Week in Review: APTs using Gemini, ransomware payments decrease, abandoned AWS risk - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines: Week in Review Summary
Hosted by CISO Series | Release Date: February 7, 2025

1. APTs Leveraging Gemini AI for Enhanced Cyber Operations

In this episode, David Spark introduces the first major topic: Advanced Persistent Threats (APTs) utilizing Google's Gemini AI. According to Google's Threat Intelligence Group, government-linked APT groups across more than 20 countries—including Iran, China, North Korea, and Russia—are integrating Gemini AI to gain productivity advantages rather than developing entirely new AI-driven cyber attacks.

Key Points Discussed:

Gemini AI's Role: APTs are using Gemini to streamline coding tasks, research vulnerabilities, gather intelligence on target organizations, and develop methods to evade detection and escalate privileges within compromised networks.
Caitlin Sarian's Perspective: Caitlin Sarian, CEO of Cybersecurity Girl, emphasizes the dual-edged nature of AI technology. She states, “Anything that's good can also be used bad depending on the person that's using it” (00:40). Caitlin advocates for using AI proactively to combat AI-driven threats, highlighting the necessity for cybersecurity professionals to adapt and leverage AI for defensive measures.

Notable Quote:

“Anything that's good can also be used bad depending on the person that's using it.”
— Caitlin Sarian (00:40)

2. Surge in Exploited Vulnerabilities Coupled with Decline in Ransomware Payments

The discussion shifts to a concerning increase in exploited vulnerabilities contrasted with a promising decrease in ransomware payments.

Exploited Vulnerabilities:

Report by Volnchek: In 2024, there was a 20% increase in actively targeted Common Vulnerabilities and Exposures (CVEs), totaling 768 CVEs. Notably, nearly a quarter of these vulnerabilities were weaponized before their public disclosure.
Affected Platforms: Significant vulnerabilities were identified in platforms such as Citrix, Cisco, Zoho, and Microsoft.

Ransomware Payments:

Chainalys Report: Ransomware payments in 2024 amounted to $813.55 million, marking a 35% decrease from the previous year’s $1.25 billion.
Factors Contributing to Decline: Enhanced law enforcement actions, improved collaboration among organizations, and a growing trend of victims refusing to pay ransoms are cited as primary reasons for the reduction.

Caitlin Sarian's Insights: Caitlin observes a growing numbness among consumers regarding cybersecurity threats. She notes, “There's a lot of numbness around cybersecurity as a whole” (08:51), suggesting that public desensitization may undermine ongoing security efforts. Additionally, she highlights the importance of effective communication strategies to reinforce cybersecurity best practices both for individuals and organizations.

Notable Quote:

“There's a lot of numbness around cybersecurity as a whole.”
— Caitlin Sarian (08:51)

3. Abandoned AWS Cloud Storage Poses Significant Cyber Risks

Another critical issue discussed is the vulnerability associated with abandoned Amazon Web Services (AWS) S3 buckets.

Findings by Watchtower:

Abandoned Buckets: Approximately 150 AWS S3 buckets previously used for software development and updates were found to be abandoned.
Exposure: Over a two-month period, these unused buckets received 8 million file requests from various entities, including government agencies, Fortune 100 companies, banking institutions, and cybersecurity firms.
Potential Threat: If these requests had been malicious, threat actors could have delivered malicious software updates, potentially compromising the affected organizations' AWS environments or virtual machines.

Caitlin Sarian's Recommendations: Caitlin underscores the necessity for stringent asset management practices. She suggests maintaining an inventory of all technology assets to ensure that unused or orphaned resources are promptly decommissioned. “You need to start having like an inventory of all your tech stack and understanding, you know, where everything sits and what everything's going through” (11:51).

Notable Quote:

“You need to start having like an inventory of all your tech stack and understanding, you know, where everything sits and what everything's going through.”
— Caitlin Sarian (11:51)

4. Meta's Stance on Developing High-Risk AI Systems

The episode also covers Meta's evolving policies regarding the development of artificial intelligence systems deemed too risky.

Meta's AI Framework:

Commitment to AGI: Mark Zuckerberg, CEO of Meta, has committed to making Artificial General Intelligence (AGI) openly available.
Risk Classification: Meta's New Frontier AI framework categorizes AI systems into "high risk" and "critical risk" based on their potential to facilitate cybersecurity breaches or biological attacks. Critical risk systems are those that pose catastrophic, unmitigable threats.
Decision-Making Process: The framework relies on expert input rather than solely empirical testing to assess and withhold highly capable AI systems when necessary.

Caitlin Sarian's Take: Caitlin views Meta's proactive stance as a positive development, acknowledging the vast data Meta possesses and the potential risks associated with it. She appreciates the transparency and responsibility demonstrated by Meta, stating, “It's a very responsible way of looking at it while still being innovative” (24:11). Caitlin believes that acknowledging and addressing potential threats is crucial for balanced AI innovation.

