Crucial Tech
By Lou Covey
Episode 10.21 - Netacea and stopping malicious bots
During @RSAC Conference in April I met with Matthew Gracey-McMinn, VP of Threat Services for Netacea and we talked about the damage malicious bots can do. His company is one of a handful of companies dedicated to protecting users against that threat, in particular media companies. It was a short conversation and I decided it was worth going into a bit more depth.
Episode 10:20: Zero Trust is simple, but complex: A conversatiion with RegScale CISO
Last week, Dr. Zero Trust, AKA Dr. Chase Cunningham, posted in Linked in that he was fed up with people who say they don’t understand Zero Trust. To a certain extent, I feel his frustration.
Journalists understand the concept. We have a decades-old saying, “If your mother says she loves you, check it out.” It doesn’t get more zero trust than that.
The problem is that while it’s easy to understand as a concept, it isn’t easy to build a zero trust infrastructure, especially with the misleading gobbledygook most cybersecurity companies put out. Cunningham says there are hundred of books and articles on the subject. He’s right, of course. The question is, which one do you choose?
At the RSAC Conference, I sat down and briefly talked with Dale Hoak, CISO for RegScale, about how easy it is to understand Zero Trust but how complex it can be to pull it off. RegScale does government regulation compliance (GRC) and has only been around since 2021, but I found several competitors who promote themselves by saying “when you’re tired of RegScale, come see us.” I find that a ringing endorsement of the company.
So I called Dale up and said I wanted a longer talk about the issue of Zero Trust and where GRC fits in. We also spent some time talking about how the US federal government seems to be stepping away from cybersecurity regulations. I’ll be doing a larger story about that later, but this conversation is a good start.
Episode 10.19 - The "key" to security could be in your hands
Physical authentication keys are a common trope in movies, TV and spy thrillers and they have been around for almost 20 years. But they are still hard to find in real life. We talked with Alex Summerer, head of authentication for Swissbit, which is a relatively new player in the field, headquartered in ...of course, Switzerland. Frankly, after talking with him I'm wondering why I haven't bought one of these things.
Episode 10.18 - Battle of the bots: stealing student aid
Still digging through dozens of hours of recordings and pages of notes from #RSAC_Conference last week. But while looking into the issue of bots, both good and bad, discovered a fairly recent story about how scammers use bots to steal financial ait. And as I always say, if I don't know about something, I know someone who does. So I called up an old friend, Craig Mosher, who teaches history and political science about what he has experienced with fake students and how to deal with them.
Episode 10.17 - Bruce Schneier gives a stunning prediction on AI at RSAC Conference, and how deep risk goes
This was another exhausting #RSAC in San Francisco but I think I'm finally getting a handle on it. There will be more to come, but Bruce Schneier gave a keynote on Tuesday that I think bodes well for journalism.
And we had a visit with our friend at Safety National Insurance, Spencer Timmel, about just how far insurance can cover cybersecurity wweaknesses.
Episode 10.16 - RSAC preview, Government doing good and bad PR
This is a short episode previewing what I'll be doing at RSAC 2025 next week, kudos to the California Franchise Tax Board, and a how-to on working with the press.
Episode 10.15 - Divorce the orange git!
There comes a moment in many abusive relationships, when observant friends encourage the abused party to leave the abuser.
I consider myself a friend of the cybersecurity industry, aside from its bad marketing practices, I see it as important to the well-being of society worldwide. And that’s why I say now, it’s time to leave the federal government, at least for the next two years.
The actions persecuting Chris Krebs and SentinelOne for merely for doing their jobs without political bias, demonstrate that no amount of money is worth working with the Trump administration.
I spend much of the past week unsuccessfully trying to get members of the US cyber industry to comment publicly on this issue. I was able to get public comment from a few outside the country. Some of that can be found in my piece this week on Cyber Protection Magazine. This podcast is with one of the commenters, James Bore, a British cybersecurity consultant and speaker. He says what everyone is thinking.
It’s time to divorce the orange git.
