The Voice of Cyber®

Episode 116: Shinesa Cambric
First Aired: July 06, 2022

Shinesa Cambric (CCSP, CISSP, CISA, CISM, CDPSE) is a Cloud Security, Compliance, and Identity Architect with strategic expertise in technical design and implementation of security architecture and controls. Her experience includes designing identity management and governance solutions for cloud-based platforms, building insider threat programs, and providing unique subject matter expertise on the intersection of governance, risk, and compliance with IT and application security. 

As a Principal Program Manager within Microsoft’s Intelligent Protections team,  Shinesa currently focuses on architecting solutions for global organizations to identify, detect, protect, and respond to threats against identity and access. She is a task and certification content advisor for CertNexus and CompTIA, on the content review committee for Cloud Security Alliance, and her work has been included in global IT industry forums such as SANS, ITSPMagazine Podcast, RSAC, BrightTALK, Secure Software Summit,, and Plan4Privacy.  As an active mentor, she volunteers with several organizations, including as the training lead for the Dallas chapter of Women’s Society of Cyberjutsu.  Shinesa is an active member of several other organizations, including Cloud Girls, Women in Cyber Security (WiCyS), ISACA, ISC2, Information Systems Security Association (ISSA), International Association of Privacy Professionals (IAPP), and AnitaB, and serves as an occasional host for the OWASP DevSlop YouTube and Twitch show.

Help Us Improve

Please take two minutes to write a quick and honest review on your perception of KBKast, and what value it brings to you professionally. The button below will open a new tab, and allow you to add your thoughts to either (or both!) of the two podcast review aggregators, Apple Podcasts or Podchaser.

Episode Transcription

These transcriptions are automatically generated. Please excuse any errors in the text.

Introduction (00:13) You're listening to KBKast, the cybersecurity podcast for all executives. Cutting through the jargon and hype to understand the landscape where risk and technology meet. Now here's your host, Karissa Breen. Karissa (00:28) Shinesa, welcome to the show. You are joining us from the United States as people will be able to tell by your accent. I'm really excited to have you here today because when we spoke initially, we're going to be covering a really cool topic. And I think probably since we spoke, it's becoming really prevalent in the media and the news at the moment. So I definitely think a lot of people are going to get a lot of value out of this interview today. But before we get into that, we always like to start our podcast off. We're talking about you and your professional journey, so please walk our listeners through where you started and where you are now. Shinesa Cambric (01:06) Well, first I want to say thank you for having me. And again, yes, I am from the United States, and I appreciate the opportunity. My name is Shinesa Cambric. I have been in the IT industry for over 20 plus years. I'll try not to give my age away here. I've had the opportunity to work in a wide range of industries, which includes retail, consumer goods, aerospace, and technology. And I'm currently a product manager with Microsoft, working in our Intelligence Identity Protection Division. Working on emerging identities. Karissa (01:37) Wow. Yeah. So this is what I really want to get into today. All right, let's jump into it. So people obviously know what matter is, or they've heard of it. I think it depends who you speak to. I think people are still very taken aback on what it is, what it means. But you spoke just before about the emerging identity, so I'm really keen to explore what it is first and foremost. Shinesa Cambric (02:04) Yeah. So emerging identity to me is all that fun stuff. When you think about the digital world in the past, identity was like this physical thing. So maybe it was a document that had your name and some ID number or a badge, and then now it's things like IoT devices, even with smart cities in cars and even your appliances in your kitchen. All these things have some type of identity when it comes to the digital world. And so how do we protect those identities? How do we make sure they're not being used in a malicious way? Karissa (02:37) Okay, let's go really back. How do we get an emerging identity where we are today? I was speaking to someone recently and they're like, oh, we're using a firm to get us onto the Metaverse. And all this crazy talk, like all this crazy conversation. I spoke to a lady the other day and she was overseas, and she's like, oh, like, in the future, you and I could go to Subway, sit in subway on the metaverse and have this conversation. And I think that I'm in this space, and it's, like, blowing my mind, so I can just sort of put myself in the shoes of other people. But what does this actually mean? What does it mean for us moving forward? Shinesa Cambric (03:17) Yeah, so it's this whole evolution, again, of who you are when it comes to an identity. So there's this physical piece of you, but then in the future, there's going to be this virtual piece or this augmented piece of how you experience the world. Some of that will be tied to the physical world, and some of that will be part of just this whole digital immersive experience where you get to build this avatar of who you want to be and how you want to present yourself to other individuals. That avatar may be something that does represent you in real life. Like, it looks like you and talks and walks like you, but it could be something that's totally different. I'm here in the United States. I can make an avatar that sounds like I'm from Australia. In the future, one of the things that my team is invested in is how do we make sure that