WEBVTT NOTE This file was generated by Descript 00:00:11.455 --> 00:00:17.515 Jethro Jones: Welcome to Transformative Principle, where I help you stop putting out fires and start leading. 00:00:18.025 --> 00:00:19.525 I'm your host, Jethro Jones. 00:00:19.525 --> 00:00:22.225 You can follow me on Twitter at Jethro Jones. 00:00:22.225 --> 00:00:22.285 Okay. 00:00:35.486 --> 00:00:37.496 Welcome to the podcast today. 00:00:37.496 --> 00:00:38.876 I am your host, Jethro Jones. 00:00:38.876 --> 00:00:47.786 Today is a special day because we're doing one of these fun simulcasts, where we post this on cyber traps and on Transformative principle. 00:00:47.961 --> 00:00:58.046 And the reason is is because we're talking about something important today, which is AI and cybersecurity, and how we are protecting our kids online. 00:00:58.421 --> 00:01:04.691 Super important and something that is even more important with AI now. 00:01:04.931 --> 00:01:12.401 And I have, uh, a great friend of mine, Sam Bourgeois, who is, he's been a IT director. 00:01:12.401 --> 00:01:14.411 He's worked overseas in China. 00:01:14.411 --> 00:01:24.401 He has, uh, worked in private industry as well, and he's now creating something really awesome to teach kids about cybersecurity. 00:01:24.701 --> 00:01:26.681 So Sam, welcome to the program. 00:01:26.681 --> 00:01:27.371 Great to have you. 00:01:27.625 --> 00:01:28.045 sam-bourgeois: Thank you. 00:01:28.105 --> 00:01:29.725 No, thank you and welcome, welcome back. 00:01:29.725 --> 00:01:33.385 It's been years, it's been since 2020, I think it is. 00:01:33.385 --> 00:01:33.625 The last 00:01:33.671 --> 00:01:34.421 Jethro Jones: Yes. 00:01:34.525 --> 00:01:35.815 sam-bourgeois: we did something like this, so thank you for 00:01:35.831 --> 00:01:36.341 Jethro Jones: Yeah. 00:01:36.521 --> 00:01:42.461 So the last time you were on Cyber Traps was episode 67, which was August of 2021. 00:01:42.641 --> 00:01:46.841 So it has been a while and we've talked a few times between then and now. 00:01:46.841 --> 00:01:49.541 So, um, so you're doing some cool stuff. 00:01:49.541 --> 00:01:52.661 So let's, let's start by talking about this idea of. 00:01:53.471 --> 00:01:58.721 AI standards, and we'll get into the cybersecurity in a little bit, but let's start with the AI standards. 00:01:58.721 --> 00:02:01.901 What's your stance on that and why do you think that's important? 00:02:02.530 --> 00:02:06.160 sam-bourgeois: Well, I mean, know, my, my perspective as, as it. 00:02:07.210 --> 00:02:13.240 is when we have these kind of conversations, is, is formed from all those different experiences that I have. 00:02:13.240 --> 00:02:17.980 And one of those experiences in my current experience, I guess if you want, is working in the private sector. 00:02:18.040 --> 00:02:24.280 And so my job today, um, as you mentioned, I'm, I'm the cybersecurity and IT leader for a large. 00:02:24.955 --> 00:02:27.685 Uh, company that has, you know, an international footprint. 00:02:28.105 --> 00:02:32.935 And so we do everything from governance and compliance, security, managed services, et cetera. 00:02:32.935 --> 00:02:39.535 But really the important thing, um, that I'm seeing not talked about nearly enough is, uh, is ai. 00:02:39.955 --> 00:02:49.405 Now, again, not directly in education, we have education customers, but in my day to day I am approaching ai, I have to ask myself those questions like. 00:02:50.230 --> 00:02:51.970 so I get a new request for a new tool. 00:02:51.970 --> 00:02:58.120 Somebody says they want to use, uh, teams pro and they wanna record the calls and do transcription, and somebody else brings in fireflies. 00:02:58.120 --> 00:03:17.230 And I don't, if I don't have some kind of governance foundation to, to help determine the risk and to help understand what's the right process to, to, to say yes or no to some of these things, I get myself in the situation where I'm the jerk who kind of stands in the way of innovation I don't wanna be the, the blocker. 00:03:17.530 --> 00:03:19.030 What I really wanna be is the guardrails. 00:03:19.735 --> 00:03:20.995 want, I wanna do it safely. 00:03:21.055 --> 00:03:21.835 I want to innovate. 00:03:22.285 --> 00:03:24.175 I wanna move fast, but I wanna do it safely. 00:03:24.175 --> 00:03:26.005 And for me, that means guardrails. 