Episode 10.14 - Encryption, Insurance and why you should care
When it comes to polite discussion, there are two things you should never discuss: Politics and Religion. At the same time, most people would also rather not talk about insurance or data encryption. Well, I can’t say I’m all that polite, because that is exactly what this episode is about.
The need for encryption on or data has never been more important, but msot of us don’t know what is or isn’t encrypted and that knowledge has a direct bearing on how much cybersecurity insurance might cost. So we sat down with Spencer Timmel, head of cybersecurity and technology insurance for Safety National, the primary sponsor for this podcast, and we discussed the unmentionable topics.
Episode 10.13 - The AI bubble and how it affects cybersecurity
Microsoft haw cancelled plans for a massive build out of AI data centers and China is shutting down gigawatts or AI processing due to lack of demand. It seems the AI boom is on the verge of busting as big as the Dotcom collapse. And since cybersecurity companies seem dependent on the AI buzzwords to sell their services, that is going to mean change for the industry.
We chatted with ThreatLocker CEO Danny Jenkins and Reality Defender CEO Ben Colman about what is and isn't real regarding the concepts of AI threats.
Episode 10.12 - Encryption is all around us, until it isn't
The "Signalgate" scandal has raised the issue of encryption to a broader audience in the past week. On the plus side, many sources say that 95% of digital traffic is encrypted now, compared to 43% in 2014, but most people have no idea that their personal data is being encrypted. It’s one of those invisible technologies that touch many people.
But there is a basic fact, that a lot of stuff that should be secured, isn’t because users don’t know they have to turn it on For example, WhatsApp, the messenger platform from Meta, advertises that they have end to end encryption, but they don’t tell you that you have to turn it on to get that benefit.
So that brings us to today. What is encryption? Why do we need it and where does it come into play. We talk with Luigi Caramico, CTO and founder of DataKrypto, a company dedicated to encryption. And not just encryption but fully homomorphic encryption, an important step forward in protecting our data
Episode 10.11 - The problem with surveys
As I've said before, I get a lot of "studies" and "surveys" from cybersecurity firms with breathless and urgent warnings about a coming cyber-pocalypse of one sort or another. Funny thing, it's always about something that they supposedly defend against. As I started writing this note, I got another one.
I did one podcast about a survey from Huntress about phishing in February, which was actually pretty good. Then I did one a couple of weeks ago about a less-than-good survey from iProov. Well, my partner in Germany, Patrick Boch, wanted to get into the fun and we decided to talk about two more of these that were also less-than-good from HiddenLayer and Ontinue. No, we didn't interview representatives from either company on this one. We were just having some fun at, unfortunately, their expense.
Here are some of the highlights of our discussion.
- Many cybersecurity surveys lack scientific rigor, often using small, potentially biased samples (e.g., 250 IT decision-makers)
- Reports frequently make vague assumptions or present data in ways that may exaggerate threats or market demand
- Deep fake attacks, while concerning, are currently not as prevalent or successful in cybercrime as often portrayed
- The Verizon Data Breach Investigation Report (DBIR) is considered a gold standard for its concrete terms and unbiased approach
Episode 10.10 - The X DDoS attack was avoidable, and it's not over
The DDoS attack on X.com this week provided a certain amount of schadenfreude for people less than enamored by Elon Musk. It also rang alarm bells in the cybersecurity community as that style of attack seems to be making a comeback, and not for financial gain. All indications are corporations, and, in particular, government institutions are not ready to repel attacks motivated by political revenge.
We talked with Inversion6 CISO Ian Thornton-Trump about how the attack was allowed to happen and what it may mean for the very near future.
Episode 10.9 - How bad marketing obscures the problems of deepfakes and identity theft
I get a lot of "studies" about the state of cybersecurity and most of them are poorly done. In Episode 10.8 I talked about one I like, from Huntress and the week it came out I got pitched another report from iProov that was, well, less than well done. And as much as I tried to help them focus on reality, the more they pushed back.
Again, this is not a knock on what the company does, which is to ensure the veracity of biometric identity, but it is a good example of how cybersecurity companies spend too little and on the wrong efforts to get their story out.
