 00:10:08.902
And so I've got, I don't know, maybe 50 of those.

00:10:08.907 --> 00:10:17.062
I, I, I didn't count 'em up to be honest, but that's kind of where my mind's at is, is how would I apply that to, to the real world and to, to education.

00:10:19.123 --> 00:10:28.933
Jethro Jones: For me, the, the real question comes down to things that are more ethical in nature rather than like, uh, correct or incorrect.

00:10:28.993 --> 00:10:37.633
Because there are some, there are situations in which it is, it is correct to do it, but it's unethical to do it.

00:10:37.633 --> 00:10:40.993
And, and so that gets into this question about ethics in.

00:10:41.348 --> 00:11:03.578
Using AI and you know, is it like, it, it, it may be fine to take a picture that you find or that you took and use it to generate an image, but if you,
if that is a picture of someone else, it's your picture according to our copyright law currently in the United States because you took the picture.

00:11:03.792 --> 00:11:03.912
sam-bourgeois: A

00:11:03.968 --> 00:11:07.778
Jethro Jones: And so, but is it ethical for you to use that picture?

00:11:08.198 --> 00:11:14.948
To create something with AI without that other person's knowledge that could put them in a different light.

00:11:14.978 --> 00:11:20.858
And, and those are the kinds of things where, you know, our laws haven't caught up with this stuff either.

00:11:20.888 --> 00:11:32.108
And so we need to be able to talk about it in such a way that we can say, you know, whether or not it is legal or correct or incorrect, or whether or not there could be ramifications later.

00:11:32.468 --> 00:11:35.648
We need to be able to have the conversation about, um.

00:11:36.128 --> 00:11:38.528
Is, is this an ethical thing to do?

00:11:38.918 --> 00:11:44.108
And, you know, even is it ethical, is a, is a loaded question, right?

00:11:44.798 --> 00:12:02.798
And so how do we really teach these things and, and give kids exposure to them without making it like yet another lesson, yet another standard that kids need to learn, um, when, when really there's an underlying set of things.

00:12:03.248 --> 00:12:10.328
That, whether it's AI or something else, uh, we need to understand that that's, that's unethical to do that.

00:12:10.358 --> 00:12:11.408
Does that make sense, Sam?

00:12:11.422 --> 00:12:13.792
sam-bourgeois: It no, it, it absolutely does.

00:12:13.792 --> 00:12:14.542
It absolutely does.

00:12:14.542 --> 00:12:25.702
Because there's a. Yeah, there's something that, that people often overlook when they think about, um, you know, uh, technical skills and things like that.

00:12:25.702 --> 00:12:29.092
Like with great power comes great responsibility, right.

00:12:29.092 --> 00:12:29.632
Uncle Ben.

00:12:29.782 --> 00:12:36.982
Like when you're, when you're in my field, in my profession, um, certifications you get, they're all hinging.

00:12:36.982 --> 00:12:40.942
They're all contingent on this idea that I know just as much as a hacker knows.

00:12:41.587 --> 00:12:44.017
But I choose to use my skills in a different way.

00:12:44.017 --> 00:12:45.637
So I, I completely agree.

00:12:45.637 --> 00:12:47.227
I'm, I'm, I'm totally in line with you there.

00:12:47.887 --> 00:12:49.687
Um, and that was a great example.

00:12:49.897 --> 00:12:54.607
You know, uh, I don't know if you wanna jump off from ethics to issues with ai, but I think,

00:12:56.647 --> 00:13:05.947
I think fundamentally understanding that you have the ability to do things that you probably shouldn't do, and you should be thinking and training your brain to think critically about making those decisions.

00:13:05.977 --> 00:13:06.697
Like that's.

00:13:07.192 --> 00:13:07.792
That's the key.

00:13:07.792 --> 00:13:09.112
I, I completely agree with you.

00:13:09.803 --> 00:13:10.253
Jethro Jones: Yeah.

00:13:10.492 --> 00:13:19.762
sam-bourgeois: I guess was your hypothesis that we shouldn't think about, uh, a rigid checklist and more like a, like a growth mindset, just kind of continuously learning, thinking, and inner focus.

00:13:19.762 --> 00:13:20.302
Is that your

00:13:21.293 --> 00:13:28.703
Jethro Jones: Yeah, that's, that's my perspective on, on a lot of things that it's not so much about the technical.