00:03:26.005 --> 00:03:29.365 Think, think bumpers on the on the, on the bowling lane, right? 00:03:29.815 --> 00:03:32.005 Where it's okay to, to kind of bounce off things safely. 00:03:33.415 --> 00:03:36.535 and so with that in mind, that is my perspective. 00:03:38.330 --> 00:03:40.975 I, I have to ask myself, you know, I'm not the smartest guy. 00:03:41.770 --> 00:03:45.520 In the world, much less the smartest guy in the room, or even on this call, Jethro with you. 00:03:46.480 --> 00:03:46.870 But, 00:03:46.886 --> 00:03:48.116 Jethro Jones: That's, that's not true. 00:03:48.760 --> 00:03:52.840 sam-bourgeois: but, uh, but you know, I have to ask myself, somebody's gotta have done this before. 00:03:52.870 --> 00:03:55.000 Like somebody has to have asked these questions before. 00:03:55.030 --> 00:03:58.000 And so I look to the experts. 00:03:58.030 --> 00:04:03.850 I look to the experts like, uh, like nist, which is, uh, the National Institute for Science Technology. 00:04:04.330 --> 00:04:05.350 They have an AI. 00:04:06.025 --> 00:04:16.225 Risk management framework, RMF, I look at iso, ISO's got an annex specifically that talks about, you know, applying AI safely in, uh, in, in an environment. 00:04:16.225 --> 00:04:21.175 So I, I couldn't possibly be smarter than those guys, right? 00:04:21.175 --> 00:04:26.320 Like they've, they've got entire think tanks directed, you know, at the, at solving those problems and thinking through those things. 00:04:26.635 --> 00:04:27.625 GDPR, same thing. 00:04:27.625 --> 00:04:30.175 We've got GDPR regulations around AI as well for Europe. 00:04:31.885 --> 00:04:32.935 my approach is. 00:04:34.120 --> 00:04:44.680 You know, is, is there a standard that's globally accepted and how can I do my best to align to those standards if there's something out of line or out of band, or maybe something that's more important to me or that doesn't necessarily fit. 00:04:45.070 --> 00:04:46.210 In the use case or whatever. 00:04:46.210 --> 00:05:01.900 I'm gonna, I'm obviously gonna add to that, but what I don't want to do is I don't wanna shortchange myself and I don't wanna put my organization at risk, so I wanna follow, um, I'm not looking for a checklist, but I wanna follow some, some standards that I know that, that people have thought long and hard about. 00:05:01.990 --> 00:05:07.150 And if it's my prerogative to pick and choose which ones I like and don't like, at least I have them. 00:05:07.240 --> 00:05:11.860 And that gives me kind of that thoroughness, um, in the way that I approach those, those problems. 00:05:11.860 --> 00:05:12.940 That's just my perspective. 00:05:13.346 --> 00:05:13.766 Jethro Jones: Yeah. 00:05:13.976 --> 00:05:18.686 So when it comes to those standards, what are the things that you think are essential and. 00:05:18.776 --> 00:05:35.546 Important, uh, for you thinking of yourself in a, in a company now, but also for educators as we have, you know, a AI is changing really fast and progressing very fast, and schools take traditionally a very long time to change. 00:05:35.546 --> 00:05:39.236 And so, you know, a lot of them are still. 00:05:39.761 --> 00:05:43.601 Today talking about just blocking AI wholesale. 00:05:43.751 --> 00:05:50.381 And I don't, personally, I don't think that's a good idea, but I've never thought that just blocking everything wholesale is a good idea. 00:05:50.531 --> 00:06:02.111 Even back when the internet first came out and my first year of teaching, I had kids blogging on the internet and um, that was a very different thing but, um, that I got in trouble for. 00:06:02.141 --> 00:06:04.301 But I still think it was a worthwhile thing to do. 00:06:04.301 --> 00:06:08.081 And, and I put parameters and safeguards in place 'cause they were under 18. 00:06:08.966 --> 00:06:11.696 But ha them having a real audience matters a ton. 00:06:11.756 --> 00:06:16.586 So, so what are the, the, the thoughts you have about which standards are essential? 00:06:17.110 --> 00:06:17.560 sam-bourgeois: Yeah. 00:06:17.590 --> 00:06:19.330 So yeah, and I'm, I'm glad you brought that up. 00:06:19.330 --> 00:06:24.580 I mean, I, you know, we go ba we go way back in, in, uh, in education and I, a classroom teacher, same thing. 00:06:24.580 --> 00:06:29.020 I was always getting myself in trouble 'cause I was a risk taker and I wanted to expand. 00:06:29.020 --> 00:06:30.460 And, and here's the, here's the reason. 