people, when they go into these digital worlds, that they can trust the identities that they're interacting with, that there's some fidelity? And when I think about identities, it's not just individuals like me and you as people. There's also identities of businesses. Shinesa Cambric (04:24) When you go to the Metaverse, like, when you interact with those businesses, how do you know, for example, you work with Chase Bank? And how do you know that's actually Chase Bank that you're operating with? Maybe this avatar comes up and says, we found that there's been this fraudulent transaction on your account within the Metaverse, and you start to respond to this individual. How do you know that truly who you think they are? And that gets into the heart of why I get so excited about what my team does. Karissa (04:54) Yeah, but this is where it gets wild, right? Like, I mean, there's so much in there, what you just said. Okay, let's start from how do you know or verify or validate someone is from Chase Bank? How do you do that? Because it's going to get so convoluted. Like, if there's not a real way now, I can explain why. So, for example, which I think I'm probably going to ask you anyway, but there's a way of validating, like, human identities now, but now we're introducing more complexity, and people already have security problems now I feel like we're going to have a lot more problem on our hands moving forward into this new digital sort of atmosphere. Shinesa Cambric (05:34) Yeah, and I would agree with that, especially if we don't get in front of some of the things that we see could be problems. There's this whole philosophy around Verifiable credentials where there's a standard about digital credentials and there is an organisation that will be able to say, we've vetted this identity and now you can trust who that identity is. So looking at some safeguards that way, one thing it doesn't necessarily touch on, at least not as strong as I think it should, is Verifiable credentials for those businesses identities. And then also if you think about things like bots and those IoT devices and machine identities, how do we vet those type of identities in the future? And so, again, coming back to some of the work that my team will be doing is coming up with what's that kind of run rule when it comes to this. And one of the other things that kind of concerns me is that if you think about all the individuals who will be working in these digital environments, there is a wide range of individuals who start off as digital natives. So you think about young children who are born with technology and they interact with technology from day one. Shinesa Cambric (06:46) And then you have older citizens who have grown up with this concept of physical identity and understanding what a physical identity theft is. But how do you translate that to digital identity theft and helping them to stay protected? Karissa (07:01) So, breakdown, how does that look when someone steals your digital identity? Shinesa Cambric (07:07) Yeah, so one of the interesting things there is that I mentioned about this Verifiable credentials, but then also in the future, as we think about the metaverse and how those things will work, it's a decentralised concept. So you own that identity that's going into that environment, and should you lose your password or your way to authenticate, that's gone. Karissa (07:30) Wow. Shinesa Cambric (07:31) And I think about people like my mother who goes to Facebook, and she probably has four or five accounts because she's lost her password and had to reset that all over. When it comes to this whole digital identity in the future, and you own it, you have this one centralised identity or this one ownership of identity, and you lose the rights to that. How do you reset that? Who is the authority that you go to to say, I really am me at that point? Karissa (07:59) Wow. It's exactly what I was thinking as you speak about your mother thinking people hopeless now. Okay, so who has that authority? Shinesa Cambric (08:08) No one. Basically, right now, no one has that authority. Going back to the Verifiable credentials, there will be these organisations who will help to assert who an identity is. But one of my fears or concerns there is that's going to be one of our new attack vectors. So if we're trusting these authorities to vet individuals, then that's who attackers will go after to start assuming identities and start impersonating other individuals. Karissa (08:35) This is getting really crazy now. So who are these authorities? So if I go back a second do you think companies like Meta have thought this through? Like, who's going to manage this stuff? Because even the best of people, things happen. They lose things or whatever it is. So imagine that you've got two ends of the spectrum, someone who's really good at all the stuff, and then someone who's pretty hopeless and forgetful. How is this just going to work there? Like, have companies not thought this through, perhaps? Shinesa Cambric (09:05) Well, I'm hoping that other companies are thinking through this. Again, I work for Microsoft, and that's basically what I do is think through what is this new future going to look like and how do we protect individuals? And I'm assuming other companies are as well. One of the interesting facets, though, is that this space is moving so quick, and we know today that when it comes to security is always left behind. So how do we make sure security is in the forefront and not in the background when it comes to these type of things? Karissa (09:35) So how do we ensure that security is at the forefront and not in the background? Shinesa Cambric (09:39) Yeah, so to me, it's education and making sure that people are aware of the consequences and the impact of this new digital society as we move into it. When you become the sole owner of your