Read the summary and watch or listen to the interview here: https://www.crowleylawllc.com/podcasts/new-cybersecurity-threats-re-quantum-computing-ai-deep-fakes-with-lou-steinberg
Episode Introduction: Welcoming Lou Steinberg
Voiceover:
Welcome to *From Lab to Patient, Garage to Market*, with your host, Phil Crowley. In each episode, we discuss professionals serving the tech startup market and the key issues they face. You can find this show on YouTube, LinkedIn, Facebook, Apple Podcasts, Spotify, and on our website, Crowleylawllc.com. Now, here’s your host, Phil Crowley.
Phil Crowley:
Hello and welcome. Thanks for tuning in. We bring you leaders in technology and life sciences who offer insights to support your journey into entrepreneurship—from taking ideas from the lab to the patient, or from the garage to the marketplace.
Phil Crowley:
Today, I’m delighted to welcome Lou Steinberg. Lou is the founder and managing partner of CTM Insights, an early-stage cybersecurity research lab and incubator. He’s on the frontier of digital innovation. Lou is also a trustee at Stevens Institute of Technology and chairs its Research Enterprise and Technology Commercialization Committee. Lou, welcome to the program.
Lou Steinberg:
Thanks, Phil. Great to be here. If you couldn’t find someone better, maybe you didn’t look that hard!
Phil Crowley:
Lou, you’re a champ. Let’s start with your background and what you’re working on these days.
Lou Steinberg’s Journey: From IBM to Cybersecurity Frontier
Lou Steinberg:
Sure. I graduated from Stevens and started my career at IBM in the late ’80s, early ’90s. My team built the tech behind what became the Internet. We created the NSFNET, which ran about 900 times faster than its predecessor. That experience led me to found or lead startups focused on operational risk—like outages and cyber incidents—and later, I served in executive roles at large companies. Most recently, I was CTO at TD Ameritrade.
Since 2017, I’ve stepped away from corporate life to focus on emerging cybersecurity risks—ransomware, data security beyond encryption, and more. That led me to launch CTM as a research lab to invent new cybersecurity solutions.
R&D Innovation: Navigating Tax Roadblocks in the U.S.
Phil Crowley:
You’ve mentioned some roadblocks for innovation in the U.S., particularly around taxation. Can you expand on that?
Lou Steinberg:
Sure. CTM creates startups—we invest in ideas, build prototypes, file patents, and either license the IP or spin out companies. A few years ago, the IRS changed Section 174 under the Tax Cuts and Jobs Act. It now requires companies to amortize R\&D expenses over five to fifteen years—even small, cash-basis companies.
This creates an artificial taxable profit. Even if I’ve spent cash on salaries, I can’t write off the full amount right away. It gets taxed as if it were profit, though the money’s already gone. Startups reinvest revenue into growth, so they may face big tax bills with no cash to pay them. This change discourages innovation.
Meanwhile, countries like China let companies deduct *twice* what they spend on R\&D. Here, you might get 20% or less.
Phil Crowley:
That’s a big contrast. In life sciences, it’s common to rely on grants—SBIR, NSF funding, or equity infusions—which aren’t taxable and support long development cycles.
On the plus side, there are some incentives, like Section 1202 of the tax code. If you buy stock in a qualified small business and hold it for five years, the first \$10 million in gains can be tax-exempt. But yes, sometimes what the government gives with one hand, it takes away with the other. Navigating all of this definitely requires expert guidance.
AI & Deepfakes: Confronting Emerging Cybersecurity Threats
Phil Crowley:
Let’s shift to AI and cybersecurity. How is AI impacting your work?
Lou Steinberg:
One of our early CTM projects stemmed from a story about Israeli researchers who hacked a CT scanner. Using AI, they inserted or removed fake cancer from scans, convincing radiologists that a patient had cancer, or missing a real case.
We imagined a new kind of ransomware—where attackers change medical diagnoses and demand payment to identify the tampered scans. We developed a method to detect exactly *where* an image had been manipulated. It ran 100 times faster than the state-of-the-art and just received a patent.
We’ve also worked on detecting deepfakes. There was a case in Hong Kong where an employee joined a Zoom call with “executives” directing a wire transfer. All of them were deepfakes. So we’re exploring ways to verify if the voice and video match the real person in real time.
Phil Crowley:
That’s alarming. Does encrypting data help in these cases?
Lou Steinberg:
Not really. By the time encryption kicks in, the data may already have been altered. We’re exploring continuous authentication—micro-fingerprinting audio, matching spoken words to the original speaker. These are new problems that require new approaches. And with quantum computing on the horizon, encryption may not remain reliable for long.
Quantum Computing & The Future of Data Protection
Phil Crowley:
How does quantum computing affect encryption?
Lou Steinberg:
Classical computers test one decryption key at a time. With enough time, they could crack encryption. Quantum computers, though, can try all possible keys simultaneously, drastically reducing the time needed to break encryption. It’s like trying every key on a keyring all at once.
Once someone has your encrypted data, it’s only a matter of time before they can decrypt it with quantum tools. That’s why we need to rethink data protection entirely.
Crowley Law: Empowering Innovators in Tech & Life Sciences
Phil Crowley:
Let me take a quick moment to introduce our law firm, Crowley Law. We’re a boutique firm passionate about helping innovators in life sciences and technology move their ideas from the lab to the market. As a former research scientist, I understand how hard it is to generate new knowledge—and as a corporate lawyer, how tough it is to commercialize it.
Our mission is to help innovators avoid costly mistakes. I have a book coming in April 2025, *Avoid Startup Failure: The Top 10 Causes of Failure for Technology Startups and How to Turn Them to Your Advantage*. Please check out our resources at crowleylawllc.com.
Beyond Authentication: Lou’s Cutting-Edge Security Projects
Phil Crowley:
Lou, what’s the project that you’ve found most interesting?
Lou Steinberg:
The deepfake detection work is probably my favorite. It ties directly into the question of trust—how do I know what’s real online? You used to say, “Don’t believe everything you read.” Now, even your eyes and ears can’t be trusted unless you were physically present. We want to bring trust back to the digital world.
Another favorite is a twist on multi-factor authentication. Instead of the machine sending you a code, *you* generate a code to authorize specific actions—like a wire transfer. This shifts focus from identity to intent. It’s not just about who you are, but *what* you’re doing. We call this authorization, not authentication.
Phil Crowley:
Sounds like blockchain—verifying actions, not just users.
Lou Steinberg:
Exactly. It’s like a digital signet ring—you explicitly allow something to happen.
Essential Cybersecurity Tips for Small Businesses
Phil Crowley:
What can smaller companies do to protect themselves, especially those using cloud services?
Lou Steinberg:
First, know where your data lives and who has access. If it’s highly sensitive, consider keeping it on-prem behind a firewall. Second, monitor for data leaving your control—this is called data exfiltration. If data’s being sent to, say, a server in Moscow, that’s a red flag.
Simple but critical steps:
- Use MFA for any remote access.
- Maintain an accurate inventory of your data and systems.
- Set up alerts for data leaving your network.
Phil Crowley:
How do smaller teams implement those alerts?
Lou Steinberg:
There are tools—even built into many cloud services—that track file access and data transfers. You can also use open-source or commercial endpoint protection and SIEM tools that are scalable for small businesses. It’s about visibility and knowing what’s normal, so you can spot what’s not.
