Leading digital transformation with security at the forefront

Hello. How's everybody doing? All right, Kia.

Did I say it right? Maybe I'm from the south in the United States if you can't tell. So, that's Sorry for the accent.

Uh, a couple of things. So, first of all, I want to say thank you to all of you for being here on a beautiful and lovely day outside. What are you doing in here?

But thank you so much for being here. Thank you, Spark, for having me here. and we've got a nice chunk of time together today.

So, I have the keynote with you. I'll have a Q&A with Nadine. I'll be around all day.

I have the chance to be on a fireside u chat a little bit later today. And I'm looking forward to meeting all of you on the floor. There was so much that I wanted to cover with you today and we just don't have the time and you have so many amazing, wonderful speakers to hear from.

So, I worked with the team at Spark and you're going to have a very detailed uh takeaway packet from me, a PDF. It's going to be a lot of the things that I'm covering here, but so much more. And my hope in giving you that PDF is that when you go back to the office and you think, what were the one or two or three things that I was going to do differently, then you would have your homework assignment.

And I'd love to hear from you as you try to do that homework assignment how it goes. So, do we have a deal? Great.

Now, the other thing is is I want to give you an incentive for the Q&A with Nadine. If you all are shy and you don't submit questions, I'm going to get off stage and walk up to random people and ask random questions so that you've got you've got some time to think through those questions. Before I get into the prepared remarks, I actually saw that McKenzie put out a brand new report.

It's 30 pages long. and it came out just a couple days ago and I read it for you so you don't have to. So I'm like your chat GPT u but I I wanted to highlight a couple of the statistics because a lot of times when I talk to people one-on-one about this they'll say I feel like I'm behind.

I heard in the Q&A New Zealand is behind. We're all in this together. We are all starting off together and things are changing so quickly.

So, I wanted to give you a few statistics from this report and uh if you have a hard time finding it, you'll have my contact information. Reach out to me. I'm happy to share it with you.

So, for starters, they they interviewed uh companies all different sizes, some publicly traded, some privately held. 105 countries responded. So, this is a truly global report.

And out of all of the respondents, twothirds of the company said that their AI right now is only in pilots. They have not scaled it to be enterprisewide. So if you're sitting here thinking, gosh, I'm so far behind and I'm the only one.

You're not. There's a lot of companies experimenting with AI, but it's still in pilot mode, which I think is good. So they're experimenting, they're learning, and we'll talk a little bit about how to think about pilots.

62% of the respondents said that they are using AI and testing out AI agents. So basically creating an agent that is assisting their own employees or creating an agent that is providing customer service. So I found that very interesting.

39% of posted some type of a positive return on investment. And I thought this was really interesting because we're going to talk about this in a minute. Those with the largest benefits so far in this study said that there were four things that they had in common.

One, they use a human in the loop with their AI. Two, they made sure that they had a very solid data and technology strategy for the pilot and for the long-term implementation. three, and you heard this from from Clara's um presentation this morning, they had senior leadership involvement throughout the way and pilots.

And then lastly, a clear workforce plan around upskilling, retraining, and redeploying their workforce. So, those are just a couple of things from the 30page report that I thought I would share with you today. Uh so, the Spark team asked me to talk a little bit about my time at the White House.

So, I was at the White House from 2006 to 2008, a time of tremendous change. And if that sounds like a long time ago, it's because that it was it was a long time ago. It was almost 20 years ago, but there was a lot of change going on.

And a lot of the lessons that we learned, I believe, still apply today. Uh, so what's the first thing that came out in 2007 that you probably cannot imagine life without now? iPhone.

Yes. So the first ever iPhone. So a time of tremendous change.

So I noticed as we were rolling out all these different technologies, I had two problems that I encountered and it was consistent. So there's 13 components that make up the executive office of the president. And so you have the president's office, the vice president's office, these 13 components, the cabinet members, all the different things that go on to support the nation's business.

Even though our nation's business is shut down right now, I don't know if you're tracking that. our government shutdown. So I had these two unique problems.

The first one was consistent across actually both of them were consistent across all 13 components. And the first one was is that when people went on international travel for work or for fun, they were not calling my office consistently to get an international trip briefing and to get their phone adjusted depending on the country they were going to. So, it was about a 50/50 shot whether or not they would actually come to my office, get the trip briefing, and get their phone adjusted.

