Creating Connections: Cybersecurity is a two-way street.

Staying Connected

By Jennifer Eiben, Senior Producer, CyberWire

Was this shared with you? Subscribe here.

Apologies for this issue being a few days late, we usually publish the last business day of the month, but we just got back from the 2023 RSA Conference on Friday. Hope all who attended found it valuable. I know our team came back with some amazing content. We did two video interviews, 22 audio interviews (some that have already aired on our CyberWire Daily podcast and the balance will air this week and a bit of next.) We conquered boats to Alcatraz and walked the Golden Gate Bridge, took countless Ubers, and logged many miles around Moscone. Our team from N2K Networks had a booth in Moscone South. Our CSO Rick Howard presented at two sessions, Superforecasting and Its Superpower in Delivering Better Security Outcomes and The Emperor Has No Clothes: the Current State of the CISO, and held a book signing. His book sold out in the bookstore before the signing even started! Eliana shares some details about Rick's book below. Karaoke also happened, but we will not be sharing photos or videos of that!

It was great to cross paths with so many in our community. I'm especially gratified to reconnect with old friends (even some that I danced with in our high school musicals), neighbors (that I cannot believe I have to go to RSAC to see), and the many fantastic women of cybersecurity (including an amazing group of young women from Stanford University). Both N2K Networks' President, Simone Petrella, and I were honored as members of the Top Women in Cybersecurity in the Global Infosec Awards for 2023. Our learning team also was honored with a Publisher's Choice Award in Cybersecurity Training. Thanks to Cyber Defense Magazine for the recognition!

Now that we are back, we are energized, albeit a bit sleepy still, to take all of the ideas we had and find ways to share our strategic workforce intelligence knowledge with you. As you may recall, N2K Networks stands for News 2 Knowledge. That is not a one-way street. We would love to hear from you. Engage with us! Share your expertise in a thought leadership interview, tell your cybersecurity career journey, let us know how we can help each other. Drop me an email with your ideas! Cheers to all and I look forward to seeing you again soon!

We’d love to hear from you. How was your experience at the RSA Conference? Do you have ideas you'd like to share? Tweet us at @thecyberwire and use the hashtag #womenincyber.

Featured Cyber Women

Cybersecurity in space: not as far out as you’d think.

By Maria Varmazis, Host of T-Minus, the daily space podcast, N2K Networks

After lots of behind-the-scenes work, I’m so glad (and relieved!) that I can now talk about T-Minus, our new daily space industry podcast at N2K Space, which I have the privilege of hosting.

I worked in cybersecurity marketing and communications for about 15 years, so it might seem odd or even unexpected that suddenly I’m working on a show about space of all things. But from the broad perspective of someone who’s spent her career in the B2B world, infosec and space honestly have a lot of overlap. Read more about my journey from infosec to the space industry. You can also listen to my episode of the CyberWire's Career Notes podcast where I share my cybersecurity and now space career story.

Get in the game for your next leadership opportunity.

By Jessica Gulick, Founder and Commissioner, US Cyber Games

Cybersecurity is all about teams. Not just hunt or SOC teams. But also work teams and skill communities, affinity and belonging groups, and even the US Cyber Team. These team connections are important for two key reasons. First, they allow us to “find our people” so we can comfortably take our place at the cybersecurity table. Next, they provide opportunities for usto shine as leaders and harness the diverse skill sets needed in the industry.

Jessica Gulick, Commissioner of the US Cyber Games, a multiphase cybersecurity program recruiting a US Cyber Team® for international competition, shares why cybersecurity needs you to join the team, and how it can benefit you and our industry. Sound exciting? Learn more about the US Cyber Games and how you can contribute.

Cracking the code to high school competition.

