Securing the Future: Traditional IT vs. Blockchain in Banking | The Pair Program Ep55
In this episode of The Pair Program, hosts Tim Winkler and Mike Gruen explore the future of cybersecurity in financial services with two distinguished experts: Jacques Boschung, CEO of Halborn and Sandip Wadje, Managing Director and Head of Emerging Technology Risks at BNP Paribas. Together, they unpack how blockchain, AI, and emerging technologies are reshaping cybersecurity and risk management in the financial sector.
Key Topics Discussed:
- The evolution of cybersecurity: From traditional IT to blockchain and AI.
- The role of quantum computing in reshaping encryption and security protocols.
- Why “Secure by Design” is a must-have for emerging technologies.
- Blockchain’s impact on risk management and settlement systems in finance.
- How AI is transforming threat detection and risk assessments in the banking world.
About Jacques Boschung: Jacques Boschung is the CEO of Halborn, a leader in Web2 and Web3 cybersecurity. Jacques has spent most of his career with prominent IT vendors such as HPE, IBM, and, more recently, Dell Technologies, where he served as SVP for EMEA Alliances and Telecom. Between 2020 and 2022, he was President and General Manager of Inovalon’s Payer business. Additionally, Jacques is a member of the board of Swiss Medical Network, the second-largest healthcare provider in Switzerland, and Chairman of Well Gesundheit AG, the leading medical app in that market.
About Sandip Wadje: Sandip Wadje is Managing Director and Head of Emerging Technology Risks at BNP Paribas. With over 23 years of experience in cybersecurity, IT risk, and compliance, Sandip specializes in Cloud, AI, and Digital Assets. He is recognized for simplifying complex risks, driving transformative change, and influencing Fortune 500 stakeholders to enhance technology and cybersecurity initiatives. Sandip has shaped regulatory guidelines, shared insights with industry forums and regulators, and led global teams. He has established Centers of Excellence and advanced cutting-edge technologies, earning a reputation for managing diverse, high-impact portfolios.
Sign-Up for the Weekly hatchpad Newsletter: https://www.myhatchpad.com/newsletter/
Transcript
Welcome to The Pair Program from hatchpad, the podcast that gives you
2
:a front row seat to candid conversations
with tech leaders from the startup world.
3
:I'm your host, Tim Winkler, the
creator of hatchpad, and I'm
4
:your other host, Mike Gruen.
5
:Join us each episode as we bring
together two guests to dissect topics
6
:at the intersection of technology,
startups, and career growth.
7
:Hello everyone, and welcome
back to The Pair Program.
8
:I am your host, Tim Winkler,
alongside my co host, Mike Gruen.
9
:Uh, so Mike, I was recently reading
that, uh, Lego is releasing a set
10
:that they're calling the Endurance.
11
:Uh, which is a model that
kind of commemorates the
12
:Explorer Ernest Shackleton.
13
:Um, and it's like a 3, 000 plus piece
set, so kind of led me down this path.
14
:I know that you've done,
you know, a number of Legos
15
:down, down, uh, your career.
16
:So what, what's, uh, what's a, like
the largest Lego set that you've
17
:ever assembled and what was it?
18
:Mike Gruen: Oh, the largest.
19
:Oh, that's interesting.
20
:Ah, it was definitely something
when I was a little kid.
21
:It was some sort of space station.
22
:I don't remember.
23
:Um, I mean, it was the, the blue and red,
like it was the old school space stations.
24
:It wasn't like, you know,
Star Wars branded stuff.
25
:So.
26
:Uh, something along those lines.
27
:Um, definitely sat with my kids
to do some of the bigger sets.
28
:But first of all, I have to say
kudos to you for remembering
29
:to call it Lego and not Legos.
30
:Uh, so good for you
31
:Tim Winkler: on
32
:Mike Gruen: that one.
33
:Tim Winkler: Yeah, I
can fact check myself.
34
:Mike Gruen: Um, I do
have a good Lego fact.
35
:They make more tires than anyone else.
36
:They're the largest tire
manufacturer in the world.
37
:That is a fun fact.
38
:That's pretty
39
:Tim Winkler: cool.
40
:That's great.
41
:What about you guys?
42
:Jacques, Sandeep, any, any, uh, you
know, memorable Lego sets that you
43
:built either solo or with your family?
44
:Jacques Boschung: Yeah, of course.
45
:I believe a black star of Darth
Vader or something like that.
46
:It must have been.
47
:Yeah.
48
:That's the biggest.
49
:Tim Winkler: Yeah.
50
:Yeah.
51
:That's a big one though.
52
:I've, I've, I've had a few employees
that, that have assembled that one.
53
:Um, Sandy, how about you?
54
:Sandip Wadje: I didn't do much
when I was a kid, but more with
55
:my nephew these days, and then
his demand kind of keeps going up.
56
:So it started with like the
small hundred dollars one.
57
:And the last thing is like,
,:
58
:I don't know what is the next demand that
is going to come through, but the kind of
59
:Legos he requests just keeps shooting up.
60
:Yeah.
61
:Tim Winkler: Yeah, I had a, I had
a little flashback down memory lane
62
:on this too, and I had one that was
like this, uh, it was like a medieval
63
:knight's castle from like the early 90s.
64
:Um, Definitely wasn't:
65
:It was, yeah, we're talking a couple
of hundreds here, but, uh, it was,
66
:it was a large one and, uh, yeah,
it was a good, good little, um,
67
:uh, memories talking about Legos.
68
:I know that's like one of like the,
the go to toys that we hit on one
69
:episode, Mike, of, uh, the goat toy.
70
:Mike Gruen: It's yeah, I mean, I
use mine structurally to, I, uh, I
71
:there's things that I've built to
like for computers and things to like,
72
:Tim Winkler: just to
prop up your, your laptop
73
:Mike Gruen: to prop up.
74
:I've actually got, uh, in my old
apartment, I was popping up some furniture
75
:with some Legos, so to keep it from
falling forward, uh, they're pretty
76
:strong, uh, it's pretty impressive.
77
:Yeah, anyway,
78
:Tim Winkler: great, great,
great dual use example.
79
:Uh, all right, uh, well, let's
fill the listeners in on what
80
:today's episode is all about.
81
:So, um, today we are
diving into a topic that.
82
:Is reshaping the landscape of tech.
83
:And that is, you know, cybersecurity
specifically within the banking
84
:sector, uh, and specifically kind of
comparing traditional it environments
85
:and blockchain and banking.
86
:Uh, so joining us are two,
uh, distinguished leaders
87
:within cybersecurity.
88
:First off, we have Jacques Beauchamp.
89
:Uh, Jacques is the CEO of Howborn,
a cybersecurity firm specializing in
90
:blockchain, Jacques brings a wealth
of experience in IT and cybersecurity,
91
:uh, specifically in protecting digital
transactions in the blockchain space.
92
:Uh, and then alongside Jacques,
we have Sandeep Wadhyay.
93
:Uh, Sandeep is the managing
director and global head of emerging
94
:technology risk at BNP Paribas,
one of the leading banks in Europe.
95
:Sandeep has over two decades
of specialized experience in
96
:cybersecurity, operational risk, and
compliance across several verticals.
97
:Jacques Sandeep, thank you both
for joining us today on the pod.
98
:Jacques Boschung: Pleasure to be here.
99
:Thank you.
100
:Tim Winkler: Thank
101
:Sandip Wadje: you.
102
:Tim Winkler: Thank you.
103
:Excellent.
104
:All right.
105
:Now, before we dive in, we do
like to kick things off with a
106
:fun segment called pair me up.
107
:Here's where we all go around the room.
108
:We spit ball a complimentary
pairing of our choice.
109
:Mike, why don't you lead us off
on, uh, what you got for us today?
110
:Mike Gruen: Yeah, uh, well,
I'm feeling under the weather
111
:and I was all clogged up.
112
:Uh, and so my go to when I'm
stuffed up is to pair that with,
113
:uh, something really spicy.
114
:So I had, uh, I looked for the
hottest, uh, salsa we had in the
115
:house and, uh, scarf some of that
down and help clear out my sinuses.
