WE'RE IN! cover logo

Dennis Fisher on the future of cybersecurity journalism

31m · WE'RE IN! · 28 Feb 22:31

Dennis Fisher, editor-in-chief at Decipher, reflects on his journalism career covering cybersecurity for more than two decades in the latest episode of the WE’RE IN! cybersecurity podcast. He began in 2000, covering email before transitioning to security. Soon his focus shifted to vulnerability reporting, including blockbuster bugs in Windows and Internet Explorer. This led to Microsoft's trustworthy computing memo and significant changes in the software industry.

Dennis also discusses the challenges of cybersecurity journalism and the importance of democratizing information.

Listen to hear more about:

  • The overlap between cybercrime and traditional organized crime and the impact of cryptocurrency
  • Dennis’s interest in crime novels and the challenges of incorporating his background into his own books
  • The surprising topic Dennis would cover if he wasn’t focused on security

The episode Dennis Fisher on the future of cybersecurity journalism from the podcast WE'RE IN! has a duration of 31:32. It was first published 28 Feb 22:31. The cover art and the content belong to their respective owners.

More episodes from WE'RE IN!

Kevin Tambascio on balancing security with availability of services in healthcare

Integrating security into the product development lifecycle is a tall order for any industry. It’s particularly challenging for healthcare, with its wide range of critical needs from HVAC systems to medical devices. Kevin Tambascio, director of cybersecurity data and application protection at Cleveland Clinic, juggles the need for constant vigilance and staying updated on fast-moving threats to hospitals.

In the latest episode of WE’RE IN!, Kevin discusses the importance of compliance and risk assessment, noting that while compliance with rules like HIPAA is crucial, it's equally important to pressure test controls against real-world threats. Ransomware targeting hospital data is the primary threat, while phishing and potential abuse of generative AI also pose significant risks.

Listen to hear more about:

  • The benefits of forming an AI task force to enact safe and responsible procedures while enabling clinicians and researchers to explore AI’s potential
  • Effectively communicating cyber threats to non-technical staff by relating them to potential impacts on patient safety and business operations
  • Application security in healthcare; applications often have access to sensitive patient health information and can be potential entry points for cyber threats

Tennisha Martin on bridging the cyber talent gap through diversity

Cybersecurity organizations tend to have unrealistic hiring expectations, according to Tennisha Martin, founder and executive director of the training-focused nonprofit BlackGirlsHack. That can make it hard for would-be candidates to stand out and contribute to solving urgent cybersecurity challenges.

In the latest episode of WE’RE IN!, Tennisha unpacks the important work of The BlackGirlsHack Foundation, which provides training resources and cybersecurity education to underserved communities. That includes giving Black children avenues to complete cybersecurity certifications and snag their first jobs in the industry.

“Part of the reason why I started BlackGirlsHack was because I was a black girl that was trying to get into cyber security and I was like, hey, I've got a whole bunch of degrees and years of experience and certifications, and if I'm having a hard time, I know that the people who are fresh out of high school, for example, may be having a hard time as well,” she said.

Listen to hear more about:

  • How recently reported corporate cutbacks in DEI initiatives are impacting the work of organizations like BlackGirlsHack
  • How Tennisha came to be nicknamed “mother of hackers”
  • Why gamifying cybersecurity can be key to building the next generation of cyber talent

Mara Winn on protecting America’s critical infrastructure from cyberthreats

A first-of-its-kind 2016 cyberattack on Ukraine’s power grid was a wake-up call for countries around the world to shore up protection of vulnerable energy resources. Mara Winn, Deputy Director for Preparedness, Policy, and Risk Analysis at the Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), is in charge of acting on just that. From securing electric vehicles to safeguarding electric substations, Mara and her team help to ensure the resilience of the energy sector against cyber, physical and climate-based disruptions.

Mara takes a holistic approach to risk management, considering both physical and cyber threats. In the latest episode of WE’RE IN!, she cautions against focusing too much on the "flashy object of the day" and describes why she imbues diversity in risk management for the best outcomes.

Listen to hear more about:

  • Why early implementation of security measures in product development is necessary for distributed energy resources like solar, wind and battery technologies
  • How to educate investors, entrepreneurs and designers about understanding the full risk picture in business decisions
  • The role of the National Association of Regulatory Utility Commissioners and the Federal Power Act in defining federal and state responsibilities in the energy system

Amy Chang on squaring cyber policy with real-world threats

Amy Chang, a resident senior fellow for Cybersecurity and Emerging Threats at the R Street Institute, has many tough problems to consider, from election security to adversarial AI attacks to the geopolitical implications of cyberwarfare. In a world rife with hot takes, she pursues a balanced approach to answering these weighty issues—nothing is an assumed outcome.

In this episode of WE’RE IN!, Amy provides insights into the potential cybersecurity policies of both the Trump and Biden administrations after the next presidential election, and how AI has the potential for more than just super-powered hacking. In a recently published paper, she and a colleague detailed consequences like inaccurate medical diagnoses or even manipulation of financial markets.

Listen to hear more about:

The role of cybersecurity in the innovation race between China and the U.S.

The effectiveness of “name and shame” tactics more than a decade after the release of Mandiant’s landmark APT 1 report

Why bipartisan support for cybersecurity measures may not equate to trust in the election security space

Mark Kuhr on AI pentesting and the Synack Red Team

Dr. Mark Kuhr, a former National Security Agency employee, faced a host of challenges when he co-founded Synack with CEO Jay Kaplan in 2013. As CTO for the security testing company, Mark has led Synack through dramatic growth while working to shift the mindset of some cybersecurity practitioners. For instance, the Synack platform, featuring access to security researchers around the globe, initially faced skepticism—a group of essentially strangers pentesting enterprise networks? Not the most convincing argument for CISOs. But through a trust-but-verify approach, Synack’s take on security testing has risen to prominence in the industry.

In this episode of WE’RE IN!, Mark explains how he recruited a community of global top hackers to join the burgeoning Synack Red Team – and what’s at stake as AI capabilities ramp up for attackers and defenders alike.

Listen to hear more about:

  • Mark’s predictions about the use of AI for offensive operations, including selecting targets and applying exploits
  • Synack’s FedRAMP Moderate Authorized status and how other organizations can secure approval to work with sensitive government data
  • How the integration of AI in cybersecurity is increasing the pressure on organizations to patch and mitigate vulnerabilities faster
Every Podcast » WE'RE IN! » Dennis Fisher on the future of cybersecurity journalism