Chris Peake [00:00:00]:
We cannot ask a customer to trust us and give us their data unless we have the foundation of security in place. And so the more we do to help create capabilities that provide the ability to share information but share it in a safe way, the more that we can build the business and build opportunities for customers to use our product and our platform.
Karissa Breen [00:00:37]:
Joining me today is Chris Peake, chief information security officer from Smartsheet. And today, we’re discussing what’s ahead for cybersecurity in Australia and its impact on businesses in 2025. So, Chris, thanks for joining, and welcome.
Chris Peake [00:00:55]:
Thank you. Yeah. Thanks for having me. Looking forward to it.
Karissa Breen [00:00:58]:
Okay. So let’s start right now. So, obviously, at the time of this recording, it’s relatively new into the year. So maybe what’s in your mind for 2025? What do you think lies ahead? Keen to really hear your thoughts.
Chris Peake [00:01:11]:
I think I have to start with artificial intelligence. There’s just so much going on right now in the space and across all technologies and environments. So I think that’s just gonna be a a really exciting space. And and obviously, I I stayed focused on the security side. And so I see both some challenges that might come with the onset of of artificial intelligence, but also some great advantages. So, you know, thinking of things like there’s gonna be a lot of potential attacks that evolve using artificial intelligence. We’re already starting to see some of these things come about with more sophisticated phishing campaigns and that kind of thing. But also, I think there’s gonna be some amazing advancements to help us address security challenges We’re using using AI and and and agents and all kinds of technologies that are coming out now.
Chris Peake [00:01:55]:
So I think that’s gonna be one of the top things that I think we see in 2025 coming forward.
Karissa Breen [00:02:00]:
Okay. So there’s a couple of things in there. You said challenges. I’d love to explore that. And then once we do that, I’d love to then flip over to talk about, you know, how AI can be leveraged, like you said, like agents, etcetera.
Chris Peake [00:02:11]:
With any new technology, especially in in the security field, you know, we’re gonna start seeing how the adversaries, the attackers are gonna start leveraging these things. So as I mentioned, the phishing’s gonna be one of those first ones that we’re seeing arise. The quality of those phishing emails are getting better because they’re able to use technologies to to very to target individuals or organizations. You know, the deep fakes, we’re already starting to see to see some of the deep fakes out there, but also researchers are now proving that that AI can actually build code to exploit vulnerabilities to known vulnerabilities. I think the time to attack is gonna shorten significantly once once we start seeing adversaries use those technologies to build and craft their attacks or use vulnerabilities. So I think that’s the challenge space that I see.
Karissa Breen [00:02:55]:
And just before we sort of flip over to the other side, you said time was shortened in terms of attack. So, I mean, depending on what attack, some of these time frames are relatively short already. So now we’re even increasing and putting the, you know, the proverbial, you know, gas on the fire. What do you think that’ll look like now with leveraging AI? And like you said, like, people who don’t even understand technology can, like, build code themselves, etcetera. So how I mean, I know it’s a bit of a hard question to answer, but, like, what what are those sort of times that have increased? Like, are we talking, like, seconds, milliseconds, minutes?
Chris Peake [00:03:29]:
You know, think of if we take just the phishing scenario, you know, think of how much easy it easier it will be to target a variety of people simultaneously or very quickly bounce from one type of phishing attack to another. So that time delay in terms of how long it takes to craft certainly is going to get much shorter. And in some cases, as you said, it could be could be minutes or even seconds to pivot from one attack to another or to to use bots and other technology to to blast things out across a wide spectrum of targets. So in other cases, and that reference I said about, you know, researchers being able to use AI to write code to exploit vulnerabilities, you know, as the technology gets better, it’ll be very quick. Already we’re seeing developers, you know, just write code and very quickly be able to script using artificial intelligence. So I think as the as the adversary community starts adopting these, we’re gonna see that that time window close for some of the attacks as well.