digital identity, what does that responsibility look like? And understanding that there is no authority that can now reassert who that digital identity is, being aware of things like social engineering and spoofing attacks, and I believe those are things that will become even more prevalent, especially the social engineering, as we move into this whole digital society that individuals, either themselves or through machine learning and AI, will learn those things about you that will allow you to put your safeguards down. And so once you've put those safeguards down, that's an easy way in for them to steal information from you. Karissa (10:35) So you spoke about education, so I totally agree with you there. One of the challenges that I sort of foresee is people don't get stuff now, like really basic stuff. And I granted it's not their fault, it's not the area. I kind of understand why. But then I think if I zoom out, a lot of people still don't understand this digital world, Meta, all of that. I don't think people are even there yet. So how do we get them past that part, the first hurdle, and then onto all verifying your identity. Oh, and then if you've got a business that creates a new set of verifiable credentials, like, how does all that sort of look? And how long will it take to get people to adapt to this stuff now? I mean, if you go back to when the Internet came out for consumers or the PC came out, it was a new thing, and people were saying like, oh, you know, the Internet is not going to be the next thing. And it was so I guess there's still that conversation whether this will be the next thing. But then how do we get people to that stage where they understand this concept and then they then understand that they are responsible for their digital identity? Shinesa Cambric (11:50) Yeah, I think we'll have to start at the basics. Well, there's actually two things starting at the basics, and then I believe that fortunately, or unfortunately, however you choose to think about it, that there's going to need to be some standardised laws and regulations when it comes to this whole metaverse experience. So going back to the basics for individuals, we need to help them associate the security of their digital identity to something that everybody pretty much understands, like you wouldn't give everybody on the street a key to your house. So helping individuals understand, you don't give certain digital information away to people that you don't know, that you don't trust, that you have not been able to verify, and then also being on their guard because this individual, this avatar, may seem like it's me, but how do you really know? And so until you've gone through some channels to build up that trust, then keep your guard up and then going back to the laws and the regulations, right now, it's kind of what I would call a Wild West when it comes to the thought and how this metaverse operates. Right. Anybody could pretty much do their own thing. Shinesa Cambric (13:06) So how do we make sure that there's standards when it comes to security across these different platforms? And how individuals, as they migrate through these different platforms, they can feel a sense of trust or they can recognise and say, this looks suspicious. Maybe I need to back away from here. Karissa (13:23) So do you know if the United States government is looking into having laws and regulations around this? Is this something that they're taking seriously? Is there something in place? Like, how far away is this? Shinesa Cambric (13:35) To be honest, I feel like we have a ways to go. Recently, within the United States, there was some executive orders in terms of digital currency, but that's different than saying this whole digital metabolic world. So we're making steps to start looking at how we standardise things and how you build in some security controls. But I think we still have a long way to go. I believe people still feel like this metabolic concept is so far out there that it's going to take a while to get there. But in reality, if you think about gains and things that we've seen in the past, even Sims, which has been around for a very long time, that's a form of metaverse. So it's really not that far off to think that we're going to move to a more immersive society. Karissa (14:26) I love The Sims. I think it's during Covid, I purchased Sims 4. Oh, it's so great. Okay, so question, if you had to just take a guess with your experience, and what you're doing day to day. How far are we away from this? Like, focus on the US. Maybe not Australia, because we're a lot further behind than you guys. But I'm just curious to know, do you have any sort of indicative sort of timeline? Shinesa Cambric (14:53) This is just my personal gut feel, so don't attribute this to any employer or anything like that, but I would say a year to two years, you'll start seeing more about this. We're already seeing individuals put on concerts in the Metaverse. Right. There's already ways for you to operate within your company to meet together in the Metaverse. So it's not really this foreign concept anymore. Karissa (15:18) Wow. So question, do you think it depends on who you ask, but from your opinion, will we just abandon our physical identity? Will we still go out? If I want you, some friends, will I still go and meet them out? Or I won't do that anymore? I'm curious about the behaviour. Shinesa Cambric (15:42) I believe there's going to be a mix of behaviours. There's going to be some individuals who are so immersed in this new digital world that that's where they like to be, that's where they want to stay, that's where they've built a life for themselves and where they connect with individuals of, like, mind. And then there's going to be this other set of individuals who prefer this physical experience and you kind of see it in the working world today, right. Where