00:13:29.423 --> 00:13:39.923
Understanding yes or no of X, Y, or Z. It's more about can I analyze the decision I'm making in the context of the situation that I'm in?

00:13:40.193 --> 00:13:46.883
And I don't want to get into like moral relativism where like, yeah, it's fine as long as I feel like it's okay to do right now.

00:13:46.883 --> 00:13:48.263
Like that's not what I'm talking about.

00:13:48.263 --> 00:13:53.813
There needs to be something deeper like this, deeper respect for other people, and.

00:13:54.203 --> 00:13:58.223
Their image and likeness and how we should treat them and that kind of thing.

00:13:58.523 --> 00:13:59.513
Those things matter.

00:13:59.543 --> 00:14:00.713
Other people's work.

00:14:01.013 --> 00:14:07.313
Is it unethical to use AI because it's trained on other people's stuff that they didn't give permission for?

00:14:07.343 --> 00:14:19.043
You know, like, uh, there was a tool a while ago where you could go see if your, your web content was included in the training data and you could essentially put in your, put in a website and see.

00:14:19.838 --> 00:14:40.718
How, if it was included in that, and I did use je Jones dot com and Transformative Principal dot org, and it was included in the training data, so it does know about me
and about my work, and so somebody else could go look it up and, and ask chat GPT about Jester Jones and Transformative principle and it would know something about it.

00:14:41.318 --> 00:14:43.958
Um, but like, is that.

00:14:44.273 --> 00:14:46.073
Now unethical because of that.

00:14:46.133 --> 00:15:02.873
And those are questions I don't know the answer to, but they're questions that I think we need to spend time discussing and talking about in schools so that kids have an idea and they can understand how it actually works and not just think that it is the source of all knowledge.

00:15:04.474 --> 00:15:13.834
I wanna move just a little bit over to the cybersecurity side because the real challenge is that si the AI.

00:15:14.104 --> 00:15:22.594
Developments have made it so much easier for our cybersecurity to be less secure than it has been in the past.

00:15:22.834 --> 00:15:34.629
That there are so many more vectors, there are so many more, uh, spoofs and so much more like you can use AI to basically have this thing spam people for, you know.

00:15:35.209 --> 00:15:56.899
Hours and hours on end without any end in sight, using new email addresses, new approaches, new impersonations, all kinds of things, and, and those are the things
that I am really concerned about because those will have real lasting damage and impact on kids and their future and all that if they get into a bad situation.

00:15:57.543 --> 00:15:57.963
sam-bourgeois: Yeah.

00:15:58.143 --> 00:15:58.593
Yeah, I agree.

00:15:58.593 --> 00:16:13.353
I, my, my learning management platform, um, make it Secure Academy, it, it has a signup form and so you can click the button and to your point, I have yet, I, I think I've gone 14 pages.

00:16:13.413 --> 00:16:15.123
I've gotta figure out a solution to this problem.

00:16:15.243 --> 00:16:17.463
I've got 14 pages, 10.

00:16:18.468 --> 00:16:27.978
to a page unique but junk emails and, uh, it just, it, I don't dunno if you have that same problem, uh, with your contact form.

00:16:27.978 --> 00:16:29.718
So I've gotta do something better with my contact form.

00:16:29.718 --> 00:16:30.168
It's like,

00:16:30.754 --> 00:16:31.144
Jethro Jones: Yeah.

00:16:31.398 --> 00:16:34.668
sam-bourgeois: they're just bots and they're just, they're just putting out junk.

00:16:34.728 --> 00:16:41.358
Um, yeah, from the, from the security perspective, you know, I, I don't wanna get too much in the weeds on security specifically.

00:16:41.358 --> 00:16:43.428
That's where I can really kinda geek out, but

00:16:43.564 --> 00:16:43.954
Jethro Jones: Yeah.

00:16:44.088 --> 00:16:45.588
sam-bourgeois: I, I, I totally agree.

00:16:45.648 --> 00:16:46.068
Um.

00:16:47.073 --> 00:17:03.033
What I think is, uh, what I think is terrifying in the education context specifically that by and large, you and I know how to, how to kind of mitigate risk to our, to our children and protect them in the future, but most people do not.

