THEOS Cybernova
THEOS CyberNova is a cutting-edge podcast that explores the dynamic world of cybersecurity, hosted by THEOS Cyber CEO Paul Jackson.
Each episode delves into the latest trends, challenges, and innovations shaping the cybersecurity landscape, featuring insights from industry experts, thought leaders, and technologists. Paul brings his expertise and passion for cyber security to engaging discussions on topics ranging from emerging threats and data privacy to the future of AI in cyber defense.
Whether you're a professional in the field or simply curious about staying safe in the digital age, THEOS CyberNova offers an invaluable insight into the world of cybersecurity.
THEOS Cybernova
Cathy Chan: Post-Quantum Security and the Shift Toward Crypto-Agility
Quantum computing is moving from theory to reality, and with it comes a fundamental shift in how organizations must protect long-lived and sensitive data.
In this episode, Cathy Chan from Cyberforce explains what Q-Day really means, why “harvest now, decrypt later” is already a live threat, and how enterprises can build crypto-agility before post-quantum standards fully enforce.
Clear, practical, and free from hype, this conversation gives security leaders a grounded view of quantum risk, emerging cryptographic changes, and the essential steps to begin preparing today with confidence.
Production Credits:
Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio
This week on the Theo Cybernova podcast.
SPEAKER_01:Quantum computers are special superpowered computers that use tiny things called qubits. Traditional computers need years, I mean a few hundreds of years to solve, they just solve it within 10 minutes. It is an attack that some guys that uh try to steal in your encrypted data now, they're not going to do anything about it. They just store it. One day when the quantum computers or technology become cheap enough, it's really become widespread in uh every corner of the world, and that time you can't control it. If the companies are saying that we are quantum proof, we have 100% of quantum safe, I think we need to doubt on it because even the scientists who are building the quantum computer don't know the cap of the capabilities of the quantum computers. I think the question shouldn't be, should we worry about it? The question should be, can we afford to wait.
SPEAKER_00:The Theo Cybernova Podcast, hosted by Paul Jackson.
SPEAKER_02:Welcome to another episode of Theos Cybernova Podcast. I'm delighted today to be joined in sunny Hong Kong by the wonderful Kathy Chan from Cyberforce, who is going to talk to us today about a very interesting topic, which is the cyber threats around quantum computing. Now, the term Q-Day, Kathy, has become a real buzzword, hasn't it? Can you explain to the audience in layman's terms what that actually means? And also, could you perhaps enlighten us? Is this gonna be just another Y2K thing, something about nothing, or is it real?
SPEAKER_01:Imagine that you have your value, the most valuable treasures in a room with a door with a secure lock that you think is really safe. But now someone is telling you, I'm developing a super key. So I can open your door.
SPEAKER_02:Wow.
SPEAKER_01:Yeah, so is it a Y2K? I don't think so. Because it's based on physics. It's really something discovered from the universe. And then it is uh actually, I think it's work. Uh I think the I mean opening the locks, the locks, uh super key is uh something works theoretically. It's just a matter of how it worked.
SPEAKER_02:Wow. Um and what does Q Day actually stand for then?
SPEAKER_01:Q Day is actually a future day when quantum computers become strong enough to break the protection set protecting most of your important data nowadays.
SPEAKER_02:Wow. So it means that they will be able to break all the kinds of encryption that are commonly used in software applications, et cetera.
SPEAKER_01:So banking transactions, yeah, your emails, your digital signatures, yeah.
SPEAKER_02:So the whole thing could be opened up. Yeah. Oh boy. Okay, if that hasn't got everybody scared right away, then uh nothing will. So you do think this is more of a big deal than uh the Y2K date thing?
SPEAKER_01:Uh yeah.
SPEAKER_02:Okay, well, whether you're four or one then uh everybody, and uh we'll dig into this. But what what is a quantum computer? Is it possible to explain this in layman's terms, or is it, you know, because I hear about qubits and um, you know, all these kind of things. It sounds incredibly complex.
