dnsUNFILTERED: Timothy (TK) Keanini, DNSFilter

[00:00:00] Mikey Pruitt: Welcome everybody to dnsUNFILTERED. I'm joined today by the fearless CTO of DNSFilter, Timothy "TK" Keanini. Did I say that right, Keanini?

[00:00:12] TK Keanini: Yeah. Close enough.

[00:00:14] Mikey Pruitt: Tell me what is it?

[00:00:15] TK Keanini: You just say, you say all the valves. It's Hawaiian, so it's Keanini.

[00:00:21] Mikey Pruitt: Keanini. Yep. We call him TK. TK, before we dive into, we're coming up on the end of the year and we're, thinking about 2025 and what we should expect in the tech landscape and.

I'm curious before we get into those predictions, a little bit about your backstory, 'cause you have a rich history in tech. I was just reading in our Slack channel about your object oriented d and d gameplay. So tell us a little bit about your your tech bon bonafides.

[00:00:52] TK Keanini: Yeah.

Let's see. I've always been into tech, I started as a musician. I think that blended me well into tech. So I, I tell my kids, I started playing guitar and bass, but but I learned how to play computers, so it's all the same thing to me. Yeah, I got started early on the internet.

At one point in time there was three people in Marin County. On the internet, it was Autodesk Lucas films in my living room. But yeah, I have fun. I've done all kinds of things. I've done video games. I worked for software for 10 years. I did online trading. And, I'm, I've found my home in, in cybersecurity.

I've been doing it for about 30, 35 years now. It was a very different thing when it all got started, but but today it's, it's, it is what it is. We're basically defending against nation state. We're defending against, criminals. It was a very different thing when it started.

When it first started it was just, people enjoying technology frankly. So yeah, just rolling with the punches here.

[00:02:00] Mikey Pruitt: Very cool. I love how you describe that too, like playing computers, it's like a game. That's really awesome. So what do you think sums up 20, 24 before we jump into some future predictions?

[00:02:14] TK Keanini: Man, I, I think we're all trying to get our heads around the wave that is generative AI and how it's rolling through every single department, including. Including it, but, not just it. There's a lot of things that it's disrupting. That the idea of data privacy, intellectual property, all of those things, it's just a real interesting time to be alive right now.

I think it's as transformative as when the internet, washed across. Our lives and our businesses.

[00:02:45] Mikey Pruitt: I gotcha. Very cool. What do you think 2025 holds for the threats that we might encounter?

[00:02:53] TK Keanini: There, there are certain trends that I think have, begun in 2024.

Like we're gonna see a lot more AI being used for not only attackers, but defenders, I think the wildcard still is, what's gonna happen with quantum quantum computing is it's not gonna be linear. It's just gonna happen and then it's gonna basically disrupt everyone.

[00:03:19] Mikey Pruitt: Kind of like the subscription base of Open AI of Jet GPT when I launched. It just goes

[00:03:24] TK Keanini: yeah. There are other things that, that I think are on the rise just because of. The change in how we work, hybrid work and this and that. I think, the norm now is more of a zero trust architecture versus that inside, outside that we may have become familiar with over the legacy years.

So now, you basically have to assume that you're connected on a hostile network. And the question is. What can you trust? And identity becomes a lot more important than it was before. Data privacy I think is going to become possibly a competitive edge. I think consumers are really going to want and demand that companies be better custodians.

Data since there's a lot of it being used out there. So yeah, I, I think some trends are not really surprising. It's just, the quantum one, I think is the bet. Nobody knows when that's gonna come, but when it does come, I think it'll come as a real tsunami.

[00:04:28] Mikey Pruitt: It's yeah. Little by little and then all at once.

Yep. Yeah. That's a very scary world. Quantum computing. We don't even really know what that mean, what that entails, like what it, what would it be capable of? Yeah. Especially when you like, throw AI stuff into that system.

[00:04:45] TK Keanini: Yeah. And you did ask about threats and if we're talking about, novel threats it's hard to say novel because, novel to whom, the people doing deep fake technology, it's certainly not novel to them. They're expert at this point. We are going to 2025, I think is gonna really try our human senses. I don't think, I think we're gonna have to question what we see and what we hear. Which wasn't something we really did back in let's say 20 22, 20 23.