a lot of companies have given this hybrid approach where you can come into the office or you can work remotely and there's a mix of people who take either side. Right. So I believe this whole digital experience is going to be that same way. But at the end of this, we still need that human contact, so I don't think that's ever going to fully go away in either regard. Karissa (16:33) Well, I ask this because so many doctors out there are saying that loneliness has really impacted people. So if we're at home and they're on the menavers, it's kind of like, I get the theory you're around people, but you're not really, like, physically. And then the other thing is we all sit down at a desk for so long, so we have like, back problems and neck problems, which is a problem. And then if you're just sitting down in the meniverse, like how you exercise, you say, won't your physical health go a bit downhill? I'm just curious about how does that work then? Shinesa Cambric (17:02) Yeah, there's a mix of experiences there. There's this augmented reality where it's you, you're moving your body parts and you can see this as part of this immersive world. So there's the ability to exercise and do those types of things. I think you can even see that in some exercise devices today. Like, there's this thing called the mirror, and you can see yourself actually working out within this mirror as an avatar. So that's going to be available to people. Karissa (17:35) That's just so weird, though, don't you think? Shinesa Cambric (17:38) Well, I think it's weird to people that have grown up a certain way. And I go back to these different age ranges and people who are digital natives. I have children and they've grown up and basically had devices for a very long time, and so this is not weird to them. They fully understand this. Karissa (17:58) I get that. I mean, I'm a millennial, but this is just next level. So you're saying I potentially in two years when we follow up on this, I was like, Hey, Shinesa, I was just doing a workout in the metaverse but I don't look like me, or I could look like me, but I look like someone else. Is that what you're saying? Shinesa Cambric (18:21) That is possible today. Karissa (18:23) Then I feel like people are going to be deluded then, because they're going to be like, oh, I look like a certain way in real life, or RL, and then I go on the Metaverse, but I look completely different worrying. Shinesa Cambric (18:37) And that's why I feel like you'll have two schools of people, right? Because there's going to be these people who have built up an image and a life for themselves in the Metaverse. It's totally different from the one in real life. And so they're going to prefer this digital image of themselves and stay there. Karissa (18:55) Wow, okay. So then which world is real? Shinesa Cambric (18:58) I guess the one in your head. Karissa (19:03) But that is so confusing then. Shinesa Cambric (19:08) That's a potential side effect, right? Some people may get confused of, like, what is really reality for them. Karissa (19:15) Well, that's where I was going with this. I remember years ago, I was reading something and I mean, you probably know this. Younger people playing these video games, violent video games, which is obviously online, and then they would obviously take that same violence approach to the real world. That's what I mean by that. People a bit deluded. Then it's like, okay, well, I can do it in the video game, but now I can't do it in real life. Can't just go and kill someone. Like, there's consequences. How is that going to go down? Shinesa Cambric (19:44) Yeah, so I think for those who have grown up fully in this physical world and understand consequences of what happens, we need to make sure that those who grew up in this digital world understand that as well. That you can't take these things that are simulated and they don't necessarily have consequences in a digital environment where people don't necessarily die and you can't take those activities and those behaviours and put them in a physical environment. To be honest, I believe there's probably going to be a lot of mental challenges. Again, going back to distinguishing between what's really reality for you. Karissa (20:25) Well, that's a lot. So you just mentioned earlier, anyone can do their own thing at the moment. It's a bit of a Wild West. So is there laws in Australia has a rule of thumb. You can't go and murder someone in any country. Right. You're just not allowed to do that. But you're saying, like, in this metabolism, there's just no laws, no rules. So then how are they going to regulate what you can and can't do? But then it's like, oh, but it's still a digital world, it doesn't really matter. But then it's like people are going to become sort of maybe desensitised to it because it's not the real world. But then which one's the real world, right? Shinesa Cambric (20:59) Yeah. That piece of being desensitised, I think, is important. And for those who are lawmakers, this is going to be a really interesting challenge to say, how do you draw a boundary between what you can and can't do in a digital environment? So we know there's certain language you can't use on certain platforms and things like that, but when it comes to this type of experience, it's almost like a game. Where do you draw the line for individuals? Karissa (21:28) Where do you draw the line? Shinesa Cambric (21:30) Yeah, for me, it's almost like you want to translate what's in your physical world, but then some of that doesn't apply. Karissa (21:40) What do you mean by that, though? Translate from the physical world into this digital world? Shinesa Cambric (21:46) Yeah, so we were just talking about the fact of physical violence, right? So you almost want to say you can't assault someone, but we already have video games where that's exactly what you do, is you're