What Is The Metaverse And What Should We Be Doing!?

yeah good afternoon um it it's a bit of a weird talk um I'm um I'm that guy um it's a bit of an intro I'm Steve Davis I'm the head of cyber at dll which is like a leading Business Law Firm it's probably the biggest Law Firm you've never heard of um I currently head of all the security architecture operations and Engineering teams there um I stay Hands-On which means a lot of kind of the big businessy type projects they come to me for support um before that um yeah I've worked in gambling in gaming predominantly on the security architecture side so typically just trying to help the business do whatever it is it's trying to do without ending

up in the news um this Talk's got a bit of an origin story um so I do a little bit of speaking I typically talk about what I do at work it's normally vulnerability management or stuff to do with security operations but in January this year I probably don't know early one morning I'd coffee after Christmas probably had a mince pie hangover or something and I read an article about um the metaverse and it was the first time I read something about it where I thought actually no I better pay attention to this because it sounds like it's a thing and this article goes on to describe how it's not just meta it's not just Facebook it's there's hundreds of

thousands of companies now all piling into this metaverse stuff and so I put a grumpy to it out sayings anyone know like security wise in First Step wise what are we doing about meta because come in and I didn't get any responses and then besides a lot if I can swear on this um five months later I come in to a meeting request on a Monday saying I was standing up a meta first project can we barrier and it's like oh right um so this is happening um so I guess why now why this talk I think there's two things really I think there's a real lack of understanding and appreciation for what the metaverse is and some of it's

founded I wanted to share with you all today where I think I am and and the understanding I've managed to pull together hopefully it'll resonate but I'm looking for feedback if you if you um have a different view I'd love to hear it um the other thing the other side of this talk is I guess a bit of a call to arms around what we as uh I guess security practitioners hackers testers influential technologists and organizations what should we be doing about this metaverse thing because in my view it's it's coming it's going to happen either way whether we're on board or not um so I'll do the first half so what is the metaverse

really simple actually it turns out read a bunch of Articles current version of time's got a big section on it um it's just the next generation of the consumer internet like that sinking for a second like metaverse isn't just matter it's not Zuckerberg and his goggle face hugging things it's just the next flavor of the internet in some ways it's kind of already here um it's um it's made up of virtual worlds and and this is I think where some of the confusion comes like we don't really talk about where the internet's up to that much um but the the metaverse is an extension of this virtual world piece that we've already cobbled together that

isn't just goggles in-depth um it's weird I'm looking for engrossing virtual digital content if you use teams now you're already doing metaverse if you game you're already in metaverse if you're posting to Twitter communities you're already in metaverse um the thing that's kind of changing at the moment and I guess the reason why um the guys over at Facebook renamed and I guess why there's a lot of companies making a lot of noise about meta now is that the focus on the technology has changed it's gone from the kind of these backbone car technologies that just do web to really have a human-centric side of it now we're trying to we're trying to bleed digital into the real world say

we Technology's big Tech um you look at some of the money that's been spent on this stuff at the moment it's it's crazy pants like it's I think I think Facebook spent six billion unmet a development Q one and two this year like that's not chump change like some countries don't make that much money period um they obviously want to claim mistake in like this next version of the internet um and I think the thing that surprised me when I did start to do a bit of digging is it's been a long time coming like this kind of Flo a digital um ethereal internet internet type thing it you know it's been kind of the end

state for a long time and and as the technology and I guess I'm going to make up please as as the web as Tech has been built become successful taken over um that's kind of always been the end goal is to get get us doing stuff in our little virtual communities in our little virtual tribes but on but more in the internet more in this Digital World um when we talk about the web we normally sort of um tombstones right where every normal kind of headline it with like a version number um and I think you know keep key takeaway from looking at progression from web one to web 3 is that there's three trends that kind of stick out

the more people as you know over time um the more people that can get access to the internet the better and over time that cost of access has has gone down like if you're as it says old as me you are way younger than I do um like I remember when you couldn't get internet on phones like it was a thing like I remember having a Blackberry to get email like you know carrying two phones like a drug dealer because one of them didn't do email who's got a smartphone quick show of hands yeah okay I'll give it one person with a remote phone in the back um Okay cool so so yeah cost of internet