SPEAKER_01:I ask AI, uh what like I asked AI to explain to me as a children. Yeah, I got this um result. Quantum computers are special superpowered computers that use tiny things called qubits, solve really hard problems. It's got a state core superposition so that they can solve the difficult problem. I mean, try many solutions to a problem all at the same time. So in our traditional computers, it's um doing it linearly. Yes, just one, zero, one, zero. But quantum computing can be one and zero at the same time. So this would be some things that they can process really fast. Yeah. So we we can say that because um the companies who are building the quantum computers, they have uh very realistic uh statistics that traditional computers need years. I mean, a few hundreds of years to solve, they just solve it within 10 minutes.
SPEAKER_02:Wow. But it sounds, I mean, it sounds like we need to be geniuses to actually understand these things, doesn't it? I mean, it's really incredibly complicated.
SPEAKER_01:I also not a professional, I mean physician or uh scientist. Yes. We just need to think of it's another kind of computers which is uh totally different from a traditional computers that we are using now. So you just need to know its capability, but you don't need to know how to build it up.
SPEAKER_02:Right. Okay. I I think I get you there. Yeah, just understand that it's capable of doing uh all these things. We we don't need to understand it entirely about qubits and stuff, right? Uh but anyway, let's talk more about the impact because the threat timeline for quantum computing uh impacting uh today's encryption standards is something that's not really um uh clearly defined, is it? Some people think it's sometime and others will say it's uh it's a later in the future, right, isn't it? So when should organizations really start to worry about Q Day?
SPEAKER_01:So let's talk about the predictions of the Q Day. When will it happen? It actually the prediction of the Q Day falls into 2028 and 2030 or 35 something. Yeah, it's actually just a few years to go. Yeah, so actually, when will our organizations really start worrying about Q days is um depends on what data they're having. The data they're having will affect when they need to start acting on it. For example, if your data is valid for maybe 50 years, your banks, your government, nations, or healthcare system, the data will be valuable for quite a very long time. And um, I think when your data is uh valid for long enough, yeah, and uh it's already surpassed uh 2028 to 2030, that means that you need to act now. But why? Why they need to act now? Because the quantum computer is not here. I need to mention the terms about, yeah, harvest now, decrypt later. It is an attack. It is an attack that some guys that uh try to steal your encrypted data now, they're not going to do anything about it. They just store it.
SPEAKER_02:Right. And then do and then wait for the technology to be sophisticated enough to be able to unlock it to use your key analogy.
SPEAKER_01:Yes. When the quantum computer is ready, they just and and uh and the important thing is at that time your data is still valuable to them. They can still can sell money. Yeah. Then that you're you'll already be at risk. Then you need to start worrying about it now.
SPEAKER_02:But but um I mean in reality though, who is gonna be doing this? Uh I understand it from a nation-state point of view, right? They'll be looking for state secrets, perhaps also said, as you said, medical history is gonna last forever, right? So maybe they're looking for medical history on politicians or or famous people, right? Is it really something the average person needs to worry about, or is it just nation-state really?
SPEAKER_01:I think so because the problem is actually we we are doing some um as a security consultant, we are doing some monitorings on dark webs, actually, even organizations or what you mentioned, just like average companies, their data is still valuable. Right. Some ones will still want the data, and especially if you are doing some personal data, I think these will be the data set everyone would want. And uh, we can see that they can still sell it for monies in that way.
SPEAKER_02:Right. I guess if it's worth money, then they'll they'll do it, won't they? Wow. So this harvest, uh harvest now, uh decrypt later. Wow, fascinating. But you know, going back to the criminal groups again, I mean, do they are they really gonna have quantum computers though? Is it you know, and how can your average hacker have a quantum computer? Surely these things are gonna cost millions, right? So again, isn't it really only nations that are gonna be doing this, at least initially?
SPEAKER_01:No, I don't think so. Uh because the companies who are building the quantum computer is not from nations. Maybe they some kind of they were subsidized by nations, but actually they are building it for making money.
SPEAKER_02:Got it.