116
:So, uh, clogged sinuses and, uh, hot
salsa would be my, my pairing today.
117
:Tim Winkler: And then hopefully
a box of tissues nearby.
118
:Mike Gruen: Oh no, we did that earlier.
119
:I made sure to, you know, we're all good.
120
:Tim Winkler: Yeah.
121
:Yeah, I, I hear you, man.
122
:I just had, um, I, my go to for something
like that is a bowl of pho and just a
123
:little bit of extra sriracha in there.
124
:That was Saturday.
125
:Mike Gruen: Uh, so yeah, Saturday, my
son and I went out for pho and, uh, we
126
:have a great place right near the house.
127
:And, uh, yeah, sriracha and
jalapenos and all kinds of
128
:stuff to make it nice and spicy.
129
:Okay.
130
:Tim Winkler: Nice.
131
:Well, hopefully, uh, hopefully
you're, you're feeling good enough
132
:to, to get through this episode here.
133
:We'll, uh, we'll, we'll, we'll
keep checking on you throughout.
134
:Um, I'm going to go, I'm going
to go with the changing of
135
:seasons and, um, thermostat wars.
136
:And, you know, this is something
that, you know, living here in the DC
137
:area, specifically around this time
of year, we've got these crazy swings
138
:and temps that could go anywhere
from 65 degrees during the day.
139
:We'll, Down to 25 degrees at night.
140
:And so my wife and I are pretty
polar opposites in the sense that
141
:I tend to run a little bit hot.
142
:She's always a little bit cold.
143
:And then, yeah.
144
:So during these times, like I'll
check our little nest thermostat and.
145
:You know, it's constantly getting
turned up and down throughout the day.
146
:And then before we go to sleep at
night, you know, I'll check it and
147
:make sure it's at a certain temp.
148
:And then I'll wake up the next morning
and notice that it's magically settled,
149
:you know, a few degrees higher.
150
:Um, and this is how we would, you
know, what we would classify as these
151
:thermostat wars in our household
where it's kind of like undisclosed.
152
:Like my wife will, won't say like,
Hey, is it, are you cold or warm?
153
:I turn it up or down,
she'll just go do it.
154
:And then I'll just go do it.
155
:And so it's this fun little game
that we, we both play during the.
156
:changing of the seasons, but it
keeps us keeps us on our toes.
157
:That's, that's my pairing for today.
158
:It's going to be the changing of
these seasons and these thermostat
159
:wars that my wife and I play.
160
:Um, I'll pass it over to Sandeep.
161
:Sandeep, how about a quick intro
from yourself and your pairing?
162
:Sandip Wadje: Thank you.
163
:Thank you.
164
:Thank you everyone.
165
:Uh, again, uh, uh, I'm based in London.
166
:I've been with BNP Paribas
for seven years now.
167
:And, uh, in terms of pairing up,
uh, I think, Nothing can ever
168
:go wrong with a hot spicy curry.
169
:And that does help being from India.
170
:And then the fact that I was a little
bit under the weather, but the good
171
:thing is I'm in Mumbai and I'm having
a nice spicy curry from my mom and
172
:that has really helped me recover much
faster than the cold weather in London.
173
:So I'm not complaining.
174
:Tim Winkler: Yeah, I dig that.
175
:I love a good hot, spicy curry.
176
:Uh, yeah, ship some over to
Mike here for, uh, for his
177
:next, his next, uh, nasal cycle.
178
:Um, well, it's a pleasure
having you on here, Sandeep.
179
:Um, Jacques, about yourself,
quick intro and your pairing.
180
:Jacques Boschung: Yeah, right.
181
:I am the CEO of Albon.
182
:I started just four months ago.
183
:Before that, I was, as you mentioned,
CEO of another classical cyber
184
:security, and I spent 14 years.
185
:At Dell Technologies, and I am an
educated nuclear physicist, which is
186
:maybe those days getting popular again.
187
:Um, now speaking about pairing, I
don't know if you know that guys,
188
:you should, this year is the 50
years of something really well
189
:established in the nerd culture.
190
:What is it?
191
:You know, this year, that's anniversary,
192
:Mike Gruen: 50 years.
193
:I mean, I just turned 50, but I don't
think that's what you're talking about.
194
:Jacques Boschung: If I tell you
D& D, does that ring a bell?
195
:Dungeons and Dragons?
196
:Dragons, 50 years.
197
:Yes, really.
198
:So, uh, my pairing, which is
very well suited to blockchain is
199
:from nerd culture to pop culture.
200
:This is what happened by the way with DND.
201
:It was nerd thing back in the days.
202
:Now it's pop thing because you know what,
uh, Game of Thrones, all those things are
203
:deeply inspired by this, uh, by this game.
204
:And, uh, the same is
happening with the blockchain.
205
::in financial services, a pop culture,
206
:but Sandy will speak more about that.
207
:So that's my pairing guys.
208
:I like it.
209
:Love it.
210
:Love it.
211
:Tim Winkler: Yeah.
212
:That's, that's a great, uh, comparison.
213
:And.
214
:Honestly, so, you know, doing a lot of
tech recruiting, we've, we've recruited
215
:a lot of folks out of little dungeon
and dragon, like micro communities
216
:around here when we were doing more
local, local recruiting, some of our,
217
:our employees were, you know, parts of
these big dungeon and dragon networks.
218
:And they've hired engineers
from these communities.
219
:So it's certainly, uh, yeah,
it's gone from nerdy to cool.
220
:I agree with you.
221
:Jacques Boschung: Awesome.
222
:Tim Winkler: All
223
:Jacques Boschung: right.
224
:Well, that's a it's becoming cool.
225
:Is it a problem?
226
:You know, some, somebody will ask me
the question, can it be still trendy,
227
:but another, another conversation.
228
:Tim Winkler: Yeah.
229
:Yeah.
230
:We'll have to revisit
this in like 50 years.
231
:Um, Awesome.
232
:All right.
233
:Well, appreciate the intros.
234
:The pairings were awesome.
235
:Let's go ahead and shift gears into
the heart of today's discussion.
236
:So, as I mentioned, we are
talking about cybersecurity and
237
:the banking sector and comparing
traditional IT versus blockchain.
238
:So, you know, why does this matter to us?
239
:Um, I'll go in the highlight, uh, just
a few common scenarios of Your digital
240
:banking that nearly everyone can relate
to and underscore that critical role
241
:of cybersecurity in our daily lives.
242
:So whether it's withdrawing
cash from an ATM.
243
:To sending a payment to a friend via Venmo
or PayPal, or simply receiving, you know,
244
:your paycheck through direct deposit.
245
:And these are all digital transactions
that require robust cybersecurity measures
246
:to protect us against fraud and theft.
247
:And, you know, we, we continue to hear
more and more of these, of these days,
248
:like of these stories that pop up of.
249
:You know, some hackers pulling
off a bank heist from their couch.
250
:Uh, I, I can specifically recall
during the pandemic, this huge spike
251
:in phishing scams where, you know,
cyber criminals would try to swipe
252
:cash and by personally, um, sending
personal or asking for personal
253
:info by pretending to be our banks.
254
:Uh, and so I, I, I just, you know,
I, it's a scary world out there.
255
:It continues to get scarier.
256
:The more that tech modernizes, uh, and
it's continued efforts from professionals
257
:like our guests, Jacques and Sandeep
kind of keep our digital transactions
258
:safe from these external threats.
259
:So, um, I I'm excited to
have this conversation.
260
:I'm excited to continue to build
awareness on this, even if this.
261
:Podcast is one small source of
information to get more intel out there.
262
:I think it's super important.
263
:So the way that I kind of see this
conversation flowing is to first have our
264
:guest paint the picture of the current
landscape in both of these environments.
265
:We'll discuss some of the challenges
and the innovations in cybersecurity.
266
:And then we'll wrap with some
insights on what the future of digital
267
:banking and security might look like.
