 We're here with Elizabeth Green, who's the EMEA advisory and cyber lead for Dell Technologies. Liz, welcome to the program, good to see you. Yeah, great to see you Dave, happy to be here. Super, so listen, why don't you give us a quick overview of your role, what your responsibilities are, really interesting sort of European advisory and cyber leader that's an interesting title. Tell us about your operation and your role. Absolutely, so Dave, it's really good to be here. I'm Liz Green, European advisory cyber leader at Dell Technologies, American living in London, been here for about six years, really enjoying it. I spend my time helping organizations, some of our largest clients at Dell, think about ways that they could look to respond and recover in the event of what regulators are calling severe but plausible catastrophic cyber attacks. Now, I don't do this alone, I work with a wide ecosystem and we'll talk a little bit more about that I'm sure. Cyber security is not something that our clients really want to solve with one particular partner or vendor, they really want an ecosystem end-to-end approach. So I work with different partners in the consulting space, work with the public cloud providers, work with the regulators, some of the industry bodies as well on how we best solve for some of these new challenges and really build a resilient business for our clients. So really enjoy what I do. You know, the phrase severe but plausible strikes me as rather interesting. When I think about certain climate disasters like the California fires, I was speaking to a firefighter recently and the individual said that, you know, these things used to happen once every 10 years and now we have a once every 10 year event every year. And it seems like there's a similar trend happening in cyber. I wonder if we could first start by talking about some of the challenges and trends that you're observing broadly and then we can maybe go into some of the European differences, but let's start there. Yeah, absolutely. So there's trends that happen in cyber all the time, but I think there's some really consistent challenges that our clients are continuing to see. So unfortunately ransomware is not going away. We're seeing that continue to be a challenge and issue for our clients. You know, not only do we pay it even though I think there is general consensus, no, but how do we recover despite, you know, paying or not paying? What are we gonna do to resume business, maintain key services? I think we're also seeing that there's, you know, now state actors that aren't asking for money. So that poses the need and the question of how do you recover? Assuming there's no kind of financial way out. Another trend is AI, super exciting. I know we're gonna get into that a little bit later, but both opportunities and challenges around, you know, AI I think what we're seeing around the challenges side is that a lot of these nation state actors or, you know, ransomware gangs are being able to use AI to be smarter, better automate some of their capabilities or even just write an email in a more effective way. There might have been typos in the past, but with AI, you might be able to get a real linguistic advantage if you're writing as a state actor from a different country in English. Your email might be a bit more clear with AI. So all of those things are really challenging. And then the last kind of negative before I moved to a positive IoT. So we're seeing more and more connected devices. I'm looking around my office. I think I see three and I'm by no means investing at scale. Like I'm sure other consumers are. So I think that is just complicating the threat landscape. We're seeing it be a lot more of an expansive attack surface. And that just means we need to protect it better. On the positive, a few trends I wanna leave you with there. We're seeing a lot more collaboration. I think in the past, people used to look to solve cyber risk and security alone, with their team, with their leaders. Now we're seeing this industry wide collaboration, people talking to competitors regularly. How are you solving for this challenge? What are you investing in? How are you looking at this kind of risk? And even industry competitors and vendors working together. I mean, increasingly I'm working with my, with some of Dallas competitors to solve these problems. And I think that's a really positive thing. And as a result, I think we are getting much better at defending, much better at looking at how we respond to new cyber adversaries. It was a nice balance Liz, the yin and yang of cyber. And, but it's very true. I mean, the quality of the phishing emails is gone way up. So we have to be, you know, super vigilant. Don't click on those links unless you really, really trust them. And I'm glad to hear about the collaboration because for so many years in cyber, there were sort of efforts to save. I have proprietary data. I'm going to kind of keep it to myself, but the good guys have to collaborate. As you well know, Europe has led in a lot of initiatives around privacy and, you know, particularly GDPR is one of the most famous. And it led to things like the, the CCPA, which was largely patterned after GDPR. And then of course, you know, the recent open AI, Bruhaha and governance, you know, concerns, I don't know how that's seeped into the European community. I know many, you know, CIOs here are very