00:06:30.460 --> 00:06:33.250 This answer to your question, I guess for me. 00:06:33.340 --> 00:06:33.820 Um. 00:06:34.825 --> 00:06:43.765 It, it's, it's an admission that in a school setting, we're, we're probably not gonna do everything that's required for this kid to be successful outside of this classroom. 00:06:44.005 --> 00:06:44.665 Full stop. 00:06:44.815 --> 00:06:45.055 Right? 00:06:45.055 --> 00:06:47.545 Like, certainly not in the context of it. 00:06:48.475 --> 00:06:50.275 Certainly not in the context of security. 00:06:50.275 --> 00:06:52.855 'cause we sure as heck aren't protecting our kids, you know? 00:06:53.245 --> 00:07:01.195 And, and, and worst of all is, is ai because don't get it in a, in, in a regular context. 00:07:01.195 --> 00:07:02.005 People don't really get it. 00:07:02.065 --> 00:07:02.785 I mean, you can ask. 00:07:03.130 --> 00:07:09.190 A hundred Americans, uh, you know, in your audience probably beyond that, but like you ask a hundred Americans, what is ai? 00:07:09.190 --> 00:07:15.610 I think they'd have a real hard time explaining to you, and it's, it's actually quite simple, but they would have a hard time explaining that to you. 00:07:15.610 --> 00:07:28.930 So I, guess what I would say is, um, me it's a, it's, it's that back to the, the governance, it's that context of there is a right way and a safe way to do things. 00:07:28.990 --> 00:07:31.420 And, um, if. 00:07:32.425 --> 00:07:44.815 If your priorities as a community, as an organization, a school district or a school or whatever, if your priorities are not such that you're encouraging, empowering, and enabling innovation, that's your problem. 00:07:44.815 --> 00:07:47.575 Like, you know, the, the AI adoption, that's, that's not the issue. 00:07:47.635 --> 00:07:55.825 The, if you're in a culture of innovation, then you should also be in a culture of governance and putting up guardrails and thinking through things and being safe and you know someone like you. 00:07:55.855 --> 00:08:00.385 Knowing, knowing your background and where we first met, I know that that was. 00:08:00.775 --> 00:08:12.745 That was your MO was finding places where we could innovate and do things interesting and fun and the, the boundaries of, of normal education, but in a safe way. 00:08:13.045 --> 00:08:22.045 And so that's, to me, that's the biggie for education is, is the, the NIST frameworks and the industries are not appropriate for a classroom teacher. 00:08:22.735 --> 00:08:24.475 A hundred percent, no question. 00:08:25.135 --> 00:08:28.105 So what I've done, um, and what we've talked about is. 00:08:29.365 --> 00:08:31.615 You know, how could we, can we translate that? 00:08:31.615 --> 00:08:32.335 How could we do that? 00:08:32.335 --> 00:08:35.065 How would we, how would we communicate those things that are most important? 00:08:35.065 --> 00:08:44.245 So, I don't know the number off the top of my head, but, um, what I did is I correlated the, the NIST framework, the, the, uh, risk management framework to the ISO standards. 00:08:45.175 --> 00:08:52.525 I'm, I'm in the us you know, some of your listeners might be in the GDPR, uh, EU governed regions, but, uh, I didn't correlate any other standards. 00:08:52.525 --> 00:08:53.605 I'm sure they'd be easy to do. 00:08:54.445 --> 00:08:55.975 and then I just basically asked myself. 00:08:56.650 --> 00:08:59.590 What would I do if I was an IT director, which is my past life? 00:09:00.580 --> 00:09:09.700 would I convert this standard to a K 12 context for an operationalization for implementation in a school context, in a school setting? 00:09:10.120 --> 00:09:13.540 And then when I wrote that, I was like, uh, this is, this is actually really good. 00:09:14.380 --> 00:09:16.960 What about examples in the real world of why that's important? 00:09:17.110 --> 00:09:23.080 So then I, I added in things like what could go wrong and I, there's a. Obviously a ton of examples of what can go wrong. 00:09:23.650 --> 00:09:26.470 Um, and then I thought, okay, but what do we actually do with this? 00:09:27.100 --> 00:09:29.080 Like, how does this, like where's the rubber meet the road? 00:09:29.560 --> 00:09:35.650 So then I thought, which ones of these are actually appropriate for, for teachers to convey to the next generation to their learners? 