CyberWire-X

Walking through the anatomy of a cyberattack.

Sun, 12 Apr 2026 05:00:00 -0000

What does a modern cyberattack really look like from the inside? In this CyberWire-X episode, Dave Bittner speaks with John Anthony Smith, Founder and Chief Security Officer of Fenix24. This conversation takes us step by step as an attacker breaks into a target environment – probing for weaknesses, exploiting entry points, escalating privileges, and moving laterally until they reach their objective. While the attack unfolds, listeners are privy to a behind-the-scenes commentary that reveals the tradecraft: the scripts, misconfigurations, overlooked alerts, and the moments defenders could have stopped the intrusion and, most importantly, prepared for the day through a defense that locks down data and enables a quick and full recovery. This is not a theoretical review or a highlight reel. It's a candid, technical, and eye-opening journey through the full kill chain that will reshape listeners think about detection, incident readiness, and resilience.

Pentesting at the speed of thought.

Mon, 19 Jan 2026 06:00:00 -0000

In this CyberWire-X episode, Dave Bittner speaks with Horizon3.ai co-founder and CEO Snehal Antani about how continuous autonomous penetration testing is reshaping security resilience. Antani reflects on his journey from CIO to DoD operator, where he learned that the hardest part of security isn’t patching — it’s prioritizing what matters and proving defenses work before attackers do. He explains why vulnerability scans fall short, how “AI hackers” simulate adversary behavior at machine speed, and why organizations must shift from compliance thinking to attacker-centric validation. Antani shares real-world findings, warns of 77-second domain compromise, and predicts a future of AI fighting AI, with humans by exception.

Resources:

Whitepaper: NodeZero® for Pentesters and Red Teams
Whitepaper: Traditional vs. Autonomous: Why NodeZero® is the Future of Cyber Risk Assessments

The role of AI in Zero Trust.

Thu, 06 Nov 2025 21:45:00 -0000

Zero Trust has been top of mind for years, but how is AI changing what that actually looks like in practice? In this episode of CyberWire-X, Dave Bittner is joined by Deepen Desai, Chief Security Officer at Zscaler, to discuss the transformative impact of AI on Zero Trust security frameworks.

The discussion outlines how AI enhances threat prevention, automates data discovery, and improves user experience while addressing the practical financial implications of adopting AI in security. Hear how organizations must embrace AI to stay competitive and secure against evolving threats.

For additional resources on Zero Trust + AI, visit Zscaler's Replace Legacy Systems for Better Security.

Strengthening product security through ethical hacker collaboration.

Sun, 17 Aug 2025 05:00:00 -0000

Bug bounty programs have become a critical bridge between businesses and ethical hackers, but what does it take to make that relationship thrive? In this episode, Ani Turner, Senior Security Engineer and bug bounty program lead at Adobe, and Jasmin Landry, a seasoned ethical hacker and top-performing researcher on Adobe’s program, dive into the goals, benefits, and hidden challenges of running and contributing to a bug bounty program.

From the motivations that drive hackers and businesses, to the misconceptions that persist in the space, this conversation explores what really makes a bug bounty program successful — and how trust, communication, and shared purpose can lead to stronger security outcomes.

Resources:

Learn more about Adobe’s bug bounty program: https://www.adobe.com/trust/security/bug-bounty.html
Submit a report to Adobe: https://hackerone.com/adobe?type=team

Purple teaming in the modern enterprise.

Sun, 25 May 2025 05:00:00 -0000

In large enterprise software companies, Red and Blue Teams collaborate through Purple Teaming to proactively detect, respond to, and mitigate advanced threats. In this episode of CyberWire-X, N2K's Dave Bittner is joined by Adobe’s Justin Tiplitsky, Director of Red Team and Ivan Koshkin, Senior Detection Engineer to discuss how their teams work together daily to strengthen Adobe’s security ecosystem. They share real-world insights on how this essential collaboration enhances threat detection, refines security controls, and improves overall cyber resilience.

Cloud Architect vs Detection Engineer: Mutual benefit.

Sun, 21 Apr 2024 05:00:00 -0000

In this episode of CyberWire-X, N2K CyberWire’s Podcast host Dave Bittner is joined by Brian Davis, Principal Software Engineer, and Thomas Gardner, Senior Detection Engineer, both from Red Canary. They engage in a cloud architect vs. detection engineer discussion. Through the conversation, they illustrate how one person benefits the other's work and how they work together. Red Canary is our CyberWire-X episode sponsor.

What’s a CNAPP: Cloud-Native Application Protection Platform?

Sun, 28 Jan 2024 06:00:00 -0000

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor.

To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024.

Examining the current state of security orchestration.

Thu, 16 Nov 2023 06:00:00 -0000

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together.

Infostealer Malware 101: mitigating risks and strengthening defenses against this insidious threat.

Sun, 23 Jul 2023 05:00:00 -0000

With the relentless advancements in technology and a workforce more digitally-enabled than ever before, businesses today face an unprecedented challenge of protecting their sensitive information from cybercriminals. Infostealer malware, often disguised as innocuous files or hidden within legitimate-looking emails, stealthily infiltrate employee and contractor devices – managed and unmanaged – exfiltrating all manner of data for the purposes of executing follow-on attacks including ransomware. The data at risk includes customer details, financial information, intellectual property, and R&D plans stolen from compromised applications that were accessed from infostealer-exfiltrated authentication data like credentials and active session cookies/tokens. This episode digs into the proliferation of infostealers and provides actionable steps for businesses of any size or industry to mitigate the threat.