By Tish Rourke, Vice President, Lockheed Martin Cyber & Intelligence

Lockheed Martin hosted more than 50 Maryland students and teachers for Code Quest® at their Annapolis Junction, MD facility, April 22, 2023. Code Quest® is the annual competition that draws high school students from around the region to test their coding skills and get excited about careers in STEM. Lockheed Martin is developing the next generation of engineers via partnerships with schools and organizations and STEM programs like Code Quest® and CYBERQUEST®, a competition held in April to test cybersecurity skills. During the events, Lockheed Martin volunteers present to teachers and coaches on a variety of topics, such as career opportunities and alternative science, technology, engineering and math (STEM) outreach programs to help shape the way coding, cybersecurity and STEM are taught in schools to help prepare students with real-world needs in industry. You can learn more about this initiative.

Information technology, neurodiversity, and the midwestern junk drawer.

By Stacy Dunn, Senior Solutions Engineer, SANS Institute

On top of the ever-changing and fast-paced nature of the field of technology, and more specifically, cybersecurity, being neurodivergent has its strengths and weaknesses. In early 2020, Stacy, a Solutions Engineer, was diagnosed with ADHD and learned what it meant to be “neurodivergent”— a term used to describe someone differing in mental or neurological function from what is considered typical or “normal.” Read more to find out her thoughts, feelings, and how she managed to cope, adjust, and explore her newfound diagnosis for her lifelong struggles. Read Stacy’s article.

Heard Around the Studio

Explore Cybersecurity First Principles with Rick Howard's new book.

By Eliana White, Digital Marketing Manager, N2K Networks

Rick Howard, our very own CSO, Chief Analyst, Senior fellow and published author, has released his new book, Cybersecurity First Principles: A Reboot of Strategy & Tactics, the first expert discussion of the foundations of cybersecurity. Perfect for cybersecurity professionals at every level, this book challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. Order your copy today.

First timers from N2K Networks at the RSA Conference 2023.

By the CyberWire team

Reflections on my first RSA Conference.

By Janene Daly, Senior Sales and Strategy Executive, CyberWire

"Always take on things you haven't done before. Growth and comfort do not co-exist." – Ginni Rometty.

I have been at CyberWire, N2K Cyber for 6 months providing marketing strategy for cybersecurity clients, so naturally I was excited to attend the RSA Conference for my very first time. I had some understanding of the event as I had been to many conferences in my career, but never in the cybersecurity vertical. RSAC has nearly 50,000 people come to San Francisco over 4 days, it was electric! First impression, WOW, so many companies with enthusiastic employees who are happy to be talking about why their product or service is unique and different. Whether I was talking with a CMO, a marketing coordinator, a salesperson, or a technical engineer, they seemed energized to be together at this moment. One thing I noticed the most was the amount of women in every role. I was proud to see the growth in this industry from the pioneers that came before me. They embraced the need to create opportunity for the future and it is apparent!

As each day ended, I thought about what I learned and what we could do better the next day or the next conference. My top 10 suggestions are:

Wear comfortable shoes.
Clothing: business casual but comfortable. FYI: We need to design better logo clothes for women!
Bring an iPad Mini to take notes after each introduction or meeting you have.
Bring a notepad.
Bring enough business cards (I ran out) or better yet, create a QR code with your information and make a sticker.
Sleep at least 6-7 hours, the days are long and going into the night.
Hydrate.
Talk to everyone, network and take notes: this is an emerging theme – notes are vital!
Spend quality time with your coworkers.
SLEEP! You will need it!

RSAC was a success for me. I was able to develop new relationships, learn about new companies, and talk about the enormous CyberWire network. I hope if you went too, it was as successful!

My first experience at the RSA Conference.

By Liz Irvin, Associate Producer, CyberWire

April 24th kicked off 2023's RSA Conference in the beautiful city of San Francisco. This year, I was able to attend for the first time, and I have to say, I had an absolute blast. It was incredible coming down the escalator into the expo hall to see over 40,000 people walking, talking, and networking about the thing they love most, which is cyber.

I spent most of my time taking in everything, and of course whenever I got the chance I would go out and tour the city. I think walking the floor in the expo hall was the most intriguing part of the whole conference; you see all of these great minds coming together and talking about their passion. In addition to exploring the expo floor, I got the privilege to record some walk and talk podcast segments, where I would stop people and just pick their brains on the events surrounding the RSA Conference and some other fun questions. It was fascinating to get to ask attendees some questions about their opinions on the RSA Conference and what they found that they like best around the show floor.