Episode 10.7 - Bob Ackerman, Generative AI, and Universal Basic Income
Artificial Intelligence is all the rage right now with broad claims about how it is going to change the world as we know it. I have my doubts about the hype and so does Bob Ackerman, the granddaddy of cybersecurity venture capital, founder and managing director of AllegisCyber Capital (for the past 29 years) and cofounder of the cyber incubator, DataTribe in Maryland.
I always enjoy chatting with Bob because he sees the nuts and bolts of tech advancements and isn’t the kind of investor to get swayed by the glitz of questionable marketing. In this session, we discussed how AI is starting to displace high-paying jobs like computer coding and legal work, raising concerns about who will be left to buy the AI subscriptions and services. While there will be short-term disruption, he thinks AI will ultimately enable new industries and use cases that create new jobs and economic opportunities. Surprisingly enough, he believes the transition may require policies like universal basic income to support displaced workers.
We also discussed the demographic challenges facing countries like the US and Europe, with aging populations and declining birth rates straining social welfare systems. dAI and automation may help address labor shortages, but also raise questions about how to fund programs like Social Security and Medicare long-term.
More importantly, Bob thinks that the people who invested in AI early will to lose their shirts.
Check it out.
Episode 10.6 - DORA, Insurance and the state of international regulations
Today we are talking about insurance and government regulation... No! Wait! It's good stuff so bear with us.
As the US administration seems intent on dismantling government protections in cybersecutiy, we will all rely heavily on foreign governments and private industries, like insurance, to keep us safe from cybercrime. The Digital Operations Resilience Act, that the EU put into force in January, is a good example of the former, and the insurance industry is a good example of the latter.
We talk to Spencer Timmel, head of cybersecurity and technology for Safety National Insurance(our sponsor) and Arnaud Treps fromOdaseva about how insurance and cybersecurity tech companies are working hand-in-glove to fill in the gaps being left by the Musk/Trump administration.
Episode 10.8 - Phishing on the rise, but there is hope
Phishing attacks are on the rise again with the help of sophisticated generative-AI tools. But new defenses and increased wariness among potential victims are blunting the potential for widespread harm.
We talked with Greg Linares, Principle Threat Intelligence Analyst for Huntress regarding their annual Threat Intelligence report. It sounds grim, but in a new article on Cyber Protection Magazine, we also report on how defensive technology from companies like DeepTempo and personal awareness can blunt the attacks.
A reminder of where we come from
I am very far behind in writing stories and making podcasts. The events since January 20 have made it difficult to keep up. But today, while walking downtown I came across a brand-new independent book store That had a copy of a book dedicated to Martin Luther King Jr.'s "Dream" speech.
I attended that event, with my mother, when I was 11. It was a foundational moment for me. It is when I became "woke." When I saw that book, I knew I had to buy it for my grandchildren, because being two generations separated from that moment is too far. I needed to bring it forward for them, so I bought the book for them and intend to read it to them and help them understand how important the dream is for them as well, especially today.
This isn't a political issue for me. It is how I want to model my life. It does afect my politics, but it also affects my view of family, friends, neighbors, theology, and the world. If you choose to listen to me read this speech, I thank you for taking the time. My thanks extends even to those who are offended by it, as long as they listen to it. It is important to hear, even 60+ years after the fact. Only by repeating it can we learn from it.
Episode 10.5 - Lawyers and insurance companies stand firm on security
This week, we are talking to a lawyer. Maryam Meseha is a founding partner of Pierson Ferdinand LLC, a relatively new and large firm dedicated to digital security.
In the first few weeks of the year, the new US administration has castrated the governmental infrastructure to make sure corporation keep customer data safe, especially in the area of retail fraud. It’s law firms, like Pierson Ferdinand and insurance companies, like our sponsor Safety National that are stepping up to remind companies that maintaining g a strong security posture is a good idea. We appreciate that sentiment. Hope it works.
Episode 10.4 - How moderation works (It ain't what you think)
I've had several discussions about the nature of censorship, the freedom of speech and moderation and I came to the realization that most people have no idea what sociial media moderation is. So I did a bit of a rant.
