Security Signal: In Our Post-Quantum Era
Presented by: Khalid Kark, Scott Francis, Trey Guinn
Originally aired on May 22 @ 12:00 PM - 12:30 PM EDT
Quantum computing may not be mainstream yet, but the race is already on. Progress has been steady — and sometimes astonishing. And while fully capable quantum computers are still on the horizon, cybercriminals aren’t waiting. They're already employing a tactic known as “harvest now, decrypt later” (HNDL) — stockpiling encrypted data today in hopes of breaking it once quantum power catches up.
To help you navigate this rapidly evolving cybersecurity threat landscape, Scott Francis, Security Innovation Principal Director at Accenture, joins Trey Guinn, Field CTO at Cloudflare, with our host Khalid Kark, Field CIO at Cloudflare to break down the latest quantum advancements and share practical strategies for accelerating your move to post-quantum cryptography — before it’s too late.
Unlock in-depth insights into today’s cybersecurity landscape, download the 2025 Cloudflare Signals Report today.
Participants:
Khalid Kark is a globally recognized technology strategist and Field CIO at Cloudflare, where he works closely with C-suite leaders and board members to shape secure, scalable, and resilient digital strategies. With over two decades of experience at the forefront of technology leadership, Khalid helps organizations navigate the complex intersection of business innovation, cybersecurity, and enterprise transformation. Previously, Khalid led Forrester’s Security & Risk and Technology Leadership practices and served as Global Managing Director of Deloitte’s Technology Leadership Program and chaired Deloitte’s Tech Eminence Council to elevate thought leadership in AI, cybersecurity, and digital innovation. Follow him on LinkedIn and X
Scott Francis is a Security Innovation Principal Director at Accenture, where he leads the emerging tech security practice in the Americas. He has been designing, building, operating, and securing Internet-facing services for organizations of all sizes, in industries around the world, since the 90s. He is pathologically curious, and his focus for many years has included emerging technology and the fascinating (and unexpected) things that happen where domains overlap. He is based in southern California, and wishes he spent more time at the beach and in the forest. Follow him on LinkedIn
Trey Guinn is a Field Technology Officer at Cloudflare. In this role he advises key customers on strategies to secure and optimize distributed workforces and computing architectures. He has spent over 20 years working with businesses around the world to develop robust, agile, and secure computing architectures. Trey partners with multinationals, national governments, and Fortune 500 enterprises from a range of industries to help them plan, build, and execute strategies to propel their businesses forward. Follow on LinkedIn and X
English
Transcript (Beta)
Trey Guinn - To me, that's, that's probably the biggest challenge in cybersecurity is how do you, how do you incentivize doing the right thing.
Khalid Kark - Hi everybody.
It's a pleasure to be here and talking to two distinguished guests about a topic that we've been hearing a lot about recently that the title is in our quantum era.
And we're gonna talk about post quantum cryptography.
And this is a really fun topic because a lot of people think it's far, far away, but it's actually not.
And we'll have two really great panelists talk about their perspectives and what they're hearing and seeing in the marketplace.
So, so Scott, maybe we could start with you a quick intro on what you've been doing and how you've been involved with, with what with Post Quantum.
Scott Francis - Thank you.
Thanks for having me. I lead our emerging tech security practice at Accenture in the Americas, and we spend a lot of time, especially since about August of last year in particular, focusing on helping our customers with quantum security, thinking about what's next in space and sub C security and a number of other, you know, developing areas.
But Quantum is definitely getting a lot of the focus and attention this year.
Great.
Trey? Trey Guinn - Yes.
My name is Trey Guinn Field, CTO at CloudFlare, based in San Francisco in our headquarters.
And Quantum's been, you know, on our radar for a better part of two years at this point.
Yes, I work a lot with our research team and trying to bring that research to our customers, also to governments and help sort of drive the, drive the industry forward.
Our mission is oftentimes to try to help make the internet better.
So this is part of like patching the internet with, with better encryption.
Khalid Kark - Great.
