Welcome to TCW Pod #5, where we serve up the latest in cybersecurity with a side of snark and wit. In today's episode, we belatedly discuss the acquisition of Wiz by Google (until it wasn’t), the RockYou2024 password list is a nothing burger, the debate around cybersecurity being “full,” some political chat around the SEC weakening the state of cyber in the US along with the death of Chevron Deference, and how paying a ransom happens and the conflicts of interest within. All this and more as we blend serious insights with a splash of humor, making the world of cybersecurity both enlightening and entertaining. Let’s dive in!
TCW POD #5 SHOW NOTES
On this episode, hosts Tyler Shields, Katie Teitler-Santullo, & Adrian Sanabria tackle the following key points:
01:04 - Introductions and Cold Open
Welcome to The Cyber Why! Let’s goooooo!
03:40 - Show Sponsor - Material Security
Get the most from your security team’s email alert budget
Relying on built-in controls or traditional blockers will inevitably lead to more noise than your incident response team can handle.
Material Security takes a pragmatic approach to email security – stopping new flavors of phishing and pretexting attacks before reaching the user’s mailbox, while searching through everyone else’s mailbox for similar messages in a campaign. What gets surfaced to your team are the highest-value cases to investigate with all the context and reach consolidated into a single view.
Free up more of your alert budget so your team can spend it on what really matters. See how much time you can give back to your security team with Material.
04:30 G-Wiz - Wiz in Talks to be Acquired by Google (Until It Wasn’t)
It’s crazy how fast the markets move. The $23B+ acquisition is a massive play by Google to push harder into the cybersecurity market. This pod was recorded on July 14th, the day that the acquisition rumors spread on the Internet. By the time we got to push this pod live, the story was already out of date. Less than two weeks later, Wiz called off the marriage, citing goals to pursue an IPO. Listen to check out our initial coverage of the announcement and see how it compares to how things ended up. Hindsight being 20/20, this is quite an interesting discussion.
20:20 RockYou2024 Datadump is a Nothing Burger!
The RockYou2024 massive password data dump is a waste of time. We’ll waste our breath on this podcast, so you don’t have to. If you are wasting time using this enormously large text file as a password list, you are not being nearly as effective as possible. Is the RockYou2024 file a troll attempt, or is it just someone’s bad attempt at valuable research? You decide.
34:40 Cybersecurity is Full (or is it)?
The link cyberisfull.com sparked a bunch of discussion and debate in the Twittersphere and Linkedin universe two weeks ago. Contrary to the marketing headlines that come around every six months, according to the website cyberisfull.com, cybersecurity does not have any entry-level jobs remaining. It’s becoming increasingly more challenging to enter the cybersecurity field as even the “entry-level jobs” require many years of experience and advanced certifications and degrees. The panel debates if cyber is genuinely full and, if so, how we solve the hiring and job issues within the cyber industry.
50:11 SEC is Weakening The Cybersecurity Posture of the United States
The panel responds to an essay written by well-known cyber analyst and former CISO Ed Amoroso. The article argues that the SEC's current actions weaken the United States' cybersecurity posture by placing undue pressure on CISOs. This has led to several negative behaviors, including minimizing written communication, increased legal consultations, scrutiny of past decisions, mandatory filings leading to stressful SEC interactions, and deterring talent from the CISO profession. The author urges the SEC to shift its focus from CISOs to CEOs to better protect national cybersecurity without compromising the effectiveness of cybersecurity professionals. What do you think? Is the CISO role safe and desirable for top cyber leaders, or is there way too much risk in making the job a career goal?
1:04:34 WTF is Chevron Deference and Why Does it Matter to Cyber?
Q: How do the herring fishing industry, Supreme Court rulings, and cybersecurity unite to make the world a better place? Answer: it doesn’t, but I learned much about these topics from this segment. The team, led by Katie’s research and knowledge, discusses how the recent “Chevron Deference” Supreme Court ruling limited the importance of expert witnesses and the impact on the CISO role. The herring fishing discussion is a cool chat on the history of the term Chevron Deference, so we have that going for us as well.
1:14:11 How Do Companies Go About Paying A Ransom
What does the process of paying a ransom look like? Do you put $24M into a bunch of suitcases and swap vans under a bridge? Obviously, that isn’t how the funds transfers happen in the world of cryptocurrency and digital hacking (but the visual is funny). Adrian helps break down the process of paying a ransom, using a ransom negotiator, how that business model works, and some of the inherent conflicts of interest that might exist here.
1:22:22 Story #5 - Free AIM VR Shoes
Free Aim VR shoes are funky treadmill boots that remove the need for an omnidirectional treadmill when in VR. Gotta check out the video to get a good understanding of what these things are. It’s only a few thousand dollars to look like a goofball.
Share this post