WE'RE IN!

Amy Chang, a resident senior fellow for Cybersecurity and Emerging Threats at the R Street Institute, has many tough problems to consider, from election security to adversarial AI attacks to the geopolitical implications of cyberwarfare. In a world rife with hot takes, she pursues a balanced approach to answering these weighty issues—nothing is an assumed outcome.

In this episode of WE’RE IN!, Amy provides insights into the potential cybersecurity policies of both the Trump and Biden administrations after the next presidential election, and how AI has the potential for more than just super-powered hacking. In a recently published paper, she and a colleague detailed consequences like inaccurate medical diagnoses or even manipulation of financial markets.

Listen to hear more about:

The role of cybersecurity in the innovation race between China and the U.S.

The effectiveness of “name and shame” tactics more than a decade after the release of Mandiant’s landmark APT 1 report

Why bipartisan support for cybersecurity measures may not equate to trust in the election security space

Dr. Mark Kuhr, a former National Security Agency employee, faced a host of challenges when he co-founded Synack with CEO Jay Kaplan in 2013. As CTO for the security testing company, Mark has led Synack through dramatic growth while working to shift the mindset of some cybersecurity practitioners. For instance, the Synack platform, featuring access to security researchers around the globe, initially faced skepticism—a group of essentially strangers pentesting enterprise networks? Not the most convincing argument for CISOs. But through a trust-but-verify approach, Synack’s take on security testing has risen to prominence in the industry.

In this episode of WE’RE IN!, Mark explains how he recruited a community of global top hackers to join the burgeoning Synack Red Team – and what’s at stake as AI capabilities ramp up for attackers and defenders alike.

Listen to hear more about:

• Mark’s predictions about the use of AI for offensive operations, including selecting targets and applying exploits
• Synack’s FedRAMP Moderate Authorized status and how other organizations can secure approval to work with sensitive government data
• How the integration of AI in cybersecurity is increasing the pressure on organizations to patch and mitigate vulnerabilities faster

In this episode of WE’RE IN!, Anthony Newman, executive director at Research and Education Networks Information Sharing and Analysis Center (REN-ISAC), highlights the need for protecting research infrastructure in higher education, dealing with credential dumps and monitoring the dark web for potential threats. He also discusses the challenges faced in higher education, such as securing a diverse range of resources, navigating risks posed by a litany of third-party vendors and recovering quickly from breaches.

Anthony also digs into the impact of AI in the cybersecurity landscape, emphasizing the need for trust and the potential benefits of automation.

Listen to hear more about:

• How REN-ISAC supports its 700 member institutions within the higher education and research community
• The role of trust and threat intelligence in higher education
• The nature of advanced, persistent threats to research facilities, including China-linked cyberespionage

Dennis Fisher, editor-in-chief at Decipher, reflects on his journalism career covering cybersecurity for more than two decades in the latest episode of the WE’RE IN! cybersecurity podcast. He began in 2000, covering email before transitioning to security. Soon his focus shifted to vulnerability reporting, including blockbuster bugs in Windows and Internet Explorer. This led to Microsoft's trustworthy computing memo and significant changes in the software industry.

Dennis also discusses the challenges of cybersecurity journalism and the importance of democratizing information.

Listen to hear more about:

• The overlap between cybercrime and traditional organized crime and the impact of cryptocurrency
• Dennis’s interest in crime novels and the challenges of incorporating his background into his own books
• The surprising topic Dennis would cover if he wasn’t focused on security

Jason Loomis, Chief Information Security Officer at Freshworks, emphasizes the human side of cybersecurity and the importance of effective leadership. New CISOs should make an effort to understand not just existing security controls, but also the team dynamics at any new organization they’re helping to protect. The human element all too often goes unnoticed, according to Jason.

In this WE’RE IN! episode, Jason discusses the need for strong communication skills and the ability to engage every employee in cybersecurity practices.

Listen to hear more about:

• Why basic security controls and understanding context are crucial in cybersecurity
• How to “sit down, be quiet and listen” rather than try to fix everything immediately in a new cybersecurity leadership role
• What AI means for the risk of future cyberattacks

Season 3 Episode 3

Sarah Armstrong-Smith on understanding the attacker mindset

Sarah Armstrong-Smith, Chief Security Advisor at Microsoft and a cyber security author, discusses her role in improving cyber postures and staying ahead of threats. She explains how Microsoft uses machine learning in their threat intelligence and what's next with the onset of generative AI. She also highlights the importance of understanding the risks and consequences of AI technology, as well as the need for CISOs to embrace new technologies while ensuring accountability.

In this WE’RE IN! episode, Sarah emphasizes the significance of diversity in the cybersecurity workforce and the need for organizations to foster a culture that encourages diverse perspectives.

Listen to hear more about:

Understanding and addressing the unique cyber challenges of different sectors and countries

Balancing the threat landscape with available resources

The human aspect of security and understanding the motivations of attackers

Links:

Find Sarah on LinkedIn

Find Blake on LinkedIn

The financial services industry is among the most sought-after targets for cyberattacks. When malicious actors steal data, it’s often just a means to a cash-rich (or bitcoin) end. Andreas Wuchner, advisor to many security startups and a formative contributor to Switzerland's National Financial Services Information Sharing and Analysis Center, has a thought or two on how to build cyber resiliency in critical banking institutions.

In the latest episode of WE’RE IN!, Andreas challenges some status quo ideas in the industry, like: Is there really a cybersecurity talent gap? And he gets real about how AI can help unleash more capacity and productivity for security teams if paired with rigorous cyber standards.

----------

Listen to learn more about:

* Translating cyber for the C-suite

* How to achieve cyber resiliency

* Forming a worthwhile customer advisory board

Securing a startup valued in the billions of dollars is no small feat. According to Ryan Kazanciyan, CISO at Wiz, it’s all about process. His previous experience with companies like Mandiant and Meta rounded out his security background. Using his experience from large enterprises, Ryan takes a considered approach to securing a startup.

The cloud security company has an existing ethos of security first, so Ryan and his team are equipped to tackle old and new security challenges alike, from run-of-the-mill phishing attacks to sophisticated AI-enabled threats.

----------

Listen to learn more about:

* His time consulting on the hacker TV series Mr. Robot

* Ryan’s thoughts on balancing privacy, security and convenience

* Lessons from his heavy-hitting cyber career

Ready to hear from top cybersecurity newsmakers, executives and storytellers? Eager for advice on how to launch a successful cyber career? Curious about hacking threats that seem to grow more menacing by the day? Get ready for Season 3 of WE'RE IN!

Hosted by Synack's Head of Communications and longtime cybersecurity journalist Blake Thompson Heuer (Sobczak), WE'RE IN! takes you inside the brightest minds in cybersecurity for unique insights and colorful stories from the front lines of our digital transformation. Don't miss the latest season of this breakout podcast, sponsored by Synack!

The next generation of cybersecurity leaders have a vision for the future of cybersecurity. Facing advanced nation-state threats, the breakneck speed of tech innovation and a deluge of zero days, Lauren Zabierek is moving the dial on workforce diversity to tackle these challenges. Lauren, senior policy advisor for Cybersecurity and Infrastructure Security Agency and co-founder of #ShareTheMicInCyber, is also helping organizations “shift left” by integrating security principles into the innovation process.   

Don’t miss the latest episode of WE’RE IN! to hear Lauren’s insights into why cybersecurity job descriptions are broken and how talking to everyday people can build the pipeline of cyber talent.

----------

Listen to learn more about: 

* Which cybersecurity story she’d like to see made into a Christopher Nolan movie

* Why she believes “diversity is national security”

* How she ended up with Ms. magazine bylines