Karissa Breen [00:04:27]:
And then I know, unfortunately, depending on, you know, which mainstream media or certain media outlets sort of position AI or artificial intelligence more specifically in a bad way. But on this show, people like yourself come on here and really talk about the good things that it’s doing. So I always wanna look at both sides to ensure that it’s well balanced and there’s level of neutrality in terms of the questions that I’m asking. So I’m really curious now, from your perspective, where do you see the the advancements with AI and security teams, etcetera, given the the role that you’re doing today?
Chris Peake [00:04:59]:
Yeah. Yeah. And that there’s absolutely a flip side to this. The technology and artificial intelligence is gonna be a huge help. For example, we’ve already seen how the language models are able to take natural conversation to help search through a large amount of information. We know that organizations and vendors and researchers are already looking at how do we search through large amounts of data for, like, security anomalies. So events. So making the job of the incident responder or your security operations center easier by digging through all that information with by by being aided through artificial intelligence tools.
Chris Peake [00:05:37]:
So I think there is definitely a flip side here that we’ll see advancements and that will help the security, the organizations, and the and the folks that are trying to defend and protect. We’ll see advancements there that are gonna help us confront some of those threats that I mentioned just a minute ago.
Karissa Breen [00:05:52]:
So can I ask maybe a rudimentary question? So would you say with where we are today with AI and as you said with the advancements and things, like, evolving so quickly, do you think we’re in a better position today, or do you think we’re in a better position like twenty years ago? Because, yes, like, the, you know, preliminary sort of AI was around, but not to the same sort of level it is today. It wasn’t as ubiquitous. It wasn’t as every the everyday person could use it. What would you say if you were to sort of reflect on, you know, your your career?
Chris Peake [00:06:22]:
Great question. I mean, I I think it’s interesting because the information that we have available to us today in terms of detecting and finding the holes, if you will, in terms of infrastructure. We’ve got great tools to help us find vulnerabilities and detect them across, you know, distributed network. So there’s a lot of capabilities. We have more information than we’ve ever had before. But, but that is also part of the challenge. As I said, I think asking a human to consume all of that information and look for the proverbial needle in the haystack is a really tough job. And so I think we are better equipped today than we’ve ever been to address attacks.
Chris Peake [00:07:01]:
But again, that that challenge is is that they’re the technology is being used against us in some cases, you know, with with the adversary.
Karissa Breen [00:07:08]:
So I’m trying to focus and maybe go into this a little bit more around security vendor and their tools. There’s a lot of them out there. I’m really I’m at the coalface’s industry, and even I get confused sometimes around, you know, delineating between one vendor to the next. So you said before, there is a lot of information. Now I know that, you know, the buyers have changed. They like to do their own research, etcetera. It’s not sort of how it was, like, ten, fifteen years ago because the information is more readily available than it was, obviously, as you know, ten, fifteen years ago. But with the whole, like, vendor community and the tools, where do you think that then sits? Because, I mean, I’m speaking, you know, internal CISOs, and they’re like, you know, we’re going more towards platformization.
Karissa Breen [00:07:51]:
We’re doing a reduction in our tools. We’re consolidating. You would have heard all of this stuff being said and thrown around in the industry. But then every time I look open LinkedIn, there’s like a new vendor that’s out there doing some tools. So do you think people feel overwhelmed, I think, is is probably a given, but perhaps, like, confused around who’s doing what, what capability, the overlaps, etcetera. Like, how does that then sit with you when I ask you that question?
Chris Peake [00:08:16]:
Yeah, it’s really tough. I mean, on one hand, it’s great to see so much innovation in the security space. I mean, it’s fantastic. But you’re right. It’s a it’s very difficult to keep up. So one of the things that I like to talk about is and you might remember, I think it was a big thing for security teams probably a couple of years ago, maybe five, six years ago. We were all very proud to have our our vendor slide. We had a slide that we would show.