Notable Quote:

“It's a very responsible way of looking at it while still being innovative.”
— Caitlin Sarian (24:11)

5. Tribute to Sean Bowen

The episode takes a poignant turn as David Spark pays tribute to Sean Bowen, a valued member of the CISO Series community, who tragically passed away in a parachuting accident.

Highlights of Sean Bowen's Contribution:

Role: Sean served as the Deputy CISO for Gaming at Microsoft and was a frequent guest on the CISO Series podcast.
Legacy: Known for his keen insights and quick wit, Sean was a relentless advocate for advancing cybersecurity within the community. His colleagues praise his generosity, expertise, and unwavering support.
Tributes: David mentions a LinkedIn tribute featuring remembrances from the CISO Series staff and audience, encouraging listeners to honor Sean’s memory.

Caitlin Sarian's Condolences: Caitlin expresses her heartfelt condolences, acknowledging the profound loss Sean's passing represents: “It's always so hard to hear losing someone like that so, so early on” (23:18). She commends Sean’s contributions and the positive impact he had on both the team and the broader cybersecurity community.

Notable Quote:

“He was a relentless advocate for what we were trying to bring to the cybersecurity community here at the CISO series.”
— David Spark (22:00)

Conclusion

The episode of Cyber Security Headlines provides an in-depth analysis of current cybersecurity challenges, including the misuse of AI by threat actors, the fluctuating landscape of ransomware payments, vulnerabilities in abandoned cloud storage, and Meta's strategic approach to AI development. The heartfelt tribute to Sean Bowen underscores the community's resilience and commitment to advancing cybersecurity in the face of both technological and personal adversities.

For more detailed insights and daily updates, listeners are encouraged to visit CISOseries.com and subscribe to the Cyber Security Headlines podcast.

Timestamps

00:40 – Caitlin Sarian on the dual nature of AI.
08:51 – Caitlin Sarian on public desensitization to cybersecurity threats.
11:51 – Caitlin Sarian on the importance of asset management.
24:11 – Caitlin Sarian on Meta's responsible AI stance.
23:18 – Caitlin Sarian's condolences for Sean Bowen.

This summary encapsulates the key discussions, insights, and sentiments expressed during the episode to provide a comprehensive overview for those who missed the live broadcast.