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten to discuss the early days of incident response and the current thinking of post-infection remediation (PIR) actions. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor SpyCloud’s Director of Security Research, Trevor Hilligoss. They chat about the challenges for enterprises and security leaders to identify what was stolen from malware-infected devices and how proper post-infection remediation implemented into existing incident response workflows can help prevent this data from causing ransomware. Trevor shares highlights from an industry report of over 300+ security leaders from North America and the UK on where they stand on malware identification and remediation, and what additional work can be done to minimize cybercriminals' access and impact.

What is data centric security and why should anyone care?

Wed, 17 May 2023 15:00:00 -0000

In today’s world, conventional cyber thinking remains largely focused on perimeter-centric security controls designed to govern how identities and endpoints utilize networks to access applications and data that organizations possess internally. Against this backdrop, a group of innovators and security thought leaders are exploring a new frontier and asking the question: shouldn’t there be a standard way to protect sensitive data regardless of where it resides or who it’s been shared with? It’s called “data-centric” security and it’s fundamentally different from “perimeter-centric” security models. Practicing it at scale requires a standard way to extend the value of “upstream” data governance (discovery, classification, tagging) into “downstream” collaborative workflows like email, file sharing, and SaaS apps.

In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner explore modern approaches for applying and enforcing policy and access controls to sensitive data which inevitably leaves your possession but still deserves just as much security as the data that you possess internally. Rick and Dave are joined by guests Bill Newhouse, Cybersecurity Engineer at National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE), and Dana Morris, Senior Vice President for Product and Engineering of our episode sponsor Virtru.

“Shift Left”: A case for threat-informed pentesting.

Sun, 05 Feb 2023 06:00:00 -0000

Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by applying a more strategic approach.

In this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner discuss what it means to "shift left" with your penetration testing by working on a threat-informed test plan with guests and Hash Table members Bob Turner, the Field CSO of Fortinet, Etay Maor, the Senior Director for Security Strategy at Cato Networks, and Dan DeCloss, the Founder and CEO of our episode sponsor PlexTrac.

The power of web data in cybersecurity.

Sun, 22 Jan 2023 06:00:00 -0000

The public web data domain is a fancy way to say that there is a lot of information sitting on websites around the world that is freely available to anybody who has the initiative to collect it and use it for some purpose. When you do that collection, intelligence groups typically refer to it as open source intelligence, or OSINT. Intelligence groups have been conducting OSINT operations for over a century if you consider books and newspapers to be one source of this kind of information. In the modern day, hackers conduct OSINT operations in order to recon their potential victims by collecting email addresses, personal information, IP addresses, software versions, network configurations, and, if they are lucky, login credentials for websites and social media platforms. The question is, how can the good guys use these techniques to improve their security posture or maybe help the business in some kind of material way?

On this episode of CyberWire-X, the CyberWire’s Rick Howard and Dave Bittner discuss OSINT operations to improve your security posture with guests Steve Winterfeld, Hash Table member and Advisory CISO for Akamai, and Or Lenchner, CEO at our episode sponsor Bright Data.

Strategies to get the most out of your toolsets.

Sun, 18 Dec 2022 06:00:00 -0000

With a recession looming, many business leaders are looking for ways to cut spending wherever possible. And while tool bloat affects many security teams, it can be a challenging problem to tackle for a couple of reasons. First, there’s the fear that security will be lost if a tool is removed. Second, there’s the daunting task of unraveling complex systems. And finally, there’s the perennial talent shortage. Like all challenges in security, they’re made even worse by the fact that there’s not enough people able to tackle them.

During this CyberWire-X episode, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Ted Wagner, the CSO of SAP National Security Services, and host Dave Bittner speaks with sponsor ExtraHop Senior Technical Marketing Manager Jamie Moles. They discuss solutions to help business and security leaders to not just address these challenges, but to get more out of their tooling as they do. They discuss strategies for how to determine which tools you actually need and which you can get rid of, as well as the step-change benefits that can be realized when you consolidate, automate, and integrate your security solutions.

Commercial threat intelligence proves invaluable for the public sector.

Sun, 11 Dec 2022 06:00:00 -0000

Historically, the U.S. government has relied almost solely on its own intelligence analysis to inform strategic decisions. This has been especially true surrounding geopolitical events and nation-level cybersecurity situations.

However, the explosion of assets being connected to the internet, along with the fact that most critical infrastructure is owned by private sector organizations, means that commercially developed cyber threat intelligence is being generated at a faster pace than ever before.

In the Russia/Ukraine conflict, we saw how commercially generated satellite intelligence played a critical role in alerting the public and ensuring our allies were ready for an invasion. At LookingGlass, we believe commercial threat intelligence can provide similar anticipatory insight – and that it can be shared more easily and quickly than intelligence generated solely by the U.S. government.

Ultimately, the public and private sectors need to work together to protect the interests of the American people. Currently, both private industry and academia are targeted by foreign adversaries, just as are government agencies. This means that commercial entities also have access to adversary tactics, techniques, and procedures (TTPs) and indicators of compromise, and they have that access from a different perspective, which is valuable intelligence for the government.

On this episode of CyberWire-X, host Rick Howard, the CyberWire’s CISO, Chief Analyst and Senior Fellow, speaks with Hash Table member Wayne Moore, CISO at Simply Business, and host Dave Bittner speaks with Bryan Ware, CEO at episode sponsor LookingGlass Cyber Solutions. They’ll discuss why the U.S. government needs commercial cyber threat intelligence now more than ever before and how both the public and private sectors will benefit from closer, trusted cyber partnerships.

Software supply chain management: Lessons learned from SolarWinds.

