• Garrett O'Hara

    Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.


    Add comment
Garrett O'Hara


If you enjoyed The Get Cyber Resilient Show, head over to GetCyberResilient.com, a new online destination for cyber professionals in Australia and New Zealand.

The Get Cyber Resilient Show is brought to you by mimecast.com.

Related articles:

Customers are the target of cybercrime this Black Friday, but your business could be the real victim


O365 disruptions wreak havoc across APAC: the case for business continuity


Uni IT chiefs want an 'Aussie lamb campaign' approach to cyber awareness


#cybersecurity #cyberresilience #getcyberresilient



Download Now: Cyber Resilience Preparedness. Expert Insight, Tips And Guidance


The Get Cyber Resilient Show Episode #4



Gregor Jeffery: [00:00:00] We know it can be challenging to secure your business, especially when you have limited time. The Get Cyber Resilient show, brought to you by Mimecast is the perfect way to stay up to date with the latest cyber development across Australia and New Zealand. Whether you're listening to this podcast commuting, cycling, jogging, or walking the dog on the beach during the festive season, you'll hear real stories from IT and security leaders just like you. Don't get angry at downtime in data breeches, get cyber resilient.


Hi there, and welcome to the Get Cyber Resilient show. My name is Gregor Jeffery. And in this episode, Garrett O'Hara catches up with Safi Obeidullah, field CTO of Citrix APJ to talk about the concept of digital twins and driving cyber resilience through rapid response.


However, first off, Garrett and I discuss downtime due to Office 365 disruption, cyber awareness training for the general public and Black Friday. Gar, did you buy anything for Black Friday? Or are you anticipating any purchases for Cyber Monday?


Garrett O'Hara: [00:01:03] I am not, Gregor. I feel like, um, yeah, shopping's not really my thing, so I didn't, uh, I didn't partake. I do worry about the people who I know, family and friends, who are out there and potentially looking for the bargains, for obvious reasons. And I think we'll talk about a little bit laker, uh, later. Uh, but yeah, no. I didn't buy anything. What about you?


Gregor Jeffery: [00:01:22] Uh, I did read a joke that's known as remorse Monday as well.


Garrett O'Hara: [00:01:25] Ah, there you go.


Gregor Jeffery: [00:01:26] Yes.


Garrett O'Hara: [00:01:26] Yep.


Gregor Jeffery: [00:01:27] Uh, look, I did buy a few digital things online, some plugins, audio plugins. Um, it's the time of year to save all your purchases for Black Friday, is my feeling. So r- retailers, online retailers, they seem to ... Yeah, have all their best buy things at that time of the years. And if you can take a step back from that impulse buying and just go, "Okay, November, I'll buy something then." So I've bought a, yeah, a couple of audio plugins, uh, which I'd had my eye on for, yeah, certainly, nearly 12 months.


Garrett O'Hara: [00:01:56] Is that audio plugins to make your sound, you know, really cool on the podcast? Like different voices, like Darth Vader maybe?


Gregor Jeffery: [00:02:02] Uh, one's a laugh track plugin so we [crosstalk 00:02:05]-


Garrett O'Hara: [00:02:05] Oh, we definitely need that.


Gregor Jeffery: [00:02:06] [laughs]. So we can have some canned laugh, uh, laughter. I think that would be brilliant [laughs]. Fantastic. Okay. The first story we've got, uh, for this week, uh, comes from the Get Cyber Resilient, uh, website. Elad Schulman, uh, CEO and co-founder of SEGASEC, uh, we talk about his story: Customers Are the Target of Cyber Crime This Black Friday, But Your Business Could be the Real Victim.


So, you know, we're looking at what is the actual business impact of Black Friday. Uh, you know, employees are out there, much like myself, um, snapping up some bargains online. But then how does that impact, um, from a business perspective, you know? Uh, you're told not to use business email for personal usage. Uh, but in- invariably that does happen. Um, so yeah, wh- what's your insights from that, Gar? And you spoke to Elad last week


Garrett O'Hara: [00:02:54] I did yeah. He's an ... He's an impressive guy, uh, to my mind. And- and given what SEGASEC are doing, he's got a particularly, uh, laser-focused, um, view and insight into what actually happens on ... in, you know, Black Friday. It's probably the big time of year for them, given it's a log of brand-jacking stuff. You know, but they do that year round, so, uh, this is their busy season. So they're like the Santa Claus of the infinite web, I suppose, in a way.

Um, I think it's interesting. So, for, like, your comment around not using work email, one of the things that has come up consistently in, you know, as we chat, is people using personal email from work machines. So even if you've got a, you know, particularly, on uh, your- your work email address, pretty good chance your employees are actually using.


Gregor Jeffery: [00:03:36] Yeah, logging into Gmail


Garrett O'Hara: [00:03:36] Gmail, or any of those, exactly, yeah. So, um, and Gmail does some good stuff for security for sure.


Gregor Jeffery: [00:03:41] Mm-hmm [affirmative].


Garrett O'Hara: [00:03:42] But it's a real easy way to bypass any of the kind of secure email gateway stuff that you might have in place, um, uh, at any given time. And, look, Elad, uh, when we chatted, and obviously, um, has written the article for, uh, Get Cyber Resilient. The- the insights he had were on the retailer side, as he said.


Um, and things to- to watch out for- for them. Like, his comments to me were interesting in that, um, when you think about it, retailers can't really tr- well, traditionally couldn't really control the infinite web. And- and by that, he means, and- and I suppose we now mean, uh, the domains outside of the ones that you own. So, you know, Gregor.com cool. You own that. What about when they attackers register Gregor, change the O to a zero, or change it to a homoglyph? Um, which is one of the things that, uh, Elad showed in- in one of the videos 


Gregor Jeffery: [00:04:29] Yes.


Garrett O'Hara: [00:04:29] -where he registered PayPal, looked perfect. But actually he had a different type of P, um, wasn't a Roman alphabet P. It was a different type of P. As a human, I would have no idea that wasn't the real PayPal site, but he actually cloned the entire thing. Um, and that was his comments was that- that- that traditionally has been out of the control of the retailers. And, that's fine, except for the fact that it causes the retailer a huge amount of brand damage is somebody uses their brand to attack their customers. So it's this weird thing where it's not in your control, but actually the effects are very, very substantial uh, and material to a- a business.


And they're doing some really, in my opinion, really amazing stuff to, uh, to tackle that. So scanning the infinite web, looking for those, kind of, cousin domains and- and homoglyph, and homograph attacks. And then allowing retailers to do things like take those domains down very quickly using APIs. It's pretty elegant, uh, solution. And, uh, an approach. Um, and that's obviously the- the, you know, the retailer, the business side. Um, he also made that commentary around the consumer side of things, so the people like you and me who are out there looking for the deals.


Gregor Jeffery: [00:05:36] Yes.


Garrett O'Hara: [00:05:36] And, um, yeah, we- before we started recording, I was saying my big worry is my family and my friends, the people I care about trying to find, you know, a deal and may get a new mobile phone, audio plugins, whatever it might be, um, but actually going to a site that isn't real, it's a cloned site in some way, and it's going to drop some malware. Um, maybe steal the credentials, steal credit card information. And, you know, it doesn't need any ex- explanation. That's a really awful thing to happen.


But the attackers, this is their busy season. You know, this is ... They know everybody's out there looking for deals. And they're- they're going to take advantage of that.


Gregor Jeffery: [00:06:08] Yeah. Um, in terms of revenue generated by Black Friday this year, they're estimating ... projecting it to be 87 billion US dollars. Uh, and then earlier in the month, we h- had Singles Day. Um, you know, that's being pushed by Alibaba. Uh, and they had three, uh, $38 billion, um, revenue on ... just on that date. Um, so it's, yeah, it's a huge shopping day [crosstalk 00:06:33]. There's a lot of online activity going on.


