Rachael Lyon:
Welcome to To the Point cybersecurity podcast. Each week, join Jonathan Knepher and Rachel Lyon to explore the latest in global cybersecurity news, trending topics, and cyber industry initiatives impacting businesses, governments, and our way of life. Now let's get to the point. Hello, everyone. Welcome to this week's episode of To the Point podcast. I'm Rachel Lyon here with my co host, John Knepher. Hi, John. How are you?

Jonathan Knepher:
Hi, Rachel.

Rachael Lyon:
Okay. I Doing

Jonathan Knepher:
great. It's been a it's been a great week. So

Rachael Lyon:
Has it? It's been a crazy week, my friend. I think, I think I I thought it was Friday on Tuesday. There's been so much going on, but it's all been good. All very positive, good things. Yeah. So I, yeah, I had a incident a random a random thing I just wanna mention this ever happened to you. I don't know. Have you ever gone to kind of your hair person? You're like, I just need a little trim, just a little trim the edges, and then they give you a whole brand new haircut that you'll never ever be able to manage ever.

Rachael Lyon:
So I don't know if that's happened to you. I know you're growing your hair out, but, I yeah. I gotta tell you. I'm a little upset

Jonathan Knepher:
about I'm growing mine out because I yeah, I I'm afraid if I go back and get too much cut off that it's not gonna grow back. So that's where I am.

Rachael Lyon:
Oh, that's awesome. Anyway, that's not what we're here to talk about today, though. Of course, you guys. Really excited to invite to the podcast, Deepak Dutt. He is the founder and CEO of Zighra, which has a really awesome, you know, history behind the name. He is the author of 14 patent 14 patent applications. And Zighra is known as the pioneers in mobile and sensor based behavioral biometrics. In fact, their Sensify ID is the world's first patented on device AI powered continuous authentication solution available today.

Rachael Lyon:
Welcome, Deepak.

Deepak Dutt:
Thank you, Rachel. Thank you, John.

[01:57] Behavioral Biometrics: The Future of Authentication

Jonathan Knepher:
So Deepak, I'll I'll kick it off here. Behavioral biometrics, you know, we we see them increasingly being used for identity verification. I think this is right up right up your alley on what your company does. So, you know, what are the what are the key advantages and risks on relying on this technology and how does it complement, you know, traditional both traditional authentication and traditional multifactor authentication?

Deepak Dutt:
Absolutely. So so we started off in behavioral biometrics several years ago, probably back, in 2012. Right. And the whole idea was at that point was to bring together core technologies like artificial intelligence, behavioral analytics, and sensor intelligence to really define who the user is. Can we detect who the user is based on the way they sit, stand, walk, interact with their applications and such? 

And the whole purpose was to have a seamless user experience because it kind of makes security invisible because everything else is complicated. You gotta do this, you gotta do that, and you gotta type in something and you gotta do a, you know, a facial scan, whatever that is. But back in 2012, you know, behavioral biometrics was kind of in its very nascent stage. Right? And we wanted to kind of make that seamless experience available, to users by taking a look at how they held their device, the angle they held it, the pressure they applied on the touchscreen, the acceleration which they moved.

Deepak Dutt:
And looking at all the sensor data, create a unique model for every user and use that for continuous authentication and threat detections. Right? And the idea was, can we create a unique model for every user based on their, you know, unique habits and infraction patterns? And then, provide something that was not available today because you could log in, but how do you still know it's the right user beyond that login point? Right? And do that in a continuous fashion without interrupting their experience and doing it throughout the day, and only bugging them when you are, you know, having an anomaly if you may. Right? 

So that's where it started off and then it started complimenting, multifactor authentication. So if you look at multifactor authentication, you get a push notification, let's say, on a mobile device. But then how do you still know it's the right user that's actually using it? Right? So up to that point, it's the right user. Beyond that point, it's also the right user. Then you have so I think it started becoming a complimentary kind of technology early on. I think people were kind of thinking how do you use that to kind of replace, biometrics and other, you know, one time authentication mechanisms.

Deepak Dutt:
But I think over over time, you know, it kind of morphed into more of a dynamic biometric as opposed to a static biometric, and and kind of found its unique niche in that security authentication world.

Rachael Lyon:
This is so cool. You know, and and I wonder with things like this, I mean, you're starting to get in kind of the gold mine, right, of of an individual's information. Right? But how do you like, what are the challenges of protecting this kind of information? Because I imagine if someone were able to get access and mimic it, right, I mean, then that kinda has far reaching implications. So I'd love your perspective there.

Deepak Dutt:
Absolutely. So when we look at all the kind of sensor data, right, it it has a lot of user insights embedded into it because it tells you if the user is sitting or standing, are they walking, are they at a specific location. Right? It gives you a ton of rich information. And when we kind of crafted these algorithms early on, that was one of the key things that we kept in mind is how to do it in a very privacy centric fashion and very thermally efficient fashion. 