So I think that one is gonna be a little more net new. We're gonna be challenged really, or yeah. It's like

[00:05:21] Mikey Pruitt: there's a difference between taking someone's opinion, perhaps that's like a grain of salt versus someone with authority saying something that is wild. And it wasn't even that person actually.

[00:05:33] TK Keanini: And I've always said too it's very socially awkward. At least at first, like if my wife calls and says, Hey, I just I just bounced a check. Can you please transfer some money? And on, on the phone or even, via maybe some kind of video conferencing. It looks and sounds like her.

The minute I start questioning her. We might get into an argument here. It's a little social, socially awkward, but I think you're like,

[00:06:00] Mikey Pruitt: what was the name of our first pet?

[00:06:03] TK Keanini: She'd be like, why are you what's your mother's

[00:06:05] Mikey Pruitt: maiden name?

[00:06:06] TK Keanini: Why are you being so irritating right now?

Yeah. So I do think that's gonna be weird both in our personal lives and in our professional lives.

[00:06:18] Mikey Pruitt: Yeah. Is this the year that like PGP, like actual key sharing comes into play for any type of communication? Everything needs a keynote?

[00:06:26] TK Keanini: Yeah, maybe. That sounds like a management nightmare to me, but but we're going to have some kind of counter measure.

It might be as simple as, like you said, just some human knowledge that hasn't been, let's say, exposed digitally. To the machines. It starts to sound a little terminator, but but hey, whatever, let's roll with it.

[00:06:46] Mikey Pruitt: Talking about those countermeasures, what do you think the like we both work at DNSFilter and we are strategizing to prevent such things.

So what do you think that companies in the cybersecurity landscape are going to be focused on in the coming years?

[00:07:02] TK Keanini: I think, given the tempo of how things change, I think the tempo, I don't know if you feel this, but I feel like the tempo in 2023 and 2024, things are just getting faster.

Attacks are moving not at, human scale machine scale. I think that it is, it's no longer optional to not consider the speed by which we move both business wise and defense wise. So I think there's a sense of like speed and agility that I think we're gonna have to achieve. We're, we have the capability now and a while back it was, optional whether you considered infrastructure as code was maybe optional that you consider some level of automation.

I don't think that's optional anymore. I think because of the tempo. And the way things are changing. It's almost like the slow will be eaten, back to some factual principle there. I also think that if you look at, if you look at I often use a a thing called the OODA loop to kind of model.

So maybe a quick aside there. So John Boyd invented this concept called the ood loop. It stands for observe, orient, decide, and Act. And his theory was that in, in conflict, he was a fighter pilot in conflict. If you can turn your ood loop faster than your adversary, you will not only disorient them, but you will have the advantage in in conflict.

I think that the first two, the observation and orientation, for a long time we could afford to do that. But again, human scale, I think with AI and everything else, I really do think that, again, the temple by which your adversary is moving it's really no longer an option for you to not consider machines.

And not consider a generative AI or some kind of machine assisted observation and orientation. There's just too much data honestly to really observe in a horizontal manner. You.

[00:09:11] Mikey Pruitt: Yeah, that, that word tempo, I think is really nails it. Because like I've seen the last year or two just my proficiency and, maybe not the quality necessary of my output, but the volume is.

Like 10 x probably just because I've, been making attempts to use these new generative AI tools to do more things. And it's, it is, it does work. And that oodle loop is really interesting. And it made me think of if we have a decision to make here at my house, like my wife, and I want to go to dinner or whatever, like I am the type that will, I will make the decision like super fast, even though it is potentially incorrect.

Whereas she would like to research and, make an educated decision on what it is. Where I've, and I do this all the time, I just feel like make a decision fail fast. 'Cause that's the environment that I'm in. Yeah. So let's talk about AI a little more in depth. So we've talked about it in every kind of question topic we've been having.

So do you think we're approaching the end of traditional it, like AI specifically in IT roles? Do you think we are coming to a precipice? What things will change drastically.

[00:10:25] TK Keanini: I have some really strong theories here, just because I've been doing it for so long. I think, does it mark a punctuation as, as great as, moving from mainframe to distributed systems like moving from traditional IT to public cloud.