Garrett O'Hara: [00:06:35] Yeah, the ... I think the Australian Bureau of Statistics called ... It was in November last year was the busiest online retail day, sorry, month, that had ever been seen. Um, and I know there's a lot of talk about the- the economy and s- you know, where that's at. Uh, yeah, like, at the end of the day, people are still out there, you know, they- they see the news. It was on ABC this morning. You know, people are talking about it [crosstalk 00:06:56]-


Gregor Jeffery: [00:06:56] Yeah.


Garrett O'Hara: [00:06:56] And that naturally, kind of, increases the- the volume of- of people just at their click frenzy. You know [crosstalk 00:07:01]-


Gregor Jeffery: [00:07:00] Yeah.


Garrett O'Hara: [00:07:01] That- that click frenzy [crosstalk 00:07:02]-


Gregor Jeffery: [00:07:02] Was that around the same time as singles day. Uh, and I guess that just ... that flurry of activity, the, you know, customers and consumers are becoming less cautious because there's, you know [laughs] gotta catch them all Pokemon style, got to get all those specials.

Garrett O'Hara: [00:07:15] [laughs] that's it.


Gregor Jeffery: [00:07:15] Get ready for Christmas.


Garrett O'Hara: [00:07:16] Yeah, yeah. It's- it's ... Look, it's- it's a dangerous time. But, um, you know, again, you and I have talked about, uh, Valentine's Day, um, Black Friday, Click Frenzy, Christmas. You know, pick a holiday and generally you're going to see some kind of trend line go up for attacks, because the attackers know people are buying flowers, or people are buying presents for kids. Or, you know, whatever it might be, um, but that's- that's the reality. They know that. They'll take advantage of that. And, um, the- the ... call it the distraction, you know, as you said, like, people are out there trying to find a deal.


They're not really thinking about cybersecurity. So, psychologically, they're almost set up to be a better target, um ... At sort of their activity volume, they're just not in the mindset of thinking about cybersecurity. They're out, say, to get 10%, 20%, uh, off a deal, which, by the way, one of the- the big things that I think a lot of people have said, Kevin Mitnick, I know Elad said it. Like, if a deal looks too good to be true, like, it probably is. You know, that's the reality.


Gregor Jeffery: [00:08:13] Yep. Um, if anyone's interested in learning more about SEGASEC, uh, you can go to SEGASEC.com, which is S-E-G-A-S-E-C .com. Uh, and you can, yeah, learn about the SEGASEC platform. Uh, it's a very powerful in terms of, you know, protecting brands from brand-jacking and, um, you know, I guess scouring the dark web as well for- for- for different information out there.


Garrett O'Hara: [00:08:35] Yeah, yeah. I've seen ... Elad did a demo a little while ago for me. And, it's, to me, anyways, uh, as a sort of tech, incredibly impressive, uh, technology and platform that they've built, yeah.

Gregor Jeffery: [00:08:48] On to our next story, uh, we had Office 365 disruptions, a number of them, over the past, uh, few weeks, across APAC, uh, and, you know, this really brings into light business continuity, and what is the business continuity plan that an organization has? Uh, especially we've also seen the bush fires across Australia. Uh, bush fire season has started early. Um, New South Wales and Queensland have been, um, greatly affected, and, um, you know, homes lost, lives lost.

Uh, at the end of the day, what, from an organizational perspective, do you have business continuity, um, plans in place? And, do ... Perhaps businesses need to be less reactive to these style of, um, events coming along.


Garrett O'Hara: [00:09:32] Yep. Uh, it's- it's the tragic side, isn't it? Of those kind of natural disasters, and other things, you know? Um, was it, uh ... I'm probably going to get this wrong. Was it Oswald in 2013, in Brisbane? I don't know if you remember those big floods that hit? Um, I had some friends who lived up there in, uh, in West End. And was stunning the effect that- that that had on that city. And there was some people I- I kind of heard stories about.


Um, the businesses that stayed kind of viable and operating versus the ones that didn't, because when the floods start, and, you know, water seeps into, or flows probably, into a server room somewhere-


Gregor Jeffery: [00:10:08] Yeah.


Garrett O'Hara: [00:10:08] It's game over, right? You know, um, some companies would have a, sort of BCP plan in place. And they could continue. Um, and others just couldn't. And it, you know, you've already got the horrible thing that's happening through a natural disaster. And then stacking on top of that a business that is now not operational, and the employees ... the- the- the- knock-on effect, I think is, um, is awful.


Um, I think you just mentioned the 0365 outage. That was last week, right?


Gregor Jeffery: [00:10:34] Yes.


Garrett O'Hara: [00:10:34] Um, the timing there was- was awful, because, um, Satya Nadella was over from, uh, Microsoft and visiting Sydney, um, as that all happened. And, you know, I think it was three separate outages, which ... Look, in reality, I think 365, I think we'd all agree is a phenomenal platform. Um, you know, it's- it's really good for what it is, which is mail service.


Um, but I think the- the reality is there's no such thing as perfect, for the most part. And, uh, one of the things and- and moves that we're seeing is, with the ... you know, the move to cloud is- is great. There's huge economic benefits to doing that. But risk doesn't get outsourced with the move to cloud, so a lot of organizations, given, you know, what happened last week ... Um, and look, it's happened previously, you know, and not just the 0365, also with Google.

Um, secondary services are becoming more important, you know, things like email and other services are so critical to core operations that it's not really optional anymore. Um, assuming email is critical to your business.


Gregor Jeffery: [00:11:30] Yes.


Garrett O'Hara: [00:11:30] To have, uh, reliance on a single service. You know, that- that secondary service that kicks in, often automatic-


Gregor Jeffery: [00:11:37] Yeah.


Garrett O'Hara: [00:11:37] Or automatically if there is an issue, um, these days has become kind of, I think, just best practice risk management.


Gregor Jeffery: [00:11:43] Um, and I guess we, you know, we can look at this from a technological perspective. Uh, and, you know, certainly email is within, uh, our ... one of our central focuses here at Mimecast. Um, you know, we have fire drills within buildings, and they can be so annoying. Um, do we have, you know, other type drills, cyber drills, um, to just really run through ... in the event, and as it ha- happens or something goes down, what does the business do?


Garrett O'Hara: [00:12:12] You're so, uh, spot on with that comment. One of the things that, um, came up is the cyber think tank that actually Mimecast ran in San Francisco. I think it was two years ago. And one of the questions that was asked during the think tank was, "Does anyone have an incident response plan?" And obviously a lot of people proudly put up their hands and said, "Yes, you know, we ... yeah, we do."


And the followup question was, "Awesome. Okay, who's- who's practiced it within the last six months?" And, you know, hands go down straightaway. And, your- your comment there is just so accurate, because if you look at the Firies, which is probably relevant given what's going on, certainly in New South Wales, at the moment, they don't wait until there's a fire to figure out who holds the ladder, who, you know, is Bob going to ho- hold the hose or, you know, who's driving?


They practice that time and time again before the real disaster happens. In sports teams, right? You don't go out and kind of go, "Okay, you know, um, I don't know I ... Do I play over here? Who's- who's in goal?" Like, everybody knows what to do before the thing happens.


Um, one of the things we're seeing in cyber is that has become, uh, so important is absolutely have the plan in place, absolutely practice the plan. And, take the changes that are required based on how it's actually gone, and build them into the new IR plan, and keep doing that. Like, don't ever think, you know, that goes in the top drawer and the document is done.


It- it just doesn't work. Employees leave. They come back. They forget what their role was. It needs to be ... It needs to be almost like the Firies, you know, when the thing happens, everybody knows exactly what they're supposed to do, um, what they're responsible for. And, you know, in that situation, then you'll have a better outcome for the business.


Gregor Jeffery: [00:13:44] Uh, and I was reading ... I was reading recently that some of the, uh, hospitals that have gone down with the recent malware outbreaks, they've sort of reverted to just paper systems.


Garrett O'Hara: [00:13:56] Yep.


Gregor Jeffery: [00:13:56] As their fail over, um, you know, depending on the industry or type of organization, that can be possible, uh, but certainly, for- for many, there's- there's no option to back to a paper-based system.