cost of access is going down and if you look at Facebook's engineering team like they're doing weird stuff like anyone come across they call it Project Blue like no they're doing like satellite internet in like third world countries like you know they're not just doing Services they're building new tech like they're building silicon they're building kit um it's in their interest to make the internet get from everyone in you know first world country white collar jobs right down to that guy who runs a fishing boat in Garner like he's going to take his payments out of the internet at some point um I guess the second Trend um is that the experience of the user

using the internet just keeps getting better because technology is just getting better again like I remember like the first the first smartphone I had oh my God it was it was a brick by today's standards right now the phone that's in my pocket it's probably powerful than the laptop I brought today um and you know we're starting to see that investment in consumer Hardware really starting to appear so I remember Google Glass yeah a bit too early there um like we've got a Cornerstone event in September when I think Facebook released their consumer headset I'm sorry Apple premiered their first consumer headset that's expected this September I think we're expecting some and some um reveals from around kit so there's

this real chance that we can have an iPhone moment where one day we don't use it and then come Christmas we're all we're having Christmas dinner over our sort of virtual tables with our family around the world um I guess the third big trend is that as the internet gets better we just use it to do more stuff like I remember when the internet was just a work thing like I and I'm from telecoms I was at b square B for a little bit um and I remember having the big fat lease line at work and everyone had a Blackberry and that was it that's where our internet consumption looked like and we were a carrier so we were kind of

special case I think now we do it it's not the work thing is it we use it for everything shopping family spending time with people that we love spending time with people we haven't been able to see because they're covered or whatever um it's gone from being a work thing to enough thing and I guess that's that's been the thin end of the wedge that you know we use it more and more it becomes easy for us to consume and I guess move experiences to it um so yeah ubiquitous probably the best way to describe the internet is everywhere it is on everything um this is underpinning the you know the the move the development of the

metaverse has been underpinned by this Unstoppable Juggernaut of technical Improvement um you know we're all we're all web consumers we're all up we're all almost internet natives now at this point right I I can't go 10 minutes without checking my phone I imagine most of you are the same um all that technology has underpinned virtual communities it is one thing like you know I want you to take I would like to take away from today is the fact that you know the metaverse isn't this big thing that's just going to rock up one day and you decide to buy it or not like you're already using it you're already a member of a you know

probably a dozen virtual tribes professional personal you know you're already fully signed up all these virtual words aren't 3D I said this is 2D version so all these kind of collaboration technologies that really cut a bit during covid um that all you know backbone virtual communities now that that's how our worlds work is on these platforms um and together then collectively this mishmash of stuff is is ultimately the metaverse like you know getting to that way of thinking that we exchange web 3.1 or whatever you want to call it for metaverse those changes are interchangeably we should hopefully have a concrete understanding of what it is um I wanted to talk a little bit about

the technology side of it and I guess the development into extended reality so I think this is where it's probably going to get really weird real fast um so this this change in focus to technology just out of Interest has anyone got any VR kit or does anyone yeah okay at home using it for stuff okay just use it for work trying to tell them into it um okay I think all the hype about the metaverse is because this is currently where all the investment and Tech developments go in if it's a far better exhaust than this talk or anything I think I've put on the subject if you listen to podcasts if you if you

sign up to the meta engineering podcast like you'll be scared out your mind in the first like two episodes because they are so far along with this stuff I listen to an episode on the train I'll come up from Leeds I'm gonna have to stop calling myself a novena because you guys win that one you're like you're so far no I'm technically a southerner of that set up um but the The Horizon The Meta uh The Meta metaverse product and the stuff they're doing the stuff is already available for interacting in that space running meetings and events in that space but also mapping your actual physical environment with anchors so that it's referential so you can put

where your table lamp is and your desk phone and I guess where the cat's bed is and anything else so that it helps you orientate when you join a call like these cats that really are working on speeding up adoption and getting this getting it I guess as easy to use as as a smartphone um so yeah I mean the the drive is getting the the current interest the current Drive the current push the reason why we're seeing so many headlines is because these companies are trying to make extended reality of reality and I guess consumer ready um this is a good thing I think and I guess this is where I probably start to drift into the other