assaulting someone. So how do we distinguish these things? Again, to me, that's going to be a very interesting challenge for lawmakers and policy makers and even individuals for what we want to demand of this experience. Karissa (22:12) That's a dumb question, but, like, in a game, yes, you go and you are salty and killing people. Does that mean you can kill someone on the metaverse? Like, what does that mean? Shinesa Cambric (22:24) I've seen things online where yes, you can do that, where someone who is underage, who technically should not be in an environment like that, can go into some metaverse game, pick up a gun and shoot someone, or pretend like they're drinking alcohol and they're underage. Karissa (22:46) But this is the thing that gets me still the whole pretending that it's not the same, though. Drinking like a gin and tonic in real life is very different to drinking a gin and tonic on the metaverse. Are people that are going to get to the stage where we don't do that anymore, like, wow, this is so crazy. Shinesa Cambric (23:04) Not for me. Yeah, I want to have my drink in real life. Karissa (23:07) I'm just rattled by this, like, sorry, but, like, kids should know that, like, drinking a gin tonic, like, OK, you're underage, I get that. But then, like, it's so much better than drinking a gin and tonic in the real world. Shinesa Cambric (23:24) Well, for those people who want to put on a persona, maybe it is, though, and then this is also an outlet, right, for people who want to do things that they can't get away with in the physical world. They can get away with them in this digital world. Karissa (23:38) Okay, so when you say people that want to get away with things, we're talking about the drinking, like potentially, what, murdering someone comes onto this now even. Shinesa Cambric (23:47) That, I guess as far as you want to take it, to be honest. Karissa (23:50) Right, so there is no boundaries to this? Shinesa Cambric (23:55) Not yet, no. Karissa (23:57) So do you envision someone like online gaming, but there are some people that will game for 24 hours straight and I think one guy actually died because he didn't move. Do you see that happening with people? Shinesa Cambric (24:13) I do, unfortunately, I believe people are going to be so caught up in this immersive environment that yes, that's going to be a possibility. And I don't know if you've ever played around with those VR headsets, but yeah, it could be really addictive. Karissa (24:29) Yeah, I have actually. I played a game with a friend of mine, he's in security as well, and I found it quite heavy though. And then I felt like my legs got so it was a physical violence going, oh my gosh, I had a gun in my hand. But it was actually kind of scary because I actually was getting scared from it because I was like, this is really intense. But of course it was a game and I wasn't delusional in the sense where I thought it was real life, so there was some element of that. But I guess what worries me is the next generation of kids being born, is this all that they're going to know? Shinesa Cambric (25:08) Yeah, and that's the part that worries me a bit too. And you mentioned using this device was pretty intense and for adults that I've spoken to, they all have similar comments. However, if you ask a kid about their experience with these things, they're going to tell you like, how cool it is that it's just like them, this is just like real life for them. So there's a totally different mindset. And so, yeah, to your point, I am worried about the next generation and how do we make sure there are safeguards and there are limits for them. Karissa (25:41) So one of the things I sort of what I'm curious about is going back to verifying someone's identity. So for example, in today's real physical world, if you were to email me at the Blue, I could look you up on LinkedIn and cheque who you are. So that's an obvious way and an easy way to validate, like, oh, she needs to email me from a Microsoft email. Oh, she also works at Microsoft and LinkedIn. But how are we going to cheque if someone's real versus not real versus impersonating someone, how are we going to be able to validate that? Now, you sort of touch on it before, but there's still really no rule of thumb and people are already getting scammed. If you look at Tinder swindler and those types of things in this world now, it's going to be even harder because there's no real way to validate that. So I'm curious to know from a security perspective how that's going to look. Shinesa Cambric (26:37) Yes, and so I want to poke on that a little bit about validating somebody through LinkedIn because we know people already set up false profiles and there are bots and things there. So thinking that right now we already have this issue, it's just going to become even more extreme in this digital environment. And I feel like where this is headed is that there will be Meta versus environments that are credentialed in some way to say we have this standard of security. These are the things that we cheque about individuals who have now set up an account. We won't share all these personal things about them, but we will let you know that we've validated who they are. So I feel like that's where we'll be headed is that there will be this verifiable credential on the Meta side. Let me say Metaverse and that just met at the company. Karissa (27:29) So if you zoom out, I mean, obviously a few years ago, like Mark Zuckerberg was going through all the Senate hearing and getting questioned for a bunch of things. Do you think that places like Metafacebook will feel responsible perhaps from there being issues in our society? Are they going to own some of that responsibility, accountability? Or do you think that they're just so far in it now that it doesn't matter now? Shinesa Cambric (27:57) So I feel like there's going to be a