So let's jump in the first question, and maybe I'll direct it to Trey.
What do you, what, what is the post quantum landscape look like today?
Are companies really prepared?
Are they preparing? Are they aware of what's going on?
What, what have you seen really work and not work?
Trey Guinn - Well, that's a good question.
So to start with, obviously, like on all things, it depends, right?
Sure.
Like you get, you get everything across the board. It's RSA week, we're in San Francisco, we're having lots of conversations about this, and it goes everything from what's post quantum encryption Sure.
To, we have a roadmap and, and, and what have you.
I think the place that I look at is rada.cloudflare.com, Sure.
Where we talk about encryption standards being used on the internet today.
And what's really impressive to me is that a year ago we were at 5% support of PQ Cipher Suites and we're approaching 40% now globally.
And when I also like looked into specific markets, different countries, you'll see that even spiking above 50%.
So this was a topic that was theoretical a year ago as a conversation topic, but we are seeing it really sort of emerge in the sort of forefront of a lot of people's minds because not only all the, the quantum research around quantum computers, but because of our work with Chrome and Firefox and the other browser community, we're seeing the actual adoption in real life at scale.
So it's a, it's a quickly emerging space.
Khalid Kark - Got it.
Got it. Scott, what Are you seeing?
Scott Francis - So a lot of what we're seeing is, like Trey said, conversations a year or two ago were primarily focused on, you know, specific industries like financial services that have a very long risk horizon or governments.
And they were very technically focused on a specific kind of capability.
Now customers are coming to us and they're saying, Hey, we have a board mandate and we have budget and we have a regulator that's breathing down our neck.
And we need to be not just, you know, testing out this stuff, we need a business solution for post quantum security that ensures that we're gonna be compliant.
And that keeps us safe across the board, like soup to nuts.
So it's a much broader conversation, it's more holistic.
You know, we used to think about it as being primarily, you know, TLS endpoints for APIs and for websites.
And you know, Cloudflare's been testing this out for years.
But I think a lot of organizations are starting to realize that the scope of what needs to get fixed is so much bigger than that.
It's every certificate, it's PKI, it's all your machine identities.
There's Yes, there's a lot of work.
Yeah. It's your commercial operating systems and software.
It's your open source supply chain, your hyperscalers, you rely on any hardware that you still have.
It's a big, big scope of work that people need to manage.
And I think they're just starting to realize how much work it's gonna be.
Khalid Kark - And, and of course regulators are that breathing down everybody's neck as well.
And so, I know we talked briefly about this.
Where is regulations?
Where are the regulations going? And, and I know Trey, you have a perspective on this as well.
Trey Guinn - Yeah.
Khalid Kark - But, but maybe we start with you.
Where, where do you think regulations are gonna go?
Scott Francis - So we've seen a few places, again in financial services where industry specific frameworks kind of led out in front of the formal adoption Khalid Kark - Yeah.
Scott Francis - By NIST and other agencies.
But in the last six months we've seen, you know, like you said, a Cambrian explosion of regulatory changes from governments and industry groups around the world.
And depending on where you are, they might be a little further ahead or they might be lagging behind.
They might be more or less prescriptive, but from the European Union to, you know, the state of New York to South Korea to, you know, nist, I mean even PCI version four now has a requirement for a cryptographic inventory Oh sure.
That you maintain every year.
And you have to have a roadmap for adopting the latest standards.
And so I think even people who have managed to avoid it so far are not gonna be able to avoid it for very long.
Got it. Got it. Trey Guinn - Yeah, I mean, the way I see it too, I mean, completely agree with everything you just said is whatever industry you're in, small company, large company, large enterprise, if you start to look at the sort of organizing bodies around that industry, every one of them has recommendations today towards post quo.
Sure.
And so all you have that is, you know, the writing's on the wall.
So we, we see some, some regulations coming down now, but we see it, you know, the re the recommendations are there and will become, will become requirements over time.
Khalid Kark - Yeah.
