Cybersecurity is no longer an IT issue—it’s a CEO-level decision with compounding consequences. As AI accelerates both innovation and attack capability, the cost of delaying action is rising faster than most leaders realize.

In this episode, Brian Cute, CEO of Global Cyber Alliance, breaks down what’s changing in the cyber threat landscape—and why many companies are already behind. From AI-powered scams to organizational focus challenges, this conversation highlights the decisions CEOs can’t afford to defer.

Brian Cute leads Global Cyber Alliance, a nonprofit working at the infrastructure level to make the internet safer through global collaboration. His perspective spans law enforcement, internet governance, and cybersecurity at scale—giving him a unique view into how threats are evolving and where organizations are most exposed.

This episode centers on two intersecting pressures: the rapid acceleration of cyber threats driven by AI, and the internal leadership decisions required to respond effectively. Brian shares how his organization navigated a critical transition—moving from broad impact to focused strategy—and why that same discipline is now required of CEOs facing increasingly sophisticated cyber risks.

Key Takeaways

1. Cyber risk is compounding faster than most CEOs are acting - AI is lowering the cost and increasing the scale of attacks, turning cybercrime into a highly efficient, globalized system.
2. Lack of focus is a strategic liability - Trying to do too many things dilutes impact—clear positioning and a narrow value proposition are critical for execution and funding.
3. Cybersecurity is a business risk, not a technical function - Treating it as an IT issue leads to underinvestment and delayed decisions that can have material consequences.
4. AI adoption without risk awareness creates new exposure - Using AI tools without understanding data flows, privacy risks, and accuracy issues can introduce significant vulnerabilities.
5. Collaboration is the only way to address systemic risk at scale - No single organization can solve cybersecurity challenges alone—coordination across industries and governments is essential.

Chapter Markers

00:00 The Small Business Mindset

00:14 Introduction to Global Cyber Alliance

01:13 Why Cybersecurity Is Uniquely Challenging

02:43 Cyber Threats: Movies vs. Reality

05:41 10-Year Milestone & Leadership Transition

07:57 Origins of GCA

12:06 Evolution of Cybercrime

14:30 The Power of Collaboration

17:30 Startup vs. Cybersecurity Priorities

21:18 Strategic Partnerships

27:43 Refocusing the Organization

42:00 AI, Deepfakes & the Coming Cyber Tsunami

Guest & Host Information

Brian Cute

CEO, Global Cyber Alliance

Website: https://gcyberalliance.org/

LinkedIn: https://www.linkedin.com/in/briancute/

Small business owners are so focused on just getting to tomorrow.

2

We need to present a clear, more narrowly focused value proposition, focus on signal,

right?

3

What are the one or two things that really, really matter?

4

Welcome back everybody to the breakout CEO podcast.

5

I'm your host, Jeff Holman, and I'm glad to be here today with Brian Kueb.

6

Brian, thank you so much for joining us.

7

Yeah, glad to have you.

8

uh We're going to talk about your business uh and we're going to talk about some of your

breakout moments today, but it feels like maybe there's two layers to this for me because

9

you're in cybersecurity, your business or your organization is a nonprofit called Global

Cyber Alliance.

10

And it just seems to me that building a company is chaotic enough, but when you do it

within the landscape of what I believe is a really difficult, externally influenced, maybe

11

expensive landscape, that might make it even harder.

12

So you've got two layers at least of the chaos in the organization.

13

Is that anywhere close to correct?

14

ah It is.

15

Every company and every leader has their own particular set of challenges.

16

We're not different in that way.

17

I do think that cybersecurity in general is a particularly challenging uh environment and

industry.

18

It's complex.

19

It's technical.

20

I think also for end users and what we do, what we focus on is on making the Internet's

infrastructure more secure.

21

There are some

22

security flaws within the infrastructure.

23

And we collaborate with others to develop solutions.

24

We work with network operators, infrastructure providers, because if you fix a bug in the

internet itself, every user is more safe by definition, right?

25

So that we try to achieve scale working in collaboration.

26

We also develop and offer free tools to micro and small businesses, NGOs.

27

We target

28

the organizations that are at risk and also under resourced, right?

29

They don't have enough money to buy commercial solutions or have a vendor do their

cybersecurity for them like a large enterprise.

30

So we're by definition taking on really big complex challenges.

31

So I think in that way, yeah, you're painting a picture that's fairly accurate.

32

We're taking on some pretty big challenges and ah there's no easy way to...

33

to deliver those solutions.

34

Yeah.

35

So for those of us who are less educated in the space, you know, I'm going to come at it

from a really naive perspective here.

36

And I think, you know, you go to the movies and every year or two, there's, there are

movies about these cyber attacks or, you know, technology.

37

And, and I just assume because I see a lot of companies building technology of their own.

38

And I know that the technology I see is, is well ahead of whatever makes it in the movies,

you know.

39

So when we see something in the movies, I assume that we're

40

that you're dealing with things that are, know, levels and levels beyond whatever has made

it into the movies.

41

Unless maybe it's a sci-fi, I don't know.