SPEAKER_01:When one day the technologies become mature enough, and uh mature enough for them to make money to got the payback, I think there will be something like quantum computer as a service. And uh something like this service provider to just like you don't need to build your own LLM in order to use AI.
SPEAKER_02:Got it.
SPEAKER_01:Yeah, so in other words, you'll just rent uh um Yes, you can rent it, you can buy the service from who who do have, yeah.
SPEAKER_02:Do you not think the there's some way they could put controls in that they you know to prevent the quantum computers being used to decrypt uh you know uh Yeah, I believe so.
SPEAKER_01:Yeah, there will be some strict um requirements or compliance or policies against who is going to rent it. But um I think one day when the quantum computers or technology become cheap enough, maybe 50 years or hundreds of years later, it's really become widespread in uh every corner of the world. And that time you can't control it.
SPEAKER_02:Yeah, wow. There's a lot of food for thought here, Kathy. I've got to say, um, you know, it's kind of creeping up on us because you mentioned 2028, right? As the uh as the earliest. That's that's three years away. Well, not even three years away if you uh because we're almost in 2026 now. Yes. Wow. Um so what are what are um what can organizations do to build an effective quantum readiness plan? What are the what are the first practical steps towards uh I guess we could call it quantum agility?
SPEAKER_01:I need to mention one thing that um actually NIST, NIST National Institution of Standard and Technology, yeah, they release um um some uh four news uh uh algorithm, which is um called uh quantum resistant algorithm. Yes, uh they just once a market or the world start to prepare for changing their um um data protections or their algorithm, the encryption method to these kinds of quantum resistance resilience or resistance um algorithm. Yeah, so I think um but but as of now, it is not a one-click process that you just click and then everything will change now. Um so uh what is uh an effective quantum readiness plan? I do think that you first you need to know what kind of data you have. You need to know where your data is resides, is it is it so uh how it's being encrypted with which algorithm? And then also with the data, leave your controlled environment, cross nations, or how far they will route to external environment. So you first you need to have the feasibility. You need to have the inventory of um what uh what kind of um encryption or cryptography set exists in your environment protecting your data.
SPEAKER_02:You know, uh I actually was speaking at a a conference uh run by the network forum for bankers just recently. And of all the topics I raised, you I was the only presenter on cyber, of all the topics I raised, this one raised the most eyebrows. I think a lot of people are totally unaware and they're not really thinking ahead in terms of uh wow, this data, you know, i it could be unlocked in a few years' time, and what is going to be the impact on us? Confidential information, uh account details, your transaction details that were supposedly confidential at the time.
SPEAKER_01:Scary.
SPEAKER_02:Yeah, it is pretty scary, isn't it? Wow. Um yeah, but um yeah, the the the are the regulators picking up on this? Uh you know, are are the regulators starting to enforce uh say in the banking world, for example, uh uh for the banks to be taking steps to being uh um ready?
SPEAKER_01:The market is expecting it. Um the um strict regulations or compliance requirements will appear sometimes maybe um around 2030s. But the problem is what the earliest time that we mentioned just now is 2028. So I think things may work faster, may go faster. And uh but the problem is um um actually uh the standard or it even they release the standard, the market is still haven't kept up. Yeah, because when we talk about the uh regulations, we need to make sure technically they can be doing it feasible and um feasible because uh the problem is when the um hardware or when the technologies they need to deal with the new algorithms, the new regulations, they need to uh increase their performance. The solutions, or if for example, if they have hardware, they need to wait a lot of computing powers when you adopt the new algorithms. Yeah. So the problem is the market haven't kept up. So what go back to what you mentioned just now, what is the plan? First, I have the visibility, but nothing I can do. Seems nothing I can do. I need to wait or wait for our vendors or supply chains that to need to get it ready. Then I need to start. No, actually, I I think uh what the terms we mentioned just now is crypto agility. You need to get um you need to get ready for the changes. Right. So you need to have the uh workflow, you need to review your current workflow, you need to review which team is actually doing about the keys, the cryptographies, the certificates. That you need to figure out the workflow, current workflow, and then trying to automate it. Trying to adopt um, I mean, maybe solutions or um some automation change uh to adopt to the changes.