If, if you haven't seen it now it's coming. Yeah. Right.
So, so that's, that's definitely the case. There's this, this notion of crypto agility and, and a lot of companies struggle with that in terms of thinking about what does that really mean, what does that mean in terms of preparing for it, but also having the ability, again with all of these regulations, all of these changes that you have to make.
What do you think about, what is crypto agility and how are companies, how can executives CISOs think about crypto agility?
Trey Guinn - Yeah, so the way I'll jump into this is the example of there's still organizations working on their transition from, you know, TLS 1.0 to 1.3.
Khalid Kark - Sure.
Trey Guinn - And it's this big program, it takes forever to move in that direction.
What we're talking about now isn't just supporting post quantum safe cipher suites, it's really also about supporting whatever the next cryptographic requirement is.
Khalid Kark - Got it.
Trey Guinn - And this is the other thing that we see emerging because of the state of the world and the geopolitical situation, we're seeing more protective economies, more reg, you know, sort of sovereign internet and sovereign regulation.
We're actually expecting sort of like sovereign crypto libraries as well, or crypto requirements.
Khalid Kark - Yes.
Trey Guinn - So you can imagine if you're doing business in Korea and having to support their cryptographic algorithms and then having to do something else in Brazil and something else in India.
How we talking About Middle East Earlier, right. Scott Francis - So, so Yeah.
Absolutely. Trey Guinn - So that to me, that's what cryptographic agility is, is this ability to say, okay, I have workloads, I have users, I have applications I need to be able to deliver in a market.
How can I, how can I be agile in the cryptographic standards that I'm using in those places?
Khalid Kark - And, and for global companies, that becomes exponentially a task that, that they have to simultaneously do that across multiple geographies.
Right.
Trey Guinn - And this is a fundamental different di you know, change if we're all old men here.
Right.
With a gray I see. Gray and your hair and the beard. Like we remember when like we had to turn on encryption.
Khalid Kark - Yes.
Trey Guinn - Like it used to turn on encryption and then it's just like teeth and nail to get from, you know, a TLS one to 1.3.
Sure.
Now we're talking about making it actually agile. It's, this is no longer a binary change.
It's, it's actually having that flexibility to meet market needs and market demand Khalid Kark - And you can't have the performance hit that you used to have and you can't have.
Right.
So, so there is an expectation of performance that goes with, with that agility as well.
So, completely agree.
Scott Francis - Yeah.
I mean, technical changes like a new 47 day maximum lifespan on certificates implies automation for the way that you manage your stuff.
You can't have people whose job is to sit around rotating certs for all of your clients or all of your endpoints every couple of years.
So things like push button, certificate delivery from Cloudflare, from, you know, other providers is a big part of that.
But NIST's guidance on crypto agility that came out within the last couple of months is really helpful because it calls out that this is not just a technical change with new tools and technology, it's a process change to support an organization behaving differently and making the kinds of logical abstractions that make it possible to do the right thing and adopt changes more easily with lower risk and less expense later on.
Part of the reason this is so challenging right now is because organizations, 10 years ago, the last time they had to do this didn't make process changes.
And so they have unclear ownership, they still have cryptography that is baked into source code.
It's a lot of rip and replace.
And so they're gonna have to go through all that pain again.
But this time when they do it, we're advising them to help yourselves help your future self by putting in place flexibility that makes it easy for you to do the right thing.
Because NIST has another dozen standards in the pipeline.
There's gonna be more changes from around the world.
It's unclear whether or not the mod lattice approach that we're using is gonna stand the test of time mathematically.
So we expect this kind of thing to be coming on a regular basis for the foreseeable future.
Khalid Kark - Yeah.
I mean, so there are some skeptics still. Right. And, and we all have talked to them over the, over the last few months who say that well harm now decrypt later, three years down the line, four years down the line, I don't need, I don't need to worry about it.
Now.
Let, let me just both put you both on the spot a little bit.