Chris Peake [00:08:39]:
We’ve got fifty, sixty, you know, cybersecurity tools out there that we use to defend our environments and our networks. What we started learning was we couldn’t get the true value out of all of those products. They we couldn’t actually keep up with maintaining them and configuring them and honing them so that we could use them effectively. And so now the way I like to look at it is the the ecosystem is actually more about the partnerships that the vendors have amongst each other so that we actually can use the products more efficiently as a team. So, you know, for example, it’s Marchheet. We don’t have a a huge team, but we have a big job. We have a lot of cloud environment that we have to protect. We have a lot of customers we have to protect.
Chris Peake [00:09:20]:
So I’m really dependent upon the relationships that our vendors have with one another to help me do and my team do the job that we need to do in order to protect customers. So I think that what the the real pivot that I’m seeing is the collaboration among security products, among those companies to build capabilities that work together. And that’s why I call it this ecosystem. I think that as this ecosystem evolves and we get pull those capabilities closer together, that we’ll we’ll start seeing the real power of how multiple tools kind of fit together to fill all those gaps and address the overall, you know, cybersecurity challenge of how we’re addressing the threats.
Karissa Breen [00:09:59]:
Would you also say that vendors are more willing to sort of work together? They don’t see it as, like, a rivalry, or they don’t see it as, like, a competition. Are you seeing more of that in terms of camaraderie between the vendors working together?
Chris Peake [00:10:13]:
I do. I do see a lot more collaboration, and there’s a bit of coopetition. You know, that that idea that there’s collaboration and competition among some of the vendors. But but overall, I think they realize that the space is now so big that they can actually focus on a particular area, leverage capabilities of another product to to to be married together and to provide to provide better overall value to a customer. So I see a lot more of that collaboration happening today.
Karissa Breen [00:10:42]:
So at the top of the interview, I sort of introduced what we’re gonna be discussing today, and part of that was impact on businesses in 2025. So I wanna sort of go into this a little bit more. So when you say impact, what do you mean by this?
Chris Peake [00:10:58]:
Yeah. Impact, you know, similar to how we were talking about artificial intelligence, there’s a there’s a positive and a negative side of it. And I think typically in security, we we like to think when we say impact, we’re thinking of the of the more negative connotation, meaning if if there’s a security incident or a breach, yeah, this is an impact to the negative impact on a business and a negative impact on the data and security. But impact also can be a positive thing, meaning security can be a business enabler. So many organizations, if you think, you know, again, we’ve for the last, what, maybe call it ten years, we’ve been going through this thing that we refer to as a digital transformation, meaning basically every business has had to take more of their processes and more of their procedures and digitize their systems to make them more effective and efficient. As we’re doing that, the security has to come along with it. And so if we secure these capabilities, secure the systems in a way that enables businesses to use them more comprehensively throughout the business, you know, protect the critical information, then actually security can can enable that business to do more and be more effective and efficient with whatever their their goals are and whatever business is focused on. So I do think that impact has that still that same, you know, traditional sense of, you know, boy, a cybersecurity incident could be massive impact to a business, to a brand.
Chris Peake [00:12:21]:
But I like also this flip side of it that that it can be really a positive thing as well.
Karissa Breen [00:12:26]:
Okay. So people in the industry do talk about business enablement. Do you think, though, in your experience with your role, do you think executives think that, though, or do they just think that I’m just spending a lot of money on this security area? Yeah. And I ask that only because that is that can be the talk track of the reality of some of these people that don’t understand it. So it’s more so to understand from your perspective how that sits with people. Because, again, we’re in security. We’re always gonna think it’s, like, the most priority, but then everyone’s gonna think what they do in HR and finance. You’re gonna think what they do is the most important thing.
Chris Peake [00:13:02]:
Yeah.
Karissa Breen [00:13:03]:
So how does that sort of sit with an executive? Because some people have come on here and really just said to me, Chris, like, well, I’m just spending a lot of money on stuff that I can’t see.
Chris Peake [00:13:13]:
It’s a fair perspective. I but I think, really, that’s the job of the CISO today, to also present security from a frame of reference that that by securing systems, by protecting data, by creating what I call guardrails for an organization, you know, how how users will operate, that it can actually enable the business to move faster. So and even even, you know, in our business, we as I said, we’re we’re responsible for a lot of customer information, a lot of customer data. The more security that we can provide and enable folks to use the product and the platform more freely across multiple use cases, it actually helps their business, which helps our business. So I think it’s it is a big part of the of the CISO’s role today to be able to talk with executives about how security can be beneficial for the organization, for the business.