42

Sci-fi might predate some of the chaos, but.

43

Yeah, I mean, the sci-fi, some of the sci-fi movies are presenting futuristic things like,

well, like The Terminator and Skynet.

44

Remember that?

45

Right.

46

Right.

47

enough to remember that.

48

And that's what, 25, 30 years old now?

49

So the fun thing there is I made my daughters watch The Terminator.

50

They didn't really want to, but I said, you've got to see this movie.

51

Yeah.

52

And I saw it 25 years ago.

53

And I think the concept of Skynet

54

for us back then was like, wow, this is Skynet, what would that be?

55

The interesting thing was when my daughters watched the movie, they became more troubled

by it than I did because the concept of Skynet to them is actually, well that exists,

56

right?

57

We've got satellites, we've got computers, it's sharing data, these terminators could

actually come and take over the world.

58

And for them it was very real and present.

59

So, you know, that's just one example.

60

For us, the challenges that we face, I would say this.

61

um What you see in the movies tends to be fairly accurate.

62

um What's going on in reality, if the average person knew um the types of attacks, the

capabilities of the bad guys, the risks that they face, it would uh unnerve them.

63

There's a lot of risk out there.

64

more challenging, Jeff, with AI, and I'm happy to elaborate more on that with AI, the

threats are becoming more serious.

65

They're coming at us much faster, and they're becoming more effective ah in their aim in

terms of cybercrime.

66

So we're really moving into an environment that's becoming very high risk, very

challenging.

67

And so people being protected, right?

68

The internet being safer as we can make it safer working with infrastructure providers,

but people being protected, knowing what their risks are and being protected is at a

69

premium.

70

I feel like we need to get into that, we might need to step in a little bit slower because

there's probably so much.

71

Let's back up.

72

So you've been involved with uh Global Cyber Alliance for, is it 10 years now?

73

that's how long it's been around?

74

It's been around since 2015.

75

I've been here about four and a half years.

76

Okay.

77

The original CEO Phil Reitinger, we just celebrated our 10th anniversary last September

78

And that was a big milestone for the organization.

79

And at the same time, our founding CEO Phil Reitinger stepped out from his post.

80

So

81

as a cybersecurity nonprofit, know, quite a, quite a, uh you know, quite a big milestone

to reach 10 years and be vibrant and be delivering services and helping the public.

82

And then having your founding CEO step down, it's a big transition, right?

83

You know, familiar startups, right?

84

I mean, they are, the identity of the startup is the identity of the startup CEO.

85

Yeah.

86

Phil was a brilliant dynamic.

87

cybersecurity expert who was so creative and built GCA into what it is today.

88

And so for me, stepping into the role, A, very big shoes, B, a really rapidly and changing

environment, and so C, now where do we go?

89

That's kind of what I'm trying to navigate.

90

Well, and it seems like if I were to think about it, maybe they're, don't know the exact

91

I'm certain of it, right?

92

And so the reason that this was started and the objectives you were trying to achieve as

93

And then fast forward to when you took, when you became a part of the organization four

and a half years ago, that would, you know, that would

94

probably be very different than 2015, but also very different than today.

95

How has the landscape changed or how have the objectives of the organization changed?

96

You know, what you're trying to achieve or the players that you're trying to collaborate

97

Yeah, your instinct is spot on.

98

In 2015, so Global Cyber Alliance was established by in partnership with the Manhattan

District Attorney's Office, the City of London Police, and the Center for Internet

99

Security.

100

It was those three organizations that birthed GCA.

101

And the original idea was it was really coming from the prosecutor's office, Manhattan

District Attorney and City of London Police.

102

together at that point in time, and you're right, the cyber landscape was very different

back then.

103

It has evolved so much.

104

But even back then, they were struggling with the concept of cybercrime and how to

prosecute it, right?

105

How do you capture a digital evidence of a crime, right?

106

How do you secure it in the evidentiary chain?

107

How do you establish jurisdiction?

108

And we all know how cybercriminals can

109

tied behind different resources and not be visible within your geographic jurisdiction.

110

So they were wrestling with all those challenges about getting cyber criminals and putting

them in jail.

111

And the simple idea was, wouldn't it make sense if there was a not-for-profit that was

offering security tools to the public free of charge so we can prevent some cyber crime in

112

the first place?

113

That was the germ of the idea.

114

Let's create an organization that can get these tools into the public's hands so we can

start preventing some cyber crime and lessen the load.

115

Had there been a specific incident like to have New York and London forces come together,

was there something that was happening at the time or this was just kind of the

116

culmination of we've been dealing with this, we see it growing, we need to do something,

let's be proactive?

117

Just a quick note about our guests.

118

I host the Breakout CEO podcast to share behind the scenes insights from scaling

businesses.

119

As an attorney, I see the real challenges leaders face.

120

long before success becomes public.

121

But client stories have to stay confidential.

122

So we invite guest CEOs to share their own moments of struggle and success.

123

I'm so grateful to our guests and my team at Intellectual Strategies for making this show

possible.

124

Now, let's get back to the show.