SPEAKER_02:Right. Before we go and talk about some of these solutions and uh, you know, distinguishing marketing hype and things like this, um, just pause for a second just to ask uh, you know, our audience uh listening today um to please, you know, do click on the like or subscribe button because um you know we we're trying to push out very important information to the community here, and your support really helps us. So please click the light, uh the like, sorry, and uh and uh subscribe buttons. Um now, Kathy, before we go on to that, just um I'm a bit curious because you obviously live and breathe this. You love this, right, don't you? I can see it. You know, we're we're sat, by the way, in person here, and uh uh I can see how passionate you are about this subject, which is great. But how did you actually get into this? Uh did you come with a cyber background or uh uh cyber background?
SPEAKER_01:Yeah, because I I actually I graduated from um um computer science and I start my career with programmer and then for a few years and then I jump into the field of cybersecurity, and now it's already 10 years. So I I can't say I'm really a professional or an experienced um uh um people uh in this field, but I can feel that um cybersecurity is really an interesting field that we always got new questions, we always got uh problems to resolve. And now when when I touched with because um before I touched the quantum computing, actually I touched with uh certificate things first. Because uh I help our customer to automate their certificate uh management, because um actually renewing certificate sounds like easy, but uh it's actually the pain points of many of our customers. So um and and from this point, and I start digging into it, um, why we need to renew the certificate like this, and then I touch the quantum computing and knowing that the cryptography is going to change in a few years, and that's why I jumped into um studying, um not studying, but I just learned more about um the quantum uh the the quantum computers and also its cryptography.
SPEAKER_02:Wow, it's a great journey though. I mean Yeah, it's interesting. Yeah, well, I could see it written all over your face, you know, that you clearly love this. And uh, you know, it's fantastic that we've got somebody here in Hong Kong who can explain this clearly, who can help clients who really are trying to navigate this and just beginning this journey. So uh when we talk about that, there's obviously going to be a lot of, I guess, uh marketing hype because much like AI, you know, companies are gonna jump on this, they're gonna realize that there's a market, there's potential money to be made. So how do, you know, um clients or companies that um are looking to be um, you know, safe in the post-quantum world, how do they choose vendors and what should they be looking at for solutions?
SPEAKER_01:Okay. Okay. Yes, I think um I think first thing first, um, they need to define or they need to explain well um how they become quantum ready. Yeah. So um if the companies or if the vendors or if the product is saying that we are quantum proof, we have a hundred percent of um quantum safe, I think we need to doubt on it because even the scientists who are building the quantum computer don't know the cap of the what what uh I mean the cap of the capabilities of the quantum computers. So actually, even next they release the new algorithm, they also have a very uh sentence at the end of their announcement that we can't guarantee this new algorithm is um safe forever. Right. But we will work on the backup plan. So to define well the marketing hype or something, you you need to know the story behind how they get ready with the new algorithms or get ready with the quantum error. So I think for it, first of all, maybe they they need to how they deal with the performance impact uh when they adopt the algorithm. So I think understanding the story behind knowing which exactly the algorithm they're using to protect um your data or their data is important to define well, which uh which of them is uh just a marketing hype, or which of them is really um the solutions that you're helping you.
SPEAKER_02:Wow, yeah, it's gonna be challenging, isn't it? Because uh, you know, as we've already sort of realized in this conversation, this is not gonna be easy. But I was fascinated by something you just mentioned about even NIST with their new technologies, they're saying that even this may be broken in the future.
SPEAKER_01:Yeah, yeah, because no one no one can tell the cap of uh how powerful can be can be the quantum computing. But I need to say that um we we can't make it to to become too too much exaggerated because um uh they are still doing much error corrections or the they are still experienced um I mean the quantum computing's computers they still experience high error rates. So um we can see that some recent news that uh this may not be happened very soon, etc. That it depends. Uh we would I think none of us um can tell except for the the companies that they're they're really building the the computers, but the problem is uh but the problem is um there is no I mean not only quantum computing, it's security. There is no hundred percent security, not hundred percent safe uh in in any any kind of environment.
