Securing the Future: Traditional IT vs. Blockchain in Banking | The Pair Program Ep55

Jan 21, 2025

Securing the Future: Traditional IT vs. Blockchain in Banking | The Pair Program Ep55

In this episode of The Pair Program, hosts Tim Winkler and Mike Gruen explore the future of cybersecurity in financial services with two distinguished experts: Jacques Boschung, CEO of Halborn and Sandip Wadje, Managing Director and Head of Emerging Technology Risks at BNP Paribas. Together, they unpack how blockchain, AI, and emerging technologies are reshaping cybersecurity and risk management in the financial sector.

Key Topics Discussed:

  • The evolution of cybersecurity: From traditional IT to blockchain and AI.
  • The role of quantum computing in reshaping encryption and security protocols.
  • Why “Secure by Design” is a must-have for emerging technologies.
  • Blockchain’s impact on risk management and settlement systems in finance.
  • How AI is transforming threat detection and risk assessments in the banking world.

About Jacques Boschung: Jacques Boschung is the CEO of Halborn, a leader in Web2 and Web3 cybersecurity. Jacques has spent most of his career with prominent IT vendors such as HPE, IBM, and, more recently, Dell Technologies, where he served as SVP for EMEA Alliances and Telecom. Between 2020 and 2022, he was President and General Manager of Inovalon’s Payer business. Additionally, Jacques is a member of the board of Swiss Medical Network, the second-largest healthcare provider in Switzerland, and Chairman of Well Gesundheit AG, the leading medical app in that market.

About Sandip Wadje: Sandip Wadje is Managing Director and Head of Emerging Technology Risks at BNP Paribas. With over 23 years of experience in cybersecurity, IT risk, and compliance, Sandip specializes in Cloud, AI, and Digital Assets. He is recognized for simplifying complex risks, driving transformative change, and influencing Fortune 500 stakeholders to enhance technology and cybersecurity initiatives. Sandip has shaped regulatory guidelines, shared insights with industry forums and regulators, and led global teams. He has established Centers of Excellence and advanced cutting-edge technologies, earning a reputation for managing diverse, high-impact portfolios.

Sign-Up for the Weekly hatchpad Newsletter: https://www.myhatchpad.com/newsletter/

Transcript
Tim Winkler:

Welcome to The Pair Program from hatchpad, the podcast that gives you

2

:

a front row seat to candid conversations

with tech leaders from the startup world.

3

:

I'm your host, Tim Winkler, the

creator of hatchpad, and I'm

4

:

your other host, Mike Gruen.

5

:

Join us each episode as we bring

together two guests to dissect topics

6

:

at the intersection of technology,

startups, and career growth.

7

:

Hello everyone, and welcome

back to The Pair Program.

8

:

I am your host, Tim Winkler,

alongside my co host, Mike Gruen.

9

:

Uh, so Mike, I was recently reading

that, uh, Lego is releasing a set

10

:

that they're calling the Endurance.

11

:

Uh, which is a model that

kind of commemorates the

12

:

Explorer Ernest Shackleton.

13

:

Um, and it's like a 3, 000 plus piece

set, so kind of led me down this path.

14

:

I know that you've done,

you know, a number of Legos

15

:

down, down, uh, your career.

16

:

So what, what's, uh, what's a, like

the largest Lego set that you've

17

:

ever assembled and what was it?

18

:

Mike Gruen: Oh, the largest.

19

:

Oh, that's interesting.

20

:

Ah, it was definitely something

when I was a little kid.

21

:

It was some sort of space station.

22

:

I don't remember.

23

:

Um, I mean, it was the, the blue and red,

like it was the old school space stations.

24

:

It wasn't like, you know,

Star Wars branded stuff.

25

:

So.

26

:

Uh, something along those lines.

27

:

Um, definitely sat with my kids

to do some of the bigger sets.

28

:

But first of all, I have to say

kudos to you for remembering

29

:

to call it Lego and not Legos.

30

:

Uh, so good for you

31

:

Tim Winkler: on

32

:

Mike Gruen: that one.

33

:

Tim Winkler: Yeah, I

can fact check myself.

34

:

Mike Gruen: Um, I do

have a good Lego fact.

35

:

They make more tires than anyone else.

36

:

They're the largest tire

manufacturer in the world.

37

:

That is a fun fact.

38

:

That's pretty

39

:

Tim Winkler: cool.

40

:

That's great.

41

:

What about you guys?

42

:

Jacques, Sandeep, any, any, uh, you

know, memorable Lego sets that you

43

:

built either solo or with your family?

44

:

Jacques Boschung: Yeah, of course.

45

:

I believe a black star of Darth

Vader or something like that.

46

:

It must have been.

47

:

Yeah.

48

:

That's the biggest.

49

:

Tim Winkler: Yeah.

50

:

Yeah.

51

:

That's a big one though.

52

:

I've, I've, I've had a few employees

that, that have assembled that one.

53

:

Um, Sandy, how about you?

54

:

Sandip Wadje: I didn't do much

when I was a kid, but more with

55

:

my nephew these days, and then

his demand kind of keeps going up.

56

:

So it started with like the

small hundred dollars one.

57

:

And the last thing is like,

,:

58

:

I don't know what is the next demand that

is going to come through, but the kind of

59

:

Legos he requests just keeps shooting up.

60

:

Yeah.

61

:

Tim Winkler: Yeah, I had a, I had

a little flashback down memory lane

62

:

on this too, and I had one that was

like this, uh, it was like a medieval

63

:

knight's castle from like the early 90s.

64

:Um, Definitely wasn't:

65

:

It was, yeah, we're talking a couple

of hundreds here, but, uh, it was,

66

:

it was a large one and, uh, yeah,

it was a good, good little, um,

67

:

uh, memories talking about Legos.

68

:

I know that's like one of like the,

the go to toys that we hit on one

69

:

episode, Mike, of, uh, the goat toy.

70

:

Mike Gruen: It's yeah, I mean, I

use mine structurally to, I, uh, I

71

:

there's things that I've built to

like for computers and things to like,

72

:

Tim Winkler: just to

prop up your, your laptop

73

:

Mike Gruen: to prop up.

74

:

I've actually got, uh, in my old

apartment, I was popping up some furniture

75

:

with some Legos, so to keep it from

falling forward, uh, they're pretty

76

:

strong, uh, it's pretty impressive.

77

:

Yeah, anyway,

78

:

Tim Winkler: great, great,

great dual use example.

79

:

Uh, all right, uh, well, let's

fill the listeners in on what

80

:

today's episode is all about.

81

:

So, um, today we are

diving into a topic that.

82

:

Is reshaping the landscape of tech.

83

:

And that is, you know, cybersecurity

specifically within the banking

84

:

sector, uh, and specifically kind of

comparing traditional it environments

85

:

and blockchain and banking.

86

:

Uh, so joining us are two,

uh, distinguished leaders

87

:

within cybersecurity.

88

:

First off, we have Jacques Beauchamp.

89

:

Uh, Jacques is the CEO of Howborn,

a cybersecurity firm specializing in

90

:

blockchain, Jacques brings a wealth

of experience in IT and cybersecurity,

91

:

uh, specifically in protecting digital

transactions in the blockchain space.

92

:

Uh, and then alongside Jacques,

we have Sandeep Wadhyay.

93

:

Uh, Sandeep is the managing

director and global head of emerging

94

:

technology risk at BNP Paribas,

one of the leading banks in Europe.

95

:

Sandeep has over two decades

of specialized experience in

96

:

cybersecurity, operational risk, and

compliance across several verticals.

97

:

Jacques Sandeep, thank you both

for joining us today on the pod.

98

:

Jacques Boschung: Pleasure to be here.

99

:

Thank you.

100

:

Tim Winkler: Thank

101

:

Sandip Wadje: you.

102

:

Tim Winkler: Thank you.

103

:

Excellent.

104

:

All right.

105

:

Now, before we dive in, we do

like to kick things off with a

106

:

fun segment called pair me up.

107

:

Here's where we all go around the room.

108

:

We spit ball a complimentary

pairing of our choice.

109

:

Mike, why don't you lead us off

on, uh, what you got for us today?

110

:

Mike Gruen: Yeah, uh, well,

I'm feeling under the weather

111

:

and I was all clogged up.

112

:

Uh, and so my go to when I'm

stuffed up is to pair that with,

113

:

uh, something really spicy.