Like all of these things, mark punctuality. My life in it, that, that was big. It was really big. And you could see all the, first success with fear and real strict governance because you really don't know what's happening. But as you get more familiar with the technology and you get more safeguards and you get more benefits and results you loosen up.

Think of where, public cloud usage was back 10 years ago. People were just like, oh, no way am I putting that on the internet. And now basically almost all this is right there, right? So I think we'll see the same thing with with regenerative AI is I think we'll see it wash over and really become a embedded part.

Now, the thing that is interesting to me is. What it's doing to us almost on the individual level. I do think that 2025 I would say it's even starting now, but in, in 2025, I call it the rise of the generalist. We've been, we've been taught to, basically if you're gonna do anything you have to go really deep.

You have to have 10,000 hours in it, and you really have to focus on this one thing at the expense of all these other disciplines, right? You can't be somebody who's really great at music and computer science and philosophy and engineering and like all of these things, because frankly, the theory is you don't have enough time to do that.

But I really do think that the value in being human is to actually have a broad sense of multiple disciplines and to use generative AI to go deep. Yeah. So that, that's, I think, is gonna really change the way we do it because even the way it or departments are set up, there's, they're so siloed.

I think here's an opportunity for you to be more of a generalist and operate more horizontally across the company with generative ai. Then if you were to just be focused on your silo and really go deep.

[00:12:47] Mikey Pruitt: Yeah. And because gener generative ai, it already has the 10,000 hours of experience and education in most disciplines.

[00:12:56] TK Keanini: It's passing the exams as if and better than the humans are. Let it go. Really deep. Maybe 20,000 hours, but where. Know how to use the tools are going to be able to operate horizontally in ways that only committees were able to function, but they'll be able to function at the speed of an individual with the broad perspective of the committee, which is just magic.

[00:13:27] Mikey Pruitt: So AI the way it is today, generative ai, and I'll probably say AI a bunch, but generative ai it's basically like an average of human knowledge that's online. It's not. It's not anything spectacular. It can't currently create its own unique thoughts. It can perhaps combine and triage things together that do result in something that seems new or novel.

But it would be more, it would be more likely that humans, we come up with a new novel approaches with the aid of ai. What's the. What, in your opinion, what's the balance of human and AI decision making? Like when they're used together? Start with a percentage, like 50% human, 50% gen ai. What do you think there?

[00:14:13] TK Keanini: Yeah. I think that it depends on the task. I'm always interacting with it in a different role. Sometimes. Sometimes it might be the co-creator of something. Creative, it might be the strategist, I may be interfacing it with something strategic where I'm asking it to take the perspective of multiple personas and and that's actually helpful to me.

And then there's just a, you know how about you just do something on Monday? Just take it off my plate build a table write some code do something that frankly is very mechanical. I, it just depends on what you need it. Now I wanna go back to something you said before because I truly believe that it is the human boundaries of cognition that is.

Holding back the ai. There's multiple instances where AI where the human was taken outta the equation and the AI was collaborating with other ais and they started to develop languages and communication that the humans basically weren't participating in. So if in that scenario, you, we are actually more of the governor and the speed bump in this whole evolution than the AI is.

So I just wanna park that there.

Yeah.

[00:15:41] Mikey Pruitt: Yeah. That is interesting. It's like they're creating a language where they trying to create their own language so that we could not understand.

[00:15:50] TK Keanini: That's really scary. It's happened and that's what I'm saying. There is even that phenomenon with children that, that they will over time develop their own language together, independent of society.

Evolutionary trait can exist in AI if AI work to only be operating with other ais. So

[00:16:13] Mikey Pruitt: yeah. Perhaps it's like a shorthand of sorts, though. Not necessarily malicious. Like I have a three-year-old. It could be, and he's he has friends that like his preschool and they will say the weirdest things, but they understand what, it's like almost like noises like animal sounds, or maybe the ai, like a court recorder is just using shorthand to get there faster.

[00:16:35] TK Keanini: Hopefully great. No, I, it's just a, it's just, again we live in very interesting times

[00:16:41] Mikey Pruitt: here so actually I have a few questions outlined. My next question is actually the dystopian versus utopian future of AI gen AI in our world.