Garrett O'Hara: [00:14:09] I keep saying ... We- we've talked about this before, for, like, all we ever do is talk about cyber. But, huh, just a couple of weeks ago, we were talking about the, uh, that idea of availability, not necessarily always being digital. And I think we were talking about the hotel example-


Gregor Jeffery: [00:14:20] Yes, yep.


Garrett O'Hara: [00:14:20] Where ... Was it in the US? I- I can't remember where it was, but that hotel that got attacked.


Gregor Jeffery: [00:14:25] Yep.


Garrett O'Hara: [00:14:25] And they used those RFID cards for the door, which is pretty standard now, these days. But they had a bunch of guests who were stuck outside of the rooms, because that system had gone down. And, when you think about that, a key, a physical key is perfect- perfectly acceptable, uh, you know, availability measure in that kind of, um, uh, from a [Dior 00:14:46] perspective, perfect. Like, that works. Right? And- and you mentioned there, um, going back to paper back systems for hospitals.


I had a friend who worked ... who worked in, uh, air traffic control. And, um, years and years ago, part of what they had to practice was, outside of using the electronic systems, which are obviously the default, pat of what they practiced was, if they did fail, and you've got planes in the area, you've got to know how to get the planes down and do that safely, so they would practice with paper strips and use that as a way to manage those airplanes.


And, you know, everyone kind of stays safe. It's not ideal. You wouldn't want to do it as a- a business as usual mode. But it works. Um, you know, from a security perspective, in getting planes down or back up into the air.


Gregor Jeffery: [00:15:26] Yes.


Garrett O'Hara: [00:15:27] You know, if- if there's a huge catastrophic failure in the electronic systems, cool. Go back to paper and it- it's- it gets you through the- the kind of rough patch.


Gregor Jeffery: [00:15:34] Yes, does remind me of a saying from Die Hard Two, where John McClane helps land some of the, uh, planes at Christmastime. And he's just waving- waving around sticks of fire, uh, so, he had his redundancy plan all worked out.


Garrett O'Hara: [00:15:48] [laughs].


Gregor Jeffery: [00:15:48] Or he made it up as he go ... went along.


Garrett O'Hara: [00:15:50] The best Christmas movie apart from the Muppet Christmas Carol, in my opinion. So, uh, yeah. One to checkout, I think, again, in a couple of weeks.


Gregor Jeffery: [00:15:57] I'm sure it will be on network television.


Garrett O'Hara: [00:15:59] [laughs].


Gregor Jeffery: [00:16:00] So you can find out ... more about the case for business continuity on the Get Cyber Resilient website. Um, and we had that story that was brought to us by, um, Bradley Singh, who's our technical con- one of our technical consultants at Mimecast.


Next up, we have a story from IT News. IT chiefs from Australian universities that made a submission to the Home Affairs 2020 Cyber Security strategy. And they've listed that community awareness is essentially, uh, to drive significant, um, uplift and Australian security. They cited some of the classic ad campaigns we've seen, such as Sam [Kekovic's 00:16:34] Over the Top, Aussie lamb ads. Uh, slip, slop, slap, the anti- ca- cancer council ad campaign, and also, um, I remember one from the '80s, uh, Life: Be In It, which was all about, um, getting Australians to get up off the couch and participate in the community.


They also noted that they thought we should have a cyber emblem. Some of us may remember cyber room, um, Gar, what are your thoughts?


Garrett O'Hara: [00:16:58] Um, the- the big thing that I agree with here is the advertising approach. And, um, Dan Gregory spoke at [AZIT 00:17:06] two years ago now, and gave an amazing talk on, uh, where the cybersecurity industry had gone wrong. And a big part of his message was, if you look at how communication has traditionally happened, it's not in ways that are meaningful to their ... to people you're aiming the message at.


Um, often long emails, uh, modes of communication that don't really land with people emotionally, so they're never going to change their- their behavior. And, um, uh, he kind of inspired a talk that I've been given, then, for probably about a year on- on the human aspects of cyber resilience. And- and, you know, it's not original thought in any way, but it's true, I believe, in terms of what we've gotten wrong traditionally, uh, in trying to change people's behavior, because we've treated it as a compliance exercise.


And that's really ... That's been the year of change, in my opinion, where most of cybersecurity leaders have realized, actually, an element system where you're forced to watch a video, that just plays in your second screen while you work on your first screen. You click the submit button, and the compliance team get a- a report that says, you know, 90% of people have watched the security training video. But nothing changes.


Like, when you do the campaigns, the phishing campaigns and the testing, everybody's still getting this stuff wrong. I'm a huge fan of the advertising approach, you know, short, sharp, punchy contents that cuts through. Um, Netflixy, you know, um, what is the ... Hulu, you know, people watching those kind of, um, funny, kind of punchy things. Um, people are on Facebook, so all those sharp dopamine hitters, that's what people are used to. So the idea that they will watch a 40 minute video on security, like, it's sort of ridiculous at this stage.


Gregor Jeffery: [00:18:38] Yes.


Garrett O'Hara: [00:18:38] Um, so I'm a huge fan of that advertising approach, because we know it works, right? Um, I'm here 20 years. I remember the Not Happy, Jan advertisements. It's part of the vernacular. Advertising works, you know, for good or for bad. Um, I'm sure at some point, I've changed my brand of beer because I saw an amazing ad. I'm like, "Oh, I must try that."


Um, so, that, I think is a given these days. Like, we need to change away from the- the language even of cybersecurity training to cybersecurity behavior change. How do we get people to stop doing the wrong things and start doing the right things? You know, looking at the positive, um, approaches, so the carrot versus the stick. And the carrot, longer term, um, that works. Um, I know that because I happen to be married to someone who worked in Taronga Zoo. And, you know, had a- a clicker, and was able to train weird animals that you would think, you know, you can't train a bird or, I don't know, pick it, like a lizard or something.


Gregor Jeffery: [00:19:30] Yes.


Garrett O'Hara: [00:19:31] You can train anything with positive reinforcement. And we see that working. Humor, short, sharp, punchy contents. Um, to your second point around the emblem. Uh, look, like, I get why that would seem like a good idea. I probably question its- its validity for a few different reasons. 


I think it ... We live in a complex world already, so to get ... cut through of another emblem that means security, when if we're honest, that's gone wrong in the past. The padlock for, you know, SSL, on a website, that doesn't mean anything anymore, because it's so easy to get a cert. You can actually be a hacker or an attacker, have a, you know, air quote, secure site, the little, you know, handbag icon, padlock, doesn't mean anything anymore.


But people have now been trained to look at that and think, "Oh, if I see that, that's safe." So you almost end up sending the wrong message. Um, I guess it would depend on how it's done. How is it audited? What does it really mean? And how do you educate it ... the public to look at that and that be meaningful in terms of an emblem saying, yeah, you know, company X, Y, Z, is good for security awareness or security control. So, um, I think it's an admirable idea. I think the execution would be difficult, in my opinion.


Gregor Jeffery: [00:20:46] Look absolutely. Um, I think towards a junior audience, perhaps that emblem may resonate. Uh, but I think, generally speaking, you know, some of those ad campaigns we've mentioned um, there was an essential emblem or character, uh, or the character was, you know, it was more on some catch phrases that they used, uh, that really landed quite well with the audience.


Another point they cited was really, you know, raising that awareness to, um, pressure service providers and manufacturers to treat security more as a commodity, uh, and baked into their products. Uh, so I think it's ... Yeah, it's important that it, um, you know, the public do know that baseline, uh, of what products and even, um, you know, retailers that they, uh, interact with, uh, are adhering to.


Garrett O'Hara: [00:21:29] And that's a great point actually. Um, because I think the public has an ability to pressure organizations, sometimes to do the right thing. So, um, may- maybe it's a good lever, or, you know, a good ... yeah, a good lever to actually change companies when the- the economic ... they start to stack up. Actually, it relates back to our conversation around security as a differentiator. 


And maybe that's it, you know, maybe that's a signal to a comp- you know, to a ... to a- a consumer or a buyer that this is a company that they should do business with, because they've actually used security as a competitive advantage, and the- the emblem maybe signifies that, so actually, really good point.


