CyberWire Daily - Chasing Silicon shadows.
Episode Date: August 6, 2025Two Chinese nationals are arrested for allegedly exporting sensitive Nvidia AI chips. A critical security flaw has been discovered in Microsoft’s new NLWeb protocol. Vulnerabilities in Dell laptop f...irmware could let attackers bypass Windows logins and install malware. Trend Micro warns of an actively exploited remote code execution flaw in its endpoint security platform. Google confirms a data breach involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for ransomware recovery costs. Nvidia’s CSO denies the need for backdoors or kill switches in the company’s GPUs. CISA flags multiple critical vulnerabilities in Tigo Energy’s Cloud Connect Advanced (CCA) platform. DHS grants funding cuts off the MS-ISAC. Helicopter parenting officially hits the footwear aisle. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) discussing her proposed nationwide roadmap to scale cyber defense for community organizations. Black Hat Women on the street Live from Black Hat USA 2025, it’s a special “Women on the Street” segment with Halcyon’s Cynthia Kaiser, SVP Ransomware Research Center, and CISO Stacey Cameron. Hear what’s happening on the ground and what’s top of mind in cybersecurity this year. Selected Reading Two Arrested in the US for Illegally Exporting Microchips Used in AI Applications to China (TechNadu) Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw (The Verge) ReVault flaws let hackers bypass Windows login on Dell laptops (Bleeping Computer) Trend Micro warns of Apex One zero-day exploited in attacks (Bleeping Computer) Google says hackers stole its customers' data in a breach of its Salesforce database (TechCrunch) Hamilton taxpayers on the hook for full $18.3M cyberattack repair bill after insurance claim denied (CP24) Nvidia rejects US demand for backdoors in AI chips (The Verge) Critical vulnerabilities reported in Tigo Energy Cloud connect advanced solar management platform (Beyond Machines) New state, local cyber grant rules prohibit spending on MS-ISAC (StateScoop) Skechers skewered for adding secret Apple AirTag compartment to kids’ sneakers — have we reached peak obsessive parenting? (NY Post) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
And now a word from our sponsor, Threat Locker,
the powerful zero-trust enterprise solution that stops ransomware in its tracks.
Allow listing is a deny-by-default software that makes application control simple and fast.
Ring fencing is an application containment strategy,
Ensuring apps can only access the files, registry keys, network resources, and other applications they truly need to function.
Shut out cybercriminals with world-class endpoint protection from threat locker.
Two Chinese nationals are arrested for allegedly exporting sensitive invidiviant.
AI chips. A critical security flaw has been discovered in Microsoft's new NL Web protocol. Vulnerabilities
in Dell laptop firmware could let attackers bypass Windows logins and install malware. Trend
Micro warns of an actively exploited remote code execution flaw. Google confirms a data breach
involving one of its Salesforce databases. A lack of MFA leaves a Canadian city on the hook for
ransomware recovery costs. Invidia's CSO denies the need for backdoors,
or kill switches on the company's GPUs.
Sisa flags multiple critical vulnerabilities in Tygo Energy's cloud connect advanced platform.
DHS grants funding cuts off the MSISAC.
Our guest is Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity,
discussing her proposed nationwide roadmap to scale cyber defense for community organizations.
And live from Black Hat USA 2025, we've got a special woman on the street segment with
Calceon Cynthia Kaiser and Stacey Cameron.
And helicopter parenting officially hits the footwear aisle.
It's Wednesday, August 6, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great to have you with us.
Two Chinese nationals were arrested in the U.S.
for allegedly exporting sensitive Nvidia AI chips,
including H-100s and RTX-4090s,
to China without a license.
operating through their California company, ALX Solutions Incorporated,
they're accused of routing tens of millions of dollars worth of GPUs
through countries like Singapore and Malaysia to evade U.S. export laws.
The chips are critical for AI applications like self-driving cars and medical diagnostics.
Federal authorities uncovered incriminating evidence during a raid,
including communications and payment records,
with one transaction totaling $1 million.