big debate. Like we have this big debate now about freedom of speech and what someone can or should or shouldn't say on a social platform. Right. And so this will just amplify, I believe, that whole debate of what someone should or should be able to do in a digital environment that's not physically impacting someone. Karissa (28:19) Would you say this is going to help curb the trolling? So I think in Australia I feel. Shinesa Cambric (28:26) Like this will get worse. Karissa (28:27) No, well, that's what I was thinking because they're trying to put in rules now, but, you know, trying to police like people saying horrible things, but like how is this going to play out? People can say what they want now because it's hard. It's a really hard thing to sort of we don't want to stop people from prohibiting people from saying stuff. But then if you do that, people then say, okay, well, I can say whatever I want. So it's really hard to put a ring fence around these things. I do get it to struggle, but what's it going to look like moving forward? Are people going to walk around the Metaverse and say, hey, you circle something like that, obviously your worst words are probably going to be used. But what does that look like, considering. Shinesa Cambric (29:12) That people can do that now and in this whole Metaverse, you now have this avatar that may be nothing like you. I believe this is just going to amplify that whole experience of I can do these things and get away with them, that there's no repercussions of me doing this. Karissa (29:30) Yeah, that's a good point. So I guess I'm not going to go out. Yeah, you could do that now, but no one does that, really. Not I don't know. In Australia, I don't really see people doing that unless there's some argument or some bar fight, maybe. But very rarely, if someone's just, I don't know, walking on the street, it's very rare for someone to come up and start just swearing at them, for example. But would you say that perhaps people don't do it because they are attached to this physical identity and then like, Oh, well, yeah, now we've got you on CCTV and now everyone knows that there's an issue with you and we're going to promote that, whereas in the Metaverse, that kind of doesn't really exist because it could look like you, but it couldn't look like you. So it's actually going to create people can hide behind things more than they're hiding behind computer screens today. Shinesa Cambric (30:19) I think you have totally hit the nail on the head in the physical environment. You have all these other individuals who are witnessing you performing this behaviour, so you may or may not feel the sense of shame for doing certain things or remorse about that. In this digital world, they don't know who you are, necessarily. You don't know who they are, so why do you care what they see or what they don't see? Karissa (30:46) Yes, I know, but that's where it gets so, like, are we almost going to not even create this next generation? But even with the people that exist today, is no one going to care for each other? Is no one going to be kind? Is it just going to breed narcissistic behaviour? Because, I don't know, people look like some eight pack dude at the gym pumping all these weights. Like, what is like I'm just curious to know, like, how this is going to play out long term. Shinesa Cambric (31:18) And I'm glad you asked that question because we've talked about a lot of negative things, but I can see that there's a lot of good that can actually come from this as well. Think about people who may not have the ability to travel and now they can immerse themselves in an experience that's like they're in some other country, for example. Think about this pandemic and people having to stay at home. But now you can have this experience where you're gathered together virtually in a classroom or in an environment with other individuals and you get to share that experience together. I mentioned earlier about there are concerts that are happening within the Metaverse now, so you get to experience those things and then think about people who are differently abled, who are challenged when it comes to a physical world, but now they get to experience certain things within this digital world. So there's good that can come from this. Karissa (32:15) So would you say because of the Pandemic, perhaps it's sort of expedited this new world or do you think that it was going to happen around this time anyway? So there's no real sort of rush, there is no catalyst to sort of having this metaverse be launched upon us, so to speak? Shinesa Cambric (32:35) Yeah, there's no question that the pandemic brought this probably a couple of years earlier than it would have been on its own. Again, I'm thinking about with my children and their experience of doing school from home and being online and wanting to be able to interact with classmates, but not being able to. And the metaverse will potentially alleviate things like that. I don't believe the pandemic will ever 100% go away. This whole Covid thing. In the future, there's potential that maybe we see other types of viruses or other types of events that require us to be remote or digitally enabled, so this can be a good thing. But yeah, I think Covid actually did bring this a few years earlier than we normally would have received this. Karissa (33:27) So what are your concerns then from a security perspective with this new emerging identity, but this new digital world, especially because you're working in this space, can you talk through what some of those concerns are? Shinesa Cambric (33:38) Yeah, so a few concerns for me are going back to that when I mentioned about the businesses and when you're interacting with the metaverse and understanding whether or not this business that you're giving money to is really the business that you intend to operate with. Also