Because if you didn't run this kind of AI entirely at the edge on mobile devices, it's extremely hard. Right? And in some cases, we have seen people, you know, lighting up their phones because they are trying to do extreme compute, on these edge devices if you may. So from our perspective, we said, okay, this kind of sensitive data, it needs to reside at the edge. Is there a way we can do this, at the edge on the mobile device creating the, the the models there, doing the learning, doing the inferencing? Can we do this entirely the edge? And that's how we started our journey off.

Deepak Dutt:
So we were able to kind of achieve that because if you look at thermal efficiency, we're able to run this continuously on mobile devices, for over a couple of days on another 1% battery usage. Right? So that became, you know, extremely important because we crafted our AI algorithms from the ground up. We were able to kind of achieve that. And then securing it on the device was the best kind of approach to take. Right? And we, you know, you could obviously kind of bring all that to a server, or you could have a hybrid kind of mechanism where you do the learning, just, you know, throw away the raw data and then bring back the rest onto the server where you're securing it from a server perspective. 

Because even if, you know, you get hold of that, it's a whole bunch of numbers. But then when you're kind of centralizing it, it obviously has those, you know, downsides when it comes to centralizing a lot of this kind of data and models. And again, from models, when you're looking at, injection attacks and other kind of, AI part attacks that can happen on that kind of data, again, that's where you can have to use that kind of anomaly detection on the data itself to make sure that the data is good because you only want to learn from the right kind of data.

Deepak Dutt:
Right? And and we have also then kind of taken again, coming from, an IP perspective, what we said is, okay, that's that's great if you're looking at it from a single dimensional perspective. But how can you bring it in dimensional or multidimensional perspective to bio behavioral biometrics? Right? So, so we we have a core engine, that fuses information from multiple levels of intelligence. Right? So we have the device, layer. Then we have the device engine. We have a contextual engine. We We have a network engine. We have a bio behavioral engine, which is the kinetic pattern. And then we have a social engine.

Deepak Dutt:
Right? So we kind of combine all that and then feed it to the fusion engine that kind of combined you know, comes up with a, a fusion score, if you may. Right? And that's how you can kind of add multiple, you know, levels of protections and making sure even if one dimension is gone, it still works. Right? So if somebody needs to overpower this, they have to kind of work on multiple engines and kinda come with that kind of mimicking kind of capability.

Jonathan Knepher:
Yeah. With with all those different engines. Right? And trying to compromise on, like, the power usage on the mobile device, that you said. Like, what's how are you handling the whole, like, speed to identification and interruption of a valid user? Right? Like, there seems to be a huge, like, balancing act there. How how do you figure out the right way to balance those those elements?

Deepak Dutt:
No. I think it helps from a latency perspective. Right? Because because we've created our algorithms to be extremely, efficient. They're highly lightweight. Right? Because even the storage required is extremely low. So when we do our learning and then we do the inferencing, it all happens let's say you're swiping across your screen. By the time you touch, by the time you leave your finger off the screen, you have a score. Right? So so it kind of meets the the the speed requirements from a payment perspective.

Deepak Dutt:
You know, it can happen under a few milliseconds. Right? And, let's say take let's say payment takes two seconds. So it, you know, comes extremely fast. And then if if you think, you know, there is some anomaly there, you can step up and make sure it's right user And then the payment goes through. Right?

Jonathan Knepher:
So, I mean, it sounds like too, like you're having, like, you have a lot of various dimensions that you're analyzing. You know, as we as we think about, like, that quantity of data that that you're having to evaluate, Do we do we need more frameworks around protecting this type of data or or, you know, how do we balance the the kind of privacy and security elements?

Deepak Dutt:
Absolutely. Right. And, you know, if you're doing everything on the device. Right, and again, part of device check is is the device rooted? Is it jailbroken? You're doing all those kind of tests on the fly and keeping the model lightweight. And if you can secure it from a hardware perspective on the device, that's the best road to take. Right? Because then nothing has to leave the device. The user is happy from a privacy perspective. They are more willing to use this kind of technology and such.

Deepak Dutt:
Right? But now if you have to kind of take that data back onto the server, again, a lot of governance frameworks have to be kind of followed. The similar to how you would do that for biometrics. I think we would kind of take it to that level if possible. Right? Obviously GDPR and other privacy considerations are in line. And, and I think what would a lot of behavioral biometric vendors have kind of started taking is because most of them kind of do it on, on the server side. Right? 

And how do you then kind of, make sure that no raw data has to leave? Because if you're creating models, you don't need to keep the raw data there unless you plan to use it for some other purpose. Right? Because, I mean, there's always a lot of cross selling happening where marketing now gets that data and they can do a lot of insights. So it's kind of very important that that raw data is not kept because once the models are created, you don't need that raw data.

Deepak Dutt:
So that that can be kind of taken off. Right? And again, when you are kind of having these multiple engines, how are you kind of segregating all these engines out into different kind of, in a decentralized fashion if you may or distributed fashion. And then how does a fusion engine kind of bring that together, from from a privacy, you know, enhanced point? And there are technologies that are, you know, you know, homomorphic encryption and such that are coming into play that can be leveraged from that purpose. Right? From our perspective, we kind of try to leave all the sensor data on the device, so that, we don't have to take anything up to the server.

