CyberWire Daily
In this Threat Vector segment, David Moulton and Palo Alto Networks’ Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors.
Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple.
Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC.
In the Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam.
Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence.
In our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap.
In our Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service with an update on the Cybersecurity Talent Initiative.
Ann Johnson, host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl.
Guests N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talk about a new partnership for a comprehensive Cyber Talent Study.
Ann Johnson from Afternoon Cyber Tea talks with Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet.
Afternoon Cyber Tea
Tanya Janca, head of Community and Education at Semgrep and the founder of WeHackPurple, joins Ann on this week's episode of Afternoon Cyber Tea. Tanya brings over two decades of coding and IT experience, navigating diverse landscapes from startups to tech giants like Microsoft, Adobe, and Nokia. Tanya is not just a seasoned professional; she's also the acclaimed author of 'Alice and Bob Learn Application Security,’ a groundbreaking book that goes beyond the fundamentals, delving into intricate subjects such as threat modeling and security testing. She is a dynamic force in the cybersecurity community, an award-winning public speaker, and an engaging streamer, sharing her expertise through hundreds of talks and training sessions spanning six continents. Ann and Tanya unravel the layers of Tanya's journey, shedding light on the ever-evolving landscape of application security and beyond.
Caitlin Sarian, known to many as Cybersecurity Girl, joins Ann on this week's episode of Afternoon Cyber Tea. Caitlin is a leading influencer with a cybersecurity-focused social presence, primarily on TikTok and Instagram, where she provides insights on data protection, privacy, and cybersecurity. Caitlin shares her journey into cybersecurity, starting from a background in aerospace mechanical engineering and transitioning to cybersecurity. She emphasizes breaking down complex cybersecurity concepts to make them accessible to a broader audience and the challenges of educating the public about the consequences of online activities. Caitlin offers practical tips for individuals starting their journey in cybersecurity awareness and advises people to take an inventory of their online accounts.
Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, joins Ann on this week's episode of Afternoon Cyber Tea. Deneen shares insights into her Aviation Information Sharing and Analysis Center (A-ISAC) chairperson role, focusing on priorities such as building a trusted community, supply chain security, and global collaboration with government entities. Both Ann and Deneen express optimism about the future of cybersecurity, citing advancements in technology, responsible AI implementation, and the growing recognition of cyber risk management. They believe a collective defense and protection strategy and improved relationships between private companies and government sectors will contribute to a safer digital landscape.
Career Notes
Rashmi Bharathan, an Information Technology Internal Auditor from Wintrust Financial Corporation sits down to share her story as a woman with 10 years in the IT industry and how she got her start. From childhood Rashmi always wanted to be a good leader, helping those around her, now she shares how helping people is a passion of hers and spends a lot of her time volunteering to help those coming into this industry. She says "It's all about, you should know your connections. That is more important. So I would say that networking and volunteering is really going to help you to grow in your career," sharing that community is the key to her success and working hard to network has been a great help to her to get her where she is today. We thank Rashmi for sharing her story with us.
Control Loop
Dawn Cappelli, Head of Dragos' OT-Cyber Emergency Readiness Team shares details about the launch of Dragos’s free community initiative to protect small utilities that serve the majority of Americans.
CyberWire Live: Quarterly Analyst Call
Join Rick Howard, N2K's CISO, Chief Analyst and Senior Fellow, and his guests Merritt Baer, Field CISO at Lacework, and Caroline Wong, Chief Strategy Officer at Cobalt, for an insightful discussion about the events of the last 90 days that will materially impact your career, the organizations you’re responsible for, and the daily lives of people all over the world.
Hacking Humans
Alethe Denis from Bishop Fox talks with Dave and Joe with her take on the 23AndMe breach.
The host of T-Minus, N2Ks very own Maria Varmazis brings her own story and discusses it with Dave and Joe. Maria shares Arctic Wolf Labs' story and how they have investigated several cases of Royal and Akira ransomware victims being targeted in follow-on extortion attacks dating back to October of 2023.
RH-ISAC Podcast
Jackie Deloplaine, who oversees RH-ISAC’s working groups, discusses some of the hot topics in 2023 and what’s planned for 2024.
In this episode of the Retail & Hospitality ISAC podcast, we kick off the RH-ISAC’s 10th anniversary year with an interview series featuring RH-ISAC President Suzie Squier and the cybersecurity leaders who helped to found the organization in 2014.
In this episode of the Retail & Hospitality ISAC podcast, we continue the RH-ISAC 10th anniversary interview series with RH-ISAC President Suzie Squier and Michael Daniel, who helped to found the organization back in 2014.
Special Edition
In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives.
SpyCast
Bonny Lin joins Andrew Hammond to discuss the current state of China and intelligence. Bonny is the Director of the ChinaPower Project at the Center for Strategic and International Studies.
The Microsoft Threat Intel Podcast
Sherrod DeGrippo is joined by Judy Ng, Mark Parsons, and Ned Moran. Together, they delve into the riveting world of Cyberwarcon, exploring the activities of threat actors such as Volt Typhoon from China and Iranian-based adversaries. Sherrod sheds light on Volt Typhoon's strategic targeting of critical infrastructure while the team elaborates on the Iranian actors' reactive and opportunistic approach to current cyber attacks. The episode unfolds with insightful discussions of sophisticated techniques like "living off the land" and the intricacies of information operations while providing a deep dive into the evolving landscape of cyber threats and intelligence.
Sherrod DeGrippo is joined by Jeremy Dallman, Kimberly Ortiz, and Steve Ginty. Sherrod emphasizes the importance of understanding vulnerabilities before they're exploited in the wild and discusses the process of responding to security vulnerabilities, including identifying threat actors and the urgency of patch deployment, especially for vulnerabilities targeted by ransomware groups. The conversation also focuses on Security Copilot, a tool built on Microsoft's extensive threat intelligence, designed to make SOC analysts' work more accessible by providing immediate, relevant information on threats. This episode offers an insider's view on how these professionals track internal incident responses, share crucial intelligence with customers, and continuously evolve their processes to ensure swift, accurate delivery of threat intelligence.
Threat Vector
In this episode of Threat Vector, David Mouton has an engaging conversation with Madeline Sedgwick about the skills and methods necessary for understanding threat actor intent and behaviors. Madeline, a senior cyber research engineer and threat analyst, shared insights into how analyzing adversary behavior helps in anticipating threats and avoiding guesswork. We discussed the value of understanding both system dynamics and human behavior in cybersecurity, emphasizing that cyber adversaries are limited by the same laws of internet physics. Stay tuned to gain valuable insights into the evolving threat hunting and deterrence landscape.