What do you think is the realistic timeline that that, that we will actually get those people a, a huge wake up call that this is, this is actually either already broken or is gonna be gonna be the, the encryption is gonna be be broken in the next six months or whatever.
Right? Scott Francis - So I think a year ago I would've had a different answer.
Khalid Kark - Sure.
Scott Francis - I expected it was probably gonna be by, you know, 2035.
Khalid Kark - Sure.
Okay. Scott Francis - Maybe a little sooner.
Okay. Okay. But in the last four months, we've had five completely different advances in quantum computing capability from five different vendors using five different approaches.
Most of them focused on error correction, which is the biggest sure area that we need to make advances in, in order to make this stuff practical.
And one of them, like D-Wave, you can go out and rent time on their machine right now and you can run stuff.
So I think it's much more available than people outside the space realize.
Khalid Kark - So, so great.
And, and, and hence we're getting all these questions because of all the changes that have happened.
Trey, any perspective from you Trey Guinn - Three years?
Six?
No, I'm just kidding. I <v ->Mean, who knows</v> <v ->Right?
The</v> Khalid Kark - Come on, make a, make a guess.
I, I Trey Guinn - Think it's the, yeah, I mean, I would not be sur this is one of the classic things where it's, it's easy to sort of overestimate progression Sure.
In the short term and easy.
And you always underestimate it in that, in the long term, sort of medium to long term.
Yeah.
And so I would not be surprised at all if five years from now we are, we're still looking at, you know, a, you know, capable quantum computer that can, that can execute on Shor's algorithm and break RSA.
Scott Francis - That's actually a really good point.
Somebody that I was talking to the other day, and I can't remember if it was Wesley from Cloudflare Research or somebody else, but they said, I'm not worried about Shore's algorithm running on a quantum computer in the future.
I'm worried about an AI discovering a new algorithm nobody knows about.
Khalid Kark - Sure.
Scott Francis - And Leverages what we already have. <v ->Yeah.
- And changes that collapse time from five years</v> to five months.
That that's, and we've already seen, like Google has an LLM that solved the cap set problem, which is an unsolved problem in mathematics.
They wrote some Python code and said, go figure this out.
And after a couple of million tries, it solved it and humans had never solved it.
And so that's the kind of thing that I think we're gonna see the most potential for a surprise is the intersection of AI and computing capability.
Not just quantum, but also GPUs.
Khalid Kark - Got it.
Well, let's shift gears for a little bit. Let's, let's take a perspective of a CISO who's, who has to deal with, with this.
So as they're starting to think about, and a lot of them are about their strategy to deal with this, what is the progression?
What is the first step that they take in terms of what is the second step?
And, and, and so maybe kind of walk us through what should a CISO think about as they're thinking about their post quantum cryptography strategy?
Scott Francis - Great question.
I think it's, it's honestly a lot like most big technology projects.
Yeah.
The first thing is to understand what it is that you're doing and why you have to have a plan.
And the plan is not just, you know, what are the different pieces that I know that I need to change?
The plan is why am I doing this?
Am I trying to satisfy regulators?
Am I worried about a 30 year time horizon on my am you know, am I trying to expand into a new geography that I don't cover yet?
I need to be able to adhere to their regulations.
There's a lot of different reasons to do this stuff.
And you need to take into account also what are my constraints?
What are my, you know, vendors that are part of my ecosystem that I need to support?
There's a lot of different inputs that are part of figuring out what's my order of operations, what's my timeline?
What things are gonna be the most difficult to do, what things are the most, you know, business critical, what are the riskiest things?
And all of these things are part of figuring out, okay, this then is how I start.
Khalid Kark - Sure, sure.
So you're suggesting an assessment to figure out what is it that I need to do, prioritize that?
Scott Francis - Yes.
You need to have a plan that's driven by business risk, not by your understanding of what technology you think you need to change.
Start with the business risk and work backwards to the technical inputs.
Trey Guinn - And I think you brings a really good point about both managing the, the risk that is sort of represented by broken encryption and the regulatory risk.