Do you think everything looks, things look good, the sky is bright, or are we in for the matrix?

[00:17:01] TK Keanini: Oh, man. I gotta hope, I gotta hope that that it's for good, right? With all technology to date doesn't really pick sides. The the chef knife could be the murder weapon.

The the gunpowder could be used for celebration or for or for wartime. Over time or the 3D printer could print a heart valve and it could print a a firearm, a gun. Yeah, exactly. So I think we're gonna, we're gonna come upon that with ai.

The thing that's different possibly with the AI is that it's operating at a cognitive level with us, what at appears to be. And so I think. I think the same thing's gonna happen, but maybe in a different way, which is the people who want to use it for evil will try and do that. And the ones that want to do for common good will, will do that.

And

[00:17:54] Mikey Pruitt: yeah,

[00:17:55] TK Keanini: I just gotta hope that, we're building a, the world a better place. That's, yeah. At least that

[00:17:59] Mikey Pruitt: means the humans, even the bad ones are still the conductors of this technology. And the technology itself is not. Trying to harm us.

[00:18:07] TK Keanini: Yeah, that's right. And again, I, I just

idea of.

It is oftentimes in the eye of the beholden to whom? To whom? Yeah,

[00:18:23] Mikey Pruitt: exactly. Which task? Just like you said a moment ago about, which percent of humanity versus AI goes together. But anyway, so AI is a huge topic for 2025. It will be for the rest of our lives, I imagine, or at some point it may just be part of the fabric of, the world, so we won't have to talk about it. But right now it's new and it's concerning in ways and helpful in others. But I wanna talk about one of a previous transformation, the move to the cloud. And you actually brought this up earlier. There was, a move to the cloud and a lot of companies were scared, I guess would be, for lack of a better term, I actually saw, are you familiar with DHH, David Meyer Hanson, the from 37 Signals they created. Oh, base camp. Oh, I do know that. Yeah. Uhhuh. Yeah. So he created Basecamp. He was telling the story of the White House, called them and said, Hey, we'd like to use Basecamp, but we wanna self-host it 'cause we're the government and we can't put our data on your cloud or whatever.

So there's been this. Pushback against your data on someone else's computers, which is totally understandable, certainly understandable for a government. But I, I feel like this is still a transition in progress. No, not everyone is using the cloud in the way that it was meant to. I pretty sure you have thoughts about that too.

Why don't you tell us?

[00:19:47] TK Keanini: Yeah. We've definitely seen it play out, the people that were cloud first and the people that were cloud last the people that were cloud last I think were just ineffective in, in articulating their requirements. It wasn't that they didn't wanna be cloud first, it's just that they had different requirements than the others.

And I think we've seen that, that play out because we have now more industry specific clouds. That have met those needs. So I think that's a trend that has played out. I do think it's still evolving. The, there seems to be also a greater interoperability between clouds and even micro architecture.

We build applications to scale a lot differently than we did before. And and again, a lot of tools have. To be hyper. And I think that really speaks to a greater interoperability between. And clouds. So

[00:20:50] Mikey Pruitt: the cloud providers basically can meet those requirements of the cloud last folks because they can segment portions of their data centers or data centers themselves to different industries so that they're, yeah, like I know they're still our computers, but they are just your data.

You can have physical access like they're making. They finally figured out like the cloud generically is not for everyone.

[00:21:16] TK Keanini: Yeah. That's right. That's right. And I think we'll see the, I think we'll see the same with with generative ai. I think we'll see some segmentation happen and some niche markets get served specifically because they have, I.

Industry specific needs.

[00:21:32] Mikey Pruitt: And the, a lot of the Gen AI tools we're using now are very general. General. Yeah. Chad gt, like they're very broad. But yeah, you can easily train them and even train some of the open source models to be very niche on something you need, like maybe medical research, things like that.

That will be a very exciting time.

[00:21:50] TK Keanini: Yeah and it speaks to, I think maybe in 2025 we'll see more applications with small language models versus the large language models. I think that's probably a good prediction too.

[00:22:01] Mikey Pruitt: Yeah. Good one. What about the oldest technology of the internet, DNS itself, which is where we work, and the layer that we try to protect at DNSFilter?