And we had built our own proprietary software that we knew all, we'll just call them bad connection points in the world. And if we saw a White House device talk to a bad connection, and by bad, I mean bad actor on the other side of the connection, we would brick the device and it would never work again. And we'd ask questions later.

I don't know about you, that doesn't make you very popular with senior executives when you have them on an international trip and suddenly everything they have doesn't work. Makes it hard to call the White House when you don't know the number because it was on your phone. Yes.

So, that's a problem. Didn't make me very popular, but it was a way to keep things secure, but really not a great seamless, elegant customer service experience. The second problem that we had also consistently across all 13 components is that sometimes people would misplace their smartphone.

Sometimes it was legitimately stolen. Sometimes it was just misplaced. Sometimes it was lost.

And what was curious about this is people would wait almost a full business day before they would call my team. So I thought, well, we've got to get to the bottom of this. This is a security-minded organization.

Clearly, we've got to change how we deliver our service. So, the first thing I want you to think about when you go back to the office is how do you collect your human user story? So, this is focused on no matter what the technology is, including AI, really understanding your human user story.

So, I go to Je deputy chief of staff and I said, I have an idea on how to improve the numbers and I would like to do a pilot. I would like to choose one of the 13 components and the one that I've chosen is the one that whether or not I ask them for feedback, they let me know what we're doing wrong all the time. Uh so constructive feedback and I said in this pilot I would like permission to fail.

And deputy chief of staff said failure is not an option. No failure. And I said well let me explain what failure looks like.

It will cost you nothing. it'll be quick and we could have a good laugh about the failure and we'll learn from it and do something else. And he said, "Oh, if that's the case, then yes, you have permission to fail, especially if I get to laugh at you after the failure.

" So, perfect. Okay, so I've established I can do a pilot. I'm going to get feedback and I do have permission to fail.

So, that's the next piece that you need as you go into your AI pilots, right? So, you want that leadership buyin. So now I go to that pilot group that I've chosen and I'm going to pretend right here in the front row you're my pilot group.

So you are my constructive feedback group. And so I go to you and I say, "Hey, I just want you to know everybody's numbers are the same. 50/50 shot that you show up for an international trip briefing.

Do you want to tell me a little bit why you think it is that you don't come on a consistent basis? " And you say to me, "Because your briefings are long and boring. " So the other thing that you need to learn when you ask for human user stories is you're going to learn some things about your process that you're going to feel very defensive about and you just have to take it and you just have to take the feedback and learn from it.

So then the second thing I mentioned to you is the whole not reporting it and you show me the language that we make you sign when you get issued a device and I'm paraphrasing but basically it said I understand that this is lost, damaged or stolen. it could be could be punishable to the fullest extent of the law. And you said, "Do you know what that means?

" And I said, "No. " And they said, "Well, we're worried it'll be a black like check mark on our personnel record. " And as soon as you say that to me, a product of the Catholic school system, I was like, "Oh, no.

Permanent record. " Right? And so I now understand why we have a security issue in our technology process.

So I go back to the team and we talk about this and we said, "What is really at the bottom of it all? what is the most important thing we want people to do? And really at the bottom of it all is we just wanted you to call us because if you could call us then we could help you.

So we thought well how do we get the message boiled down that simply. Now the government regulation says we have to produce a book, we have to have policies all those things but that was getting in the way of seamless elegant customer service. And so what we did is we came up with a new idea and the new idea was to create a White House happy meal and in that happy meal we had your smartphone, we had a card and we stuffed it all full of White House M&M's, White House jelly beans because I am convinced people receive security briefings better if there is chocolate and jelly beans involved.

You should try it. You should try it. And so we I go back to my test component, my pilot component, and I say to them, here is your White House smartphone happy meal.

What I want you to know is you are in an exclusive invitationon enhanced security briefing pilot. You are the only component in this pilot. Feel free to eat chocolate and jelly beans while we go over the briefing.

There is a card here. It just has a 202 area code number on it. Doesn't say White House.

