An Interview with Aaron Isaacs, VXI’s Director of Information Security
Digital acceleration is propelling us into a future marked by innovation and uncertainty. As AI-powered technologies continue to emerge, evolve, and mature, CX leaders are standing at a crossroads where unlimited potential will inevitably meet unforeseen risks and vulnerabilities.
This is especially true in the contact center, where many of these use cases and systems have been deployed and tested for the first time. While automation can provide relief for an industry feeling the squeeze of tight labor markets and increasing operating costs, organizations must assess their risk tolerance before diving in headfirst as the “guinea pigs” for technology companies.
In this interview blog, we discuss how customer service organizations can embrace transformative thinking responsibly, balancing the need for AI-powered capabilities with a zero-trust data security posture. VXI’s Director of Information Security Aaron Issacs shares his insights into the challenges, opportunities, and complexities of integrating cutting-edge technologies into the contact center’s operating model to achieve “more with less.”
Background
Q: Before we dive in, I’d love to share your unique journey with our readers. How did you go from a music teacher to an information security officer with a Ph.D. in digital forensics?
A: Sure! Well, my career started unconventionally –as a music teacher for K-12 graders — but as computers became more commonplace in the late 1990s, I got curious and started tinkering with technology. What began with a few CompTIA classes, like A+ and Security+, to build my skills eventually transitioned into a role with the Defense Department, working as a systems analyst on classified and unclassified networks for the Special Operations Forces. From there I moved into different roles, one of which was as a security officer for a Managed Service Provider (MSP), helping leading healthcare brands secure their data and network infrastructures.
In my role as a cybersecurity engineer and forensics consultant at Microsoft, I was empowered to effectively champion the cause of cybersecurity across a diverse array of industries and prominent, global brands – strengthening digital defenses on a global scale. As someone who enjoys learning and teaching, I eventually went back to school at the University of Cumberlands in Kentucky to get my Ph.D. in digital forensics and cybersecurity.
I’m proud to say I’m now a professor at the same university that provided me with my doctorate, sharing my knowledge and experience with the next generation of information and cybersecurity professionals.
Integrating AI Responsibly & Securely
Q: What do you think is the most pressing question our brand partners have right now about integrating AI-powered solutions into the contact center and operating model?
A: The top priority for our brand partners right now is data privacy and security. Organizations are concerned about how AI solutions handle sensitive data, especially regarding privacy regulations and potential security breaches. They want to understand encryption, data anonymization, access controls, and various measures to protect data integrity and confidentiality.
For instance, even when implementing simple solutions, like an AI-powered writing assistant for agents, our partners need to know that these technologies won’t inadvertently capture sensitive information like credit card numbers to the third-party platform’s backend. As a trusted partner, we have a responsibility to help our clients map where their data goes, and who has access to it, while also putting in place guardrails for how that data is being used within our delivery model (virtual or in-center).
Q: What are the specific security challenges that arise when implementing AI and automation in the contact center environment, and how do you address them?
A: Keeping data private and confidential is a complex task, especially since AI systems within the contact center today rely on vast amounts of customer data. Unauthorized access, breaches, and misuse are ongoing concerns, and it’s important to remain vigilant.
Companies need to focus on robust encryption and access controls, adhering to the confidentiality, integrity, and availability (CIA) triangle. We combat model vulnerabilities and insider threats through rigorous penetration testing, adversarial training, and enhanced model resilience. Employee role-based access and continuous monitoring play crucial roles in addressing these challenges as well.
Maintaining Compliance
Q: How do you ensure that an organization’s automation and AI systems adhere to industry regulations like PCI DSS and GDPR? What steps need to be taken to maintain compliance when implementing new tools?
A: Maintaining compliance today requires a multifaceted approach. At VXI, we’ve adopted a zero-trust model that begins by identifying the user and separating their access by line of business. All data is identified, labeled, classified, and encrypted, so when new tools are implemented, it’s easy to respond to data subject requests and ensure data rights are respected.
For example, all our systems are designed to handle data securely, following industry standards such as PCI and ISO compliance, HIPAA, and SOC 2. Organizations today need to take a zero-trust security posture, validating every stage of a digital interaction with leading authentication practices, network segmentation, and stringent access policies – to name a few. As the way we work becomes increasingly hybrid and cloud-based, promoting zero trust is critical. Companies today can’t afford to “set and forget” any of the controls they’ve put in place.
Outsourcing & Data Security
Q: How can brands continue to form strategic partnerships while reducing their risk profile?
A: Turning over your data to an external party comes with risks. However, if the partner’s data model is well-structured and secure, and the organization has a reputation for supporting a strong security culture, outsourcing won’t necessarily increase a company’s risk profile more than an in-house contact center would.
For example, when it comes to deploying a virtual workforce platform, many business process outsourcers (BPOs) are even further ahead in their security practices than most brands today. From biometrics and role-based access to cutting-edge software solutions and authentication systems, outsourced contact centers go to great lengths to ensure data integrity and privacy.
Evolution of AI, Automation, & Cybersecurity
Q: It’s impressive how quickly AI and automation are evolving. How do you see automation helping and potentially challenging cybersecurity efforts in the future?
A: When it comes to cybersecurity, contact center automation and AI can work for and against us. On one hand, integrating AI has provided us with advanced endpoint protection capabilities. We’ve come a long way from the days of signature-based antivirus solutions. Now, we use behavioral analytics and hybrid models to detect unusual behaviors. Some advanced practices include using security orchestration, automation, and response (SOAR) capabilities to reduce meantime detection and resolution times when responding to an incident. For example, if a machine is misplaced or deemed at risk, leveraging automation can speed up the process of isolating and wiping the device without requiring manual intervention.
On the other hand, AI is also making staying secure more challenging, as technologies like ChatGPT have also given rise to new threats like WormGPT, an available tool on the dark web that allows nefarious actors to create malicious code.
While finding new ways to combat these threats is a priority, the importance of employee training and awareness cannot be overstated. AI might make the role of our agents easier, but if left unchecked, without the proper employee training and controls, it will also make a hacker’s job easier too.