125

think it was a culmination of that.

126

And um I've worked in different capacities, kind of close to law enforcement in the past.

127

um Law enforcement collaborates, you know, regularly, certainly between certain countries

and certain types of uh law enforcement agencies.

128

But they do collaborate, they do share information.

129

um And so I think it was a culmination of that recognition on both sides of the Atlantic

that we need some help here, you know.

130

Did anything else like this exist or was this kind of a uh new thing like New York and

London were kind of on the forefront of we got to devise a solution that doesn't yet

131

exist.

132

Because that's what a lot of other startup businesses do.

133

They're in the middle of all these problems and then all of sudden someone says, well,

there's this niche here.

134

We should be the ones to proactively go out and create a solution for it.

135

Sounds like that might be what happened here.

136

I think it was kind of new.

137

And Will Pelgren, who is from Manhattan District Attorney's Office, and Cy Vance, who was

the district attorney not so long ago, it really was their brainchild.

138

And I think it was new.

139

mean, I've been here in four and a half years.

140

I wasn't here in 2015, but I'm pretty confident that the GCA was maybe the first of its

ilk.

141

There are many, many cybersecurity nonprofits now.

142

who offer a variety of different uh solutions or services or educational resources, some

that are focused on different areas than us.

143

But I think it was a fairly new, a novel idea at the time.

144

Yeah.

145

So if we fast forward to four and a half years ago, what did the landscape look like when

you joined?

146

Well, the internet has become a much uh richer platform in terms of services and apps and

social media and how the youth are using the internet in ever evolving and creative ways.

147

um You know, I actually started my career working in the internet domain name system back

148

So I remember the internet back in those days and the

149

The internet you come online today compared to 2015 or 10 years prior is vastly different

in terms of services, uh interactive services, the types of tools and apps and gaming and

150

uh text and voice and video.

151

It's just a much richer environment.

152

And there it's also a richer, it's a target rich environment for cyber criminals,

unfortunately, who...

153

Cyber criminals are always among the first adopters of technology, right?

154

And from four and a half years ago to today, I think the notable change is that scams have

become the white hot center of cyber crime globally.

155

ah Fishing emails are right part of that, but that cyber crime has become organized crime.

156

It has become transnational organized crime.

157

There are scam centers that are the size of small cities in Southeast Asia that are

spiking the attacks um in really concerning numbers.

158

that change, and that is being driven by AI.

159

They're leveraging AI as first adopters.

160

I'd say from four and a half years ago to today, that's the biggest change and things are

accelerating and not in a great direction.

161

Yeah, you're making me think with all of this uh momentum maybe in the wrong direction.

162

What's the vision that GCA would like to accomplish?

163

you know what saying, how do you create a vision that's large enough to combat the other

things happening, but not so large that it becomes overwhelmingly undoable?

164

That's great question.

165

We do it one way because we know in reality it's the only way.

166

We work in collaboration with others, right?

167

And we approach the problems that no single organization can solve alone.

168

If we're going to succeed in protecting the public at scale,

169

That is only going to happen through the collaboration of many, many organizations working

together.

170

It's got to be some government.

171

It's got to be some industry players.

172

It has to be some not-for-profit civil society actors at the center, right?

173

Getting the necessary services and protections to the public at large.

174

That takes collaboration.

175

It sounds ambitious, but it takes global collaboration.

176

to meet the threat that's coming at us right now.

177

So we think about governments and industry and civil society coming together in global

communities of action, right?

178

And partnering, working together in their own lane, but making a commitment and agreement

that we need to deliver cyber protection at scale.

179

There's an example of that that's already working on data sharing, right?

180

The importance of

181

sharing data between law enforcement and industry players, data that can provide insights

into what the cyber criminals are doing so that the people in position to stop them can

182

use that data to stop them.

183

There are examples of these types of, we call them communities of action.

184

The only way we get this done, is through coordination, collective action, agreement that

it's in the public's interest to attack this problem in this way.

185

and get it done.

186

Yeah.

187

As you're explaining this, know, I'm picturing you walking into a room.

188

I'm sure if you walk into a room of a bunch of other, you know, people leading um these

nonprofit organizations, like you probably feel pretty comfortable, pretty familiar with

189

the other people.

190

You understand where they're coming from.

191

If you walk into a room, you know, of a bunch of startup or scaling CEOs, do you feel like

there's...

192

a common understanding as to what they're dealing with and what you're dealing with?

193

Or are you just in a different realm?

194

You know, I see it one way, but I'm really curious to hear your perspective.

195

It's a good question.

196

I think as a generalization, the startup or scaling up CEO is laser focused.

197

Yeah.

198

Right.

199

On growth and getting the next round.

200

Yeah, find customers, find investors or revenue.

201

One of the two, or if we don't do one of those, we don't have money, we don't continue to

exist.

202

Exactly.

203

And so I think um I'm focused on advancing GCA's mission always and keeping my eye on that

horizon.

204

And I think through the lens of collaboration, how do I influence these people to come on

board?