Jonathan Knepher:
Yeah. So it sounds like you're doing it right. But do do we need more protections in general? Right? Like, your your point of like this data implies a lot of other information about people. Right? Like, are you walking around? Are you not? How healthy are you? Right? Like Absolutely. That data people don't want out there.

Deepak Dutt:
Right. Yeah. I mean, absolutely. I mean, and that's where, you know, when you're looking at some of these, other organizations that are, you know, implementing this, and I see it from my back here too. Right? I'm looking at it and they're saying explicitly saying they're collecting all this data and they can kinda taking it back to the heap, server and, you know, and they said they wouldn't share it across. Right? So there's a lot of privacy terms that are put in there, but how do you make sure that, that is indeed the case? Right? And it comes down to, you know, how the vendors and how the customers are kind of dealing with that kind of data. Because vendors we speak to, they say, yeah, we leave that up to the banks or we leave that up to the customers and how they want to kind of structure that. There's no, you know, universal guidelines around this.

Deepak Dutt:
Right? So I think some standardization is required. And, and I think that's where the industry is today. I don't think there are strong guidelines. So it really comes down to the vendors to decide how how do they want to kind of do it. And, they're, it comes back to the culture and how we want to kind of do it and how we want to kind of build privacy by design. And is it part of your security culture of the company? I think it all comes down to that. Right? Because right now there's no regulation how you wanna deal with that kind of data. There's no, global frameworks.

Deepak Dutt:
So I think from my industry perspective, all these things need to be put into place.

Rachael Lyon:
Yeah. It's I mean, but speaking of, you know, kind of the data though, are there any interesting trends that you've noticed in how people behave, or or any kind of surprises if you're allowed to talk about any of that? Because I suspect it would be very insightful when you when you start compiling this data.

Deepak Dutt:
Yeah. I mean, see, early on when we were collecting our own data and and even from a research perspective. Right? So actually, when we did, research early on, we actually put this into a a lock screen application on Google when they actually all do it. Right? And it was a while back. And we put it on the Google Play Store. We had 25,000 people download it in five weeks across, 700 different device types from, you know, $50 phones, in Asia to one of the most expensive smartphones here in North America. Right. And we told them explicitly we're going to be learning all these different things and part of a research kind of, capability.

Deepak Dutt:
And it gives, and when I said it, it gives you a lot of rich information. Is it, are you right handed or are you left handed? Right? You know,

Rachael Lyon:
Right.

Deepak Dutt:
Where are you at certain points of time? Right? So so if you are, you know, left handed, right handed, the banks are very interested in, you know, I wanna give you I wanna sell you I wanna give you an advertisement for a left handed golf club versus a right handed golf club. So it gives you that level of ingrained information about them. Right? Are you in a train based on how how the velocity is moving? Are you in a bus? So it gives you that kind of detailed information. 

Right? So we we saw that early on and, it's it's kind of felt like big brother, kind of monitoring you all the time. Right? And that kind of gave us a lot of information because, see, one of the core capabilities we have from a sensor perspective and from an AI perspective is the explainability of what the, what the machine is saying. Because traditionally, if you look at AI systems, they are black boxes. It comes up with a decision saying 90%. But what does that actually mean? How do you know there's no discrimination in those algorithms, no bias in those algorithms? So we opened up something called an explainable AI interface.

Deepak Dutt:
So we are able to kinda see and explain how we got to this decision. So we said this is your base model. Right? This is how it's kind of changed. Right? And these are the factors why you were scored high and these are the factors why you were scored low. So you can actually take that and then create an audit and say, oh, this is a trail that we have created and this is why I took that decision. Right? So and it comes back to how we kind of built it up from the scratch. And that's now available for all our products where where we're building something, we always bring that explainability and and aspect of things that shows that the AI is safe. It's ethical.

Deepak Dutt:
And and and it's, you know, pretty, pretty good to be deployed.

Rachael Lyon:
That's a smart approach.

Jonathan Knepher:
Very interesting.

Rachael Lyon:
Yeah. Yeah. Go ahead, John. Yeah.

Deepak Dutt:
Thank you.

[15:56] Navigating the Electronic Defense Landscape

Jonathan Knepher:
So I was I was thinking maybe we can shift gears here a little bit. You know, I I think you're involved in the electronic defense area and, you wanted to maybe ask you some questions around that area. Like, what have you seen around jamming and spoofing techniques, and what countermeasures have you, been able to develop against those?

Deepak Dutt:
Oh, it's it's it's interesting. Right? Because we traditionally worked with mobile devices and taking a look at, you know, accelerometers and gyroscopes and touch screens and that kind of sensors and creating behavioral models and then looking for anomalies. That was our kind of core capability. Right? And then when we were approached by some of these defense organizations and taking a look and seeing what other kind of sensor data can you work with? And, you know, the first one we started working with is the GPS and the GNSS data coming from satellites because we have all these different satellite constellations, like The US and in North America, we have GPS, we have then Galileo used by the Europeans, they've flown us used by, the Russians and Baidu by China. Right? 

