Jay Bavisi, CEO and Group President of EC-Council, joins us live from the New York Stock Exchange to discuss the critical role of ethical hacking in today’s cybersecurity landscape. With over 25 years of experience, EC-Council trains cybersecurity professionals to think like hackers in order to stop attacks before they happen. Bavisi explains how the Certified Ethical Hacker (CEH) program provides hands-on training across five key phases of hacking, giving defenders the skills needed to protect organizations worldwide. He also dives into how AI has expanded the attack surface for hackers and the growing importance of governance, defense, and responsible adoption of AI in enterprise systems. From the evolution of the modern hacker to the challenges of securing AI-driven technologies, this conversation highlights the strategies and mindset required to stay ahead in the ever-changing world of cybersecurity.
Get the latest news and updates on FINTECH.TV
Jay Bavisi joins me now here at the trading floor of the New York Stock Exchange.
He is the CEO and Group President of EC Council.
Nice to see you again.
We met last week at RSAC in San Francisco.
You decided to come back for more.
Good to have you.
Thank you.
Thank you, Jay.
Glad to be here.
So let's start now for this audience who might be a bit unfamiliar.
Talk to us first and foremost, your work at EC Council, some of your top priorities, and what does ethical hacking especially in today's cybersecurity ecosystem, what does that actually mean?
Well, we are a ethical hacking company.
We are a certification body.
We train the good guys how bad guys hack.
And the idea is to create cyber defenders.
We've been at this for 25 years.
We work with major military and corporate America organizations.
And the idea is to get the good guys to know what the bad guys will do and stop them before they actually do it.
Hence the solidification, solidifying ethical agar.
What are things that the so-called good guys need to be more aware of or need to be doing better?
Well, look, the bad guys are always going to be a step ahead.
But the thing is that good guys were always thinking about having defensive technology.
So just think of it, you know, speaking metaphorically, if you try to protect your home, One way is to say, I'm going to put on an alarm system and I'm going to put a guard in front.
But what if the bad guys come through the back door?
What if they were to come through the window?
What if they came through the ground or they popped out your roof?
So the idea is to get the good guys to be acquainted with what the bad guys do and get them retrained so that they are able to ethically stop a hack before it happens.
And that's why they go through a rigorous training, which is renowned worldwide called Certified Ethical Hacker.
And the idea is to put them through the training as if they were hackers.
What does the certification actually look like?
The coursework, the classes, what do they actually learn?
A lot of hands-on skills.
It'll take you through five phases of ethical hacking, right?
How hackers actually pick an organization, how they actually footprint an organization, how they actually try to determine where the potential loopholes are, then how do they actually exploit, how they actually cover tracks.
And we put through the good guys, the tech guys, through the entire five phases in a hands-on program across 174 countries in the world.
How has the modern hacker changed in the age of artificial intelligence?
Oh, that's a fantastic question.
I think artificial intelligence has made a couple of impacts.
One is that the entire attack surface, or just think of an organization as a home or a building, the attack surface for a hacker has just expanded.
Because before artificial intelligence, what used to happen 20 years ago, when I started EC Council, The hackers used to be pretty sophisticated.
They used to get in because, you know, organizations were pretty weakly protected.
But over time, the awareness of cybersecurity grew and organizations started having budgets.
They started spending on equipment and people and process and training.
Regulators picked up and started adding regulations around.
And then for the bad guys, it was not so easy to get into organizations anymore.
So then they went after the user, the end user.
And they say, well, let's not get into the home, but if we can just, you know, kill, get somebody into the home, you still get the same impact.
So that's what happened with artificial intelligence.
The amount, the propensity of people to use artificial intelligence organization has just grown the attack surface to a very wide area.
So I think the first challenge that organizations are going to face is that now you have a lot more to cover.
Everybody has some artificial intelligence app on their iPhone, on their laptop, right?
And then organizations are implementing artificial intelligence left, right, and center.
Some of them are even renaming themselves with the AI.
Oh, yeah.
So-and-so dot AI, of course.
Because you know what, the capital markets, Wall Street pays when you use artificial intelligence.
But the question that we really got to ask ourselves is, how are organizations adopting artificial intelligence?
Are they thinking through the governance models?
Are they thinking through the risks?
Are they thinking through if something were to go wrong, how do I actually backtrack?
Are they thinking where the guardrails are?
How are they defending artificial intelligence?
All of the cybersecurity folks that I built and the industry has built has been hacking laptops and servers and systems in cloud.
Do we have professionals that can hack LLMs to understand how agentic AI works?
That's important.
We've got to get the good guys to retrain how AIs work.
And then all the governance professionals, how are we really having governance around AI?
I mean, we're implementing AI, but are we thinking about, well, how do we do responsible and ethical use of AI?
So adoption, defense, and governance become the three largest tenets of the AI world as we go along.
By the way, any thought to ever rename the company EC Council.AI?
No, thank you.
No, I didn't think so.
Because I think AI is now, next is going to be quantum.
So technology is going to keep evolving and there's no need to change.
Our mission is to get the good guys to know exactly what the bad guys are going to do and prepare them to stop the attack before it happens.
Jay, really nice to welcome you down here to the New York Stock Exchange.
Thanks for coming to see us.
Thank you, JD.
Glad to be here.
Come back to New York anytime.
Thank you, sir.