CyberWire Daily - Apple's worldwide warning on mercenary attacks.
Episode Date: April 11, 2024Apple warns targeted users of mercenary spyware attacks. CISA expands its Malware Next-Gen service to the private sector. US Cyber Command chronicles their “hunt forward” operations. Taxi fleets l...eak customer data. Trend Micro tracks DeuterBear malware. The BatBadBut vulnerability enables command injection on Windows. Cybercriminals manipulate GitHub's search functionality. Scully Spider may be utilizing AI generated Powershells scripts. A study from ISC2 shed’s light on salary disparities. On our Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. Guest Dr. Sasha Vanterpool, Cyber Workforce Consultant with N2K, introducing the new podcast series Cyber Talent Insights. And AI music sings the license. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests On our Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. You can listen to the full conversation here. Guest Dr. Sasha Vanterpool, Cyber Workforce Consultant with N2K, introducing the new podcast series Cyber Talent Insights that is launching on Friday, April 12, 2024. You can read more about Cyber Talent Insights here. Selected Reading iPhone users in 92 countries received a spyware attack warning from Apple (Engadget) CISA to expand automated malware analysis system beyond government agencies (The Record) US Cyber Force Assisted Foreign Governments 22 Times in 2023 (SecurityWeek) Taxi software vendor exposes personal details of nearly 300K (The Register) Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear (Trend Micro) BatBadBut: You can't securely execute commands on Windows (Flatt) New Technique to Trick Developers Detected in an Open Source Supply Chain Attack (Checkmarx) Malicious PowerShell script pushing malware looks AI-written (Bleeping Computer) Women make less than men in US cyber jobs — but the gap is narrowing (CyberScoop) Permission is hereby granted (Suno) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Apple warns targeted users of mercenary spyware attacks.
CISA expands its malware next-gen service to the private sector.
U.S. Cyber Command chronicles their hunt-forward operations.
Taxi fleets leak customer data. Trend Micro
tracks dooder bear malware. The bat-bad-butt vulnerability enables command injection on
Windows. Cybercriminals manipulate GitHub's search functionality. Scully Spider may be
utilizing AI-generated PowerShell scripts. A study from ISC2 sheds light on salary disparities.
On our Threat Factor segment,
host David Moulton, Director of Thought Leadership at Uni42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former recon marine. They delve into the indispensable
role of a military mindset in cybersecurity. And our guest, Dr. Sasha Vanterpool, cyber workforce consultant with N2K,
introduces the new podcast series, Cyber Talent Insights. And AI music sings the license.
It's Thursday, April 11th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It's great to have you with us.
Apple has issued alerts to iPhone users in 92 countries,
warning them of potential mercenary spyware attacks
aiming to compromise devices linked to their Apple IDs.
The company expressed high confidence in the detection of these targeted attacks,
emphasizing their specificity towards the individual's identities or professions.
Despite the lack of details on the provocations for these alerts,
due to concerns over helping attackers elude future detection,
Apple reassured users of its diligent internal investigations to identify such threats. This isn't a new occurrence.
Since 2021, users in over 150 countries have received similar warnings, with notable alerts
sent to journalists and politicians in India. If you are an iPhone user and you believe you
are someone who might be a potential target for this sort of thing, you may want to check out Apple's Lockdown mode, which adds an extra layer of security
protection to your iOS device. We'll have a link in the show notes. The U.S. Cybersecurity and
Infrastructure Security Agency, CISA, is expanding its malware next-gen service to the private sector, allowing businesses to submit malware samples for analysis.
Previously exclusive to government and military personnel since November,
the service aims to enhance cyber threat understanding and protection.
The automated system assists in analyzing and sharing cyber threat insights.
Eric Goldstein, Executive Assistant Director for Cybersecurity
at CISA, emphasized the program's role in improving malware detection and prevention,
thereby securing critical infrastructure. The service also accepts other suspicious
digital artifacts, but only authorized users can access the results. Since its launch, nearly 400 users have submitted around 1,600 files,
identifying approximately 200 suspicious or malicious files and URLs. CISA says they're
optimistic about handling an increased submission volume despite recent budgetary challenges.