00:17:03.513 --> 00:17:08.673
And, uh, the exposure of, fill in the blank, it's, it's not about a particular vendor.

00:17:08.673 --> 00:17:10.413
It's not about PowerSchool, it's not about black bud.

00:17:10.743 --> 00:17:11.553
Fill in the blank, right?

00:17:11.553 --> 00:17:13.593
They're all, there's gonna be failures across the board.

00:17:13.593 --> 00:17:16.803
There's gonna continue to be failures, uh, to protect that data.

00:17:16.833 --> 00:17:19.743
Once that's exposed, like my biggest fear is that these young people.

00:17:20.148 --> 00:17:20.208
Yeah.

00:17:21.018 --> 00:17:26.448
only are they being watched constantly, which is another creepy thing, data brokers are watching everything we do.

00:17:26.838 --> 00:17:28.218
This is not an over exaggeration.

00:17:28.218 --> 00:17:29.418
This is not a four chan rant.

00:17:29.448 --> 00:17:30.198
This is the truth.

00:17:30.768 --> 00:17:39.768
Your, if your kid's got a mobile device in their hands, the device is knowing where they go, what they click on, how long they watch it, when do they scroll, what do they click, what do they like, what do they don't like?

00:17:40.518 --> 00:17:46.038
so not only are they gonna have these digital footprints, which we've been talking about for 20 years, right?

00:17:47.073 --> 00:17:57.333
only are they gonna be born into a digital footprint, they're also gonna be turning 18 with their identity exposed for the last 17, 18 years.

00:17:57.393 --> 00:18:00.813
Which is just, just horrifying to think about that, you know?

00:18:00.813 --> 00:18:08.313
And, um, that's, that's what really, that's what really kind of burns me up is, uh, I feel like, um, there's always been that conversation.

00:18:08.673 --> 00:18:12.933
Whenever you and I were young men, there was a conversation around why are we doing geography and not.

00:18:13.308 --> 00:18:19.338
You know, working with woodworking or changing a tire, balancing a checkbook, we're having the same conversations, right?

00:18:19.338 --> 00:18:34.698
Like everybody says, why are we doing this and not that, I mean, fundamentally speaking, like we are, we are absolutely these kids up for failure by not teaching this, this stuff, by not living it in, uh, in the classroom.

00:18:34.758 --> 00:18:36.673
And that's what, that's what really worries me.

00:18:37.899 --> 00:18:41.684
Jethro Jones: Well, and and you said something real key there, that we're not living it in the classroom.

00:18:42.059 --> 00:18:57.899
And one of the things that I've been frustrated about in the past is when it departments set up their own people for failure by sending, uh, internal phishing attempts and, and then it becomes a Gotcha.

00:18:58.049 --> 00:19:10.829
And when you and I talked about your Make It Secure Academy, you talked about how you can, you can send these phishing attacks and then kids can see.

00:19:11.164 --> 00:19:24.754
How they did, whether they responded to phishing attacks or not, and see what it was, what the message looked like, and, and then do some evaluation on how they fell for it or didn't.

00:19:24.814 --> 00:19:36.694
And, and then can you talk a little bit about that, because that's part of it that I think it becomes a learning experience at that point, and they get a score that says, Hey, this is how you're doing with your cybersecurity, which is, is really powerful.

00:19:36.694 --> 00:19:38.584
And that kind of stuff needs to be embedded.

00:19:38.584 --> 00:19:40.384
So talk a little bit about that aspect.

00:19:40.788 --> 00:19:41.718
sam-bourgeois: Yeah, yeah, yeah.

00:19:41.718 --> 00:19:42.108
You nailed it.

00:19:42.108 --> 00:19:47.688
I mean, like I've, I've always had this approach, like professionally I've had the same approach where I'm not a gotcha guy.

00:19:49.278 --> 00:19:53.148
but, but I run security programs and I have run security programs for, for a while.

00:19:54.258 --> 00:19:58.488
when it comes to young people, I think, uh, it's, it's an interesting approach.

00:19:58.488 --> 00:19:59.598
I'm, I'm fishing.

00:20:00.453 --> 00:20:00.993
Kids.

00:20:01.023 --> 00:20:04.983
And, and the reason I'm doing it is, uh, it's, it's a heck of a lot of work.