SPEAKER_02:No, you're uh you're absolutely right. And yeah, I guess it's uh something that we can only find uh you know uh over time, um which is yeah, a little bit worrying. Um now you mentioned about certificates, right? And that's obviously critical, and that's something your company, uh uh Cyberforce, right? Cyberforce is is heavily involved in, ensuring that companies are able to uh organizations are able uh to have secure certificates that are future-proof, if I can say that, or future-proof to an extent. Can you explain a little bit more about that, the importance of certificates and what they're used for, and what you actually do to help organizations to stay ahead?
SPEAKER_01:Okay, okay. So um certificates actually um let let's say the because there are many kinds of different um uh uh I mean digital entities, um with the certificates that we are mentioning is mainly a TLS public cert that we're using, for example, some external facing websites. You can see the certificate there, actually is protecting the data trans um, I mean the transaction or in and out. So um the problem is what we are dealing with, um I think I I can mention the news. I I'm not sure if this is a news, but um uh CA browser forums is actually confirmed to the shortening the public C TRS certificate lifespan to 47 days in 2029. And I I think I need to let the audience know that um actually most of our companies is now dealing with a one year certificate. Usually. Yeah. So um so renewing the certificate is usually a yearly practice. And now it's become in two thousand and twenty-nine it become a quarter. Maybe you need to do it uh every quarter. Um yeah.
SPEAKER_02:Are are organizations doing this?
SPEAKER_01:Most of our customers are actually adopting uh yeah, adapting to this change because um they are uh adopting some uh certificate lifecycle management solutions that is actually helping them to adapt to change, become crypto agility. Yeah, uh become, I mean that they need to achieve the crypto agility even the algorithm keeps changing from time to time. I still have something automated, I still have something changes that um I can I can um I can do it very quick, real quick. Yeah.
SPEAKER_02:Okay. Now we we first met at a uh a recent conference which was focused on uh AI. Uh and actually um you you gave a brilliant presentation, which is why we're meeting now on on the you know all of the topics we discussed today. Um but you also spoke about AI, right? And and the role of automation and AI and supporting quantum resilience. Now, is AI supporting quantum resilience or is it making the quantum computer's ability to crack the encryptions faster and easier? Is it our enemy or our friend, in other words?
SPEAKER_01:I think both, because you can't you can't tell if uh technology is a good person or a bad person. Yeah, it's it's neutral. I I we can't blame AI. It's a neutral person. So, but the problem is um actually I I have a little funny story is that I actually I I uh I I have a little bit struggle in linking the quantum computing with AI at the first place. Oh, okay. Yes, the problem is um uh when we are doing AI, it's actually it's it's actually two in um I mean the two uh path walking in parallel, they may uh sometimes AI is helping helping quantum to build faster. And but at the same time, maybe the quantum computing is also can um equip AI running in a more um um um capable ways. Yeah. So what you mentioned just now is is it helping or um is it is it a bad people or just um uh what kind of uh direction set he is going to help uh quantum computing and AI is helping each other. I think um there is a different dimension that we can we can deck into. Uh but the problem is um um how is AI and uh uh is helping quantum computing? So we can see that from some quantum projects now. Um actually they have uh terms called quantum AI. It's just a combination of them. But it's really um um make some make making some breakthrough on the development of the quantum computers, like in their error corrections, yeah, um uh and noise reductions that actually um push the quantum computers development much more faster.
SPEAKER_02:Yeah, okay. And and does it also affect the the ability to you know decrypt? I mean, to crack uh I mean, you know, what is the skill set behind that? Is it just computing power or are there you know clever techniques that AI can develop to to make the decryption faster, not just relying on computer power?