half of this talk um the metaverse has got big potential and I never thought I'd be up here talking to you know a room of people in agreement with Mark Zuckerberg um but um but yeah making making the case that we might need to drop some of our kind of security cynicism a little bit and sort of see it for what it is um the timing's right you know everyone's kind of um in this new normal now the hard bit's kind of done getting people into a position where they can maybe consume a I guess a technology first realities I think we're already there um I think the metaverse is a thing but as the

potential to help businesses grow and remove some of those barriers to enter for talent and recruitment I think show of hands who runs a team currently or who recruits yeah I recruit I've got a big team right I said big issues about 14 people I hand on heart say I can't hire the best people always because we have to be aligned to an office in a country and I'm looking at working at Law Firm where we've got an office in 55 countries most companies don't have that like the the idea of a home office is anchors it's really weird out dirt and mud that you know that some business is still operating if if I have a virtual

office in a virtual building a virtual Department in a virtual building in a virtual space then there's no argument against offering the job to the best people not includes people in countries where I guess getting employment in our area insecure it might be difficult um it's got huge potential to help for us to help people um there's huge implications for customer service who's again I'm gonna do a lot of share of fans who's had a sucky customer customer service experience of a web or telephony right okay pretty much everyone but you know at the furthest end of the sort of dream curve like if the crack metaverse if they get the extended reality stuff right imagine just being

able to have someone beam in from PC World to help your mum fix a computer so you don't have to uh imagine like a support team being able to drop onto I don't know a ship out somewhere in the Atlantic to look at a problem with an engine um is huge potential um telemedicine kind of took off during the pandemic and I made a doctor's appointment the last two and a half years anyone make a doctor's appointment and then get told they'd have to go and see someone anywhere yeah but there's huge potential I think this this skirt for the overlap with um all the sensors and smart devices to I guess um your medicine really could make the

most of extended reality because it getting access to Medical Care is is it human right and it's it's difficult um it's got huge implications for education um imagine being able to take the best classes at the best colleges or universities and Cherry Pickers and attend them in a kind of immersive way you know how much how much more could you learn online if you could actually be there in somewhere um also you know again that opens up education to people I guess of less fortunate uh less fortunate backgrounds like you know being able to attend a university on the other side of the pond if you know cash and resources are limited is I mean online learning it was

a student here sorry yeah you have online learning is this all part or best yeah it's it's what sorry Blended okay which is better online or the in-person stuff yeah yeah um so to sum up then sometimes keep me honest to time Steve can do that um the metaverse is the internet or at least the next version of the consumer internet um we're going to see a lot of change probably in short order we might even see like another iPhone moment where one day it's not a thing the next minute it's the new way of working um in this new internet we'll probably see extended reality takeoff we'll see digital content start to make its way into the real world through

augmented reality and will undoubtedly see more people spending more time in Virtual spaces through mixed reality and virtual reality constant talking at speed but hopefully that's kind of set the scene a little bit for why I think the nervous is and why it's important to all of us um so what should we be doing say weas security interested people good citizens good digital citizens um here's where I think we are today I think a lot of people don't get what the metaverse is um and there's an opportunity for us to change that I think um there's a lot of unhelpful commentary about its feasibility and that's distracting from the fact it's already happening so if you put like Bloomberg

news on and just watch like the stock news all the tech Roundup at the end of the day it's split right you'll have half and half of half and half the stories are oof the metaverse is going to be great we should totally all get on board then you've got the other half of commentary going nah this is all nonsense it's just mop up and dump photos of monkeys you know there's a real cynicism there um I think that's kind of giving a lot of people an excuse to not really get to the root of what it is and that's just more more internet new internet um I think there's also a lot of unhelpful commentary around the

ramifications and a liking to it to stuff in sci-fi like I started reading snow crash a little while ago about halfway through it it's not an easy book I keep dipping in and out um but it's by no means that it was so hard to write this talk and not just drop in loads of Matrix means because you can't find a positive um meme reference to metaverse as a thing it's just popular cultures have made it completely dystopian so I think that's gonna be a tough um a tough Hill to get over but I think we can probably help do that um regardless of what we think of it I think this is the main point I want to