In the past year, U.S. Cyber Command deployed personnel to 17 countries as part of its Hunt Forward operations aimed at monitoring and deterring cyber adversaries.
General Timothy Hogg, the commander of U.S. Cybercom and director of NSA, shared this information yesterday with the Senate Armed Services Committee.
yesterday with the Senate Armed Services Committee. These operations, carried out by the Cyber National Mission Force, are designed to defend the U.S. in cyberspace by deterring, disrupting,
and defeating cyber threats. By assisting allies and partners in auditing their networks for
intrusions and vulnerabilities, these missions help improve global cyber defenses and generate valuable insights for the U.S.'s own cyber protection.
Last year, 22 Hunt Forward missions led to the public release of over 90 malware samples,
enhancing global Internet safety and challenging authoritarian regimes' cyber capabilities.
iCabby, a taxi software company, recently resolved a data breach exposing
personal information of nearly 300,000 individuals in the UK and Ireland, including names, email
addresses, phone numbers, and user IDs. The leak affected diverse individuals, including senior
media figures, government officials, former MPs,
a senior policy advisor, an EU ambassador, and around 2,000 academics. The breach, identified
by cybersecurity researcher Jeremiah Fowler, was due to an unprotected database easily found via
an IoT search engine's API. iCabby's apps, serving over 800 taxi fleets in 15 countries,
were linked to the exposed customer data.
The company, acknowledging the breach as a result of human error
during a migration process,
quickly secured the database following Fowler's ethical disclosure.
Researchers at Trend Micro are tracking the cyber espionage group EarthHundun,
which has been targeting technology and government sectors in the Asia-Pacific region for years.
EarthHundun employs complex tools like WaterBear malware, which has evolved through over 10
versions since 2009. The latest version, known as DeuterBear, introduced significant changes,
including anti-memory scanning and decryption routines, distinguishing it as a separate malware
entity. EarthHundun's operations involve advanced evasion techniques and the use of WaterBear for
stealthy network intrusions and data exfiltration. The sophistication of these attacks underscores
the necessity for enhanced cyber defense mechanisms and awareness of the evolving
threat landscape, particularly for organizations within targeted sectors.
Security engineer Ryotak from FlatSecurity disclosed vulnerabilities in several programming
languages that enabled
command injection attacks on Windows under certain conditions. Named bat-bad-but, this
vulnerability arises when Windows applications that rely on the create-process function to
execute batch files do not correctly escape command arguments, allowing CMD.exe's complex parsing rules
to be exploited.
This issue can lead to arbitrary command execution if the application executes a command containing
user-controlled input without specifying the file extension or improperly escaping arguments
for CMD.exe. Despite high CVSS scores reflecting worst-case scenarios,
the actual risk depends on specific application implementations.
RioTAC advises developers to specify file extensions
when executing commands and to properly escape user-controlled inputs,
highlighting the necessity for increased awareness and mitigation efforts
regarding this command injection vulnerability.
Checkmarks tracks cybercriminals manipulating GitHub's search functionality, creating repositories
with popular names and injecting malware, notably targeting cryptocurrency wallets.
They used automated updates and fake stars
to enhance search visibility,
concealing malicious code
within Visual Studio project files
to execute automatically upon project build.
The malware resembling the Kizetsu Clipper
is designed to establish persistence
by setting up a daily scheduled task
to run the executable,
avoiding detection by
padding the file size. Developers are advised to exercise caution when sourcing code from public
repositories, paying attention to signs of manipulation, such as unusual commit frequencies
and the profiles of users endorsing the repositories. A threat actor identified as TA547 and also
known as Scully Spider utilized a PowerShell script possibly created with AI tools like
OpenAI's ChatGPT, Google's Gemini, or Microsoft's Copilot in an email campaign to distribute the Radamanthi's information stealer to German
organizations. Researchers from Proofpoint, who have tracked TA547 since 2017, notice the AI-generated
characteristics in the script's detailed comments and structure. This campaign, impersonating the German Metro cash-and-carry brand, marks TA547's first use of Radamanthi's malware,
distributed under the Malware-as-a-Service model since September 2022.
The script executed Radamanthi's in-memory, avoiding disk detection.
This incident highlights the growing trend of cybercriminals
leveraging AI for sophisticated cyberattacks, including phishing and malware deployment.
