CyberWire Daily
Dinah Davis from Arctic Wolf talks about Linux malware via IoT devices.
Carole Theriault examines a university data backup snafu.
Dinah Davis from Arctic Wolf on securing your smart speakers
Clar Rosso from ISC2 on the communication gap between cybersecurity teams and executive leaders when it comes to ransomware
Lisa Plaggemier from the National Cybersecurity Alliance on the ongoing threat of phishing
Carole Theriault examines international efforts to stop digital fraud.
Helen Patton from Cisco on her book, Navigating the Cybersecurity Career Path.
Andrea Little Limbago from Interos on technology spheres of influence.
Career Notes
Advisory CISO at Cisco, Helen Patton, shares that a combination of dumb luck, hard work and serendipity that got her to where she is today. Growing up in the country in Australia, Helen notes that computers were not really a thing. She happened into technology after moving to the US, as she was the only person in her office under 40. Of course she would be comfortable with computers and able to handle a database conversion, right? That launched her into a career that spanned supporting small nonprofits, working at one of the biggest banks on Wall Street while leading a global team, being the CISO of a major university, and now Advisory CISO at Cisco. Helen recently wrote a book, "Navigating the Cybersecurity Career Path," to help others know when it's time to move on from one role to another role as part of her desire to give back to the community.
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers to mingle. It's in the name. We are social creatures."
Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then "just get into the game."
Caveat
Susan St. Clair of WhiteSource discusses increased regulation in the open source community with Dave Bittner.
Hacking Humans
Jane Lee, Trust and Safety Architect at Sift, joins Dave Bittner to discuss the Digital Trust and Safety Index.
Research Saturday
Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security.
8th Layer Insights
If you've been following the cybersecurity industry for the past few years, you've likely heard about the "cyber skills gap." In this episode, Perry sits down with Heath Adams (TCM Security), Professor Karla Carter (Bellevue University), Sam Curry (Cybereason), and Lola Obamehinti (eBay) to explore what the skills gap is and how to begin to close the gap. We touch on subjects such as where traditional degrees, online training, certifications, mentorship, and networking fit in, as well as the value of diversity. And we offer thoughts for employers, current industry professionals, and job seekers.
Let's face it. Most of us have a love/hate relationship with technology and technological advances. We dream about the new thing... but when it arrives, we are usually a little disappointed. Many of us also lament the constant erosion of privacy, the changes in social norms, and more. And, little-by-little, we allow those aspects of new technology to make us numb. We accept the cognitive dissonance of not totally being happy with the trade-offs; yet we still make the trade. In this episode, we explore a few of the positives and some of the unintended consequences associated with recent technological advancements. We'll hear from Dr. Lydia Kostopoulos, Dr. Charles Chaffin, Andra Zaharia, and Aaron Barr.
Afternoon Cyber Tea with Ann Johnson
Runa Sandvik, a modern-day hacker and computer security expert joins Ann Johnson on this week's episode of Afternoon Cyber Tea. Having a reputation as a staunch proponent of strong encryption, Runa was hired by The New York Times as their first senior director of information security. Ann and Runa discuss instituting new high-tech security measures at The Times, what types of skills she believes all journalists should possess today, and what she believes the tech industry should be doing more of when protecting against disinformation.
Lauren Buitta, co-founder and CEO of Girl Security, shares how advancing girls, women, and gender minorities in national security leads to better cyber defense on today’s episode of Afternoon Cyber Tea with Ann Johnson. Lauren began as a policy analyst with the National Strategy Forum, a nonpartisan think tank, focusing on a wide range of national and global security issues, including domestic terrorism, transnational threats, and cybersecurity. Ann and Lauren discuss what led her to launch Girl Security, what the industry could do differently to help women grow in security, and why it is crucial to engage young girls in discourse about disinformation?
Aanchal Gupta, Vice President for Microsoft Azure, joins Ann on today's episode of Afternoon Cyber Tea. Aanchal is an executive with more than two decades of experience leading geographically distributed teams developing secure and trustworthy software used by billions of people. Aanchal joins us to discuss her work leading Microsoft's Security Response Center, giving our listeners a behind-the-scenes look into how the company’s security team tackles issues. Aanchal also talks with Ann about different lessons learned when tackling recent threats, her philosophy on cybersecurity, and how important she believes diversity and open work culture for diverse people are when trying to maintain trust and clarity in a crisis.
Security Unlocked
Alyssa Miller is a life-long hacker and highly experienced security executive. She runs the security strategy for S&P Global Ratings as the Business Information Security Officer (BISO), bringing together corporate security objectives and business objectives. Natalia and Alyssa discuss her journey in security from a young and curious hacker to a BISO of the largest credit-rating agency, and how she is shaping what the role of the BISO will be for future generations.