I had an absolutely amazing time walking around, learning, and watching, and I am so grateful I was able to get to go to this year's conference. It was an amazing experience that really shed a light on how amazing this cybersecurity community really is. Stay tuned to the CyberWire Daily podcast to hear some sound bites I captured at the event!

Women on the CyberWire

CyberWire Daily

Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience.

Microsoft Security’s Ann Johnson, host of Afternoon Cyber Tea, stops by with her take on the RSA conference.

Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels.

Guest Theresa Lanowitz from AT&T Cybersecurity shares insights on Securing the Edge.

Cecilia Marinier from RSAC and Barmak Meftah, a judge of ISB, discuss the RSA innovation sandbox.

CyberWire UK Correspondent Carole Theriault chats with Cisco Talos' Vanja Svacjer about the threat landscape, now and tomorrow.

N2K Networks’ Maria Varmazis and Brandon Karpf share the launch of the new space podcast, T-Minus.

Kelly Shortridge from Fastly shares insights on the risks from bots.

Microsoft’s Ann Johnson from Afternoon Cyber Tea talking about cyber paradigm shifts with Samir Kapuria.

Guests Britta Glade and Monica Koshgarian of RSA Conference talking about content curation.

CyberWire UK Correspondent Carole Theriault ponders AI-assisted cheating.

Guest May Mitchell of Open Systems addresses closing the talent gap.

Simone Petrella from N2K Networks unpacks 2023 cybersecurity training trends.

8th Layer Insights

Perry speaks with Josiah Dykstra about the new book he co-authored with Eugene Spafford and Leigh Metcalf. This topic coincides well with Perry's recent studies into folklore and urban legends for his other podcast, Digital Folklore. Guests include Chelsey Weber-Smith of American Hysteria Podcast.

Career Notes

Maria Varmazis, N2K's Space Correspondent and host of N2K's newest podcast T-Minus, sits down to share her journey on combining her two passions of space and cyber. Maria grew up wanting to be an astronomer, in school she focused on joining anything with technology and enjoyed the classes that made her think. After transferring to a new college, she went into journalism, absolutely falling in love with the new career path she had made for herself. She got herself a job at Sophos and that's where she learned about cybersecurity. Now she discusses cyber and space in her new podcast, combining her two passions into one for all to understand. Maria discusses some of the setbacks she overcame in this industry and shares the wise advice of "I would never pretend that failure isn't painful, but it is an incredible teaching tool. So if you feel like you've had a huge career fail or a really big misstep, you can still pivot from that and you can make that into something."

Karen Worstell, Senior Cybersecurity Strategist from VMware, sits down to share her journey and discuss her experience as a woman in cyber. Starting her career off as a chemist, she graduated with bachelor's degrees in chemistry and molecular biology. She then took some time off to be with her family and came back to a science field that was far more advanced than before she had left. She decided to go in another direction, which led her to cyber. She started teaching herself programming and found she was very good at it. Now that she works in cyber, she says "You, you have to know yourself, know what you want, and know where you're, know where you plant your feet. I used to use a phrase a lot that said, uh, don't be afraid to take a stand but know where your feet are planted."

Caveat

Ilona Cohen from HackerOne sits down with Ben to discuss Biden's Cyber Strategy and National Budget allocations for cybersecurity.

Danielle Jablanski from Nozomi Networks to joins Dave to discuss one year of Shields Up as it relates to the National Cyber Strategy and one year of the Ukraine conflict.

CSO Perspectives

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Nicole Perlroth about her 2023 Cybersecurity Canon Hall of Fame book: “This Is How They Tell Me the World Ends.”

Hacking Humans

Carole Theriault, CyberWire's UK correspondent, sits down with Cisco Talos' Vanja Svacjer discussing if the security industry is ready for AI.

Jean Lee and Geoff White from BBC and hosts of the Lazarus Heist podcast talk about what is coming up in Season 2 of their show and how the Lazarus Group is evolving.