A recent study conducted by the nonprofit organization ISC2 has shed light on salary disparities within the U.S. cybersecurity sector,
revealing nuanced outcomes for women and various racial and ethnic minorities.
Despite the existence of pay gaps, the cybersecurity field appears to be outperforming broader societal norms
in terms of pay equity, with signs of ongoing improvement.
According to ISC2's research, which collected data from just over 5,000 participants in April and May of 2023,
the average annual salary in U.S. cybersecurity roles stands at $147,138. The study highlighted
that gender disparities in compensation vary across different job levels within the cybersecurity field. Specifically, women in non-managerial to mid-advanced staff positions
earn approximately 5% less than their male counterparts,
and the gap widens to 9% among managerial roles.
However, the tide turns at higher levels of leadership.
At the director and middle manager levels,
women slightly out-earn men by 1%,
and this lead increases to 4% at the C-suite and executive level. These findings mark a positive
shift from previous ISC-2 studies, which had recorded gender pay gaps as high as 20%.
Claire Rosso, CEO of ISC2, attributed this improvement to the
cybersecurity profession making incremental progress in addressing salary imbalances.
Rosso also noted the role of unconscious bias in hiring and promotion practices,
suggesting that such biases contribute to pay disparities. Despite these encouraging signs, Rosso acknowledged
potential limitations in the data, particularly at the higher echelons of leadership where fewer
women may have contributed responses, potentially skewing the results. The study drew responses from
780 women, constituting 15% of participants, compared to over 4,500 responses from men.
The ISC2 study highlights a cybersecurity industry that is gradually moving toward greater pay equity,
outpacing broader societal trends.
While disparities remain, especially in lower- to mid-level positions,
the progress at senior levels and among various racial and ethnic groups
signals a promising direction for the future of cybersecurity employment.
Coming up after the break, on our Threat Vector segment, David Moulton is joined by Donnie
Hasseltine from Second Front Systems to discuss the military mindset in cybersecurity.
Also, my guest, Dr. Sasha Vanterpool, Cyber Workforce Consultant at N2K, introduces the new podcast series, Cyber Talent Insights.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives. Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
In this segment from the Threat Vector podcast,
host David Moulton, Director of Thought Leadership at Unit 42,
welcomes Donnie Hasseltine, VP of Security at Second Front Systems,
and a former recon Marine.
They delve into the indispensable role of a military mindset in cybersecurity.
The one thing that mostly surprises me when I bring it up is I actually play the bagpipes.
So that's one of the weird hidden talents I have.
play the bagpipes. So that's one of the weird hidden talents I have.
Welcome to Threat Factor, a podcast where Unit 42 shares unique threat intelligence insights,
new threat actor TTPs, and real-world case studies. Unit 42 has a global team of threat intelligence experts, incident responders, and proactive security consultants dedicated to
safeguarding our digital world.
I'm your host, David Moulton, Director of Thought Leadership for Unit 42.
Today, I have a truly inspiring guest, Donnie Hazeltine, Vice President of Security at Second
Front and a former recon Marine who has successfully navigated the transition from military leadership
to steering cybersecurity in a fast-paced world of Silicon Valley.
Today, I'll share our conversation, which covers Donnie's unique perspectives on what military experience brings to cybersecurity, the critical importance of foundational security practices for startups, and how to cultivate the security mindset essential for today's digital defenders.
If you're a veteran looking to pivot into tech, Donnie shares some advice for you toward the end.
pivot in the tech, Donnie shares some advice for you toward the end. If you're a startup founder seeking to embed security into your DNA or just fascinated by the intersection
of technology and security, this conversation is for you. So let's dive in.
Donnie, talk to me about your journey from being the recon marine to leading security efforts in the tech industry and specifically within a startup.
Yeah, no, it was a fairly interesting journey. I mean, I spent over 22 years in the Marine Corps. I was in infantry and combat arms and recon as a battalion commander in the later stages of my career.
in the later stages of my career. And, um, you know, I was thinking that I was going to get a stand and go down that road, but I think two things kind of, uh, impacted that a little bit
of some family decisions. But second of all, my last duty station was up here in Silicon Valley.
So in doing that, um, I got involved in hacking for defense, which is a Stanford, uh, run program.