114

:

So I had, uh, I looked for the

hottest, uh, salsa we had in the

115

:

house and, uh, scarf some of that

down and help clear out my sinuses.

116

:

So, uh, clogged sinuses and, uh, hot

salsa would be my, my pairing today.

117

:

Tim Winkler: And then hopefully

a box of tissues nearby.

118

:

Mike Gruen: Oh no, we did that earlier.

119

:

I made sure to, you know, we're all good.

120

:

Tim Winkler: Yeah.

121

:

Yeah, I, I hear you, man.

122

:

I just had, um, I, my go to for something

like that is a bowl of pho and just a

123

:

little bit of extra sriracha in there.

124

:

That was Saturday.

125

:

Mike Gruen: Uh, so yeah, Saturday, my

son and I went out for pho and, uh, we

126

:

have a great place right near the house.

127

:

And, uh, yeah, sriracha and

jalapenos and all kinds of

128

:

stuff to make it nice and spicy.

129

:

Okay.

130

:

Tim Winkler: Nice.

131

:

Well, hopefully, uh, hopefully

you're, you're feeling good enough

132

:

to, to get through this episode here.

133

:

We'll, uh, we'll, we'll, we'll

keep checking on you throughout.

134

:

Um, I'm going to go, I'm going

to go with the changing of

135

:

seasons and, um, thermostat wars.

136

:

And, you know, this is something

that, you know, living here in the DC

137

:

area, specifically around this time

of year, we've got these crazy swings

138

:

and temps that could go anywhere

from 65 degrees during the day.

139

:

We'll, Down to 25 degrees at night.

140

:

And so my wife and I are pretty

polar opposites in the sense that

141

:

I tend to run a little bit hot.

142

:

She's always a little bit cold.

143

:

And then, yeah.

144

:

So during these times, like I'll

check our little nest thermostat and.

145

:

You know, it's constantly getting

turned up and down throughout the day.

146

:

And then before we go to sleep at

night, you know, I'll check it and

147

:

make sure it's at a certain temp.

148

:

And then I'll wake up the next morning

and notice that it's magically settled,

149

:

you know, a few degrees higher.

150

:

Um, and this is how we would, you

know, what we would classify as these

151

:

thermostat wars in our household

where it's kind of like undisclosed.

152

:

Like my wife will, won't say like,

Hey, is it, are you cold or warm?

153

:

I turn it up or down,

she'll just go do it.

154

:

And then I'll just go do it.

155

:

And so it's this fun little game

that we, we both play during the.

156

:

changing of the seasons, but it

keeps us keeps us on our toes.

157

:

That's, that's my pairing for today.

158

:

It's going to be the changing of

these seasons and these thermostat

159

:

wars that my wife and I play.

160

:

Um, I'll pass it over to Sandeep.

161

:

Sandeep, how about a quick intro

from yourself and your pairing?

162

:

Sandip Wadje: Thank you.

163

:

Thank you.

164

:

Thank you everyone.

165

:

Uh, again, uh, uh, I'm based in London.

166

:

I've been with BNP Paribas

for seven years now.

167

:

And, uh, in terms of pairing up,

uh, I think, Nothing can ever

168

:

go wrong with a hot spicy curry.

169

:

And that does help being from India.

170

:

And then the fact that I was a little

bit under the weather, but the good

171

:

thing is I'm in Mumbai and I'm having

a nice spicy curry from my mom and

172

:

that has really helped me recover much

faster than the cold weather in London.

173

:

So I'm not complaining.

174

:

Tim Winkler: Yeah, I dig that.

175

:

I love a good hot, spicy curry.

176

:

Uh, yeah, ship some over to

Mike here for, uh, for his

177

:

next, his next, uh, nasal cycle.

178

:

Um, well, it's a pleasure

having you on here, Sandeep.

179

:

Um, Jacques, about yourself,

quick intro and your pairing.

180

:

Jacques Boschung: Yeah, right.

181

:

I am the CEO of Albon.

182

:

I started just four months ago.

183

:

Before that, I was, as you mentioned,

CEO of another classical cyber

184

:

security, and I spent 14 years.

185

:

At Dell Technologies, and I am an

educated nuclear physicist, which is

186

:

maybe those days getting popular again.

187

:

Um, now speaking about pairing, I

don't know if you know that guys,

188

:

you should, this year is the 50

years of something really well

189

:

established in the nerd culture.

190

:

What is it?

191

:

You know, this year, that's anniversary,

192

:

Mike Gruen: 50 years.

193

:

I mean, I just turned 50, but I don't

think that's what you're talking about.

194

:

Jacques Boschung: If I tell you

D& D, does that ring a bell?

195

:

Dungeons and Dragons?

196

:

Dragons, 50 years.

197

:

Yes, really.

198

:

So, uh, my pairing, which is

very well suited to blockchain is

199

:

from nerd culture to pop culture.

200

:

This is what happened by the way with DND.

201

:

It was nerd thing back in the days.

202

:

Now it's pop thing because you know what,

uh, Game of Thrones, all those things are

203

:

deeply inspired by this, uh, by this game.

204

:

And, uh, the same is

happening with the blockchain.

205

::

in financial services, a pop culture,

206

:

but Sandy will speak more about that.

207

:

So that's my pairing guys.

208

:

I like it.

209

:

Love it.

210

:

Love it.

211

:

Tim Winkler: Yeah.

212

:

That's, that's a great, uh, comparison.

213

:

And.

214

:

Honestly, so, you know, doing a lot of

tech recruiting, we've, we've recruited

215

:

a lot of folks out of little dungeon

and dragon, like micro communities

216

:

around here when we were doing more

local, local recruiting, some of our,

217

:

our employees were, you know, parts of

these big dungeon and dragon networks.

218

:

And they've hired engineers

from these communities.

219

:

So it's certainly, uh, yeah,

it's gone from nerdy to cool.

220

:

I agree with you.

221

:

Jacques Boschung: Awesome.

222

:

Tim Winkler: All

223

:

Jacques Boschung: right.

224

:

Well, that's a it's becoming cool.

225

:

Is it a problem?

226

:

You know, some, somebody will ask me

the question, can it be still trendy,

227

:

but another, another conversation.

228

:

Tim Winkler: Yeah.

229

:

Yeah.

230

:

We'll have to revisit

this in like 50 years.

231

:

Um, Awesome.

232

:

All right.

233

:

Well, appreciate the intros.

234

:

The pairings were awesome.

235

:

Let's go ahead and shift gears into

the heart of today's discussion.

236

:

So, as I mentioned, we are

talking about cybersecurity and

237

:

the banking sector and comparing

traditional IT versus blockchain.

238

:

So, you know, why does this matter to us?

239

:

Um, I'll go in the highlight, uh, just

a few common scenarios of Your digital

240

:

banking that nearly everyone can relate

to and underscore that critical role

241

:

of cybersecurity in our daily lives.

242

:

So whether it's withdrawing

cash from an ATM.

243

:

To sending a payment to a friend via Venmo

or PayPal, or simply receiving, you know,

244

:

your paycheck through direct deposit.

245

:

And these are all digital transactions

that require robust cybersecurity measures

246

:

to protect us against fraud and theft.

247

:

And, you know, we, we continue to hear

more and more of these, of these days,

248

:

like of these stories that pop up of.

249

:

You know, some hackers pulling

off a bank heist from their couch.

250

:

Uh, I, I can specifically recall

during the pandemic, this huge spike

251

:

in phishing scams where, you know,

cyber criminals would try to swipe

252

:

cash and by personally, um, sending

personal or asking for personal

253

:

info by pretending to be our banks.

254

:

Uh, and so I, I, I just, you know,

I, it's a scary world out there.

255

:

It continues to get scarier.

256

:

The more that tech modernizes, uh, and

it's continued efforts from professionals

257

:

like our guests, Jacques and Sandeep

kind of keep our digital transactions

258

:

safe from these external threats.

259

:

So, um, I I'm excited to

have this conversation.

260

:

I'm excited to continue to build

awareness on this, even if this.

261

:

Podcast is one small source of

information to get more intel out there.

262

:

I think it's super important.

263

:

So the way that I kind of see this

conversation flowing is to first have our

264

:

guest paint the picture of the current

landscape in both of these environments.

265

:

We'll discuss some of the challenges

and the innovations in cybersecurity.

266

:

And then we'll wrap with some

insights on what the future of digital

267

:

banking and security might look like.

