Using Cyber Policy to Mitigate Risk
KITECAST – Betania Allo
Betania Allo is a distinguished expert in cybersecurity law and public policy and frequently presents at international forums and events. She boasts an impressive academic background with advanced degrees from Harvard University and Syracuse University. Currently, she is pursuing a doctorate in engineering with a focus on analytics at George Washington University. Her extensive experience includes serving as a Program Management Specialist and Senior Officer at the United Nations, where she addressed complex issues related to counterterrorism and technology.
This Kitecast episode delves into Betania Allo’s multifaceted career journey, highlighting her transition from law and public policy to the specialized field of cybersecurity. Her decision to move from Argentina to the U.S. for graduate studies, combined with her background in international relations and law, set the stage for her focus on cybersecurity. Betania’s efforts to bridge the gap between legal experts and technologists are emphasized, underscoring the importance of understanding both domains to effectively tackle global cyber threats.
The podcast discussion covers Betania’s tenure at the United Nations, where she worked on counterterrorism and technology. Insights are provided on how terrorist groups exploit digital platforms for recruitment, communication, and fundraising. The challenges of safeguarding these platforms and the importance of a multi-stakeholder approach involving private sector companies, NGOs, and academia are examined. Betania’s experiences during the pandemic revealed the increased vulnerability and exploitation of digital spaces by terrorist organizations.
Betania also discusses the rehabilitation and reintegration of terrorists through technology. The significance of using technology in the initial screening of individuals for accurate assessments and tailored rehabilitation programs is outlined. Despite the challenges, Betania advocates for incorporating artificial intelligence (AI) and other technologies to enhance rehabilitation efforts. Her innovative approach aims to create unified systems for better data synchronization and resource allocation, particularly in regions with limited infrastructure.
Finally, Betania argues that political decision-making needs to be tapped in prioritizing technological advancements and cybersecurity investments. Continuous collaboration between governments, tech companies, and security experts is deemed essential to stay ahead of emerging threats. As such, she points out the need for engaging training programs to build a robust cyber culture within organizations and beyond.
LinkedIn Profile: https://www.linkedin.com/in/betaniaallo/
Transcript
Patrick Spencer (00:03.202)
Hey everybody, welcome back to another Kitecast episode. I’m here with my cohost, Tim Freestone. Tim, how are you doing today?
Tim Freestone (00:10.274)
Good, we took a few week hiatus, nice to be back.
Patrick Spencer (00:13.406)
Yeah, likewise. I’m ready to go back on vacation, actually, but we got too much work to do. And today, we have a real treat. We seem to be coming up with a lot of really interesting people to speak to lately, and we have another one today. Tim, we’re talking to Batania Aloe. She’s an expert in cybersecurity law and public policy. She currently presents frequently at various forums and events. She’s a consultant.
Tim Freestone (00:17.066)
Yeah, this looks so good.
Patrick Spencer (00:40.826)
Previously and we’re gonna touch on this in the podcast She spent about three and a half years at the United Nations as a program management specialist and senior officer Dealing with various cybersecurity and privacy Issues she’s working on a doctorate in engineering at George Washington University right now in analytics She holds masters from Harvard University, Syracuse University and has a boatload of other educational
accomplishments which we can talk about during the podcast makes me feel pretty stupid due to all the Academic achievements that she’s had so but Tonya. Thanks for joining us today
Betania Allo (01:20.478)
Thank you so much for having me on the show.
Patrick Spencer (01:23.626)
Well, we’re looking forward to this. Well, let’s start by talking about why you have all these different degrees in different areas, public policy and law and cybersecurity, and now you’re doing something in data analytics and AI and engineering. That’s quite a potpourri of different areas to cover from an academic standpoint.
