CyberWire Daily - Healthcare in the crosshairs.
Episode Date: May 9, 2024Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. Intel...Broker claims to have compromised a pair of UK banks. New Mexico’s top cop accuses Meta of failing to protect kids. British Columbia reports "sophisticated cybersecurity incidents" on government networks. Researchers uncover a vulnerability in UPS software affecting critical infrastructure. Zscaler investigates a claimed data breach. On the Learning Layer, host Sam Meisenberg and N2K’s Urban Alliance Intern, David Nguyen, discuss David's AZ-900 exam experience. The Library of Congress stands strong. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO at Cyberbit, is our Man on the Street today. N2K’s Brandon Karpf caught up with Caleb to talk about the 2024 RSA Conference. Learning Layer On our bonus Learning Layer segment, host Sam Meisenberg and N2K’s Urban Alliance Intern, David Nguyen, discuss David's AZ-900 exam experience, including some remote proctoring issues. David gives tips and strategies for those gearing up for their own exam. Selected Reading Ascension healthcare takes systems offline after cyberattack (Bleeping Computer) With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge (The Record) CISA starts CVE "vulnrichment" program (Help Net Security) Cyber director sees potential for a new era in White House office (The Record) FDA recalls defective iOS app that injured over 200 insulin pump users (The Verge) Poland says it was targeted by Russian military intelligence hackers (The Record) IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data (Hack Read) Undercover operation nets arrests as New Mexico's top prosecutor blames Meta for online predators (AP News) B.C. government hit by ’sophisticated cybersecurity incidents’ (Vancouver Sun) Cyble detects critical vulnerabilities in CyberPower PowerPanel Business Software used in critical infrastructure (Industrial Cyber) Zscaler is investigating data breach claims (Industrial Cyber) Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach (Nextgov/FCW) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Thank you. app. Polish officials blame Russia for recent cyber attacks. Intel broker claims to have
compromised a pair of UK banks. New Mexico's top cop accuses Meta of failing to protect kids.
British Columbia reports sophisticated cybersecurity incidents on government networks.
Researchers uncover a vulnerability in UPS software affecting critical infrastructure.
Zscaler investigates a claimed data breach.
On the Learning Layer, host Sam Meisenberg and N2K's Urban Alliance intern, David Nguyen,
discuss David's AZ-900 exam experience. And the Library of Congress stands strong.
It's Thursday, May 9th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thank you so much for joining us here today.
It is great to have you with us, as always.
Ascension Healthcare, a major U.S. nonprofit health system with 140 hospitals across 19 states,
experienced a cybersecurity event leading to the shutdown of some systems
for investigation. Detected on May 8, the incident disrupted certain clinical operations
and prompted Ascension to advise business partners to temporarily sever system connections.
The organization, which reported $28.3 billion in revenue in 2023,
has engaged Mandiant for incident response and informed relevant authorities.
This event follows a recent HHS warning
about social engineering attacks
targeting the healthcare sector's IT systems.
Ascension is continuing to assess the impact
and will update as more information becomes available.
The 2024 RSA conference in San Francisco continues, and yesterday CISA Director Jen
Easterly announced that 68 global software companies, including giants like Microsoft
and Google, have committed to a pledge for designing products with built-in security.
This initiative aims to counter sophisticated hacking campaigns,
such as China's Volt Typhoon, by enhancing product security from the start.
Companies agreed to implement multi-factor authentication,
reduce default passwords, address vulnerabilities,
and improve transparency on cybersecurity issues.
This commitment is part of a broader effort to shift the cybersecurity burden from consumers to manufacturers,
aligning with the national cybersecurity strategy introduced in 2023.
Additionally, CISA has launched Vulnerichment, a product to enhance the enrichment of CVE records
in response to delays at NIST's National Vulnerability Database.
Since the NVD has slowed down in updating its database with vital information,
such as impact metrics and vulnerability types,
CISA's initiative aims to address the gap by enriching CVEs with additional data
through its authorized data publisher container.
So far, CISA has enriched 1,300 CVEs,
categorizing vulnerabilities by urgency and impact to aid in more efficient remediation.
The project, which uses the CVE JSON format,
seeks community feedback and is expected to evolve rapidly.