268

:

Um, let's start with you Sandeep, uh,

you know, with, with your perspective,

269

:

you know, what, what are the primary

kind of cybersecurity challenges that

270

:

are facing the traditional banking

systems today, uh, and then we can jump

271

:

over to you Jacques for an overview

more on the, on the blockchain side.

272

:

Sandip Wadje: Sure.

273

:

Absolutely.

274

:

Um, I think, um, from a

traditional banking perspective.

275

:

If you look at the challenges, obviously,

I think the number 1 has been more

276

:

around business disruption as a result of

ransomware attacks, even if not directly

277

:

on financial services institutions on our

supply chain and the impact of the supply

278

:

chain disruption on the bank as a whole.

279

:

So, I think 1 is definitely

in terms of traditional or the

280

:

legacy it in financial services.

281

:

There has been a lot of focus

on ransomware campaigns.

282

:

There's a lot of focus on.

283

:

Geopolitical disruptions, uh, particularly

cyber attacks as a result of geopolitics,

284

:

which is again is a focus of attention.

285

:

And then generally, I would say phishing

campaigns or cyber enabled fraud,

286

:

which is again a big attention point

for large financial institutions.

287

:

So, so what has happened

over a period of time is.

288

:

You, you have had essentially.

289

:

Uh, an ID, which is kind of almost like

trying to catch up with the evolution

290

:

on the cloud journey and, and, and, and

different ways of doing digital working.

291

:

Uh, so, so, and then that has kind

of exposed some fault lines, uh, in

292

:

terms of, uh, different vulnerabilities

that attackers try to exploit.

293

:

Uh, whether then it is end user

computing, whether then it is

294

:

essentially the infrastructure you

have to deliver services to clients.

295

:

And then it has been a bit of a

uphill battle because, uh, the

296

:

way we landed in this traditional

IT journey is the technology is

297

:

kind of, you know, scaling it up.

298

:

And at the same time, we are trying to

build security around it, not into it.

299

:

So what has happened is.

300

:

Uh, you, you, you almost like had

a situation, uh, where, where you

301

:

started to build security around

the technology, which was inherently

302

:

vulnerable from day one, because if

you look at the history of internet,

303

:

internet was not designed to be secure.

304

:

It was designed to be collaborative.

305

:

That's, that's where they

started first saying, you know

306

:

what, we should open everything.

307

:

We should talk to each other, uh, but let

us talk about security a little bit later.

308

:

Uh, and that's, that's what, what,

what we have in all this it journey,

309

:

uh, where, where, where, where we are

building on top of, uh, uh, legacy it,

310

:

which has been inherently vulnerable.

311

:

And that has been like quite a

challenging journey, I would say.

312

:

Mike Gruen: I think the best example

of that is like email, right?

313

:

Like this idea of like, why

would anybody spoof an email?

314

:

Why would anybody send an email

from someone who they don't predict?

315

:

Like that's the 60s, 70s, when email

from academia and now like, right.

316

:

There's a lot trying to retrofit to make

it so that, you know, this email came

317

:

from who it's supposed to come from and.

318

:

And the rest of it, I think it's

kind of the, the, the history of the

319

:

internet and how we got, you know,

it's a, yeah, it started in academia

320

:

and in research and collaboration.

321

:

Why would you need this

stuff to be secure?

322

:

It's a, it's an interesting evolution.

323

:

Tim Winkler: Yeah.

324

:

And we'll expand on

that a little bit more.

325

:

They

326

:

Sandip Wadje: built it, actually.

327

:

It was a very trusted vehicle, right?

328

:

They never, they never thought that

the community is going to be so big.

329

:

Right when, when they started building,

you know, uh, the, the, the, the original

330

:

network , they never thought that in

20 years time, like 1 billion people

331

:

or a couple of millions of people would

be connected to internet every day.

332

:

Right.

333

:

So, so that, that throws like

an interesting challenge.

334

:

Yeah.

335

:

Tim Winkler: Yeah, and I don't think

anybody thought digital currencies

336

:

was going to be a thing at any point

back then either and here and here we

337

:

are, and this is a good, good segue.

338

:

I want to, I want to expand on some of

that stuff, Sandeep, uh, but first, you

339

:

know, and kind of keeping with tradition

of catching the other perspective

340

:

real quick here, uh, Jacques, let's,

let's just real quick get, uh, your,

341

:

your viewpoint on how, you know,

blockchain technology is evolving with

342

:

the financial services sector and why

cyber is critical with this evolution.

343

:

Jacques Boschung: Right, right.

344

:

So real quick, I believe we have

to look back because for me, I have

345

:

been in it for 20 years plus big

difference of financial services.

346

:

With any other industry, now it's

converging, but the big difference

347

:

is that IT has always been the

factory in financial services.

348

:

Without IT, there is no bank, and that

has been like that for many years.

349

:

In fact, the first digital transformation

of banking happened in the 70s, 80s,

350

:

and 90s, where they got rid of paper and

went into centralized ledger technology.

351

:

And then at the beginning of this

century,:

352

:

digital transformation, which did not

really impact the business processes.

353

:

That was adoption of e banking,

was adoption of private cloud.

354

:

That was really a huge simplification of

the basic infrastructure of IT in banking.

355

:

And now what we believe at Albon, and

what I believe is that we are reaching

356

:

the third digital transformation.

357

:

Which is a blockchain

adoption for three things.

358

:

You mentioned it just now.

359

:

You said, okay, digital currency.

360

:

That's one thing.

361

:

So CBDC for central banks.

362

:

Second thing, insurance of security.

363

:

And third thing, which is really

big in terms of efficiency

364

:

in the system, settlement and

clearing happening on chain.

365

:

Which will reduce the lead

time and mitigate the risk.

366

:

I know Sandeep, risk is a big

thing in your, on your plate.

367

:

So this is what is happening now.

368

:

But when you speak about all that

in that new digital transformation,

369

:

security is everything.

370

:

Because unlike in the classical

perimeter, where between detection and

371

:

response, you have a little bit of time.

372

:

Till ransomware is fully established

with the first indices of compromise.

373

:

You can have several hours, sometimes

a day, depending on the industry.

374

:

Whereas on chain, if something is

375

:

happening, your cash is gone.

376

:

So we have a real hold up type of

robbery situation, which is really unique

377

:

to that new digital transformation.

378

:

And that requires a decentralized

system, a totally new way of thinking.

379

:

Yeah,

380

:

Tim Winkler: I, I've got a lot of

questions to build on that, uh, as

381

:

well, just in terms of, you know, things

like smart contract audits and some

382

:

of the things that Halborn's is doing.

383

:

If maybe you just take, take lead on that

right now and talk through some of those

384

:

strategies that you all are taking on

and this is a good, good segue into, you

385

:

know, what Halborn specifically is doing.

386

:

Jacques Boschung: Right, right.

387

:

So, uh, as, as you mentioned in

the beginning, Halborn, we are.

388

:

We are solely focused on financial

services and web3 and on cyber security

389

:

for those kind of institutions.

390

:

So our customers are

decentralized finance.

391

:

But more and more tried five

because of the adoption, we

392

:

were just mentioning before.

393

:

And indeed, we do plenty of those things.

394

:

Mark contract audit is our bread and

butter, really our daily bread and butter

395

:

because more and more on the tail end.

396

:

You have the ability to create

an environment that enable those

397

:

fast transaction, enable this,

uh, uh, equity issuance on chain.

398

:

So it's really creating a new attack

surface like no, nowhere before.

399

:

And it's really creating a

stress factor also for the

400

:

traditional banking institution

when they move into that space.

401

:

So we do those smart contract audit.

402

:

We do design of architecture, we call

that secure by design, which combine both

403

:

the web tool, and we can speak about that

after, so the traditional perimeters, and

404

:

the blockchain aspect of things, because

you always have a combination of it.

405

:

The smart, for instance, uh,

crypto wallet, It's more a web

406

:

to thing than a non chain thing.

407

:

So anyway, and you have API and

API are like cloud pen testing.

408

:

You need to pen test those things.

409

:

So that's web to infrastructure.

410

:

So we, we do that combination of things.

411

:

We focus a lot on trying to bring our

customers to make the secure by design.

412

:

I think Sandeep mentioned that before.

413

:

Okay, we, we just added layer of

security on an infrastructure.