Karissa Breen [00:14:00]:
So what would you say CISOs in your experience are doing well when they’re communicating with their executives around the whole business enablement thing? So I know again, I’ve interviewed people that have said, you know, people historically haven’t done a great job at this. They can’t they’re really good at explaining it or, you know, building trust perhaps. So is there anything you can sort of share?
Chris Peake [00:14:23]:
You can you can tell the security programs that are successful at this because they tend to not have challenges with getting funding from the board, with getting support from executives, with getting partnerships from earned internal stakeholders. So you you can kinda tell where where it is successful because you can see these programs start moving even maybe even faster than peers. But I think it’s really about trying to explain, you know, the the context for the threat that we’re operating in and how security can actually by by providing as again, I’ll use that term guardrails by protecting information in a way and giving some some controls around how this information will be shared and maybe how it won’t be shared because that’s that’s an important part of it too, that the business can actually move forward knowing with the confidence that the information is being protected at the way it’s being protected. It’s a tough conversation for sure. Not not an easy one, but I think it’s using those opportunities to explain how security can actually help the business. And bit by bit, it grows. It becomes part of just the the common framework for conversation at the executive level.
Karissa Breen [00:15:33]:
Do you think people get caught up in the wrong thing and presenting the wrong facts? And I say this because I I was a reporting analyst back in the day, so I actually used to write the reports for the CISO in a bank who would report into, you know, getting more funding and stuff like that. So that I think this really sits close to me. Would you say that people, like people come out and say, oh, we blocked X amount of threats. Like at the end of the day, I don’t think an executive really cares about that. And so I’ve seen people in my career have focused on the wrong thing, not like they’re meant to, but again, maybe they’ve lost perspective of what the person who they’re talking to, what what they actually care about. So is there things that you’ve seen that has really worked for you, even with within Smartsheet or perhaps previous roles that you think that, yeah, this has really sort of moved the needle internally?
Chris Peake [00:16:23]:
Yeah. I mean, yeah, to use an example, I mean, I I talk frequently with fellow stakeholders in the organization, with the board, with executives about how the maturity of our security program actually unlocks business with customers, for example, because the better security that we have, the more trustworthy our security program is, the more likely we are to be able to bring customers specifically in regulated markets. And you think of all the requirements that the health care and banking and government have, you know, how it opens up the opportunity for more business. And so making it real and saying, in some cases, like, here’s a customer that was very concerned about these things. And because we had these security capabilities that enabled them to expand, you know, in using our our product or our platform. Those are very helpful context and conversations to have at the executive level because it helps translate. Here’s all these very specific things we’re doing in security, but this is ultimately what the outcome is for the business and how it helps us. And that’s when the unlock comes.
Karissa Breen [00:17:25]:
Something I’ve observed recently is I’m an Australian, as you probably tell, but there’s a lot of billboards around, like, near the airport. And what I’ve noticed is banks one of the banks I used to work for, they’re actually now pushing hard around security and, like, where your partner in terms of security. So I’ve seen that in terms of a marketing strategy, which I have spoken to internal CISOs about historically, actually. So I’m starting to see a bit of an emergence on that front. So to your point, do you think that now businesses potentially could leverage how good their security is to market that in order to build that trust with their customers, etcetera. Because as you know, like, we’ve seen so many things happen lately, and people are not as loyal perhaps as they used to be in terms of, for example, a bank. You know, it’s not like you stay with the same bank for the your entire life. People are switching.
Karissa Breen [00:18:15]:
Loyalty just doesn’t exist. So is that something that we’ll start to see perhaps come into play in 2025 and beyond?