Please don't write White House on it. This is my team's 24 by7 number. Guaranteed we will pick up by the second ring.

Two things I want you to know. If you go on international travel for work or for fun, please call this number. We would love more than a day's notice, but we can do same day because we would like to give you a briefing and we might have to adjust your phone.

The last piece is is that if your phone is ever missing, even if you think it's in the car in the White House employee parking lot, just call this number. We've built our own software where we can find it and if we think it's in an unsafe place, we can issue a kill command. Oh, not a view of the device.

It's important to get that straight and and get you a new new device. So, now I'm going to ask the rest of you who are not in my pilot. You're the other 12 components.

Do you think in the pilot we improved the numbers? Okay, shout out. What do you think our improvement was?

It used to be a full business day before everybody told me their smartphone was missing. Do you think we reduced it to less than a full business day? Okay, shout out.

How long do you think it took? >> 30 minutes with the guarantee that every time you called us, we would bring you another smartphone happy meal. Okay, so we would come back over with the the jelly beans and the M&M's.

Same thing around the 50/50 shot international trip briefings. Do you think we improved it in the pilot? Shout out the percentage you think it was 100%.

But I had another unexpected benefit that happened. The White House is very competitive. You left your meetings and you would go meet in at other meetings with people who are not in the pilot and you would take your happy meal with you.

I don't know if you have trust issues or what's going on, but you didn't want to leave your candy behind. And people would who were not in the pilot would say, "What is that? " And then you would say, "Oh, I'm in an invitationon exclusive enhanced security briefing pilot.

" So now I have the other 12 components calling my office begging for a briefing. Have you ever begged for a briefing? Okay, so this is how you can be thinking about how do I collect the human user story?

How do I learn where things are broken? How do I meet people where they are? How do I get permission to do a pilot to fail?

But what if I'm successful? What did this pilot cost the White House to do? Zero dollars.

We had everything in the supply closet. It was just redeploying how we thought about things. So, I want you to go back to the office next week and be thinking about how can we apply this to the technology transformations we are experiencing today.

Now, if I say to you the term deep fake AI, does that sort of make you have a feeling of like crime and fraud and something bad? Does that sort of sometimes Yeah, it does have that connotation. But so what I wanted to show you was that actually deep fake technology deployed the right way, of course, with the right amount of money, um, is really pretty incredible.

So, I wanted to show you something that the NBA is doing with Deep Fake AI and then let's talk a little bit about it. >> So, now I'm going to uh walk around you and just scan your body, right? >> Yep.

>> All right. That's an interesting shirt you wore today. Is that the one you're going to wear all morning?

>> Is that We're in Utah. The Jazz wear purple. >> He's also wearing colors.

So did the Vikings. >> All right, this is almost over. All right, hang in there.

I got to step back just that. Get your full body. All right, step.

I'm almost done. Almost done. You're up.

People see you on screen. Don't be so nervous. >> I'm nervous about you.

I'm nervous backwards. [laughter] That'll be the end of it. >> All right.

Smile for a second. Yeah. All right.

Got it. All right. All right.

[laughter] All right. All right. All right.

All right. All right. All right.

Painless. All right. I got it.

All right. So, now come over here. Let's look at this screen.

So now we're going to go back just so you can see this. Go back into that mode. Now we're at in the app.

And now the menu is going to come back up. And so look, we've inserted you in the avatar selection. >> And then you see where the red that's going, you could choose different players.

So then we're going to pick Horton Tucker. And then where that where Horton Tucker is. So this would be in a live game.

>> You will be inserted into the game. You'll be making all the same movements he was, but it'll look like it's your body. >> Does he have my skills?

>> We'll We'll see. [laughter] >> Okay. All right.

You ready? Yeah. >> All right.

So, go ahead and roll that. >> There's that shirt. Yeah.

Yeah. That's what I'm doing. That's what I'm doing.

Where where do you get the idea to stick your tongue out like that? >> Yeah, somebody [clears throat] copied me, you know. >> Looks like you've been lifting.

[laughter] >> So, what a cool and amazing use of deep fake technology. Obviously, you have to have a big budget to implement something like this, but it is going to become more affordable, more accessible. What are some of the possibilities of the ways that you could use this?