Both men face charges under the Export Control Reform Act,
carrying up to 20 years in prison.
A critical security flaw has been discovered in Microsoft's new NL Web Protocol,
billed as HTML for the Agentic Web,
just weeks after its debut at the Build Conference.
The vulnerability, a basic path traversal bug,
allowed attackers to access sensitive files like system configs and API keys for AI services,
such as OpenAI and Gemini.
Researchers Wan and Guan and Lee Wang reported the issue to Microsoft in May,
and a patch was issued in July, though no CVE has been assigned yet.
Guan warns the flaw could let attackers steal the brains of AI agents,
potentially causing major damage, while Microsoft says its own product,
weren't affected, and L-Web users must manually update to fix the issue.
Five serious vulnerabilities in Dell's Control Vault 3 firmware, used in over 100 latitude
and precision laptop models, could let attackers bypass Windows logins and install malware
that survives reinstalls. Known as Revolt, the flaws impact Dell's hardware-based security
module, which stores sensitive data like passwords and biometrics.
Discovered by Cisco Talos, the bugs include out-of-bounds errors, stack overflows, and unsafe
deserialization, affecting both firmware and Windows APIs.
If exploited, attackers with physical access can gain control over the unified security
hub, escalate privileges, or trick fingerprint readers into accepting unauthorized users.
Dell has released patches, but Talos advises extra precautions like disabling unused authentication devices,
enabling BIOS intrusion detection, and using enhanced sign-in security in Windows to defend against potential firmware-level threats.
Trend Micro has issued an urgent warning about an actively exploited remote code execution flaw in its apex 1 endpoint security platform.
The vulnerability affects the on-premise management console and allows pre-authenticated attackers to execute code remotely.
No patch is available yet, but Trend Micro has released a mitigation tool that blocks known exploits,
though it disables remote agent installation.
A full fix is expected mid-August.
Administrators are urged to secure systems immediately, especially if consoles are exposed online.
Google has confirmed a data breach involving one of its Salesforce databases
with threat group shiny hunters stealing contact information from small and medium business clients.
The compromised data includes basic, mostly public business info like names and contact details.
Google hasn't disclosed how many were affected and hasn't confirmed any ransom demands.
The attackers used voice fishing tactics to gain access.
This breach follows similar incidents targeting Salesforce systems used by Cisco,
Qantas, and Pandora.
Google warned that shiny hunters may soon publish the stolen data on a leak site to pressure victims.
The group is linked to TheCom, a cybercriminal collective known for hacking and extortion.
Google has not said whether it will notify impacted businesses directly or provide additional security support.
The city of Hamilton, Ontario in Canada must cover the full $18.3 million cost of recovering from a February ransomware attack
after its insurance claim was denied. The insurer rejected the claim because multifactor authentication
was not fully in place when the attack occurred. A third-party review upheld the denial.
Most costs went to external experts, with over a million dollars each spent on infrastructure, staffing, and other needs.
Attackers disabled 80% of the city's network and demanded $18.5 million in ransom, which the city refused to pay.
City officials say no personal or health data was compromised.
While most systems have been restored, several, like finance and fire department records, were lost.
Mayor Andrea Horwath acknowledged the failure
and emphasized a renewed commitment to stronger cybersecurity moving forward.
Invidia's chief security officer, David Reber Jr., strongly denied the existence or need
for backdoors or kill switches in the company's GPUs, responding to rising pressure from
both U.S. lawmakers and Chinese authorities.
His blog post follows U.S. proposals like the Chinese.
Chip Security Act, which could mandate tracking tech or remote shutdown features in AI chips.
Meanwhile, China is investigating NVIDIA's H2O chips for alleged vulnerabilities.
Reber warned such measures would pose serious security risks, calling backdoors dangerous vulnerabilities,
and kill switches, an open invitation for disaster.
While NVIDIA hopes to regain limited access to the Chinese market, the idea of U.S. control,
hardware access could undermine trust abroad. China is accelerating domestic chip development,
threatening NVIDIA's lead in the AI hardware space as companies like Huawei catch up.