It's a multiple universities now that takes the lean launch pad and applies the do dic problems and i started seeing areas where some of the problems i saw in the military right
were actually could be solved through commercial tech or creative uh mvps minimum viable products
and in doing that um i started looking like okay what are the things we can do on the military side
that led me to start digging a little deeper into cybersecurity because in my time,
both in exercises and combat, the further we've gone along in my career and even now, you've seen
how it may be great if you can maneuver on the battlefield and use combined arms and things like
that, but you have to control the electromagnetic spectrum. And you've got to integrate that into
your more physical and kinetic approaches in combat. And I found that in a lot of
cases, the senior leaders just didn't have that exact background they needed to be able to
integrate that. So I went and did a master's in cybersecurity through Brown University. And in
doing that started got him exploring that further and further, which led me to decide to get out and
step in the private sector. And when I did, my first role in the private sector was a small PE firm that was doing B2B SaaS turnarounds.
And as you can imagine, if you're taking a SaaS company that has flatlined or struggled,
it has other issues there. If there are issues in the business side, they also have issues in
the security side. So built out a cybersecurity program, helped run some of those companies for that firm, and then stepped into where I'm at now at Second Front Systems.
How did your military background prepare you for that role? They're very different, but I expect that there's some sort of overlaps.
One of the things I noticed from the military to cybersecurity is really the mindset.
So we talk a lot of times about
the security mindset and things like that and how you look at problems essentially.
And in my Brown class, I remember there was a great time where I was watching how people were
reacting to things that were being presented out there. And even to take a very acute example,
we had a physical security portion, obviously. And at one point, we were talking about different
locks and structures and passing those around. And when my colleagues,
I look over and she's picking the lock. I'm like, were they passing lock picking kits around? She's
like, no, I just have one. I'm like, why do you carry that? I'm like, why not? Right? And it
struck me that even though nobody really in the class had a military background, a few did,
they all had the same mindset, which was
every time I look at something, I can break that, I can get around that, that kind of hacking mindset.
And I think that's incredibly valuable in cybersecurity and really hard to teach. The
technical skills can be taught. The specifics on how you do things can be taught. But that mindset
of where you just kind of have a slightly paranoid look at everything you see and you question like,
how do I break that? How do I get around that? Or how can that be done?
That's a key mindset that we actively try to teach in our Marines on how to achieve mission,
how to get through obstacles. And I think that is really the most immediately transferable skill
when you take veterans and you put them in a cybersecurity space.
Inside the military, it's like really mission drivendriven and one of those things that I think can actually bring people together.
I have felt that same sense of mission inside of cybersecurity.
It's in service of something greater than my next achievement professionally and or a paycheck.
And I'm wondering how you've brought that sense of service from the military into your current role, or if it's something that's just naturally there across our industry.
was like, try product to make a profit. And that just does not appeal a lot of times to folks leaving the military. I think what got me up every day in those roles is, you know, just what you
said is in the cybersecurity side, look, I'm protecting my team, I'm protecting our customers.
And even if you take a look at the product, I was like, I could get behind that because when I
talked to developers who are using that product, it was making their lives significantly better
and allowing them to focus on the things they wanted to focus on. So I think you have to figure out
what is that aspect of mission that you can get behind
and it often relies on,
are you protecting another person?
Are you making their lives better?
I think in cybersecurity,
that's a lot easier to wrap your head around.
In our current world, second front,
because we're a public benefit corporation,
we can kind of like look at that very clearly.
Mission means a lot more and a lot deeper
than just making the profit, right? We're focused on how we actually take care of war look at that very clearly. Mission means a lot more and a lot deeper than just making a profit, right?
We're focused on how we actually take care
of warfighters down the road.
But totally agree, I think,
and that's a cultural thing for the military
is where are you going to find
that kind of mission satisfaction?
I think my experience is you do find that
in cyberspace for exactly the reasons you said.
All right, wrapping up here,
what's the most important thing
that our listeners should remember
from our conversation?
Nurture your curiosity, right?
Because if you're in a cybersecurity role right now
and something doesn't make sense
and you're curious about it,
you're going to dig into it
and you're going to find things
that elucidate business risk
that you didn't know about.