understanding for people who may be a little less digitally savvy, older individuals potentially, how do we make sure that they understand the safeguards and don't let their guards down when it comes to individuals who may be impersonating a family member or somebody that they trust, making sure they understand that they should question those types of things. And then for me in the business that I'm in today and identity protection, we want to build detections that look at anomalies of user behaviours, understanding the way that this identity is operating, does this match up to patterns in the past? And so not just an individual user's identity or a business identity, but going back to those machine identities in IoT and smart devices and making sure that those things haven't been influenced to do bad things. Karissa (34:51) Wow. Okay, you're both concerned about an individual consumer as well as a business, but which one do you think is going to generate greater concern? Definitely on the business side, would you say? And then how business is going to navigate through this new sort of uncharted borders? Shinesa Cambric (35:11) So it'll be to me like a mix of consumer experience and the business experience. And one of the things that comes to mind for me is the growth of telehealth with the whole pandemic experience, right? And I believe that's going to only continue to grow. And so when you're online and you're interacting with this individual that you believe to be a doctor and they're giving you this guidance and this advice, how do we make sure that that's trusted? How do we make sure that your information that you're giving to them is safeguarded as well? So those are big factors for me. And then from a business standpoint, how do we continue to enforce the mindset of zero trust, which is the buzzword of the day, buzzword of the year, will continue to forever be a buzzword. But it's really something that we need to understand. How do we embrace this in this new type of digital environment? And it really applies not only to businesses but also to individuals as well. Karissa (36:14) So it sounds to me like going back to your doctor example, that we're going to have to really question everything. But then do you think that then sort of as a byproduct of questioning everything to see whether it's valid or if it's true or not true as this person say they say they are, they're going to create like a level of paranoia then? Shinesa Cambric (36:33) Maybe a level of paranoia, but I think also a level of fatigue where people are going to start letting their guard down and say, lava, whatever happens, let me take a chance type of perception of things. And until there's a big incident that occurs in that individual's life, they may allow themselves to have their safeguards down. Unfortunately, it always feels like as you're. Karissa (37:01) Speaking, it's like we're starting a whole new society again. Rules weren't written back then. Back in the day, you look at anthropology, people were staying up at night to make sure no one was going to attack them and then someone would sleep and then you'd swap and then it's like because someone had to have your back. So it kind of feels like that, but it fast forward thousands of years, obviously, but it fell at that end because it's like we don't know what we don't know. We don't know who's out to get us, who's good and who's not good. Whereas in today's world, yes, of course there's always an element of that, but generally you are relatively safe. You sort of know what's right, what's not right. You don't walk down a dark alley at night as a female, even as a male, things like that. But now it just seems like, who knows? There's rules written for really no one or nothing. So just sort of expressing how I see this world. But then it's like, how are we going to navigate this? Who's going to say this is what we can do? Who decides that, like, in our physical world, it's our governments, right? Karissa (38:16) They set the rules and then you've got police and you've got all these other things. But I don't know whether this just seems really like, who decides? Shinesa Cambric (38:26) It's such an interesting statement that you made because really, this is to me, this will be a pivot point. We'll look back in history and say this was a turning point for mankind when we moved to this whole new digital world. And you're right, it's like going back to caveman days where we got to re establish what's the order of how things should happen here. Karissa (38:49) So do you see that as a good or a bad thing then, if we got to re establish? Because I guess recalibrating things sometimes isn't always a bad thing. But are we really starting from a place because we've got so much technology now that we're equipped with a lot more stuff than back in the day when you've got like rocks, so you don't have all this stuff right? I'm just curious to know from a behavioural point of view. Shinesa Cambric (39:20) For me, I think this can be a really good thing as long as people that are in security, industry and industries that think about what the implications can be if we don't do this right, take a stand and say here's where we think best Practise should be, here are safeguards that we think should be put in place and that we're working together to make sure that the right things are being done. Which may mean that you don't get to do whatever you want to do in this digital world, but it's for the greater good of mankind that we don't allow this. So there's going to be some trade offs of that freedom and flexibility versus safety and privacy for all individuals. Karissa (40:04) Do you think privacy will exist in this new world? Shinesa Cambric (40:08) Privacy will exist in this new world. How that looks is going to be interesting. Going back to the example of kids now can go into games and do certain