SISA has flagged multiple critical vulnerabilities in TIGO Energy's cloud-connected advanced platform,
widely used in residential and critical solar energy infrastructure. The flaws include hard-coded
credentials, a command-injection vulnerability enabling remote code execution and weak session
ID generation.
TIGO is working on patches, but no release date has been set.
SISA urges users to isolate devices behind firewalls and avoid exposing them directly to
the Internet.
The Department of Homeland Security has released the final funding round for the $1 billion
state and local cybersecurity grant program.
this round totaling $91.7 million.
Each U.S. state will get at least $1 million,
while U.S. territories will receive a minimum of $250,000.
A new rule prohibits using grant funds for services
from the multi-state ISAC and the elections infrastructure ISAC,
both previously funded by DHS.
The MSISAC, which has helped local governments with cybersecurity for over two decades,
is now shifting to a paid subscription model due to reduced federal funding.
North Dakota CISO Chris Gergen expressed disappointment,
noting MSISAC's services align closely with the grant's goals.
The grant also prohibits spending on ransoms, insurance, or construction.
DHS emphasizes cyber resilience while cutting redundant costs.
Sissa says it remains committed to supporting governments with free services,
despite pulling direct funding from long-standing partners like MSISAC.
Coming up after the break, my conversation with Sarah Powazek
from UC Berkeley's Center for Long-Term Cybersecurity,
discussing her proposed nationwide roadmap to scale cyber defense for community organizations.
And from Black Hat, it's a special,
on the street segment with Halcyons, Cynthia Kaiser, and Stacey Cameron.
Plus, helicopter parenting officially hits the footwear aisle.
Stay with us.
New adversary tactics and emerging tech to meet these threats is developing all the time.
On threat vector, we keep you a step ahead.
We dig deep in.
of the threats that matter and the strategies that work.
How do they help that customer know that what they just created is safe?
The future is now and our expectations are wrong.
Join me, David Moulton, Senior Director of Thought Leadership for Unit 42 at Palo Alto Networks
and our guests who live this work every day.
We're not just talking about some encryption and paying multimillion dollar ransom.
We're talking about fundamentally being unable to operate.
Automated eradication and containment.
So being able to very rapidly ID what's going on in an environment
and contain that immediately.
They're hiding in plain sight.
So if you're looking to sharpen your strategy and stay ahead of what's next,
tune in and listen to Threat Vector.
Your frontline for security insights.
Machine identities now outnumber humans by more than 80 to 1,
and without securing them, trust, uptime, outages, and compliance are at risk.
CyberArk is leading the way with the only unified platform purpose-built to secure every machine identity,
certificates, secrets, and workloads across all environments, all clouds, and all AI agents.
Designed for scale, automation, and quantum readiness, CyberArk helps modern enterprises secure
their machine future.
Visit cyberarc.com slash machines to see how.
Compliance regulations, third-party risk, and customer security demands are all growing and
changing fast.
Is your manual GRC program actually slowing you down?
If you're thinking there has to be something more efficient,
and spreadsheets, screenshots, and all those manual processes, you're right.
GRC can be so much easier, and it can strengthen your security posture while actually driving
revenue for your business.
You know, one of the things I really like about Vanta is how it takes the heavy lifting
out of your GRC program.
Their trust management platform automates those key areas, compliance, internal, and third-party
risk, and even customer trust, so you're not buried underst.
spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information
across your entire business. And this isn't just theoretical. A recent IDC analysis found that
compliance teams using Vanta are 129% more productive. It's a pretty impressive number. So what does
it mean for you? It means you get back more time and energy to focus on what actually matters,
like strengthening your security posture and scaling your business.
Vanta, GRC, just imagine how much easier trust can be.
Visit Vanta.com slash cyber to sign up today for a free demo.
That's V-A-N-T-A.com slash cyber.
My guest today is Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity.
We're discussing her proposed nationwide roadmap to scale cyber defense for community organizations.
SISA, the Cybersecurity and Infrastructure Security Agency, started an initiative a couple years ago called the High Risk Community Protection Initiative.
