The Cyber Why: What We Read This Week...
... and why you should too! (12/16/23)
This week, I attended the Cyber Marketing Con in Austin, Texas. What a fantastic group of people - many of the best marketers in our industry were there. I can’t wait for next year’s event! You can expect some interesting “TCW deep thought” content coming on the back of this inspiration soon. Now onto our newsletter!
In this week’s TCW, we cover AI content discrimination, cybersecurity - snowflake or whiney cry baby, PartyPool process injection techniques (crazy deep research, so be prepared), innovate or die - how to be the 1% of cyber companies, and the current state of cyber investing. We hope you like our take on the news, and have a great week!
Who's using AI tools in your organization? Find out with Nudge Security. After a quick one-time setup with your email provider, Nudge Security discovers and categorizes every SaaS and cloud account created by anyone in your org, including generative AI. No agents, browser plug-ins or network proxies required.
The best part? You don’t even have to know what apps you’re looking for and you’ll have a full inventory within minutes of starting a free trial. Get started
Discrimination Against Our Machine Overlords
How do people feel about AI-generated content (Marketing BS)
Study gauges how people perceive AI-created content (MIT Sloan)
How would you feel if I told you that this entire issue of The Cyber Why was written by AI? Would you resent the fact that a machine is reporting the latest news to you? Would you be biased against this post's content, effectively discriminating against our machine intelligence counterparts? It’s an interesting thought experiment to take a step back and figure out how you would feel when it is revealed that a human being does not write the content you enjoy. I like to think it doesn’t matter, but a small part of me believes that humans are still superior to machines in deep thought, analysis, and creativity. I guess I’m not the only one! Research conducted by MIT PhDs demonstrates that people do care where their content comes from. The study analyzed human-created with machine-augmented, human-augmented, and pure machine-generated marketing content. The result of the study shows that when people don’t know who created the content, they tend to prefer the fully machine-generated output. However, they prefer human-augmented machine output when they know a machine is involved—AI discrimination at its finest. Fascinating results!
Is Cyber a Snowflake or Just a Bunch of Cry Babies
Cybersecurity Isn’t Special (Kelly Shortridge)
The ever-divisive and occasionally inflammatory Kelly Shortridge has done it again. This time, she takes a shot at whiney CISOs with an article that puts a number of the defacto standards for how security is done directly into her crosshairs. In this piece, Kelly challenges the traditional notion of cybersecurity as an isolated and highly specialized field within organizations. She argues against the perception of cybersecurity as uniquely complex and contends that this viewpoint leads to inefficient and obstructive practices. Instead, the article advocates for integrating cybersecurity into broader organizational processes, similar to how other teams like Site Reliability Engineering (SRE) or platform engineering operate. I’m all for her suggestions, and I think Kelly’s commentary is spot on - with one exception… cybersecurity IS a snowflake compared to SRE and platform engineering because of one difference: you don’t HAVE TO HAVE cybersecurity for your business to operate. Things that make you go, hmm…
Crazy Deep Technical Content Alert!
New PoolParty Process Injection Technique Outsmarts Top EDR Solutions (The Hacker News)
PoolParty Slides (Blackhat 2023)
Forever a cat-and-mouse game, process injection has been around for over a decade. I wrote my CS master's thesis on detecting rootkits and process injection techniques in 2008! Protection of the processes you run on the device is imperative to operating any computing environment safely. Over the years, antivirus, EDR, HIDS, and other technologies have tried to ensure that only trusted and approved code is executed. Like anything else, these technologies had to reinvent themselves continuously to stay ahead of the bad guys. Today is no different.
The latest research in this area is called PoolParty and was built by Alon Leviev, Security Researcher at SafeBreach. PoolParty abuses Windows's thread pool worker factories to achieve a 100% success rate when injecting processes protected by popular EDR solutions, including those from CrowdStrike, Cybereason, Microsoft, Palo Alto Networks, and SentinelOne. This article isn’t for the faint of heart - If you are interested in a deep technical research piece, these slides and article are for you!
Innovate or DIE. Be the 1% of cyber companies!