268
:Um, let's start with you Sandeep, uh,
you know, with, with your perspective,
269
:you know, what, what are the primary
kind of cybersecurity challenges that
270
:are facing the traditional banking
systems today, uh, and then we can jump
271
:over to you Jacques for an overview
more on the, on the blockchain side.
272
:Sandip Wadje: Sure.
273
:Absolutely.
274
:Um, I think, um, from a
traditional banking perspective.
275
:If you look at the challenges, obviously,
I think the number 1 has been more
276
:around business disruption as a result of
ransomware attacks, even if not directly
277
:on financial services institutions on our
supply chain and the impact of the supply
278
:chain disruption on the bank as a whole.
279
:So, I think 1 is definitely
in terms of traditional or the
280
:legacy it in financial services.
281
:There has been a lot of focus
on ransomware campaigns.
282
:There's a lot of focus on.
283
:Geopolitical disruptions, uh, particularly
cyber attacks as a result of geopolitics,
284
:which is again is a focus of attention.
285
:And then generally, I would say phishing
campaigns or cyber enabled fraud,
286
:which is again a big attention point
for large financial institutions.
287
:So, so what has happened
over a period of time is.
288
:You, you have had essentially.
289
:Uh, an ID, which is kind of almost like
trying to catch up with the evolution
290
:on the cloud journey and, and, and, and
different ways of doing digital working.
291
:Uh, so, so, and then that has kind
of exposed some fault lines, uh, in
292
:terms of, uh, different vulnerabilities
that attackers try to exploit.
293
:Uh, whether then it is end user
computing, whether then it is
294
:essentially the infrastructure you
have to deliver services to clients.
295
:And then it has been a bit of a
uphill battle because, uh, the
296
:way we landed in this traditional
IT journey is the technology is
297
:kind of, you know, scaling it up.
298
:And at the same time, we are trying to
build security around it, not into it.
299
:So what has happened is.
300
:Uh, you, you, you almost like had
a situation, uh, where, where you
301
:started to build security around
the technology, which was inherently
302
:vulnerable from day one, because if
you look at the history of internet,
303
:internet was not designed to be secure.
304
:It was designed to be collaborative.
305
:That's, that's where they
started first saying, you know
306
:what, we should open everything.
307
:We should talk to each other, uh, but let
us talk about security a little bit later.
308
:Uh, and that's, that's what, what,
what we have in all this it journey,
309
:uh, where, where, where, where we are
building on top of, uh, uh, legacy it,
310
:which has been inherently vulnerable.
311
:And that has been like quite a
challenging journey, I would say.
312
:Mike Gruen: I think the best example
of that is like email, right?
313
:Like this idea of like, why
would anybody spoof an email?
314
:Why would anybody send an email
from someone who they don't predict?
315
:Like that's the 60s, 70s, when email
from academia and now like, right.
316
:There's a lot trying to retrofit to make
it so that, you know, this email came
317
:from who it's supposed to come from and.
318
:And the rest of it, I think it's
kind of the, the, the history of the
319
:internet and how we got, you know,
it's a, yeah, it started in academia
320
:and in research and collaboration.
321
:Why would you need this
stuff to be secure?
322
:It's a, it's an interesting evolution.
323
:Tim Winkler: Yeah.
324
:And we'll expand on
that a little bit more.
325
:They
326
:Sandip Wadje: built it, actually.
327
:It was a very trusted vehicle, right?
328
:They never, they never thought that
the community is going to be so big.
329
:Right when, when they started building,
you know, uh, the, the, the, the original
330
:network , they never thought that in
20 years time, like 1 billion people
331
:or a couple of millions of people would
be connected to internet every day.
332
:Right.
333
:So, so that, that throws like
an interesting challenge.
334
:Yeah.
335
:Tim Winkler: Yeah, and I don't think
anybody thought digital currencies
336
:was going to be a thing at any point
back then either and here and here we
337
:are, and this is a good, good segue.
338
:I want to, I want to expand on some of
that stuff, Sandeep, uh, but first, you
339
:know, and kind of keeping with tradition
of catching the other perspective
340
:real quick here, uh, Jacques, let's,
let's just real quick get, uh, your,
341
:your viewpoint on how, you know,
blockchain technology is evolving with
342
:the financial services sector and why
cyber is critical with this evolution.
343
:Jacques Boschung: Right, right.
344
:So real quick, I believe we have
to look back because for me, I have
345
:been in it for 20 years plus big
difference of financial services.
346
:With any other industry, now it's
converging, but the big difference
347
:is that IT has always been the
factory in financial services.
348
:Without IT, there is no bank, and that
has been like that for many years.
349
:In fact, the first digital transformation
of banking happened in the 70s, 80s,
350
:and 90s, where they got rid of paper and
went into centralized ledger technology.
351
:And then at the beginning of this
century,:
352
:digital transformation, which did not
really impact the business processes.
353
:That was adoption of e banking,
was adoption of private cloud.
354
:That was really a huge simplification of
the basic infrastructure of IT in banking.
355
:And now what we believe at Albon, and
what I believe is that we are reaching
356
:the third digital transformation.
357
:Which is a blockchain
adoption for three things.
358
:You mentioned it just now.
359
:You said, okay, digital currency.
360
:That's one thing.
361
:So CBDC for central banks.
362
:Second thing, insurance of security.
363
:And third thing, which is really
big in terms of efficiency
364
:in the system, settlement and
clearing happening on chain.
365
:Which will reduce the lead
time and mitigate the risk.
366
:I know Sandeep, risk is a big
thing in your, on your plate.
367
:So this is what is happening now.
368
:But when you speak about all that
in that new digital transformation,
369
:security is everything.
370
:Because unlike in the classical
perimeter, where between detection and
371
:response, you have a little bit of time.
372
:Till ransomware is fully established
with the first indices of compromise.
373
:You can have several hours, sometimes
a day, depending on the industry.
374
:Whereas on chain, if something is
375
:happening, your cash is gone.
376
:So we have a real hold up type of
robbery situation, which is really unique
377
:to that new digital transformation.
378
:And that requires a decentralized
system, a totally new way of thinking.
379
:Yeah,
380
:Tim Winkler: I, I've got a lot of
questions to build on that, uh, as
381
:well, just in terms of, you know, things
like smart contract audits and some
382
:of the things that Halborn's is doing.
383
:If maybe you just take, take lead on that
right now and talk through some of those
384
:strategies that you all are taking on
and this is a good, good segue into, you
385
:know, what Halborn specifically is doing.
386
:Jacques Boschung: Right, right.
387
:So, uh, as, as you mentioned in
the beginning, Halborn, we are.
388
:We are solely focused on financial
services and web3 and on cyber security
389
:for those kind of institutions.
390
:So our customers are
decentralized finance.
391
:But more and more tried five
because of the adoption, we
392
:were just mentioning before.
393
:And indeed, we do plenty of those things.
394
:Mark contract audit is our bread and
butter, really our daily bread and butter
395
:because more and more on the tail end.
396
:You have the ability to create
an environment that enable those
397
:fast transaction, enable this,
uh, uh, equity issuance on chain.
398
:So it's really creating a new attack
surface like no, nowhere before.
399
:And it's really creating a
stress factor also for the
400
:traditional banking institution
when they move into that space.
401
:So we do those smart contract audit.
402
:We do design of architecture, we call
that secure by design, which combine both
403
:the web tool, and we can speak about that
after, so the traditional perimeters, and
404
:the blockchain aspect of things, because
you always have a combination of it.
405
:The smart, for instance, uh,
crypto wallet, It's more a web
406
:to thing than a non chain thing.
407
:So anyway, and you have API and
API are like cloud pen testing.
408
:You need to pen test those things.
409
:So that's web to infrastructure.
410
:So we, we do that combination of things.
411
:We focus a lot on trying to bring our
customers to make the secure by design.
412
:I think Sandeep mentioned that before.
413
:Okay, we, we just added layer of
security on an infrastructure.
414
:How do we think secure by design on chain
as well, and in a complex combination
415
:of on chain and off chain systems?
416
:And this is where we, we set our focus.