So we've all these different and then, some regional constellations as well. Right? But we are depending on, you know, GPS and GNSS, quite a bit from a position navigation and timing standpoint. And and the idea was if you're, you know, even apps like Uber and the others are using GPS. Now what are the implications if this signal gets compromised? Because if you look at satellites, GPS and GNSS, satellites are kind of in the geostationary object.

Deepak Dutt:
I mean, they're very far high. Right? And by the time the signal gets here, it's pretty weak. And authentication was not really thought about, that early on. So if you wanted to kind of jam that signal or spoof that signal, it becomes fairly easy to do because you all you need is a high power jam or you could jam that signal. Suddenly it's not coming through. Right? So now think about the implication of when, when an event like that happens. Right? You lose position, you lose navigation and use timing. Right? Because, and these are important from a from a national security perspective, not only from a defense standpoint, but also from, from a critical infrastructure and also financial standpoint.

Deepak Dutt:
So for example, if somebody spoofs that data, suddenly all your financial transactions are out of order. Right? The timing is off. So how do you actually do settlements? And when when did the specific trade happen? And if now that happens at scale, you're looking at billion dollar loss every every day that it's down. Right? Huge implications. So when we started taking a closer look at it, we found, you know, all the existing systems are based on hardware. So the RF hardware that's got sensors in it, that's got GNSS receivers in it, and that gives you some, you know, jamming. And I mean, it gives you kind of physician and navigation, and timing. Right? Now, when jamming happens, you know, these systems have to evolve.

Deepak Dutt:
Right? And how they evolve is now you have to either upgrade the hardware or you have to have some kind of high availability firmware to update this in real time. Right? And and we move to a closer look at what was happening in in Ukraine. Right? And, the first, the first form of aggression was cutting off your communications and jamming your signals. So it kind of leaves you in death, dumb, and bind. Right? That's exactly what happens. And then we looked at it, you know, how are they going about in solving this? And what we found was there was a lot of developers actually sitting down and looking for new kinds of threats. Right? As soon as they see a new kind of threat and then you could quote it up and then you would push it into the high availability form framework. Right? So they were there's a lot of cool kind of load that was happening.

Deepak Dutt:
So in that and that's the way they were kind of solving that problem. But the problem in today's world is we have so many software defined radios, new, you know, and we have, you know, AI in play. So the barrier to entry from a from a threat perspective really went down. So anybody could purchase a $50 device, you know, and then start doing these kind of attacks. And because these are software based, you could change the attack vectors extremely fast. So, when you're doing this, there's no way you can catch up in a manual kind of fashion. And and that's where we said, how do we use our technology before creating a a behavioral baseline very quickly and then looking for these kind of new kind of attacks and new kinds of threats and detecting that in real time. Right? And adapting in real time to kind of detect this.

Deepak Dutt:
So that's where we started, you know, applying our core platform in, in detecting jamming attacks and spoofing attacks. And spoofing is a different kind of attack. I mean, jamming is jamming that signal off. Spoofing is actually telling you a false, location, for example. Right? So you're taking the GPS signal and say, no, no, you're not in Canada anymore. You are in Australia. Right? And and this and again, we've started seeing this in the military, in the defense space. Because I mean, that's how they used to capture drones.

Deepak Dutt:
For example, The US drone that was captured, you know, it had its locations full. So we thought it was in friendly territory, was actually over Iran. And they were able to get the drone to land in Iran and opened up and they found out how this was getting built. Right. So so this is how spoofing works. And now this is coming to the civilian space because it's so cheap to get these kind of devices and do these kind of attacks at scale. Right? And that's where we wanna kind of use our technology and, you know, adaptively finding these threats and helping resolve them.

Jonathan Knepher:
So are you are you seeing those threats with your technology today? Because, like, like as you point out, right, like it's pretty trivial to get, you know, a device that does, you know, GPS replay spoofing and pretty much anybody can do it for a couple hundred bucks. And you see too like like NOTAMs coming out from the FAA on certain areas like, oh, yeah. Don't trust your GPS here because we know something's going on.

Deepak Dutt:
Absolutely. Absolutely. See, from an aviation perspective, it's been very common because of all the planes that are flying through, Europe, for example, or Eastern Europe, they're all having their signals compromised. Right? So from a geopolitical perspective, we're seeing it in areas that we're expecting to see it. Right? So to Ukraine, Russia, we're seeing it in The Middle East, a lot. We're seeing it around the Taiwan Strait. So those kind of areas, we're seeing it quite a bit. Right? But when you're coming down to the civilian side of things, again, you're seeing it, you know, especially as people use these personal protective devices, because they don't want to get tracked because they might have a GPS on their truck put in by their employer.