Chris Peake [00:18:22]:
It’s all about trust. And so you’re right. You mentioned, you know, that we’re seeing a lot in the news. Like, there’s been some really amazing, in a not a good way, breaches of, you know, the public information over the last couple of years. And that that has a significant impact on not just the organization that was breached, but but the general, you know, public’s perception of businesses who are managing data. So I do think that the more organizations come across as being trustworthy, having controls, caring about, honestly, caring about the information that they have of their customers and or their employees or or just the public, I think that that will start regaining. I think we have to earn it back. Right.
Chris Peake [00:19:05]:
It’s not something that we instantly get, but we have to earn back that trust from from the end users. So I think I think trust is gonna become the thing that we talk more and more about. I don’t think we’re gonna solve it in 2025 by any means, but I think it’s something that is gonna we’re gonna start seeing a lot more of.
Karissa Breen [00:19:20]:
In terms of consumers, one thing that I’ve also observed is depending on which generation, I’m a millennial, but specifically, I think generation z are very focused on companies that are, like, more sustainable, you know, more, you know, reducing their carbon footprint, etcetera. So do you think, like, now consumers are gonna be focused on what company cares about security, would you say, or would you do you think that I’m dreaming in the sense because we’re obviously in security and we care about it? But many people will be more, like, looking closely at what sort of security precautions companies take.
Chris Peake [00:19:54]:
There’s a link for companies that are that are spending time on, you know, environment and talking about that. I think it’s a it’s part of this piece of rebuilding that rebuilding and regaining trust with the consumer because it shows that we care about other things than, well, money. So I think that’s that’s never a good selling point. So the more that we can show, you know, that there’s other things that we’re trying to do, be good, you know, global citizens, all of those things are are gonna be important as the trust. I don’t necessarily see it as a tie, meaning security and, you know, some of the environment things, I don’t I don’t think those two necessarily go together. I think security has to be something we have to show that we care about. And I think, you know, also caring about other things is important. But it’s all I I do think that all of that relates back to building trust with the with the consumer.
Karissa Breen [00:20:42]:
So can I just ask, how do companies show that they care about security? Now I’m going to give you an example. So I’ve seen, like, tiny little font on a website saying, you know, we care about your security or some lock on a website that we used to see in, like, the early two thousands. Like, you would have seen that, and now, obviously, like, that’s still there or, you know, the capture. How do people demonstrate that with it being a genuine we care? You know, there’s someone in marketing that just puts up something, and they think, oh, you know, we’ve demonstrated trust now because we’ve we’ve written something in in some annual report that no one reads somewhere hidden somewhere. So where how do companies do this effectively?
Chris Peake [00:21:20]:
It’s funny because I think, you know, for for both of us being security professionals, I think we will immediately recognize maybe more technical things like, oh, here’s here’s multifactor authentication. So this is a service or system that I’m more willing to trust than than something else. So I do think that users are becoming more aware of some of the technical controls. At one point, I think there was a lot of concern over, is this gonna impact the end user if I add multifactor authentication? If I create another step that they have to go through, is this gonna is this gonna impact the user experience? I I see less of that now. I think, actually, those things are becoming more recognized as value by the consumer saying, Yeah, actually, I know this is sensitive information that I’m putting into the system. I want it protected. And I want some of those guardrails to be at base knowing that my privacy is protected, knowing that my data is going to be secure, knowing that this company actually cares about some, the threat and the attackers that are out there. So I think that the that’s probably the good thing that’s happening right now is we’re seeing some of that awareness from the consumer side, and they’re recognizing the things that probably, you know, us on the security side have have known for a while, but now it’s becoming much more prominent.
Chris Peake [00:22:34]:
And I think those kinds of things, seeing those on websites, to your point, showing that we’re that organizations and products have security controls in place is actually gonna be something that I think consumers start looking for.