00:09:36.400 --> 00:09:41.830 so I wrote those from, you know, kind of based roughly off of those things that were applicable. 00:09:42.790 --> 00:09:46.180 And then I thought, any of this worthwhile for a kid to learn? 00:09:46.330 --> 00:09:51.070 And I think the answer is, yeah, I mean, I think I. When, when you adapt those standards, it might come out. 00:09:51.100 --> 00:09:52.480 This is off the top of my head, so forgive me. 00:09:52.600 --> 00:09:54.460 It might come out something like this. 00:09:54.940 --> 00:10:09.820 Um, a student should know and recognize that there are correct and incorrect ways to use AI in education and in their community, that sometimes there are legal implications to the incorrect use of ai. 00:10:11.205 --> 00:10:13.090 I that's, I would agree with that. 00:10:13.120 --> 00:10:16.690 Like in, in all cases, I would say a student can comprehend that. 00:10:17.500 --> 00:10:17.920 Of course. 00:10:17.920 --> 00:10:19.150 Would I like to spiral that? 00:10:19.210 --> 00:10:22.900 Would I like to grade level that would, I like to apply that to some specific outcomes. 00:10:22.960 --> 00:10:23.320 Sure. 00:10:23.680 --> 00:10:25.750 But in terms of a standard, that's kind of where I'm at. 00:10:25.780 --> 00:10:26.080 Right. 00:10:26.080 --> 00:10:28.750 And so I've got, I don't know, maybe 50 of those. 00:10:28.755 --> 00:10:36.910 I, I, I didn't count 'em up to be honest, but that's kind of where my mind's at is, is how would I apply that to, to the real world and to, to education. 00:10:38.971 --> 00:10:48.781 Jethro Jones: For me, the, the real question comes down to things that are more ethical in nature rather than like, uh, correct or incorrect. 00:10:48.841 --> 00:10:57.481 Because there are some, there are situations in which it is, it is correct to do it, but it's unethical to do it. 00:10:57.481 --> 00:11:00.841 And, and so that gets into this question about ethics in. 00:11:01.196 --> 00:11:23.426 Using AI and you know, is it like, it, it, it may be fine to take a picture that you find or that you took and use it to generate an image, but if you, if that is a picture of someone else, it's your picture according to our copyright law currently in the United States because you took the picture. 00:11:23.640 --> 00:11:23.760 sam-bourgeois: A 00:11:23.816 --> 00:11:27.626 Jethro Jones: And so, but is it ethical for you to use that picture? 00:11:28.046 --> 00:11:34.796 To create something with AI without that other person's knowledge that could put them in a different light. 00:11:34.826 --> 00:11:40.706 And, and those are the kinds of things where, you know, our laws haven't caught up with this stuff either. 00:11:40.736 --> 00:11:51.956 And so we need to be able to talk about it in such a way that we can say, you know, whether or not it is legal or correct or incorrect, or whether or not there could be ramifications later. 00:11:52.316 --> 00:11:55.496 We need to be able to have the conversation about, um. 00:11:55.976 --> 00:11:58.376 Is, is this an ethical thing to do? 00:11:58.766 --> 00:12:03.956 And, you know, even is it ethical, is a, is a loaded question, right? 00:12:04.646 --> 00:12:22.646 And so how do we really teach these things and, and give kids exposure to them without making it like yet another lesson, yet another standard that kids need to learn, um, when, when really there's an underlying set of things. 00:12:23.096 --> 00:12:30.176 That, whether it's AI or something else, uh, we need to understand that that's, that's unethical to do that. 00:12:30.206 --> 00:12:31.256 Does that make sense, Sam? 00:12:31.270 --> 00:12:33.640 sam-bourgeois: It no, it, it absolutely does. 00:12:33.640 --> 00:12:34.390 It absolutely does. 00:12:34.390 --> 00:12:45.550 Because there's a. Yeah, there's something that, that people often overlook when they think about, um, you know, uh, technical skills and things like that. 00:12:45.550 --> 00:12:48.940 Like with great power comes great responsibility, right. 00:12:48.940 --> 00:12:49.480 Uncle Ben. 00:12:49.630 --> 00:12:56.830 Like when you're, when you're in my field, in my profession, um, certifications you get, they're all hinging. 00:12:56.830 --> 00:13:00.790 They're all contingent on this idea that I know just as much as a hacker knows. 00:13:01.435 --> 00:13:03.865 But I choose to use my skills in a different way. 00:13:03.865 --> 00:13:05.485 So I, I completely agree. 