Deepak Dutt:
They don't wanna get tracked. So they purchase a $50 device and put it on their, you know, you know, on their truck because they don't wanna get, you know, tracked. And then they go into locations that are sensitive. They might go into a marine port or they might go into a specific location and suddenly everything there is getting jammed. Right? Yeah. So then suddenly if it's a port, then the ships are getting jammed. Right? And things it might be if it's close to an airport, suddenly the the the plane's losing, you know, a GNSS location or not they can't use it for navigation, so they can't land. So they're starting to see these kind of problems, occurring from a civilian perspective.

Deepak Dutt:
It's unintentional in most cases. Right? But in some cases, it's intentional. Where, for example, there's a lot of conversation these days around drugs coming in from the southern border, right? With the border of The US Mexico border and they're deploying drones, to detect this. So, you know, I think from a threat perspective, these drones are getting jammed, per se, because there are now, you know, you could get these jammers for like $2,000 because these organizations are very well funded, right. And they could, you know, they could position direction to the, the drone and actually jam it, jam the communications so the person controlling has no more control anymore. Right? So you're seeing it in different aspects from an intentional perspective to an unintentional standpoint. But it's now becoming very prevalent around the world. These kind of attacks had never been seen before, right, outside of defense space.

[24:35] Building Resilience Against Electronic Warfare

Rachael Lyon:
So how do you this is so I love electronic warfare. I love to talk about this. So as we're gonna see the proliferation of this, right, I mean, this is going in areas we hadn't even thought about yet, you know, most organizations. So how do you even build resilience? Like, you start thinking about your critical systems. You think about certain industries, right, be it financial services or even manufacturing or things that really keep our day to day lives moving. How do they need to be thinking about this?

Deepak Dutt:
Yeah. Absolutely. And so so again from a, you know, a critical infrastructure standpoint, from a financial standpoint, I I think having systems to detect these kind of attacks early on Right. Would be kind of key. Right? So they know there's this happening, then they can take backup actions. Right? And this case, there might be backup options. Right? Using using inertial sensors, using e lorand, or using other terrestrial and network equipment. And these days, they're also thinking about coming up with quantum based sensors and such.

Deepak Dutt:
So you're essentially building up that kind of backup mechanism if the core piece is gone. But at least you need to know because you can't you can't just let it there and be there for a long time and then suddenly start moving these backup systems. So it's the key is to kind of detect this in real time and then have the backup systems coming up in place. Right? So I think that's one way to kind of, be wrestling. But I think a lot of investments required in this kind of area. Right? And, and then going beyond it, if you look at corporate espionage, right, around a specific corporation or or or intelligence agency, there might be a lot of bugs that are constantly listening. Right? So in that case, they need something that can look at the spectrum and then tell them, oh, there's these kind of images coming. Right? Or these kind of, you know, bugs in there.

Deepak Dutt:
Right? And kind of then from there, you can expand it in the in a from a military sense, detect, oh, there are drones or friendly drones or enemy drones. There are all these kind of different things, but that's the hidden spectrum that you're looking at.

Rachael Lyon:
Mhmm.

Deepak Dutt:
Right? Because these spec the spectrum actually has a lot of stories to tell. Right? So I think you slowly get into that. I think that'll be potentially coming under cyber physical security and things like that. Right? So definitely a fascinating area.

Jonathan Knepher:
Yes. I mean, you you mentioned though, like, the terrestrial backups for things, and it seems like though, you know, at least the US government has been, you know, backing off on those, right? Like, Loren C is now gone. You know, there's talks about, you know, reducing the number of VORs available. WWV was going to be taken offline for timing a couple of years ago. Hopefully, that got backed up. Like, do we do we need to have more of those terrestrial backup systems available, and and should we be funding those?

Deepak Dutt:
I think The US is spending a lot of time and effort in this space because they've really understood that the that this kind of resilience is required. Right? They're looking at different options. They're looking at, again, AI from a analytic standpoint, looking at different, sources and how to kind of build that resilience. They're looking at mobile devices because a lot of these mobile devices have GNSS chips embedded into them and see how we can leverage data from that standpoint. There's a lot of investment going into quantum sensors and seeing, you know, would that be resistant to this kind of attack? So I think, there's a lot of conversation around it. They're also looking at things like LEO and the the MEO satellites at that kind of, medium earth orbits and lower orbits to see those kind of satellite clusters can enable, more resilient, PNT information. Because again, early days, these, you know, satellites also use depend on GNSS for their position navigation and timing. Right? So they're trying to have backups of backups.

Deepak Dutt:
So they're playing with a lot of different kind of technologies and seeing, you know, what's really going to help. Yeah. But I think they are on that journey. We are seeing a lot of movement on on the defense side. They're looking at it on the terrestrial I mean, the the DOT and the other organization in the Department of Transportation. The others are also looking for potential, solutions in the space. The FAA for sure. Right? So I think there's a lot of, experimentation and, research and development that's happening in this space, right? Because the space was left alone for a long time.