Gregor Jeffery: [00:22:04] Um, and they also flagged per- potentially short courses, um, that are ... that are recognized, um, by institutions, um, micro learning, micro credentials. Um, it's a big like, uh, getting your RSA certificate or- or- or things like that. So it's [crosstalk 00:22:18] just a ... just a baseline for anyone looking for employment that they've, you know, that they have one of these micro credentials.


Garrett O'Hara: [00:22:23] Which would be, I mean, really useful actually, when you think about how much money organizations now spend on behavior change programs, like is that a differentiator for, um, you know, a potential candidate for a role to come in and say, "Well, actually, you know, I've got my credentials in cyber awareness, so I'm- I'm a lower risk employee." I don't know. If there was, uh, two candidates that were level pegging, and one of them had, uh, you know, a micro credential for cyber awareness, is that enough to kind of push them ahead? Um, that- that's actually, you know, it's a really ... maybe a useful thing as we go forward.


Gregor Jeffery: [00:22:55] Yeah. You don't ... you don't have to teach them on day one, uh, or on- ongoing, just on some of those cyber security basics. Okay. That's all we've got time for for this episode. Happy shopping out there. Don't click on links that you ... that look a bit odd. Um, and the lock, the handbag up in your browser, doesn't always mean a site's secure. See you later, Gar.


Garrett O'Hara: [00:23:17] Cheers, Gregor.


Gregor Jeffery: [00:23:18] Next up, as part of our security leader series, Gar interviewed Safi Obeidullah, field CTO of Citrix APJ, to talk about the concept of digital twins and how it can help organizations respond faster to security incidents and ultimately drive cyber resilience.


Garrett O'Hara: [00:23:35] Welcome everybody to the podcast interview for today. I'm joined by Safi Obeidullah, um, from Citrix. And Safi is the field CTO for the AU/Pacific/Japan region. Welcome on Safi.


Safi Obeidullah: [00:23:47] Thanks, Garrett. Appreciate the opportunity.


Garrett O'Hara: [00:23:49] Awesome. Hey, can we start out with just a- a kind of brief intro to how you got to the position that you're in today?


Safi Obeidullah: [00:23:55] Yeah, sure. So I've had a kind of interesting, uh, past to get to this point. You know, I've spent the last 22 odd years, sort of working in the end user computing space. And somehow I fell into Citrix in the e- very early on in my career. And pretty much every job I've had since has been about Citrix. Um, whether on the customer side working with enterprise customers, working with different partners.


Um, and about 10 years ago, I joined Citrix as a pre-sales engineer. Um, you know, from there my journey really went from being a- a individual pre-sales engineer to looking after the pre-sales team. 


And I've been doing that for the last seven years, looking after sales engineering for Australia and New Zealand. Um, and the opportunity came up to take on this role, uh, a broader role, sort of working, I guess t- together, not just from a customer and partner perspective, but working with our product management team to look at how we, uh, align our product strategies, the capabilities that we develop with the needs of the APJ market. So I'm really looking forward to sinking my teeth into this role.


Garrett O'Hara: [00:24:53] Awesome. And- and one of the things that kind of, uh, I suppose, made us end up talking today was this idea of digital twins, which I found really fascinating. You sent over some information on that.


Safi Obeidullah: [00:25:02] Yes.


Garrett O'Hara: [00:25:02] Um, would you kind of mind just broadly running us through what a digital twin is, and- and-


Safi Obeidullah: [00:25:06] Yeah.


Garrett O'Hara: [00:25:06] Some of the use cases maybe?


Safi Obeidullah: [00:25:08] Sure, I think, you know, the easiest way to describe what a digital twin is to think of it as a living model that can provide an outcome. And if you think about the way decisions are made typically in a business, um, whether the business is in the financial industry or engineering industry, you typically build a model of what something could look like. And then you make some decisions based on that. That model or simulation is typically based on static data. It's a point in time. 


You know, if I input this data in, this is what the result could be.


And you apply some different permutations to that. I guess the concept of a digital twin, when you look at it from an industry perspective is really a living model. So it's not just a model that is based on st- on static data. It's a model that has a continuous stream of data that is feeding in all, um, all the different attributes, data points that have related to that model, on an ongoing basis, so you can apply and- and run ongoing simulations and run those what if scenarios based on real world, uh, information.


And I guess the key, uh, technology that underpins it is analytics and big data. Um, you know, without that, you would not have the inputs, uh, from, uh, a real world perspective to enable you to build those accurate digital twins.


Garrett O'Hara: [00:26:27] Big data's ... Uh, we hear, like, that's just huge at the moment, data lakes, um, it's- it's definitely ... seems to be the- the new rock and roll. Um, and obviously fits in very well with digital twin technology.


Um, in terms of this cyber resiliency use cases, uh, for digital twins. Like, how do you see that working?


Safi Obeidullah: [00:26:43] Yeah, look. I mean, I think this ... There's probably lots of opportunity. You- you know, I think, you know, generally, historically, the approach for security has more of protect. And- and, in- in many cases, it's reactive. And I guess, over the last, sort of five years, people have tried to look at ways to get more proactive around how they, um, I guess, contain or identify threads be- before they actually have a, uh, a genuine impact on the organization, or the individual, or- or your data.


You know, I think this type of, uh, approach would allow you to almost play out a virtual threat, and how you would respond. Um, and I think that's where, you know, when you look at concept of cyber resilience is really about not just identifying, but actually, how would your bi- working out how your business would operate when you're in the midst of the threat.

And that's where I think a digital twin could really help. Right? If you've got a virtual representation, almost like Sim City, [crosstalk 00:27:33] of your business-


Garrett O'Hara: [00:27:34] [laughs], yeah.


Safi Obeidullah: [00:27:34] Right? And you could play out, well what happens if I ... my primary online banking site was impacted by data loss? What would that do? What would that do, from a financial perspective, from a customer perception perspective? All those different elements, you could play out those different scenarios. So, you know, ultimately, I think it- it's going to help businesses respond faster, uh, to different scenarios that- that they may be facing.


Garrett O'Hara: [00:27:56] So this is very exciting, in my mind. Um, because one of the things we talk about in our industry all the time is the idea of a- an instant response playbook, and is ... There's a natural expense to practicing that and simulating that, whether it's tabletop or full exercises.


Safi Obeidullah: [00:28:10] Yes.


Garrett O'Hara: [00:28:11] So this sounds like a really efficient way to check your IR plan without actually having to go, you know, the- the full Monty, and- and kind of running a- a- a full simulation. Am I ... is that correct?


Safi Obeidullah: [00:28:20] Yeah, Garrett, well because it's- it's live. You- you know, it's- it's always there. You know, I think that the- the- the important thing is that, um, you know, ma- the markets today, whatever industry you're in, are demanding faster and faster responses to changes, whether those changes are climate or financial or people demand, whatever it may be.

And, you know, this would give people a- a model that they can try out those changes a lot faster, make a decision and move forward with it. So I think it's s- sort of really, you know, we always talked about businesses being agile. Well, they can be agile and- and make accurate decisions, because they've got something to actually play out what that scenario would look like.


Garrett O'Hara: [00:28:57] So whatever I'm thinking ... It's almost like a- a real time instant response plan type thing.


Safi Obeidullah: [00:29:02] Yeah.


Garrett O'Hara: [00:29:03] You've built through a digital twin?


Safi Obeidullah: [00:29:04] Yeah, yeah. I mean, I think it's still early days, right? I mean the concept's only been around for a few years. Um, a lot of the early, uh, implementations have been modeled around engineering things; wind turbines, machines and stuff like that, where they can look at, you know, how long it would take for an- an O ring to wear out, or, a- a- a joint to crack and things like that.


And-and that's ... Those are ab- absolutely important use cases there. But I think, as people get more familiar with it, uh, more familiar with, uh, the use of big data and- and- and- and leveraging that, I think there's more and more applications for that type of model.


Garrett O'Hara: [00:29:38] So you ... The limitations being imagination in some ways?