414

:

How do we think secure by design on chain

as well, and in a complex combination

415

:

of on chain and off chain systems?

416

:

And this is where we, we set our focus.

417

:

Tim Winkler: The Secure by Design was

actually on my shortlist to kind of talk

418

:

with you, Sandeep, on I don't know, it's,

I mean, it's obviously, it's relevant.

419

:

Um, uh, Sandeep, can you, can you kind

of quickly tally on this in terms of

420

:

how, you know, traditional banks adapting

their security strategies in response

421

:

to the evolving digital landscape, like

technologies like AI and blockchain?

422

:

Sandip Wadje: Sure, sure.

423

:

So, so I think

424

:

If, if you look at, uh,

blockchain as an example.

425

:

And I've done a lot of conversations

on emerging technologies in general,

426

:

blockchain and AI together in terms of

how it's going to change the trajectory

427

:

for financial institutions globally.

428

:

Um, uh, and if you look at blockchain,

I think the one thing that you

429

:

need to understand in blockchain

is it requires two parties to play.

430

:

One party cannot play because can I

run a blockchain in my data center?

431

:

Not really.

432

:

It has to be somewhere where more than

two parties can come and then validate

433

:

the transactions, operate the nodes and

run that distributed ledger blockchain.

434

:

What that means then is it

technically it is collaboration

435

:

outside the boundaries of my network.

436

:

And, and if you see all blockchains

projects globally, you will see that

437

:

they're outside the organizational

boundaries of a financial institution.

438

:

Maybe in AWS, maybe in Microsoft, maybe

in Google, but not in their data center.

439

:

So that changes rules of the game

because now you have a technology that

440

:

is forcing you go outside your perimeter.

441

:

And the moment you go outside

your perimeter, the rules of

442

:

the games are different because

it's a different environment,

443

:

different technology and layers.

444

:

That's part one.

445

:

Part two, if you take like artificial

intelligence as an example, And take a

446

:

step back and ask yourself, generally

speaking, right from politicians to

447

:

bankers to CEOs of large corporations, how

do they take their day to day decisions?

448

:

They take their decisions based

on open source intelligence.

449

:

It's surprising, but it's true.

450

:

It's based on what they see on social

media, what they read on financial

451

:

times, what they see in market data

in terms of Bloomberg or LexisNexis.

452

:

It's a fairly open data.

453

:

Where is the data coming from?

454

:

The data is coming from open sources.

455

:

So now you have the dependency

on artificial intelligence to

456

:

tap into various data sources.

457

:

In terms of various decision making,

which means again, from a collaboration

458

:

perspective, you're tapping into

outside data sources, you're connected

459

:

to different providers, you're

connected to different types of

460

:

data sources to make your AI better.

461

:

And then that changes the

security landscape and the

462

:

security around it, which means.

463

:

You're dealing with multiple parties

with an access to your infrastructure.

464

:

You're looking at components you

have never had before, particularly

465

:

in the case of blockchain.

466

:

You have the blockchain itself can be

Ethereum, can be hyperledger, uh, the

467

:

security of that blockchain, but then

there is underlying infrastructure.

468

:

You're running nodes.

469

:

The nodes need to be managed.

470

:

So you really need to look into all

this, all the different, I would

471

:

say artifacts associated with the

technology and how that would be secure.

472

:

But And coming to a realization that

one party doesn't control the security

473

:

because it's a shared environment.

474

:

So then you really need to look

into the risks associated with

475

:

shared environment as well.

476

:

So I think blockchain is essentially kind

of forcing organizations to relook more.

477

:

So what does their multicloud

journey means to them?

478

:

Because this is a multicloud journey.

479

:

This is a dependency on other parties

in conducting business and how you

480

:

go about conducting that business.

481

:

With like shared acceptance of

the risk as well, because the

482

:

risk will never go down to zero.

483

:

When it's in your infrastructure, you

can try your best to reduce the risk, you

484

:

know, to minimum level, but in a shared

infrastructure, it's very difficult.

485

:

So blockchain brings some new realities,

new technologies, and new components,

486

:

but also in a way, I will need you to

make it much more, more better and more

487

:

scalable in terms of, you know, uh,

running different use cases and, and,

488

:

and, and, and, and, and experiments.

489

:

Tim Winkler: Yeah, I, I wanted to ask

you Jacques, cause I, you know, I'm

490

:

going to, I'm going to assume that a

lot of our listeners, you know, have a

491

:

common sense of, of, of some of these

items that we're talking about, but I

492

:

like to try to simplify some of it as

well, just to, uh, make it a little

493

:

bit easier for, for our listeners to

wrap their head around, can you expand

494

:

a little bit more, um, on the approach

to smart contract audits and, and why

495

:

that's so crucial for blockchain security?

496

:

Jacques Boschung: Right.

497

:

So we were just speaking

about Dungeon and Dragons.

498

:

So I'd like to go back to the

gospel again, but another gospel.

499

:So, you know, in:

famous white paper of Satoshi Nakamoto.

500

:

That's an original Bitcoin

white paper, you remember.

501

:

And in that white paper, there was

a diagram comparing the privacy

502

:

model of traditional finance

Versus a non chain finance.

503

:

Okay?

504

:

And if you look at those two diagrams

comparing those two things, I mean,

505

:

the difference is mind blowing and

is somehow, I would say, an executive

506

:

summary of everything we are discussing.

507

:

So in the blockchain world,

okay, you have identities.

508

:

Of the people making the transaction,

which are hidden, but then the

509

:

transaction is totally public.

510

:

Okay.

511

:

In traditional finance, stratified

transaction, identities, transaction,

512

:

third party, so the banks,

counterparty in the transaction

513

:

are all hidden from the public.

514

:

So the Chinese role is

placed totally differently.

515

:

In the decentralized ledger, uh,

technologies that we call a blockchain.

516

:

And, and that's really important because

that makes a hell of a difference.

517

:

So you have access to

all those transactions.

518

:

So you need to keep identity hidden.

519

:

That's why, by the way, millions

of billions of dollars are

520

:

still with Satoshi Nakamoto.

521

:

We know that they are with him, but

we have no clue who this guy is.

522

:

So at least we can say that

he was very consistent.

523

:

With his own diagram in his white paper.

524

:

So that's, that's really setting

everything in the future.

525

:

That's a paradigm that is setting

everything when we speak about blockchain.

526

:

So big banks, so I can, sorry

about that, Sandeep, I need to

527

:

mention another bank that I know.

528

:

They made, they made recently,

UBS has made recently and

529

:

they have published that.

530

:

So it's all public knowledge.

531

:

They have made at scale transaction model.

532

:

Uh, with digital currency

between, uh, customers of their,

533

:

okay, cross border transaction.

534

:

And they have done all that on the serial.

535

:

So on the public chain, that's

one model, but I know another

536

:

very, very large custody.

537

:

Okay.

538

:

Who

539

:

is doing in New York city?

540

:

You will guess whom I'm speaking about

and they are doing a lot of things.

541

:

So they are moving into

permission blockchain, which is.

542

:

Within the perimeters of the bank, having

one blockchain, okay, which enables them

543

:

to have some centralized means to manage,

to orchestrate and manage security.

544

:

So what I'm trying to tell you here

is that the, I would say the outset

545

:

is totally different between classical

perimeter security that Sandeep and

546

:

myself know very well, the blockchain

world, you have different models.

547

:

And the smart contract, I am

not ignoring your question

548

:

about the smart contract audit.

549

:

So smart contract audit is a

big thing because smart contract

550

:

audit sitting on top of a

blockchain enable everything else.

551

:

They enable all those DeFi.

552

:

They enable those automated market maker.

553

:

They enable those decentralized

exchange, all those things that people

554

:

in crypto love and use at scale.

555

:

And, and those guys have all the

benefit and the drawbacks of sitting

556

:

on a public blockchain with exactly,

uh, the conditions I was referring

557

:

to, which are so well described in

the Satoshi Nakamoto's white paper.

558

:

So it's, it's really a total, totally

different paradigm on top of the

559

:

fact that I was mentioning in the

beginning that if you have a breach,

560

:

your money is gone, just like that.

561

:

Again, not the same in the

562

:

Tim Winkler: classical perimeter.

563

:

Yep.

564

:

Mike, did you have anything on that?

565

:

I know that you're

obviously minds in cyber.

566

:

Mike Gruen: Yeah, no, I think

it's, um, it's interesting.