Maybe you could use it for training, gamification of an incident or scenario. There is endless possibilities. And of course, we're also talking a lot about robotics potentially in the workplace.

So, I thought I would show you a robot who has better snowboarding skills than I do. And he's got some personality as well. But you can imagine if you have an avalanche or you have something going on on a mountain where people's lives, maybe they need first aid, maybe they need care, you could potentially send a friendly robot.

And so here we are. I think the biggest thing that we have to talk about with the technology that we have in front of us to innovate with and really improve our business operations is trust. And trust is really one of the most valuable assets whether you're a government organization or a private sector organization.

And right now in many instances I consider it our most vulnerable asset. So how do we think about trust? I'm going to go very quickly over these around the world slides.

They will be the detailed slides will be in your takeaway packet. So, don't feel like you're missing out on anything, but I wanted to just give you sort of, you know, I'm very blessed to have a front row seat to government organizations and to private sector organizations around the world. And so, in a Chattam House rules, um, I ask for permission to be able to share this with you.

What I am seeing around the world, I'm seeing two questions asked every single country that I do go to. And the first is how do we harness AI speed while keeping it safe? And that is really going to go a long way to protect trust and then lastly, how do we upskill our people?

So these are just a sample of some of the countries. I have a few more to add and New Zealand will be on that list as well. Switzerland is very focused on ethics as a bedrock.

So I spent two different weeks there. um in Switzerland, in Geneva, having these conversations. And the main takeaway is that AI without ethical guard rails is very much like a Ferrari without breaks.

It's beautiful, but it's fast and very dangerous. I spent some time in Brazil and saw an amazing case study where um if you have worked any with any type of fraud solutions, you're probably um encountering a conversation around how do we determine proof of life for customers? Because now with deep fake technology being so good at voice cloning, at video cloning, at document cloning, how do we know with our own eyes and ears who we're looking at?

And so one of the case studies that I saw when I was in Brazil because they have so much fraud in the account opening process and they truly have microto micro payments going on um because of their culture and their economy. One of the things that I saw was they have this incredible technology around proving proof of life. And so a lot of times it can sort of play out like it'll say in the account opening process, frown for the picture, smile for the picture, open your eyes wide, close your eyes, turn your head to the right, turn your head to the left.

So if you've experienced that in account opening, a big part of that is proof of life to help with your transactions and protect your account in your transactions. And what was interesting and another takeaway that I want you to be thinking about is how can you leverage AI in your security in protecting privacy in protecting against fraud by looking for anomalies within the anomalies. This is now finally possible with AI.

And an example of this was a company UNICO ID who does proof of life. They were in the security operations center which is manned by humans. uh but they are also using AI to help them look for anomalies within the anomalies and something was on a very low threshold caught one of the analysts the human analyst's eye so he started to look at all these different account openings and he was realizing by looking at the proof of life pictures and videos and artifacts whether it was man or woman old or young he started to see something and what he saw was a unique hairline in all of these new accounts opened So evidently the person um who was creating deep fakes, they were doing just enough where proof of life just had a little bit of anomaly like it might be not legit.

It kind of is legit. And because he had the time because of AI and their workflow to look at the anomalies within the anomalies, he did his research. Now fast forward, I'm there.

We're talking about the case and they realized how the fraudster was able to do it. What the fraudster was doing was using synthetic identities, overlaying a new identity on top of a real identity, then creating the deep fake persona for the video for proof of life. And then they had a gaming screen.

So a gaming screen is much like the one behind me. It's got a nice curvature to it. It's high def.

So he would actually project the deep fake synthetic identity onto the gaming screen and then hold the phone up to it. ing genius. So, how do we think about collecting the human user story?

How do we think about outsmarting, outdesigning, and out uh maneuvering criminals and fraudsters? So, that is another thing for you to be thinking about as you think about what's going on around the world. In Mexico, while I was there, I got to see the agriculture, government, and then uh financial services.

And what is very interesting about Mexico is that 40% of their economy is actually considered an informal e economy. So the way people make money, there's not a payroll. There's not a paycheck.

It's not in the formal economy. It's informal. Some of it is bartering and trading.