205

How can I make a large corporation see that joining this type of initiative is, it aligns

with their business model.

206

There's a business incentive for them.

207

to participate and support this type of work, right?

208

I think the startup and scaling CEO with that laser focus that can't be distracted from

that.

209

They need to be laser focused.

210

There's an analogy to the small businesses that we try to get tools to so they can protect

themselves.

211

Small business owners are so focused on just getting to tomorrow.

212

Right.

213

You know, making it through the day, getting the revenue, uh managing the team, the

building, the service, the product, the widget.

214

um That what we find with them is that they don't tend to think about cybersecurity as a

priority or risk to their company.

215

When we do a lot of engagement, we've done a lot of training around the world, working

with partners to train micro and small businesses on what they need to know.

216

the steps they can take and the tools they need to use to protect themselves.

217

And it's a very common mentality.

218

I'm running a small business, Cyber security, yeah, but I've got to do this, this and

this.

219

When I have time and money, I'll do it, but not today.

220

Exactly.

221

Or that, or the, but that's not going to happen to me.

222

That's an attitude that's out there too, which is a very, a very dangerous attitude

because it's going to happen.

223

It's, know, whether it's one of your teammates or an employee clicking on the wrong link

because they just didn't know it's going to happen at some point.

224

I think like a lot of attorneys, it's not broadcast because when a company does that,

nobody's like, hey, everybody, guess what?

225

We just lost $40,000 or we just made a $1 million transfer, wire transfer we weren't

supposed to.

226

Nobody comes out and says that.

227

I get access to, like you, I'm in some of those rooms when those things happen and they

call me up and they're like, Jeff, what do do?

228

Where do we go now?

229

Can we get our money back?

230

Do we call the FBI?

231

or, you know, we've gotten a ransom uh email in, this real, is this fake?

232

uh So it's really different.

233

um But just going back for a moment, like, you need revenue, you need, you know, funding,

whatever, but when you're going out to these other businesses or organizations, know, uh

234

the infrastructure you said before, when you're going out to these infrastructure players,

235

Like you're not just saying I need some money to keep my organization going.

236

You're saying, Hey, we might need money or whatever.

237

I don't know if you ask for money in those situations, but you're, but you're saying we

need a partner.

238

Like we need to actually work together.

239

This is more like strategic partnerships all over the place rather than, you know, again,

going back to that analogy with a startup and investor rather than an investor and saying,

240

Hey, I need a hundred thousand dollars.

241

need $2 million.

242

And they give you the money and they're there and they're on your board.

243

but you're running the show.

244

This is no, actually have, we have to work together because we, the problem is so large.

245

It impacts everyone in a dramatic way.

246

If we don't have the partnership, not just the money, but the partnership, we're all going

to fail.

247

Absolutely.

248

There's two uh current partners, MasterCard and Amazon, that we both work with in

different ways, but the initiatives and the outcomes are shared, right?

249

The end state that we want to create is shared.

250

uh MasterCard is heavily invested in small businesses around the world.

251

They sell financial services to them.

252

um They recognize as a company that it's

253

It's in their interest, right?

254

That small businesses start up, get on their feet, thrive, grow, purchase services.

255

um And they, as a company, have invested quite a bit of energy and resources themselves

into making sure that uh micro and small businesses have resources available to them so

256

they can thrive as a business and be secure, right?

257

Amazon.

258

came to us a couple, a years ago, they uh have a very tight focus on their customers.

259

That's where Amazon begins every conversation is from the customer back.

260

uh And they were seeing data around scams.

261

again, I said scams have become the white hot center of cybercrime globally.

262

They are.

263

uh And they saw some interesting data with respect to young adults, 18 to 25.

264

You know, just one example of how we partner.

265

um It was very interesting.

266

We had not seen that data.

267

We are very good at developing or curating tools and packaging them up so the end user can

have what they need, understand the risk.

268

What steps do I take?

269

What tool do I use to mitigate that?

270

But it was an interesting learning experience too, because when we first started talking

with them a few years back, I'm speaking for myself, but like a lot of people,

271

I just assume like my 18 year old son and my 22 year old daughter were digital natives.

272

They were so much more skilled at the internet and social media than I, and that they are

probably inherently savvier in terms of how to be safe.

273

less likely to be successfully targeted.

274

Yes.

275

Okay.

276

Data says the exact opposite.

277

Bureau and other, they're being targeted as much in volume by cyber criminals.

278

They've been losing money uh on average, on par with segments like senior citizens.

279

And when we started doing some work and collecting some data and surveying, know,

attitudes, they're not as confident online as we assume they are.

280

So it was really a learning journey with a partner organization about, here's a specific

problem that's not being addressed.

281

This is a community that needs awareness, that needs resources and understanding of risk

and some tools.

282

And so we ended up developing uh a mobile forward solution that was social media uh

friendly that engages.

283

And we brought young adults into design process.

284

of that product, which was the smartest thing we could have done.

285

But yes, it is partnership and it's partnership in understanding the dimension of the

problem, being aligned in the desired outcome, having aligned incentives, obviously,

286

there's being commercial, ours being not for profit, but having a shared incentive.