417
:Tim Winkler: The Secure by Design was
actually on my shortlist to kind of talk
418
:with you, Sandeep, on I don't know, it's,
I mean, it's obviously, it's relevant.
419
:Um, uh, Sandeep, can you, can you kind
of quickly tally on this in terms of
420
:how, you know, traditional banks adapting
their security strategies in response
421
:to the evolving digital landscape, like
technologies like AI and blockchain?
422
:Sandip Wadje: Sure, sure.
423
:So, so I think
424
:If, if you look at, uh,
blockchain as an example.
425
:And I've done a lot of conversations
on emerging technologies in general,
426
:blockchain and AI together in terms of
how it's going to change the trajectory
427
:for financial institutions globally.
428
:Um, uh, and if you look at blockchain,
I think the one thing that you
429
:need to understand in blockchain
is it requires two parties to play.
430
:One party cannot play because can I
run a blockchain in my data center?
431
:Not really.
432
:It has to be somewhere where more than
two parties can come and then validate
433
:the transactions, operate the nodes and
run that distributed ledger blockchain.
434
:What that means then is it
technically it is collaboration
435
:outside the boundaries of my network.
436
:And, and if you see all blockchains
projects globally, you will see that
437
:they're outside the organizational
boundaries of a financial institution.
438
:Maybe in AWS, maybe in Microsoft, maybe
in Google, but not in their data center.
439
:So that changes rules of the game
because now you have a technology that
440
:is forcing you go outside your perimeter.
441
:And the moment you go outside
your perimeter, the rules of
442
:the games are different because
it's a different environment,
443
:different technology and layers.
444
:That's part one.
445
:Part two, if you take like artificial
intelligence as an example, And take a
446
:step back and ask yourself, generally
speaking, right from politicians to
447
:bankers to CEOs of large corporations, how
do they take their day to day decisions?
448
:They take their decisions based
on open source intelligence.
449
:It's surprising, but it's true.
450
:It's based on what they see on social
media, what they read on financial
451
:times, what they see in market data
in terms of Bloomberg or LexisNexis.
452
:It's a fairly open data.
453
:Where is the data coming from?
454
:The data is coming from open sources.
455
:So now you have the dependency
on artificial intelligence to
456
:tap into various data sources.
457
:In terms of various decision making,
which means again, from a collaboration
458
:perspective, you're tapping into
outside data sources, you're connected
459
:to different providers, you're
connected to different types of
460
:data sources to make your AI better.
461
:And then that changes the
security landscape and the
462
:security around it, which means.
463
:You're dealing with multiple parties
with an access to your infrastructure.
464
:You're looking at components you
have never had before, particularly
465
:in the case of blockchain.
466
:You have the blockchain itself can be
Ethereum, can be hyperledger, uh, the
467
:security of that blockchain, but then
there is underlying infrastructure.
468
:You're running nodes.
469
:The nodes need to be managed.
470
:So you really need to look into all
this, all the different, I would
471
:say artifacts associated with the
technology and how that would be secure.
472
:But And coming to a realization that
one party doesn't control the security
473
:because it's a shared environment.
474
:So then you really need to look
into the risks associated with
475
:shared environment as well.
476
:So I think blockchain is essentially kind
of forcing organizations to relook more.
477
:So what does their multicloud
journey means to them?
478
:Because this is a multicloud journey.
479
:This is a dependency on other parties
in conducting business and how you
480
:go about conducting that business.
481
:With like shared acceptance of
the risk as well, because the
482
:risk will never go down to zero.
483
:When it's in your infrastructure, you
can try your best to reduce the risk, you
484
:know, to minimum level, but in a shared
infrastructure, it's very difficult.
485
:So blockchain brings some new realities,
new technologies, and new components,
486
:but also in a way, I will need you to
make it much more, more better and more
487
:scalable in terms of, you know, uh,
running different use cases and, and,
488
:and, and, and, and, and experiments.
489
:Tim Winkler: Yeah, I, I wanted to ask
you Jacques, cause I, you know, I'm
490
:going to, I'm going to assume that a
lot of our listeners, you know, have a
491
:common sense of, of, of some of these
items that we're talking about, but I
492
:like to try to simplify some of it as
well, just to, uh, make it a little
493
:bit easier for, for our listeners to
wrap their head around, can you expand
494
:a little bit more, um, on the approach
to smart contract audits and, and why
495
:that's so crucial for blockchain security?
496
:Jacques Boschung: Right.
497
:So we were just speaking
about Dungeon and Dragons.
498
:So I'd like to go back to the
gospel again, but another gospel.
499
:So, you know, in:famous white paper of Satoshi Nakamoto.
500
:That's an original Bitcoin
white paper, you remember.
501
:And in that white paper, there was
a diagram comparing the privacy
502
:model of traditional finance
Versus a non chain finance.
503
:Okay?
504
:And if you look at those two diagrams
comparing those two things, I mean,
505
:the difference is mind blowing and
is somehow, I would say, an executive
506
:summary of everything we are discussing.
507
:So in the blockchain world,
okay, you have identities.
508
:Of the people making the transaction,
which are hidden, but then the
509
:transaction is totally public.
510
:Okay.
511
:In traditional finance, stratified
transaction, identities, transaction,
512
:third party, so the banks,
counterparty in the transaction
513
:are all hidden from the public.
514
:So the Chinese role is
placed totally differently.
515
:In the decentralized ledger, uh,
technologies that we call a blockchain.
516
:And, and that's really important because
that makes a hell of a difference.
517
:So you have access to
all those transactions.
518
:So you need to keep identity hidden.
519
:That's why, by the way, millions
of billions of dollars are
520
:still with Satoshi Nakamoto.
521
:We know that they are with him, but
we have no clue who this guy is.
522
:So at least we can say that
he was very consistent.
523
:With his own diagram in his white paper.
524
:So that's, that's really setting
everything in the future.
525
:That's a paradigm that is setting
everything when we speak about blockchain.
526
:So big banks, so I can, sorry
about that, Sandeep, I need to
527
:mention another bank that I know.
528
:They made, they made recently,
UBS has made recently and
529
:they have published that.
530
:So it's all public knowledge.
531
:They have made at scale transaction model.
532
:Uh, with digital currency
between, uh, customers of their,
533
:okay, cross border transaction.
534
:And they have done all that on the serial.
535
:So on the public chain, that's
one model, but I know another
536
:very, very large custody.
537
:Okay.
538
:Who
539
:is doing in New York city?
540
:You will guess whom I'm speaking about
and they are doing a lot of things.
541
:So they are moving into
permission blockchain, which is.
542
:Within the perimeters of the bank, having
one blockchain, okay, which enables them
543
:to have some centralized means to manage,
to orchestrate and manage security.
544
:So what I'm trying to tell you here
is that the, I would say the outset
545
:is totally different between classical
perimeter security that Sandeep and
546
:myself know very well, the blockchain
world, you have different models.
547
:And the smart contract, I am
not ignoring your question
548
:about the smart contract audit.
549
:So smart contract audit is a
big thing because smart contract
550
:audit sitting on top of a
blockchain enable everything else.
551
:They enable all those DeFi.
552
:They enable those automated market maker.
553
:They enable those decentralized
exchange, all those things that people
554
:in crypto love and use at scale.
555
:And, and those guys have all the
benefit and the drawbacks of sitting
556
:on a public blockchain with exactly,
uh, the conditions I was referring
557
:to, which are so well described in
the Satoshi Nakamoto's white paper.
558
:So it's, it's really a total, totally
different paradigm on top of the
559
:fact that I was mentioning in the
beginning that if you have a breach,
560
:your money is gone, just like that.
561
:Again, not the same in the
562
:Tim Winkler: classical perimeter.
563
:Yep.
564
:Mike, did you have anything on that?
565
:I know that you're
obviously minds in cyber.
566
:Mike Gruen: Yeah, no, I think
it's, um, it's interesting.
567
:I think there's nothing specific.