And so they're very concerned what does AI do to 40% of our economy which is not a traditional economy. And so they are looking at how do they upskill retrain they are training uh two million people by end of this year in a partnership with Microsoft South Africa. So I had the opportunity to spend a little over a week with uh the in sort of the Cape Town area with fintech but also agriculture and a big part of what they are looking at is how do we transform the economy by transforming even the most remote communities.

So they are looking at how to use AI logistics to boost farm output farmtotable and have less waste. Incredible. So I saw you where they were implementing satellite so that they could bring these skills and bring these technologies to some of the most remote areas.

Japan, I spent about a week in Japan with the gaming industry, government, AI industry and banking. And the big takeaway there was respecting tradition but embracing innovation and that AI should serve people not replace them. So how can we think about implementing next steps?

I want to make sure that you walk away from here encouraged, empowered, engaged, energized, but also more safe and secure. That if I don't help you with the safety and security, I didn't do my whole job here. So, a couple of things I want you to think about before we go into Q&A is you already know the questions to ask.

Many of you, I'm looking in around the room, you have gone through other technology transformations before. Those questions that you asked last time, they still apply now. So, you still have to have a vision.

You still have to think about your governance and guardrails. And I have a sample of something that you can feel free to use if you're not sure where to start. You also need grit to get through this.

Um, so everything's not going to be a a successful moonshot that you try to do. The other thing I want to mention to you is a lot of firms that I'm talking to are saying, "I don't have AI talent in house. I'm behind.

Therefore, I'm outsourcing. Therefore, I'm offshoring. Everybody is in the same place for the most part as you.

" And the studies are starting to show if you spend the time to upskill and retrain your own employees in the long run, you're going to be better off. So 75% of firms that focused on in-house talent. So maybe they brought in some outside experts to help them get things up off the ground and running, but they also train their in-house talent and now they are outperforming their competitors.

There's another statistic on the next slide that 80% of firms with in-house expertise are actually beginning to innovate faster than those who are solely outsourced or offshored. So, what I want to show you here um because a lot of people say to me, well, what framework should I use for safety, security, and ethics? And what I'd say is there's about 20 emerging frameworks globally and you're not really going to go wrong if you standardize on one of them.

And what I did was I just did this simple chart to show you if you look at the control areas, the same control areas. If you focus, for example, on governance and policy or risk assessment and management, you're going to see that's going to play into these other frameworks. So oftentimes focusing on one control area will actually help you address five different frameworks.

This is uh going to be in your takeaway packet as well. Looking across those 20 different governance frameworks, I like to think about things in five steps. I think this is the easiest way to talk to your board or your executive team about AI governance and get their buy in.

So, we already talked about how to collect a human user story. I gave you my White House happy meal example. Establishing your safe AI team.

It's great if you have AI resources. These do not have to be technology people. They have to be people who are always asking questions about who do we serve?

Why do we serve them? How do we take care of their data? Those are the main questions that have to be asked.

You want that pilot test and learn with permission to fail. Fail small, fail fast. And then I say um don't trust and always verify, verify, verify.

And again, you want to make sure you've got the right guard rails around these pilots and implementations. I don't know um if I have any Fer Ferris Buer fans, um movie fans in the room, but if I do, you will know this picture. So, you've got a Ferrari with guardrails and then AI without guard rails ends up looking like this.

If you haven't seen the movie, highly recommend. And uh before we get into the Q&A, just a few more things about what you can do. If you can only do one thing, design around deep fakes right now.

[snorts] It's there's a lot of great emerging technology that will help you in the moment actually identify you dealing with a deep fake, but the technology is expensive. It's hard to implement. It's hard to implement into your workflow.

It's going to get better. So, there's a couple of things you can do, by the way. So, we we literally have been uh we're growing my team.

I've got 30 people that work for my company. We're growing the team and we were interviewing somebody and we always asked for references. So, we're a cyber security company and we do protective intelligence.

The reference literally was a deep fake avatar. I I don't know if they were just punking us. I I don't know if they didn't really pay attention to what we do, but so one of the things that you can do a lot of times if we don't really know you and we don't have a way to like authenticate you and validate you, we will say at the beginning of the meeting, hey, could you do me a favor?