We also are bringing back the top threat reports from Fletch for a bit of lightheartedness before the rant.
Episode 10.3 - James Bore on our fascination with shiny objects
James Bore is a cybersecurity consultant, speaker and publisher based in the UK. He has a refined sense of cynicism that clicks with my own, so we've been chatting back and forth for several months on various subjects and decided it's probably time to record some of our interaction.
Today, we are looking at the preferred marketing practice (shiny objects) of sewing fear, uncertainty and doubt to get people to buy their products. It drives us both nuts. The issue is not limited to cybersecurity, but it is prevalent in the industry. I'm guessing this conversation will resonate with many of you. Our hope is that our marketing listeners will rethink some strategies,
Episode 10.2 - Bye bye, Zuck
For about two years, the team at Cyber Protection Magazine has debated whether Meta platforms (Facebook, Instagram and *shudder* WhatsApp) were valuable or even necessary for the reach of our magazine. For two years, I've been outvoted every time. Instead, I unilaterally decided to divorce from the platforms.
Providentially, Mark Zuckerberg made two announcements in as many weeks that made the decision unanimous. We are leaving Meta behind for good. Instead, we will remain on Linkedin and join Mastodon and Bluesky this year.
This podcast is the recording of the conversation my co-founder, Patrick Boch, and I had on the "momentous" decision, which also drifted into the issue of what constituted valid information.
Check it out.
Episode 10.1 - China, oligarchs and tradewars with Lou and Ian
We open a new year and a new season with our friend, Ian Thornton-Trump, chief information security officer at the MSSP Inversion6 and in 30 minutes we take on some pretty meaty subjects.
First we discuss how China strategically infiltrated technology systems in the US and other countries as a geopolitical message rather than attacks. He discusses the challenges of securing complex, interconnected systems and the need for proactive defense.
Next we review the rise of corporate power and influence and how the increasing wealth and influence of individuals like Elon Musk is disrupting the traditional balance of power in democracies. The ethical concerns around wealthy individuals wielding disproportionate political influence could result in something the oligarchs are not expecting.
Finally, we review potential trade wars and the possibility of Canada and Mexico joining the BRICS alliance.
2025 is going to be bumpy but very interesting.
Episode 9.11 - Who do you Trust?
The available guests for this last podcast of the year dried up pretty quickly so I thought I would give some closing thoughts on a big issue facing the world: Trust and the lack of it.
Also, our last threat reports courtesy of Fletch.ai
Threat report for Thanksgiving week
Our friends at Fletch provide a grand slam of threats for Thanksgiving week, covering Apple, Android, AWS and Microsoft vulnerabilities
No regular podcast this week but we will be back next week with a possible new way to abuse AI.
Episode 9.10 - Are consumers getting fed up with security?
This is part two of our mashup of recent surveys. This time we talk with Tom Tovar, CEO of Appdome about their comprehensive annual survey of consumer attitudes regarding security in digital technology. The good news is there is a groundswell of security "consciousness" regarding the subject. The bad news is the consumers are not confident that corporations even care.
Episode 9.9 - The mental toll cause by AI
This week, a two-parter. I’m still trying to make sense of all the surveys and studies sent to me. Between trying to figure out if they are plagiarized, use inadequate samples, are a lame attempt at self-promotion or are actually good data is almost a full-time job. Luckily I got a couple of good ones this month and am doing another mashup.
Today’s interview is with Frank Teruel, CFO of Arkose Labs. We are talking about a finding in their latest survey showing that managers and developers of apps are dealing with no small amount of stress I how to deal with adversarial AIs. Later this week, I hope to post a second interview of where consumers are in this mess. Then I’ll wrap it up next week with an article that looks into the potential of actually controlling the damage cause by AI.
Also, an abbreviated threat report from the folks at Fletch.ai.
Episode 9.8 - Top threat reports and a preview of what's coming
This episode includes our weekly top cyber threats with help from Fletch and this week Cyjax, and a shot interview with cybersecurity contrarian James Bore, a consultant in the UK with a kindred spirit. The interview is introducing the theme for Cyber Protection Magazine next year. Put up or shut up.