287

ah That's critical to getting bigger things done.

288

Yeah, yeah.

289

I'm glad you said that because I think from, you know, I'm a small business owner.

290

I've been a small business owner for a long time.

291

I work with a lot of small business owners and I think small business owners and

individuals and families look at a lot of these larger organizations and they say to

292

themselves, man, MasterCard or Visa or American Express or Amazon or whoever it is, you

know, like I'm paying for the fact that they just let this stuff happen and all this is

293

going on and, and they're just charging me and

294

They probably don't like, like they make money either way.

295

And, and I'm, I'm certain that's not their attitude, right?

296

uh It's interesting to hear that they're collaborating with people like you to try to

tackle this.

297

And I'm sure it's just as overwhelming for them, even with their resources as it is for

the small business owner who, who doesn't know if they're going to be attacked or maybe

298

has been attacked and is trying to, trying to navigate that.

299

It's just a universal problem, it sounds like, and seems like from what I've seen.

300

It is.

301

That's not an understatement at all.

302

And I think, yeah, they're commercial organizations and they're for-profit and they're

market driven.

303

And having worked with them both very closely, they really understand the dimension of the

problem and the impact that it can have if it goes unaddressed, which is why they've

304

committed their time and resources, not just to protect their own customers, but in these

broader

305

coalition, these broader community of actions that I've referenced earlier, they're active

participants.

306

They support those broader community of action activities because they understand the

dimension of the problem and what was required to address it.

307

Yeah.

308

Well, fascinating conversation.

309

We could go on for hours about the expansiveness of this issue, but I want to, I want to

give our audience some insight into maybe your role and what you, know, how you've managed

310

within the organization.

311

Whether you're, you know, CEO of a nonprofit, CEO of a scaling company, like you go

through a lot of the same issues, I think, even though the playing field might be a little

312

bit different.

313

And so I'm curious as you've been, as you've been in the company or in the, in the

organization and even more recently as CEO, what kind of things do you run into where

314

you're like, this is new or need to solve this.

315

Like this is, this presents an issue, maybe not viability of the organization as a whole

or maybe, but we got it like, like we got to figure this out to get to the next level.

316

What kind of things have you run into that?

317

fall into that type of category.

318

I think the most immediate and important thing was with uh the founding CEO stepping down

and um some kind of seismic shifts in both technology with AI, but also in funding for

319

nonprofits, which is becoming an increasingly challenging environment in the last couple

of years.

320

um There's a real question about what's the forward strategy now, right?

321

Phil has stepped down.

322

And m I think one of the things I recognized early and with some internal colleagues as

well was um we definitely punched above our weight as a small organization of 25 or so

323

people with a very broad goal of cybersecurity at scale globally for the under-resourced

and at risk.

324

organizations and working with the infrastructure providers.

325

Nevertheless, we really punched above our weight, We have done so many different

initiatives, delivered so many important solutions and contributions that, you know, the

326

first recognition was we are too many things to too many people.

327

Right?

328

Like if we're going to...

329

saying that this is like one of the realizations during this leadership transition.

330

you're like, do you think that happens?

331

Because other companies go through leadership transitions.

332

And from the outside, it would seem like, whatever goals you set last week, let's just

keep those and keep going.

333

What's the shift kind of the, I don't know, what's the word?

334

I'm thinking of the um tectonic plates, right, in the earth.

335

Why do those things shift when there's a leadership transition?

336

Well, think there's a natural, um there's a maturity cycle for organizations, right?

337

From startup to make it past startup, and then your young adult moving to mature, and then

you get to the fully mature, and if you don't innovate, you then start the death cycle.

338

ah I think there's a general cycle here too.

339

mean, what I think for global cyber alliances, um it has been defined by,

340

um the identity of an incredibly brilliant, dynamic, creative CEO.

341

And that has gotten us to where we are.

342

I mean, a recognized player that does so many incredible things.

343

But it's also time, it's one of those times where you have to mature in a different

direction.

344

mean, personally, I think we need to be more narrowly focused, right?

345

We need to present a clearer, more narrowly focused value proposition.

346

to our funders, we can't be perceived as doing eight different really great things, but

that doesn't lend to a kind of a cohesive value proposition, right?

347

If you invest with us, you're gonna get these specific outcomes.

348

So the first recognition was too many things to too many people, what should our value

proposition be going forward?

349

Narrowing the aperture of what we do.

350

and focusing on the thing that funders care about today.

351

So we could make an effective value proposition pitch to them.

352

So that's really the turn, kind of the pivot.

353

And we're working on that.

354

We developed a new strategy.

355

We've developed a new value proposition statement.

356

We're targeting potential funders with better intention and aligning with those who have

an interest in art.

357

the direction we're going.

358

uh And I think moving through that and more clearly defining GCA in different ways, I also

think it needs to become an organization.

359

It needs to become a more professional organization in terms of how we operate.

360

Well, I mean in terms of internal operations, the way the team works together.

361

Eight different amazing things.

