CyberWire Daily

Join Andy Woolnough, Executive Vice President of Corporate Affairs at ISC2, and Simone Petrella, President of N2K, as they dive into the critical findings of ISC2's 2024 Cybersecurity Workforce Study. They discuss alarming trends such as skills shortages and the growing disconnect between hiring manager demands and the skills that professionals prioritize. The conversation highlights the urgent need for organizations to invest in talent development and address diversity within the industry, ensuring a future-ready cybersecurity workforce.

Billy Wilson, a High Performance Computing Systems Administrator at Brigham Young University, shares his unique journey from language proficiency to technical skills in cybersecurity. He discusses how his passion for writing and experiences in South Korea shaped his career. Billy emphasizes the importance of adaptability in cybersecurity, highlighting his transition from general hacking interests to becoming a penetration tester. He illustrates that pursuing diverse interests can lead to career satisfaction, proving that career paths can be non-linear and multifaceted.

Trevor Hilligoss, VP of SpyCloud Labs, dives into the escalating threat of ransomware and the pivotal role infostealer malware plays in these attacks. He reveals insights from SpyCloud's 2024 Malware and Ransomware Defense Report, noting that 75% of organizations faced repeated attacks last year. Trevor discusses how compromised identity data fuels ransomware operations and highlights the challenges companies encounter. He emphasizes the evolution of cyber threats and the necessity for robust security measures to combat this ever-growing issue.

In this engaging discussion, Dr. Bilyana Lilly, a cybersecurity expert and author of "Digital Mindhunters," dives into the recent rise in ransomware attacks targeting healthcare systems. She highlights the surge in cyber threats like Octo2 malware aimed at Android devices and the critical vulnerabilities in software systems. Additionally, the conversation shifts to legislative efforts in the U.S. and the UK focused on children's online safety, and the creative fusion of fiction with cybersecurity education, featuring a compelling immigrant protagonist.

Ben April, Chief Technology Officer at Maltego Technologies GMBH, dives into the complexities of social media in digital investigations. He discusses the evolution of social media as a tool, from early platforms to today's dynamic environments filled with misinformation. April highlights the challenge of information overload and the need for effective data integration. He also reflects on the balance between in-house capabilities and third-party solutions for data gathering, making it clear that navigating this landscape is more critical than ever.

Simone Petrella interviews Andy Woolnough, ISC2's Executive VP of Corporate Affairs, who unveils the 2024 Cybersecurity Workforce Study. They delve into the stagnation in cybersecurity workforce growth and the skill gaps between hiring managers and professionals. The conversation emphasizes the need for better recognition of cybersecurity roles. They also explore the significance of enhancing cybersecurity education and the fight against misinformation on platforms like Wikipedia. The insights spark a vital discussion on the future of cybersecurity careers.

Nina Jankowicz, Co-Founder and CEO of the American Sunlight Project and author of "How to Lose the Information War," joins Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, and Renee DiResta, former Technical Research Manager at Stanford's Internet Observatory. They dive into the nuances of modern election propaganda, exploring tactics used by nation-states like Russia to sow discord. They discuss the implications of disinformation campaigns on elections, the importance of recognizing these dynamics, and strategies for safeguarding electoral integrity.

David Moulton, Director of Thought Leadership at Palo Alto Networks, leads a discussion with Qiang Huang Chung hwang and Michela Menting, both experts in cybersecurity and OT security. They delve into the identification of a key member of Evil Corp and the implications for global ransomware. The conversation explores rising threats to Operational Technology, emphasizing the urgent need for enhanced security in critical infrastructure. Additionally, they cover the dual-edged effects of AI on cybersecurity, shedding light on recent advancements in machine learning.

Jeff Reed, Chief Product Officer at Vectra AI, dives into the intriguing world of cybersecurity. He unveils how modern attackers have shifted from hacking to simply logging in. They discuss the alarming breach of U.S. telecom systems by Chinese hackers and how a ransomware attack compromised sensitive customer data. Reed highlights the pivotal role of AI in identifying evolving threats, emphasizing its potential to enhance threat detection and adapt to advanced social engineering tactics. A must-listen for anyone interested in the future of cybersecurity!

Merritt Baer, CISO for Ricoh AI, shares her expertise from roles at Amazon Web Services and the Department of Homeland Security. She discusses the complexities of integrating AI into security decision-making, including ethical implications and practical challenges. Merritt dispels myths surrounding AI, machine learning, and LLMs, emphasizing their transformative effects on data-driven security solutions. The conversation also highlights both the advantages and limitations of AI in cybersecurity, along with educational opportunities in the field.