Safi Obeidullah: [00:29:41] Limitations, I think, yeah. Imagination. I also think, um, concerns around data, yeah, protection. Uh, IP confidentiality would be an issue, right? You know, as much as our markets are getting, here in Australia and New Zealand are getting more comfortable with cloud, which is great. Um, you know, over the last few years, if you think about, to build an accurate digital twin, pretty much all your data-


Garrett O'Hara: [00:30:05] Yeah.


Safi Obeidullah: [00:30:05] -relating to your business, or that machine, or that business unit, whatever you're trying to build a twin of, needs to be in that place. So, um, awesome to build an accurate representation, but to have the right protections around it. And if there was someone who was trying to attack me, or- or- or would threaten my business, that would actually be a good repository of data to be able to extract, right? [crosstalk 00:30:30]


If I've got all the elements and it's live, so I think there's a big security angle as well, which I think will take some time to- to ... for people to get comfortable with.


Garrett O'Hara: [00:30:37] And- and when you talk about the- the information of the feeds going into this kind of system, wha- like, what will the feeds be? What- what sort of systems would you look at for a cyber resilience kind of approach?


Safi Obeidullah: [00:30:47] Look, I mean, from a cyber resilience perspective, I think the key thing is looking at all your, um, threat vectors across your organization, across your users. I think, generally, organizations have become better and better at protecting entry points from a data center perspective. People are- are getting more maturity around how they protect their cloud subscriptions and things like that.


I think the thr- the- the highest threat still comes from individual people.


Garrett O'Hara: [00:31:10] Yep.


Safi Obeidullah: [00:31:11] Um, people are using more and more different devices. They have, I'll call it more and more front doors into corporate IT. You know, you go back 20 years, the front door into corporate IT was your- your- your desktop. There's no other way. Right? That was the only way. You had a username and password. All your apps and your data were on that PC.


Whereas now, with the prevalence with web and SAS based applications, you can access your corporate information from any device, anywhere, anytime, whether it's a- a shared device in a Qantas club, internet café, on your iPad, on your kid's PC, whe- wherever. And that's the challenge for organizations. How do you protect against that? And how do you even know that someone has put the URL for Salesforce, or a SAS app, into a browser somewhere else, and is accessing your corporate data from it on- on trusted and protected PC? And that's the challenge.


And so I think, you know, if you can get the data endpoints from those SAS applications, from the mobile devices, from all those entry points, you can only use you p- an- an analytics platform or a big data platform that leverages things like machine learning to actually ex- extrapolate, collate all that data and make sense of it. There would just be too many data points for someone to s- you know, to do the traditional log analysis. It just wouldn't work.


Garrett O'Hara: [00:32:25] And- and that, I think is where sort of applications, so security orchestration and response applications, um, that is the promise that we get to the fully automated approach to-


Safi Obeidullah: [00:32:35] Yes.


Garrett O'Hara: [00:32:36] -responding to incidents. I think everybody in our industry would accept that we're not there yet.


Safi Obeidullah: [00:32:40] Yes.


Garrett O'Hara: [00:32:40] It'll get you a certain amount of the way, but you have a human interaction at the end to-


Safi Obeidullah: [00:32:44] At the end.


Garrett O'Hara: [00:32:44] -to make the ultimate decision.


Safi Obeidullah: [00:32:45] That's right.


Garrett O'Hara: [00:32:46] Um, but with digital twins, it sounds like you're actually going that extra step. Is that correct? Or it-


Safi Obeidullah: [00:32:50] Well, I think it [crosstalk 00:32:51]-


Garrett O'Hara: [00:32:50] Or it will be eventually?


Safi Obeidullah: [00:32:51] Yeah, and I think it's an eventual thing. I think digital twins are so still early days. But I think being able to play out what the different scenarios could be. If I had a person access my app in this way, what could happen?


Garrett O'Hara: [00:33:03] Yeah.


Safi Obeidullah: [00:33:04] Um, or how could they access this? And- and I think playing out the different scenarios gives people, I guess, a level of ... a higher level of readiness to what they need to prepare for. Otherwise, you're sort of thinking, oh, well, what if [crosstalk 00:33:17] but if I can actually play out a number of what if scenarios, in a- a virtual Sim City of my organization, then hey, I- I'm going to get a much more accurate decision making process.


Garrett O'Hara: [00:33:27] And- and so it sounds like, while there's some overlap with sort of applications, actually, they- they sort of sit and maybe overlap in a useful way? Tho- those two things, where digital twins, from what you're saying is like the- the what if analysis, incident response simulations with an element, potentially of automation and to respond, where SOAR sits more on the a thing has definitely happened-


Safi Obeidullah: [00:33:47] Yes.


Garrett O'Hara: [00:33:47] You know, based on correlation. Let's go and, you know, automate the response to that.


Safi Obeidullah: [00:33:51] Yeah, yeah. Look, I mean, I think, I think the SOAR thing, sort of, that cause and effect, you actually see something, and you define a- a response. And if you can automate it, awesome.


Garrett O'Hara: [00:33:58] Right.


Safi Obeidullah: [00:33:58] Um, and that's there. I think the digital twin, you know, has ... if one can embrace it and- and do it in a way that is a really accurate representation of your business, then you've got a- a very powerful tool, modeling tool. That's dynamic, that's alive. It's a living, breathing model that you could use for so many different things, security, absolutely, business decisions, how do I price the ... The cool thing would be is if you think a bit more broadly, putting security elements aside is what if you could actually create, like a Sim City, where your digital twin was able to talk to another digital twin, um, maybe in the same industry. Maybe not, because it's a competitor, but maybe in a- an adjacent industry or a retail market, because you're selling shoes and stuff like that.


So there's some, potentially some really interesting things that could happen if you actually had digital twins actually communicating with each other and- and- and applying different permutations of what if scenarios across different businesses, across different industries. So we'll see where it goes.


Garrett O'Hara: [00:34:57] Yeah, and- and so you've mentioned that it's early days. Right so, um, and um, I suppose, from my perspective, like, how early is it? Like, when do you see this stuff actually hitting, you know, the real world and, you know, prime time, or, you know, when you walk into an organization, that's what's actually happening?


Safi Obeidullah: [00:35:11] Yeah, yeah. Well, I think, you know, in any hype cycle, there's the early adopters. I think we're in that phase. Uh, you know, I think recently, uh, a few weeks ago, there was an article about New South Wales government, who announced that they were, um, going to embrace a digital twin model to build out, um, I guess scenarios for them ... around the New South Wales economy, uh, around ... to help them plan, uh, whether it's for transport or- or other things like that.


So, I mean, if a government agency's doing it, then that's a- a pretty good sign that it's starting to gain some momentum there. Um, and you know, if you go back a few years, as I said, some of the applications have been more in the engineering side of things. We've seen IBM do a lot of stuff, GE do a lot of stuff in that space as well. So I think, you know, we're in the early stage, but I think there's some momentum there. I think the key underlying platforms are at a good maturity level around cloud, around big data analytics, machine learning and things like that, which are, I guess, the foundations to what you need to make a digital twin.


Um, the data, uh, from a data acquisition perspective, more organizations have the ability to capture and- and- and- and collate data, which is really important. Um, many organizations may have data that's locked away in- in legacy systems or on paper. And they may need to work out, you know, think about the IP that lives on a patient record, a physical pa- you know, in a medical center or a hospital. How do I get access to that? You know? That could actually have a lot of implications as well.


So there's, uh, I think there's a whole lot of elements. There'll be some compliance stuff people will have to go through [crosstalk 00:36:41]-


Garrett O'Hara: [00:36:41] Always compliance [crosstalk 00:36:41]-


Safi Obeidullah: [00:36:42] Yeah, all those things. But I think we're on the right journey, right? I mean, I think it's- it's, um, it's something that could definitely help businesses, governments, make better decisions.


Garrett O'Hara: [00:36:51] Yeah, absolutely. And you- you mentioned the, um, making a digital twin all about person, right? And you know, the workplace and productivity impact there.


Safi Obeidullah: [00:36:59] Yes.