Betania Allo (01:47.798)
Mm-hmm. Yeah, yeah, I totally understand sometimes it’s difficult to make sense of it, but it did make a lot of sense when I was working towards those degrees. So I graduated as a lawyer in Argentina, where I’m originally from, and after working around seven years in government, in policy, and more related to politics and campaigning, etc.,
I decided to move to the US for graduate studies, and that’s when I got my degree in international relations, and I specialized in international security. I realized that I was becoming a generalist and that the market was looking for specialists. So I moved directly from Cambridge where I was doing my…
my masters to Syracuse to pursue a master of laws and directly focused in cybersecurity law and policy. So this way, from a legal standpoint, I was able to understand how technology and policy converge with law. So after that, I had
like some experience in the public, in the private sector. And then I moved, as you mentioned, to the United Nations where I was working in counterterrorism, not privacy. I was working in counterterrorism and technology, the linkages between counterterrorism and technology. Then I’ve done consultancies for the Organization of American States, always related to, you know, the fight against transnational crime.
So yeah, and then last three.
Patrick Spencer (03:45.222)
How did you get into that area of cyber security and international sabotage and so forth? It’s very fascinating. You went from law. How did you get into that area?
Betania Allo (03:57.682)
Well, I’ve always thought that lawyers, and I don’t think it’s just a thought, I think it’s more of a fact, but I don’t have any evidence, but I’m completely sure that at some point, the lawyers are scared of technology. I had some entrepreneurial ventures here in Argentina related to technology, and it was really, really hard to convince practitioners to, you know,
embraced technology even when it’s going to make your life easier, your work more efficient. Only big, you know, big law firms were interested. So I started realizing that there was this gap between the regulators and the innovators and that the regulators and legal experts very unlikely would
try to understand the language of the innovators and vice versa. So I decided to bridge that gap, to be that nexus between them. So I’ve always been very, very interested in technology, but for me, I was also scared to get hands on it. So I learned how to code almost my late 20s.
So it was something that I started exploring when I was not in college, you know, that’s what I mean. So, you know, when I studied international relations, that’s when I started looking into this and I started studying more and investigating and you know, cyber threats aren’t confined to individual companies. They also have the potential to destabilize entire regions.
So that’s what led me to take this more international approach and ultimately led me to the UN. And there I analyzed the connections between, you know, counterterrorism and information and communication technologies. Think of it as how terrorist groups use the internet for recruitment, communication, fundraising. So…
Betania Allo (06:23.162)
Uh, yeah, that’s, uh, that’s like how I ended up. And I hope it does make sense for you and, and the audience is listening.
Tim Freestone (06:29.986)
That’s, no, the, how you brought it all together, but that ending part is really, really interesting to me. What did you discover in three years? How terrorists are using, cause it’s almost, it’s one in the same now, you know, you can’t be a terrorist without leveraging cyber terrorism. Um, but I’m just curious what you discovered. Was there anything that really stood out that was surprising or scary, frightening in that time?
Betania Allo (06:58.422)
That’s a really, really good question. Though one of the most wonderful things about working at the UN and having that, it’s such a privilege to serve the entire world is that it is an eye-opening experience and you have the opportunity to work in niche areas that otherwise you wouldn’t be exposed to, right? And I was able to look into the digital dimension of terrorism.
Tim Freestone (07:20.756)
Mm.
Betania Allo (07:28.486)
As I mentioned, I worked in how to safeguard digital platforms like social media in general from violent extremist narratives and rhetoric. And when the pandemic hit, it was extremely interesting. I think that’s one of the key points of my tenure there, because.
we were analyzing things in a way, you know, and then when the pandemic hit, all of a sudden we were all at home and this narrative had a captive audience that it was very easy to reach. And if you guys remember, there were all these conspiracy theories, a lot of memes, of course.
And there was a lot of violence also, you know, underneath. So I think that if we think about it, the lessons learned that I had and what I was exposed over there, it was an experience that I’ll always be very grateful.
Tim Freestone (08:44.518)
Did you do it? Did you work during the elections? Because there was a lot of at least talk of cyber fraud and jimmying the elections, I guess. Have you saw any of that?
Betania Allo (08:59.926)
So not in particular because we were, so in my role mainly, so I had like two main roles when I was working there. First, I was working in, it’s an executive directorate that depends on the security council. So what I was doing was to look into the ICT
perspectives in how the member states implemented security council resolutions related to counterterrorism. So that was one approach. So I was very focused on what was happening in the countries that my colleagues were visiting and helping them as well to understand that.