Karissa Breen [00:22:46]:
The only thing that was coming in my mind as you were speaking is some services that we just have to use. So whether it’s on our private health insurance, whatever it is, and, you know, some of these things are a little bit arduous to sort of switch because maybe their security is sketchy, for example. But do you think that some companies, they know that they’re so big. They know that they they have consumers. They’re probably not gonna switch. Do you think some of them perhaps gamble on that fact because they kinda know, well, we have, you know, millions and millions of people. Maybe some of them, 10% of people, whatever it is, may get a little bit upset because we’re not doing the best security practices, but because we’re so big that and it’s too hard to move, we’re not gonna pay as much attention. Because I’ve I’ve probably seen more up and coming companies very focused on it, and I’ve seen perhaps large big mammoth beasts not as good, which is concerning, but then I’m like, well, is that because they’re like, well, we’ve got so many people anyway, so if a few drop off, who cares? And the cost of a few people dropping off versus investing a bunch of money into it actually doesn’t doesn’t make sense in terms of our financial outcome.
Karissa Breen [00:23:58]:
Do you see anything like that?
Chris Peake [00:24:00]:
I what I’m seeing actually and and you mentioned that the up and comers, they’re actually using security as a competitive advantage. And so I don’t see as many, I think maybe maybe the larger organizations and products and services, they might be a little bit slower back to something. It’s just because, you know, if you’ve got, you know, tens of thousands of employees, it’s gonna be a little bit harder to coordinate and manage and and maybe be and be innovative and get things out quickly. But I do see that there’s a there’s that competitive nature of other new products coming out, leading a little bit more into I think that, like, for example, you know, pass keys in the adoption, we see that much faster in some of the new products and capabilities coming out as opposed to some of the capabilities that have been out for quite a while.
Karissa Breen [00:24:46]:
Yeah. Okay. That’s really interesting. So I I was on Instagram the other day. I was watching Instagram Reel, and I I was trying to say that I couldn’t find it anyway. I wanted to share it on my LinkedIn. It was just so interesting. There was this random woman that started, like, having a meltdown around.
Karissa Breen [00:25:00]:
I’m sick of passkeys. I’m sick of MFA. I don’t care. I don’t care if my account gets sort of, you know, breached. Like, I’m sick of it. Like, why are these people do like, she was, like, going nuts. I wish I found I can’t find it. How do we balance that? Because I get it.
Karissa Breen [00:25:16]:
We’re trying to keep people safe, but then again, it creates friction. People hate it. You know? They they don’t wanna use these things because, you know, maybe, you know, it they they don’t know how to manage these things effectively, and then they don’t want to install two FA or MFA, but they have to because it’s a requirement. How do we find that balance?
Chris Peake [00:25:37]:
I get that too. You know, there is frustration. And and with any new, you know, technology like the passkeys, I know there’s plenty of frustration around. I just don’t quite understand this yet, so I’m not sure I like it. But I do think that the security professionals understand the risk that’s out there. And so I think by forcing the issue a little bit by by pushing, you know, the consumer, by pushing the end users to use these capabilities. Even though there there might push back a little bit, it’s actually the right thing to do to protect them. So I know some of the services and some of the peers that I’ve talked with now, like, doing things just kind of staying with this multifactor authentication theme for a minute, you know, starting to enforce it when they know that, an end user has put sensitive information into their service and saying, you know what? This we know you just put in a sensitive information in here.
Chris Peake [00:26:29]:
We want to make sure that it stays protected. We’re gonna force you to use multi factor. And that’s that piece where I feel like that’s where the trust comes from. And the user may not notice it upfront, but if there is another breach of some other data, they’ll be like, oh, I see why it was really important for me to protect this information. It may not be upfront that they that they appreciate and respect it and and trust. But I do think we we, again, in the field, we understand the threat. We understand the attacks that are out there. We understand the risk that users take every single day that they’re on the Internet and exposed.
Chris Peake [00:27:01]:
So so trying to be more thoughtful and protective, I still think is the right thing to do and will pay dividends at the end.
Karissa Breen [00:27:08]:
So one of the analogies that I was drawing upon when you were speaking, as I think in Australia, it was, like, late late eighties, early nineties. They enforce that if you’re riding a bicycle, you must wear a helmet. If you’re not, you’ll get fined if, you know, someone catches you, for example. Now obviously, that is because of the risk. Right? I’m just trying to draw an analogy against what you’ve just discussed. So, again, like, people are like, oh, it’s dorky. I’ve gotta wear a helmet or whatever it is. Right? But, again, it was saving people’s lives.