00:13:05.485 --> 00:13:07.075 I'm, I'm, I'm totally in line with you there. 00:13:07.735 --> 00:13:09.535 Um, and that was a great example. 00:13:09.745 --> 00:13:14.455 You know, uh, I don't know if you wanna jump off from ethics to issues with ai, but I think, 00:13:16.495 --> 00:13:25.795 I think fundamentally understanding that you have the ability to do things that you probably shouldn't do, and you should be thinking and training your brain to think critically about making those decisions. 00:13:25.825 --> 00:13:26.545 Like that's. 00:13:27.040 --> 00:13:27.640 That's the key. 00:13:27.640 --> 00:13:28.960 I, I completely agree with you. 00:13:29.651 --> 00:13:30.101 Jethro Jones: Yeah. 00:13:30.340 --> 00:13:39.610 sam-bourgeois: I guess was your hypothesis that we shouldn't think about, uh, a rigid checklist and more like a, like a growth mindset, just kind of continuously learning, thinking, and inner focus. 00:13:39.610 --> 00:13:40.150 Is that your 00:13:41.141 --> 00:13:48.551 Jethro Jones: Yeah, that's, that's my perspective on, on a lot of things that it's not so much about the technical. 00:13:49.271 --> 00:13:59.771 Understanding yes or no of X, Y, or Z. It's more about can I analyze the decision I'm making in the context of the situation that I'm in? 00:14:00.041 --> 00:14:06.731 And I don't want to get into like moral relativism where like, yeah, it's fine as long as I feel like it's okay to do right now. 00:14:06.731 --> 00:14:08.111 Like that's not what I'm talking about. 00:14:08.111 --> 00:14:13.661 There needs to be something deeper like this, deeper respect for other people, and. 00:14:14.051 --> 00:14:18.071 Their image and likeness and how we should treat them and that kind of thing. 00:14:18.371 --> 00:14:19.361 Those things matter. 00:14:19.391 --> 00:14:20.561 Other people's work. 00:14:20.861 --> 00:14:27.161 Is it unethical to use AI because it's trained on other people's stuff that they didn't give permission for? 00:14:27.191 --> 00:14:38.891 You know, like, uh, there was a tool a while ago where you could go see if your, your web content was included in the training data and you could essentially put in your, put in a website and see. 00:14:39.686 --> 00:15:00.566 How, if it was included in that, and I did use je Jones dot com and Transformative Principal dot org, and it was included in the training data, so it does know about me and about my work, and so somebody else could go look it up and, and ask chat GPT about Jester Jones and Transformative principle and it would know something about it. 00:15:01.166 --> 00:15:03.806 Um, but like, is that. 00:15:04.121 --> 00:15:05.921 Now unethical because of that. 00:15:05.981 --> 00:15:22.721 And those are questions I don't know the answer to, but they're questions that I think we need to spend time discussing and talking about in schools so that kids have an idea and they can understand how it actually works and not just think that it is the source of all knowledge. 00:15:24.322 --> 00:15:33.682 I wanna move just a little bit over to the cybersecurity side because the real challenge is that si the AI. 00:15:33.952 --> 00:15:42.442 Developments have made it so much easier for our cybersecurity to be less secure than it has been in the past. 00:15:42.682 --> 00:15:54.477 That there are so many more vectors, there are so many more, uh, spoofs and so much more like you can use AI to basically have this thing spam people for, you know. 00:15:55.057 --> 00:16:16.747 Hours and hours on end without any end in sight, using new email addresses, new approaches, new impersonations, all kinds of things, and, and those are the things that I am really concerned about because those will have real lasting damage and impact on kids and their future and all that if they get into a bad situation. 00:16:17.391 --> 00:16:17.811 sam-bourgeois: Yeah. 00:16:17.991 --> 00:16:18.441 Yeah, I agree. 00:16:18.441 --> 00:16:33.201 I, my, my learning management platform, um, make it Secure Academy, it, it has a signup form and so you can click the button and to your point, I have yet, I, I think I've gone 14 pages. 00:16:33.261 --> 00:16:34.971 I've gotta figure out a solution to this problem. 00:16:35.091 --> 00:16:37.311 I've got 14 pages, 10. 