567

:

I think there's nothing specific.

568

:

I mean, um, but when I think about trying

to, you know, thinking about our audience

569

:

and trying to bring it to their level,

are there, like, what are some of the

570

:

things that are Like when we look ahead

and that's really going to have impact on

571

:

say the public and others like how, you

know, we talk about this, but you don't,

572

:

it's just not, I don't feel like everybody

feels it just yet, um, what's happening

573

:

with blockchain and the rest of it.

574

:

And so, yeah, yeah, right.

575

:

Jacques Boschung: You know what I mean?

576

:

But you know, to this point, if I may, I

don't know if you saw the news today, but

577

:

there was a nature, which is a scientific.

578

:

Publications, they really, so Google

released, uh, their new, uh, paper

579

:

about their quantum computing.

580

:And they claim that in:

they will be able to release a

581

:

commercial computer for 1 billion.

582

:

So cheap price, so 10 times

cheaper than what it is today.

583

:

And it will have 1, 000, 000 qubits, okay?

584

:

And guess what?

585

:

It seems that qubits is exactly the

computing capacity you need to break the

586

:

code of the hashing function SHA 256.

587

:

That is used, for instance,

on the Bitcoin protocol.

588

:

Okay, so that's very concrete,

the statement I'm making here.

589

:

So, so even for the blockchain world,

we have to think in the time frame of

590

:

six years about a post quantum security.

591

:

And I know that in the classical perimeter

world, everybody's thinking about that.

592

:

But when, once we can break that code,

okay, it means that you can unfold

593

:

A chain, okay, a Bitcoin or a fork

of Bitcoin, and you can, uh, undo

594

:

all the transactions potentially.

595

:

So, uh, so there are big problems

which are valid for the two

596

:

side, flip side of the coin.

597

:

So the coin, the side which is Web 2

security and the coin Web 3 security.

598

:

For smart contract audit, what we do

is really to, to make code assessment.

599

:

So we assess the code dynamically in the

environment where you deploy the code, but

600

:

we assess it also statically line by line.

601

:

And we more importantly, we

assess the business logic because

602

:

the business logic is the key.

603

:

Because, you know, a smart contract,

it use connection to the outside world,

604

:

and that's what Sandeep was mentioning

before, to trigger some events.

605

:

For instance, to trigger an exchange

of an Ether for a Bitcoin, okay?

606

:

And if you can manipulate, Those

oracles, which are the name of those

607

:

trigger from the outside world on

the chain, you can have devastating

608

:

impact on, uh, I would say, uh, the

integrity of your smart contract.

609

:

So those things we do, we redo those

analyses on the technical level.

610

:

And as well as on the business

level of the smart contract.

611

:

Tim Winkler: Yeah, it's, it seems like

we're going to have to run a follow up

612

:episode in:

is a little bit more readily available.

613

:

And that sounds terrifying.

614

:

I mean, once you have quantum,

you're going to have lots

615

:

Mike Gruen: of problems with, uh, back

splitting encryption and, and going,

616

:

being able to go back in time and,

uh, decrypt a whole bunch of stuff.

617

:

It's almost going back on

time, you know, in time.

618

:

You're right.

619

:

Right.

620

:

Yeah.

621

:

Yeah.

622

:

Right.

623

:

I mean, that's the biggest concern

is that notion of security for the

624

:

future, not just, uh, not just,

um, not just securing transactions

625

:

today, but knowing that they're

going to stay, um, uh, secure years.

626

:

Jacques Boschung: Yeah.

627

:

Sunday is back.

628

:

Mike Gruen: Yep.

629

:

Tim Winkler: Yeah, Sandeep.

630

:

Uh, I got a quick, quick question

for you going back into more of

631

:

the, you know, kind of traditional,

um, IT environment here.

632

:

So, you know, we talked a little

bit about AI machine learning.

633

:

Um, and you know, how, you know,

how is that going to play into the

634

:

future of IT security for banks?

635

:

I'd love to hear your Your thoughts

on this, particularly in areas of like

636

:

risk assessment and threat detection,

you know, what, what are some of these

637

:

strategies that you all are, you know,

taking on at BMP, for example, to kind

638

:

of, to, you know, to combat some of

these areas within these specific areas.

639

:

Parts of security within like

risk assessment, threat detection.

640

:

Sandip Wadje: Sure, sure.

641

:

And then your question is more

specific to risk assessment and threat

642

:

detection on traditional or, or you're

referring to blockchain or this is

643

:

in general question In tradition.

644

:

In traditional.

645

:

In traditional.

646

:

In traditional, yeah.

647

:

Yeah, yeah.

648

:

So I think

649

:

there is a formative, uh, impact

of ai, uh, specifically on how

650

:

we look at, uh, risk assessments

because, uh, if, if, if you look at.

651

:

The job of any cyber or risk, uh, I

would say executive or a practitioner,

652

:

uh, it is essentially understanding how

policy or regulations apply to our job.

653

:

And then based on that, right, a set

of controls and then using those set

654

:

of controls, either rewrite those

controls to make sure that they're

655

:

aligned with policy and regulations.

656

:

Or then use these controls to perform risk

assessment and all of these actually can

657

:

be done by AI seamlessly and it doesn't

involve any personal or confidential data

658

:

because it's all related to ICT systems.

659

:

So, so what we have with AI and

particularly AI for cyber security

660

:

is opportunity to industrialize

risk assessments completely.

661

:

Because risk assessments are ICT

is a system specific, they do

662

:

not contain personal information.

663

:

They do not contain any

confidential information.

664

:

And when I say risk assessments, there can

be different types of risk assessments.

665

:

Can be a third party risk assessments, can

be a merger and acquisition due diligence,

666

:

can be a counterparty assessments.

667

:

So I think AI is going to have a formative

impact on risk assessment in general as

668

:

to how they are conducted and executed.

669

:

And that would also mean, because large.

670

:

Percentage of staff in house also in

consultancy world is actually used

671

:

for these assessments, which, which

would then significantly change in next

672

:

three years or so as to how it is done.

673

:

Uh, and I think threat detection

is a very interesting area.

674

:

Um, and, and the spotlight is changing

very fast because traditionally we

675

:

were looking at, uh, looking at zero

day vulnerabilities, uh, for, for, for

676

:

an example, and now you're looking at.

677

:

How does geopolitical tension change?

678

:

What kind of new

vulnerability is exploited?

679

:

Because then you're looking at

nation state actors having a much

680

:

advanced tools to exploit a zero day

that was not on your radar before.

681

:

So, so geopolitical

tensions come into play.

682

:

The new one, which we, I'm sure it

has been talked about is deepfakes,

683

:

narrative intelligence, and that is

the new thing is the speed at which the

684

:

attackers are able to create synthetic

IDs or fake IDs, and then they use

685

:

it to launch different types of scam.

686

:

Is also becoming an

interesting attack vector.

687

:

So how do you go around detecting these

threads, which is like a brave new world?

688

:

And then specifically, uh, a nation

state in case of a geopolitical

689

:

conflict, the kind of tools they

have as a private corporation, you

690

:

are never going to match that tool

and, you know, the armory in a way.

691

:

So it makes threat detection

very, very interesting topic.

692

:

And, and what, what I've seen

in last one year or so, there

693

:

is more and more, I would say.

694

:

Technologies or startups coming to play

in this space to help large organizations

695

:

cope up with cope up with these, you know,

threat detection capabilities, because

696

:

this is a new kind of attack vector,

which, which has not been tackled before.

697

:

And.

698

:

It has also the supply chain implications,

which has not been very well thought

699

:

through, to be honest, is, uh, what

happens in the case of a geopolitical,

700

:

uh, event, how many of my suppliers are

based in that conflict zone, or how many

701

:

of my suppliers, critical suppliers are

based in that conflict zone, because

702

:

then it is going to have an indirect

impact on us running our operations.

703

:

And if that is not enough.

704

:

A supplier can be my customer as well.

705

:

So then I'm not, I'm not

talking about liquidity risk.

706

:

If I look, if I look at a very large I.

707

:

T.

708

:

services company without taking

name, one of the top 10 I.

709

:

T.

710

:

services companies and all of a

sudden they're at crossroads in

711

:

Asia Pacific in some conflict zone.

712

:

And they are my investment

banking customer.

713

:

So it's now I have a double whammy.

714

:

One, our operations are

going to get impacted.

