DEFCON Canceled, Pay-to-Play Analysts, NVD Explosion, Apple Chip Flaws, Exit Scams, and United Healthcare - TCW EP2

We're back for more with The Cyber Why Pod EP2!

Welcome back to episode #2 of The Cyber Why Pod. The greatest four hosts in history tackle the last months top cybersecurity and technology stories. Check us out this month as we cover some killer topics from Defcon’s cancellation, the slow death of NVD, and the rise of Shrimp Jesus. Read below to jump to your favorite parts or watch it straight through from start to finish. Remember - we love you! Please click subscribe and share to your friends if you want to see more!


TCW POD #2 SHOW NOTES

On this episode, hosts Tyler Shields, Rick Holland, Katie Teitler-Santullo, & Adrian Sanabria tackle the following key points:

00:42 - Introductions

04:20 - Show Sponsor - Material Security

Are you wasting your email security budget?

When every dollar counts, you want to make sure you make the most of what you get. You (hopefully) get funds for anti-phishing tools, but the threat landscape extends beyond the inbox.

With more sophisticated attack flavors at higher volumes than ever, email security must also encompass insider risk scenarios, account takeover protection, and data loss prevention.

See why Material Security is the preferred choice for organizations looking to protect more areas of their Microsoft 365 or Google Workspace footprint under a unified toolkit… and a single line item in the budget.

Visit Material Security

06:06 - DEFCON Was Canceled - Then it Wasn’t!

The history of DEFCON and the hotels that have been blown up. Is the new venue for DEFCON a better or a worse outcome than had it not been canceled? Was the ransomware attack the driver of the changes?

22:51 - Are Analyst Firms Pay-to-Play?

This is a pet peeve of mine. At least once or twice a year I read a thread on LinkedIn or Slack message that buckets all analysts as pay to play. It’s not reality and it’s not how the analyst firms truly operate. What makes someone “pay-to-play” and where do you draw the line on influence in analyst relations. Listen to this to get to the meat of the issue.

42:41 - The NVD Explosion - NIST Stops Enriching NVD

Over 6000+ new vulnerabilities discovered in 2024 and less than 43% of them have been enriched by NVD. NVD is falling off a cliff! What will the impact of this issue be on the vulnerability management product offerings and enterprises that use them?

01:00:17 - Apple Chip Flaws Let’s Hacker Steal Encryption Keys

Vulnerabilities with marketing campaigns very rarely end up being important to the enterprise (with a few notable exceptions). This big buzzy vulnerability, while very interesting to the technically inclined researchers, is really not much more than a “nothing burger” at the end of the day. Adrian’s pointed take is a bit of a spicy enchilada!

01:08:36 - No Honor Among Thieves - Exit Scams

Rick level sets on what an “exit scam” is and how the worst of the worst end up burning each other often catching the real victims in the cross fire. If only criminals could trust each other.. it would make our lives “better?” </sarcasm> BlackCat / AlphV details and background on their brutal exit scam.

01:21:05 - United Healthcare and Optum

Katie dives into the healthcare impacts of the massive exit scam that Rick detailed in the previous section. This attack had personal impacts on my family and many people you likely know. We are in a real spot here for health care security throughout the United States.

01:32:44 - Water Water Everywhere - 10K Cyber Products

According to

‘s research at IT-Harvest there are over 10K products in the global cybersecurity market. This is a huge distraction to the enterprise buyers who really have no ability to understand what they should do to secure their environments.

01:40:00 - Story #5 AI Generated Shrimp Jesus

Shrimp jesus takes over the Internet. I believe in Shrimp Jesus! Hallelujah Shrimp Jesus. Happy EASTER Y’all!

Share if you like Shrimp JESUS!

Share

The Cyber Why
The Cyber Why Podcast
TCW Pod is a verbal sparring match on the topics covered by the monthly TCW newsletter. In each segment, we will dissect, discuss, and debate the past few weeks' most critical cybersecurity and cyberbusiness stories with both expert and armchair opinions. We hope you will enjoy getting to know the hosts better, absorb a bit about how we see the world of cybersecurity, and maybe learn a little something with the launch of each episode.