SPEAKER_01:I think it's uh both ways. They can decrypt. Um I I don't I but I I don't think AI can now doing the decryption faster because they still rely on the qubits, the the quantum computer, which is not um mature right now. Yeah, there's still years to go. So I think uh AI can speed up, but they they are not going to help it uh decrypt uh our current algorithm faster.
SPEAKER_02:Right. Okay. So all right, if if I'm sat in an average company right now, um what how could you help them? Yeah, I mean your company, how could you what would you know, somebody listening to this goes, oh crikey, I haven't uh I haven't done anything to prepare for this Q day, this this horrible word that's becoming a buzzword. Um you know, how could you help them?
SPEAKER_01:Okay. So I think the first steps is to uh know your environment. So the first step, I think for now when we when we touch to our customers that who is uh really worrying about it, we we need to first start with uh building the infantry for them. Yeah, because uh feasibility is the first step you need to before you gain control. So um so first of all, which uh you need to have a centralized infantry, you need to know a C bomb. C bomb is cryptographic build of materials in your environment. So um this is the first step. And then the second step is to control, for example, you need to know uh their key length, you need to know how secure is uh them right now. And moving forward, maybe you we need to explore whether they can do it, uh do the um encryption or um uh cryptography with a hybrid mode. Hybrid mode meaning we're doing the classical algorithm and um and the quantum resistant algorithm together, yeah, which is uh the cloud vendor is doing right now already, because uh they host many important assets on the cloud and uh they are doing the hybrid mode of uh crypto cryptography nowadays. Yeah. So I think uh end up at at the end of the of the plan or the the advice to them is uh try try your try our very best to be to automate, to automate any procedures or uh, for example, when you need to change the cert, you need to change your algorithm, you need to change your key, do it seamlessly or do it uh with uh minimal effort. Don't don't make the, for example, for a company nowadays use two months to change a cert.
SPEAKER_02:Right.
SPEAKER_01:Yeah, so this is important. I mean it's impossible to run it in this way in future.
SPEAKER_02:And and you you you uh resell or you you develop uh automated tools that can make this process efficient?
SPEAKER_01:Do we just resell?
SPEAKER_02:You resell, right? Yeah, okay, fair enough. But you there are tools. Well, I'm the point I'm making is there are tools out there that can help. Because that sounds like a heavy lift trying to do those, yeah, the work that you just mentioned. Um and I'm sure there's a lot of organizations listening to this who think, yeah, that would be very helpful. Um, it's uh a bit of a drain. Is there anything else that the companies should be worried about though? You know, because there's a lot of small companies here. Is there anything you you know, do should you know anything else they could be doing to prepare or or does that cover it, do you think?
SPEAKER_01:Um to prepare, I I have some of our cases set now and looking for some BAS, the bridge attack simulation tools. Oh. That actually they they they put in some um quantum elements inside. Of course, they don't have the quantum computers themselves, but actually the attack or the um uh yeah, the attacks can be simulated in some ways. So some of our customers are talking for this kind of solutions. We can tell it just um um security validation or bridge attack simulation tools that they can think of. They don't need to buy the products, they can just buy some uh subscription surface that uh we can run against your environment. And actually you will know where the the points are that you need to pay attention to.
SPEAKER_02:Right. Do you incorporate that ever into like because obviously we at Theos we do crisis exercises for companies, but more on the traditional side, you know, is it ransomware, is it a breach, you know, is it a data, you know, whatever kind of incident inside a threat, you know. Uh have you ever run those kind of or been involved in those kind of exercises with clients where the scenario is about, you know, a quantum computing uh attack that that breaches their some form of encryption in their environment?
SPEAKER_01:I I'm I'm not really uh retelling something very solid, but I know that some of the attacks will be like the key distributions, yeah, etc. So um I I think I think we need to dig into more.
SPEAKER_02:Yeah, I think we do. I think you triggered my thinking on this. There's definitely um uh a need, I think, for um crisis preparedness uh around this because I yes, you know, having listened to you for the last 30 minutes or so, I think this is uh definitely a big deal and it's something that uh needs to be taken seriously by organizations. So at the beginning of our conversation, you mentioned that um predictions range from 28 uh sorry, 2028 through to 2035, roughly. What about you? What's your prediction? I'm gonna put you on the spot here. When do you think Q Day is gonna happen?