Sun, 04 Dec 2022 06:00:00 -0000

Between the emergence of sophisticated nation-state actors, the rise of ransomware-as-a-service, the increasing attack surface remote work presents, and much more, organizations today contend with more complex risk than ever. A “Secure-by-Design” approach can secure software environments, development processes and products. That approach includes increasing training for employees, adopting zero trust, leveraging Red Teams, and creating a unique triple-build software development process. SolarWinds calls its version of this process the "Next-Generation Build System," and offers it as a model for secure software development that will make supply chain attacks more difficult.

On this episode of CyberWire-X, host Rick Howard, N2K’s CSO, and CyberWire’s Chief Analyst and Senior Fellow, discusses software supply chain lessons learned from the SolarWinds attack of 2020 with Hash Table members Rick Doten, the CISO for Healthcare Enterprises and Centene, Steve Winterfeld, Akamai's Advisory CISO, and Dawn Cappelli, Director of OT-CERT at Dragos, and in the second half of the show, Rick speaks with our episode sponsor, SolarWinds, CISO Tim Brown.

Cyber confidence: Knowing what you have and where it is.

Sun, 16 Oct 2022 05:00:00 -0000

Between multi-cloud deployments, more employees working remotely, and increasing use of SaaS applications, the number of entry points for attackers to infiltrate your systems has exploded. But gaining visibility into all these possible attack vectors is time-consuming and often incomplete or just a snapshot in time.

If the first rule of cyber is to “know what you have,” how can cyber professionals get a comprehensive, current picture of their assets? How can they feel confident that they understand which assets may be more vulnerable and prioritize defenses accordingly?

In the first half of this episode of Cyberwire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Hash Table member Jaclyn Miller, the Head of InfoSec & IT at DispatchHealth. In the second half of the episode, Cody Pierce, Chief Product Officer at episode sponsor LookingGlass Cyber Solutions, talks with Dave Bittner. Listen to the discussions about answering the foundational cyber questions (What do I have? Is it protected?), why context is critical, and how an adversarial perspective helps you be a better defender.

Pentest reporting and the remediation cycle: Why aren’t we making progress?

Sun, 09 Oct 2022 05:00:00 -0000

The age-old battle between offensive and defensive security practitioners is most often played out in the penetration testing cycle. Pentesters ask, “Is it our fault if they don’t fix things?” While defenders drown in a sea of unprioritized findings and legacy issues wondering where to even start.

But the real battle shouldn’t be between the teams; it should be against the real adversaries. So why do pentesters routinely come back and find the same things they reported a year ago? Do the defenders just not care or does the onus fall on the report? Everyone really wants the same thing: better security. To get there, the primary communication tool between consultant and client, offensive and defensive teams — the pentest report — must be consumable and actionable and tailored to the audience who receives it.

In the first half of this episode of Cyberwire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Hash Table members Amanda Fennell, the CIO and CSO of Relativity, and William MacMillan, the SVP of Security Product and Program Management at Salesforce. In the second half of the episode, Dan DeCloss, the Founder and CEO of episode sponsor PlexTrac, joins Dave Bittner discuss the politics around pentest reporting and how better reports can support real progress.

The OSINT revolution: How cyber and physical security teams are leveraging open source intelligence.

Sun, 02 Oct 2022 05:00:00 -0000

On this episode of CyberWire-X, we dive into the essential role of open-source intelligence in identifying cyber and physical threats and reducing risk across your organization. The CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table members Dr. Georgianna Shea, CCTI and TCIL Chief Technologist at the Foundation for Defense of Democracies, and Bob Turner, Field CISO – Education at Fortinet. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor risk intelligence firm Flashpoint's Chief Intelligence Officer Tom Hofmann. They explore the foundational importance of open source intelligence, which includes social media platforms and geospatial data and insights. Plus, they explore real-life examples of how organizations, from governments to commercial enterprises, are leveraging open source intelligence and technology every day to protect their people, places, assets, and critical infrastructure.

Securing multi-cloud identity with orchestration.

Thu, 01 Sep 2022 05:00:00 -0000

While multi-cloud brings significant benefits, it also poses serious security risks. And identity is the reason. Each cloud platform, such as Azure, Google, and AWS, uses proprietary identity systems, and the lack of interoperability makes it unruly to manage. These disparate systems can’t talk to each other resulting in a fragmented environment full of identity silos — the perfect way for an attacker to get in and cause destruction.

In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Rick Doten, the CISO for Healthcare Enterprises and Centene. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Strata Identity's CEO and Co-founder Eric Olden. Both sets of discussions center around the challenges to identity management caused by the rapid shift to multi-cloud.

Red teamer's perspective on demotivating attackers.

Sun, 14 Aug 2022 05:00:00 -0000

Cybercriminals are motivated by one simple incentive - money. Their favorite tools are bots to leverage sophistication, scalability, and ease of use. The effect is the creation of the underground bot ecosystem. This community allows threat actors to work together and continually improve their tactics. They sell bypasses for rule-based anti-bot solutions to other less technical fraudsters.

In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by Hash Table member Etay Maor. Cato Networks’ Senior Director Security Strategy. They discuss this reality that has put defenders at a serious disadvantage and the mitigation steps to consider for future attacks.. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Kasada's founder Sam Crowther talking about what he saw first-hand as a red teamer at a major Australian bank and what inspired him to reimagine bot mitigation with the founding principle of undermining the attacker’s ROI.

Cybersecurity is a team sport.

Tue, 09 Aug 2022 05:00:00 -0000

In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport–united for a shared mission.