make regardless of how we feel about metaverse how feasible it is or where it's going to end up being used for it's gonna happen anywhere big Tech is throwing money at it like you can't imagine and you know it's purely to develop products for this new version of the internet so um yeah we need to get some skin in the game so what should we be doing oh so I dropped the slide here uh so yeah what should we be doing that's us um so I think first pitch we need to start treating it like it is inevitable it's happening with our without us we know what the impact on society from technology can look like I mean we all

saw Cambridge analytica and all that stuff like that we all saw the sort of perversion of social media like we can't afford to sit on the fence with the next version of the internet like we need to get some skin in the game um we may be uncharacteristically and I say that about myself we need to treat it like it's a good thing and leave the crypto cynicism at the door um it's it's not all nfts and pictures of monkeys um we don't have to drink the Kool-Aid but we might as well try it um we might even find ways to make it work for us as security teams are as Educators um it's I think it's better to have a

handing shape in it than I guess get asked to make it secure after it's in um I can speak personally from this so my team's geographically distributed I've got people in the UK Poland Dubai and Hong Kong and about three months ago one of the guys Chapel Sunil heads up my Ops Team now he just picked up the first time on board the teams Carl said that work can we move together and I was like what's gather and anyone use gather yeah little 8-bit metaverse like you can drive around in cars get close to people we've got a sock in there now we've got desk reservations we've got access control on the door I have a whisker

like I put around it's check it out I was very cynical about it as a thing our team was fine and if teams doesn't work we've got Zoom but yeah we have a lot of Team meetings in gather now and there's just there's something about it it's very it's light touch immersive but it's a closer analog to meeting in person than talking to each other through a TV screen which is what collaboration Tech currently looks like um we've got to treat it like it's already happening um which means going out to find out you know find out in you know who in the business is is doing what who's who's thinking about matter who's talking

about metaverse who's got plans on that of us um yeah we as technologists this is this is the future we kind of imagined right we always knew the internet was going to go this way some of us maybe um we're in a really strong position to help influence this and make it go the right way like we need to get on board we need to find out how we can help um yeah we really need to play our part um I'm gonna drill into that last bit a little more um for the first two points I've covered in the first half of the talk set the scene a little bit um but I'm gonna I'm gonna there's two

big slides coming I'm not going to talk through all of it um but um I'm working on a metaverse project at the moment and like there's no there's no guidance for how to handle it as a thing so kind of winging it as we go um I've pulled together all this guidance I think we'll share the slides afterwards um so maybe there's something here that's that's salvageable or useful you know for you when it when you go back to your day job back to whatever it is you're doing but I think the the big things we need to be in a position to do are we need to we need to align risk management as a thing to understand what

metaverse is um and and catch um those initiatives when they get stood up um it's fairly unlikely that if your organization looks to do something in matter that it's going to come via the IT department like the guys that run exchange and manage Office 365 they're not going to be the guys that get a tap on the shoulder to say look we want to do a virtual conference for a thousand people what's the plan um you need to go and find those relationships or make them if you don't have them that means going to speak to marketing team your events management team you're like where's the working team whoever those are if if you were if you

work security stuff and you know you've got people that you know the guy that came to you to talks about mfts or crypto and all that was on fire that's the guy who's going to get the sales call about metaverse and sign some exact up free demo and then before you know it you're going to be doing it um you're gonna have to really look at the suppliers really hard because it is a big meaty problem and there's a lot of there's a lot of there's a lot of stake um working with a big company that's got some pedigrees obviously where you want to go you don't want your private customer metaverse being built by two

guys working out of a Park cabin in Berlin because there is a load of like startup stuff which is it's it's vipware right the answer is yes what's the question we can do all that can you really and have you got the sort of the the cloud Ops and the sort of privacy stuff to back it up TBC um privacy is obviously a big one um once you understand what it is your organization is trying to do you can then start chipping into the monster which is privacy because I think metaverse and certainly for our use case and our use case at the moment is um it's a replacement for company conferences so we're looking at a