Can you write uh your mood in the form of a smiley face or a frowny face or can you do me a favor and write down your favorite number or can you do a whatever? And people think it's really weird, but they write it down and at some point during the interview, we'll say, "Hey, do you do me a favor? I'll hold it up right up to the camera because a lot of times with synthetic identities and deep fakes, it it like glitches.

So, there's different things that you can do that don't cost a ton of money to think about this. The other thing is in your personal life and your work life, you need this passphrase. We have a client that we move to having a passphrase for money movement.

They went to and did a charity event. Big media splash around a ribbon cutting for the charity event. CFO gets a call that day.

CEO's number is calling him. It is his voice. Their protocol is to record the conversation.

If you're going to ask for money movement, he's like, "Great event, even comments on the weather, etc. , etc. " Says, "I'm going to be texting you the wire instructions.

" And the CFO, they had just gone through the training of having a deep fake passphrase that's not easily guessed. So, they have a passphrase. And what we said to them is, you know, in the moment you're probably going to forget what the passphrase is.

So most importantly is if you forget it, just ask them a question only the two of you would know. So the CFO says, Teresa, honestly, I could not remember the passphrase from training. And I'm thinking, this is bad.

We literally just got trained on this. So he says, "Hey boss, before I ask you for the passphrase, last week I was in your office. You held up a book and said I need to read it.

I forgot to write it down. What is it? " And the line went dead.

So the CFO calls the CEO back on his number and he says, "Did you just hang up on me? " And he goes, "No, I didn't call you. " And he says, 'No, you did call me and I have the recording.

He plays it back for the CEO goes, "That's me, but that is not me. " So this really, really works and it costs you nothing other than doing the training. You also want to have it in your personal life because chances are somebody elderly in your family or a child in your family is going to get a deep fake voice clone call saying somebody's in a Mexican jail or they're in the hospital or they've done something wrong and you have to send money.

And so this passphrase for now really works. So with that, I want to invite Nadine um up on stage. You will also have my predictions for 2026 on Black Friday in the United States.

The Friday after Thanksgiving, I will be doing the 2027 predictions. So, you'll see all of those are in the packet. And Nadine, what kind of questions do we have?

Thank you so much, Theresa, a round of applause, please. [applause] Lots of questions. And if you do still have one, just head to the session keynote, leading digital transformation with security at the forefront if you want to throw one into the mix.

I actually wanted to ask my own if I could to start one off. When you're talking about the CFO who can't remember the past phrase and the White House workers who don't want to report their phone missing for 24 hours at its core, is our biggest risk still the humans? See, I I actually think it's funny you say that because I actually think because we don't design enough for the human in mind, we blame them, but it's actually really tech and security and operations, it's really our fault.

It's a it's a faulty design. So, we have to constantly go back to the user and say, >> "How can I do better? How can I do more for you?

How can I make this easier for you? " Because without you as the user, there's no point in having us. And so I actually see it as a different problem to solve for, which is when people don't report something missing or they forget the past phrase.

Maybe the training was too long or but we gave him a safety net because we said if you can't remember just come up with something that only the two of you would know and he did in the moment. >> So we need to be giving them the safety net so that when the initial instruction isn't followed, they've got something to fall back on. >> Yes.

Latency, I think, isn't it in the system? >> Yes. >> All right.

So some great questions. Um what oh where to start um in AI adoption specifically in the government sector what is your advice around AI governance yeah so in the government sector and by the way I'll make a commitment to everybody here Nadine if we don't get through all the questions give them to me I will answer them all on LinkedIn >> fantastic >> and I'll tag the event and so I'll answer all of them all of them so keep the questions coming in um but for government what I would say is uh obviously ly some of the most successful pilots right now are around customer service. So, is there a way for you to make things more self-service?

So, think back in the old days when you used to have to talk to a human being to do password reset and now you can do it yourself. Is there something that you can do that's safe and secure that's not going to be like personally identifiable information but just give people like the hours that you're going to be open for example? And could they do it in a voice activated way while they're dropping the kids off at school?

So I think there's some ways that government can implement things in pilot mode that make you much more approachable and accessible that won't cost you a lot of money. Um given the increasing sophistication that you talked about because I mean not just the sports guy but you know the phone call where it sounds just like them. How do you go from um h sorry the the tech is giving me grief.