In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined in the first half by two Hash Table members, Ted Wagner, CISO at SAP National Security Services, and Jenn Reed, CISO at Aviatrix. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor ExtraHop's Senior Product Marketing Manager, Chase Snyder, and CrowdStrike's Head of Product Marketing, Janani Nagarajan .They discuss why and how vendors should work together to enable better integrated security for their customers. They’ll answer questions like “what is XDR?” and “how do I get my vendors to work together?”.

The great overcorrection: shifting left probably left you vulnerable. Here’s how you can make it right.

Sun, 24 Jul 2022 05:00:00 -0000

Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this episode of CyberWire-X, the CyberWire's CSO, Chief Analyst, and Senior Fellow, Rick Howard, talks with two Hash Table members, Centene’s VP and CISO for Healthcare Enterprises, Rick Doten, and Akamai’s Advisory CISO, Steve Winterfeld. In the second half of the show, CyberWire podcast host Dave Bittner talks with our episode sponsor Invicti’s Chief Product Officer, Sonali Shah. They discuss the challenges and misunderstandings around shifting left, and provide tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle.

Cybercriminals shift tactics from disruption to data leaks.

Sun, 17 Jul 2022 05:00:00 -0000

On this episode of CyberWire-X, we examine double extortion ransomware. The large-scale cyber events of yesterday – Stuxnet, the Ukraine Power Grid Attack – were primarily focused on disruption. Cybercriminals soon shifted to ransomware with disruption still the key focus – and then took things to the next level with Double Extortion Ransomware.

When ransomware first started to take off as the attack method of choice around 2015, the hacker playbook was focused on encrypting data, requesting payment and then handing over the encryption keys. Their methods escalated with Double Extortion, stealing data as well as encrypting it - and threatening to leak data if they don’t receive payment. We’ve seen with ransomware groups like Maze that they will follow through with publishing private information if not paid.

In the first part of the show, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, talks with Wayne Moore, Simply Business' CISO and CyberWire Hash Table member, and, in the second half of the show, the CyberWire's podcast host Dave Bittner talks with Nathan Hunstad, episode sponsor Code42’s Deputy CISO. They discuss how classic ransomware protection such as offsite backups are no longer enough. They explain that Double Extortion means that you need to understand what data has been stolen and weigh the cost of paying with the cost of your data going public.

Defining the intruder’s dilemma.

Sun, 05 Jun 2022 05:00:00 -0000

For this Cyberwire-X episode, we are talking about the failure of perimeter defense as an architecture where, since the 1990s when it was invented, the plan was to keep everything out. That model never really worked that well since we had to poke holes in the perimeter to allow employees, contractors, and partners to do legitimate business with us. Those same holes could be exploited by the bad guys, too. The question is, what are we doing instead? What is the security architecture, the strategy, and the tactics that we are all using today that is more secure than perimeter defense? In the first part of the show, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, talks with Jerry Archer, the Sallie Mae CSO and CyberWire Hash Table member, and, in the second half of the show, the CyberWire's podcast host Dave Bittner talks with Mike Ernst, episode sponsor ExtraHop’s Vice President of Sales Engineering, to discuss Software Defined Perimeter and intrusion kill chain prevention strategy.

The current state of zero trust.

Sun, 15 May 2022 05:00:00 -0000

According to the zero trust philosophy, we all assume that our networks are already compromised and try to design them to limit the damage if it turns out to be so. In this episode of CyberWire-X, we’ve invited subject matter experts, Amanda Fennell, the Chief Information Officer and Chief Security Officer of Relativity, and Galeal Zino, CEO of episode Sponsor NetFoundry, to the Cyberwire Hash Table to discuss all the ways to think about the solution in the modern era: Software Defined Perimeter (SDP), Secure Access Service Edge (SASE), identity and authorization, and private WAN, all through a First Principle lens. The CyberWire’s CSO, Chief Analyst, and Senior Fellow, Rick Howard delves into the topic with you.

The future of security validation – what next?

Tue, 03 May 2022 14:00:00 -0000

Security executives need visibility into their real cyber risk in real time. But with the flood of vulnerability alerts, how can organizations pinpoint impactful security gaps? To meet this challenge, security teams are shifting to an exploit-centric approach to security validation to expose potential threats from ransomware, leaked credentials, phishing, & more.

On this episode of CyberWire-X, we explore how automation can help teams make this shift to prioritize remediation based on bottom line business impact. Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, discusses the topic with Rick Doten, CISO, Carolina Complete Health and CyberWire Hash Table member, while Dave Bittner, CyberWire podcast host, engages with Sponsor Pentera's Jay Mar-Tang, Sales Engineering Manager for the Americas, about automated security validation.

DevSecOps and securing the container.

Sun, 01 May 2022 05:00:00 -0000

The move to cloud has great potential to improve security, but the required process and cultural changes can be daunting. There are a vast number of critical vulnerabilities that make it to production and demand more effective mitigations. Although “shifting security left” should help, organizations are not able to achieve this quickly enough, and “shifting left” does not account for runtime threats. Organizations must strive to improve the prioritization of vulnerabilities to ensure the most dangerous flaws are fixed early. But even then, some risk will be accepted, and a threat detection and response program is required for full security coverage.

On this episode of CyberWire-X, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores how to secure your software development lifecycle, how to use a maturity model like BSIM, where do containers fit in that process, and the Sysdig 2022 Cloud-Native Security and Usage report. Joining Rick on this episode are Tom Quinn, CISO at T. Rowe Price and CyberWire Hash Table member, and from episode sponsor Sysdig is their Director of Thought Leadership, Anna Belak, to discuss their experiences and real world data, as well as practical approaches to managing cloud risk.