00:16:38.316 --> 00:16:47.826 to a page unique but junk emails and, uh, it just, it, I don't dunno if you have that same problem, uh, with your contact form. 00:16:47.826 --> 00:16:49.566 So I've gotta do something better with my contact form. 00:16:49.566 --> 00:16:50.016 It's like, 00:16:50.602 --> 00:16:50.992 Jethro Jones: Yeah. 00:16:51.246 --> 00:16:54.516 sam-bourgeois: they're just bots and they're just, they're just putting out junk. 00:16:54.576 --> 00:17:01.206 Um, yeah, from the, from the security perspective, you know, I, I don't wanna get too much in the weeds on security specifically. 00:17:01.206 --> 00:17:03.276 That's where I can really kinda geek out, but 00:17:03.412 --> 00:17:03.802 Jethro Jones: Yeah. 00:17:03.936 --> 00:17:05.436 sam-bourgeois: I, I, I totally agree. 00:17:05.496 --> 00:17:05.916 Um. 00:17:06.921 --> 00:17:22.881 What I think is, uh, what I think is terrifying in the education context specifically that by and large, you and I know how to, how to kind of mitigate risk to our, to our children and protect them in the future, but most people do not. 00:17:23.361 --> 00:17:28.521 And, uh, the exposure of, fill in the blank, it's, it's not about a particular vendor. 00:17:28.521 --> 00:17:30.261 It's not about PowerSchool, it's not about black bud. 00:17:30.591 --> 00:17:31.401 Fill in the blank, right? 00:17:31.401 --> 00:17:33.441 They're all, there's gonna be failures across the board. 00:17:33.441 --> 00:17:36.651 There's gonna continue to be failures, uh, to protect that data. 00:17:36.681 --> 00:17:39.591 Once that's exposed, like my biggest fear is that these young people. 00:17:39.996 --> 00:17:40.056 Yeah. 00:17:40.866 --> 00:17:46.296 only are they being watched constantly, which is another creepy thing, data brokers are watching everything we do. 00:17:46.686 --> 00:17:48.066 This is not an over exaggeration. 00:17:48.066 --> 00:17:49.266 This is not a four chan rant. 00:17:49.296 --> 00:17:50.046 This is the truth. 00:17:50.616 --> 00:17:59.616 Your, if your kid's got a mobile device in their hands, the device is knowing where they go, what they click on, how long they watch it, when do they scroll, what do they click, what do they like, what do they don't like? 00:18:00.366 --> 00:18:05.886 so not only are they gonna have these digital footprints, which we've been talking about for 20 years, right? 00:18:06.921 --> 00:18:17.181 only are they gonna be born into a digital footprint, they're also gonna be turning 18 with their identity exposed for the last 17, 18 years. 00:18:17.241 --> 00:18:20.661 Which is just, just horrifying to think about that, you know? 00:18:20.661 --> 00:18:28.161 And, um, that's, that's what really, that's what really kind of burns me up is, uh, I feel like, um, there's always been that conversation. 00:18:28.521 --> 00:18:32.781 Whenever you and I were young men, there was a conversation around why are we doing geography and not. 00:18:33.156 --> 00:18:39.186 You know, working with woodworking or changing a tire, balancing a checkbook, we're having the same conversations, right? 00:18:39.186 --> 00:18:54.546 Like everybody says, why are we doing this and not that, I mean, fundamentally speaking, like we are, we are absolutely these kids up for failure by not teaching this, this stuff, by not living it in, uh, in the classroom. 00:18:54.606 --> 00:18:56.521 And that's what, that's what really worries me. 00:18:57.747 --> 00:19:01.532 Jethro Jones: Well, and and you said something real key there, that we're not living it in the classroom. 00:19:01.907 --> 00:19:17.747 And one of the things that I've been frustrated about in the past is when it departments set up their own people for failure by sending, uh, internal phishing attempts and, and then it becomes a Gotcha. 00:19:17.897 --> 00:19:30.677 And when you and I talked about your Make It Secure Academy, you talked about how you can, you can send these phishing attacks and then kids can see. 00:19:31.012 --> 00:19:44.602 How they did, whether they responded to phishing attacks or not, and see what it was, what the message looked like, and, and then do some evaluation on how they fell for it or didn't. 00:19:44.662 --> 00:19:56.542 And, and then can you talk a little bit about that, because that's part of it that I think it becomes a learning experience at that point, and they get a score that says, Hey, this is how you're doing with your cybersecurity, which is, is really powerful. 