I said try, but we do a really good job of it. If you haven't checked this out yet, you should, but DNS is like. It was made in like the sixties. It's had a few security protocols tacked on. But what do you think happens to DNS in the next year or maybe next decade? Because it's a very slow moving technology.

[00:22:31] TK Keanini: Yeah, it's slow, but it's so fundamental that I think it it's really a good, it's a good thing to watch trend wise, with, its first job was just to scale and I think it, it probably sh showed us one of the most the best decentralized model to decentralize the administration of let's say, name space, right?

I think it did that very early on. I think the next battle that.

Be resistant to attack, the security aspects of cryptography getting into dNS and that, again, when it started, it really wasn't a need, but that, that need grew and it met that need. So I think that's another trend we can watch. The other one is just the massive growth of cloud public, cloud technology.

All the micro architectures, all the internet of things, like there just are more IP address and that therefore there's actually much more of a namespace, particularly as we cover the address space of ipv. Six Ds is mandatory's. Typing in from memory ipv six addresses here and there. So I think those things speak to where we came from and maybe point to some of the trends.

I think the new trend that everybody's dealing with is it's these two counters between security, intelligence and performing. Cybersecurity because of the intelligence you get from DNS and the other side of that is privacy, right?

Yeah.

And the question is private to whom?

Really a great question. But those two kind of work at odds with each other because, when you make something opaque. You can't you have to take it out of your observational domain, so it's no longer in your loo. It's not observable anymore. You can make inferences about it but frankly, it's not directly inspected.

So again, the privacy people are pushing for things like DNS over HT p and we see DNS moving closer to the application. So may maybe to summary rise it, I think. I think the namespace and the DNS function moves closer to applications than where it exists now in the network.

I think that privacy becomes something first class that needs to be addressed. And when privacy grows, the security intelligence side of it has to evolve because we have to figure out different ways to observe behavior. Think about this. We see 130 billion requests per day.

If there's a corpus of data that describes the way people are behaving on the internet, DNS is one of them. So the one, yeah so it actually is a great corpus of data to, to train on, to, to do AI stuff with. But again, there's a lot of decentralization and censorship issues and privacy issues that we really do need to address head on.

[00:25:41] Mikey Pruitt: So I think you left out, you were going through your checklist at the end there, and I think you left out a year of IPV six. Did I hear that? It's finally gonna happen?

[00:25:50] TK Keanini: Yeah. It is happening. It's just happening in a way that isn't that spectacular. Nobody's gonna be throwing a party.

Probably, your compute today will probably use more than 50% of these six addresses than before, out of, again, out of pure necessity.

And that is just, that's just a fact. There's no celebration for that. It's just gonna sneak up on us and pretty soon, again, out of necessity, just because we need more addresses.

We, we have long since run out of V four addresses, and so I think 20 25, 20 26 is just more V six

[00:26:30] Mikey Pruitt: necessity. Yeah. That everything being directly addressable because there are enough addresses really helps DNS 'cause as we know, like I actually have the shirt on right now. It's not DNS, it was d it is always DNS is what breaks your network.

But DNS is hard 'cause we had some imposed restrictions on ourself because we didn't have the technology to do it. But now we do IPV six. One of the pitfalls is having nat translation and all that, everything behind a router. But if everything is directly addressable by the internet, it definitely makes DNS management, not the cybersecurity part necessarily, but the actual management of DNS under network a lot easier.

I'm definitely looking forward to that.

[00:27:13] TK Keanini: Yeah. In design, there's always this concept of the underlay versus the overlay. You want the overlay to face the application. You want a nice little abstraction of the overlay. DNS truly is the, a great overlay to all the numbers that exist, that run the internet, right?

And it's the paved road. People understand DNS people don't understand a sequence of decimals separated by periods.

[00:27:40] Mikey Pruitt: Yeah. Not very human friendly.

[00:27:42] TK Keanini: There's just no, it's really hard to get a bunch of semantics attached to anything other than 1 2 7 0 0 1. That's the hero of address space.

Right? That's whole. What do you

[00:27:54] Mikey Pruitt: think, what do you think the future of DNS security looks like? Is it still categorizing domains as they come online and recategorize them frequently? What do you think DNS security looks like?