SPEAKER_01:Oh, pick and middle numbers.
SPEAKER_02:Oh, going safe.
SPEAKER_01:Yeah, and and as a cybersecurity consultant, I hope this can be can be comes earlier. No, but uh just joking, just kidding. Yeah, but the problem is um I I think it's it's it will come because um actually there are different voices that I'm also doubting. Is it really coming? Is it is it really something that's going to happen? Actually, we don't know. But the problem is with the monies that invested into this field, and um even with uh some national alliances, they they put it in the scope. Yeah. And we can see in some um posts that by our tech giants, they also would start mentioning about this word. So I don't think they will suddenly quit from this development. But the problem is, um I think the question shouldn't be, should we worry about it? But the problem is um, I don't think that uh the the question should be um can we afford to wait?
SPEAKER_02:Ah yes.
SPEAKER_01:Yeah, so because um there is some things that are theoretically feasible, there is some things that are already building and uh actually that is supported by uh physics. So I think we need to get ready for it as soon as possible.
SPEAKER_02:Oh, I definitely agree. And I think uh Kathy, the work that you do and the work at Cyberforce is gonna become increasingly important as we approach that dreaded Q day, and that's gonna be big news as and when it actually happens, of course. And uh but um one thing I'm convinced about is having heard you speak on this and obviously having uh um you know spent time with you today, thank you. Um I I know we're gonna hear more from you in the coming uh conferences here in Hong Kong. But uh just uh just a quick question. Though do you support um uh outside of Hong Kong or you just focus on Hong Kong at the moment?
SPEAKER_01:Uh mainly on uh Hong Kong, China, Macau. Yeah, yeah.
SPEAKER_02:Yeah, because our audience is around the region. But if they wanted to get hold of you, I guess that you would uh you would be uh helpful no matter where they're located, uh absolutely. Well, it's been a real pleasure having you on the show today, Kathy. Uh a fabulous episode of frightening and uh enlightening information uh about something that's poorly understood, I would say, across the industry. So uh it you know, I really appreciate you giving up your time to be with me today. But I always ask my guests uh before I close up, um, because uh as I explain often, uh my way of unwinding is to listen to music, and I'm a music lover, and uh uh I always I'm always curious what my guests are currently listening to. So um, you know, perhaps uh I could ask you, uh Kathy, what what what music are you currently listening to?
SPEAKER_01:If you mention about currently uh recent three months, I'm really taking to the children's songs, coconut. Because my son is start uh dancing or just singing.
SPEAKER_02:Doesn't it drive you nuts though?
SPEAKER_01:Yeah, so I I now when I'm dreaming, it's the the the children's song, the wheels on the bus, yeah, is coming up in my dreams.
SPEAKER_02:The wheels on the bus.
SPEAKER_01:Yeah, just kidding. Uh for myself, I I usually uh heard uh I mean here canton pop. Right. Yeah, canton pop, yeah. Some yeah.
SPEAKER_02:So you're not with the local uh trend of K-pop though?
SPEAKER_01:Uh K-pop, I listen to Blackpink. Yeah, it's uh energetic, and uh when you work uh in the late night, uh there's you want to fall asleep, just uh open a music video with Blackpink and you will become energetic again.
SPEAKER_02:Oh good to know, good to know. Kathy, thank you so much for joining. And I'm really honored because you told me this is your first ever podcast. So I'm so honored that you chose to do it with me. And thank you very much for your time today, Kathy.
SPEAKER_01:You too. Thanks, Paul.
SPEAKER_02:Theos Cybernova was presented by myself, Paul Jackson. The studio engineer and editor was Roy DeMonte, the executive producer was myself and Ian Carlos, and this podcast is a co-production between Theos Cyber and W4 Podcast Studio in Dubai.
SPEAKER_00:The Theo Cybernova Podcast.