Deepak Dutt:
Right? Till till the advent of, you know, low cost SDRs and AI came into play where, they've never seen these kind of attacks happen before. So now it's, you know, certain countries are putting some lot of investment into it, on having more, you know, resilient satellites up there. So in the Europeans are doing it, the Americans are doing it. And I think other countries are kind of following suit from there. Right? So I think they're on the journey. I think you might start seeing some strong solutions come up in the next three to four years. But it's it's it's a journey that's been started.

Rachael Lyon:
That's great. I'd love to come back to, something you said earlier, and I and I believe Ziegra was born out of academia. Is that correct? I think you've got,

Deepak Dutt:
a lot

Rachael Lyon:
of really smart people working there. And you talked about building your platform from the ground up, which there's, you know, in incredible benefits to that, right, versus trying to bolt on something after the fact and reverse engineering. You know, as we kind of look at these AI driven threat landscape, you know, what are some of these key considerations when designing these machine learning algorithms? Right? I mean, how how are you kind of setting it up to be successful from the beginning given this changing landscape that we're in today?

Deepak Dutt:
Right. Right. So so it comes down to how we kind of thought through these, algorithms early on in our inception. Right? And and I kinda touched upon that a bit early on saying that, you know, it has to be have privacy by design.

Rachael Lyon:
Right.

Deepak Dutt:
It should be explainable. Right? So those kind of thought process come in early. It has to be thermally efficient. That means it has to be running with very low resources. And that's because we started off in the mobile space. We didn't have we we were in a very constrained environment that it has to run here, so we have to build it up like that. Right? So so so our our our recommendation whenever you kind of craft these kind of algorithms is to kind of think through the privacy aspect of things. And ask, you know, again, from an AI perspective, does this does this need to exist? And I think that's kind of a very personal question that we kind of ask.

Deepak Dutt:
What we build, does it need to exist? Right? And then, make it very explainable because if you are controlling what the machine's trying to do, then you should be explainable. What explainability can you build into it day one, and, and and the and the core thermal efficiency in how you kind of craft these, how you create your models, how do you adapt those models, how quickly can you train, all these kind of come into that kind of core thought process as we kind of build those base, machine learning algorithms. Because once you have that, it's it's easier to kind of build it out from there because when we can when you're looking at, you know, certain sensors because eventually, if you want to add all the sensors in the world, that's the best way you want to kind of do it because you want to be able to plug and play different kinds of sensors and say, oh, what's the sensor saying? 

Okay. Now I understand the physical world a bit better because I understand what sensors are saying. And then you're able to get the right kind of outputs from there because, that way, if you kind of structure that way, you're you will find that you don't have to change a lot of your algorithms. Your data point can change, but you're still creating behavioral models and then looking for anomalies. Right? So that change required after you put the base in place is fairly, fairly simplified.

Jonathan Knepher:
So we've heard we've heard from others on the on the training side about, you know, poisoning the training data, and and things like that. How how do you assure that you're getting accurate training that gives you the right level of of accuracy for for what you're trying to do?

Deepak Dutt:
Right. So so from a training standpoint, first thing we do is we make sure that the data is not, doesn't have any anomalies to start with. Right? Whenever we get data, okay, it doesn't on its own have any kind of anomalies in there. Right? And if you look at our behavioral biometric solutions, we do the passive learning, but it's always backed up by, whatever authentication mechanism they have in place as a as a as a single factor. Right? So, okay. So as we are learning, we make sure, okay, during the training phase, even though it's invisible, it's always backed up. So we know the base model is it's it's accurate. Right? And once that is done, then we adapt to it.

Deepak Dutt:
And and when we adapt, we just don't somebody's injected something, we just don't take it and add it to the model right away. We say, oh, is this does it have any anomaly in it? Is it is it repeatable behavior that we want to actually put into the model? Right? And the step up has to happen and only then it gets added into the model. Right? So that's one way. In in in other ways, how do you actually, you know, when you're actually securing it at the hardware level, it's not easy to inject because once, you know, if you jailbroken the device, if we rooted it, suddenly everything stops working. Right? That's doesn't work anymore. So so the on device aspect really helps. Now when you look at server based options, when you kind of bring it out of the server, it's centralized. Things can get injected.

Deepak Dutt:
And again, the key there would be to kind of take a look at that data before if you're before adding it into the training set, take a look at the data, run your anomaly detection algorithms on the data. And only then, if you have if you have high level of confidence, then add it to the model. Right? So that's the way we've been kind of handling things, from from a model creation and adaptation perspective.

[34:24] Zero to Impact: Deepak's Journey to Cybersecurity

Rachael Lyon:
That's really cool. Can we can we shift a little bit to I'd love to we're kinda getting the personal section now, Deepak. We'd like to learn, you know, a little bit more about you, of course, and, you know, kind of, the road to cyber. But first, I'd like to start with, you know, you're a serial entrepreneur, and you, you know, you talk about zero to impact. And I would just love for you to kinda share that guiding philosophy, you know, that I know Zighra, definitely follows, but share that with our audience. We know what that means and the opportunities that presents.