And this was really their effort to focus on nonprofits and other high-risk community organizations that really weren't getting the full force of,
federal attention because obviously the federal government concentrates on national security
threats. And usually journalists, nonprofits, food banks don't really qualify. That effort wound
down after a year. It was a bit of a sprint for them. And moving out of that work, we worked with
them to say, what is the next step of the high-risk community's protection initiative? What is the
next step of trying to protect more systemically these types of small organizations that don't
really get a lot of federal assistance that are never going to meet that threshold of a national
security threat, but are still very vital to their communities. And that is how we started this
group called the Cyber Resilions Corps. It's co-chaired by the UC Berkeley Center for Long-Term
Cybersecurity, CLTC, and the Cyber Peace Institute. And between our two organizations, we convened
several dozen experts on community cyber defense, whether or not they're running a cyber volunteering
program, whether or not they run maybe an affordable or a free-to-use managed service provider
to talk about some of these issues that community organizations are facing and what we need to do
as a cybersecurity field in a community to better protect them. So that's really the impetus for this
report. You know, one of the things that caught my eye reading through the report is this notion
of a cyber poverty line that in some ways we can describe things as, you know, the people being the
haves and the have-nots. Can you flesh that out a little bit for us, what the reality there is?
Yeah, I think that everybody in cyber has a different word for these types of organizations,
but I think we're all very familiar with what this looks like. So cyber poverty line,
target rich, resource poor, I think is SISA's term, basically any organization that can't
afford the basics for cybersecurity, which is a lot of them. So whether or not that's a small
organization or a large organization that just has a very small budget. These are the types of
institutions that uphold our public life. So think about the Boys and Girls Club, the local food
bank, your church or synagogue or mosque. Think about your local dentist's office, but also things like
small water utilities, small hospitals, things that you'd anticipate having more resources, but actually
when it comes to cybersecurity, tend to be very underinvested in the field. So we need to think about
all these together. I think as a field we typically think about these in terms of sector. What can we do
for the water sector? What can we do for the hospital sector? But there's actually a lot in common
between these types of small organizations across sectors than there is maybe between a very,
very small rural hospital and a very, very large metropolitan area hospital. So that's what we like
to refer to as the cyber poverty line. When the report talks about this notion of a roadmap and
this co-responsibility model. Can you describe that for us? Absolutely. So when we were thinking
about how to propose a path forwards for all these very different organizations in a way that we
thought would be meaningful, we had to split it into a few different sections. So the first
section was, what can we do right now that we think will make a difference? And there was some
disagreement in the group on this. I mean, there's a million and one things that you can do to help
organizations. A lot of it has been tried already in the industry. Can we give them free tools?
Can we give them free software?
What if we send someone out to go and help for a little bit and they come back?
What is actually really going to be effective?
And the way that we were able to drill down into that was by developing a co-responsibility model.
We had to agree amongst ourselves what we thought was the organization's responsibility for themselves
and what we thought was more the community's responsibility to help protect them.
And we decided as a group that there should always be some amount of responsibility that lies
within the individual institution, right?
We can't take away all of the cybersecurity responsibility from a nonprofit and say,
none of it is your responsibility because it would remove their buy-in, right?
We need some level of investment at the institutional level for the CEO to say, I'm worried
about cyber risk.
I'm going to make sure that I allot an IT budget.
I'm going to hire someone who will help make these decisions for me.
So that's what we left within the responsibility of our organization is that institutional
understanding of risk and investment in that risk.
But everything else, we take the.
position that the industry should be doing a better job of providing those services. And that's
mostly the talent, right? A non-profits budget of IT is sometimes approaching zero. We don't anticipate
that changing. So we need to be more creative about the ways that we expect nonprofits to use
cybersecurity technology and tools. We can't expect that they're always going to have a CISO,
let alone, you know, an IT full-time staffer. And so we have to, we structured the report around
how can we find creative ways to provide that sort of hands-on technical assistance,
assuming that those institutions aren't going to have that in-house?