Garrett O'Hara: [00:36:59] Um, can you walk me through how that works as a ... as a person who's, like, um, end user analytics where you look at their behavior on machines. Is there other stuff that would play into that too?


Safi Obeidullah: [00:37:07] Yeah, so I think, uh, you know, that's some of the areas that- that we're doing work as well, from a Citrix perspective. I guess Citrix, this year is actually our 30th anniversary. So we've been around for 30 years [crosstalk 00:37:17]-


Garrett O'Hara: [00:37:16] Congratulations.


Safi Obeidullah: [00:37:16] Ah, thank you. Um, and, you know, pretty much that whole time, what we've been focused on is enabling people to work- work better and work easier in- in what they have to do. What we're launching after the end of this year is a new p- uh, is an extension of our workspace technology, which adds a lot more intelligence to help guide and automate the work that people need to do.


And I guess the connection there with a- a digital twin is, you know, if you think about the way ... look at the way people work, work is effectively defined in- in- in two ways. It's either structured work, which is those repetitive tasks where there's administration tasks, just the repetitive stuff that you have to do day in, day out. And there's the unstructured stuff, which is the creative stuff, the engaging workshops, meeting with people and things like that. That's the stuff that's more interesting. That's the- the knowledge work part of it.


Um, the structured stuff is the stuff, you know, um, if you can learn that form an individual, then we've got an opportunity to automate that. If you look in- in most enterprise organizations, there may be manuals and documented processes that define, uh, how to use an application. But for- for many things, um, there's a lot of stuff that's not documented. There's- there's nothing to ... that's documented to say, "Well, this, um, employee has to extract or copy data from this one system, apply it to this other system. And then import it into this spreadsheet." Um, that's not documenting it anyway. That's in his head, because he knows what needs to be done for that job.


And I guess an opportunity that we have to help, uh, augment what people do is to understand that process, create a digital version of that process, and either allow the employee to do that faster, or in some cases, automate that.


Garrett O'Hara: [00:38:50] Yep.


Safi Obeidullah: [00:38:51] And that's where we're, sort of starting to- to move into, so the workspace becomes not just a place to go to access your applications and files, but a place where we can start guiding and automate the work that needs to happen, and underpin by virtual assistant


Garrett O'Hara: [00:39:04] And- and the workspace, I think, these days and we're in the beautiful office here, obviously. And, uh, amazing view over the harbor. But one of the things we- we're seeing is there's less and less of a physical requirement these days.


Safi Obeidullah: [00:39:15] Yeah.


Garrett O'Hara: [00:39:16] Where your workspace is actually ... it is a laptop and a phone. And it's your colleagues. And it's the things you interact with digitally and obviously, um, analog also. Um, but it's kind of shifted away where there's absolutely digital reliance and dependency. But actually there's, you know, there's no physical requirement anymore.


Safi Obeidullah: [00:39:31] Absolutely. You know, I think we're seeing that shift more and more. I mean Citrix, as a company who's been in this, uh, technology for quite some time, we've been embracing it for a long time obviously. Um, but increasing, I guess over the last three to five years, there's absolutely a sense of it from employees, from organizations, to drive much more flexibility in the workplace, flexibility around how you work, uh, the location you work, even the hours you work, where people are offering more shift hours.


You know, you can start late, because you've got to drop your kids off in the morning.


Garrett O'Hara: [00:40:00] Yep.


Safi Obeidullah: [00:40:00] Or take a parent to doctor or something like that, just having more, uh, flexibility in the way that you work, because we've got access to what we need to outside of the office. 20 years ago, the only place you could access the tech you needed to was in the office. You had to be behind that desk. Um, whereas now, um, increasingly, there's more and more opportunities to work and be as productive outside of the office as in.


Garrett O'Hara: [00:40:23] And- and sometimes, I- I think more productive, if I'm honest.


Safi Obeidullah: [00:40:25] Yeah.


Garrett O'Hara: [00:40:25] Um, I think-


Safi Obeidullah: [00:40:26] Less distractions.


Garrett O'Hara: [00:40:27] Yeah, like really-


Safi Obeidullah: [00:40:28] Yeah.


Garrett O'Hara: [00:40:28] That's the- the common theme I often hear when I have these conversations. Um, it's interesting to me going back 20 years, because if you look at, from a- a resilience or security, pure security perspective, it's actually much easier to secure a physical location.


Safi Obeidullah: [00:40:40] Yeah.


Garrett O'Hara: [00:40:40] With hardwired machines.


Safi Obeidullah: [00:40:41] That's right.


Garrett O'Hara: [00:40:41] Where you're not looking at wifi APs. You're not looking at people working in cafes on public wifi, and all the permutations and combinations of the- the different role types.


Safi Obeidullah: [00:40:52] Yes.


Garrett O'Hara: [00:40:52] And different locations that are potentially insecure, that people are actually working.



Safi Obeidullah: [00:40:56] That's right.


Garrett O'Hara: [00:40:57] So, uh, you know, the impossible traveler starts to take place. And so, um, and sometimes they're actually real travelers.


Safi Obeidullah: [00:41:03] Yeah.


Garrett O'Hara: [00:41:03] They have jumped in a plane, and they now are in-


Safi Obeidullah: [00:41:05] That's right.


Garrett O'Hara: [00:41:06] -Mexico, on holidays, but actually they're working. So, um, from a digital twin perspective, like is ... I'm guessing that's the kind of stuff where you would start to build a- a picture of what is good and what's not?


Safi Obeidullah: [00:41:15] Yeah, and that's a really good example that you gave of the impossible tr- traveler. So underpinning our workspace, uh, platfo- uh, uh, our Citrix workspace is our analytics platform as well. And our ana- analytics platform has three elements to it; security, performance, and productivity.


Performance is self- explanatory. How- how well does it perform? Security and productivity are the interesting ones. So security are ... is, you know, if- if ... The Citrix workspace, if the workspace is the single front door to your organization, then we can capture all the elements of what a user is accessing, how they're working, what off the ... what- what devices they're using, what- what ID they're using and things like that.


It's then easy to identify what's an- an a genuine impossible traveler scenario versus a threat, because we know what the baseline is. We know that that employee has worked on these devices. We know, if we see a new device. We know if we see their authentication, their credentials being used in a location they've never been before or we don't have an office before. And so that starts to allow our analytics platform to start, not just reacting, but being proactive and identifying threats before they may potentially be a- a threat, and actually start taking autonomous actions.


So if we see an impossible traveler scenario, and we know it's a device that, uh, we- we've never seen that specific user use, in a location that they've never been, then we can actually start saying, "You know what? That doesn't look right. I'm actually going to lock their credentials. Or apply a policy that demands multi-factor auth." Because you know what? We do have an office in that location. And that person may have lost their device, because they're traveling, so just to be sure, we'll just add that extra element.


And that's what we're loo- That's what we're- we're really excited about is, I guess, providing, uh, IT departments with a little bit more control, but more automation to help that. And if you think about company that may have thousands and thousands of employees to try and manage that manually would be difficult. And that's typically monitored across multiple systems and things like that. But from a Citrix workspace perspective, because you've got one, effectively one front door into your organization, that's consistent, then you've got ability to really capture those threat vectors and have the opportunity to, um, respond autonomously.


Garrett O'Hara: [00:43:28] And it sounds like you get to do, uh, a better job of the security versus productivity that has existed since technology was invented.


Safi Obeidullah: [00:43:35] Yeah, yeah.


Garrett O'Hara: [00:43:36] Um, but being able to automatically dial up, dial down security policies based on good practice, but without getting in the way of people who genuinely, as you say, may have lost a device.


Safi Obeidullah: [00:43:46] Yeah, and I think that's the key, right? It- it's being dynamic enough to understand the context. And I ... and I think that's the real value of the Citrix workspace is that it's contextual. It knows whe- whether the employee's in the office or outside of the office. Are they on a corporate issued device, or a personal device, or type of networks that they're on. And can d- dynamically adapt the security posture of the workspace based on that context.

So the user doesn't have to remember, "Hey, I'm working from home. I need to access my app this way." Or this way. Um, you know, those policies automatically come down. So if we want to say that this specific application is only available in the office on a corporate network, then you- you could define that.