Living security: the current state of XDR.

Sun, 03 Apr 2022 05:00:00 -0000

In this CyberWire-X episode, host Rick Howard, the CyberWire's CSO, Chief Analyst and Senior Fellow, explores the state of XDR. Joining Rick on this episode are Ted Wagner, SAP National Security Services CISO and CyberWire Hash Table member, and from episode sponsor Trellix are Bryan Palma, the Trellix Chief Executive Officer, and John Fokker, the Trellix Head of Cyber Investigations. Listen as Rick and guests discuss XDR, SASE, SIEM, and SOAR.

Insider Risk Excellence Awards.

Thu, 24 Mar 2022 05:00:00 -0000

In this CyberWire-X episode, host Dave Bittner chats with the judges of the Insider Risk Excellence Awards. The inaugural awards program, announced during last September's Insider Risk Summit, recognizes the best of the best in Insider Risk Management. They honor the work of individuals and organizations as they address Insider Risk in the most collaborative work environment we’ve ever seen. Judges Joe Payne, President and CEO, Code42 and Chairman, Insider Risk Summit and Wendy Overton, Director of Cyber Strategy and Insider Risk Leader, Optiv, talk about the growing Insider Risk problem, reveal the winners of each award category and pull back the curtain on how each of these Insider Risk trailblazers are making an impact.

HEAT: Examining the next-class of browser-based attacks.

Sun, 06 Mar 2022 06:00:00 -0000

Modern enterprises have evolved drastically over the last two years as a result of the global pandemic. Due in part to organizations pivoting quickly to new business models by migrating apps and services to the cloud to enable hybrid and remote workforces, the “new” office has quickly become the web browser. Today, business users are spending an average of 75% of their workday in a browser – that’s where productivity takes place! But the digital enhancements of the last two years have ushered in widespread transformation that expanded attack surfaces and created new opportunities for cyber miscreants, giving rise to Highly Evasive Advanced Threats (HEAT).

During this episode of CyberWire-X, the CyberWire's Dave Bittner speaks with Dan Prince, Senior Lecturer in Security and Protection Science at the School of Computing and Communications at Lancaster University, about the topic. Show Sponsor Menlo Security's Nick Edwards and Dave explore what HEAT attacks are, how they work, and why they’re resulting in the rise of ransomware attacks and account takeovers.

What Log4Shell has taught us.

Sun, 20 Feb 2022 06:00:00 -0000

If 2021 taught us anything, it’s that our supply chain–especially our technical supply chain–hangs in the balance of a very fragile system. The year came to a close with the announcement of the Log4j zero day. Talk about saving the best for last.

On this episode of CyberWire-X, the CyberWire's Rick Howard speaks with Tom Quinn CISO at T. Rowe Price, about the topic. Show Sponsor ExtraHop’s Head of Product, Ted Driggs, joins the CyberWire's Dave Bittner to examine what Log4Shell tells us about the state of cyber defense going into 2022, and what enterprises can do to prepare. Through these conversations, we explore the challenges that enterprises had in patching the vulnerability, take a closer look at the advanced post-compromise threat activity spotted in the wild, and glean lessons that can be learned to build resilience against the next Log4j-style zero day.

Zero Trust for cloud assets: Identity authentication and authorization.

Sun, 30 Jan 2022 06:00:00 -0000

Applying Zero Trust principles to access rights can be tricky given the volume and dynamic nature of services in the cloud. Serverless computer services, like AWS Lambda, multiply the volume of identities to manage. These cloud services often have excessive permissions to access sensitive data and can become a potential entry point for an attacker to exploit.

The CyberWire's Rick Howard speaks with Scott Farber, Principal Cyber Architect & Zero Trust Technical Lead at MITRE about the topic. Show Sponsor Sysdig's Vice President of Security Product Management, Maor Goldberg, brings experience with data center and cloud to a discussion with CyberWire-X on the considerations for managing access rights in this hybrid world. They consider the pros and cons of different approaches to enforcing least privilege in the cloud.

Cybersecurity predictions for 2022.

Sun, 02 Jan 2022 06:00:00 -0000

Industry experts discuss their cybersecurity predictions for 2022, what trends and attacks will be most prevalent in the year ahead, and how organizations should be preparing for the new year.

In this show, we cover what they think the industry might see in 2022 (and some we probably won't see). The CyberWire's Rick Howard speaks with Hash Table member Kevin Magee, Chief Security Officer at Microsoft Canada, and show sponsor Keeper Security's CTO & Co-Founder Craig Lurey joins The CyberWire's Dave Bittner on this CyberWire-X and shares his insights on the topic.

How ransomware impacts organizations.

Sun, 21 Nov 2021 06:00:00 -0000

As ransomware attacks rapidly rise in frequency, eye-popping ransom demands grab headlines, and consumers experience product shortages and difficulty accessing services as the organizations they do business with are knocked offline. However, little is reported about the impact of a ransomware attack inside an organization.

In this show, we cover what steps organizations are taking now to prepare for a ransomware attack and what happens to an organization on that especially bad day when ransomware comes calling. The CyberWire's Rick Howard speaks with Hash Table member Don Welch, Vice president for Information Technology and Global Chief Information Officer at New York University, and show sponsor Keeper Security's CEO & Co-Founder Darren Guccione joins The CyberWire's Dave Bittner on this CyberWire-X as they share their expertise on the topic.

The real costs of ransomware in 2021, 2022, and beyond.