362

You've got people focused in different directions.

363

A lot of great, dedicated, capable people doing things and having impact.

364

But sometimes team cohesion can suffer.

365

Everyone's got their own initiatives.

366

You know, you're describing this and I'm hearing, I'm hearing a lot of the same types of

things that I hear from founders where they're like early, early on, we tried to be all

367

things to all people.

368

And then one day we're like, that's not going to work.

369

We'll be, we'll be everything to nobody.

370

If we keep it up, we got to, you know, refine our offering.

371

That's what I'm hearing.

372

have these different people who have different objectives and now you've got, you've got

to get into, into alignment and you've got to say, Hey,

373

this, you know, if we're going to align on one offering, we all need to align our actions

and behaviors and inputs toward that offering.

374

can't keep going towards different offerings.

375

So this is, it sounds like a parallel to what I see in for-profit businesses quite often.

376

It's precisely what's happening.

377

So it's not a new uh challenge.

378

It's new for me.

379

I've not been in this position before.

380

I was a uh CEO for eight years of Public Interest Registry, which runs the .org address on

the internet, um which is a very, very well-funded, not a typical not-for-profit in that

381

it has a funding machine by selling .org addresses to feed its programs.

382

It has great financial stability.

383

But GCA is a classic not-for-profit which has to approach philanthropies, approach

corporate donors, work with government programs that provide funding and align with them

384

and get funding to do the things that we do and work together.

385

So it's a challenge.

386

The funding environment has changed significantly.

387

You saw the US government eliminate USAID, which is an economic development uh funding

channel.

388

The good news for us is we were not dependent on that for our life's blood, but it's one

source of funding that goes away.

389

um

390

And then everybody else who was dependent is now coming to the sources where maybe you've

had less competition.

391

Absolutely.

392

Absolutely.

393

There's competition.

394

A lot of the corporate funders and even philanthropies for the last couple of years, the

constant message has been, I have a finite pot of money.

395

You know, I'm funding a number of you all, not-for-profits.

396

We'd like to see more of you partnering together and proposing larger projects.

397

We'd like to see other funders at the table.

398

as well, not just us.

399

And this is coming from consistently, know, corporates and philanthropies.

400

So that's the environment we're in right now.

401

So that's the environment we need.

402

We need to create an offering and a value proposition that's clear, that cuts through,

that's attractive to certain funders.

403

And yes, we're entertaining the idea of partnering with others and coming to the table

with bigger projects.

404

That's where these community of action initiatives, a lot more sense.

405

Let's get more people to the table, more funders, more not-for-profits, more corporates,

and actually agree to drive a common initiative.

406

That's where that ties in.

407

um So that environment's really challenging.

408

yeah.

409

So founding CEO steps down, that's a change.

410

um Too many things to too many people, refocusing, new strategy, navigating the funding

environment, and then just to make it extra fun.

411

Here comes AI, which is putting cybercrime on steroids, right?

412

So that's the environment.

413

It's incredibly dynamic.

414

That's amazing.

415

How, how are, what have, what do you feel like you've been able to do and who have you

turned to to help you do it, to start to navigate these types of things?

416

Is this all internal?

417

Do you bring in consultants?

418

you, you know, you spend your Sunday evenings ideating like, what do do next?

419

Like, like what's the, what's the solution to, to, to getting all of these things to come

together as the external, you know,

420

chaos is just expanding.

421

So interesting question.

422

Most of it's come honestly internally, know, uh colleagues on staff um who've been in the

fight for a long time and have been part of the team and understand the need for change.

423

um Our board, we have got a terrifically supportive board that's, and many of them have

there from the beginning, um who are open.

424

um

425

You know, they push us where we need to be pushed.

426

They're supportive always.

427

They're throwing in, you know, in moments like this, you want your board to throw in as

opposed to be kind of sitting back posture-wise.

428

ah And then the one initiative that we recognized we needed was a communication strategy.

429

Right?

430

We realized that we haven't been the strongest in communications, but particularly with

respect to the funder audience, right?

431

and the value proposition.

432

So we did go engage an outside firm, we're just about done with that, to develop a new

communication strategy that can help communicate the new narrowly defined mission, the

433

value proposition statement, and get ourselves in front of the right audiences.

434

So that was a piece that was missing that we did go outside to get help with.

435

Okay, and who is that audience in case any of our any of our audience is listening and

they say, wait, I might be that or I can make an introduction.

436

Who is that audience that you're trying to get the communications to?

437

So I think primarily uh if we were to order them, uh communications firms, internet firms,

uh any large corporates who are dependent on the internet for e-commerce, for service

438

delivery, uh know, MasterCard is a great example, Amazon's a great example, uh but

companies of that ilk, their dependency on the internet, right, providing seamless

439

service.

440

is the lifeblood of their company.

441

And I may not be the thing that's top of mind every time they come into work in the

morning, but it's a fact.

442

And that's what been trying

443

gateways that mean they're the gateways that everybody else uses to essentially transact

on the internet and that's how they make their money which is fair.

444

Right.

