Creating Connections: Let's collaborate.

Was this shared with you? Subscribe here.

“A woman with a voice is, by definition, a strong woman. But the search to find that voice can be remarkably difficult.” That quote is attributed to Melinda Gates, philanthropist. Creating Connections, the CyberWire's women in cybersecurity initiative, works to provide an opportunity to find and share those voices–your voices. Through our monthly newsletters and annual networking event, we strive to elevate the roles of women in cybersecurity, to give them a forum to share their work, to connect with others as mentors, and collaborate to make the world a safer place with an educated and informed community.

I recently had a conversation with Mari Galloway, CEO and founding board member of the Women's Society of Cyberjutsu. Mari and I talked about ways that the collective women in cybersecurity community could collaborate and help one another. Together, and just off the top of our heads, we named a dozen organizations that share the mission of empowering and elevating women in cybersecurity. Sure, we each have our different iteration of that mission and community we focus on, but we have the same overarching goal for a cybersecurity community where are all are represented and have the opportunity to flourish. With so many of us out there, we need to find ways to collaborate. Can you imagine the power women in cybersecurity would have if we put our energies together? Are you a member of an amazing women in cybersecurity group, nonprofit, club? Send us an email, and let's start talking. I'd love to find a way to help you in your search for a voice or to amplify it. That voice can be your organization's, your own voice, the voice of your colleagues, or an informal group you are affiliated with. You will see some pieces included below from women in cybersecurity, allies of women in cybersecurity, and our team. We would love to add yours.

Michelle Obama is quoted as saying, “There is no limit to what we, as women, can accomplish.” That sums up the conversation I had with Mari. I challenge you to find ways to collaborate and work together for the greater good of women in cybersecurity.

We’d love to hear from you. Tweet us ways we might collaborate at @thecyberwire and use the hashtag #womenincyber.

Building secure service by default.

By Yasmin Abdi, Founder & CEO, NoHack

Information security is a complex, multifaceted discipline built upon many foundational principles. Recently, the most important principle - least privilege, limits permission that users have on a system or network. 

When developing a new service, it is important to ensure the safety for all of your customers by ensuring your engineers are building with authentication and authorization as your core product principles. This story is all about these two foundational security mechanisms - authentication and authorization, what they are and how they work. Read the full article on the CyberWire.

Open for diversity: Breaking career barriers in cybersecurity.

By Roy Zur, CEO, ThriveDX for Enterprise

Diversity is a defensive weapon. And in the world of cybersecurity, that’s of tremendous value. 

Studies have shown that diversity plays an important role in problem-solving in the workplace by bringing varying knowledge, skills, and judgments to the table. When organizations have a breadth of experience and thinking in crisis scenarios, it gives them the upper hand in fending off sophisticated attackers. Read the full article.

A CISO's journey and challenges women face in cybersecurity.

By Kayla Williams, CISO, Devo

CISO Kayla Williams is responsible for maturing the information security and technical privacy program at Devo. She’s a trusted security advisor to more than 100 customers by providing guidance on how to best use the Devo Platform for automation while increasing risk coverage and reducing SOC fatigue. In this blog, she shares her leadership experience and discusses challenges women face in the cybersecurity industry. Kayla will be hosting a discussion with other female cybersecurity leaders later this month. Learn more by reading this blog post. 

Collaboration tools: an often underestimated yet existential threat to network identities.

By Toni Buhrke, Director of Sales Engineering, Mimecast

While email remains the #1 attack vector in 2023, companies need to ensure they’re also paying attention to collaboration tools to minimize cybersecurity risk. In fact, nearly half of malicious attachments are now MS 365 files, according to Mimecast’s 2023 State of Email Security report. This wide-spread use of such files to disseminate malware has driven nearly three quarters of companies to expect harm from a collaboration-tool-based attack. That’s pretty staggering when you think about the prevalence of Microsoft tools across enterprises of all shapes and sizes. With 94% of companies feeling the layer of security provided by MS 365 is too thin, the dangers of unsecured collaboration tools cannot be overstated.