[00:28:06] TK Keanini: Yeah. And that I think is just a pattern that, that faces all of scalability, which is.

There's just too many members to the set. So you have to find set criteria to compute the members to a set. The sets are meaningful to somebody and frankly, nobody's got time or the staff to put all the members to the set or maintain those sets. So I think categorization is really a first class utility too.

Building policy and everything else, right? Just everybody building policy frankly, does not have the time. To manage the membership of sets. And so I think that's a first class value of somebody who is doing DNS protection. Whether that, again, whether that is that category is threat, whether that cart, is online shopping political affiliation, what, whatever it is no one's got time to.

Particular categories.

[00:29:10] Mikey Pruitt: So I just this just came to me Carl, if you're listening, pay attention. So the, so you know how everyone is like sprinkling AI into their products. DNSFilter, we've had AI more like machine learning since 2015 categorizing domains. But there was like, we don't need to add AI into our product 'cause, whatever.

But. In reality, the categories that DNSFilter has are flattened a little bit to make it easier to manage. There's more, way more categories that we actually u use on each domain, but in the interface and in our APIs and stuff, we flatten 'em a little bit, however. If you could tell ai, for example, your threat profile, the type of industry you're trying to protect, it could use the much larger categorization set and do a more fine tuned policy based on your needs and crunching more data than you can as a human.

So just an idea guy here. You can run with that. Yeah. How I'm curious, you mentioned PRI data privacy a lot. Do you think that IT leaders are gonna have to do things differently? Or are they are already doing them?

[00:30:30] TK Keanini: Yeah, I, I think 2025 is the year where we really need to start asking the question. Not just data privacy, but privacy to whom? I think we have an opportunity for for us not only to be more accurate in the broader policies, but. I think the actual, data privacy can really come down to the individual, and having some kind of emphasis on user consent and, real proactive compliance measures which I don't think really, happened today.

What happens today, or at least historically. Policymaker, whether they understand the technology or not, they actually make policy and that is a either sticks or doesn't stick. And so it's this sort of trial and error thing that, a lot of bad things have to happen for that policy to get refined.

I think we have an opportunity to really try and get in front of that, maybe, some kind of privacy by design principle. I do think we're gonna see a lot change in privacy, which is we'll be able to say, privacy means this to an individual, privacy means this to a community.

Right now there's just too much policy that is, let's call it the, the default route. It's supposed to fit everyone. And frankly I just don't see that lasting. Or if it does, it's a very small. Policy that is universal.

[00:32:09] Mikey Pruitt: Gotcha. And I was just gonna ask you if you have any a closing statement of sorts, and that sounded really good.

But do you wanna add anything to, like other things that we should expect to see in the future coming up?

[00:32:23] TK Keanini: Not really. Just have fun with it. It's one of those things where. I really do think we're gonna have to check our ego at the door. When we're dealing with generative ai, particularly with AI becoming so advanced we're gonna have to think of it as more of a thought partner than a threat.

And for those who do truly embrace it, I think the future really bright.

Don't those people,

[00:32:57] Mikey Pruitt: the a AI is the,

[00:32:59] TK Keanini: it sounds, yeah, it sounds stupid, but but once you, so here's my, if you really are a critic to ai, I would only ask that you get your hands as dirty as you can in it and experience it for yourself. Because, it's like diet, which is, I can tell you what I eat and you know what I like.

Honestly it's your, it's you being an expert in yourself, right? Because, when, you know you might be able to eat nine eggs a day and not have high cholesterol, so I would say that, the AI journey honestly, is a personal one. I can tell you how excited I am, but they are for personal reasons and how effective.

You're gonna have your own story. So I would encourage people to write their own story.

[00:33:52] Mikey Pruitt: I totally agree with that. We've had conversations here at DNSFilter about ai, and a lot of people are a little nervous to use it, which, with good reason, there's certain things that it can do that we don't fully understand.

We certainly don't wanna put any proprietary data in there. But TK said, like getting your hands dirty, it's really, with safeguards in place, getting your hands dirty is really the easiest, fastest way to learn. Yeah, AI specifically. True. TK, thank you for joining me on the episode.

I appreciate it.

[00:34:25] TK Keanini: Thank you.