568
:I mean, um, but when I think about trying
to, you know, thinking about our audience
569
:and trying to bring it to their level,
are there, like, what are some of the
570
:things that are Like when we look ahead
and that's really going to have impact on
571
:say the public and others like how, you
know, we talk about this, but you don't,
572
:it's just not, I don't feel like everybody
feels it just yet, um, what's happening
573
:with blockchain and the rest of it.
574
:And so, yeah, yeah, right.
575
:Jacques Boschung: You know what I mean?
576
:But you know, to this point, if I may, I
don't know if you saw the news today, but
577
:there was a nature, which is a scientific.
578
:Publications, they really, so Google
released, uh, their new, uh, paper
579
:about their quantum computing.
580
:And they claim that in:they will be able to release a
581
:commercial computer for 1 billion.
582
:So cheap price, so 10 times
cheaper than what it is today.
583
:And it will have 1, 000, 000 qubits, okay?
584
:And guess what?
585
:It seems that qubits is exactly the
computing capacity you need to break the
586
:code of the hashing function SHA 256.
587
:That is used, for instance,
on the Bitcoin protocol.
588
:Okay, so that's very concrete,
the statement I'm making here.
589
:So, so even for the blockchain world,
we have to think in the time frame of
590
:six years about a post quantum security.
591
:And I know that in the classical perimeter
world, everybody's thinking about that.
592
:But when, once we can break that code,
okay, it means that you can unfold
593
:A chain, okay, a Bitcoin or a fork
of Bitcoin, and you can, uh, undo
594
:all the transactions potentially.
595
:So, uh, so there are big problems
which are valid for the two
596
:side, flip side of the coin.
597
:So the coin, the side which is Web 2
security and the coin Web 3 security.
598
:For smart contract audit, what we do
is really to, to make code assessment.
599
:So we assess the code dynamically in the
environment where you deploy the code, but
600
:we assess it also statically line by line.
601
:And we more importantly, we
assess the business logic because
602
:the business logic is the key.
603
:Because, you know, a smart contract,
it use connection to the outside world,
604
:and that's what Sandeep was mentioning
before, to trigger some events.
605
:For instance, to trigger an exchange
of an Ether for a Bitcoin, okay?
606
:And if you can manipulate, Those
oracles, which are the name of those
607
:trigger from the outside world on
the chain, you can have devastating
608
:impact on, uh, I would say, uh, the
integrity of your smart contract.
609
:So those things we do, we redo those
analyses on the technical level.
610
:And as well as on the business
level of the smart contract.
611
:Tim Winkler: Yeah, it's, it seems like
we're going to have to run a follow up
612
:episode in:is a little bit more readily available.
613
:And that sounds terrifying.
614
:I mean, once you have quantum,
you're going to have lots
615
:Mike Gruen: of problems with, uh, back
splitting encryption and, and going,
616
:being able to go back in time and,
uh, decrypt a whole bunch of stuff.
617
:It's almost going back on
time, you know, in time.
618
:You're right.
619
:Right.
620
:Yeah.
621
:Yeah.
622
:Right.
623
:I mean, that's the biggest concern
is that notion of security for the
624
:future, not just, uh, not just,
um, not just securing transactions
625
:today, but knowing that they're
going to stay, um, uh, secure years.
626
:Jacques Boschung: Yeah.
627
:Sunday is back.
628
:Mike Gruen: Yep.
629
:Tim Winkler: Yeah, Sandeep.
630
:Uh, I got a quick, quick question
for you going back into more of
631
:the, you know, kind of traditional,
um, IT environment here.
632
:So, you know, we talked a little
bit about AI machine learning.
633
:Um, and you know, how, you know,
how is that going to play into the
634
:future of IT security for banks?
635
:I'd love to hear your Your thoughts
on this, particularly in areas of like
636
:risk assessment and threat detection,
you know, what, what are some of these
637
:strategies that you all are, you know,
taking on at BMP, for example, to kind
638
:of, to, you know, to combat some of
these areas within these specific areas.
639
:Parts of security within like
risk assessment, threat detection.
640
:Sandip Wadje: Sure, sure.
641
:And then your question is more
specific to risk assessment and threat
642
:detection on traditional or, or you're
referring to blockchain or this is
643
:in general question In tradition.
644
:In traditional.
645
:In traditional.
646
:In traditional, yeah.
647
:Yeah, yeah.
648
:So I think
649
:there is a formative, uh, impact
of ai, uh, specifically on how
650
:we look at, uh, risk assessments
because, uh, if, if, if you look at.
651
:The job of any cyber or risk, uh, I
would say executive or a practitioner,
652
:uh, it is essentially understanding how
policy or regulations apply to our job.
653
:And then based on that, right, a set
of controls and then using those set
654
:of controls, either rewrite those
controls to make sure that they're
655
:aligned with policy and regulations.
656
:Or then use these controls to perform risk
assessment and all of these actually can
657
:be done by AI seamlessly and it doesn't
involve any personal or confidential data
658
:because it's all related to ICT systems.
659
:So, so what we have with AI and
particularly AI for cyber security
660
:is opportunity to industrialize
risk assessments completely.
661
:Because risk assessments are ICT
is a system specific, they do
662
:not contain personal information.
663
:They do not contain any
confidential information.
664
:And when I say risk assessments, there can
be different types of risk assessments.
665
:Can be a third party risk assessments, can
be a merger and acquisition due diligence,
666
:can be a counterparty assessments.
667
:So I think AI is going to have a formative
impact on risk assessment in general as
668
:to how they are conducted and executed.
669
:And that would also mean, because large.
670
:Percentage of staff in house also in
consultancy world is actually used
671
:for these assessments, which, which
would then significantly change in next
672
:three years or so as to how it is done.
673
:Uh, and I think threat detection
is a very interesting area.
674
:Um, and, and the spotlight is changing
very fast because traditionally we
675
:were looking at, uh, looking at zero
day vulnerabilities, uh, for, for, for
676
:an example, and now you're looking at.
677
:How does geopolitical tension change?
678
:What kind of new
vulnerability is exploited?
679
:Because then you're looking at
nation state actors having a much
680
:advanced tools to exploit a zero day
that was not on your radar before.
681
:So, so geopolitical
tensions come into play.
682
:The new one, which we, I'm sure it
has been talked about is deepfakes,
683
:narrative intelligence, and that is
the new thing is the speed at which the
684
:attackers are able to create synthetic
IDs or fake IDs, and then they use
685
:it to launch different types of scam.
686
:Is also becoming an
interesting attack vector.
687
:So how do you go around detecting these
threads, which is like a brave new world?
688
:And then specifically, uh, a nation
state in case of a geopolitical
689
:conflict, the kind of tools they
have as a private corporation, you
690
:are never going to match that tool
and, you know, the armory in a way.
691
:So it makes threat detection
very, very interesting topic.
692
:And, and what, what I've seen
in last one year or so, there
693
:is more and more, I would say.
694
:Technologies or startups coming to play
in this space to help large organizations
695
:cope up with cope up with these, you know,
threat detection capabilities, because
696
:this is a new kind of attack vector,
which, which has not been tackled before.
697
:And.
698
:It has also the supply chain implications,
which has not been very well thought
699
:through, to be honest, is, uh, what
happens in the case of a geopolitical,
700
:uh, event, how many of my suppliers are
based in that conflict zone, or how many
701
:of my suppliers, critical suppliers are
based in that conflict zone, because
702
:then it is going to have an indirect
impact on us running our operations.
703
:And if that is not enough.
704
:A supplier can be my customer as well.
705
:So then I'm not, I'm not
talking about liquidity risk.
706
:If I look, if I look at a very large I.
707
:T.
708
:services company without taking
name, one of the top 10 I.
709
:T.
710
:services companies and all of a
sudden they're at crossroads in
711
:Asia Pacific in some conflict zone.
712
:And they are my investment
banking customer.
713
:So it's now I have a double whammy.
714
:One, our operations are
going to get impacted.
715
:Second, I'm dealing with liquidity
risk as a result of, you know, that
716
:customers or investment in that customer
is getting, you know, written off.
717
:So I think geopolitical triggers
and the impact on supply chain are
718
:bringing some really new realities.