Elsewhere at RSA Conference, the White House Cyber Czar, National Cyber Director Harry
Coker, addressed past leadership instability at the Office of the National Cyber Director,
confirming the team's commitment to advancing U.S. digital security.
Despite experiencing significant turnover with four chiefs in less than a year
since its 2021 inception, the ONCD has successfully produced critical policy documents and implemented
cybersecurity strategies. Coker, confirmed late last year, emphasized the office's ongoing
contributions to national security and its resilience amidst potential future personnel changes.
The ONCD recently published a report on U.S. cybersecurity posture
and released the second implementation plan
for the national cybersecurity strategy,
outlining new government benchmarks.
Later in the show, our N2K CyberWire executive editor,
Brandon Karf, catches up with Caleb Barlow from Cyberbit at RSA.
Stay tuned for that.
In addition to our own N2K CyberWire team on the ground at RSA conference,
a tip of the hat to the record by Recorded Future, who have been providing outstanding coverage of the show.
outstanding coverage of the show. The FDA announced a Class 1 recall for Tandem Diabetes Care's iOS T-Connect app version 2.7, used with the T-Slim X2 insulin pump, due to a defect
causing premature shutdowns from excessive battery drain linked to Bluetooth issues. At least 224 injuries have been reported.
Users are advised to update the app to version 2.7.1 or later to correct the issue.
The defect can interrupt insulin delivery, potentially leading to severe hyperglycemia
or diabetic ketoacidosis, which may require hospital intervention.
No deaths have been reported, but Tandem has urged heightened vigilance,
especially during sleep, and has requested customers confirm notification of the recall through an online form.
Polish government institutions were targeted by Russian military intelligence hackers in a recent espionage campaign,
orchestrated by the hacker group APT28, or Fancy Bear, linked to Russia's GRU.
This is part of a broader pattern where several NATO countries,
including Germany, Lithuania, Slovakia, and Sweden,
have accused the Kremlin of cyberattacks. In Poland, the hackers used phishing emails with a decoy story about a
mysterious Ukrainian woman to trick recipients into downloading malware that collects information
and sends it to hacker-controlled servers. Germany has escalated its response by recalling
its ambassador, and Chechya plans to summon the Russian ambassador over similar cyber attacks.
The hacker using the handle IntelBroker claims to have compromised a third-party contractor
and stolen sensitive data from two major UK banks, HSBC and Barclays.
The breach, which occurred in April 2024, involved the theft of SQL source code database files and email addresses.
The stolen data, including potentially sensitive and technical information, has been leaked on breach forums and is circulating on Russian language forums, posing significant security risks to the banks and their customers.
to the banks and their customers.
New Mexico's Attorney General Raul Torres announced charges against three men
accused of using Meta's social media platforms
to solicit sex with underage children.
The arrests resulted from a months-long undercover operation
where the suspects connected with decoy accounts
set up by the State Department of Justice.
The investigation began around the
time New Mexico filed a lawsuit against Meta, alleging the company failed to protect children.
Torres criticized Meta for prioritizing profits over children's safety, while Meta defended its
efforts to prevent suspicious adult interactions and work with law enforcement. The lawsuit also revealed internal documents
estimating 100,000 children face sexual harassment on Meta's platforms daily.
British Columbia Premier David Eby reported sophisticated cybersecurity incidents on
provincial government networks. Following this, all government employees were directed to change their passwords,
a move described by the office of the chief information officer
as routine security updates.
The government is collaborating with the Canadian Centre for Cybersecurity
to assess the incidents,
with no current evidence of compromised sensitive information.
Researchers from security firm Sybil
revealed vulnerabilities in CyberPower's
power panel business software used for UPS management,
posing potential serious risks to critical infrastructure.
These vulnerabilities could allow attackers
to bypass authentication, obtain administrator privileges,
and execute arbitrary code,
potentially leading to severe operational disruptions and financial losses. CISA has
issued an ICS advisory amid concerns of increased targeting of such systems by hacktivists.
CyberPower has issued a patch to address these vulnerabilities.
Cybersecurity firm Zscaler is investigating
a claimed data breach after threat actor Intel Broker allegedly offered to sell access to the
company's network on breach forums. Zscaler has confirmed there is no impact or compromise to
its customer production and corporate environments. Intel Broker is demanding $20,000 in cryptocurrency
for access, which includes SMTP and SSL passkeys and certificates. Zscaler engaged an incident
response firm and continues to monitor the situation. They discovered an exposed test
environment, which has since been taken offline for analysis.