Like what, <v ->What's the actual</v> <v ->Driver here?</v> <v ->Yeah.</v> <v ->Yes.
And we talked about, you know,</v> maybe in five years we've got quantum computers, but I think in under five years we're gonna have regulations that require <v ->Absolutely, yeah.
A lot of</v> <v ->Them, a lot of regulations are gonna require</v> to be post quantum saved.
<v ->Sure.
Yep.</v> <v ->And so I think I would completely agree</v> with this idea of like, what problem are you actually solving?
And I think the problem that most systems will solve will see first is the re regulatory requirement.
Scott Francis - Yep.
And that's another thing that's changed significantly between last year this time and right now is the regulatory environment has absolutely exploded.
And even people who are skeptical that we will ever have a quantum computer that can do large integer factoring, it doesn't matter.
RSA is still deprecated in 2030, ECC is still going away.
So whether or not we have the capability is almost irrelevant.
You're still gonna have to change in order to be compliant and more changes are coming, which is why crypto agility is so important.
Khalid Kark - So, so you, you're both suggesting that we haven't learned our lesson and we're gonna still go after compliance and not risk as, as a, as a way to think about security.
So Scott Francis - People are gonna end up doing the right thing for, for the long term, but potentially driven by short term considerations.
Makes sense, makes sense.
So compliance may be the lever, but if the outcome is long-term safety for your data and for your customers, then you're still gonna get that good outcome.
Khalid Kark - Got it.
Got it. Now, one of the big things is because this feels really nebulous for a lot of C-suite executives, a lot of questions we get are, how do I even think about this investment?
How do I propose that, well next year I'm gonna need some investment to start to drive this.
If you were a, a CISO or if you're advising a CISO, how would you tell them to think about investing and where would you ask them to invest initially in terms of the capabilities?
Trey, maybe, Trey Guinn - I mean, the easy starting point I think is, is how this requirement influences the rest of your strategy.
The, the influences the rest of your buying.
Something I've had conversations with financial services, SOS and security teams is, is, you know, let's say post quantum, post quantum or PQC, safe cipher suites.
Is that now in your purchasing decisions, are you, are you going to solutions that already have that one is only a matter of time until that becomes a requirement.
And so when, when will that requirement come in?
And so I think that's probably one of the, the easiest early steps is how you can have this sort of influence other, other strategy.
Khalid Kark - So embed those into other buying decisions that you have so that it can get integrated and automatic.
You can get that automatically as, as part of Okay, great.
Trey Guinn - I mean, and then obviously there is running an actual program Khalid Kark - Sure.
Trey Guinn - For cryptographic agility and try to figure out what you need, you know, what problem you're trying to solve and the best way to do that.
And then I had a third point, but I'll come back to it.
Khalid Kark - Well, what, what do you think about, do, does every organization need a, a center of excellence to deal with this?
I mean, do we actually need to build out a program for every organization?
Scott Francis - So again, my favorite answer, it depends, Khalid Kark - Of course Scott Francis - It depends in part on the maturity of your organization and, and your your technical folks.
But I think part of my encouragement to CISOs and other execs is that this is not as scary and different as you think that it is.
It actually operationally looks a whole lot more like any big tech modernization program or a patch and vulnerability management system writ large, if you've been around long enough to remember Y2K or swapping out des for a ES or one of those other things, this is like that just bigger because there's more components and because your tech landscape has ballooned in the last decade, Trey Guinn - And it's going to repeat.
Scott Francis - Yes.
Trey Guinn - This is, this is really the big yeah. Notion to get across.
And I love your point. This is about, this is about automation.
Yep. This is, this is not just getting the next version, it's building the processes in place Yes.
To continuously iterate to the next process.
Khalid Kark - Well, and that's a really good point because to your point, tech transformations haven't had a good track record of success, right?
Yeah.
And so, so so everybody thinks about a transformation and they get scared, right?
I mean, yes.
Our data suggests 70% of them fail to deliver either on time, on budget, on capabilities, right?