715

:

Second, I'm dealing with liquidity

risk as a result of, you know, that

716

:

customers or investment in that customer

is getting, you know, written off.

717

:

So I think geopolitical triggers

and the impact on supply chain are

718

:

bringing some really new realities.

719

:

Mike Gruen: I mean, I think the, the

dependency, I think, uh, Jacques was

720

:

talking about earlier too, about how

all these systems now, like everything

721

:

depends on everything, right?

722

:

Like when I started in my world, I, I

had very little third party code that

723

:

would get included in our product.

724

:

We just built everything in

house and whether we're secure

725

:

or not is another thing.

726

:

Um, But, um, as we've gotten bigger,

like we have more and more dependencies.

727

:

And I think that the risk in that,

especially in open source products and

728

:

projects, and think about, um, one of

the areas, you know, vulnerabilities

729

:

and dependencies is one thing.

730

:

And there's lots of stuff out there

to look for the alerts and things to

731

:

manage that, but even the, the, the

people who contribute to those projects,

732

:

and there have been cases of people

taking over open source projects and.

733

:

Bad actors taking over open source

projects and being able to insert things

734

:

in and I think that has like these very

big implications when you start talking

735

:

about how now our financial services are

moving towards things like blockchain,

736

:

like all of these dependencies and

it can all come down to some crappy

737

:

JavaScript library that nobody should

have included and it has this huge,

738

:

it has this potential and rippling

impact throughout the entire world.

739

:

Like ecosystem and, you know, some

type of stuff that I think where AI

740

:

and other things, that's the only

way we're going to be able to deal

741

:

with it at any layer level of scales.

742

:

There's just so much.

743

:

And I'm, I'm just sort of curious what

you're seeing in that space or, um, um,

744

:

if you're seeing, you know, any companies

trying to tackle some of that stuff,

745

:

um, sort of in that vulnerability, uh,

in that dependency management side.

746

:

Either.

747

:

It's for anyone who wants to answer.

748

:

Sorry, it was very long.

749

:

Sandip Wadje: No, I know.

750

:

I completely agree.

751

:

I completely agree that this is like one

of the biggest areas because with AI based

752

:

coding and the dependency on open source

components in releasing your core product.

753

:

Means you really don't know which

nation set actor build that library

754

:

that you are so fond of and that is

now integrated in your mainstream,

755

:

you know, production delivery.

756

:

So, so I've, I've also seen that

as a focus area in terms of hunting

757

:

down, making sure every like, you

know, the, the bill of material and

758

:

making sure that you know where that

particular component is coming from.

759

:

Tim Winkler: Jacques, as far as, um, you

know, some of the things that Sandeep

760

:

touched on in terms of the traditional,

you know, IT security environments, uh,

761

:

are you seeing similar trends, uh, when we

think, you know, carry this over into more

762

:

of the blockchain security environments?

763

:

Or, you know, anything else that

you're, that's on your mind right

764

:

now, when we're looking ahead on what

innovations you're foreseeing playing

765

:

a pivotal role in, in blockchain.

766

:

Jacques Boschung: So because of the

nature of blockchain and because of

767

:

the speed, the ability of the money to

vanish so quickly on the blockchain,

768

:

we don't have all, I would say this

infrastructure of cyber security is

769

:

that classical perimeter which is.

770

:

In many cases articulated around

the security operation center, SOC,

771

:

they are deployed on the server

endpoint, an endpoint protection

772

:

platform, and then they have

what we call a security incident.

773

:

And event management system, which

is correlating and, uh, you know, uh,

774

:

collecting all those logs and creating

out of the logs, which is like a white

775

:

noise creating in understanding patterns.

776

:

Okay.

777

:

And that's where, by the way,

uh, AI is playing more and more a

778

:

big role because next generation

security is CM as we call it.

779

:

are really totally integrated

with, uh, with AI capabilities.

780

:

So, so AI is playing at the

same time the offense and the

781

:

defense, which is, thanks God.

782

:

So it's part of the armor as

well as part of the missile

783

:

trying to penetrate the armor.

784

:

But, Now, what we need to do and

what we are doing in blockchain is to

785

:

think about some of those models in

classical while taking into account

786

:

the very short response time we have.

787

:

So we cannot really do a proper

managed detection and response,

788

:

okay, which is really the big, the

big world in the classical cyber

789

:

defense, classical perimeter.

790

:

But we are, we are coming with

some tools for, for instance.

791

:

So it's something that I'm sure

Sandeep knows very well called CVSS,

792

:

which is Common Vulnerability Scoring

System, okay, to assess a system.

793

:

So at Albon we have developed a BVSS,

Blockchain Vulnerability Scoring

794

:

System, which is also based on exploit.

795

:

easy to exploit and impact what

kind of impact you have, but

796

:

also if you can reverse back

or if you cannot reverse back.

797

:

So we have, we have developed

a system around that.

798

:

We have also developed another

system which goes into what

799

:

I call policy enforcement.

800

:

So in banks, Being able to

enforce your policy across

801

:

your IT system is very crucial.

802

:

So we have, uh, we have developed a

smart contract which sit on top of

803

:

other smart contract in which enable

you to make transaction simulation.

804

:

So you can make, like in the sandbox,

in fact, you can, but on real, on the

805

:

blockchain, on the productive environment,

the main chain, if you, if you wish.

806

:

You can really simulate transaction

and you can also impose, uh, policies.

807

:

So it's a policy enforcement tool.

808

:

And last but not least, it's

a breach prevention tool.

809

:

So it's some level of centralization

and now it becomes interesting.

810

:

It's some level of centralization in

some things that should be, you know,

811

:

a kind of insurgent model, which is a

decentralized ledger, uh, uh, technology.

812

:

So we, we are adding those components.

813

:

To make the blockchain more and

more, I would say, compatible

814

:

with some centralized component

of classical perimeters and more

815

:

importantly, with a heavy regulated

and compliant IT of a bank.

816

:

So those are some of the

key initiatives we take.

817

:

Does that make

818

:

Mike Gruen: sense?

819

:

Yeah, it does.

820

:

Actually, it's funny because the um,

I've filled out my fair share of security

821

:

questionnaires um, from banks and it

is always interesting the questions

822

:

that they ask and how, how it's clear

that these are, these questionnaires

823

:

that are, these assessments are really

built on this traditional model of how

824

:

we've deployed software in the past.

825

:

And I'm sure that there's impacts

in, you know, how we're doing,

826

:

how they're working internally and

all the different changes like.

827

:

What does it mean?

828

:

You know, what's, you know, if you're

running in a serverless architecture,

829

:

what do you, you know, how does, how do

I even answer some of these questions?

830

:

Because they don't make sense.

831

:

Um, you know, I mean, like, they're

just, and I know what they're asking,

832

:

but like, wait, I want to, can I

just get on the phone with someone

833

:

and explain what architecture is?

834

:

And then they'll, they'll say

like, oh, yeah, this whole set of

835

:

questions is irrelevant to you.

836

:

Um, but yeah.

837

:

Um, and it's interesting to see the banks.

838

:

I imagine it's even more of

a struggle internally, right?

839

:

Like, I'm just an external vendor trying

to sell in and I can, you know, and

840

:

I'm just throwing out these things.

841

:

But I imagine internally, there's

a lot more that's going on on those

842

:

assessments and trying to figure out

what does security mean within when

843

:

you're talking about people who are

used to a more traditional model

844

:

and then trying to adopt or, you

845

:

Jacques Boschung: If I may, I have

an anecdote, in fact, in fact, uh,

846

:

Albon developed that centralized, um,

uh, smart contract system to, to make

847

:

this policy enforcement two years ago,

and they tried to sell it to DeFi.

848

:

Decentralized finance.

849

:

No chance, excuse my English, no

F chance to sell that or defy.

850

:

Okay.

851

:

So when I joined, I said,

Oh, look at that thing.

852

:

This is, this is fascinating.

853

:

Some components of centralized

management, again, police enforcement.

854

:

Banks should be interested.

855

:

And banks starting with permissioned

blockchain, for instance.

856

:

And guess what?

857

:

That's exactly the corner which

is showing interest into that.

858

:

So in this kind of a wild west of

distributed nodes and decentralized

859

:

ledger, for banks to bring some kind of

central control, and I'm also curious

860

:

to hear Sandeep on that, by the way,

was all of a sudden, uh, was raising

861

:

some appetite for that and we are having

multiple conversations on that currently.

