The Cyber Why: What We Read This Week...
... and why you should too! (06/27/23)
Summertime and the living’s easy! However, finding the time to read, learn, and focus on self-improvement - not so much. When the weather gets nice, I spend a lot more time doing things other than reading websites and consuming content pieces. To that end, this week’s TCW is another short one with only five sections to digest. Don’t let the short length fool you. There are some real doozies in here!
Most notably, make sure you take a look at our top story and read the AI canon. It is a fantastic in-depth resource for all things modern AI. We also present some cyber hack stories and dive into a potential new c-level role - the CGO! Lastly, there is a sports-related RFID hacking story and a reference to Ricky Bobby for your reading pleasure. I hope you enjoy this week’s The Cyber Why!
Everything You Need to Know About AI!
AI Canon (Andreessen Horowitz)
How Generative AI Helps Bring Big Design Ideas to Life (CNET)
Picking Teams in AI by (Tomasz Tunguz)
The AI Canon by Andreessen Horowitz provides a comprehensive list of large language models, image generation models, agents, and other data modalities. The list includes research papers and projects, links to accompanying blog posts or websites, where available, and original publication years. The list also covers code generation, video generation, human biology and medical data, audio generation, and multi-dimensional image generation. I haven’t been able to consume all of this yet, but there are many MUST READS in this canon.
Mount Up, The Regulators Are Coming After SolarWinds
SolarWinds chief vows to fight any legal action from US regulators over alleged Russian hack Rick pick (CNN)
On Friday, SolarWinds's Form 8-K acknowledged the SEC issued a Wells Notice to the company, "current and former executive officers, and employees of the company, including the Company's CFO and CISO." A Wells Notice doesn't sound like a good thing; it informs a respondent of the charges a regulator intends to bring and allows the respondent to respond. If you want to learn more about Wells Notices or take a nap, check out the SEC's enforcement manual. This case will be interesting to follow, especially coming off the heels of the Joe Sullivan Uber case. The CISO's response to breaches is coming under increasing scrutiny, and to limit liability, CISOs should push for Director's & Officer's Insurance when negotiating new roles.
The Chief Go-To Market Officer - A New Role
The Rise of the Chief Go-To-Market Officer (RevGenius)
I’ve enjoyed operating as the CMO of several high-tech cybersecurity vendor companies. In these companies, natural friction occurs between the head of sales, the head of product, and the head of marketing. I’ve been blessed to have had great relationships with my CRO and CPO counterparts, making us a highly successful team. But I’ve often wondered about the optimal organizational structure for the go-to-market side of a business. Go to market consists of sales, marketing, customer success, product, and more. At what stages of business growth should you look at unifying these focus areas under a single leader to optimize and break down any silos that may have built up. Also, who should that leader be and why (CEO? COO? CMO? CRO?) This article outlines a new role - the Chief Go-To Market Officer (CGO) and when it makes sense to implement it in your organization.
When is a SMARTwatch not so SMART?
Multiple US Navy personnel say they've received potentially malicious smartwatches in the mail (CNN Politics)
From what I can tell, this is a reinvention of the old “drop the USB drive in the parking lot” attack. Send your mark something free, exciting, and valuable and they will gladly trade away their privacy and security to use it. That’s precisely what happened here. Someone sent smartwatches to multiple Navy personnel that may be installed with malware. While they still don’t know who sent the watches, my guess is there is some hacker group out there reviewing the compromised data that happened before the Navy got the message out not to be stupid. Either that or some corporate marketing person out there is shaking in their boots that they may lose their job soon. Either way, it’s humorous.
RFID Hacks In Competitive Racing
Formula E team caught using RFID scanner that could grab live tire data from other cars (The Verge)
To quote the great Ricky Bobby - “If you ain’t first, you’re last!” It shouldn’t come as any surprise to find out that one of the teams in the all-electric Forumla-E racing class decided to put RFID scanners at the entrance to pit lane. Using the readers, the Penske race crew could read meaningful data about the state of the tires from every car in the race. That information was enough to warrant a 25K Euro fine and a pit lane start penalty for both of their vehicles. I guess you could say that Penske was “tired” of losing. They were really “tread-ing” into dangerous territory with this hack.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!