Sun, 14 Nov 2021 06:00:00 -0000

Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problem–everyone from cyber insurance providers to the federal government have taken note. The CyberWire's Rick Howard speaks with Hash Table member Kevin Ford of Environmental Systems Research Institute (ESRI), and ExtraHop's VP, GM of International and Global Security Programs, Mike Campfield, joins The CyberWire's Dave Bittner on this CyberWire-X for a retrospective on ransomware in 2021. Mike shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat.

Cloud configuration security: Breaking the endless cycle.

Sun, 03 Oct 2021 05:00:00 -0000

Moving to the cloud creates a tremendous opportunity to get security right and reduce the risk of data breach. But most cloud security initiatives get underway after services are deployed in the cloud. It’s frustrating when major breaches resulting from basic mistakes, like S3 buckets left unsecured or secrets exposed. Continually checking for risky configurations and unusual behavior in cloud logs is a requirement, but there is an opportunity to be proactive. What if you could configure your security and access controls as you set up cloud infrastructure? The CyberWire's Rick Howard speaks with Hash Table members Kevin Ford of North Dakota State government and Steve Winterfeld of Akamai, as well as sponsor Sysdig's Omer Azaria to discuss how security teams are adopting Infrastructure as Code (IaC) security as part of their overall cloud security strategy to reduce risk.

Why it’s time for cybersecurity to go mainstream.

Sun, 26 Sep 2021 05:00:00 -0000

The commonly held, idealized picture of technology is that tech makes our lives easier, safer, and better in just about every respect. But an unintended consequence of that picture is an unjustified assumption that companies will sell more products if they serve the public interest, and that may not be so. On the consumer side, personal technology investments are often a race to the price bottom, with little attention paid to the security of the products we buy. Vendors may enjoy less scrutiny and accountability, but that's not necessarily in the consumers' interest. Good things almost always come when technology steps out of the shadows and into the light of the mainstream.

It’s time that happened in cybersecurity, where everyone, from suppliers to consumers, has a role to play. In this episode of CyberWire-X, knowledgeable representatives across that spectrum to learn what they have to say about risk, accountability, and, above all, transparency. Guest Dr. Georgianna Shea from the Foundation for Defense of Democracies shares her insights with the CyberWire's Rick Howard, and Sponsor Tanium's CISO for the Americas Chris Hallenbeck joins the CyberWire's Dave Bittner to discuss achievable steps the government, private sector, and the broader public can take to start moving the needle on cybersecurity.

From board advisor to board member: evolution of the modern CISO.

Sun, 22 Aug 2021 05:00:00 -0000

The recent frequency of ransomware attacks and heightened visibility of supply chain risks has garnered the attention of executive teams and boards of directors for companies of all sizes, across all industries. For CISOs, these recent events have significantly amplified the importance of establishing and maintaining effective relationships and lines of communication with boards of directors. CISOs are now spending more time than ever engaging, reporting, and answering to boards regarding questions around where their organization is on the cyber risk spectrum. For CISOs, this heightened risk environment presents both a challenge and an opportunity.

In this episode of CyberWire-X, guest ret. Major General Zan Vautrinot and Sponsor JM Search's Jamey Cummings joins the CyberWire's Rick Howard to discuss how today’s CISOs are challenged to develop an ever-expanding skill set to effectively execute in their role while also satisfying concerns and areas of interest of their board of directors. Jamey will also discuss how the evolving role of the CISO is unlocking opportunities for CISOs to elevate their stature, and can open the door for them to serve in board roles as companies are increasingly prioritizing information security and technology risk management skills for their directors.

Behavioral transparency – the patterns within.

Sun, 01 Aug 2021 04:00:00 -0000

President Biden's Cyber Executive Order includes provision for a software bill of materials in government contracts. It's a critical and necessary first measure for protecting the software supply chain. To defend against cyber attacks like the ones that affected SolarWinds and Colonial Pipeline, organizations also need transparency about the way the software in their supply chain behaves–how, and with whom, that software engages in and outside of their networks.

In this episode of CyberWire-X, we explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise..Guest and CyberWire Podcast Partner Caleb Barlow shares his insights with the CyberWire's Rick Howard, and Ben Higgins and Ted Driggs from sponsor ExtraHop offer their thoughts to the CyberWire's Dave Bittner.

Is enhanced hardware security the answer to ransomware?

Sun, 25 Jul 2021 04:00:00 -0000

With the recent onslaught of ransomware attacks across healthcare institutions, critical infrastructure, and the public sector, it's clear that ransomware isn’t going anywhere. But given how common ransomware attacks have become, how is it that we've been unable to put a stop to them? Companies often overlook the role that hardware security plays in meeting this challenge, and that oversight has become a bad actor's dream. Michael Nordquist speaks about the recent surge in ransomware attacks, and how strong hardware security, combined with software security and personnel security awareness, can be the answer to the industry’s prayers.

In this episode of CyberWire-X, guest Steve Winterfeld from Akamai shares his insights with the CyberWire's Rick Howard, and Michael Nordquist of sponsor Intel offers his thoughts to the CyberWire's Dave Bittner.

APTs transitioning to the cloud.

Sun, 11 Jul 2021 04:00:00 -0000

Cloud attacks have become so widespread that the Department of Homeland Security (DHS) has warned against an increase of nation states, criminal groups and hacktivists targeting cloud-based enterprise resources.

APTs such as Pacha Group, Rocke Group and TeamTNT have been rapidly modifying their existing tools to target Linux servers in the cloud. Modifying their existing code to create new malware variants which are easily bypassing traditional security solutions. The solution? In order to detect and respond to these attacks security teams need visibility into what code is running on their systems.