thousand plus attendee virtual space where people can kind of go off on a private meetings you need to treat that as a problem with requirements like the physical world like how to stop things being overheard how do we stop you know private conversations between becoming public how do we comply with all the gdpr stuff how's registration going to work how do we limit access to our metaverse and make sure that it's just the people who want to attend attending the invite people invited um platform security you know hopefully there's a lot of reusable stuff there like where luckily the supplier we're working with is using predominantly TurnKey AWS components now we're lucky in this regard that I suppose the the

organization we're working with we've got a pedigree like gaming and so they they I didn't know this AWS have 10 key gaming services so if you need to stand up like ut5 engine boxes and distribute content globally they can do that fire they've got Catlin what they're called elastic something right such elastic um so that makes a platform conversation really easy to have you might not be as lucky if you start to get into like the realm of payments then it's going to get real tricky but hopefully the platform's the easy bit the real habit is going to come from how you how you protect stuff in the verse in the metaverse um probably saw the headlines like I was

running for how long before they had to put virtual bubbles around everyone because they had complaints of people being groped it's like you know one I think three if you put your hands up like who's got access to like VR kit now it took exactly no time for the worst of us to get on the internet and get into meta um we need those guardrails for what happens inside the metaverse too so the best I've come up with so far I was trying to agree like a code of conduct with your organization like and you know honestly it looks like the acceptable the behavior we'd accept within an office anything stray of that um we obviously have a problem with and

yeah we'll be looking to encourage some of that stuff within our environment um you might get asked for Assurance on this stuff as well like you know we're a law firm so we you know left often wake up at night going can people sign the contract in the metaverse is that a thing yet not sure those kind of real world problems we're having those thoughts and discussions now about you know our clients will be so they'll want some assurance that stuff that's in our meta verses yes what happens in the matter versus the metaverse um because the difference between the metaverse and the real world is that it persists I become going in a meeting

room and then we walk out of the meeting room and the meeting room's still there and everything I guess you know some analogy to the real world the opportunities for surveillance in a virtual world are just amazing right you can see log track everything it's a little more difficult to have to be that creepy in the real world when you can invite someone to your office or go out for a coffee and have a conversation there if you're pushing people to meet you in this virtual space you're going to want to know what you've done to make it good enough in terms of privacy and security um what was it uh verification trust yeah I

mean look cryptos this is why crypto is a thing right big part web 30 is value exchange and inevitably we're gonna have um some reason to exchange value or prove ownership in our virtual world um if you offer opportunities for people to monetize what they do in your metaspace you're going to need to talk to you for our team because whatever you're doing now in the real world probably needs an equivalency there and finally Regulatory Compliance like I work in legal which is it's actually fairly lightweight in terms of like Regulatory Compliance but before that I was a I was at Sky Bet and I was at William Hill and so like one of the

biggest challenges I had was gambling as a regulations around gambling because there are laws around where people can strike a bet where the BET can be processed how that's taxed if I place a bet on a virtual horse race in a metaverse hosted hosted in Estonia like who's my tax going to like who where what license am I under all that stuff needs thrashing out and at the moment there's no easy way to do it there's no easy answers so yes you know working with your compliance teams working with your privacy and security teams to work out the absolute minimum of good enough absolutely no these things can't happen the solid car requirements is the only

same way to handle that at this moment um and that's me I've rushed through pretty quick um that's actually metaverse me so that's me in ut5 in the um met humans thing no glasses I have touched on like representation stuff I asked the guy who sent me that got me into it like where's the glasses it's like oh there isn't anything I was like what do you mean it's like well everyone gets free laser eye surgery in the metaverse right what do you think glasses for it's not a real world I always find the representation and stuff is again it's something that needs to be thought about so um thank you very much I'll take

questions thank you let's look at the back hello

you highlighted a series of really serious issues that okay I can see that a code of conduct in the office might be something because you provide but we're in a society now where iot drone technology is being used to pass people intimidate people caused violence are we in a point that most of us where there's Technologies like this where we actually have to start the face about whether there are some technologies just have to be banned because morally going to be similar with this and maps you can see that there's lots of potential yeah but there's also massive massive harm it's a really good question no it's a good question it's right it's the right