Championing diversity in cybersecurity.

By Eliana White, Digital Media Marketing Manager, N2K Networks

As Black History Month comes to a close, I've had a moment to reflect on my experience in the cybersecurity field as a woman of color. Diversity in any field is vital to achieving and maintaining an environment of innovation, openness, and acceptance of all ideas and perspectives.

From my perspective, cybersecurity seems to have a slow yet steady pace of embracing diversity and inclusion, especially in leadership positions. I think gender inclusion has caught up more than ethnic and racial inclusion throughout the field. Still, I think that it's great to see women and all genders being represented more and more across the industry. I am hopeful that ethnic and racial diversity will have the same progress and visibility.

This movement forward is up to us all as individuals and as organizations to push back against stereotypes that perpetuate inequality and other barriers that may keep things stagnant. I believe the future of cybersecurity is bright, but we must take steps to improve representation within the field. That said, I always appreciate seeing women and people of color being embraced in the cyber community, even if they are less visible in leadership roles. Learn about ways you can support minorities and underrepresented individuals.

AI: The newest author in the world's next chapter.

By Liz Irvin, Associate Producer, CyberWire

I’ve been reading, watching, and researching a lot about AI recently. In the past month, it seems like AI has just boomed all around me. We talk about it at the CyberWire, I talk about it with my friends and family, and I just can’t hear enough about it; even my TikTok feed has been overrun with AI videos. I saw one video where the creator was talking about a movie that came out about a year ago called “Fall” (for those who have not seen it, it is about two girls who climb 2,000 feet to the top of a remote, abandoned radio tower, and they find themselves stranded with no way down). Now, this doesn’t seem like a movie that would involve AI at all, but this TikToker took a section of this movie and was able to dub over the actress’ lines to make it a PG-13 rating instead of an R rating. You can learn more about how it was done here.

The AI technology used was able to make this actress flawlessly change facial expressions and words to seem as if she said words she actually did not, changing the entire rating of the movie. I thought that was both so cool and so scary at the same time, and I had to learn more. I found an article about the technology used and how the TikToker employed it. This drove me to think about how this technology can be alarming considering what the future holds for us, and what this technology could end up leading my generation to discover. Yet, it is exciting at the same time.

In my bout of research learning more and more about AI, I came across a quote from Gemma Whelan that I wanted to share, which reads “I'm more frightened than interested by artificial intelligence - in fact, perhaps fright and interest are not far away from one another. Things can become real in your mind, you can be tricked, and you believe things you wouldn't ordinarily. A world run by automatons doesn't seem completely unrealistic anymore. It's a bit chilling.” Gemma is an amazing actress who is notably famous for playing “Yara Greyjoy” in the HBO fantasy-drama series Game of Thrones, and she is one of the very few women on that show who I see as a complete boss. She is one of my favorite characters, and she summed it up quite well in my mind. AI is an amazing feature we as a society have unlocked, but it’s crazy to think about how far it can go. I hope you all can take a chance to look into AI a bit like I have, and discover the amazing, scary world out there. 

Would you like to be featured in a future issue of the Creating Connections newsletter? We are currently accepting submissions for pieces written by women, about women, and information on women in cyber related events. Simply reply to this email to get started. 

A new addition to the lineup.

By CyberWire and N2K Networks staff

There's a new kid on the block at the CyberWire Network: the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) recently added their RH-ISAC Podcast to the team. The RH-ISAC was built to create a secure place for retailers to share cybersecurity information and intelligence to better protect their own companies and strengthen the entire sector. With over 200 core members, including the world’s largest consumer-facing brands in retail, food services, hotels, gaming, and consumer products, the ISAC shares real-time actionable threat information so others can learn, grow, and mature their cybersecurity teams and programs. The podcast kicked off its second season on February 22nd, as a member of the CyberWire Network.

On the 2nd and 4th Wednesdays of the month, host Luke Vander Linden, RH-ISAC VP of Membership, and the RH-ISAC Podcast take listeners into the world of security threats and vulnerabilities, cutting edge research and new security strategies, and notable success stories from the retail and hospitality industry and RH-ISAC member organizations. To check out the podcast, visit our website or follow the RH-ISAC Podcast on your favorite podcast app.