I want to stop people copying and pasting from a SAS application on a untrusted device. You can do that. So really giving, um, organizations the- the- the granular capability to make those decisions, but not have to worry about m- manually implementing them or- or putting the onus on the end user to remember the right thing to do. We can apply that dynamically with the Citrix workspace.


Garrett O'Hara: [00:44:47] And if I understand it correctly, there is an option to provide guidance in the workplace as well.


Safi Obeidullah: [00:44:52] Yeah.


Garrett O'Hara: [00:44:52] So if you're watching a- an end user, or a- a person in their job maybe do the wrong thing, or go ... start moving in the direction ... the wrong direction, the- the digital twin technology could kind of jump in. And in my head, I imagined, like, the Clippy character from, you know, Office 97, popping up and saying, "Hey, [crosstalk 00:45:08] do this."


Safi Obeidullah: [00:45:09] Clippy's back. [laughs]. Um, yes, I mean, to some degree. I mean, if you think, uh, from a consumer app, so, like, if you look at consumer applications in that world, they're so far ahead of what enterprises deal with on a daily basis, right? Like, the recommendations that come from Spotify. It knows what music you like, and will suggest new music to you. Same with Netflix and things like that, even Facebook and that. And I think that's where we're on the cusp of is- is really, you know, there's so much focus on employee experience these days.


People, or more and more organizations are realizing that we need to adopt almost a consumer mindset to how we deal with enterprise applications. And being able to provide more accurate recommendations to employees to help them, to guide them, is really important. Um, you know, employees these days have to deal with so many different applications.


Garrett O'Hara: [00:45:54] Yep.


Safi Obeidullah: [00:45:54] They're so distracted, because they're checking email, and Teams, and WhatsApp, and Slack, and this, and this, and this. And each time you get another notification or another ping, like, the- the red light flashing on a Blackberry, you get distracted. You lose focus, and it takes you time to get back.


So what we want to do with- with guiding people is just keep them focused on what needs to happen. Um, and from a- a recommendation perspective, you know, some of the things we're working on is, well, if I'm a bank teller, and other bank tellers are checking it ... are- are reading this new policy document, the workspace will suggest to me, "Hey, Safi, other bank tellers, other people in your role are reviewing this new policy document. You should do the same. Here's a link to it." That's the type of thing we're looking at.


Really, you know, I think there's a whole big, um, commentary in the market about AI stealing our jobs and all this type of stuff. And I think that's a bit of fear mongering. And I think the real opportunity for these type of technology is to augment what we do, make our lives easier. And you know, you saw that. You may have seen that p- press, uh, a few weeks back about the- the four day work week in Japan, the trial that happened at Microsoft.


Garrett O'Hara: [00:46:56] I'm- I'm really hopeful that Australia can [crosstalk 00:46:59] it on.


Safi Obeidullah: [00:46:59] Um, but- but that's the thing, right. Like, we are so busy in our daily lives, right. If we can become more efficient at what we do, we can actually get more of a life back. You know, for all of us, you know, work is not nine to five anymore.


You know, we're on email all the time, or we're thinking about it, or we're doing stuff. We'll do a- a quick, uh, half an hour, or an hour of emails on the weekend, or at the soccer, whatever it may be. And I think we can find a better, I guess, better balance between that, more efficiency in the tasks and workflows that we need to do, a little bit of automation where, you know, if I'm a manager and I always approve an expense report, which is f- $200 or less, well, I'm just going to approve it. Why does it have to come to me.


Garrett O'Hara: [00:47:35] Yeah.


Safi Obeidullah: [00:47:36] Uh, and things like that, so we're looking at all those opportunities to make life a lot easier.


Garrett O'Hara: [00:47:40] Yeah, and look it- it echoes some of what I heard. I was at the- the Gardner Symposium recently. And one of the analysts was talking about similar use cases where, uh, if you've got a data link and your anale- analytics aren't good enough, you can sort of suggest next actions.


Safi Obeidullah: [00:47:53] Yeah.


Garrett O'Hara: [00:47:53] We talk about it. And we ... Obviously, we're ... we work in the, uh, email management space. And similar to you guys, we have a massive data link. And part of what we potentially would look at is, based on, you know, you start typing an email. Based on what you're typing, what your colleagues have done is, they've attached this document, because that-


Safi Obeidullah: [00:48:09] Oh, wow. Yeah.


Garrett O'Hara: [00:48:09] -fits in with the email you're typing. So, um, definitely think it's a ... it's a- a thing we'll see more of.


Safi Obeidullah: [00:48:15] Absolutely.


Garrett O'Hara: [00:48:15] Almost inevitable. But the support side of things. And I think that's exciting, because it takes the donkey work away, but not the value off the humans kind of a thing there.


Safi Obeidullah: [00:48:23] Yeah, that's right. That's right.


Garrett O'Hara: [00:48:24] Um, so we've talked a- a fair bit about the, uh, the end user, the- the employees within an organization from a resilience and cybersecurity perspective and security operation centers and the analysts that would sit there.


Um, is there a play here, where, with that digital twin approach, and, you know, we've talked about the incident response simulation type stuff.


Safi Obeidullah: [00:48:44] Yeah.


Garrett O'Hara: [00:48:44] Um, is there an opportunity to reduce maybe some of the false positives for the SOC or the security teams that, you know, they would have to normally waste their time on?


Safi Obeidullah: [00:48:52] Yeah, look, I- I definitely think, you know, if you think about traditional practices in organizations around security. You know, there's a- a- a team that's doing pen testing regularly, and things like that. And then ... and then ... and again, those are point in time exercises. 


What if you could do a continuous pen test? And just apply different scenarios into it, and d- that digital twin? And I- I think that's the thing. The applications are potentially analysts, right? If you've got a fake, or a SIM organization to- to play out all these different scenarios, I mean, you could play out all ... a whole range of different scenarios, have the battle plans or the response plans already defined, work out what the automated response could be for those scenarios, and implement them in- in the real world.


I mean, when you talk about shifting the needle from being reactive to proactive, I mean this takes it to the next level. And I think that's the- the real opportunity there is we go from chasing our tail to being ahead of the curve and being prepared for a whole range of different scenarios we haven't even thought of.


Garrett O'Hara: [00:49:48] Yep.


Safi Obeidullah: [00:49:49] Um, and- and- and I think that's the real opportunity, but it'll- it'll- it'll come in time, I think.


Garrett O'Hara: [00:49:53] Yeah, yeah, all good things-


Safi Obeidullah: [00:49:55] Yeah.


Garrett O'Hara: [00:49:55] -come to those who wait.


Safi Obeidullah: [00:49:56] That's right.


Garrett O'Hara: [00:49:56] That's what they say. Um, and in terms of the- the approach, when, like, as you're talking through this, it sounds like there's obviously in any organization, there's so many differences and so many things that are probably the same. So there's- there's a, you know, there's those variables at play. So how cookie cutter is the digital twin approach then, in terms of being able to apply to different verticals or different companies.


Safi Obeidullah: [00:50:17] Yeah. Look, I mean, I think, uh, I mean the concept of the digital twin could be applied to different industries. How willing one organization is to ... in an industry to share their learnings with another company in the same industry, I don't know. From a competitive perspective, um, they may not want to do that. It's a competitive advantage for them to have, uh, this type of- of living m- model where they can play out their business decisions and- and security threats or the way people work and stuff like that, so perhaps not.

Uh, but however, I guess, as the maturity comes and we learn, you could get a- a template to say-


Garrett O'Hara: [00:50:55] Yeah.


Safi Obeidullah: [00:50:55] If I'm in a bank, here's a- a base foundation or a model for a digital twin. Feed your data in here. That could happen in time, you know, as people want m- want to do that. And I'm sure it would. I mean, a- a- a IT vendor would probably come and create different base models for different industries. It would be good for some. The big players, big organizations would always do their own thing, and- and- and do it s- from scratch.