Tim Freestone (09:39.97)
Hmm, I see.
Betania Allo (09:55.638)
part of it, the part of the technological and how the member state is implementing legislation related to computer crimes, for example, and things related to that. And then as well, another part was to do the political analysis of the assessments that my colleagues went to do to the member state, if that makes sense.
Afterwards, I had the opportunity to move to the Office of Counterterrorism, and I was working in the linkages between the prosecution rehabilitation and reintegration of terrorists and technology. So in that long chain, and especially when we’re talking about individuals who, for example, are being repatriated from conflict zones like
It’s happening very slowly now from the people who, some member states have grounds to believe that had ties with Daesh, for example. And you must be aware that there is a huge camp in North Eastern Syria where they’re being held and some states are being reluctant.
in terms of in which conditions they are repatriating these individuals. You must have heard of Shamima Begun case in the UK that she was stripped from her citizenship and she’s there. It was like very, very notorious case. There’s documentaries about her, et cetera. So again, you know, like it is from what I’m saying, you must realize that it’s such a niche area.
But I feel so passionate about it and knowing that my background perfectly aligns with this kind of work, for me was absolutely fascinating because it ended up having, I used that I maybe I wasn’t expecting I would have never imagined.
Tim Freestone (11:58.05)
Sure.
Tim Freestone (12:12.042)
Yeah, I mean, it’s incredibly important work. And so, you know, obviously thank you for that.
Patrick Spencer (12:19.662)
There are large team involved in these two initiatives at the UN. You know, how, if you can talk about it, you know, how many people are involved? This is a boat, both your, your initial job and then the latter job that you had are huge undertakings or there are a lot of people involved and there’s a lot of coordination with the technologists as well as the, those that are, you know, trying to influence public policy. How does all that work?
Betania Allo (12:44.698)
Well, it is challenging. There are a lot of experts working, thankfully. But also, a multiple stakeholder approach is extremely important to be able to move forwards and to make actual impact, right? Because you need to have different perspectives. So for example, when I was mentioning before how
platforms from extremist narratives or content, to be more specific, we were working constantly with the private sector, with these companies per se, to understand different perspectives, but also with NGOs.
with civil society organizations, academia, to understand, you know, also what’s happening on the ground and where they’re seeing in their research endeavors.
Tim Freestone (13:49.174)
You mentioned the intersection of technology and what was it? Rehab, rehabilitation of terrorism. Is there more you can say about that intersection? I have seen a number of documentaries on terrorism rehab, which I find fascinating, but not the connection to technology. What did that look like?
Betania Allo (14:12.662)
So it is very challenging to implement sometimes because the issue starts with the screening of the individual to understand what are their most urgent needs and whether this individual is going to go through the criminal justice system or not. So.
Tim Freestone (14:38.83)
Mm-hmm.
Betania Allo (14:41.166)
my proposal has always been to incorporate technology as much as we can in that first step so that we’re not carrying an error throughout the rest of the chain, right? So in terms of rehabilitation, I have seen really successful programs that, yeah, they incorporate technology, but not in the sense that we…
Tim Freestone (14:52.418)
Makes sense.
Betania Allo (15:09.014)
can imagine in terms of, I don’t know, emerging technologies. But technology is incorporated because they work, for example, in trade or vocational trainings to be able to get back to society and work, things like that. But I think that actually my proposal, and I’m not saying that
it was successful because it’s very challenging and very ambitious. But that’s something that I in particular was trying to push. And it’s a work that probably will take, I don’t know how many years to try to have a system, a really unified system in which we can properly screen individuals.
and that this information is synced throughout databases. But of course, there are problems with infrastructure sometimes, and the states that need it the most sometimes are the ones that have less infrastructure, you know what I mean? So those are things that I always had in mind in terms of this intersection.
Tim Freestone (16:23.042)
Yeah.
Tim Freestone (16:31.038)
I’d imagine there’s a good opportunity, if not already in play, for the advanced AI systems to at the beginning, like you said, conduct interviews, understand body language, rate sort of rehabilitation ability, one to 10 prescribed processes that are unique to the individual versus as a whole.