In this episode of CyberWire-X, guest Jonas Walker from Fortinet shares his insights with the CyberWire's Rick Howard, and Ell Marquez of sponsor Intezer offers her thoughts to the CyberWire's Dave Bittner.

Zeroing in on zero trust.

Sun, 16 May 2021 07:00:00 -0000

The Zero Trust security model asserts that organizations should not trust anything within its perimeters and instead must inspect every traffic and verify anything connecting to its systems before granting access. While Zero Trust is generating a lot of buzz in the cyber world, it’s often hard to determine the implications of this security model.

In this episode of CyberWire-X, guests will discuss the origins of the model, cut through the hype, and discuss what you really need to know to design, implement, and monitor an effective Zero Trust approach. John Kindervag of ON2IT Cybersecurity, also known as the "Creator of Zero Trust," shares his insights with the CyberWire's Rick Howard, and Tom Clavel of sponsor ExtraHop joins Kapil Raina from their partner CrowdStrike to offer their thoughts to the CyberWire's Dave Bittner.

Street cred: increasing trust in passwordless authentication.

Sun, 09 May 2021 07:00:00 -0000

Good security gets out of the way of users while getting in the way of adversaries. Passwords fail on both accounts. Users feel the pain of adhering to complex password policies. Adversaries simply copy, break, or brute-force their way in. Why, then, have we spent decades with passwords as the primary factor for authentication?From the very first theft of cleartext passwords to the very latest bypass of a second-factor, time and again improvements in defenses are met with improved attacks. The industry needs to trust passwordless authentication.What holds us back from getting rid of passwords? Trust.

In this episode of CyberWire-X, guests will discuss a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor. We will share a path forward for increasing trust in passwordless authentication. Nikk Gilbert of CISO of Cherokee Nation Businesses and retired CSO Gary McAlum share their insights with Rick Howard, and Advisory CISO of Duo Security at Cisco Wolfgang Goerlich from sponsor Duo Security offers his thoughts with Dave Bittner.

Channeling the data avalanche.

Sun, 25 Apr 2021 07:00:00 -0000

Proliferation of data continues to outstrip our ability to manage and secure data. The gap is growing and alarming,especially given the explosion of non-traditional smart devices generating, storing, and sharing information. As edge computing grows, more devices are generating and transmitting data than there are human beings walking the planet.

High-speed generation of data is here to stay. Are we equipped as people, as organizations, and as a global community to handle all this information? Current evidence suggests not. The International Data Corporation (IDC) predicted in its study, Data Age 2025, that enterprises will need to rely on machine learning, automation and machine-to-machine technologies to stay ahead of the information tsunami, while efficiently determining and iterating on high-value data from the source in order to drive sound business decisions.

That sounds reasonable, but many well-known names in the industry are trying - and failing - to solve this problem. The struggle lies in the pivot from “big data,” to “fast data,” the ability to extract meaningful, actionable intelligence from a sea of information, and do it quickly. Most of the solutions available are either prohibitively expensive, not scalable, or both.

In this episode of CyberWire-X, guests will discuss present and future threats posed by an unmanageable data avalanche, as well as emerging technologies that may lead public and private sector efforts through the developing crisis. Don Welch of Penn State University and Steve Winterfeld of Akamai share their insights with Rick Howard, and Egon Rinderer from sponsor Tanium offers his thoughts with Dave Bittner.

SolarWinds, SUNBURST, and supply chain security.

Sun, 14 Mar 2021 07:00:00 -0000

The SolarWinds Orion SUNBURST exploit forced organizations to determine whether and to what extent they’d been compromised. It’s not enough to eject the intruders and their malware from the networks. Affected organizations also need to know what systems and data had been breached, and for how long. The adversary behind SUNBURST is advanced, quietly breaching the perimeter and moving freely to access, steal, or destroy business-critical data, and to disrupt operations.

Joining us to share their expertise on the subject are Ryan Olson of Palo Alto Networks' Unit 42, Bill Yurek of Inspired Hacking Solutions, and we close out the show with Matt Cauthorn, from our sponsor ExtraHop, who joins CyberWire-X to discuss the challenges of detecting such advanced threats, and to share insights from behavioral analysis on what the new breed of threat actor is doing inside our networks.

Security platforms vs best of breed point products: What should you deploy?

Sun, 31 Jan 2021 06:00:00 -0000

For 20 years, the cybersecurity practitioner’s goto move when confronted with a new risk or compliance requirement has been to install a technical tool somewhere in the security stack to cover it. Over time, the number of tools that the infosec team has to manage has slowly grown. With the advent of bring-your-own device to the workplace, CIOs choosing SaaS applications to do work that has been traditionally handled in the data center, and organizations rushing to deploy their services into hybrid cloud environments, the number of individual data islands where company material information is routinely stored and must be covered by the security stack has increased. The complexity of this situation is immense. Two strategies have emerged to address this problem. The first is to continue down the path of installing more technical tools in each data island to cover the risk and having the infosec team manually process the telemetry of all the security devices with bigger teams and helper-automation-tools like SOAR platforms and SIEM databases. The second strategy is to choose a security vendor's platform that performs most of the security tasks on all the data islands but now makes the organization reliant on a single point of failure.

Joining Rick Howard from the CyberWire's Hash Table's group of experts to consider the matter are Mike Higgins from Haven Health and Greg Notch from the National Hockey League, and later in the show, Rick speaks with Lior Div of Cybereason, who gives their point of view on this debate.

Can public/private partnerships prevent a Cyber Pearl Harbor?