719
:Mike Gruen: I mean, I think the, the
dependency, I think, uh, Jacques was
720
:talking about earlier too, about how
all these systems now, like everything
721
:depends on everything, right?
722
:Like when I started in my world, I, I
had very little third party code that
723
:would get included in our product.
724
:We just built everything in
house and whether we're secure
725
:or not is another thing.
726
:Um, But, um, as we've gotten bigger,
like we have more and more dependencies.
727
:And I think that the risk in that,
especially in open source products and
728
:projects, and think about, um, one of
the areas, you know, vulnerabilities
729
:and dependencies is one thing.
730
:And there's lots of stuff out there
to look for the alerts and things to
731
:manage that, but even the, the, the
people who contribute to those projects,
732
:and there have been cases of people
taking over open source projects and.
733
:Bad actors taking over open source
projects and being able to insert things
734
:in and I think that has like these very
big implications when you start talking
735
:about how now our financial services are
moving towards things like blockchain,
736
:like all of these dependencies and
it can all come down to some crappy
737
:JavaScript library that nobody should
have included and it has this huge,
738
:it has this potential and rippling
impact throughout the entire world.
739
:Like ecosystem and, you know, some
type of stuff that I think where AI
740
:and other things, that's the only
way we're going to be able to deal
741
:with it at any layer level of scales.
742
:There's just so much.
743
:And I'm, I'm just sort of curious what
you're seeing in that space or, um, um,
744
:if you're seeing, you know, any companies
trying to tackle some of that stuff,
745
:um, sort of in that vulnerability, uh,
in that dependency management side.
746
:Either.
747
:It's for anyone who wants to answer.
748
:Sorry, it was very long.
749
:Sandip Wadje: No, I know.
750
:I completely agree.
751
:I completely agree that this is like one
of the biggest areas because with AI based
752
:coding and the dependency on open source
components in releasing your core product.
753
:Means you really don't know which
nation set actor build that library
754
:that you are so fond of and that is
now integrated in your mainstream,
755
:you know, production delivery.
756
:So, so I've, I've also seen that
as a focus area in terms of hunting
757
:down, making sure every like, you
know, the, the bill of material and
758
:making sure that you know where that
particular component is coming from.
759
:Tim Winkler: Jacques, as far as, um, you
know, some of the things that Sandeep
760
:touched on in terms of the traditional,
you know, IT security environments, uh,
761
:are you seeing similar trends, uh, when we
think, you know, carry this over into more
762
:of the blockchain security environments?
763
:Or, you know, anything else that
you're, that's on your mind right
764
:now, when we're looking ahead on what
innovations you're foreseeing playing
765
:a pivotal role in, in blockchain.
766
:Jacques Boschung: So because of the
nature of blockchain and because of
767
:the speed, the ability of the money to
vanish so quickly on the blockchain,
768
:we don't have all, I would say this
infrastructure of cyber security is
769
:that classical perimeter which is.
770
:In many cases articulated around
the security operation center, SOC,
771
:they are deployed on the server
endpoint, an endpoint protection
772
:platform, and then they have
what we call a security incident.
773
:And event management system, which
is correlating and, uh, you know, uh,
774
:collecting all those logs and creating
out of the logs, which is like a white
775
:noise creating in understanding patterns.
776
:Okay.
777
:And that's where, by the way,
uh, AI is playing more and more a
778
:big role because next generation
security is CM as we call it.
779
:are really totally integrated
with, uh, with AI capabilities.
780
:So, so AI is playing at the
same time the offense and the
781
:defense, which is, thanks God.
782
:So it's part of the armor as
well as part of the missile
783
:trying to penetrate the armor.
784
:But, Now, what we need to do and
what we are doing in blockchain is to
785
:think about some of those models in
classical while taking into account
786
:the very short response time we have.
787
:So we cannot really do a proper
managed detection and response,
788
:okay, which is really the big, the
big world in the classical cyber
789
:defense, classical perimeter.
790
:But we are, we are coming with
some tools for, for instance.
791
:So it's something that I'm sure
Sandeep knows very well called CVSS,
792
:which is Common Vulnerability Scoring
System, okay, to assess a system.
793
:So at Albon we have developed a BVSS,
Blockchain Vulnerability Scoring
794
:System, which is also based on exploit.
795
:easy to exploit and impact what
kind of impact you have, but
796
:also if you can reverse back
or if you cannot reverse back.
797
:So we have, we have developed
a system around that.
798
:We have also developed another
system which goes into what
799
:I call policy enforcement.
800
:So in banks, Being able to
enforce your policy across
801
:your IT system is very crucial.
802
:So we have, uh, we have developed a
smart contract which sit on top of
803
:other smart contract in which enable
you to make transaction simulation.
804
:So you can make, like in the sandbox,
in fact, you can, but on real, on the
805
:blockchain, on the productive environment,
the main chain, if you, if you wish.
806
:You can really simulate transaction
and you can also impose, uh, policies.
807
:So it's a policy enforcement tool.
808
:And last but not least, it's
a breach prevention tool.
809
:So it's some level of centralization
and now it becomes interesting.
810
:It's some level of centralization in
some things that should be, you know,
811
:a kind of insurgent model, which is a
decentralized ledger, uh, uh, technology.
812
:So we, we are adding those components.
813
:To make the blockchain more and
more, I would say, compatible
814
:with some centralized component
of classical perimeters and more
815
:importantly, with a heavy regulated
and compliant IT of a bank.
816
:So those are some of the
key initiatives we take.
817
:Does that make
818
:Mike Gruen: sense?
819
:Yeah, it does.
820
:Actually, it's funny because the um,
I've filled out my fair share of security
821
:questionnaires um, from banks and it
is always interesting the questions
822
:that they ask and how, how it's clear
that these are, these questionnaires
823
:that are, these assessments are really
built on this traditional model of how
824
:we've deployed software in the past.
825
:And I'm sure that there's impacts
in, you know, how we're doing,
826
:how they're working internally and
all the different changes like.
827
:What does it mean?
828
:You know, what's, you know, if you're
running in a serverless architecture,
829
:what do you, you know, how does, how do
I even answer some of these questions?
830
:Because they don't make sense.
831
:Um, you know, I mean, like, they're
just, and I know what they're asking,
832
:but like, wait, I want to, can I
just get on the phone with someone
833
:and explain what architecture is?
834
:And then they'll, they'll say
like, oh, yeah, this whole set of
835
:questions is irrelevant to you.
836
:Um, but yeah.
837
:Um, and it's interesting to see the banks.
838
:I imagine it's even more of
a struggle internally, right?
839
:Like, I'm just an external vendor trying
to sell in and I can, you know, and
840
:I'm just throwing out these things.
841
:But I imagine internally, there's
a lot more that's going on on those
842
:assessments and trying to figure out
what does security mean within when
843
:you're talking about people who are
used to a more traditional model
844
:and then trying to adopt or, you
845
:Jacques Boschung: If I may, I have
an anecdote, in fact, in fact, uh,
846
:Albon developed that centralized, um,
uh, smart contract system to, to make
847
:this policy enforcement two years ago,
and they tried to sell it to DeFi.
848
:Decentralized finance.
849
:No chance, excuse my English, no
F chance to sell that or defy.
850
:Okay.
851
:So when I joined, I said,
Oh, look at that thing.
852
:This is, this is fascinating.
853
:Some components of centralized
management, again, police enforcement.
854
:Banks should be interested.
855
:And banks starting with permissioned
blockchain, for instance.
856
:And guess what?
857
:That's exactly the corner which
is showing interest into that.
858
:So in this kind of a wild west of
distributed nodes and decentralized
859
:ledger, for banks to bring some kind of
central control, and I'm also curious
860
:to hear Sandeep on that, by the way,
was all of a sudden, uh, was raising
861
:some appetite for that and we are having
multiple conversations on that currently.
862
:Tim Winkler: Sande, we'd love
to hear your thoughts on that.
863
:Sounds like Jack has a personal request.
864
:Sandip Wadje: Sure.