00:19:56.542 --> 00:19:58.432 And that kind of stuff needs to be embedded. 00:19:58.432 --> 00:20:00.232 So talk a little bit about that aspect. 00:20:00.636 --> 00:20:01.566 sam-bourgeois: Yeah, yeah, yeah. 00:20:01.566 --> 00:20:01.956 You nailed it. 00:20:01.956 --> 00:20:07.536 I mean, like I've, I've always had this approach, like professionally I've had the same approach where I'm not a gotcha guy. 00:20:09.126 --> 00:20:12.996 but, but I run security programs and I have run security programs for, for a while. 00:20:14.106 --> 00:20:18.336 when it comes to young people, I think, uh, it's, it's an interesting approach. 00:20:18.336 --> 00:20:19.446 I'm, I'm fishing. 00:20:20.301 --> 00:20:20.841 Kids. 00:20:20.871 --> 00:20:24.831 And, and the reason I'm doing it is, uh, it's, it's a heck of a lot of work. 00:20:24.891 --> 00:20:26.961 I've gotta go, you know, fake all these domains and everything. 00:20:26.961 --> 00:20:33.621 But to your point, the, the outcome that I'm looking for is, is the change in behavior. 00:20:33.711 --> 00:20:36.171 I'm looking for not statistics. 00:20:36.171 --> 00:20:40.221 I'm not looking for, you know, reporting to the teacher and, and all this other stuff. 00:20:40.281 --> 00:20:44.871 I'm looking for an individualized approach to enhancing my security posture. 00:20:45.351 --> 00:20:46.941 And why can't that be a young person? 00:20:47.646 --> 00:20:53.706 I don't, I don't see any reason why it shouldn't be, I don't have time to visit your, your daughter. 00:20:53.706 --> 00:21:03.606 I don't have time to sit with my son and build him a, a safe space to work a, a safe Gmail and, and review every email with him and hover over things. 00:21:03.606 --> 00:21:05.016 I do try to do that for the record. 00:21:05.316 --> 00:21:06.636 That is my job as a father. 00:21:07.056 --> 00:21:10.146 But, um, it's difficult and it's, it's hard to manage. 00:21:10.446 --> 00:21:16.386 So what I wanted to do was build a safe space that had specifically aligned. 00:21:17.181 --> 00:21:18.531 Uh, activities and outcomes. 00:21:18.531 --> 00:21:21.141 And one of those activities is, again, I, I think quite innovative. 00:21:21.141 --> 00:21:23.001 It's phishing kids. 00:21:23.031 --> 00:21:41.871 And so, yeah, to your point, you know, um, when, when the students interact with a phishing email that I might have against them, you know, attack them with, so to speak, simulated, they get a splash page and it says, oops, this, this was not a, you know, this was not a a, a real malicious email or a bad email, whatever. 00:21:42.501 --> 00:21:44.301 Um, here's what we can do in the future. 00:21:44.301 --> 00:21:45.741 And then we also have training. 00:21:46.746 --> 00:21:58.446 specifically to that behavior and a follow up that says this is, this is why that one was unsafe, specifically, here's why could have looked for this, or you could have done this, or how, you know, how this could have been d done better. 00:21:59.076 --> 00:22:05.766 Um, more, more than that to your point about the kind of changing the way we, we think and our mindset, um. 00:22:07.371 --> 00:22:17.661 I've created videos that preload and also, you know, follow up and, and reinforce those skills, uh, that are tailor made for young people. 00:22:17.721 --> 00:22:29.121 You know, so I've got child actors hired children to act out scenarios and we're using AI to, to build videos that kind of speak directly to kids in the way they wanna be spoken to, animated short clips, which. 00:22:29.526 --> 00:22:33.121 And I wish they could stay, you know, more, more attentive for more than a TikTok video. 00:22:33.121 --> 00:22:35.011 But, um, I digress. 00:22:35.011 --> 00:22:36.211 We gotta, we gotta meet 'em where they are. 00:22:36.271 --> 00:22:36.511 Right. 00:22:36.511 --> 00:22:37.141 Unfortunately. 00:22:37.921 --> 00:22:39.031 that's, that's my approach. 00:22:39.031 --> 00:22:49.111 And, um, you know, I think, I think the, the gamification you mentioned, I think that's, that's really important too, because I think, uh, miss out on that. 00:22:49.566 --> 00:22:58.146 Frequently when we have like asynchronous learning opportunities, we miss on, we miss out on that ability to, um, to kinda gamify, gamify the experience. 