Interview Selects

Cecilia Marinier from RSAC and Barmak Meftah, judge of ISB, join to discuss the 2023 RSAC Innovation Sandbox, Launch Pad and Early Stage Expo programs.

Kelly Shortridge from Fastly is sharing the main risks from bots in 2023.

Research Saturday

Sahar Abdelnabi from CISPA Helmholtz Center for Information Security sits down with Dave to discuss their work on "A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models." There is currently a large advance in the capabilities of Large Language Models or LLMs, as well as being integrated into many systems, including integrated development environments (IDEs) and search engines.

The Retail and Hospitality ISAC Podcast

Luke Vander Linden is joined by Cam Sabatini, senior analyst of information security, planning, and architecture at Abercrombie & Fitch Co., and Kristen Dalton, director of strategic cyber engagement, research, and analytics at RH-ISAC, as they explore cyber risk quantification (CRQ).

Suzie Squier, RH-ISAC’s president, and Rafael (Rafa) Villoria Ferrer, head of global cyber security operations centre at Nestlé, discuss the upcoming events occurring in Europe.

Uncovering Hidden Risks

Randolph Kahn, a globally recognized leader in information governance and President of Khan Consulting, joins Erica Toelle and guest host Natalie Noonan on this episode of Uncovering Hidden Risks. They discuss Information Governance and the industry trends they are currently seeing in this space.

Events

Summit on Modern Conflict and Emerging Threats (Nashville, and virtual, Tennessee, USA, May 4 - 5, 2023) Modern conflict has created a global problem that is moving at the speed of innovation and technology. The Vanderbilt Summit on Modern Conflict and Emerging Threats on May 4-5, 2022 brought together internationally recognized leaders and experts in the military and intelligence community to examine the subjects of cyber conflict, artificial intelligence, peer competition and emerging threats.

US Cyber Open® Kick-Off Event (Virtual, Jun 1, 2023) US Cyber Open Kick-Off Event. SEASON III WHAT ARE THE US CYBER GAMES ALL ABOUT? -Why should I get into a career in cybersecurity? -What's the key to making the US Cyber Team? -Who are the coaches for Season III? Learn about these and more during our Season III Kick-Off event.

CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards (TBD, Jun 24, 2023) Join us on June 24th as we learn, grow, and build together. Cyberjutsu Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more. Participants will walk away with hands-on knowledge that can be applied immediately on the job.

Selected Reading

NSA, U.S. and International Partners Issue Guidance on Securing Technology by Design and D (National Security Agency/Central Security Service) FORT MEADE, Md. - The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are partnering with international

(ISC)² Calls for Global Cybersecurity Standards based on New Research (Yahoo Finance) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals, and the Royal United Services Institute (RUSI), the world's oldest independent think tank on international defense and security, today released a new research report titled "Global Approaches to Cyber Policy, Legislation and Regulation." Findings from the report reveal that as cybersecurity policies and regulations evolve rapidly around the world, the call for greater standardization and collaboration is

(ISC)2 Urges Countries to Strengthen Collaboration on Cybersecurity Regulation (Infosecurity Magazine) A new report examines global approaches to cyber legislation across six jurisdictions

Kemba Walden dishes on the Office of the National Cyber Director's big year (SC Media) Acting National Cyber Director Kemba Walden sat down with reporters at the RSA 2023 conference to discuss implementing the national cyber strategy, the prospects for a software liability bill this Congress, diving into the space sector, and reports of friction between top cyber leaders in government.

BAE Systems Digital Intelligence on LinkedIn: #womenintech #womenincyber #equity #cybersecurity (LinkedIn) ✅ Equity vs equality ✅ Being a true ally ✅ Tackling microaggression We covered some important topics at our recent R.I.S.E. Mentoring Women in Cyber Security…

5 Big Statements From Cybersecurity Leaders At RSAC 2023 | CRN (CRN) Executives from Palo Alto Networks, CrowdStrike, Cisco, Microsoft and Trellix spoke out about AI and cyberthreats during keynotes at RSAC (RSA Conference) 2023.