Well, share with me some of the suggestions here.
What are some of the practical things that the community can do to better protect everybody?
Yeah, the core of our solution for the short term is really relying on cyber volunteering programs.
Folks might have heard of things like cyber clinics where students are learning to give
risk assessments to local institutions as a part of their schooling. And there are also programs
like the state civilian cyber corps where volunteers at the state level form sort of an auxiliary
corps. And they're called in to help with incident response and training for local cities
and hospitals and other types of organizations. So there are these really low cost programs that
rely on community resources that are very decentralized, that we like to say they form a cyber safety
net. And what we want to do is strengthen that safety net. So try and scale up the number of
volunteers that are active in different communities around the country, scale the skilling that each
of them have so that we can reach a consistency of services across whether or not you're working
with a clinic or a state civilian cybercore or a nonprofit cyber volunteering program. You're getting
what you need out of it. And we want to connect these sort of short-term Band-Aid solutions,
which is everybody needs help now. We need to get it to them as quickly as possible to more
long-term solutions, such as an affordable managed service provider or managed cybersecurity service
provider. So those were really the recommendations around how do we scale these types of models,
how do we make sure that they're consistent and providing good service? And then how do we
connect them to this cybersecurity ecosystem and give them a sort of on-ramp into more systemic
cyber resilience. What would your call of action to be for the people in our audience who
may be looking for opportunities to give back? Do you have guidance for where's a good place to
start? Yeah, that's a great question. I know that folks might be tired of reading reports in this day and
age, and that's why, along with it, we also released a platform called Cybervolunteering.
Cybervolunteers.U.S. I'm going to say that again so that I make sure I get the URL right.
We released a platform at cybervolunteers.us, where anybody can go to learn about cyber volunteering
programs across the United States to figure out what program might be right for them if they're
interested in volunteering. Or if you know of a local organization that's in need of help, they can
go to that website to find a program that they would qualify for to receive free assistance.
But again, our biggest hurdle here is trying to increase the number of volunteers and increase
the number of volunteering program. So especially the folks who listen to this podcast that might
be leaders that have communities of their own that are interested in volunteering, come and
talk to us and start up a new program where you can recruit your friends and your colleagues to start
providing some of these pro bono services to organizations in need.
That's Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity.
This week is, of course, Black Hat USA 2025.
We've got a special woman on the street segment with Halcyon's Cynthia Kaiser,
and their CISO, Stacey Cameron.
So I have a multifaceted value proposition that I do here.
One is I really like to do a lot of networking,
reach out to other leaders in the field.
And, you know, we kind of share horror stories and success stories.
And so that is, to me, that's a very value added to really grow and build that network.
But additionally to that is coming in, hearing some of the briefings,
meeting sitting on the panels, listening to awesome people, leaders in the field really go over
and sort of expand everything that I know and things that I don't know and that educational aspect of it as well.
Also use it as a chance at being the chief information security officer, I use it as a chance to meet with some of my vendors
and some of my potential vendors.
as a CISO, anyone in that field understands that you're always getting accosted, I would say, by a lot of vendors.
But they're really trying to sort of help the role.
But some certain things that I need to do as I'm continuing to improve our security posture and mature our security posture at Houselian is uses as an attitude.
This one and other conferences, just let's set up, let's talk, let's go over some things and let's just knock it all with one bang.
So I use it for two purposes.
I use it.
Get out there.
Sometimes we're talking to customers.
Sometimes I'm talking to partners.
Sometimes I'm at the briefings.
I'm able to learn and educate myself and educate others.
I've met someone that almost like in a mentor role since I've been here,
been able to really provide that guidance for up and coming folks in the profession.
So those types of things just sort of happened by happenstance.
And that was kind of a byproduct of being here.
But yeah, there's just so many.
ways that I can use this as an as an opportunity to really grow in the security space.