00:22:58.206 --> 00:23:00.096 And so I really wanted that to be a part of what we do. 00:23:00.096 --> 00:23:04.656 And, and so again, we kind of invented a, whatever you wanna call it, like a credit score, you know, 00:23:05.167 --> 00:23:05.527 Jethro Jones: Yeah. 00:23:05.646 --> 00:23:05.797 sam-bourgeois: like a, a 00:23:05.827 --> 00:23:06.127 Jethro Jones: Yeah. 00:23:06.246 --> 00:23:09.966 sam-bourgeois: for kids to, to measure their security posture appropriate to their age group, by the way. 00:23:09.966 --> 00:23:10.836 So they 00:23:10.987 --> 00:23:11.197 Jethro Jones: Yeah. 00:23:11.376 --> 00:23:11.916 sam-bourgeois: level up. 00:23:12.817 --> 00:23:14.647 Jethro Jones: Well, and, and here's the other thing. 00:23:14.767 --> 00:23:20.347 The, what I don't want is an additional AI class. 00:23:20.377 --> 00:23:23.227 What I don't want is an additional cybersecurity class. 00:23:23.527 --> 00:23:32.197 What I want is for these things to be, and I don't want additional SEL class either, by the way, and I don't want additional character class. 00:23:32.197 --> 00:23:35.167 I, I want these things to be built into. 00:23:35.482 --> 00:23:45.412 What we're doing and, and there are so many things in the world that we live in that is information dense that we need to be aware of. 00:23:45.502 --> 00:23:50.872 And, and that is, that is essential to, to the work that we're doing. 00:23:50.872 --> 00:23:59.422 And, you know, we, we have to understand that we've got to educate more than just the, the math and reading and writing. 00:23:59.542 --> 00:24:02.842 You know, it's got to be the, the whole child. 00:24:02.842 --> 00:24:04.912 And it can't just be focused on. 00:24:05.332 --> 00:24:09.622 The things that get tested because that's not serving our kids well. 00:24:09.652 --> 00:24:24.232 Because those things, honestly, you can learn those at any time and it's no good if you learn those things and then you, uh, grow up to cheat people outta their money and they're hard earned things by being a hacker or some unethical. 00:24:24.532 --> 00:24:26.602 A criminal of some sort. 00:24:26.602 --> 00:24:33.772 You know, that's not the kind of society that anybody wants to create, and so we need to be teaching these things early on. 00:24:34.102 --> 00:24:39.592 So tell us about how people can get in, get started with Make It Secure Academy, what that looks like. 00:24:39.922 --> 00:24:42.622 Um, for, for themselves, their district. 00:24:43.026 --> 00:24:43.986 sam-bourgeois: Sure, sure, sure. 00:24:44.466 --> 00:24:49.146 Um, yeah, like I said, we're, we're on a mission to protect every kid, you know, one kid at a time in the world. 00:24:49.146 --> 00:24:52.446 And, uh, what, uh, what you can do to, to get ahold of us. 00:24:52.476 --> 00:24:57.516 The easy thing is, you know, you can find us on all the socials, um, make it secure. 00:24:57.636 --> 00:25:03.786 LLC, so M-A-M-A-K-E-I-T-S-E-C-U-R-E-L-L-C. 00:25:04.236 --> 00:25:07.476 And you can find us on, uh, on Instagram, Facebook, LinkedIn. 00:25:08.706 --> 00:25:09.306 make It Secure. 00:25:09.306 --> 00:25:11.616 Dot Academy is the, the actual website. 00:25:11.796 --> 00:25:15.546 Make it secure llc.com or make it-secure.org. 00:25:15.546 --> 00:25:20.796 We also have a nonprofit, uh, wing of, of what we do and, and how we serve around the world. 00:25:20.826 --> 00:25:30.366 Everything from Haiti and Kenya to uh, to, uh, to, uh, low socioeconomic status schools here in the US we're, we're just passionate about helping kids and helping educators. 00:25:32.467 --> 00:25:40.177 Jethro Jones: What I would encourage anybody to do is to go check that out and, uh, get a demo from Sam so he can show you what it looks like and, and you can. 00:25:40.867 --> 00:25:41.767 Tool around in it. 00:25:42.067 --> 00:25:45.727 And really the idea is for this to not be an extra class, 00:25:45.751 --> 00:25:46.031 sam-bourgeois: Correct. 00:25:46.267 --> 00:25:51.847 Jethro Jones: something that kids are, are doing on the regular, which I, which I so appreciate and think is, is essential. 00:25:51.847 --> 00:25:54.187 So, uh, Sam, thank you so much. 00:25:54.187 --> 00:25:58.747 Those links are available at Transformative Principal dot org and@cybertraps.com. 00:25:58.957 --> 00:26:02.947 Come and check it out and, uh, appreciate you being here and appreciate your friendship for all these years. 00:26:02.952 --> 00:26:03.162 Sam. 00:26:03.521 --> 00:26:04.056 sam-bourgeois: Thank you.