The past decade has been filled with optimism in the tech sector about what they thought they could accomplish. Social media companies thought they could democratize the internet and provide a public square for free speech. Hardware companies thought they could, make computers so fast they could replace the human brain. AI companies thought they could make a computer program smarter than humans. And cybersecurity companies were positive that if every company would use their products they could stop cybercrime.
None of that is close to being true. In some cases it has proven to be absolutely false.
So we are going to spend a lot of time debunking assumptions and looking at what needs doing.
Episode 9.7 - How to boost customer confidence in security
I received more than dozen studies and reports on the "state of cybersecurity" all with different foci depending on the company that was pushing the document. It seems like they are replacing press releases as a primary marketing tool.
But there was one thing that jumped out of me. Almost every one of them had a throwaway line that customers had #zerotrust in the effiicacy of the tools and services they bought to keep them secure. Of course that's what I went after.
We talked to executives from Keepit, Cogility, and Protegrity
Special episode: Top three threat reports for the week
Our friends at Fletch.AI dropped a bunch of threat reports this week, here's what we see as the top three.
Episode 9.6 - FHE starts getting serious
I bet you never heard of FHE. Me neither. Then I got a pitch about it. Tried to ignore it because I had never herd of it, but they were insistent. Turns out to be interesting.
Fully homomorphic encryption, or FHE, has been talked about for about five years but not it has its very own industry association and NIST is starting to take it very seriously. It doesn't eliminate quantum encryption standards, but it might be a better defense against nation state attempts to break the strongest modern encryption, although I still think that's more a fever dream than a potential reality.
One of the members of the new association with the unfortunate name of FHETCH, Niobium put me in front of the chief product officer, Jorge Myszne, to give me the lowdown on this tech.
Episode 9.5 - Pig butchering: It's not just for breakfast
Quick, what is the biggest single category of cybercrime today?
If you said pig butchering, you get a gold star. (If you said ransomware you need to stop believe press releases). It's big. $75 billion in stolen funds, mostly cryptocurrency last year alone. And it wasn't from lonely elderly people.
We talked with Arkose Labs CEO Kevin Gosschalk about the growing phenomenon and how you can defend yourself. (Hint: don't be naive)
Episode 9.4 - Digital tech is hitting the physical wall
Firts, apologies for the sound quality. Tried out a new microphone and I definitely do not like it. Going back to the tried and true. But it stands as an example of what we are talking about today. When people from one discipline start talking about moving into another discipline where they lack expertise, things go haywire. Such is the case with the digital world and energy production.
The big news this week is Microsoft plans to open up Three Mile Island Nuclear power plant to power their planned AI datacenter. Joe Basques and I have a frank discussion about how the AI/Social Media/Internet industry just lacks the knowledge of how to do this right and with the current path, chaos is bound to reign,
Episode 9.3 - AI and telemarkeing: Marriage from Hell?
I had an encounter with an AI-driven telemarketing scam a day before I got pitched to talk to a company introducing and AI-driven telemarketing services. So I was ready for bear when we started. Turns out I may have been talking to the one entrant in this field that was not only following the law but using AI in a productive way for both potential customers and the merchant.
The company is 2X and it's founder/CEO had a good reason for creating the company. He needed a service that was both legal and operated with integrity. Who knew?
Episode 9.2 - Innocence is not a defense against online fraud
Recently, someone on Mastodon asked, "Looking for an article or blog or text, that succinctly describes, at grade 1 level English, why “if you have nothing to hide, you have nothing to fear” is a crazy and bad argument, and perhaps also includes what some good arguments are. Need it for a family member. "
I thought that was an excellent request. So along with an article posted with this podcast, I interviewed John Gilmore, head researcher at the data-scrubbing company Deleteme, about the history of that philosophy and why it is "crazy."
What I learned from Mr. Gilmore even surprised me.
Episode 9.1 - Getting serious about PQC
About twice a year, the post-quantum computing (PQC) niche of the cybersecurity industry pushes out truckloads of press releases and articles about the coming quantum computing apocalypse. In all of this content there is little explanation regarding what this means for most people.