Donnie, thanks.
Appreciate you.
And maybe we'll have you back on the Threat Vector soon.
I really enjoyed the conversation.
Yeah, it was great to be here.
Thanks so much.
As I close out today's episode,
I'm struck by Donnie's journey.
He went from recon in the Marine Corps
to cybersecurity in the Valley.
Today's conversation reinforced the need our industry has for disciplined leadership,
strategic thinking, and a security mindset, something that seems to show up in those who've
served. In reflecting on Donnie's insights, it's clear that the intersection of military discipline
and cybersecurity expertise is not just about the
transfer of tactical skills. It's about a mindset that views security as a mission-critical priority,
a commitment to safeguarding the digital frontiers where our modern battles are increasingly being
fought. If you're a listener, whether you're a veteran looking to transition into cybersecurity,
a startup founder navigating the complexities
of securing your venture, or already a cybersecurity professional, I hope Donnie's
journey inspired you. To close this episode, I want to thank the ThreatVector team. Our executive
producer is Michael Heller. Content and production by Shada Azimi, Sheila Druski, Tanya Wilkins,
and Danny Milrad.
I edit the show, and Elliot Peltzman is our audio engineer.
We'll be back in two weeks.
Until then, stay secure, stay vigilant.
Goodbye for now.
Be sure to check out the Threat Vector podcast wherever you get your podcasts.
And joining me here today is my N2K CyberWire colleague, Dr. Sasha Vanterpool,
Cyber Workforce Consultant with N2K. Sasha, welcome.
Thanks, Dave.
So you are one of the hosts of a new podcast series, what I would call a podcast mini-series,
that is titled Cyber Talent Insights. What prompted the creation of this new show?
Well, that's basically the work that I do here at N2K as a cyber workforce consultant. So I'm on
the Cyber Talent Insights team. And we work with a variety of different organizations to provide
them with strategic cyber workforce intelligence. And we've been
noticing some different trends and needs and challenges. And we were like, you know, we have
some pretty good stuff here that I think is of interest to a lot of people that we should probably
get out there and talk about it. Now, you use this term, cyber workforce intelligence. What
exactly does that entail? Yeah, so our cyber workforce intelligence really is actionable insights into organizations, cybersecurity teams, capabilities,
to help them build effective talent development strategies and training plans to support the challenges that are experienced throughout the workforce management lifecycle,
from talent acquisition to talent management and then talent retention.
from talent acquisition to talent management and then talent retention.
So through that, N2K, we actually provide that through our offerings of cyber talent insights and then cyber talent development.
Well, give me a preview here of what we can expect to see from the show.
Yeah. So with the show, it is a three-part series.
So we're taking these different episodes and shifting our perspective a little bit in each episode. So for example, the first one,
we're really taking a look at from the perspective of the enterprise and trying to
get an understanding of navigating the landscape for enterprise organizations. And we discuss the
various challenges
that are experienced
throughout this management lifecycle
from that perspective.
So we talk about different things
like poorly crafted job descriptions
and job role classifications,
as well as the hiring process,
the impact of company culture,
as well as different talent development strategies
and talent retention opportunities
that can help with closing the cybersecurity talent gap. So that's kind of the first one
that we focus on. And then the next episode, we actually are shifting our perspective more to
those current practitioners who are in the field or those trying to break in, maybe the career
changers or transitioning military or newly graduated
college students. And we're providing them insight on how to take a market-driven approach
to career development and discovering their niche in cybersecurity. And so how they can stand out in
this competitive market and aligning personal interests, transferable skills, and experience
with their career goals. And then lastly, we focus on that talent pipeline.
So those who are coming into the field, where is this talent coming from?
So from K through 12, higher education, any training or trade schools, different opportunities
like that on how they can provide learning and training experiences, but also those resources
and the needs and challenges
that occur when building this robust pipeline, as well as potential collaboration and partnership
opportunities between academia, industry, and government to kind of help build an ecosystem
to hopefully be a solution for some of those issues that we discuss.
Well, and I think it's worth or important to capture
that this is not you monologuing.
You have a couple of co-hosts here.
Can you tell me who's joining you
and what they bring to the table?