00:20:05.043 --> 00:20:07.113
I've gotta go, you know, fake all these domains and everything.

00:20:07.113 --> 00:20:13.773
But to your point, the, the outcome that I'm looking for is, is the change in behavior.

00:20:13.863 --> 00:20:16.323
I'm looking for not statistics.

00:20:16.323 --> 00:20:20.373
I'm not looking for, you know, reporting to the teacher and, and all this other stuff.

00:20:20.433 --> 00:20:25.023
I'm looking for an individualized approach to enhancing my security posture.

00:20:25.503 --> 00:20:27.093
And why can't that be a young person?

00:20:27.798 --> 00:20:33.858
I don't, I don't see any reason why it shouldn't be, I don't have time to visit your, your daughter.

00:20:33.858 --> 00:20:43.758
I don't have time to sit with my son and build him a, a safe space to work a, a safe Gmail and, and review every email with him and hover over things.

00:20:43.758 --> 00:20:45.168
I do try to do that for the record.

00:20:45.468 --> 00:20:46.788
That is my job as a father.

00:20:47.208 --> 00:20:50.298
But, um, it's difficult and it's, it's hard to manage.

00:20:50.598 --> 00:20:56.538
So what I wanted to do was build a safe space that had specifically aligned.

00:20:57.333 --> 00:20:58.683
Uh, activities and outcomes.

00:20:58.683 --> 00:21:01.293
And one of those activities is, again, I, I think quite innovative.

00:21:01.293 --> 00:21:03.153
It's phishing kids.

00:21:03.183 --> 00:21:22.023
And so, yeah, to your point, you know, um, when, when the students interact with a phishing email that I might have against them, you know, attack them with, so
to speak, simulated, they get a splash page and it says, oops, this, this was not a, you know, this was not a a, a real malicious email or a bad email, whatever.

00:21:22.653 --> 00:21:24.453
Um, here's what we can do in the future.

00:21:24.453 --> 00:21:25.893
And then we also have training.

00:21:26.898 --> 00:21:38.598
specifically to that behavior and a follow up that says this is, this is why that one was unsafe, specifically, here's why could have looked for this, or you could have done this, or how, you know, how this could have been d done better.

00:21:39.228 --> 00:21:45.918
Um, more, more than that to your point about the kind of changing the way we, we think and our mindset, um.

00:21:47.523 --> 00:21:57.813
I've created videos that preload and also, you know, follow up and, and reinforce those skills, uh, that are tailor made for young people.

00:21:57.873 --> 00:22:09.273
You know, so I've got child actors hired children to act out scenarios and we're using AI to, to build videos that kind of speak directly to kids in the way they wanna be spoken to, animated short clips, which.

00:22:09.678 --> 00:22:13.273
And I wish they could stay, you know, more, more attentive for more than a TikTok video.

00:22:13.273 --> 00:22:15.163
But, um, I digress.

00:22:15.163 --> 00:22:16.363
We gotta, we gotta meet 'em where they are.

00:22:16.423 --> 00:22:16.663
Right.

00:22:16.663 --> 00:22:17.293
Unfortunately.

00:22:18.073 --> 00:22:19.183
that's, that's my approach.

00:22:19.183 --> 00:22:29.263
And, um, you know, I think, I think the, the gamification you mentioned, I think that's, that's really important too, because I think, uh, miss out on that.

00:22:29.718 --> 00:22:38.298
Frequently when we have like asynchronous learning opportunities, we miss on, we miss out on that ability to, um, to kinda gamify, gamify the experience.

00:22:38.358 --> 00:22:40.248
And so I really wanted that to be a part of what we do.

00:22:40.248 --> 00:22:44.808
And, and so again, we kind of invented a, whatever you wanna call it, like a credit score, you know,

00:22:45.319 --> 00:22:45.679
Jethro Jones: Yeah.

00:22:45.798 --> 00:22:45.949
sam-bourgeois: like a, a

00:22:45.979 --> 00:22:46.279
Jethro Jones: Yeah.

00:22:46.398 --> 00:22:50.118
sam-bourgeois: for kids to, to measure their security posture appropriate to their age group, by the way.

00:22:50.118 --> 00:22:50.988
So they

00:22:51.139 --> 00:22:51.349
Jethro Jones: Yeah.