And I guess as Sissau, you kind of have a target on your back because you do have
purchase authority. Yes. But you can't purchase everything. Don't need to purchase
something. But we do need to purchase something. So let's put it on that aspect. But yeah, so
it's it's one of those things where it's actually beneficial.
sometimes because it opens a lot of doors, right? So if I'm trying to do something, but on the other
side, it opens a lot of doors. You get a lot of phone calls and somebody take and somebody
down. Yeah. Well, Cynthia, as you're heading into this year's Blackhead, what's your sense in terms of
the tone, how people are meeting the needs and the challenges of the industry this year?
What's the temperature that you're sensing there? You know, I've met so many people who had,
it's their first black cat, which I found kind of surprising.
I mean, actually, I'm the first black cat, you know, in 10D, too.
But being able to, I think, have people come and there's such a sense of, like,
wanting to learn not only from the presentations themselves, but a real interest in learning
from each other.
Stacey said it well, like, it's the people, right?
Like, you come and you get to meet people, and I sense that there's a lot of excitement
across industry for what we're going to be able to accomplish
with some of the new technology or new-ish at this point technology
that we're able to do.
And I think from my vantage point of doing our soft launch
of the Ransper Research Center last week,
I'm just excited to meet with all these companies
that are willing to share, really to partner
and want to actually put stuff together
so that we can have a difference against cyber adversaries.
Well, Cynthia, what is the specific type of networking and connections that you're looking to make there
with the launch of this ransomware center?
You know, I'm trying to gather information about how people may want to partner and why,
and I think that we've had a wide spectrum of interest in that.
I've spoken with startups, especially, you know, small companies, medium-sized,
companies and we've talked through how we can take our good information that we have and we can
all put it out but you know it's of okay value and maybe sometimes good value but it's niche but if we
all put it together we can do something much more comprehensive and i think there's a lot of interest
especially across the startup community and being able to pursue that i've also been talking to
various companies who say, I'm not going to want my name on the website, but I'd love to share
data because I want to put it all together. We want to get information together and gift wrap it,
give it back to the government so they can do something about all these problems. And I think
that's been really fun. And third is the policy element. People who want to talk about what are
the solutions that we can drive as collective across industry and talk about with policymakers,
is especially with Sean Kerrcross being confirmed over the weekend.
You know, Stacey, as the CISO, a lot of folks who are just starting off in the industry here,
certainly would find you to be an inspiration, someone to look up to, perhaps turn to for mentorship.
As you're walking around a show floor like this, it strikes me that people might be hesitant
to strike up a conversation with someone at your level, but my sense is that,
you want to talk to those people.
Absolutely.
And a lot of times there's introductions
and already happening this week, right?
So we're already out here.
We came for some of the pre-events
and people who have just met
or now introduced me to more people
and people that are coming,
trying to break into this space.
And a lot of people don't really understand
like within cybersecurity,
there's so many ways and so many skills
that are transferable.
So whether you're a lawyer
or a project manager, so many ways
that they apply to cyber, and the question is, well, how do I break in? How do I get in there?
And I actually, I'm glad you asked this question because I was just telling a young lady
earlier that Cynthia got to meet. So I wanted to make sure I introduced her so she can start
expanding. The young lady can start expanding her network. And it was, she's asking like,
how do I do this? I'm like, just walk up and talk to people. Because just like you said,
people may not want to talk to you. I'm like, they have a badge on. They're here. A lot of people
are here to, and they're going to enjoy the networking aspect of it. They're here for exposure
and to be exposed. So those types of things is, yes, I encourage you. I have a smell of my face,
so I try to be welcoming. So a lot of people come in and they'll just say hi and we'll just
start talking. I'm like, oh, you're a C-So. And now, and then we just go from there. And it
kind of helps them and promote that to give them more confidence and where they're talking and
just sharing information, just asking them about their journey and being interested. And yes, I know
we're going from meeting to meeting, but we do have to take that time to talk to the people.
So, yes.
And Stacey, if I can add to that, I think sometimes it's hard to be a woman in cybersecurity.
But one of the best parts is that I always find that I'm a little more recognizable.
And so people will come up and talk to, you know, I find that people come up and talk to me all
the time.