445

But because they're the gateway they're probably some of the most impacted by the things

that are happening right.

446

Right, we've seen, know, recent, in the last five years, so we've seen instances where

parts of the internet go down, right?

447

Or there's this massive disruption because of someone's software that wasn't updated.

448

And we have examples of the macroeconomic impact that can happen.

449

So those types of companies have a stake in the game.

450

uh Philanthropies, absolutely.

451

There are some philanthropies out there.

452

Craig Newmark.

453

who created Craigslist is an absolute champion of the cybersecurity nonprofit community.

454

He's been a terrific supporter of many, not just us, uh but other philanthropies who have

supported the work that cybersecurity nonprofits do.

455

Those types of philanthropies need to invest more with us.

456

And then lastly, but not last, uh governments.

457

uh There have been...

458

and still are government programs that provide funding to build digital skills, right?

459

In their students, in their workers, like workforce development on AI skills building is

gonna become a huge, huge thing, right?

460

All governments see what AI is doing in its early stages.

461

Many are assuming there's gonna be job displacements.

462

You're gonna see funding for AI skills building.

463

Well, there needs to be funding for AI and cyber.

464

The risk piece of that skills building is going to be critical.

465

that's the type of message we're trying to get in front of governments is you need to also

invest in the risk side of this technology and make sure that your, you know, your workers

466

know how to use it securely, how to mitigate.

467

There's hallucinations, there's inaccurate responses, there's poisoning, the exfiltrate

PII.

468

That's a

469

a real, there's great opportunity with AI and there's also risk.

470

So getting governments to prioritize the risk side of skills development is something we

think needs to happen as well.

471

That's really interesting, Brian, because like I'm thinking about here in Utah where I

live, you know, we think of ourselves, we call ourselves Silicon slopes, you know, as

472

though as though we're maybe somewhere closely behind Silicon Valley.

473

But uh be it as it may, there's a lot of talk about all of the software and tech companies

that are being built here, just like, you know, Arizona is talking about it and Colorado,

474

everyone's talking about that.

475

But I don't hear a whole lot about cybersecurity.

476

You know, they're not pushing for

477

They're not necessarily pushing the message around cybersecurity the way they are around

job creation, job growth, growth, IPOs, whatever it might be.

478

So that's, seems like an area where um it's got to be just as important, if not maybe more

important because without controlling cyber security, that whole technology base uh could

479

easily be impacted in a really significant way.

480

Increasingly important.

481

um And it's only going to get more important.

482

I'll give you an example.

483

I was at a MasterCard security team briefing for two days in Singapore last September.

484

And the attendees were largely Interpol and law enforcement agencies from the Southeast

Asia region.

485

And I've referenced those scam centers, right, in Southeast Asia that have grown to be the

size

486

of small cities.

487

They are being run by transnational organized crime.

488

Law enforcement in the UN Office of Drugs and Crime have been documenting and tracking

them for years.

489

They are significant contributors to significant increases in phishing emails and scams,

attacks that have happened globally in the last couple of years.

490

uh There was a Microsoft study that

491

showed that 40 % of phishing emails are now Gen.ai assisted.

492

what's compounding that, so AI number one lowers their cost structure of doing business.

493

Makes it easier for them to automate the delivery of attacks and they're doing it and the

volume is showing.

494

Now add deep fake technology, right?

495

And we've seen it.

496

mean, today's deep fake is good enough.

497

to fool a lot of people.

498

Yeah, if you know a bit, you can look for like the extra finger or other indicators.

499

But right now they have, according to that Microsoft study, um click-through rates of 54 %

in AI-assisted phishing emails.

500

54 % click-through rates.

501

That is a business driver, up from 12%.

502

Business driver for a business model, right?

503

That's just to today.

504

So I'm in that briefing and there's a lot of data being shared amongst law enforcement.

505

And somebody says that within two years time, we expect these scam centers to be operating

fully AI agentic platforms.

506

So they're going to build agents upon agents to run these things.

507

24 hours a day, seven days a week, 365, using increasingly sophisticated deepfake

technology.

508

So Jeff, you know enough, right?

509

I left that briefing.

510

sat on a, I'm not joking.

511

I sat on a park bench for about half an hour, just kind of let that process, knowing what

I know.

512

There is a tsunami.

513

This is not an overstep.

514

is a tsunami.

515

Cams and fishing attacks that are going to come at all of us in the next two years.

516

more effective

517

Yeah, in my engineering, we studied the concept of harmonics at some point, right?

518

When you get harmonics out of balance, you know, harmonics are, you kind of keep in

balance and they're going, but if they get out of balance, all of a sudden, there's no

519

end.

520

I mean, until there's destruction, there's no end to the growth of those harmonics.

521

uh That feels like, I hope it's not, but it feels like that's what you're describing.

522

It is, and I'm connecting back to cybersecurity, should be an increasingly important

priority for everybody.

523

For sure, for sure.

524

Man, well, I want to ask you two more questions.

525

I want to ask you about what should some of our listeners who are building small companies

or scaling companies be thinking of?