865
:So I, no, I think I, I,
I, I completely agree.
866
:If, if you, if you look at, for
example, uh, the, the comparisons
867
:what, what Jack has given, um, and
I can, I can start with like the,
868
:the layman analogy is.
869
:In financial services, you have Moody's
and standards and poor's to give
870
:you a rating of, you know, how good
a financial institution it's then.
871
:You move a little bit towards cyber
and IT, and then you have bit sites and
872
:security scorecards who are essentially
trying to do the health and hygiene
873
:check and tell you, oh, okay, from
a health and hygiene perspective,
874
:this is what your score looks like.
875
:And I think that missing piece of
puzzle, which Jack probably has, you
876
:know, put a spotlight on, is What is
your security rating or maturity rating
877
:for blockchain adoption looks like?
878
:And then, and I think, uh, where
Halbon has come up with that
879
:approach makes a lot of sense.
880
:Because, uh, uh, even though we may all
agree on the basic health and hygiene,
881
:unless you create a scale, people
don't know what to match up against.
882
:So it's very important that someone
goes there and says, this is what the
883
:health and hygiene indicator scale
looks like me in relative to this scale.
884
:Where are you?
885
:So I think it does help.
886
:And, and it, it helps on the security
side, but it also helps on, uh, you
887
:know, uh, what again, uh, Jack tried
to focus on is what we call again,
888
:in terms of our terminology is the
risk metrics coming from blockchain,
889
:because one of the reasons you're
trying to do a blockchain adoption.
890
:And if you look at the history
of financial services industry,
891
:why is blockchain so attractive?
892
:The blockchain is so attractive because
it gives you the data and metadata by
893
:means of smart contracts, where you can
do risk analytics much more efficiently.
894
:And then when I say risk analytics.
895
:In the distant future, not today, but
three to five years down the line,
896
:if you have your real world assets
tokenized, your bonds tokenized, your
897
:mortgages tokenized, imagine able
to do stress testing in one click.
898
:If you, if you ever try to figure out
how many people are needed in a bank
899
:to do stress testing and be compliant
with those financial regulations,
900
:you'll be amazed, you'll be amazed
and the infrastructure required to do
901
:that because, because you have to have
all these data from disparate sources.
902
:And then do that liquidity stress
test or against different economic
903
:scenarios as to, you know, in a
nuclear event, what's going to happen,
904
:are we going to survive as a bank?
905
:And now blockchain opens a completely
new door because you know what?
906
:You don't have to struggle to get the
data from 10 different sources to tell you
907
:how much liquidity position perspective.
908
:Blockchain makes it way more easier.
909
:So I think.
910
:The, the reason we are in a lot
of excitement about blockchain, we
911
:need to understand it very clearly.
912
:One is payments because it removes
intermediaries and it makes so much
913
:easier to do it securely without
having intermediaries in between.
914
:That is the reason why we see so many
payments, you know, uh, pilots going on.
915
:tokenization.
916
:You know why?
917
:Because fractionalization, you can
fractionalize assets, you can bring
918
:more participants in, you can open it
to more broader part of the society,
919
:which was not the case before.
920
:So that makes it more easier.
921
:The third is that the smart contracts,
because It takes three to five days,
922
:maybe more going between different
teams, including legal, by the way,
923
:every time you make certain changes in,
you know, in, in, in your, your, uh,
924
:your interest rates or anything else.
925
:And with smart contracts is
on the fly, you can make those
926
:policy changes much more faster.
927
:So I think https: otter.
928
:ai Make blockchain like really stand
out, uh, in terms of, you know,
929
:how, where the adoption is going.
930
:So, so I, I, I couldn't agree more
with Jack in terms of, you know,
931
:the health and hygiene indicators.
932
:The, the, the ability to enforce policies,
which is very, very important from
933
:a financial institution perspective,
because then you're able to establish
934
:certain baseline and rules, and then
you're a little bit confident that you
935
:know what, at least there is no deviation
from this baseline behavior and the
936
:infrastructure is running at a certain
maturity level that I expect it to run.
937
:So it does make a lot of sense to me.
938
:Tim Winkler: I think it's a great
kind of stopping point, kind
939
:of put a, put a bow on it here.
940
:It's also reinforces why I love this
format because I, you know, I think
941
:hearing that from your perspective,
Sandeep, and then Jack, having you kind
942
:of, you know, speak to it, you know,
firsthand on some of the work that you're
943
:doing in real time, I think it's, it's
great to kind of hear it from both sides
944
:and, um, you know, Sandeep, I think that
last little segment there, I was It's just
945
:helpful to, to process it and, and make it
a little bit easier for everyone to kind
946
:of understand when it's going from, you
know, those more traditional environments.
947
:Um, and so, um, yeah, kudos to you
guys for, for, you know, being a
948
:great one, two team there to, to help
bring this conversation to light.
949
:Um, you know, we, uh, we definitely
want to, you know, wrap things up
950
:with our, our final segment here.
951
:It's a, it's a fun segment
called the Five Second Scramble.
952
:Uh, we're going to just spitball
a couple of rapid fire questions.
953
:Try to give your answers
within five seconds if you can.
954
:And, uh, some will be business,
some personal, um, Mike, why
955
:don't you lead us off with
Sandeep and then I'll get to Jack.
956
:Mike Gruen: Sounds good.
957
:All right.
958
:Uh, you ready?
959
:Uh, what's the most important
skill you look for in a new hire?
960
:Sandip Wadje: Attitude.
961
:Attitude.
962
:I, I, I, I look for that
individual's attitude to things.
963
:Okay.
964
:And then how, how they
essentially handle situations.
965
:Yeah.
966
:Mike Gruen: Uh, what's the best piece
of advice you've ever been given?
967
:Sandip Wadje: There is no meeting
that cannot be rescheduled.
968
:So focus on your well being.
969
:So your well being, your well being takes
priority over a lot of things in life.
970
:So there is, there is no meeting.
971
:There is no appointment
that cannot be rescheduled.
972
:Mike Gruen: Yeah, well said.
973
:Uh, what's the biggest misconception
about working in traditional banking?
974
:In it, in i, in traditional banking,
975
:Sandip Wadje: the level of maturity,
uh, uh, uh, the, the, unless you
976
:come in, uh, uh, from outside it
looks really, really glorious.
977
:Uh, but, but then when, when you, when
you go inside, uh, uh, uh, the, the, the
978
:scale, the scale of eight is like, yeah,
it's, uh, like I, and, and then trust me.
979
:This will come from anyone who is actually
working in a large international bank.
980
:So, so, but again, I think, uh, on that
topic, if you ever watched Barack Obama's
981
:interview, uh, he said it really nicely.
982
:He said, I've met world leaders
and then there are no more than
983
:ordinary people and making the same
mistakes anyone else would make.
984
:So, so, uh, so I would say large
corporations are no different.
985
:It's the same people dynamics that you
would find anywhere else in the world.
986
:Cool.
987
:I like it.
988
:Mike Gruen: Uh, what's your favorite
part of the company culture at BNP?
989
:Sandip Wadje: We're very people centric.
990
:We take care of people.
991
:We look after people.
992
:I really like that.
993
:And you will not find actually
anyone living BNP Paribas.
994
:If you ever go on LinkedIn,
you'll find that people stay
995
:with the bank for 20 30 years.
996
:I'm probably the least experienced person
in BNP as of today because everyone else
997
:at my level has been there for 30 years.
998
:Mike Gruen: Aside from AI and
blockchain, What is an emerging
999
:technology that you're excited about?
::
Sandip Wadje: Uh, uh,
artificial intelligence.
::
Mike Gruen: Now, aside
from AI and blockchain,
::
those are
::
Sandip Wadje: too easy.
::
Oh, except for,
::
so, uh, uh, I would say the next one
in my list would be quantum for sure.
::
Very, very much excited about quantum.
::
And, uh, I think, uh, people
are going to miss, uh, the
::
tipping point on quantum as well.