Countdown to launch.

By Maria Varmazis, Space Host, N2K Networks

It’s a real honor and thrill to be the first female podcast host at N2K Networks, and I’m excited to be covering the fascinating and fast-growing space industry in our upcoming daily space show. I’ve been in the STEM world for quite a while now, and I’m so glad to be working at a place and in a role where I can be my fully inquisitive and effusive self and not feel like I must minimize those parts of me just to get a seat at the table. I don’t discount at all how significant it feels sometimes just knowing people will be hearing my voice, day after day. Especially after losing work and childcare during the pandemic, when I wondered if my career would ever recover, I feel immensely grateful for every listener who lets me share just a bit of their day with them. Whether you’re a space enthusiast, an industry professional, or just space-curious, I really hope you’ll join me as we learn together. The new podcast will launch soon, in the meantime, you can check me out as a regular contributor to the CyberWire Daily podcast.

CyberWire Daily

CyberWire Space Correspondent Maria Varmazis speaks with Zhanna Malekos Smith at the Center for Strategic & International Studies about a new security agreement between Japan and the US.

Podcast Partner Kathleen Smith of ClearedJobs.Net clears misperceptions about the cleared space. 

Marc Van Zadelhoff from Cyber CEOs Decoded podcast speaks with Amanda Renteria, CEO of Code for America, about attracting diverse talent. 

Guests Max Shuftan & Monisha Bush from the SANS Institute, on the reopening of their HBCU Cyber Academy application window. 

Podcast Partner Dinah Davis from Arctic Wolf describes continuous network scanning. 

Guest Dr. Inka Karppinen of CybSafe with a look at cyber security through the lens of a behavioral psychologist.

Podcast Partner Betsy Carmelite from Booz Allen Hamilton shares an overview of cyber deception. 

Guest Ashley Allocca from Flashpoint with a look at the Breaches and Malware Threat Landscape.

CyberWire Network host Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. 

CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? 

Podcast Partner Dinah Davis from Arctic Wolf shares cybersecurity stats every IT professional should know. 

Guest Kayla Williams from Devo talks about autonomous SOCs.

Guest Roya Gordon from Nozomi Networks discusses the ICS Threat Landscape. 

Part two of Podcast Partner Kathleen Smith of ClearedJobs.Net discussing trends in the cleared space. 

Part one of Podcast Partner Kathleen Smith of ClearedJobs.Net looking at hiring trends in the cleared community. 

CyberWire Network host Ann Johnson from Afternoon Cyber Tea speaks with actor producer Tim Murck about the intersection of cyber awareness and storytelling. 

Afternoon Cyber Tea

Stacy Hughes, Voya Financial Senior Vice President and Chief Information Security Officer, joins Ann on this week's episode of Afternoon Cyber Tea. Stacy has over 20 years of experience leading complex IT initiatives within Fortune 500 financial technology organizations. Prior to her role at Voya, she was CISO at Global Payments Inc. and has held leadership positions across governance, compliance, accounting, and audit functions. Stacy and Ann discuss her journey to being CISO at Voya, the art and science of cybersecurity, and advice for CISOs and other security leaders on how to effectively inform, educate, and influence stakeholders.

Marene Allison, advisory board member for Covenant Technologies, a leading IT and cybersecurity staffing firm, and Balbix, a leading cybersecurity posture automation platform, joins Ann on this week's episode of Afternoon Cyber Tea. As former Vice President and Chief Information Security Officer for Johnson & Johnson, Marene has a magnificent and storied military, technology, health, and life sciences background. Ann and Marene discuss why she decided cyber would be a focal point of her career, what it takes to be a modern CISO today, and what she wishes she had known when she first started her role as CISO.