Coming up after the break, Caleb Barlow, CEO at Cyberbit, meets up with our own Brandon Karp to discuss their insights on the RSA conference.
On our learning layer, we've got Sam Meisenberg
with N2K's Urban Alliance intern, David Nguyen.
They're discussing David's AZ-900 exam experience.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
on today's bonus learning layer segment host sam meisenberg speaks with n2k's urban alliance intern david newin they're discussing david's az900 exam experience Welcome to the Learning Layer segment.
Today, we have a very special guest, David, who is our N2K intern, but that's not why he's here.
David is here because
he just passed his AZ-900 exam. So, David, congrats. Thank you. How's it feel to be AZ-900 certified?
So excited. All right. Yes, you get the certificate and then you get to be on the Learning Layer
podcast. I don't know which one is better. All right. So, look, I'll start with the most obvious question that other people are probably wondering
who are preparing for their AZ-900.
How did you prepare?
How did you study?
How did you do it?
So, what I mainly did was use Microsoft Learn modules where I just looked over the terms
and just took notes on each term and what it does in its applications.
Okay. Now, I've heard that the Microsoft Learn modules are free.
So anybody can kind of go out there and log in and use it today.
Is there anything else you use in addition to those free modules?
Yeah.
I use EntryK's QBank where I just looked over the questions
and see the different type of questions.
When I used Microsoft Learn modules in this practice test, it was all multiple choice questions.
So I didn't really have any experience using a drop-down menu or a yes or no checkbox.
So NTUK's QBank allows you to experience with all those different types of questions that you will see on the exam day.
So what you're saying is on the AZ-900, there are question types that are not just multiple choice.
So you had to kind of practice and feel the experience of doing a different modality of questions.
So the next question I have for you is I think a lot of people struggle with like the last couple days. It's always an
awkward time. Yeah. And you've been doing all this studying. So I guess my question is, what did you
do? Walk us through the last, I don't know, 48 hours before exam day. So this works for me. So
I don't recommend like for most, it might not work. But the day before the exam, all I did was
just cram in as much information that I didn't really understand as possible.
So, yeah, I just basically crammed everything and tried to take as much like practice exams or look at like questions that I could see on the exam as possible.
Okay.
And then the day of the exam, I took it as like a chill day where I didn't do really anything.
Like all I did was just took a walk and like eat food and just chilled on my bed.
Nice.
So I have one reaction to what you just said.
Because I mean, look, it's all good stuff, right?
As you said, it worked for you.
You passed the test.
I can't argue with that.
Some people, sounds like you might be in this camp,
you kind of just can't help yourself.
Like the day before the test,
you need to feel like you're like
looking at some of the content, right? And you need to, I don't know whether it's say just to make yourself feel better
or you're anxious, you want to do something, you want to get some nervous energy out, you crammed
and you studied. That's fine. What I would say is next time, that day before, if you do need to look
at material, look at your strengths, not your weaknesses. What I mean by
that is you can't really learn anything in one day anyway. And by looking at the stuff you already
know and reinforcing it, it's actually going to give you confidence walking into exam day.
So anyway, the day of the test, you relaxed, you kind of got some fresh air. I love that.
You got a little exercise. So what happened next? So I sat down at my computer getting ready for like the exam.
Talked to my proctor and everything.
Then they said, download this link.
I downloaded it.
Boom.
An error.
On exam day.
I couldn't access the website to take the test.
So then I was panicking.
Like they said something about my router having a firewall blocking the website or whatever. And then I couldn't just take the test. So then I was panicking. Like they said something about my router having a firewall blocking the website
or whatever.
And then I couldn't
just take the test.
So I was panicking.
I was like,
wait,
so I can't take the exam
or something?
And then they said,
nope,
I'm sorry,
but you have to take it
the next day.
And I was like,
wait,
no,
I have a chemistry exam
the next day.
And then I was like,
oh no,
what should I do?
And I was like,
whatever.
I just have to go in
and hope for the best.
So the next day, did my chemistry exam. pretty good got an A okay that doesn't matter I don't
want I don't want your high school teachers hearing this podcast being like my chemistry
exam doesn't matter but anyway okay so you took chem first got an A nailed it then what happened
after that then as soon as I got home I had 30 minutes to prepare for the exam.