Yep.
So, so really thinking about really granularly, what, where are you gonna impact and, and presenting that to the CFO or the board or whatever in a, in a pragmatic way, becomes really, really important as you're building out the case.
Right? Scott Francis - We've talked to some customers that have had good at taking an existing, like a five year transformation program and saying, okay, as we go through and do this, we're now going to just add Quantum safe as a new requirement to code changes.
Got it.
And to procurement and things like that. Khalid Kark - That's why was kind of alluding to, right?
Scott Francis - I think that gets you part of the way there, but there's other things like swapping out all of your PKI and your certificate stuff and then chasing down all of your vendors that own various different things that somebody's gonna have to be responsible for that.
And I think in most organizations, this is gonna end up being honestly more of a large scale project management exercise than a tech technical, you know, technical effort.
Khalid Kark - So who's responsible for it?
Scott Francis - Well, that's the interesting thing is that in most organizations, maybe 60 or 70% of what needs to be fixed is outside of your direct control.
So part of this is gonna be yeah, software supply chain for, you know, code that you write, code that you need to test.
So, you know, CICD pipeline, the whole thing, but a lot of it is who owns your operating systems?
Who owns your commercial software?
Who owns your routers and your firewalls and your load balancers?
If you still have hardware stuff floating around, you know, what's the roadmap for adoption for your hyperscalers, for your cloud providers?
You know, if you've got data in Salesforce or Snowflake or someplace else, what's their roadmap?
And you don't have to fix that stuff, but you have to track that stuff.
And one of the ways that you can actually reduce the burden of effort on your team is to switch to manage services wherever you can, because then it becomes the problem of an organization that usually has a much larger technical team.
To solve that for all of their customers.
And you still have to track it, but you don't have to fix it yourself.
Khalid Kark - And that's a great answer.
But I know we were talking about this yesterday where network and security are not independent silos anymore.
And, and the fact that that has to come together in terms of ownership, in terms of accountability, in terms of capabilities and so on.
So any, any thoughts from you?
Trey Guinn - Yeah, well, no, I really like this idea.
It is, this is one more motivation to drive towards services, this drive towards SaaS service delivery.
When you think about who owns it, yes.
I think you, that's a sort of, you're never gonna get outside of that problem.
Whether this is owned by the CIO or the, or the ciso, I mean, it is a risk.
If it ends up the driver for it becomes regulatory, then I'm sure it becomes the CISOs problem to, or headache to go solve.
But I do, I completely agree with this idea that it, it is just one more reason to consume services.
Yeah. Khalid Kark - Got it.
And that, that's a really good segue into the, into the last question, which is, where do you see this all going?
Right?
So, so again, we, this is fast changing, so maybe 12 to 18 months, maybe a perspective from both of you, where do you, where do you think this is headed in terms of not just the landscape, but how are organizations gonna react to what is, what is being kind of developed as we speak?
As you said, five vendors have already kind of put out stuff.
Right? Scott Francis - So I think in the next year and a half we're gonna see mostly a continuation of what's already going on and an acceleration driven by governments and regulatory changes.
But especially, you know, we hear about, you know, balkanization of the internet and, you know, geopolitical tensions causing more focus on sovereign cloud sovereign data control.
So I think we're gonna continue to see that trend accelerate.
And that means that the complications for this, for CISOs, especially for large international orgs, are going to increase.
So executives need to get familiar with their international clients.
Don't assume that just because you're adhering to a standard that it's going to satisfy all your requirements internationally.
Yeah.
Yep. Agreed. Get, get familiar with your, with your friends and compliance and law, because that landscape's gonna get complicated.
Khalid Kark - Yeah.
And not just one, but across the globe, every, every area that you're operating in.
So yeah, Trey Guinn - I would agree with everything you just said.
And the other thing we're gonna see are vendors trying to pull a fast one.
The Khalid Kark - Yeah.
Trey Guinn - There's gonna be, we've already seen some examples of the way we get post quantum is stick a key into a box and mail it to you.