862

:

Tim Winkler: Sande, we'd love

to hear your thoughts on that.

863

:

Sounds like Jack has a personal request.

864

:

Sandip Wadje: Sure.

865

:

So I, no, I think I, I,

I, I completely agree.

866

:

If, if you, if you look at, for

example, uh, the, the comparisons

867

:

what, what Jack has given, um, and

I can, I can start with like the,

868

:

the layman analogy is.

869

:

In financial services, you have Moody's

and standards and poor's to give

870

:

you a rating of, you know, how good

a financial institution it's then.

871

:

You move a little bit towards cyber

and IT, and then you have bit sites and

872

:

security scorecards who are essentially

trying to do the health and hygiene

873

:

check and tell you, oh, okay, from

a health and hygiene perspective,

874

:

this is what your score looks like.

875

:

And I think that missing piece of

puzzle, which Jack probably has, you

876

:

know, put a spotlight on, is What is

your security rating or maturity rating

877

:

for blockchain adoption looks like?

878

:

And then, and I think, uh, where

Halbon has come up with that

879

:

approach makes a lot of sense.

880

:

Because, uh, uh, even though we may all

agree on the basic health and hygiene,

881

:

unless you create a scale, people

don't know what to match up against.

882

:

So it's very important that someone

goes there and says, this is what the

883

:

health and hygiene indicator scale

looks like me in relative to this scale.

884

:

Where are you?

885

:

So I think it does help.

886

:

And, and it, it helps on the security

side, but it also helps on, uh, you

887

:

know, uh, what again, uh, Jack tried

to focus on is what we call again,

888

:

in terms of our terminology is the

risk metrics coming from blockchain,

889

:

because one of the reasons you're

trying to do a blockchain adoption.

890

:

And if you look at the history

of financial services industry,

891

:

why is blockchain so attractive?

892

:

The blockchain is so attractive because

it gives you the data and metadata by

893

:

means of smart contracts, where you can

do risk analytics much more efficiently.

894

:

And then when I say risk analytics.

895

:

In the distant future, not today, but

three to five years down the line,

896

:

if you have your real world assets

tokenized, your bonds tokenized, your

897

:

mortgages tokenized, imagine able

to do stress testing in one click.

898

:

If you, if you ever try to figure out

how many people are needed in a bank

899

:

to do stress testing and be compliant

with those financial regulations,

900

:

you'll be amazed, you'll be amazed

and the infrastructure required to do

901

:

that because, because you have to have

all these data from disparate sources.

902

:

And then do that liquidity stress

test or against different economic

903

:

scenarios as to, you know, in a

nuclear event, what's going to happen,

904

:

are we going to survive as a bank?

905

:

And now blockchain opens a completely

new door because you know what?

906

:

You don't have to struggle to get the

data from 10 different sources to tell you

907

:

how much liquidity position perspective.

908

:

Blockchain makes it way more easier.

909

:

So I think.

910

:

The, the reason we are in a lot

of excitement about blockchain, we

911

:

need to understand it very clearly.

912

:

One is payments because it removes

intermediaries and it makes so much

913

:

easier to do it securely without

having intermediaries in between.

914

:

That is the reason why we see so many

payments, you know, uh, pilots going on.

915

:

tokenization.

916

:

You know why?

917

:

Because fractionalization, you can

fractionalize assets, you can bring

918

:

more participants in, you can open it

to more broader part of the society,

919

:

which was not the case before.

920

:

So that makes it more easier.

921

:

The third is that the smart contracts,

because It takes three to five days,

922

:

maybe more going between different

teams, including legal, by the way,

923

:

every time you make certain changes in,

you know, in, in, in your, your, uh,

924

:

your interest rates or anything else.

925

:

And with smart contracts is

on the fly, you can make those

926

:

policy changes much more faster.

927

:

So I think https: otter.

928

:

ai Make blockchain like really stand

out, uh, in terms of, you know,

929

:

how, where the adoption is going.

930

:

So, so I, I, I couldn't agree more

with Jack in terms of, you know,

931

:

the health and hygiene indicators.

932

:

The, the, the ability to enforce policies,

which is very, very important from

933

:

a financial institution perspective,

because then you're able to establish

934

:

certain baseline and rules, and then

you're a little bit confident that you

935

:

know what, at least there is no deviation

from this baseline behavior and the

936

:

infrastructure is running at a certain

maturity level that I expect it to run.

937

:

So it does make a lot of sense to me.

938

:

Tim Winkler: I think it's a great

kind of stopping point, kind

939

:

of put a, put a bow on it here.

940

:

It's also reinforces why I love this

format because I, you know, I think

941

:

hearing that from your perspective,

Sandeep, and then Jack, having you kind

942

:

of, you know, speak to it, you know,

firsthand on some of the work that you're

943

:

doing in real time, I think it's, it's

great to kind of hear it from both sides

944

:

and, um, you know, Sandeep, I think that

last little segment there, I was It's just

945

:

helpful to, to process it and, and make it

a little bit easier for everyone to kind

946

:

of understand when it's going from, you

know, those more traditional environments.

947

:

Um, and so, um, yeah, kudos to you

guys for, for, you know, being a

948

:

great one, two team there to, to help

bring this conversation to light.

949

:

Um, you know, we, uh, we definitely

want to, you know, wrap things up

950

:

with our, our final segment here.

951

:

It's a, it's a fun segment

called the Five Second Scramble.

952

:

Uh, we're going to just spitball

a couple of rapid fire questions.

953

:

Try to give your answers

within five seconds if you can.

954

:

And, uh, some will be business,

some personal, um, Mike, why

955

:

don't you lead us off with

Sandeep and then I'll get to Jack.

956

:

Mike Gruen: Sounds good.

957

:

All right.

958

:

Uh, you ready?

959

:

Uh, what's the most important

skill you look for in a new hire?

960

:

Sandip Wadje: Attitude.

961

:

Attitude.

962

:

I, I, I, I look for that

individual's attitude to things.

963

:

Okay.

964

:

And then how, how they

essentially handle situations.

965

:

Yeah.

966

:

Mike Gruen: Uh, what's the best piece

of advice you've ever been given?

967

:

Sandip Wadje: There is no meeting

that cannot be rescheduled.

968

:

So focus on your well being.

969

:

So your well being, your well being takes

priority over a lot of things in life.

970

:

So there is, there is no meeting.

971

:

There is no appointment

that cannot be rescheduled.

972

:

Mike Gruen: Yeah, well said.

973

:

Uh, what's the biggest misconception

about working in traditional banking?

974

:

In it, in i, in traditional banking,

975

:

Sandip Wadje: the level of maturity,

uh, uh, uh, the, the, unless you

976

:

come in, uh, uh, from outside it

looks really, really glorious.

977

:

Uh, but, but then when, when you, when

you go inside, uh, uh, uh, the, the, the

978

:

scale, the scale of eight is like, yeah,

it's, uh, like I, and, and then trust me.

979

:

This will come from anyone who is actually

working in a large international bank.

980

:

So, so, but again, I think, uh, on that

topic, if you ever watched Barack Obama's

981

:

interview, uh, he said it really nicely.

982

:

He said, I've met world leaders

and then there are no more than

983

:

ordinary people and making the same

mistakes anyone else would make.

984

:

So, so, uh, so I would say large

corporations are no different.

985

:

It's the same people dynamics that you

would find anywhere else in the world.

986

:

Cool.

987

:

I like it.

988

:

Mike Gruen: Uh, what's your favorite

part of the company culture at BNP?

989

:

Sandip Wadje: We're very people centric.

990

:

We take care of people.

991

:

We look after people.

992

:

I really like that.

993

:

And you will not find actually

anyone living BNP Paribas.

994

:

If you ever go on LinkedIn,

you'll find that people stay

995

:

with the bank for 20 30 years.

996

:

I'm probably the least experienced person

in BNP as of today because everyone else

997

:

at my level has been there for 30 years.

998

:

Mike Gruen: Aside from AI and

blockchain, What is an emerging

999

:

technology that you're excited about?

::

Sandip Wadje: Uh, uh,

artificial intelligence.

::

Mike Gruen: Now, aside

from AI and blockchain,

::

those are

::

Sandip Wadje: too easy.

::

Oh, except for,

::

so, uh, uh, I would say the next one

in my list would be quantum for sure.