Karissa Breen [00:27:32]:
If they fell over, they hit by a car, it’s gonna protect them. Do you sort of think that there’s gonna be a little bit of people that get a bit upset? Like I mentioned, the lady on Instagram losing her mind, But, eventually, people are gonna just gonna say, well, I kinda get it now because, you know, as we this year, but beyond, there’s gonna be more and more breaches, etcetera. Yeah. So people will sort of just adapt to this is just how it is now. So, like, here in Australia, you know, you probably get the occasional couple of people that sort of don’t like it, but majority of people are okay with it because they understand it’s for their safety. Do you think we’ll get to that stage in, you know, in this space?
Chris Peake [00:28:06]:
I do. I do. Yeah. I mean, yeah, the analogy, the the helmets for motorcycles, the seat belts in cars, you know, ask anybody that’s that their life has been saved by those things. They have a complete and total appreciation for those things. And and, obviously, I don’t wanna go too far down that analogy because, you know, security isn’t quite the same. But but the reality is is there the there’s significant impact individuals when their their privacy, their information has been breached or stolen, their financial information, or just their their data is exposed. So I think, you know, as more people feel the impact of these things, then that that kind of tide will change.
Chris Peake [00:28:46]:
We’ll start seeing people with the adoption of motorcycle helmets and seat belts. We’ll we’ll see an appreciation that this is actually just necessary because there is inherent risk.
Karissa Breen [00:28:56]:
So now I wanna sort of flip over and talk about we sort of discussed at length around, you know, security and, like you said before, competitive advantage, etcetera, security enablement within organizations. But you sort of talk about security being the foundational aspect of a business strategy. So walk me through your thoughts here.
Chris Peake [00:29:15]:
Yeah. I and and I guess I come from a perspective of where security is foundational to the business that my company is in. And because we we are responsible as a cloud service, we’re responsible for protecting customer information. And so it does have to be a foundational component to not just the security program, but to the business itself. So the things that we do to secure the cloud environment, to protect our even our corporate environment, the products and capabilities that we put into our platform, all of those things are necessary in order to do to do business, essentially. I mean, we cannot ask a customer to trust us and give us their data unless we have the foundation of security in place. And so the more we do to help create capabilities that provide the ability to share information but share it in a safe way, the more that we can build the business and build opportunities for customers to use our product and our platform.
Karissa Breen [00:30:19]:
And then you also talk about integrating security across all operations. So, obviously, you know, finance, HR, etcetera. How do you do that effectively? In that way, everyone’s sort of on the same page.
Chris Peake [00:30:32]:
Well and it’s not necessarily the same for every function. I mean, I think, you know, we we’re seeing a lot of attacks against organizations specifically to get money. Right? Cybercrime is is down the rise from a financial perspective. So organizations being targeted with social engineering campaigns to try and get somebody to, you know, purchase a bunch of gift cards, for example. We’re seeing a lot of those things. So it’s about making sure that that security can appropriate security controls for each function of the business are are applied to protect that specific function. So that I you know, you talk about finance, but just just the same way this past year, we’ve heard about in HR and recruiting, having people impersonate, you know, legitimate users, but actually, in fact, being, you know, hackers themselves. So I I think there’s a there’s a whole new method of operating that impacts every part of the business that we have to look at from a security lens.
Chris Peake [00:31:30]:
And so it’s about not applying the same security controls to the entire business, but looking at every part of the business and making sure that the appropriate controls are in place.
Karissa Breen [00:31:40]:
So recently, in a few in the last few years, we’ve had that these major breaches in Australia, which you probably heard about. And some of the commentary online that I I read, etcetera, was like people were saying, oh, well, my data’s already out there, so who cares now? So do you think people are becoming desensitized because they’re like, well, I wasn’t in that other breach, and, oh, well, it doesn’t matter now. I mean, like, in some of these breaches, obviously, we’re quite like they’re like medical records, for example. So it wasn’t just, you know, your name and your email or etcetera. So how does that then sit with you? Do you think people like, companies are gonna be saying, like, you know, we obviously care about data, and, oh, then a breach happens. But do you think that people are getting to the point that it doesn’t impact them as much?