::
Because they didn't see a chat GPT
coming in:::
have similar moment with quantum
where people think that, oh, it's 10
::
years away and boom, and the tipping
point comes faster than you think.
::
And then you're not prepared for it.
::
Mike Gruen: Totally agree.
::
I think.
::
Yep.
::
I'll save that for a different day.
::
Um, what's the most outdated piece
of technology you can't let go of
::
Sandip Wadje: my iPod.
::
Yep.
::
I still have it, uh,
160TBs with all songs.
::
I love it.
::
And, and I somehow I can't let it
go because it, yeah, because you
::
know, you can't be disturbed when
I have that iPod and music on.
::
Uh, there is no disturbance actually,
and it's so easy to flip around and
::
change the music and everything else.
::
It feels so much better, actually.
::
Mike Gruen: That's smart.
::
That's awesome.
::
Um, what's something you did as
a kid that you still enjoy doing?
::
Sandip Wadje: I've been like a big
networking guy all, all my life.
::
I always wanted to connect with
people, make friends, socialize.
::
And I, I do this even today.
::
I, even though I'm in managing director
in a bank, I make it a point to at least
::
Meet five to 10 new people every week.
::
So, so, uh, does, does keep on top
of technology and what's going on.
::
So, yes, I, I am a prolific
networker and, and that, that's
::
the habit that stayed with me.
::
Since I was a kid.
::
Mike Gruen: That's cool.
::
Um, what's a charity or corporate
philanthropy that's near and dear to you?
::
Sandip Wadje: This is an interesting
one, but which is something
::
we do in the UK every year.
::
We do Whitehead Ball first
last week of January every
::
year to raise money for NSPCC.
::
Uh, which runs child child line, uh,
which is essentially, uh, a telephone
::
line to help children's in distress.
::
So we do this every year.
::
I've been going to Whitehead Ball
probably six, seven years for now.
::
Uh, it's a, it's an excellent
charitable initiative.
::
Roughly 800 professionals
attend it every year.
::
I think if I'm not wrong, we
raise roughly like a million
::
plus every year for the charity.
::
Yeah.
::
Mike Gruen: Nice.
::
Uh, if you could live in
any fictional universe,
::
Sandip Wadje: which would you
::
Mike Gruen: choose?
::
Sandip Wadje: Oh, Marvel.
::
A hundred percent.
::
Mike Gruen: I assume as a superhero,
not just as a regular person
::
who's just getting murdered.
::
Um, and what's something that you still
enjoy doing, but are really bad at?
::
Sandip Wadje: That's a good one.
::
That's a good one.
::
Cooking, cooking.
::
So, uh, yeah.
::
Tim Winkler: Nice.
::
Alright.
::
That wraps it up.
::
Nice.
::
Alright, uh, Jacques,
let's get over to you.
::
Let's kick it off with, you
know, give us the quick pitch
::
of how you describe Halborn.
::
Jacques Boschung: Oh, Halborn, we are
a cyber security company committed to
::
enable the next digital transformation
in financial services in a secure way,
::
thanks to our knowledge of blockchain
technology and the surrounding web
::
to constraints and dependencies.
::
Tim Winkler: What's your favorite
part about the culture at Alborn?
::
Jacques Boschung: Uh, it's proof of
work culture, meaning that people
::
needs to demonstrate what they can
do, uh, be engineers or other people.
::
That's one thing.
::
And the other thing is that we, we
are totally a decentralized company.
::
So we are following the lead
of our blockchain focus.
::
Tim Winkler: Excellent.
::
What, what kind of technologists
would you say thrives at Alborn?
::
Jacques Boschung: Oh, zoom
teams, all those things, since
::
we are totally decentralized,
that's the way we work together.
::
No, no other option.
::
Tim Winkler: Somebody who
cannot, uh, operate virtually.
::
It sounds like, um, what kind of.
::
Tech roles are you hiring for at Halborn?
::
Jacques Boschung: We are hiring engineers.
::
So, um, level one, level two, level
three engineers, uh, focused on the
::
blockchain technology, but we are also
hiring cyber security cloud specialists.
::
And that's exactly what I was saying
in the beginning because we are able
::
to combine the two things, which is
the only answer for big banks like BNP,
::
by the way, because they really want
to speak with somebody who can both.
::
I'm just on classical preliminators and
the new distributed ledger technology.
::
Tim Winkler: Very cool.
::
What would you say is the biggest
challenge that's you, you all will
::be facing as a business in:
::
Jacques Boschung: Uh, so
we, we are essentially a
::
professional services company.
::
So what we do are services.
::
We deliver services.
::
So recruiting talent is always
very high on our scorecard.
::
Tim Winkler: Aside from AI,
blockchain, and quantum.
::
What's an emerging technology
that you're most excited to see?
::
Jacques Boschung: Okay.
::
Maybe sometimes nuclear fusion.
::
Tim Winkler: We just raised the bar.
::
I love it.
::
I love it.
::
Dates
::
Jacques Boschung: to TBD.
::
Dates TBD.
::
Well, it has been emerging for 70
::
Mike Gruen: years.
::
So, I mean, once we have the
AI and quantum, I think that
::
we'll be able to figure it out.
::
Like we'll just have general, general, but
::
Jacques Boschung: you still
have some physical limitations
::
that even AI cannot overcome.
::
Tim Winkler: That's true.
::
Uh, quickly describe your morning routine.
::
Jacques Boschung: Oh, uh, I wake
up early, I do sports, uh, and then
::
I am always coming back to work.
::
I am not taking breakfast, just a tea.
::
Tim Winkler: All right.
::
What is your favorite app on your phone?
::
Jacques Boschung: My
favorite app on my phone.
::
What's up?
::
Tim Winkler: Nice.
::
What's a charity or a corporate
philanthropy that's near and dear to you?
::
Jacques Boschung: Okay.
::
We don't do corporate philanthropy.
::
I do personal philanthropy
for the people in Ukraine.
::
Tim Winkler: Very nice.
::
If you could have dinner
with any tech icon, past or
::
present, who would it be with?
::
Jacques Boschung: Ha!
::
Um,
::
Richard Feynman.
::
He was a guy, he was a physicist
back in the day, who really thought
::
about the quantum computing.
::
He was really the guy at
the very root of everything.
::
And he was a true genius.
::
And very funny guy.
::
So on top of that, it would not be boring.
::
We cannot say that of all the
tech tycoons that we know nowaday.
::
Tim Winkler: Mike, you lit up, you
know, this guy, I know that guy.
::
Mike Gruen: Yeah.
::
There's some great videos.
::
Yeah.
::
Whatever.
::
Jacques Boschung: He was in the movie.
::
Hymer, by the way, he had,
he was playing as a plane.
::
The character, the character
in Oppenheimer, yeah.
::
Tim Winkler: Oh, okay.
::
Uh, all right, a couple more
here and then we'll wrap it up.
::
Uh, what is the worst fashion
trend that you ever followed?
::
Jacques Boschung: That I
did follow, okay, moustache.
::
Tim Winkler: You know, it depends
on who you ask, but that's sometimes
::
coming back as a great fashion trend.
::
Jacques Boschung: Right, right.
::
That's why I was getting that.
::
It's a provocative provocation, right?
::
All right.
::
Tim Winkler: Yeah.
::
It's a safe, safe answer.
::
Uh, alright.
::
What was your dream job as a kid?
::
Jacques Boschung: Uh, dream job as a kid.
::
Uh, pillar of a jet fighter.
::
Cool.
::
But then, then that came very similar.
::
Forget it.
::
Yep.
::
Forget it.
::
.
Tim Winkler: Yeah.
::
Uh, awesome.
::
All right, well that is a wrap.
::
I wanted to thank you both so much for
joining us and you, you've been fantastic
::
guests and sharing your insights on this.
::
Obviously critical topic that,
uh, is cyber security and banking
::
and, uh, appreciate your time.
::
And yeah, thanks for
joining us on the pod.
::
It
::
Jacques Boschung: was awesome.
::
Thank you so much, Sandy.
::
Nice meeting you.
::
Thank you guys.
::
Thank you.
::
Thank you.