::

Very, very much excited about quantum.

::

And, uh, I think, uh, people

are going to miss, uh, the

::

tipping point on quantum as well.

::

Because they didn't see a chat GPT

coming in:

::

have similar moment with quantum

where people think that, oh, it's 10

::

years away and boom, and the tipping

point comes faster than you think.

::

And then you're not prepared for it.

::

Mike Gruen: Totally agree.

::

I think.

::

Yep.

::

I'll save that for a different day.

::

Um, what's the most outdated piece

of technology you can't let go of

::

Sandip Wadje: my iPod.

::

Yep.

::

I still have it, uh,

160TBs with all songs.

::

I love it.

::

And, and I somehow I can't let it

go because it, yeah, because you

::

know, you can't be disturbed when

I have that iPod and music on.

::

Uh, there is no disturbance actually,

and it's so easy to flip around and

::

change the music and everything else.

::

It feels so much better, actually.

::

Mike Gruen: That's smart.

::

That's awesome.

::

Um, what's something you did as

a kid that you still enjoy doing?

::

Sandip Wadje: I've been like a big

networking guy all, all my life.

::

I always wanted to connect with

people, make friends, socialize.

::

And I, I do this even today.

::

I, even though I'm in managing director

in a bank, I make it a point to at least

::

Meet five to 10 new people every week.

::

So, so, uh, does, does keep on top

of technology and what's going on.

::

So, yes, I, I am a prolific

networker and, and that, that's

::

the habit that stayed with me.

::

Since I was a kid.

::

Mike Gruen: That's cool.

::

Um, what's a charity or corporate

philanthropy that's near and dear to you?

::

Sandip Wadje: This is an interesting

one, but which is something

::

we do in the UK every year.

::

We do Whitehead Ball first

last week of January every

::

year to raise money for NSPCC.

::

Uh, which runs child child line, uh,

which is essentially, uh, a telephone

::

line to help children's in distress.

::

So we do this every year.

::

I've been going to Whitehead Ball

probably six, seven years for now.

::

Uh, it's a, it's an excellent

charitable initiative.

::

Roughly 800 professionals

attend it every year.

::

I think if I'm not wrong, we

raise roughly like a million

::

plus every year for the charity.

::

Yeah.

::

Mike Gruen: Nice.

::

Uh, if you could live in

any fictional universe,

::

Sandip Wadje: which would you

::

Mike Gruen: choose?

::

Sandip Wadje: Oh, Marvel.

::

A hundred percent.

::

Mike Gruen: I assume as a superhero,

not just as a regular person

::

who's just getting murdered.

::

Um, and what's something that you still

enjoy doing, but are really bad at?

::

Sandip Wadje: That's a good one.

::

That's a good one.

::

Cooking, cooking.

::

So, uh, yeah.

::

Tim Winkler: Nice.

::

Alright.

::

That wraps it up.

::

Nice.

::

Alright, uh, Jacques,

let's get over to you.

::

Let's kick it off with, you

know, give us the quick pitch

::

of how you describe Halborn.

::

Jacques Boschung: Oh, Halborn, we are

a cyber security company committed to

::

enable the next digital transformation

in financial services in a secure way,

::

thanks to our knowledge of blockchain

technology and the surrounding web

::

to constraints and dependencies.

::

Tim Winkler: What's your favorite

part about the culture at Alborn?

::

Jacques Boschung: Uh, it's proof of

work culture, meaning that people

::

needs to demonstrate what they can

do, uh, be engineers or other people.

::

That's one thing.

::

And the other thing is that we, we

are totally a decentralized company.

::

So we are following the lead

of our blockchain focus.

::

Tim Winkler: Excellent.

::

What, what kind of technologists

would you say thrives at Alborn?

::

Jacques Boschung: Oh, zoom

teams, all those things, since

::

we are totally decentralized,

that's the way we work together.

::

No, no other option.

::

Tim Winkler: Somebody who

cannot, uh, operate virtually.

::

It sounds like, um, what kind of.

::

Tech roles are you hiring for at Halborn?

::

Jacques Boschung: We are hiring engineers.

::

So, um, level one, level two, level

three engineers, uh, focused on the

::

blockchain technology, but we are also

hiring cyber security cloud specialists.

::

And that's exactly what I was saying

in the beginning because we are able

::

to combine the two things, which is

the only answer for big banks like BNP,

::

by the way, because they really want

to speak with somebody who can both.

::

I'm just on classical preliminators and

the new distributed ledger technology.

::

Tim Winkler: Very cool.

::

What would you say is the biggest

challenge that's you, you all will

::be facing as a business in:

::

Jacques Boschung: Uh, so

we, we are essentially a

::

professional services company.

::

So what we do are services.

::

We deliver services.

::

So recruiting talent is always

very high on our scorecard.

::

Tim Winkler: Aside from AI,

blockchain, and quantum.

::

What's an emerging technology

that you're most excited to see?

::

Jacques Boschung: Okay.

::

Maybe sometimes nuclear fusion.

::

Tim Winkler: We just raised the bar.

::

I love it.

::

I love it.

::

Dates

::

Jacques Boschung: to TBD.

::

Dates TBD.

::

Well, it has been emerging for 70

::

Mike Gruen: years.

::

So, I mean, once we have the

AI and quantum, I think that

::

we'll be able to figure it out.

::

Like we'll just have general, general, but

::

Jacques Boschung: you still

have some physical limitations

::

that even AI cannot overcome.

::

Tim Winkler: That's true.

::

Uh, quickly describe your morning routine.

::

Jacques Boschung: Oh, uh, I wake

up early, I do sports, uh, and then

::

I am always coming back to work.

::

I am not taking breakfast, just a tea.

::

Tim Winkler: All right.

::

What is your favorite app on your phone?

::

Jacques Boschung: My

favorite app on my phone.

::

What's up?

::

Tim Winkler: Nice.

::

What's a charity or a corporate

philanthropy that's near and dear to you?

::

Jacques Boschung: Okay.

::

We don't do corporate philanthropy.

::

I do personal philanthropy

for the people in Ukraine.

::

Tim Winkler: Very nice.

::

If you could have dinner

with any tech icon, past or

::

present, who would it be with?

::

Jacques Boschung: Ha!

::

Um,

::

Richard Feynman.

::

He was a guy, he was a physicist

back in the day, who really thought

::

about the quantum computing.

::

He was really the guy at

the very root of everything.

::

And he was a true genius.

::

And very funny guy.

::

So on top of that, it would not be boring.

::

We cannot say that of all the

tech tycoons that we know nowaday.

::

Tim Winkler: Mike, you lit up, you

know, this guy, I know that guy.

::

Mike Gruen: Yeah.

::

There's some great videos.

::

Yeah.

::

Whatever.

::

Jacques Boschung: He was in the movie.

::

Hymer, by the way, he had,

he was playing as a plane.

::

The character, the character

in Oppenheimer, yeah.

::

Tim Winkler: Oh, okay.

::

Uh, all right, a couple more

here and then we'll wrap it up.

::

Uh, what is the worst fashion

trend that you ever followed?

::

Jacques Boschung: That I

did follow, okay, moustache.

::

Tim Winkler: You know, it depends

on who you ask, but that's sometimes

::

coming back as a great fashion trend.

::

Jacques Boschung: Right, right.

::

That's why I was getting that.

::

It's a provocative provocation, right?

::

All right.

::

Tim Winkler: Yeah.

::

It's a safe, safe answer.

::

Uh, alright.

::

What was your dream job as a kid?

::

Jacques Boschung: Uh, dream job as a kid.

::

Uh, pillar of a jet fighter.

::

Cool.

::

But then, then that came very similar.

::

Forget it.

::

Yep.

::

Forget it.

::

.

Tim Winkler: Yeah.

::

Uh, awesome.

::

All right, well that is a wrap.

::

I wanted to thank you both so much for

joining us and you, you've been fantastic

::

guests and sharing your insights on this.

::

Obviously critical topic that,

uh, is cyber security and banking

::

and, uh, appreciate your time.

::

And yeah, thanks for

joining us on the pod.

::

It

::

Jacques Boschung: was awesome.

::

Thank you so much, Sandy.

::

Nice meeting you.

::

Thank you guys.

::

Thank you.

::

Thank you.

LET’S DISCUSS YOUR HIRING NEEDS

Build a custom hiring solution to grow your product, data, and
engineering teams.