And look, that key exchange is post quantum safe.
And you're like, really?
Scott Francis - That's key distribution, but it's not quantum key distribution.
Trey Guinn - Yeah, yeah, exactly.
And so, but it's, but it's quantum safe, key key sharing.
And you're like, oh my goodness.
So I mean, that, that is already happening.
So I think you're gonna start to see a divergence of the wheat from the shaft.
Sure. Over time. Scott Francis - The other thing that I think is definitely gonna happen in the next year and a half, and you know, I'll go on the record for this, we're gonna see some surprises at the intersection of AI and quantum and classical computing.
The intersection of those three is gonna lead to some breakthroughs that nobody's thinking about yet.
Khalid Kark - Do you wanna kind of venture to talk maybe, maybe more what kind of breakthrough?
Scott Francis - I think that we're gonna see either a breakthrough against modular lattice, which, you know, we just haven't been banging on it for long enough for especially the gray hook cryptographers to really be comfortable with it.
Or we're gonna see a new approach to factoring that no one has considered yet.
Khalid Kark - Fair enough.
Scott Francis - It's gonna work well on GPUs, quantum and classical as a combination.
Khalid Kark - Got it.
Got it. Well, this was a great conversation and, and of course it's, it's, it's very thoughtful for a lot of, a lot of people to kind of get to know what they have to do, because a lot of people tend to be really confused about what's, what's in it for them.
We wanna end with a, a rapid fire set of questions for both of you.
And so I'll ask a question, I'll start with Trey, and, and then you can answer that as well.
And these rapid fire questions are, I mean, it can be about PQE, but it doesn't have to be.
Right.
So, so the first one is, if you had to describe the current state of cybersecurity in one word, what would that be?
Trey Guinn - Fractured.
Scott Francis - Fractured. That was gonna be my word. Trey Guinn - Oh really?
Oh man.
And we didn't even practice that. Yeah. It's much too fractured.
Yeah. Scott Francis - I think it reflects the number of problems that are out there and the fact that a lot of people have a lot of different solutions for different things, but trying to figure out how to put those all together into a single business outcome is a really hard problem.
Khalid Kark - So you're saying that the platforms out there aren't gonna solve that fracturing?
Scott Francis - Nope.
Khalid Kark - Okay.
So what is the one buzzword in security or tech that you wish we could retire?
We can start with you.
Scott Francis - Well, this might get me thrown out of RSA, but I don't think AI is going to solve all our problems Khalid Kark - Really?
come on. Scott Francis - It's gonna, it's gonna make some things easier, but it isn't going to replace the kind of high judgment things that CISOs and organizations have to do when they're thinking about why are we doing what we're doing and what kind of outcomes are we chasing?
Trey Guinn - It doesn't solve all problems and it doesn't solve them all next week.
Scott Francis - Yeah.
Yep. Trey Guinn - The, if I had to choose AI was actually towards the top of my list as well, though if I had to choose the, I think the misuse of a term is crypto when we're not talking about cryptography.
Scott Francis - I have a sticker on my laptop that says crypto means cryptography.
Khalid Kark - Exactly.
Great. Well, thank you both. This has been a phenomenal conversation.
I definitely learned a lot as part of it.
We do have this as a series of conversations we're having with practitioners and experts like yourselves.
The few upcoming ones are The Perimeter Problem or the lack thereof, The Resilience being Re-imagined, because it, it can't be incrementally, the, the mindset can't incrementally change.
So you have to kind of reimagine it.
And, and of course, Agile Security in, in terms of what do you, what levers do you need to pull to be more agile with, with the threats?
So please watch and follow us on social at Cloudflare tv.
Subscribe to Security Signal wherever you are watching your podcasts.
Download and read the security signals report at cloudflare.com/signals.
Well, thank you again.
Really pleasure to have you both and really enjoyed the conversation.
It was a <v ->Blast.</v> <v ->Thank you both.
Thanks. Thank you. Thank you.</v>