Okay.
All I did was just like sit down and relax and like, I got this.
I got this.
I even played music until I was hyped up.
Yep.
And then I took the exam.
And throughout the exam, one thing I know that helped me was just staying calm.
And the rest is history.
First of all, I don't know what to say.
I'm kind of speechless.
That's incredible.
I don't know.
There's a lot of cybersecurity practitioners who are taking Microsoft exams and AZ-900.
I bet none of them took a chemistry test the morning of.
So congratulations.
You're the first person in the history of AZ-900 to do that.
So well done.
Do you have any other words of wisdom or one piece of advice that you would give somebody who is, I don't know, studying for AZ-900 or is going to take it soon?
This is something that I really want everyone to do.
If they want to pass the exam, take notes of each term
and some of its applications as well.
Because the test,
it mainly is just a term-based test.
And if you know what each definition is
and its uses,
you will pass.
So yeah, just take notes.
Even in flashcards.
I would highly recommend flashcards as well.
So I just want to add one thing too.
The N2K learning resources in LMS, we have flashcards built in,
but I always like to remind students, sure, you can use ours.
Like those are helpful.
But also for the hard terms, create your own.
Make your own flashcards because it forces you to sort of put the terms into your own words
and that is when
you're really learning.
So,
I like your tip.
Flashcard,
flashcard,
flashcard.
Yep.
All right, David.
Well, thank you so much
for coming on
Learning Layer
and telling us
about your wild experience
taking the AZ-900.
Congratulations again.
Thank you.
What cert is up next?
Well, up next, I'm planning to get my
AWS Cloud Practitioner next
around like May.
And then after, I'm planning to get the
ISC Squared certification.
And also the Azure
Admin Associates as well.
Well, when you pass those, we'll have you
back on Learning Layer to talk about them.
And maybe one day we'll have you on to talk about chemistry.
Thanks, David.
All right.
So I mentioned that David is an Urban Alliance intern.
So I just want to give a quick word about Urban Alliance and the work that they do.
They work with schools and employers across the greater Washington, D.C. area,
Baltimore, Chicago, and Detroit
to address systemic barriers to economic mobility
and bridge the gap between education
and workforce for young adults of color.
They're always interested in adding more
IT and cybersecurity partners,
so if you or your organization is interested,
please visit urbanalliance.org
backslash contact us,
or you can email Laura Montgomery at lmontgomery,
M-O-N-T-G-O-M-E-R-Y at theurbanalliance.org.
If you're interested in pursuing the AZ-900 exam or any other certification,
N2K has comprehensive practice tests to help you prepare for exam day.
We have prep materials for the full suite of many industry-leading certifications. Thank you. That's N2K's Sam Meisenberg
speaking with our Urban Alliance intern, David Nguyen.
Continuing our series of man-on-the-street conversations from the 2024 RSA Conference,
Caleb Barlow from Cyberbit meets up with our own Brandon Karpf. I'm here today at RSA 2024, Caleb Barlow from Cyberbit meets up with our own Brandon Karpf.
I'm here today at RSA 2024 with Caleb Barlow, CEO of Cyberbit. Caleb, we've been seeing on the floor in conversations, in sessions, concerns about communicating risk, understanding risk,
and also the new technologies everyone's talking about. What conversations are you most interested in?
What conversations have been the most impactful to you?
And what are you finding the most interest in this year at RSA?
Well, I think the first thing to understand is like my process with RSA
because there's so much marketing spend that goes into RSA
and that naturally drives a lot of the conversations.
I'm looking for the small two guys know, two guys in a dog company
off in the corner with a little table that nobody's heard of before. And what are they
innovating and what are they doing that's different? And I think it's a little harder
to find those companies now in a post-COVID world, but, you know, they're still here and,
you know, really trying to find that innovation that is new and unique and different.
And I think in what we're looking at nowadays, I'm really intrigued by some of the works that's being done in threat intelligence.
Okay. You know, I think a lot of the conversations around the SOC, it's really frothy. Like there's
just so much dialogue there and so many different solutions, but you start looking at like, how do
you do an investigation? You know, what data do you need to do that investigation? How can you enhance that? Those
are the types of things that I'm finding really interesting right now. And like I said, those are
typically off on the side of the show floor, maybe it's a little card tables versus the big
multimillion dollar booths. Well, so how do we square that with a refrain I have heard over the
last few days, which is- AI, AI, AI? That plus, we've spent the last two years being told, do more with less, do more with less, do more with less.