things. There may be age limits to going into certain meta verse environments. And how do they cheque those age restrictions? How do they going back to validating who you are? How do they protect your information that you're sharing with them, but then also let other individuals know that you are who you say you are? So the way that we look at privacy, I think it's going to have to change, have to shift, but it's going into the hands of the individual, which today a lot of that is you as an individual gets to say, what information I want shared with this company, I think that's going to go to the next level even further. So going back to you owning your digital identity, you will also now be able to say, as part of that identity, I'm sharing this information with these different companies, these different met averse platforms, these different individuals. And so you'll be able to look into your phone and say, these are all the people who should have my information, or these are all the companies who should have my information because I've shared it. Shinesa Cambric (41:22) And you'll be able to revoke that information just as easily as a parent. Karissa (41:26) Would you say that obviously now, like, if you want to cheque something or you want to prohibit science from your children, you can do that? Would you be able to do that in the metaverse? Or is it like, no, we don't allow that. Sorry. So how are parents going to be able to, I guess, audit what their children are doing? Our kids five. They shouldn't be sort of exposed to a range of things that exist in the world. Right? I mean, we do that in the physical world. How is that going to look even today? Shinesa Cambric (41:55) There's a bit of a challenge with making sure the young individuals only have access to certain things so they know how to get around those controls. At times. TikTok is a good guide for them of how to bypass those controls. I think that will only grow in the future. And so the only way that you will have certainty of what your children are or aren't accessing is if you have their device and you're with them 24/7. So there's going to be a level of control that the parents are going to have to either let go if they decide to allow their children to go into this metal world, or they're going to have to crack down and basically be looking over the shoulder of these individuals to see, what are you doing? Karissa (42:42) So this is going to become ubiquitous. So if you look at the next ten to 20 years of children being born, is this going to be okay? As soon as you're old enough to walk and talk, you're basically emerged into it. How's that transition period going to be from a physical identity? Like, when you're a newborn baby, you can't even really move. So there's like, obviously not at that stage, but when is it going to be the time? It's like, okay, cool, you're now five or four. You can get to go into the metaverse. Is that what's going to be? Because everyone's going to be in this world then, so it's going to feel normal. It just feels a little bit foreign at the moment because it's not a thing right now. But how quickly will it become a thing for a child? Shinesa Cambric (43:24) Yeah, and you mentioned about a baby, and maybe that's too young, but if you think about it, or here in the United States, from the time that you're born, within that first week, you get a Social Security number, you get an identity assigned to you. So in the future, it's probably going to be the same way. From the time that you're born, you will have this digital identity that's assigned to you, and maybe your parents will safeguard that until you get to a certain age of maturity, but I think it's going to operate pretty much the same way. And I've been reading some articles and that there's some country governments that are looking into moving to digital identities as a way of tracking their citizens. Karissa (44:09) Wow. Yeah. That's a very strong, valid point that you raised there. If you had maybe some piece of advice for individuals, but also for businesses from a security perspective, is there any sort of things that you'd like to sort of leave our audience with today? Shinesa Cambric (44:24) Well, for me, I would say the biggest thing is getting educated. And yes, sometimes when you hear this term, it seems really sci-fi and it seems really far off, but it will be here before you know it. And I would prefer the businesses and individuals not be caught off guard. Start educating yourself about what this is. The other piece about this is understanding how you can protect yourself today from a digital standpoint using things like multifactor authentication, making sure that when it comes to what you're sharing online about yourself, that you're not oversharing so that people can't use that to social engineer you and hack into accounts of your information. And the other thing I would say is be on the lookout for how this will evolve and change and be an active citizen. So if you see something, say something, speak up. And this is going to be a society that we all need to operate in, so let's make sure that it's going to be workable for all of us. Karissa (45:27) Well, that's amazing. Wow. Really great conversation. A lot of food for thought. So I really appreciate your time, Shinesa, and for allowing us to step into your world and understand a little bit about what you're doing day to day. So I really appreciate you coming on the show today. Shinesa Cambric (45:45) Thank you for the time and hopefully people don't feel too crazy, but yeah, it's coming. Karissa (45:52) Thanks for tuning in. We hope that you found today's episode useful and you took away a few key points. Don't forget to subscribe to our podcast to get our latest episodes. If you'd like to find out how KBI can help grow your cyber business, then please head over to KBI.Digital.
Share This