CyberWire Daily

Dominique West, a technical account manager who shifted from engineering to cybersecurity after experiencing credit card fraud, shares her enlightening journey. She recounts her initial encounters in technology, including working at a museum’s help desk. Feeling isolated as a visible minority in tech, she founded Security in Color to promote diversity and provide resources for newcomers. Dominique emphasizes the importance of hands-on experience in cybersecurity and encourages aspiring professionals to explore their interests and engage with the community.

Karlo Zanki, a Reverse Engineer at ReversingLabs, specializes in the identification and analysis of malware. He discusses the discovery of a malicious PyPI package named aiocpa that masqueraded as a legitimate crypto client to steal cryptocurrency wallet info. Zanki emphasizes the shift from basic attacks to increasingly clever tactics exploiting open-source packages. The conversation highlights the necessity for advanced security tools in the evolving landscape of software supply chains and the steps needed to fortify package repositories against these sophisticated threats.

Joe Saunders, Co-founder and CEO of RunSafe Security, dives into the pressing challenges of protecting critical infrastructure from cyber threats. He emphasizes the role of both government and commercial sectors in fortifying security measures while grappling with outdated technologies. The conversation also touches on the geopolitical implications of cybersecurity, particularly regarding China and Taiwan. Lastly, they introduce a unique CAPTCHA game to make security awareness more engaging, blending fun with essential protection strategies.

Mick Baccio, Global Security Advisor at Splunk, discusses the alarming breach of the U.S. Treasury by Chinese hackers and the vulnerabilities exposed in Chrome extensions and cloud servers. He highlights the urgent need for enhanced cybersecurity measures and the importance of collaboration between public and private sectors. Topics include proposed HIPAA updates to protect health data and the implications of recent legislative efforts. Baccio emphasizes the resilience gap and the critical need for effective security training to navigate evolving cyber threats.

Sharon Lemac-Vincere, an academic specializing in the intersection of cybersecurity and space, shares her insights on Scotland's potential leadership in these critical fields. She discusses the importance of integrating security into satellite design and emphasizes how small enterprises can overcome funding challenges. Sharon also highlights exciting opportunities for collaboration between cybersecurity experts and the space industry. Additionally, she reveals plans for a distinctive tartan spacesuit to showcase Scottish heritage in space exploration.

In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator, and Bob Erdman, Associate VP at Fortra, dive into the serious issue of cracked Cobalt Strike software, often exploited in ransomware attacks. They reveal innovative uses of DMCA notifications to disrupt cybercrime globally and share insights on the significant decline in active threats due to their collaborative efforts. The conversation also touches on automation's role in detecting threats and enhancing cybersecurity measures.

Mike Silverman, Chief Strategy and Innovation Officer at FS-ISAC, shares his expertise on cryptographic agility and its importance in finance. He discusses vulnerabilities from quantum computing and offers strategies for financial institutions to safeguard sensitive data. The conversation covers the pressing need to evolve cryptographic standards and actively manage cryptographic keys. Silverman underscores the urgency for organizations to prepare for a post-quantum environment, ensuring trust and security in a rapidly changing landscape.

Yonatan Zunger, CVP of AI Safety & Security at Microsoft, shares his journey from theoretical physics to AI leadership. He distinguishes between generative and predictive AI, emphasizing their unique strengths and ethical implications. Zunger highlights the need for proactive safety measures and diverse perspectives in AI development. With real-world examples, he illustrates both the benefits and risks of AI applications. The discussion encourages critical thinking about AI's evolving role in society and the importance of designing for safety.

Justin Fanelli, the Acting CTO of the US Navy, shares insights on revolutionizing the Navy's innovation process. He discusses the critical need for effective public-private partnerships to enhance national security. The conversation dives into innovative portfolio management strategies that improve operational performance. Fanelli emphasizes the importance of clear communication in innovation adoption and outlines essential steps for engaging with federal systems. This dialogue showcases a transformative approach to integrate technology into military operations.

Tia Hopkins, VP of Global Solutions Architecture at eSentire, shares her inspiring journey from engineering to a leadership role in cybersecurity. She recounts her childhood curiosity that drove her to take apart computers, and how grit led her to success without formal education. Tia emphasizes the importance of validation, having earned multiple degrees later in her career. A passionate advocate for diversity, she discusses her new organization aimed at empowering women of color in cybersecurity, fostering confidence and leadership in the industry.