much concerned about it, but I'm curious if there are any noteworthy differences in how European organizations are going after cybersecurity and protection versus your experience for the world at large, particularly the US, are their regulatory, organizational, I mean, compliance certainly is more difficult. What's your point of view on all this? Yeah, I mean, that could be a whole topic, Dave. So I'll try and be brief. I think there are kind of three ways I look at it. There are differences in scope, there are differences in enforcement, and then there are differences in whether it's voluntary or mandatory. I think we can talk a little bit about scope. I think, you know, in terms of Europe and the UK, we have GDPR. So privacy, you know, has always been key and really we've been leaning with privacy regulation for some time. You'll see in the US, you know, states have now adopted privacy regulation and we might even see, you know, a US privacy regulation, but that doesn't exist today. And I think with that foundation of this acknowledgement that consumers' privacy matters, I know we're talking about security and ransomware, but I think, you know, privacy comes into that. And so I think naturally we're seeing Europe and UK leading when it comes to security because to be able to keep someone's data private, you also need to make sure it's secure. So I think the differences in scope with the different US and Europe matters. I think in terms of enforcement, if we kind of move on to enforcement, I think we're seeing that in Europe and the UK, they are really, you know, enforcing these standards quite readily and it kind of leads to more mandatory compliance with those standards in the US, a lot more, you know, voluntary standards. And I think what we are seeing from the US that's been really helpful is sector-wide regulations, financial services in particular, the US has always been really leading. And I think that's been really helpful globally. So if we use sheltered harbor as an example, we found that that kind of body of thinking, which is how do we protect consumers in the event of a catastrophic cyber attack so I can still take money out of my bank account, apply for a loan, you know, that kind of thinking was transformational. I mean, the Bank of England started to adopt it and then suddenly Europe with Dora has kind of taken some of those principles, Hong Kong monetary authority, signup or cert. So I think when the US does speak, people listen and I would like to see more leadership from the US because I think it is this balance of innovation and security. And I think the worry and people from Europe and my clients and say that's about Europe, on the other hand, with these great regulations and insights is potentially stifling innovation. So it's hard. don't envy people coming up these rules. I mean, in the last week, there was a new one that came out in Europe, the Cyber Resilience Act, that's for really more IoT devices and making sure we're protecting them. And, you know, vendors are responsible for them. So I think I really like what I see Europe is also the first with an AI Act. Biden has had a few executive orders, but you know, this is really an act of law. So look, it's, it's interesting, I think we can learn from what's happening globally. And if I were a leader, I wouldn't just be thinking about my country. But you know, what we're seeing collectively and how we might be able to apply that based on my sector, you know, my relationships or obligations to my customers, etc. So I'm curious, Liz, thank you for that. Dell is a product company, right? You sell a lot of products, you embed security into those products, you worry about things like the security supply chain, the software supply chain. But how specifically do you work with with customers? I feel like Dell has a broader responsibility in a $90 billion company, you've got to do more than just build security into your products. So how do you work with customers to help with their overall cybersecurity strategy and building resiliency into their businesses? Absolutely. So I spend most of my time working with clients on resilience. And what that looks like is really first and foremost, helping them identify what their key services are, what they would fail to be a business without. So, you know, in financial services, what are those key outcomes that they need to be able to deliver? You know, what are their obligations to the regulators? You know, in logistics, for example, worked with a logistics company, and we kind of distilled it to what they needed to do was to keep ships moving. So we kind of have this outcome statement. And then we move down into, okay, what do we need in terms of applications, infrastructure, data, you know, all the kind of underpinning architecture to keep ships moving and kind of that mapping work again, our teams would do, oh, you need these 10 applications, these three, you know, critical business services, active directories, DNS, things that really tell you who's in the organization, you need all of that to run that service. So we kind of map that and we say, how is it being protected today? And how can we enhance what you already have? So how can we make sure that those data sets are secure in the event that someone gets into the production network, in the event that there's ransomware, in the event that there's exposure at the edge, you know, how