And I've heard this from numerous people.
So when you combine this AI, AI, AI, AI, AI aspect of security, it seems today,
with companies pulling back on resourcing their SOCs and resourcing their threat intelligence personnel and incident response teams,
where is the opportunity there to make a difference?
Well, there's a disconnect. And I think the first thing we have to recognize is right now,
and this is down a little bit since COVID, but we've still got 470, 480,000 open unfilled
cybersecurity jobs in the U.S. alone. But here's the other thing, and I don't know the exact number,
but I'm guessing it's somewhere
between 50 and 100,000 security professionals
that are currently looking for work.
And if you go down to the show floor right now,
there's a lot of people
that are walking around looking for jobs.
Yes.
We've never seen that at this kind of level.
But where's the disconnect?
We have these open, unfilled jobs,
yet at the same time, we have people looking.
And I think that disconnect is people are looking for time,
hands on keyboard, eyes on glass in the seat.
And that's the real disconnect.
When I go out and I look for somebody to sit in my sock,
I'm looking for them to have, you know,
five years of experience with Splunk
or Microsoft Defender or QRadar.
And if I don't see that,
I'm passing on to the next person.
So part of that disconnect is
how do we skill up those people?
The other part of this disconnect is
a typical SOC now could easily be seeing
hundreds of millions of alerts a day.
You know, the analytics and the data volumes
are just so ridiculous
that we've got to use machine learning
and AI to dig through it.
We've been talking about
that here for years. Literally, literally almost a decade. Yes. I think the difference now is with
these, you know, LLMs, we're seeing that it's possible. We've become kind of re-engaged in
this dialogue to try to get AI right. But training AI on security is a totally different
ballgame than training AI on natural language. So who do you think is either already doing it
the right way or well on their way? You know, I think of the Cisco acquisition of Splunk, right,
to get that data, that massive data lake that Splunk has for things like incident response and
understanding the telemetry within a network. I mean, what companies do you think are doing this right and not just
doing the hype cycle thing? Well, I think one of the things we have to look at, particularly when
we're talking about tools in the SOC, is this is becoming less and less of a best of breed battle
and more of a best of platform battle. Okay. And you have some very interesting players in this,
right? So you have
kind of the traditional security vendors, the CrowdStrikes, the Palos of the world, but now we
also have the cloud, you know, kind of, you know, monoliths that are coming into this, AWS, Google,
and Microsoft in a very significant way. And part of what we have to recognize, right, and we might
as well just call it for what it is, is some of these vendors have additional capabilities
that others don't,
whether that's bundling and licensing options
that Microsoft has as an example,
or incentives that somebody like Google might put in play
as you're buying your other cloud services and capabilities.
This really starts to create different incentives in the SOC
on what platform you're going to use.
But I think the choice that people are starting to look at isn't, you know, what do I need for
a specific component of my solution? It's which platform do I want to start with? And yes, there
may be some things I'm giving up with on that platform, but I'm gaining so much more in the
overall integration as well as the finances of buying that platform.
So I think something that's easy to do here at RSA every year is to look at the things that you
just identified, which are these platforms, these tool suites, the new technologies being brought to
market. In the beginning of this conversation, you also mentioned the talent. So let's tie those
things together. When we are looking for platforms and figuring out what we're going to have in our
environments to make them effective and to provide the need that fills my own security strategy?
How do I also bring in the talent component and understand these people that I want to bring in,
the skills that they might have, the opportunities they have to grow,
and the aptitude to learn these tools?
How do I actually bring those things together in an effective, full-scope security program?
Well, I think one of the things we've really got to do is we've got to start looking at security as a profession, right?
Which means that we need to expect that we hire people and that they continue to grow through that profession.
And we're putting the time and the investment into growing them.
But the math on this is really simple, right?
Let's say I'm making a switch from maybe QRadar to maybe Google Chronicle as an example.
Okay, Well,
I need to retool my team. Now I need to not only put the training in place to do that, I need to measure people on that journey, but I probably also am going to go hire some people. Right.