Sun, 13 Dec 2020 06:00:00 -0000

For many years, public and private sector cybersecurity experts have warned of a large-scale, massively impactful cyber attack on critical infrastructure (CI). Whether you call it a cyber doomsday, a cyber extinction, or as former Defense Secretary Leon Panetta termed it, a “Cyber Pearl Harbor,” the message is clear: it's not a matter of if, it's a matter of when, and it's not just critical infrastructure that's vulnerable. More recently, experts have started to raise the alarm around not just CI, but other systems as well, notably position, navigation and timing (PNT) services. PNT includes things like GPS devices -- extensions of IT systems which are widely used by both private and public sector organizations, and particularly vulnerable to attack thanks to their open source origins and lack of native security controls. While there is no magic bullet to solve the cybersecurity challenge, there's growing consensus that an effective strategy is going to require large-scale cooperation and coordination between the public and private sectors. While the government is uniquely equipped to source and promulgate guidelines and standards like the Federal Information Processing Standards (FIPS) and NIST Special Publication 800 Series, private sector partners have the expertise to implement these standards across industries. The private sector is also a major driver of innovation in security, making use of sophisticated analytics, AI, and other tools to improve not only native security controls but also hygiene, threat detection, and response. In this episode of Cyberwire-X, guests will discuss the benefits of public/private partnership for cybersecurity, the roles of each, and how the threat of a "Cyber Pearl Harbor" informs the priorities of both.

Joining us today are Keith Mularski from EY, Rob Lee from Dragos, and Egon Rinderer from Tanium.

The cybersecurity paradox.

Sun, 20 Sep 2020 05:00:00 -0000

The cybersecurity space is nothing if not crowded. Yet despite all the fantastic offers and promises being made by vendors, the sober reality persists that spending has not equated to improved security. Did you know that 80% of IT security budgets are focused on detection and containment controls, even though 70% of security experts believe that a greater focus on prevention would strengthen their security posture? Joining the conversation are Bob Olsen from Ankura giving his insight on the many options out there when buying cyber security systems and platforms. Later, we will be joined by Steve Salinas, Head of Product Marketing at Deep Instinct, as he addresses this paradox of why organizations are spending their scarce budget in ways that are contrary to their interests.

The ABCs of cybersecurity for the education sector.

Sun, 16 Aug 2020 05:00:00 -0000

Teachers, students, admin, parents: The education sector has possibly the most diverse user base, each requiring its own user privileges, access requirements, and behavioral trends. Yet besides this, there are a number of unique challenges to securing an educational environment, including ensuring broad attack surface protection, minimal false positives, and maintaining a cost-effective security posture. Join us in as we chat with Kevin Ford, Chief Information Security Officer for the state of North Dakota, about these challenges for securing statewide educational institutions and their networks. Later, we will be joined by Steve Salinas, Head of Product Marketing at Deep Instinct and Matthew Fredrickson, Director of IT at Council Rock School District, in what should be a steep learning curve on protecting educational environments.

Extending security tools to the at home workforce during the pandemic.

Sun, 31 May 2020 11:00:00 -0000

In this episode of CyberWire-X, Rick Howard, the CyberWire’s Chief Analyst, interviews security thought leaders on the strategy and tactics to extend the security controls we’ve typically used to protect our handful of remote employees in the past to today, during the pandemic, that requires us to deploy flexible but equivalent controls at scale to everybody in the organization. Joining us is Bob Turner, CISO of the University of Wisconsin at Madison. Later in the program, we will hear from Mounir Hahad, the head of Threat Labs, and Mike Spanbauer, a security evangelist, at Juniper Networks, the sponsor of the show. Thanks to our sponsor, Juniper Networks.

Complementary colors: teaming tactics in cybersecurity.

Sun, 19 Apr 2020 14:00:00 -0000

We often hear cybersecurity professionals talking about red teams, blue teams, and purple teams. In this episode of CyberWire-X, we investigate what those terms mean, how security teaming approaches have changed over time, and the value of teaming for organizations large and small. Join us for a lively conversation with our experts Austin Scott from Dragos, and Caleb Barlow, from Cynergistek in part one. In part 2, we’ll also hear from Dan DeCloss from Plextrac, the sponsor of today’s episode.

Case studies in risk and regulation.

Wed, 30 Jan 2019 06:00:00 -0000

In the final episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we examine some of the game changing high profile breaches like Yahoo, Equifax and OPM, along with their impacts and lessons learned.

Our guest is Dr. Christopher Pierson, CEO and founder of BlackCloak.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Risk and regulation in the financial sector.

Fri, 21 Dec 2018 06:00:00 -0000

In the third episode of our four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take at risk and regulation in the financial sector, specifically how it intersects with cyber security. How do organizations operate in a heavily regulated global financial environment, while protecting their employees, their customers, and the integrity of a system largely built on trust?

Joining us are Valerie Abend from Accenture and Josh Magri from the Bank Policy Institute.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Settling in with GDPR

Mon, 03 Dec 2018 06:00:00 -0000

In the second episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a look at the impact GDPR has had since it's implementation in May 2018.

Joining us are Emily Mossburg from Deloitte, Caleb Barlow from IBM and Steve Durbin from ISF.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.

Regulation in the U.S.

Tue, 13 Nov 2018 06:00:00 -0000

In this premier episode of our new, four-part series, called “Ground Truth or Consequences: the challenges and opportunities of regulation in cyberspace,” we take a closer look at cyber security regulation in the U.S.

Joining us are Dr. Christopher Pierson from BlackCloak and Randy Sabett from Cooley LLC.

Later in the program we'll hear from Jason Hart, CTO for enterprise and cybersecurity at Gemalto. They're the sponsors of this show.