00:22:51.528 --> 00:22:52.068
sam-bourgeois: level up.

00:22:52.969 --> 00:22:54.799
Jethro Jones: Well, and, and here's the other thing.

00:22:54.919 --> 00:23:00.499
The, what I don't want is an additional AI class.

00:23:00.529 --> 00:23:03.379
What I don't want is an additional cybersecurity class.

00:23:03.679 --> 00:23:12.349
What I want is for these things to be, and I don't want additional SEL class either, by the way, and I don't want additional character class.

00:23:12.349 --> 00:23:15.319
I, I want these things to be built into.

00:23:15.634 --> 00:23:25.564
What we're doing and, and there are so many things in the world that we live in that is information dense that we need to be aware of.

00:23:25.654 --> 00:23:31.024
And, and that is, that is essential to, to the work that we're doing.

00:23:31.024 --> 00:23:39.574
And, you know, we, we have to understand that we've got to educate more than just the, the math and reading and writing.

00:23:39.694 --> 00:23:42.994
You know, it's got to be the, the whole child.

00:23:42.994 --> 00:23:45.064
And it can't just be focused on.

00:23:45.484 --> 00:23:49.774
The things that get tested because that's not serving our kids well.

00:23:49.804 --> 00:24:04.384
Because those things, honestly, you can learn those at any time and it's no good if you learn those things and then you, uh, grow up to cheat people outta their money and they're hard earned things by being a hacker or some unethical.

00:24:04.684 --> 00:24:06.754
A criminal of some sort.

00:24:06.754 --> 00:24:13.924
You know, that's not the kind of society that anybody wants to create, and so we need to be teaching these things early on.

00:24:14.254 --> 00:24:19.744
So tell us about how people can get in, get started with Make It Secure Academy, what that looks like.

00:24:20.074 --> 00:24:22.774
Um, for, for themselves, their district.

00:24:23.178 --> 00:24:24.138
sam-bourgeois: Sure, sure, sure.

00:24:24.618 --> 00:24:29.298
Um, yeah, like I said, we're, we're on a mission to protect every kid, you know, one kid at a time in the world.

00:24:29.298 --> 00:24:32.598
And, uh, what, uh, what you can do to, to get ahold of us.

00:24:32.628 --> 00:24:37.668
The easy thing is, you know, you can find us on all the socials, um, make it secure.

00:24:37.788 --> 00:24:43.938
LLC, so M-A-M-A-K-E-I-T-S-E-C-U-R-E-L-L-C.

00:24:44.388 --> 00:24:47.628
And you can find us on, uh, on Instagram, Facebook, LinkedIn.

00:24:48.858 --> 00:24:49.458
make It Secure.

00:24:49.458 --> 00:24:51.768
Dot Academy is the, the actual website.

00:24:51.948 --> 00:24:55.698
Make it secure llc.com or make it-secure.org.

00:24:55.698 --> 00:25:00.948
We also have a nonprofit, uh, wing of, of what we do and, and how we serve around the world.

00:25:00.978 --> 00:25:10.518
Everything from Haiti and Kenya to uh, to, uh, to, uh, low socioeconomic status schools here in the US we're, we're just passionate about helping kids and helping educators.

00:25:12.619 --> 00:25:20.329
Jethro Jones: What I would encourage anybody to do is to go check that out and, uh, get a demo from Sam so he can show you what it looks like and, and you can.

00:25:21.019 --> 00:25:21.919
Tool around in it.

00:25:22.219 --> 00:25:25.879
And really the idea is for this to not be an extra class,

00:25:25.903 --> 00:25:26.183
sam-bourgeois: Correct.

00:25:26.419 --> 00:25:31.999
Jethro Jones: something that kids are, are doing on the regular, which I, which I so appreciate and think is, is essential.

00:25:31.999 --> 00:25:34.339
So, uh, Sam, thank you so much.

00:25:34.339 --> 00:25:38.899
Those links are available at Transformative Principal dot org and@cybertraps.com.

00:25:39.109 --> 00:25:43.099
Come and check it out and, uh, appreciate you being here and appreciate your friendship for all these years.

00:25:43.104 --> 00:25:43.314
Sam.

00:25:43.673 --> 00:25:44.208
sam-bourgeois: Thank you.