Or I met somebody yesterday who was like, hey, I remember you from this conference in, you know,
2023. And it's so fun to be able to make those connections across the years, across the
conferences, to know that you were able to have that conversation and share what you learned.
And we were just at an event this morning where we were doing just that, where we were trying to
share like, what do we get right? What did we get wrong? And what's the advice we give to our prior selves.
And in showing up, when they show up and they see us in certain places like we're at panels
and you're talking in the events and those types of things.
Someone after that event this morning walked up to the elevator.
I saw you earlier.
So that was an entry way.
You know, this is how I can talk to these type of people.
So yes, I do get that.
I will say even from a mentor standpoint,
I do have some mentees.
I take mentoring very seriously.
And I believe that there's a lot of time that goes into.
So some people, if I don't have,
I may not have the bandwidth to, you know,
take on a bunch of mentees,
but I will take time to have a coffee.
have a virtual coffee, to have a chat, because I think is, I believe in the industry and I believe
in emerging talent. And I want to make sure that people understand that they can be successful
in this industry as well. Well, before I let you go, I want to ask each of you, how do you measure
success? When you head home from a conference like this, what do you hope to take home with you?
What do you hope to accomplish? Let me start with you, Cynthia.
I love taking home business cards and lots of LinkedIn connections, because what
do when I go home is I try to send a message to each one of those people. I know that we felt
like we've identified some reason why we're connecting, why we're following up. And so success to me is
being able to continue the conversation after the conference is done. I was going to say something
similar. I know when I have like, it's kind of like you have your meeting and you have your action
items, right? So if I don't leave any leave here with anything new on my plate or or even something
that I'm already working on a solution for that
or maybe progression during that
that I don't think I've accomplished
what I've come here to do.
And as I see-so, I'm still working, right?
So I'm here able to enjoy the conference,
but I'm starting my day early,
checking in with my team,
making sure things are still going as planned
and then jumping in midday as well.
But I really want to make sure
those relationships are solid.
I don't know.
Cynthia mentioned the business cards.
I like pictures of business cards.
I'm very...
And definitely the LinkedIn
connections. And I was thinking similarly, like when you have those LinkedIn connections and you
never reach out, I was like, is it really a connection? And we haven't only spoken to each other
and we're kind of just connected in theory. Yeah. And I think, you know, in the end, you just want
to learn one good thing. Yeah. Right. If we can learn one good thing, attend one good talk,
have that, you know, one really great new meeting. I mean, that makes it all worth it because
you collect those and it just makes you better. Oh, and then I love to.
all the wonderful, amazing women that we were meeting out here, these bosses out here
in the streets in the world of IT and cyber where it once was a, this was a man's world, right?
And it once was that. And I love that the men out there are welcoming our allies and
advocates and just seeing so many women not afraid to excel and do what they need to do
to succeed. So that's a, it's beautiful and amazing watching all of that actually be in an
industry for going over 20 years. Our thanks to Cynthia Kaiser and Stacey Cameron from
Halcyon for joining us from Black Hat in Las Vegas.
And finally, helicopter parenting has officially hit the footwear aisle.
Skechers' new Find My Skechers line quietly sneaks in a sealed compartment under the insul,
perfectly sized for an Apple air tag, not included, of course.
On the surface, it's a clever way to locate lost sneakers.
In practice, it's parental tracking disguised as stylish kicks
for toddlers to eight-year-olds.
The Internet naturally is divided.
Some hail it as a lifesaver,
especially for kids with special needs.
Others see Big Brother lacing up early.
The shoes look ordinary,
but they whisper,
I know where you are,
and so do your shoes.
Add 52 bucks a pair, plus the air tag.
They're priced for peace of mind,
or pint-sized surveillance,
depending on your view.
From Be Home by Dark,
to GPS-enabled souls.
Childhood just got a firmware update.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at the Cyberwire.
dot com. We'd love to hear from you. We're conducting our annual audience survey to learn more about
our listeners. We're collecting your insights through the end of August. There's a link in the show
notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is
Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive
producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you
back here tomorrow.