Yeah, so joining me,
I have my fellow workforce consultant, Dr. Heather Monthe,
as well as our chief learning officer, Jeff Welgen.
And I think between the three of us,
not only are we the main champions
on the Cyber Talent Insights team at N2K,
so we can speak to the work that we have done
in our current roles, as well as our past experience,
which really has a variety of a little bit of everything
across the board within the field and outside of the field.
And, you know, I think there's a lot of frustration out there.
I think folks are finding that, you know,
some of the stories that they hear,
maybe the common narratives don't necessarily align
with what they're seeing in the real world.
You know, I hear folks talking about how,
oh, we're always hearing about how there's all these unfilled positions,
but I'm right out of college and I have my degree in hand
and nobody will hire me, you know, those sorts of things.
I mean, it strikes me that you all are really looking
to try to clarify and break through the bubble
of some of these stories and misperceptions.
Absolutely.
And I definitely do, you know, there's true to that,
of course, that there is this talent gap,
but I think there's also this expectations gap and trying to make sure that there is alignment between, you know, what the pipeline is developing these people who are going through whatever education or training program that they go through, and then making sure it aligns to what their actual workforce is looking for.
workforce is looking for and when they are hiring. Are the job descriptions accurate? Do you really need to have all these certifications for an entry-level position? Do you really need all
these years of experience or can you learn more on the job? There's so many nuances there when it
comes to just the hiring process. But then when you're actually working in the field, are you
feeling welcomed and supported? Are you getting the professional development and training that you need to grow and stay within the organization that you're employed in instead
of bouncing around and getting a new job every couple of years? Are you being supported in the
current role that you're in and how we can try and make more collaboration and better alignment
between these different areas and these different
perspectives that these episodes focus on. And this series isn't just for the job hunters. I
mean, this is great information for folks who are out there doing the hiring as well.
Absolutely. Absolutely. And that's why we really wanted to try and focus each episode on a
different perspective, but having those other people being able to listen in as
well. So the practitioner, the employer, and then those who are actually, you know, training and
educating those coming into the field. I think that everybody can really get a lot of great
insight and some tips and tricks and just kind of even highlighting some organizations that are
doing some really great things out there and hopefully just kind of get the conversation going as far as being able to work and learn from each other.
Dr. Sasha Van Der Poel is Cyber Workforce Consultant right here at N2K.
The new podcast series is Cyber Talent Insights.
It will be starting this Friday and for the next two Fridays.
If you are already subscribed to the N2K Cyber Wire daily feed,
it will show up in your daily podcast feed.
Dr. Sasha Vanderpool, thank you so much for joining us.
Thank you so much for having me, Dave.
Thank you. which can keep your company safe and compliant. Permission is hereby granted, free of charge,
to any person obtaining a copy of this software,
and associated documentation files
this software
to deal in the software
without restriction
including without...
What you are hearing
is the MIT license
for open-source software
set to music
using the AI synthesis engine
Suno using the prompt Sad Girl Piano
Ballad Jazz-Trained Female Singer-Songwriter, the AI platform puts out what is arguably a
pretty compelling bit of musical artistry. Sure, you could say it lacks soul and it sounds
auto-tuned, but does it, really? Another interesting wrinkle is that
current interpretation of U.S. copyright laws say this sort of thing is not eligible for copyright
protection. I can imagine a future where I can say, hey Siri, make me a new David Bowie album
based on his catalog before Let's Dance. Will it sound authentic, or will it sound like a lame but well-meaning tribute band?
And what does that mean to the estate of David Bowie,
especially if AI-generated music isn't copyright eligible?
If you're like me and you enjoy pondering these sorts of sticky policy issues,
be sure to check out our Caveat podcast, where I'm joined by my co-host Ben Yellen,
and we do just that.
In the meantime, if you'll excuse me,
I think I'm going to go listen to Station to Station.
And that's the Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
N2K Strategic Workforce Intelligence optimizes the value
of your biggest investment, your people.
We make you smarter about your team while making your team
smarter. Learn more at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester
with original music by Elliot Peltzman. Our executive producers are Jennifer Iben and Brandon
Karp. Our executive editor is Peter Kilby, and I'm Dave Bittner. Thanks for listening. We'll see you
back here tomorrow. Thank you. products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.