Why The Most Dangerous Way to Innovate is the Most Effective Way (Richard Chin)
The article "Why the Most Dangerous Way to Innovate is the Most Effective Way" from Entrepreneur's Handbook highlights a key concept in innovation. It states that the most successful innovations often arise from "strongest link problems." In these scenarios, the tiny fraction of top-tier products or ideas, approximately the 1% best, drive the success of the entire endeavor. The big challenge in this process is that the best ideas appear remarkably similar to the worst ones, making it nearly impossible to distinguish between potentially groundbreaking innovations and complete misfires.
Applying the “strongest link” concept to cybersecurity, we can draw parallels in how cybersecurity solutions are invented. In cybersecurity, the market landscape is characterized by a vast array of one-off solutions, many of which are indistinguishable and not unique. The distinction between a revolutionary cybersecurity technology and an ineffective one is subtle, yet the impact of creating the top 1% of these technologies can result in significantly outsized returns. As stated in the article, I’d rather be the 1% of successful outcomes than the 90% of the mediocre. Innovation comes from risk-taking in cybersecurity. Don’t be afraid.
Note: This sounds a hell of a lot like venture capital investing to me!
The Current State of Cyber Investing
A New Landscape: Venture Capital and Cybersecurity in Q3 & Q4 2023 (Cyber Builders)
For our final top story of the week, author Laurent Hausermann from Cyber Builders goes through the good, bad, and ugly of the cybersecurity venture capital landscape in Q3/Q4. The tl;dr is this:
Funding is back to 2019 levels, and we shouldn’t expect a significant change soon. If anything, it’ll continue to get tighter.
Downrounds are expected, and valuation cuts have arrived. As a founder, expect them and embrace them. They are better for you in the long run, anyhow.
Too many unicorns looking to exit all at once will cause consolidation in the market and a new wave of down rounds. Not everyone can exit at once!
Shutdowns are looming for cyber companies. If you have any worries about getting your metrics healthy, you might consider selling ASAP (if you still can).
Meme of the Week!
Welcome to our newest TCW section - “meme of the week.” In this new area, I will post the best meme or dad joke I saw each week, and I hope it makes you laugh! Enjoy.
Quick Hits and Hidden Gems
3M unfilled cybersecurity jobs 'a problem' Crowdstrike CEO (Yahoo Finance) - 3 million unfilled jobs in cybersecurity?! I hear these numbers quoted all the time. Somehow, I don’t think they are real. Convince me otherwise!
We now have more info on what Sam Altman did that was so bad he got fired from OpenAI (Business Insider) - I guess it wasn’t a terminator style take over event that pissed off OpenAIs board. It was the all too common act of a founder being an asshat. Well, that was anticlimactic!
Nearly Everyone Gets A’s at Yale. Does That Cheapen the Grade? (Yahoo Finance) - I’m an adjunct professor at the Kenan Flagler Business School UNC-Chapel Hill. This one hits hard for me. We should grade by real merit, not as the academic equivalent of a participation trophy!
Hackers Reportedly Breach Spider-Man 2 Dev Insomniac, Release Wolverine and Staff Data (IGN) - Hacks of games and movies are nothing new, but I do love the screenshots that leaked of Wolverine at the bar. He’s a TOTAL badass!
The New Rules of Executive Presence (HBR) - My favorite is authenticity. I’ve preached this for years now. It’s who I am and how I lead. Great article!
There's a secret WhatsApp group chat with more than 100 Silicon Valley CEOs in it and even they didn't know what Sam Altman did to get fired (Business Insider) - Don’t bother reading the article, it’s dumb. What I took away from this is a future prediction that this What’sApp group will bite one of these folks in the ass someday as their gossip gets leaked with a screenshot! Remember, kids - NEVER put it in writing.
Happy 10th Birthday to Have I Been Pwned (Tech & Nonsense) - Feel good story of the week. Have I Been Pwned turns 10 years old! Happy Birthday!
Investment banking: concept, fundamentals, and the role in the cybersecurity ecosystem (Venture In Security) - I swear I include something from Ross every week! This one is an excellent read for those on the finance side of the world.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!
Well, I'm just gonna own up and say I am that kind of discriminator , against purely AI created content. I am using the heck out of several new GenAI tools, but I use them to augment, not do an entire thing for me - and I prefer to know or at least feel my best guess is that the content I consume has a similar approach.
Kelly Shortridge is *brilliant* - contrarian, insightful, great speaker/presenter, and so damn funny