526

What are one or two things they should be thinking about?

527

But before we go to that question, I also want to ask you as you've taken the helm of this

organization, what's an area where you feel like you've grown in an unexpected way?

528

I think it goes back to just, have my moments, right?

529

I have my moments where I'm animated or reacting to something that's happened.

530

But I think on the whole, just um being steady, um getting, not overreacting or

underreacting too much in either direction, staying steady, know, let things come at you.

531

They're going to come at you.

532

um

533

Trust the people around you.

534

ah Lately, what I've been saying is signal to noise, Focus on signal, right?

535

What are the one or two things that really, really matter and keep your eye fixed there?

536

The rest of it is noise, right?

537

Don't get distracted.

538

I think I'm doing better.

539

And that comes with practice, think, knowing how to find the signal and knowing how to

tune out the noise.

540

two different tactics that are complimentary, but very different from each other.

541

Yeah, I love that.

542

I love that.

543

Okay, so onto our audience.

544

if we've got people listening, they're hearing this and they're saying, I didn't think I

had time before I started listening to this episode to really put towards cybersecurity.

545

Like we're just trying to make money or trying to pay employees.

546

We're trying to get the next product version out.

547

That's a lot of time, a lot of energy.

548

But what are the one or two things they really should be thinking about or even doing uh

in parallel to building their businesses?

549

Well, I think everyone should be leveraging AI for its opportunity and promise, right?

550

Use AI, right?

551

It can enhance your business.

552

can save enormous amounts of time.

553

ah But if you're going to use it well, two things.

554

Understand your processes, right?

555

Because it can improve your processes, but that means you need to really have your

processes well documented.

556

understand your processes and then see if you can use AI to leverage that to improve your

business, um your intelligence, your decision making, your speed, ah not to replace people

557

necessarily, but to improve those things.

558

And if you've heard anything I said today, if you're going to use AI, you must, must, must

address the risk aspects of this technology.

559

Otherwise, you could be putting commercially sensitive data on a server that goes, shares

data with God knows whom, right?

560

ah Are you getting accurate responses from the technology?

561

Are you getting what you need from it?

562

uh What is it doing with PII?

563

If you use AI blindly, are, you're, you know, you're driving with the back door open and

God knows what's going to happen, right?

564

So I say use it and use it.

565

intelligently and address the risk at risk aspect as well.

566

Okay, I've got to dig one step one level deeper on that because you've got me really

curious as an attorney, right?

567

I'm very sensitive to not putting uh client information identifiers, people, confidential

trade secrets, any of that stuff into AI anywhere.

568

I use AI a lot.

569

I use it for my own business quite a bit, but I'm a lot more reluctant to use it for

client issues, right?

570

Because of that reason as an attorney and

571

Maybe it's not even the cyber issues as much as it is discoverability and legal ethics.

572

But for somebody who's not in my seat, you know, what are the risks that you, that you

would say, Hey, or, or what are the protocols where you might say, if it's me, I wouldn't

573

do X, Y, or Z.

574

Well, and by the way, I'm a former attorney myself, um

575

We call you a reformed attorney then, because you're no longer practicing, right?

576

Recovering.

577

uh I really appreciate the responsibilities that you have with respect to your clients and

your clients' data.

578

So I hear you loud and clear.

579

Again, I think it's really about understanding um your data, right?

580

um Your customers' data, how you manage it, um how you store it.

581

um know, little simple things like um sometimes creating

582

backup data sets.

583

um The first question we're being asked is, what about GDPR?

584

Is this exposing any uh data to GDPR violations?

585

the world going forward is going to be about data, data, data.

586

answer to that question is probably yes.

587

If Brussels has anything to say about it, Jeff, it's yes.

588

um Yes.

589

So understand your data, understand ah your requirements, and just know that AI as a tool,

uh there's a number of, let's call them trap doors, right?

590

If you're not aware, there are a number of trap doors that can open up and suddenly your

data is exposed in ways you don't want it to be, whether it's...

591

your commercial secrets, whether it's your customer's data, whether it's something else,

um there's trap doors.

592

So be aware and mitigate and manage those risks with open eyes.

593

And I imagine as soon as you start creating and connecting agents into your own

infrastructure, you've just opened those trap doors pretty widely.

594

So, wow, Brian, you've given me so much to think about here.

595

um This went way beyond the scope of even what I was hoping to talk about.

596

So I really appreciate you coming in and enlightening me and sharing some insights with

the audience.

597

Thanks for having me, Jeff.

598

Absolute pleasure, really.

599

It's been great for me too.

600

So thanks again.

601

And for the audience who joined us, thanks for joining us on another episode of The

Breakout CEO.

602

Be sure to follow or subscribe on your favorite podcast platform.

603

And if you enjoy the show, a rating or a review goes a long way.

604

Our mission is to promote the stories of breakout CEOs in scaling SaaS, e-commerce, and

tech companies to equip peer CEOs with valuable perspectives and confidence.

605

Thanks again for joining us on this episode of The Breakout CEO.

606

I'm Jeff Holman and I'll see you next time.