The Cyber Battle: Why We Need More Women to Win it (Security Intelligence) There's no debating it — more women are needed in cybersecurity. So how do we bridge this diversity gap?

What's really causing the cybersecurity gender gap? - Technical.ly (Technical.ly) People, more than policies, are to blame for experiences of exclusion, according to Women in CyberSecurity research.

The world needs cybersecurity experts – Microsoft expands skilling effort with a focus on women (Microsoft On the Issues) Today, Microsoft is expanding our Cybersecurity Skills Initiative, and delivering grants to nonprofits to help skill people for the cybersecurity workforce. With this expansion, we are now working in 28 countries, partnering with nonprofits and other educational institutions to train the next generation of cybersecurity professionals.

Women in cybersecurity: Prepping the next generation (SC Magazine) Today’s female cybersecurity leaders are paving the way for those now entering the profession. We asked members of the Cybersecurity Collaboration Forum’s Women in Cyber group where things stand for women in the industry, and what the next generation needs to know.

People drive women’s feelings of exclusion in cybersecurity (Security Magazine) A recent report by Women in CyberSecurity on the state of inclusion of women in cybersecurity shows 68% cite leadership as a source of exclusion.

Making Cybersecurity More Inclusive for Women (Dark Reading) Stepped-up recruiting efforts along with better work-life balance policies and mentoring and recruitment programs will help balance the scales.

Attracting more women into cybersecurity - Digital Journal (Digital Journal) 82 percent of respondents to a global survey of female STEM undergraduate students said they had either some or a lot of knowledge about cybersecurity.

Study: Women in cybersecurity feel excluded, disrespected (TechRepublic) Feelings of exclusion and being disrespected impacts hiring opportunities and retention for women, according to a new report.

RSAC Insights: Women look to break the stereotype of a male hacker in a hoodie (SC Media) Two leading female cyber leaders aim to encourage the next generation of women to enter the cybersecurity field.

A guide for women in cybersecurity (Cybersecurity Guide) This guide aims to provide the tools to encourage women to pursue a career in cyber security. Find tips, scholarship information, and helpful resources.

US Cyber Games Seeks Top Cybersecurity Talent for International Competition (US Cyber Games) US Cyber Games seeks top cybersecurity talent for international competition. Season III launches with free and open tryouts for all ages.

N2K Networks launches T-Minus Space Daily, the world’s only daily space news podcast. (The CyberWire) N2K Networks, a leading provider of strategic workforce intelligence, announces its entry into the space industry with the launch of the world’s only daily space news podcast, T-Minus Space Daily. N2K Networks is unveiling T-Minus Space Daily as a dedicated news-to-knowledge intelligence product designed to help space professionals stay in the know about the latest developments across the industry. In today's fast-paced space industry where technology, business, and operations are constantly changing, keeping up with the latest and staying informed has never been more challenging.

Apply to Coach | Season III US Cyber Games (US Cyber Games) Apply to coach the Season III US Cyber Team and help build a workforce for tomorrow.

Women in the News

Women Reshaping The Cybersecurity Industry: Marty Overman Of Imperva On The Five Things You Need To… (Medium) An Interview With David Leichner

Top Cybersecurity Leaders Join Rubrik CISO Advisory Board Chaired by Chris Krebs (GlobeNewswire News Room) CISOs of Albertsons, Booking.com, Johnson & Johnson, Moderna, and Schneider Electric to Drive Strategies for Cyber Collaboration...

Socure Names Senior Director of Government Affairs (Socure) Socure Names Jennifer Kerber Senior Director of Government Affairs to Further Public Sector Adoption of Equitable, Inclusive Identity Verification Standards.