It seems like everyone should be concerned, based on the level of urgency the companies present, but in the end, no one has yet built a quantum computer capable of breaking even the most standard 256-bit encryption. To that statement the industry responds with, “Yet.”
This year, however, the National Institute of Standards and Technology (NIST) issued the first, approved algorithm standards to produce encryptions capable of fighting off quantum computing attacks. So we thought it would be a good idea to put together a batch of experts to explain why the rest of us should care.
The invitation was put out to a dozen experts in the PQC industry, but also to the companies tasked with implementing their products into the internet. Unfortunately, none of the PQC companies ended up accepting the invitation when they learned they would on the same platform discussing their approaches. But we did get acceptances from representatives from the other group. Our final panel was comprised of Karl Holqvist, CEO of of LastWall; Tim Hollebeek, industry strategist for Digicert: and Murali Palanisamy, CEO of AppviewX.
Episode 8.23 - Fixing marketing in Tech
The tech industry is more than technology. It's also marketing. Underfunded, questionably productive, and often plagiarized marketing. The job of a journalist is to poke through the piles of news releases, reports, studies, and other assorted verbiage like a scatologist on safari and find something valuable.
That has gotten more difficult as the number of journalists have dropped since the turn of the century by close to 50 percent. But the mountain of information has grown by orders of magnitude. There simply are not enough of us to do what must be done.
So Cyber Protection Magazine is launching a media training service to help teach marketers, PR folks and, mostly CEOs how to better communicate with their market and what journalists there are left. This podcast explains the reasoning behind this program and offers a glimpse at the kind of knowledge we will pass on.
We will be taking a couple of weeks off as we gear up for our it-sa coverage. Time to get your sponsorship packages in
Episode 8.22 - Social engineering affects nations
The English riots this past week provide a Dickensian “best of times…worst of times.” context to politics in the United Kingdom and possibly the United States later this year. They highlight the fact that digital security concerns reaches far beyond the confines of corporate CISO offices.
We spoke with Cyjax CISO Ian Thornton-Trump about the English riots and the potential for that to come to the US in November,
Episode 8.21 - Have we reached peak ransomware? One lawyer's view
i was surprised at how many people responded positively with the question of this podcast and am working on a larger story about it for Cyber Protection Magazine. One respondent was surprising, however: Heather Clauson Haughian, founder and managing partner for Culhane PLCC. Having a non-techie view of the situation was illumiinating.
Episode 8.20 - Crowdstrike: who's at fault?
This podcast will be the kickoff to a larger article about the Crowdstrike failure, which is the current obsession with technology. We talked with Action1 founder Mike Walters about the complexity of current technology and whether the problem is fixable.
Episode 8.19 -- Are we losing the data war, Part 2
In the first part of this series we provided a potential solution to the out-of-control growth of data theft, for individuals that could be most at risk. Today we talk to John Meyer, senior director at Cornerstone Advisors, to help us understand just how bad the situation is.
For example, ner the end, John states quite flatly that everyone whould just assume their social security number is being sold en masse by criminals. And there is nothing we can do about it.
Think about that.
Episode 8.18 -- Are we losing the data war? Part 1
To answer the question, yes, it seems so. There are announcements of data breaches at least weekly and the amount of data exfiltrated affects all levels of society. But before we get into how desperate the situation is, we met with Mike Britton, chief information security officer for Abnormal Security, one of a growing number of companies that will search our text, phone, and email communications, scan them for likely criminal intent and lessen the potential damage to individuals. This is a two part series.
Journalism needs a kick in the a**
I was absolutely livid watching the presidential debate last night, and not because of the performance of the debaters, who did exactly as I expected. I was severely disturbed by the lack of professionalism of the moderators, Jake Tapper and Dana Bash. I was relieved to find today, that several other journalists were equally concerned about their failure to moderate a debate.
But this came as a capper to another interesting result: The release of Julian Assange, ersatz journalist.
We -- and I mean my profession -- need to seriously consider effective certification of journalists, just like we do with doctors, lawyers, plumbers and pretty much everyone else, which can be revoked for incompetence of ethicaly failures.