Deepak Dutt:
Oh, absolutely. Absolutely. See, it comes down to how you kinda craft the culture of your company. Right? Personally, for me, when I do something, it has to have impact. Right? So otherwise, there's no point in doing it. It's it's like asking when you're doing AI, you're doing it, but you wanna make sure that that AI needs to exist and and and why it needs to exist. And is it making anybody's life better? Right? So when you're, let's say, building something for consumers, you're saying, how does it make their life better? Right? And it's gonna have a huge impact on them because if it doesn't have an impact, it's not fine building it. Right? So so where I've kind of had great success is how do you take something from that kind of initial phase into something that can create impact? Once it's created its impact, then how do you go back? And that's a place that I've really enjoyed kind of taking something from zero to impact per se.

Deepak Dutt:
And then how do you kinda drive that kind of thought process into your, organization in everything that people do? Right? So they need to understand whatever they are working on has a huge impact. Because if you're working on something, it doesn't have the impact, should stop working on it. Right? I mean, if you can't explain if it doesn't have an impact, You gotta stop working on it. Right? So that's the way we've kind of, you know and that's how we run our meetings too. Right? It's like, oh, I'm working on this stuff. Okay. What does it impact? How has an impact on on on the customer, on on the company, or you personally? Right? So I I think those are the kind of things we kind of craft in. And that way, everybody's aligned.

Deepak Dutt:
They know what they're working on, has an impact, and it kind of helps them drive into a specific mission. Right? So, and that's part of our philosophy. Right? And, yeah, it's worked quite well for us over the years.

Jonathan Knepher:
Yeah. There's no impact. It's, it's just a hobby. Right?

Rachael Lyon:
Right. So,

Deepak Dutt:
Fun.

Rachael Lyon:
Yeah. Exactly.

Deepak Dutt:
It can be quantified different ways. It doesn't have to be about about financial results. Right? As long as it has a huge impact in a certain way, I think that's the key.

Jonathan Knepher:
So we've talked about a lot of different things here. What what's kind of your favorite highest impact or, you know, most most passionate about of all all of these different areas?

Deepak Dutt:
Yeah. I mean, working on a lot of, you know, different use cases. Right. And one of the, you know, more interesting ones I've been kind of involved with recently is, we've kind of deployed sensors across the marine coast of Canada. Right. And, and we are kind of creating that kind of resilient PNT kind of position navigational kind of system. And we're looking at creating behavioral models for all the ports across Canada. Right.

Deepak Dutt:
And saying, are we looking at anomalies? Right. And are we looking at the impact it's having on the port? Are, you know, ships coming into the port and are they, you know, safe and secure? That means if they lose any kind of position navigation, will they start colliding with each other? Right? So how do we kind of help, you know, you know, stop that kind of, collisions from happening? Right? So it's, again, it's got an impact where you're contributing towards the safety and security of the ports. 

Because you saw what happened at, at, at, at, in Baltimore. Right? Kind of went and ran into the bridge and huge impact. Right? So how do you help, you know, prevent those kind of, problems from happening? Right? And and that's, you know, because it's again about the zero two impact kind of philosophy, but it's also about how much you're learning. It was a completely new space for us, and we learned a lot. Right? And I also learned how important maritime, the entire sector is because 75%, I think, of all trade happens through maritime routes. Mhmm.

Deepak Dutt:
Right? So so it gave me good insight into a new area, that I was able to kind of, you know, learn, you know, from scratch all the way to where we want it to be. And then see how, these kind of technologies can have kind of, you know, global impact. Right? Now if you take it to marine, you could take it to the, the airspace. You could take it to the land space. You could take it to the space, space as well. Right? So, so so that's what I'm seeing, you know, you know, looking at an entirely new space and in today's geopolitical environment, we are seeing how this is a lot of implication Mhmm. In, how you defend yourself, and such. So, yeah, it's been an absolutely amazing experience for us.

Rachael Lyon:
How did you even get on this path? I mean, where you know, when you were a a child growing up, I mean, is this I I really wanna go into, you know, kind of behavioral recognition and and AI or I mean, how did how did you kinda get on this really interesting journey?

Deepak Dutt:
No. I think from a from a behavioral, biometric standpoint, it was more around when mobile devices came into play. Right? They started having all these sensors. And, the challenge early on because they used to work for a company called Nortel. Right? And and we were trying to put security onto these kind of mobile devices early on, you know, the old handsets. Right?

Rachael Lyon:
Yes.

Deepak Dutt:
It was extremely hard. It was just, you know, trying to put certificates onto these things. It was just nobody wanted to use it. Right? And that's when I, you know, I started getting this idea about things being ephemeral. Right? And, and I was because we were in the in the networking space, we saw these switches getting bigger and bigger and bigger, and we have these fiber optics, and suddenly, it became wireless. It was invisible. Right? And same thing with security is if you think about it, it gets so cumbersome, big and big and big, needs to be invisible. Right?

Rachael Lyon:
Right.