Betania Allo (16:49.651)
Mm-hmm.
Tim Freestone (16:57.73)
you know, as you were talking there, I’ve gotta imagine that that’s starting to play into it a little.
Betania Allo (17:04.35)
Yeah, that’s absolutely right. That’s absolutely right. AI plays a crucial role. We cannot ignore as also the potential it has to be used by malicious actors, right? So for example, terrorist actors can use AI for…
to automate attacks, to create more sophisticated malware, to go back with cybersecurity, or even launch, as we were saying, disinformation campaigns and conspiracy theory theories, et cetera. So I think that the race is on, and we need to ensure that AI remains a force for good in cybersecurity and international security broadly.
constantly innovating and staying ahead of the curve, which is one of the greatest challenges. When I was thinking about this gap that I wanted to reach eventually, I was thinking about how do you stay ahead of the curve in regulation when technology advances at such a fast pace, right? Because otherwise we’re always, always behind.
So of course, I’m a huge fan of partnerships. And this kind of work requires collaboration between governments, tech companies, and security experts. So yeah.
Patrick Spencer (18:47.258)
You bring up an interesting nuance there. It plays into your public policy work. Sort of a two-way street when you talk about cybersecurity and public policy. You have, obviously, the government that makes certain decisions from a cybersecurity standpoint, and those float downstream, usually to start with to the government agencies, but then those spill over into the private sector. But then you have the private sector trying to influence
different regulations from their standpoint at the same time. So they’re both going in two different directions. You’ve had a chance to work on both through your career. Where do you see things headed, right? We have a lot of regulations, relatively new regulations like CMMC 2.0 is out there. And then you have cybersecurity standards and protocols like FedRAMP.
within in Europe, you have certain things that are on the horizon like this too. Where are we at today and where are we headed? And how does the government play a role and how does the private sector play a role on that two-way stream of thought?
Betania Allo (19:59.542)
That’s a really great question. I don’t think there is a straight answer for it, because, for example, the other day, I had the opportunity to be on a podcast in Spanish with an expert from Costa Rica. And we were talking about the main topic was technological neutrality. But we were talking about this as well, right? How do we achieve this?
this balance between regulations that don’t hinder businesses, right? And I think that your previous podcast with Edna was related to this topic as well. You mentioned something. In my personal opinion, it has a lot to do with political decision.
Betania Allo (20:59.694)
at the end of the day, we’re talking about politicians who are doing these things, right? And they need to have a lot of interests in consideration. But one thing that we’ve noticed that is very difficult for politicians, for policymakers, to have into consideration is the opinions of the experts. Sometimes…
And it will be like, how come? Like we are regulating technology. It’s unbelievable how it is so difficult to properly influence policymakers in terms of what the technology is about. So that’s why I go for the political decision to actually put this as a priority and…
I always say that in Latin America, for example, the urgent always overlaps or overshadows the important. It’s because we’re always in a crisis and trying to solve something that is extremely urgent, but this is also important, right? And one of the things that are going to make the difference in the next few years is how much you invest.
in technology and technological resources and in human resources who are skilled for the world that is coming. And, you know, coming from Saudi Arabia that I lived there for one year, I see how much it has to do that there is a, when there is a political decision, because
everyone can say, oh, well, but it’s a wealthy country, et cetera. But you know what? When you start becoming that international actor who is investing and prioritizes technological advancements, and it’s embedded in every single project that you make, not only the GIGA projects that everybody knows about, but also within the government. Last year, I had the opportunity to speak at
Betania Allo (23:22.694)
at a conference organized by the Ministry of Justice of Saudi Arabia. And actually next week, I’m going to the conference of this year. And they were talking about how they implement AI in the justice system, right, to make, you know, legal practitioners’ lives a lot easier. So in different…
sides of governments, technology is incorporated. And that inevitably brings attention and therefore foreign investment. So I think everything has to do with everything when we talk about these things, but I think it boils down to political decision and to be willing to listen to all interested parts involved.