Episode 8.17 - Elder fraud: bigger than you think and not how you think.
An article in CNN began this podcast and connected story. What we found out about elder fraud kinda blew our mind. Like the fact that in the U.S. it is three times bigger in scope and cost than ransomware. And who are the most vulnerable was a real surprise.
Episode 8.16 - Avoiding election scams
The problem with election security is not a failure of the technology to keep the vote honest, it's the lack of technology available to individual voters to reduce fraud. We talked with YouMail CEO Alex Quilici about how some SPAM-mail technology can help, but also what kind of dangers there are that voters should be aware of.
Episode 8.15 -- Old man yells at clouds during grad week
I went to a high school graduation for the first time in decades. What I saw and heard filled me with compassion and concern for the next generation.
Episode 8.14 -- Generative AI is accelerating phishing attacks
This week we talked to SlashNext's CEO Patrick Harr and Field CTO Stephen Kowski regarding a study about the growth of criminal activity using generative AI
SlashNext’s State of Phishing Report claimed a 1,265% increase in malicious phishing emails and a 967% increase in credential phishing between Q4 2022 to Q3 2023. . While ransomware attacks get all the publicity, the reality is phishing is a much bigger problem for a much larger portion of the populace.
Episode 8.13 - Finding gold in Metomic survey
Cyber Protection Magazine gets a lot of marketing materials described as studies, surveys, and reports. The flow of those documents increases as major trade shows approach. For example, in the two months leading up to the RSA Conference, we received 56 before we stopped counting. More have come in since but it is now a trickle. We read each one. Luckily, our chief editor can read at 6,000 words per minute. He still grits his teeth whenever he reads the email pitch.
That doesn’t mean all turn into content on our pages because, for the most part, the information contained within is not news. Much can be expressed in a few sentences like, “C-level executives are concerned about data breaches” and “Cybercrime to cost more than $9 trillion by 2025.” In the first instance, our response is, “No kidding?” The second instance is just wrong with no evidence to support it. As often as we tell company representatives, they still produce the same banal and inaccurate assumptions.
About half the time, the “study” was not done by the company pitching the document, but by someone else with a specific twist highlighting the pitching company’s capabilities. For example, we recently received a copy of a “report” about the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog. It is a monstrously large document, remarkably distilled by a private company into a report that, wondrously, pointed to the company’s products as a solution to the problems notated in the report.
Because these documents rarely provide insight but are meant to validate product claims, they are little more than advertising masquerading as information and that puts them in the junk pile. That, however, is not always the case.
Occasionally, we get truly independent research that, for the most part, says nothing new. But buried in the obvious and the inaccurate, is a nugget of truly interesting data. It’s not enough to make an entire story, although it makes for an interesting LinkedIn post. In our review of the bland cornucopia of data received over the past two months, we saw enough nuggets to see a larger story. There is more to come in the next weeks, but we want to start with this interview with Metomic CEO, Rich Vibert. Their recently released survey on CISO opinions in the UK and US had a lot of obvious statements, but we found a couple of nuggets… and what could be an interesting vein for future discussions.
Episode 8.12 - Madison Horn wants to increase Congress' tech IQ
A few people know that I am something of a political junkie. I did some presidential campaigning in high school, then I got into journalism and covered national politics during Watergate. I'm less focused on it now but anyone can drag me into a conversation about it
A few weeks ago I got a call from the press secretary for Madison Horn, who is running for the US Congress out of the 5th Oklahoma congressional district, asking if I wanted to interview her.
Really? Why does a candidate in Oklahoma want to talk to a cybersecurity journalist in California. I was intrigued, so “sure.” Ms. Horn, who also ran for the US Senate a couple of years ago, is optimistic about the state (which is a positive thing) and, to the point, she’s a white-hat hacker who founded a pen-testing company. So there is the hook.
We talked for about 30 minutes and she educated me on some of the more positive things about her state and, in particular, the political leanings of her district. More importantly, we talk about how our legislators need to be tech-savvy.