But I think for the- the- the midsize organizations, even smaller organizations, right? Um, if I'm a painter, or I've got a hairdresser, like, you know, the ... they wouldn't typically have the ability to build a model, but if they could buy a model in the same way they buy a template for a marketing plan or a email blast or something like that, I mean, you- you could see it in time becoming a- a commoditized thing where, like the game Sim City, you buy it and you WYSIWYG build it yourself and off you go. I ... could become that easy. I don't think we're there yet though.


Garrett O'Hara: [00:51:50] Yeah, for sure. Um, it sounds like potentially very big impact in terms of productivity.


Safi Obeidullah: [00:51:57] Yes.


Garrett O'Hara: [00:51:57] And like, longer term?


Safi Obeidullah: [00:51:58] Yeah, look, a- absolutely. You know, I think the way that we work, um, hasn't changed a lot in terms of how we do our day to day activities. We just have more things to do and more places where ap- applications and data lives, right? So we're dealing with more and more systems. Um, you know, I think I've sort of studied from the US, saying over the last few years, while technology has ramped up, uh, productivity's going down.


And if you look at it, it's almost, um, fatigue from an employee perspective. Where do I find my document? Is it in my network file server? Is it on OneDrive, share point, document management system? Um, where do I find some. Is it in email, Slack? Like, there's so many different places to go, just in the, uh, in the work context, let alone personal context where you're catching up with Instagram and Facebooks, and- and personal stuff, right?


Um, so there's so many different things to do. You know, I think for any employee, if there's a way that we can help make their lives easier, um, you think about anyone's inbox at the moment. For most people, uh, almost a third or a half in some cases, is full of system and- system notifications.


Garrett O'Hara: [00:53:03] Yeah.


Safi Obeidullah: [00:53:03] And, uh, and the worst ones are the ones that say there's been a comment added the your service request. Click here to see the comment. Well, why? Just give me the comment in the email. Right? How much time? And those are the thing we're talking about. So what if in your inbox, we- we ... From a workspace, Citrix workspace perspective, we could take out all the system notifications and put them into the workspace where they were actionable. They weren't directing you to another app or anything like that.


And those small times savings, may se- seem small, but when you apply that across thousands of applications, thousands of employees, you're suddenly talking about that one day a week that we can save and go back to our four day work [crosstalk 00:53:39] week, right?


That's what we talk about. Uh, we genuinely believe if we can, uh, do this right and organizations embrace this, we can potentially save 20% of their time.


Garrett O'Hara: [00:53:48] And- and- and then sort of the time, as you're talking there, one of the- the resilience or security implications I would see is if you put people on rails a little bit, what you're probably going to avoid is the, um, call it the confusion sometimes that will have people clicking on links that bring them to a malicious website-


Safi Obeidullah: [00:54:02] Yes


Garrett O'Hara: [00:54:02] -for example or opening a document that isn't particularly-


Safi Obeidullah: [00:54:05] That's right.


Garrett O'Hara: [00:54:05] - safe or secure. Um, removing a lot of the noise. Because I think, genuinely, that's where a lot of social engineering type attacks are successful-


Safi Obeidullah: [00:54:14] That's right.


Garrett O'Hara: [00:54:14] -is that because there's just so much going on for the average employee. If you can put them on rails even a little bit.


Safi Obeidullah: [00:54:19] Yeah.


Garrett O'Hara: [00:54:20] You know, they're ... naturally there's security outcomes there, because they're not so confused or even so, uh, distracted by all the different places where all the things they need to understand and- and then to digest kind of live.


Safi Obeidullah: [00:54:31] That's right. And that's why I think, you know, we talk about the- the notion of- of guide and automating that. That guiding the workflow is really important. And it's exactly that. You know, you can give people a policy they have to read and sign and all that. But how many times do they actually remember it? And how many different scenarios are they ... permutations are they accessing from different devices and different applications. And to your exact point, if we can guide them and provide them the rails. And you operate here, and move them along, then I think we're in a much better position to protect, uh, organizations and individuals.


Garrett O'Hara: [00:55:02] Awesome. Um, and you guys have an ebook, um, and the use cases on there, they- they made sense. You know, there's some kind of emergency services, and healthcare workers and that kind of stuff. Um, we- we've sort of touched on it already, but the digital twin ... digital twin approach, how does that work, um, you know, perimeter versus internal, versus everything else? Is there, like, an agent that you would install? Is it taking data feeds? Like, how does it, in practical terms, how would it actually work?


Safi Obeidullah: [00:55:28] Yeah, yeah, sure. So Citrix workspace is- is a single application. Um, you- you know, at the moment, we- we launched the Citrix workspace last year, uh, as an application to organize access to all the applications and data in desktops you need in one place. Um, you can download it for free from the ... from the app store.


Garrett O'Hara: [00:55:44] Yeah.


Safi Obeidullah: [00:55:44] Uh, supported on any platform, and we also have an HTML5 version, which will work across any browser as well. This is really all we need. Um, there's no additional agents or anything like that. That workspace application not only provides you the access, uh, to organize, guide and automate the work, but also includes the necessary elements to- to provide the data, feed it back to, um, our core analytics platform, then r- relay that back to the ... I guess the customer or the partner who's managing the platform.


Garrett O'Hara: [00:56:15] And, and any challenges? We- we're very close to running out of time, so I don't want to finish on the [crosstalk 00:56:19] negative, but, like, any gotchas as you sort of think through this? And- and you guys sort of plan for it?


Safi Obeidullah: [00:56:24] From Citrix workspace or digital twin?


Garrett O'Hara: [00:56:25] Oh, just digital twins, in general.


Safi Obeidullah: [00:56:26] Digital twins, look, I mean, I think ... You know, like with anything, I think there's going to be lessons learned. Um, you know, like in the early days of cloud, uh, you know, people got burned. They had to adjust strategy. You know, people had a preconceived notion of what it is and- and- and I think they're going to learn what it isn't as well.


Um, I think the opportunity is, you know, because people are familiar, typically with building simulations or- or modeling data. I think, you- you know the use of big data and analytics platforms, and even, s- uh- uh simple ones that businesses use like Tablet or Power VI and stuff like that have got people comfortable with- with, I guess modeling data.


Garrett O'Hara: [00:57:05] Yep.


Safi Obeidullah: [00:57:05] This is the next level of that. And so I think, because we're familiar with it, we'll sort of understand how to get things started. And I think, I'm sure there'll be some- some lessons learned around, you know, we made a decision because a digital twin told us this, but then we realized we hadn't fed this data point into it which impacted a thing. And I think that's going to be the key is how do I get an ... a really accurate representation, and to do it really [accuraly 00:57:28]- accurately, you've got to feed it everything.


Garrett O'Hara: [00:57:30] Yeah.


Safi Obeidullah: [00:57:30] Pretty much everything. Uh, and how do we unlock all that data? And I absolutely think the security element, how do I protect that data if is sits in a cloud or wherever it sits, you know, what happens if someone else gets access to it? She's my entire business. And ... Or- or what if they start influencing the data, which influences the decisions, which wrecks my bi- Yeah, there's a lot of permutations there as well, but that's something to consider.


Garrett O'Hara: [00:57:53] Yeah, it's all for the future. Um, Safi, really appreciate you taking the time. And, uh, yeah, thanks so much for- for joining us today.


Safi Obeidullah: [00:58:00] No, thanks for the opportunity. Really enjoyed talking about this. And you know, I think this is a really exciting time in IT. There's so much change. There's so much opportunity for people to think differently about how technology serves the people. Um, and- and that, so thank you.


Garrett O'Hara: [00:58:13] You're most welcome.


Gregor Jeffery: [00:58:15] That's all for this episode of the Get Cyber Resilient show. If you enjoyed the show, head over to getcyberresilient.com, the new online destination for cyber professionals in Australia and New Zealand. We all know the constant battles and challenges of addressing cybersecurity. Getcyberresilient.com is a place that brings together the local cyber community to problem solve and innovate on how we can all be more resilient to the challenges and risks that exist online. Point your favourite web browser to getcyberresilient.com. 

Principal Technical Consultant

Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

User Name
Garrett O'Hara