stumper got me thinking um I I don't think regulations really slow right so this is what we learned from Web 2.0 was the whole like ad space map you know the whole ad space targeted marketing thing could be abused is complete misinformation information Warfare happens to be called it right search right so regulation hasn't helped us there we're still struggling with web 2R problems I don't think making them making those experiences more digitally Advanced and sort of human-centrics gonna Gonna Leave You any of those problems it's going to just introduce new ones straight away um I think yeah I if you'd asked me 10 years about my career when I was a bit more of a bit more of a stickler if

things being done right and I said we have to wait until we can do it properly but the reality is we only learn we only learn how to do things well by sucking at them first so I'm kind of glad that there are these um problem cases springing up and there's a degree of transparency around how they're being managed um that's actually a question Ash

so yeah okay um [Music]

[Music] community

actually just in reaction who eventually you might be able to get the point we're getting replicate ourselves yeah yeah you have to bring us a lot of perspective uncover security as well

you yeah it's a really good point I think that you know there is a real scope for um like the abuse you describe to be like deeply traumatic you know I've um um I'm a in fact I think I have a fairly easy life I'm a I'm a white man living in a western country I don't take a lot of heat online my last name's Davis people occasionally work out that I might be Welsh but that that's how does it gets to me um there are you know we already know that minorities for abuse pretty much across every technical medium we we devise I think yeah this real skirt for that to be like next level when we start to

explore how sensors are played back over the metaverse like the whole as uh haptic the glove stuff like that's uh I have one real about computer about technology is I don't like moving parts and the idea of my computer being able to touch me in any any circumstance feels like a bad idea like I had to I took covered for me to have a printer in the house like I hit like moving stuff that much um so yeah I think there's this real skirt for real problems uh I think hopefully Common Sense will win the day I mean we're doing it now we're at a law firm like we're not a technology company it's just that we don't want to fly

people all over the world to run events and it took us exactly five months for it to go from a coffee coffee morning problem for me to project to land in my inbox saying we're partnering with this company we're doing an event proof of concept in three weeks with the view to doing this more wide scale by the end of the year if if who works for a company sorry like which one's okay composer yeah it's like if you work if you're an organization and you're not doing not you don't think you're doing a metaverse thing yet I guarantee someone's already thinking about it oh you're already on someone's to call list about selling you some crazy thing of

yeah input output

[Music] subjects [Music] uh Facebook

[Music] yeah good good question the last one first how it's all going to mesh together I don't think anybody knows yet I think they the world Garden approach to developing metaverses is the necessity so I think right now we'll do our thing and they'll laugh and we'll do their thing we'll never cross the streams you won't be able to take data out of advice and put it in theirs I think that that that lets us handle it as a US problem and then as a them problem but how it all comes together I don't think anyone really knows yet um monetization yeah no um subscription and service I mean that I can't share numbers but I've seen the

roof projected costs of what like hour solution will cost to provision and run and it isn't insignificant um there's obviously then a lot of value associated with the IP there um but I think you know yeah you're right I I say I know what the girl I've had three is in terms of um giving people the power and control of their own data if that happens we have to support to see but I think there's more reason why we need to get involved the monetization strategy you know monetization is this the um is the corrupting influence on many technology good ideas right it's okay how do we get how do we keep investors happy how do we

sort of you know get more cash out of this um so I I don't know I assume it will still be the product in somewhere okay no more questions [Music]

let's see

[Music]

this foreign

[Music]

[Music]

[Music] there's a whole new scope for abuse on the demanding I think is it on um it's unbelievable demands because there's a domain registrator that's like completely just associated with crypto I think even though we're in sort of the economic headwinds are looking so great they've just secured some 1.1 billion investment and and there I also interview with that um CEO on Blue Book start this week and he's the case he makes is yeah they're a registrar but they work a little different in terms of their come you know you don't pay like an annual fee for these demands anymore you buy them once they're into the blockchain assist forever Theory um but the the whole angle angle is

digital reputation and they see that that becomes um a transferable commodity between platforms be it for exchange be it you know environments where you are interacting so there's there's groundwork being laid in a number of spaces I think for a future where um yeah you can walk out of one walk out of one company's metaverse into the other in your reputation image I don't know anything else you purchased they kind of follow with you cool all right thank you very much