Industry Veterans Join SecureAuth - A Leader in Authentication and Access Management to Support Global Expansion (SecureAuth) Kelly Wenzel Appointed as Chief Customer Officer, Howard Greenfield Added to Advisory Board as Customer Adoption Accelerates IRVINE, Calif. – April 12, 2023 – SecureAuth, a leader in authentication and access management, today announced the addition of two seasoned executives to support accelerating customer adoption of its passwordless continuous authentication with invisible MFA solution. Kelly […]

Cybersecurity Veteran and Women in STEM Advocate Sylvia Acevedo Joins (PRWeb) Titaniam, Inc., the industry’s leading data security and ransomware defense platform, today announced that Sylvia Acevedo, Qualcomm and Credo Technology board

SentinelOne Appoints Sally Jenkins as Chief Marketing Officer (SentinelOne) Former Elastic, Informatica, VMware and Symantec marketing leader brings over 30 years of experience amplifying brand and demand at hyper growth companies SentinelOne (NYSE: S), a global leader in autonomous security, today announced the appointment of Sally Jenkins as Chief Marketing Officer.

Gigamon Promotes Kristi Thiele to Vice President of Worldwide Sales Engineering (Business Wire) Thiele to lead global SE team dedicated to helping customers enhance business agility, ensure cloud security, and contain hybrid cloud cost and complexity

Apollo names Jennifer Gold as new Head of Threat Intelligence (Security Systems News) Apollo Information Systems announced the appointment of nationally recognized cybersecurity and technology leader Jennifer Gold to head their growing Threat Intelligence practice.

Vade Announces René Bonvanie as New Executive Board Member (Vade) Former CMO of Palo Alto Networks and advisor to start-ups and VCs joins Vade during rapid business expansion.

Mimecast Announces Two New Executive Appointments to Drive Customer and Operational Excellence (GlobeNewswire News Room) Jeff Hess and Purnima Jandial Join Corporate Leadership Team as Part of Amplified Organizational Focus on Customer Centricity...

2023 Women in IT Awards Asia shortlist announced (Information Age) The fifth annual Women in IT Awards Asia looking to recognise and raise awareness of female tech talent across the Asia region.

Advancing Women in Cybersecurity – One CMO’s Journey (SecurityWeek) Anna Tutt, CMO of Oort, shares her experiences and perspectives on how we can accelerate growth of women in cybersecurity.

3 ways to support women in the cybersecurity field (Security Magazine) Shikha Kothari, Principal Security Advisor at Eden Data, shares strategies for cybersecurity leaders to create supportive work environments for women.

Global InfoSec Awards for 2023 Winners by Category (Cyber Defense Awards) 2023 Global Infosec Awards shining a spotlight on Cybersecurity “Unicorns”, Hot Startups, CISOs and Women in Cybersecurity at RSA Conference 2023.

CSWY2023 (Cybersecurity Woman of the Year Awards.) It's time to nominate NOW! Do you know an amazing woman in security who goes beyond what is expected and inspires all who cross her path? The women leading our industry - bringing innovation, inspiration, and talent development ideas into organizations around the world - deserve recognition for their contributions. We’re looking to you to help us pay tribute to female cybersecurity professionals making a difference with their work and dedication to a safer digital ecosystem.

Women in Cybersecurity 2023 - The Female Quotient (The Female Quotient) The global cybersecurity landscape has dramatically changed the way we do business and live our lives. Now, more than ever, having cybersecurity at the heart of an organization’s overall strategy is crucial, and requires diverse thinkers. Yet there is a marked gender disparity in the cybersecurity workforce, with women holding just 25% of jobs. The women in this critical community of cybersecurity leaders are the best in their field, working at the highest levels to innovate, safeguard and lead complex transformational programs at some of the biggest companies in the world. In this series, The Female Quotient and Deloitte are amplifying the voices of 30 women who are at the forefront of the cyber revolution. Their stories are proof that a woman’s place is in cybersecurity.

Kiersten Todt Departing CISA as Chief of Staff and Kathryn Coulter Mitchell to Become New Chief of Staff | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA announced today that Kiersten Todt will be departing from her role as CISA Chief of Staff to return to the private sector, while continuing to work with Director Easterly and the agency in a senior advisory capacity.

One Last Thing

T-Minus, the only daily space intelligence podcast.

Join us every weekday as we provide the latest news and insights along with leading experts from industry, academia, research organizations, government, and more. Stay on top of the evolving space market, and separate the signal from the noise. Tune in today!