Tim Freestone (24:19.35)
You mentioned earlier that you had trouble in your career earlier on introducing technology into the legal industry, maybe the regulators as well. And then right there, you had mentioned that it’s starting a little bit, integrating technology with legal practitioners. Do you see it improving? Because I know in the past few years of my career here and there, certain types of professions
are not disposed to efficiencies. And it generally comes down to those professions that charge by the hour. But just curious what you’re seeing if that’s changing.
Patrick Spencer (25:00.822)
Lawyers and accountants.
Tim Freestone (25:02.53)
There you go.
Betania Allo (25:06.432)
Well, it really depends also in the size of the firm. I see big law firms wanting to be ahead of the curve and getting all the subscriptions in the market of absolutely everything. It’s also a way to market themselves and to be different and forward thinking.
When I see medium size or small size or solo practitioners, it is very difficult for them to see investing in this as a benefit. When actually, I think that many times, these legal tech solutions are more beneficial for small firms that have less.
employees working than big law firms that have a lot of resources. But it’s very difficult to, since usually there are subscription-based services, it is sometimes difficult to market, to tailor, tailoring that audience in particular, because it’s very difficult for them to see how this is an asset.
in terms of being scared of how this really benefits my practice. And also it is expensive. It is expensive. So why would I need to do this? Like I’m old school. I’m doing things like I’m used to. You know what I mean?
Tim Freestone (26:51.466)
Yeah, sure. I absolutely know what you mean.
Patrick Spencer (26:53.954)
break old habits in comfort areas.
Betania Allo (26:57.655)
Old habits die hard or something like that. I think it’s amazing.
Patrick Spencer (27:03.482)
Well, speaking of AI and analytics with your current degree that you’re working on, you have from a cybersecurity analytics standpoint, Tim and I were over at Fortinet, it’s been a few years ago now, but FortiGuard Labs had lots of interesting data points when it came to cybersecurity and cyber attacks. You have Darktrace, which is rumored to be on the acquisition target right now. You have Sentinel-1.
You have other players in the marketplace, you know, CrowdStrike and so forth. When you look at analytics, which is what your degree is on, is there room for improvement here? Are we leverage all the data that exists? Are we just scratching the surface? And there’s a lot of areas where advancement can be made. What’s, what’s your opinion? Where do you see us headed, uh, as well in the next few years?
Betania Allo (27:55.342)
Well, for everybody who’s listening, you know, in the world of AI, it is this, I think, cybersecurity analytics, I think it translates to using machine learning algorithms to sift through massive amounts of data, network traffic, logs, user activity, to detect certain patterns that might indicate…
hints of the cyber attack, right? I am encountering that issue right now as I think about my research, as I think about my topic. There is a lot of room for improvement and there are certain topics that for me are extremely interesting, but there’s still not a lot of literature or data.
So it is becoming very, very challenging for me to actually find, because this program that I am pursuing, sorry, this program that I am pursuing has a more hands-on perspective. It kind of prepares you for real life. It’s not that academic focus. That’s what I’m trying to say.
Usually when we think about PhDs, we think about, you know, an academic career. This is more related, more focused to the practitioner. And with my passion for policy, you know, and my background, I think that I needed that technical skills, those technical skills, although of course, I will never be a developer, I will never be.
you know, the incident responder, you know, that’s not my role and the role that I am prepared to do. But I do think that I need to understand what happens and how the cybersecurity department works and what are the dynamics to be able to, you know, be effective in any new role of the, you know, PRPL team.
Betania Allo (30:11.738)
So, yeah, I am right now trying to answer that question with, you know, advisors, with mentors, with the Gemini and ChattGBT. It is not easy.
Tim Freestone (30:29.713)
You should try Claude.
Betania Allo (30:31.602)
Mm-hmm. Yeah. No, no. Yeah, it’s, uh, it’s, it’s very, because I, you know, I see what other classmates are doing, what they are looking into. And, you know, you want your research to be focused on something that is important to you and that you actually are proud of, you know, being the experts on it. Right. So yeah, that’s, that’s where we’re standing right now.