Deepak Dutt:
And that's where he said, okay. How do you make security invisible on these kind of devices? It has for people to use it and to have impact, it needs to be completely seamless. Right? And that's where we started playing with sensors on this and we wanted to have a technology that was kind of invisible. Right? It doesn't matter what you're doing. You're sitting as I said, right, sitting, standing, walking, driving. Depending on what you're doing, how do we create models for you so that we can continuously protect you? Right. So that became kind of the thought process that got me started. That's why early on, if you look at my patents, I started writing a patent.

Deepak Dutt:
That's interesting. That's, you know, how do you play with all these different sensors for, from a, from a user experience standpoint, from a security standpoint. Right. And then start getting together the people who could make it happen. I mean, I did a lot of early research in the space, a lot of, development in the space, but then brought in the right kind of people to help me on this journey to make that a reality. Right? So without creating those entire anomaly again, you know, the early people that are brought to them, they have this concept around taking, the, the power of biological systems and applying that to security. Right? So people with some kind of philosophical approach to security kind of help through, you know, making those, solutions happen. Right? So yeah.

Deepak Dutt:
But again, as I said, it was the pain associated with all the security dealing with mobile devices, that kinda got us into the behavioral biometric space.

Rachael Lyon:
Yeah. I remember those days. Absolutely. Yes. Speaking of wireless, like, you know, I I've been in technology a long time, and I remember when, like, wireless came to, like, you know, laptops, you know, and and just all the things, like, when Bluetooth was a thing. And it's it's funny to think how far we've come and, you know, I mean, then, actually, I don't feel like it's been that long how how fast we've advanced. And it's it's exciting. And you think what the next ten years are gonna bring, where we're gonna be.

Rachael Lyon:
It's exciting. Absolutely. And these are all different. Yeah.

Deepak Dutt:
These are all inflection points. I mean, we've been through multiple. Right? I mean, the one and then the two and the three, and then now it's all AI. Right? So even though we've been doing AI for fifteen years, you know, we've seen how AI has kind of evolved into now generative AI. I mean, we are big proponents of, you know, small models and small AI. Right? That's, you know, that's everything that we do is around that small lightweight, designs. But then if you when you look at generative AI, it's kind of taken the world by storm. And then and if you look at think about telephony as well because, you know, parts of the projects that we used to work on were how do you communicate with switches.

Deepak Dutt:
Right? You need to understand the protocols. And then came out companies like Twilio. I mean, here's an API and you could make it happen. Right? And then when ChatGPT came, he said, oh, yeah. I can talk English. And now the impact is huge because anybody could start using it now. Right? You talk English, a language, so you don't have to learn a lot of these complicated protocols. So it's interesting to see how kind of technology has evolved and those inflection points, and every inflection point is kind of a great wave.

Deepak Dutt:
Right? So awesome times.

Rachael Lyon:
Yeah. Yeah. It really is. It really is. And, you know, the quantum coming along, and I think, yeah, it's gonna be really, really fun in ten years to see where we're at.

Deepak Dutt:
Absolutely.

Rachael Lyon:
%.

Deepak Dutt:
Absolutely. So

Rachael Lyon:
Well, Deepak, I I thank you for your time here today. I wanna be mindful of of your time because I know we've been talking for a little while, but thank you so much for these amazing insights. I mean, this is just such a fascinating area that we don't get an opportunity to talk a lot about, but it's so critical. Right? I mean, when we start looking ahead to to have this kind of understanding and start preparing for it. Yeah. So

Deepak Dutt:
with that Absolutely. No. It's Yeah. Absolutely great, conversation.

Rachael Lyon:
Thank you. Thank you. And and to all of our listeners, thank you so much for joining us again this week. We'd love to have you, and we always want feedback. You know, please please always, send us your comments, what you wanna hear more about. And, as always, Jonathan, what do we like them to do?

Jonathan Knepher:
Please like and subscribe. How about that?

Deepak Dutt:
There you go.

Rachael Lyon:
I'm a bit of smash. Smash that subscription button. I like to make it more entertaining.

Jonathan Knepher:
Like to smash

Rachael Lyon:
it. You know

Jonathan Knepher:
you know, one day one day people are gonna break their computers, though, if you keep telling them that.

Rachael Lyon:
That's right. You know? Is there, like, a lightly smashed movie too? Yeah. Yeah. Alright. Well, until next time, everybody. Stay safe. 

About Our Guest

Deepak Dutt, Founder, Zighra

Deepak serves as the Founder and CEO of Zighra, a company developing an operating system designed to defend against AI-powered attacks. Zighra collaborates with financial institutions and government organizations to secure and protect against adaptive threats using explainable AI, behavioral biometrics, sensor analytics, and contextual intelligence.

A passionate advocate of the "Zero to Impact" philosophy, Deepak believes that the only technology projects worth pursuing are those that tackle monumental challenges and deliver transformative impacts for the betterment of humanity. He is committed to inspiring tech founders to embrace bold technical risks and focus on creating meaningful impact.

Check out his LinkedIn