How about that? Um how do you go from just the defensive strategies to actually being proactive and ahead of the game? Yeah.

Well, for starters, you're here today. Um so, you're going to learn from a lot of people on the floor. you're going to learn from each other and you're going to be able to anticipate where things are headed next with crime and with fraud and be able to design for that.

And a lot of times it doesn't really require spending money. It's just if you know where they're headed next, then you can design for it now. Um, and what I'll say is like the in the packet that you'll have of predictions, I actually talk about where crime and fraud will go and what you can do today to get ready for that.

And it often doesn't cost anything. It's just unmasking the criminal mindset. Um, what is your one top tip?

And I know I keep coming back to people, but everyone thinks it's the IT department's problem. How do you get people to assume responsibility that it's everyone's problem, it's mine, it's yours, it's the person next to you. >> I think, you know, having a culture that encourages like self-reporting of oops, I clicked on a link.

So instead of saying, "Well, that means you're going to go through horrible training again and you're going to be on a list and your manager is going to talk to you. " I don't I don't love that style. What I love instead is something like, "Hey, we're going to do training.

" And when people click on a link, um, that's one thing. But for the team that 100% of them don't, then they get a pizza party. So I I like again sort of changing the motivations and making it more of like this is why we're all in this together, but also creating you need to foster a relationship between technology, security, and operations and all of the users where people feel very comfortable saying I messed up.

I made a mistake. I saw a thing. I did a thing.

I didn't realize it. And not be embarrassed or think it's going to go, you know, on their permanent record to be a problem. if you were going to set up new standards for AI use in an organization, what would be your top priority?

So, I I would um as an organization, the first thing I would ask is how will we protect our intellectual property? The second thing I would ask is if we have employee data in here or customer data in here, what is our duty of care and responsibility to understand whether or not it's going to stay within protected garden walls or by accident be exposed and become publicly available. The third question I would ask and this is very important of the vendors that you're using whether it's small language models, large language models, the AI platform itself.

Do you have a transparency mechanism where I can look inside the black box and see how it works? Because you cannot govern something if you don't understand how it works and and there is a lot a lot of vendors are creating more transparency around the how the blackbox works. So you can say for example please do this in Socratic method and show me your work.

You can actually see the AI where it's going, how it's researching things, how it's reasoning and and all of that and you can actually record that and go back and look at it and audit it. So those would be the main questions that I would ask part of a framework. Are there risks that if the organization's not moving fast enough into providing AI tools that the workforce provides their own and they've got their personal login to chat GPT and whatever else that must create a security risk.

It is. And what I would what I'd say a a really wonderful best practice that I saw at a global healthcare organization is they say to people if you have a tool you use in your personal life, please send it to us and uh we will vet all of these tools and if we feel like we don't think it's secure enough to use here on our patient data on our intellectual property, we will provide you with an alternative. And then they actually have contests.

So people who who submit the best ideas, the best tools that hadn't been thought of or were on the list to get to, they actually win prizes and awards and recognition for advancing the technology of this healthcare organization. And so that's a way to to like pull everybody in and say, "Hey, I love this tool that I'm using in my personal life. Can I use it at work?

" And then you explain to them, "No, but you could use a tool that's almost like it. " And by the way, we're going to have employee subscriptions so you can use it at work and at home. So that's a really good way to sort of pull everybody in.

>> It does seem very much like you need to not be wrapping them over the knuckles too quickly or they're not going to want to tell you. Um, this is a question I like. What should I read and who should I follow to keep up to date?

Oh gosh. Well, um, so there is a report called, uh, AI 2027 and it's a simulation. So it's like choose your own adventure.

I highly recommend you need to carve out some time to read it. Um that is definitely worth your time. Uh I would say a lot of the speakers that you have on the agenda are people that I personally follow and learn a lot from.

I do have in the takeaway packet there's an AI glossery that goes through like all the different AI tools by different use cases. And so that glossery may be something that you would find helpful. Hope that you'll reach out to me on LinkedIn and and follow me as well.

But um and again, make sure you're networking here at Spark because you'd be surprised at how much incredible innovation is going on right here in New Zealand.