CyberWire Daily

Kyle Wilhoit, a seasoned cybersecurity researcher and Director of Threat Research at Unit 42, shares his journey from discovering hacker culture through 2600 magazine to leading threat research. He discusses how AI is lowering barriers for cybercriminals and how the professionalization of cybersecurity has altered the community, fostering less open sharing. Kyle advises aspiring security professionals to master fundamentals, embrace soft skills, and maintain curiosity. He envisions a future where hacker culture is recognized as a force for good, emphasizing core values like integrity and knowledge sharing.

Chetan Conikee, the Founder and CTO of ShiftLeft, shares his inspiring immigrant journey from India, emphasizing the importance of passion in career choices. He discusses adapting to U.S. academic culture and the significance of mentorship. Chetan also highlights the entrepreneurial mindset, describing how failures can lead to success and satisfaction. Additionally, he advocates for writing personal narratives to ensure your experiences benefit others and leave a lasting legacy.

In this captivating discussion, John Fokker, Head of Threat Intelligence at Trellix, dives into the chaotic world of cybercriminal ecosystems. He reveals how once-cohesive ransomware groups are unraveling due to distrust, sparking infighting and exit scams. As traditional Ransomware-as-a-Service partnerships break down, smaller gangs emerge, focusing on data extortion over full encryption. John emphasizes the role of law enforcement in eroding trust and shares strategies for sowing discord among criminals, hinting at a future where ransomware may splinter into a freelance model.

Jason Manar, Chief Information Security Officer at Kaseya, shares his expertise on strengthening collaborations between public and private sectors for national security. The discussion dives into the recent takedown of Breachforums and its implications. Manar emphasizes the need for mandatory reporting standards and the challenges of outdated cybersecurity laws. He highlights the importance of developing practical cybersecurity practices through collaboration, suggesting that effective partnerships could enhance readiness against cyber threats.

In this discussion, Sarah Graham, a researcher with the Atlantic Council’s Cyber Statecraft Initiative, dives into the murky waters of the global spyware market. She highlights the intriguing distinction between commercial spyware and state intelligence operations, pointing out the opacity created by resellers and brokers. Sarah also emphasizes the challenges of holding spyware firms accountable due to their evasive tactics. The conversation touches on the rising U.S. investment trends and the pressing need for transparency in this shadowy industry.

Sean Deuby, Principal Technologist at Semperis and host of the HIP podcast, delves into identity system security and the evolution of the Hybrid Identity Protection conference. He discusses the alarming rise of cyber incidents, like Chinese hackers targeting a major U.S. law firm, and emphasizes the importance of crisis preparedness within organizations. Deuby also highlights how real-life exercises can reveal security vulnerabilities and the crucial role of cyber psychology in combating phishing threats.

Alastair Paterson, CEO of Harmonic Security, dives into the impact of shadow AI and how it's reshaping the workplace. He discusses the growing trend of employees using AI chatbots to streamline tasks but warns of security risks like data exfiltration and visibility gaps. Paterson emphasizes that blocking AI access isn't a sustainable solution and advocates for creating guardrails that enable safe AI usage. He also shares insights on the future of workplace AI and the importance of adapting policies to meet employee needs.

Volker Wagner, Chief Information Security Officer at BASF, dives into the intricate world of industrial cybersecurity. He discusses the ongoing threat landscape, highlighting espionage and ransomware as key concerns. Wagner shares insights on implementing zero trust frameworks to enhance resilience against attacks and the delicate balance between fostering innovation and maintaining security controls. He advocates for meaningful industry collaboration, emphasizing the importance of real-time partnerships to build trust and effectively defend against emerging threats.

Sloane Menkes, a Principal at PricewaterhouseCoopers' Cyber Risk Practice, shares her captivating journey from a non-linear math enthusiast to a cybersecurity leader. She discusses how a simple question, 'What is the 2%?', motivates her during tough times. Sloane reflects on her experiences at the Air Force Academy and influences from mentors like Howard Schmidt. She thrives in the dynamic consulting world and encourages women to pursue cybersecurity, emphasizing the importance of mentorship and continuous learning.

Leo Scott, Chief Innovation Officer at DataTribe, discusses the evolving DataTribe Challenge, emphasizing its competitive format as a launchpad for cybersecurity startups. Anita D'Amico, a past winner, shares her Cinderella story from R&D to acquisition, highlighting the invaluable support she received. Greg Baker from Balance Theory explains the challenges of pitching and the benefits of DataTribe’s mentorship. Brian Proctor of Frenos shares his journey of creating AI-driven cybersecurity solutions, detailing how winning the Challenge boosted their visibility and investor interest.