Chris Peake [00:32:23]:
I do think that there’s a bit of the the surprise is gone in terms of, you know, we we see that there’s been another, you know, million records released or something like that, and and it doesn’t quite have the same impact or shock that it first had. So I do think there is a bit of we’re getting a little bit desensitized because it’s happening so frequently, And we’re also, you know, not holding a grudge as much on brands. So if if one company or organization had a breach, we don’t hold it against them for for as long as maybe we did when we first, you know, saw some of the early breaches back years ago. So there is a bit of that. The as far as the concern around data, though, I think there’s probably a couple things that are happening. I do think we’re putting a lot more information that’s personal to us out in social media. So on one hand, we’re freely sharing the information ourselves, but we also don’t want it abused. So, obviously, you know, throughout Europe and a lot of countries are developing their own privacy laws to specifically protect, you know, citizen rights, you know, as it comes to the the use and or in potential abuse of their information.
Chris Peake [00:33:35]:
There’s a bit of a balancing act to this. So I don’t I don’t necessarily see that people are getting used to the idea of their information being abused. I see still quite a bit of concern there. But maybe maybe, you know, not quite as shocked that when we do see these these significant breaches happen that we’re surprised that it happened. It’s more of a realization that what I’m hoping is that folks realize that the that the risk is is very prominent and the threat is is prominent.
Karissa Breen [00:34:04]:
Yeah. That’s interesting because it’s just obviously, I’m doing research and stuff online for my job. I’m noticing that from people. And I like to look at all angles and I just like to focus on what a security person thinks like, you know, an everyday sort of person, like what do they think about? What do they care about? Because these are ultimately the customers that, you know, people like Smartsheet, but also other businesses out there that they’re dealing with. So I think that that I think that’s a really good point. And then in terms of if you were to zoom out with, you know, 2025, as you know, we’re new into the year. But is there anything else that you I know we spoke about AI, etcetera, but what else do you think will will come up in terms of on the horizon for 2025?
Chris Peake [00:34:43]:
I think it’s gonna be a year of a lot of innovation, and it and it’s it’s gonna be hard to qualify that because I feel like, you know, prior years have also seen a lot of innovation. But it’s interesting the the spark that AI has started. And and, admittedly, I think in that you I think you said it earlier. You know, machine learning has been around for a while, and and we’re kind of flipping. I see a lot of organizations of products, you know, kind of changing that machine learning language to AI. And so now it’s it’s looking like everybody’s doing AI when in fact, a lot of organizations were doing machine learning for quite a while. But the spark of innovation is pretty impressive right now, and the speed at which products are are being released in the technology is is pretty impressive. So I think I think 2025 is gonna be another year of of just impressive innovation across the technology space.
Chris Peake [00:35:37]:
I hope that translates to a lot of very useful capabilities that people will adopt in their daily lives. And I’m I’m seeing that already. I think again with with the AI and how people are using chat g p t and other capabilities, just in the consumer space and daily life. So I think that’s gonna be really interesting. And and I think it will shape, you know, maybe some of the the jobs and and we’ll start seeing how that’s going to impact how people look at, you know, career fields, for example, and and what they wanna do professionally. So I think, yeah, I think in general, it’s just gonna be a very interesting time.
Karissa Breen [00:36:11]:
And, Chris, do you have any closing comments or final thoughts you’d like to leave our audience with today?
Chris Peake [00:36:16]:
I just think that the more folks can lean in on security, learn it, use AI to learn more about it, you know, the better equipped we’re gonna be. There’s a lot of of risk out there, but I think the more informed we are, the better off we are. Maybe that’s my final thought is just to, just to hope that folks hear things like this and and dig in a bit deeper.