So how can I go out and hire people that I know already have this skill? And in some cases,
the job, the, you know, the kind of the objective is go out and hire people that have, you know,
five years of experience using Chronicle.
Well, the challenge with that is
those people are going to be expensive.
Another avenue on this, and don't forget,
you've got to pay a recruiter often, you know,
sometimes up to a third of that person's first year salary.
The other approach is to go out,
hire people that have that aptitude.
Maybe people that have used Splunk or QRadar for years,
or maybe even someone that's just a really talented maybe people that have used Splunk or QRadar for years, or maybe even someone
that's just a really talented IT professional
that wants to get into security.
And now maybe I put them into a training program
for three to six months.
I might actually be better off financially
versus having to pay that recruiter
by growing some of these people internally.
But here's the other thing.
I can also pay a lot of attention to, you know,
my desires to build a more diverse workforce
at the same time,
because if I'm growing people into jobs,
I can identify those people early in the stage
and grow them into those roles.
So I'm growing my diversity program at the same time.
I love that.
And earlier this week,
I met with a woman we'll have on the show soon
from Cal Berkeley,
who's building these
things that they call cyber security or cyber defense clinics. Really the model is the open
medical clinics that doctors might have to spend some of their time pro bono in and serving
communities in these community clinics. And building the same concept in cyber might be a
way to bridge that knowledge gap of
a hiring manager or someone in a security program needing to test and validate and understand the
skills that someone's bringing in. But more than that, their aptitude. Not necessarily that they
have the skill and the specific technology, but that they just have an aptitude to learn and a
desire to learn. Have you seen anyone applying that type of a hiring mechanism of, are you not, coming here with the skills, but actually coming here with just the aptitude and desire?
Well, I'll give you an example.
You know, I think one of the things to really think about in this space is that cybersecurity, you're up against a human adversary, right?
So, you know, this is much more analogous to training a pilot in that I don't care where that pilot went to school.
pilot in that I don't care where that pilot went to school. I don't care, you know, what I care about is that they certified on the airframe and how many hours do they have in flight and in
simulation, right? So as an example, I've got one customer that we train a thousand people a year at.
They don't have a thousand people in their sock. Right. What they decided, I just, I love this
story. They decided that what they're going to do is they're going to put everybody through a
security, fictitious security breach because they want even their developers and their IT people to understand what it's like.
Sure.
And what comes out of that is when you're writing code, when you're laying out risk and compliance items on your IT framework, you're thinking about security all the way because you've had that experience of what does the security team go through when it goes bad.
So I think this kind of experiential learning becomes a big part of this. Something else that I hope that that particular client's doing is closing the loop
and using the lessons learned from sending the non-standard people through that in applying
those lessons to the incident response plan of how other people in the organization might support,
or maybe they bring new ideas to how we respond to an incident.
I think that concept is fantastic.
A hundred percent.
So let's change tacks just briefly.
You know, RSA has grown over the years,
has really evolved over the years.
Is this RSA the same as RSAs in the past,
or is there something new and different here?
Oh, it's definitely changed.
And let me first say, like,
we have to look at these things as,
this is the event that brings
the cybersecurity community together.
Right.
So I don't say any of this, Brandon, as a negative, right?
But, hey, if you're going to go to RSA, let's understand where you want to spend your time, right?
The first thing to understand is that the show floor has dramatically changed in that it's so expensive for companies to get onto the show floor, which, by the way, isn't unique to this conference, right?
That many, you know, what you're not going to see is the small, innovative, new companies that are maybe sub $5 million in ARR.
You're going to have to go look for them, and you're going to find them in the hotels around RSA.
Maybe not even with an Expo Pass.
Exactly.
Oh, the Expo Pass isn't going to do you any good here, right?
pass. Exactly. Oh, the expo pass isn't going to do any good here, right? So I think the first thing I would say is put on your walking shoes, get a comfortable pair of jeans, put the suit away,
and really start to walk around because that's where you're going to find the new innovations.
It's going to be the bigger, more established companies going to be on the show floor.
But the other thing we've really start to see is that there are side conferences. Then it used to
be there were one or two.
Now there are four or five competing side conferences every single day, mostly coming
from the venture capital and private equity community and the bankers that have really
fantastic speakers, maybe different perspectives that you could look at. So that adds to the whole
flavor of RSA, but you're not going to get that on your expo pass, right?