Tim Freestone (31:03.214)
Good. Are you, um, I don’t know. It’s kind of a side ball question, but, um, I’ve just been hearing about it a lot lately in relationship to safety, more physical safety than anything, but the tech technology that is going into pretty much our everyday lives and soon to be robot assistance, um, but self-driving cars and kind of how cybersecurity and technology on a consumer basis.
intersect and will intersect in the future with AI and what that all means for future of humanity, for lack of a better question. Do you focus on that at all?
Betania Allo (31:43.158)
I think, look, when I was working for Neom, which is the smart city that Saudi Arabia is building from the ground up, I started to think about smart cities and cybersecurity in a different way. Because if we envision what you were mentioning,
technology embedded in every single fiber of our life, we need to be agents of cybersecurity and have cybersecurity awareness feel second nature to us. And how do you accomplish that? If you, if we’re talking about a city like the line that what Saudi Arabia is building,
Since it’s from the ground up, probably we can think of some kind of awareness for everyone who has any kind of affiliation to the city, right? So you will know that there’s a certain standard of awareness that everybody should have. Now what happens with, you know, the rest of the world, right?
And I think that even within companies, so I have been in charge of cyber culture and awareness programs. And I have talked to colleagues who have implemented their programs in their own organizations. And the most challenging thing is to engage the people to actually pay attention to…
you know, to what you want them to learn. Because it gets like, you know, there is this thing, I think it’s called like training fatigue, you know, like, oh, yet another cybersecurity training, you know? And then when something happens, no one knows what to do. I remember a simulation once, a phishing simulation, instead of people actually going through the procedure, they were texting me.
Tim Freestone (33:46.774)
Thank you.
Betania Allo (34:04.434)
Hey, I got this email that looks really weird. Like, what should I do? And like, it’s a mandatory course. You know what I mean? Like, it’s, and you have like a button in your email account to report it. So, I think that, but I don’t blame the people. I think that the challenge is how do you make this content interesting and dynamic? Because I would think.
let’s say if everyone has to have a certain level of financial literacy and the finance department of my company wants me to take this mandatory training on finance, most likely I will be like, I want to get over it because I find it super boring. But I think how do you make it interesting? How do you make me feel that I am part of the solution? Right?
So that’s what we started to do, trying to have ambassadors or champions in each department who are kind of the representatives of the cybersecurity department in their own office. It’s very, you know, it is challenging, but it is not impossible. And it’s not impossible. And it’s possible to really reduce the…
the numbers and the percentage of attacks, especially when we’re talking about, you know, human factor kind of attacks, and when you have a good robust cyber culture and awareness program going on.
Patrick Spencer (35:49.47)
Now, those are critically important. You’re spot on there. Well, but we appreciate your time. This has been fascinating from the standpoint of we have someone who’s approaching cybersecurity from all these different avenues, legal policy, cybersecurity itself, someone who taught themselves coding in their late twenties, right? You’re a lawyer, lawyers who code. That should be a whole podcast.
Tim Freestone (35:50.187)
100%.
Betania Allo (35:53.596)
Yeah.
Betania Allo (36:02.558)
Mm-hmm.
Betania Allo (36:14.127)
We don’t know how to sum, like I cannot calculate a tip.
Patrick Spencer (36:19.584)
But we appreciate your time today. This has been a fascinating conversation. I’m sure our listeners are going to find it very useful. For our listeners who want other Kitecast episodes, you go to kiteworks.com slash Kitecast. So look forward to hearing more about your work on public policy and we’ll watch for that dissertation when it comes out.
Betania Allo (36:44.198)
Inshallah. And thank you so much, Tim and Patrick, for inviting me. It’s been a pleasure. It’s been a really, for me, it’s fascinating conversation. I hope that, you know, I can, this passion is a little bit contagious, hopefully for the audience as well, because I understand that when I start talking, it’s hard for me to stop, especially when I get too excited about something. But I would guess that…
By the time that this episode airs, I will be in conferences in Saudi Arabia and in Switzerland more or less. So if you wanna follow me on LinkedIn, I will be sharing my insights and everything regarding those all cybersecurity conferences and related to digital transformation as well. So it’s probably of the interest of your dear audience. So thank you so much.
Tim Freestone (37:36.566)
Yeah, thank you.
Patrick Spencer (37:36.714)
Yeah, that’s great. Thank you.