Career Notes

Rachel Tobac, CEO from SocialProof Security sits down to share her amazing story on becoming what's known in the industry as an ethical hacker and CEO of a company. Rachel shares how she was always fascinated with spy movies and as she grew older that fascination turned into a real desire. Finding out she liked learning how the human brain works, she decided to start off in neuroscience. Wanting a change and with the help of her husband she was able to start getting more into hacking, finding she loved the fact that she was pretending to be someone to hack into a company and finding the weak spots. She shares how as a leader now she likes to be authentic with her team. She says "I think in the security world sometimes we take ourselves pretty seriously and a lot of times it's because we're dealing with really serious topics, and so in the moment we have to be extremely serious, but when you get a five minute break in between your crisis meetings, find a way to laugh if you can." 

Yasmin Abdi, a Security Engineering Manager at Snapchat and the CEO and Founder of NoHack, sits down to share her story on how she got to be in her amazing current roles. From a young age, Yasmin was fascinated by the overlap of cybersecurity and crime and law. In her time in college, she was able to intern at big tech companies like Snapchat, Google, and Facebook. She decided to stick with Snapchat, which had the security aspect and security composure that she wanted. In her role at Snapchat, she gets to work with her team to help take down all kinds of bad content and keep up the platform’s integrity, and found she fell in love with the work along the way. Yasmin shares the sage advice to grow your community as much as you can, saying to"form a community of like-minded people. People that you can bounce ideas off of, people that can help support you when times are low. Find mentors, find people that you aspire to be like, and really find that community of people." 

Caveat

Annick O'Brien, Global Data Privacy Lawyer at CybSafe sits down with Dave to discuss data privacy around the world, data minimization, GDPR and how tech companies are fighting against regulations.

Carrie DeCell, Senior Staff Attorney of Knight First Amendment Institute at Columbia University, sits down to discuss the threat malicious surveillance technology poses to press freedom around the world. 

Control Loop

Ask the ISACs discussion led by Dawn Cappelli, Dragos’ Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. 

On the Learning Lab, Dragos’ VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos’ Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. 

Cyber CEOs Decoded

Marc van Zadelhoff and Amanda Renteria, CEO of Code for America, discuss how important it is to attract and recruit diverse talent and how it ensures a wide range of perspectives are accounted for when tackling complex challenges like cybercrime.

Hacking Humans

Corie Colliton Wagner from Security.org joins to discuss the company’s research of password manager tools and their benefits, identity theft, and the market outlook for PW managers. 

Interview Selects

Maria Varmazis, CyberWire Space Correspondent is talking with Zhanna Malekos Smith at the Center for Strategic & International Studies about a new agreement between Japan and the US about securing & defending assets in space

Dr. Inka Karppinen from CybSafe sits down to discuss realistic New Years cybersecurity resolutions for CISOs to give to employees.

Kayla Williams from Devo talks on CISO POV: The solution to the cybersec talent crisis is the autonomous SOC.

Research Saturday

Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report."

SpyCast

Aliza Bran joins Andrew Hammond to discuss her role as Media Relations Manager at the International Spy Museum. 

Retail & Hospitality ISAC (RH-ISAC) Podcast

Suzie Squier, and Christian Beckner, National Retail Federation’s vice president of retail technology and cybersecurity, expand upon RH-ISAC’s new partnership with NRF. 

Luke Vander Linden and Alex Brown, RH-ISAC’s director of events, discuss this year’s Regional Workshop series.

Uncovering Hidden Risks

Raman Kalyan, Director of Product Marketing, Microsoft and former podcast host, joins Erica Toelle and guest host Liz Willets on this week's episode of Uncovering Hidden Risks.

RSA Conference 2023 San Francisco | April 24 – 27 | Moscone Center

Every year, industry leaders and the global cybersecurity community meet at RSA Conference. On the agenda? Arming you with all the best practices and state-of-the-art solutions that will help keep your organization secure. Experience countless opportunities to make valuable connections that can open new doors and further your career.

Don’t miss the chance to be Stronger Together. Join RSAC 2023 for access to cybersecurity’s biggest innovations and cutting-edge ideas during four days of expert-led track sessions, inspiring Keynotes, skill-building experiences, and more. Learn more.