So you've got to spend the time ahead of time
understanding where these other conferences are
and how you get an invite.
So, you know, if you're a CISO at a bank,
they're all going to be coming after you
because, you know, they want your budget, right?
But I think if you're that small upstart
or maybe you're working for a smaller company,
you can get into these things,
but you're going to have to do a little bit of legwork
to understand where do you go spend your time?
Which conferences do you go to?
Which events do you go to?
And frankly, that's where you're going to find
some of the best speakers
and some of the most thought-provoking ideas.
It seems like RSA has gotten to the size
where it's developed its own ecosystem around it,
is what I'm hearing.
I think, actually, I think that's a really, because I was trying to figure out how to
describe this without it sounding like a negative, right? I think that's exactly how to look at this,
right? This isn't about the conference so much anymore. It's about the ecosystem of we've just
all decided to get together in the same place at the same time. Every year, yeah. Right, every year.
Now, I will say, you know, the one negative I will throw in here is that I think San Francisco
is becoming a little challenging to get around.
Yeah, it is.
It's got some, the city's got some problems.
Yes.
And that does, you know,
that does make things also a little bit difficult
in some of these venues.
But I think this is a good community
that figures out how to navigate it.
Well, when it comes to what you just said,
it really drives the point to me
that an individual here to make use of RSA, regardless of whether they're an analyst or a SOC manager, a CISO, an investor, really has to dedicate time to curate their experience.
Before they come.
Before they come and know what they're trying to get out of it.
You know, one other thing I'd add to this, one of the things that a lot of people don't see is the money community that surrounds RSA, venture capital and private equity. And
even though you may not be in that community, maybe you're not a founder looking for capital
or you're not a capital allocator looking for places to invest. What is fascinating about those
dialogues and conferences is those become the vetting grounds for new ideas. Those become the places where
money and technology are talking together to say, hey, what new business models might work?
What new ideas might work? What am I going to vote my money on, if you will? And I think that's the
other aspect that's so fascinating about RSA that you don't see at any other conference.
And there's a lot for even a CISO to learn out of that
because you get early insights
into what's coming down the pipe.
And we at CyberWare,
we're a partner of Night Dragon
at their innovation summit this year,
which is happening at RSA.
And that's exactly the conversations we're having
with the folks who are attending that summit,
which is where is the money going?
Where is the opportunity
and the innovation that is being driven by the adversary?
And that's exactly what we're looking at too.
Well, any final words for us, Caleb?
Hey, go out there, have a fun RSA yet again.
And we'll see you again next year.
Thank you, Caleb.
It was great to have you again.
That's our own executive editor, Brendan Karp,
meeting up with Caleb Barlow, CEO at Cyberbit.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, remember last fall when the British Library fell victim to a cyber attack?
Turns out, on that same October day, cyber criminals tried their luck on both sides of the pond.
The U.S. Library of Congress fended off a cyber attack while its transatlantic cousin, the British Library, wasn't so lucky.
wasn't so lucky.
Reportedly, the Library of Congress stood its ground thanks to the digital drawbridge of multi-factor authentication
and some quick-thinking IT professionals
who promptly closed the digital gates.
Meanwhile, the British Library,
targeted by the notorious Ryceta ransomware gang,
ended up surrendering 500,000 files
after refusing to pay a king's ransom of 20 Bitcoin.
The drama highlights the importance of digital defenses.
The U.S. remained secure, perhaps disappointing the cyber villains who had to settle for less fortified targets.
While the Library of Congress didn't comment, their silence speaks volumes of a fortress well-guarded,
keeping cultural treasures safe from digital marauders.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like this show,
please share a rating and review in your podcast app.
Please also fill out the survey in the show notes
or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire
is part of the daily routine
of the most influential leaders and operators
in the public and private sector,
from the Fortune 500
to many of the world's preeminent intelligence
and law enforcement agencies.
N2K makes it easy for companies
to optimize your biggest investment,
your people.
We make you smarter about your teams
while making your teams smarter.
Learn how at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with
original music and sound design by Elliot Peltzman. Our executive producer is Jennifer
Iben. Our executive editor is Brandon Karp. Simone Petrella is our president. Peter Kilpie
is our publisher. And I'm Dave Bittner.
Thanks for listening. We'll see you back here tomorrow. Thank you. Also practical and adaptable. That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.