do we make sure those services are protected? And then one of the kind of key areas I spent a lot of time is building cyber recovery programs. So, you know, that at an infrastructure level is really data vaults, making sure we isolate key services off the network, so that in the event of a catastrophic attack, you can recover those key services and we know exactly what we're going to do for a second and third. We really think through this scenario, so we're not just doing it on the fly in the event of a catastrophic attack, we know exactly what we need to do. So, you know, it's really programs, it's projects and again, it's not just Dell here, we're working with the leading advisory consulting firms that will do the business strategy, the op model, we're working with the public cloud providers, you know, we're working with the network providers as well. So this is a holistic strategy, but really helpful, exciting to be able to be a part of this for our clients. Yeah, very much a holistic strategy. Thank you for for laying that out. And you know, there's seen I think there's a distinction to see if you agree between, you know, cybersecurity and cyber resiliency with a ladder kind of more closely aligned with I can recover from a breach, whereas increasingly the former seems to be about, you know, a crowd strike stop the breach of what's your perspective on balancing the two and and how customers should think about investments in that equation? And where does data protection fit into that conversation? Sure. So just to answer your first question, I think, you know, 10, 15 years ago, most clients were just focused on detection and prevention. So how do we keep the bad actors out? How do we find them when they're in? And that's still very important and should be a key area of business investment and security dollars. But we acknowledge that it actually only takes one person, one bad actor, one link clicked for someone to get in and do something wrong. And so no longer can we just kind of say our our defense is enough we need to have a plan. So again, most my work has been focused on that planning and how do we recover and what does that look like? I think clients still struggle to invest in that space for different reasons. I think, you know, part of it is ego, you know, I've built this great capability to defend against any and any and all threat actors. So I don't really want to think about someone getting into that and being able to dismantle that. I think another is it's just kind of a new space. So I think when people think business continuity, they think kind of disaster recovery, we're talking about something totally different. I mean, it has recovery in the name, but it's really recovery from a cyber event and recovering from a ransomware event is very different from a disaster physical, you know, natural disaster. So I think, you know, part of it is that it's new. And so I think data protection really fit in that second space. And I think clients need to consider how they're protecting data, you know, just because it's in the cloud doesn't mean the cloud is protecting it. And there's really clear, like guidelines around that. But I think a lot of our clients think, Oh, well, someone else is managing it, so they must be protecting it. So I think that's an area that's under invested under investigated as well in our clients feel, you know, they're already doing enough. And I would say, if you're listening to really look at how you're protecting and recovering your data, your key services, because that would be probably an area that's under invested in from my experience. Liz, last question. How'd you get it to cyber? Did you have like a favorite superhero when you're a kid and you sort of envisioned helping to save the world? How'd you get into it? Oh, gosh, I don't know. I kind of stumbled into a career at EMC data storage company. And they had some amazing data protection solutions and kind of got into moving to Europe right when GDPR came out. And there was a lot of buzz around cyber resilience and risk. So I think I was in the right place at the right time. But I also had great mentors that encouraged me to kind of focus on, you know, where the client challenges were where I felt I could make a difference. I think if you're listening and you have no background in cybersecurity, that's a great thing. You should jump into the field. You don't need lots of qualifications. I was a philosophy major at university, so had absolutely no cyber security or, you know, computer science background and, you know, have been able to get into the sector and help clients and of course have some certifications along the way that have helped me even further. But I think it's really translating technical challenges into business challenges. That is what's needed. There's a huge cybersecurity skills gap. So I think we need more and more people to enter the profession with a range of both technical and kind of business communication skills. Yeah, I love it. I love the background and it's not a traditional approach, but really want to thank you for the good work that you're doing and your time that you spent with us in your perspectives today. Thank you. Yeah, thanks, Dave. Great to be here and speak soon. All right, we'll be right back and you're watching that Navigating the Road to Cyber Resiliency, the summit made possible by Dell Technologies. Right back.