Loading summary

Transcript43 lines

[00:00]
Caitlin Sarian
From the CISO series, it's cybersecurity headlines.
[00:06]
David Spark
Google says apts using Gemini AI exploited vulnerabilities up, ransomware payments down since last year and abandoned AWS cloud storage is a major cyber risk. We've heard that one before. These are some of the stories that my colleagues and I have selected from the past week's cybersecurity headlines and we are now looking for forward to some insight, opinion and expertise from our guest, Caitlin Sarian, owner and CEO of Cybersecurity Girl. Caitlin, so awesome to have you first time on this show. Thrilled. How was your week in cybersecurity, Caitlin?
[00:40]
Caitlin Sarian
Honestly, it was kind of unnerving with all the deep seat drama, being very consumer facing and trying to let people know what's going on. You'd be very surprised at how Americans are getting very upset that we're, you know, painting a bad picture about China, but yet America is also collecting just as much data. So it's, it's a weirdly polarizing topic to talk about and for some reason I'm just getting all kinds of kinds of answers to these videos about it. So love to hear your thoughts on it.
[01:12]
David Spark
Well, for those I want to tell the audience, for those of you who don't know Caitlin who is cyber security girl on a bunch of platforms, on LinkedIn, on Instagram and on TikTok and YouTube. Correct. She gets a lot of feedback from the community, some cybersecurity, some just your, your average person who doesn't know but has opinions about this and very interest throughout today's show. I'm very, very interested to hear from you regarding, you know, what the average Joe says about cybersecurity. So I also think it's polarizing but there are definitely different ways the two countries operate. Although not picking any sides here politically. But things are changing very much here in the United States. But we got a show to go. I do want to mention our sponsor that is Threat Locker Zero Trust Endpoint Protection Platform. They're a phenomenal sponsor the CISO series. More about them later in the show. Now you can join us on YouTube live. Just go to cisoseries.com hit the events drop down and look for cyber security headlines Week in review image for today. It has Caitlin's image. Just click on it and join us and be sure to contribute your comments in the chat. We will do our best to address them during the show. All right, we just have 20 minutes. Let's get started on this. Google says apts using Gemini AI so researchers at Google's Threat Intelligence Group say they have detected government linked APT groups that are using Gemini primarily for what they call productivity gains rather than to develop new AI enabled cyber attacks. As an example, Google says Gemini can help them shorten the preparation period, period in quote coding tasks for developing tools and scripts, research on publicly disclosed vulnerabilities, finding details on target organizations, and searching for methods to evade detection, escalate privileges, or run internal reconnaissance in a compromised network. Now, Google has identified APT groups From more than 20 countries that are using this technique, with the top four being Iran, China, North Korea and Russia. All right, no surprise there. Caitlyn, you've heard those four. I don't think that comes a surprise. But you know, all of that stuff I just listed off takes time. AI tools were designed to make life easier. And cyber security gangs or cyber crime gangs. Let me say that cyber crime games are always eager to leverage new technologies. As cybersecurity professionals, as an educator, I want to know, how do you handle this, especially if your audiences are already doubtful about the need for AI tools. You're just mentioning this. And when the top four countries using this technique just happen to be the four we kind of don't like the most. What do you think?
[03:54]
Caitlin Sarian
I mean, I love AI. I think it's a force for good. I think you have to use AI to fight AI. Right. So anything that's good can also be used bad depending on the person that's using it. Right.
[04:04]
David Spark
By the way, AI is not the first technology that we've seen this go on.
[04:07]
Caitlin Sarian
No, no, exactly. Like pretty much everything cyber technology wise can be used for bad. So it's, it's, how are we using it to our advantage and what can we do to fight AI with AI? And I don't want to live in a world where people are really fighting against AI because they're going to lose. I mean, AI is, is the future. And if you're fighting the adoption of it, you're going to be extremely behind. So how are we able to use AI to our advantage? And I try to tell my followers that all the time is like, if you're not using it even for brainstorming purposes, anything. If you're trying to hit a goal, it's not even like cybersecurity. You can use it for any aspect of life. Just be mindful about what information you're putting in it because again, these are nation states and countries that are, I wouldn't say are our biggest allies. So we just want to make sure that we're using any technology Deep seq or whatever, that we're being mindful about what information we're putting in it and who's actually using it. Because if you're like a US government official potentially using different countries.
[05:16]
David Spark
Let me ask you this question. I'm sure you've heard this one before. Well, I don't have anything to hide. You know, I don't care. You know, there's nothing I have to hide. How do you respond to that?
[05:27]
Caitlin Sarian
Yes, so I, I totally understand. And the other thing that they always say is, well, I mean, everyone else is already collecting my data, so why does it matter who's collecting it? My data is already out there. I have nothing to hide. Right. The issue comes when they start collecting so much information on you that they're creating profiles. And these profiles can eventually be used against you or to control you or to control groups or. I mean, let's put it this way. Okay, so we talked about the, like fire insurance for houses, right? If they're starting to collect all this information on you, imagine like collecting information about you personally and then they're going to stop insurance because they know XY, Y and Z about you because you shared so much and they already have this information. I mean, there's so much they can do to, to be against you, even though we haven't seen it yet, it's coming.
[06:13]
David Spark
I mean, but the criminals can. Criminals and legit purposes can use it against you. Very good point. Right, next story. Exploited vulnerabilities up Ransomware payments decreased in the past year. All right, I'm combining two stories here. First, a report from Volnchek says the number of exploited vulnerabilities surge in 2024 with 768 CVEs actively targeted. A 20% increase from the year before. Now, nearly a quarter of these were weaponized on or before their public disclosure. Now, many of these security shortcomings are linked to the exploitation of Citrix, Cisco, Zoho and Microsoft, to name a few. We have a second story. At the same time, a report from Chainalys says in 2024 ransomware attackers racked up 813.55 million in victim payments. That is a 35% decrease from 2023's record setting year of 1.25 billion. Now, the drop is attributed to increased law enforcement actions, improved internal collaboration and a growing refusal by victims to pay. Yay. So these are two separate topics. Of course, not directly connected, but it's interesting to hear about them side by side. So interesting. No. Caitlin, what are your thoughts about either or both of these stories.
[07:29]
Caitlin Sarian
So I have two perspectives on this, on both stories at the same time. So the corporate perspective, which is. It's really interesting to see that obviously, even though we've had more vulnerabilities go up, that there's like that push, pull in cyber. Right. Which is always there. We're also seeing that we're able to fight it a little bit better than we were last year with the ransomware kind of going down. But I like to see it from a consumer perspective. Right. So what I'm seeing is if there are that many more vulnerabilities, I see a lot of humans just becoming numb to technology and cybersecurity issues.
[08:01]
David Spark
We've seen it.
[08:02]
Caitlin Sarian
They don't. I mean, I want to understand honestly what these vulnerabilities are. If it's like, because they're not pushing out software updates or they're like, I'll do it later. They, you know, wrong passwords, all that stuff. I mean, it depends on the vulnerability. But I feel like even, like, us as technology people, like, constantly in this all the time, we're starting to get numb to it. And then also with the ransomware, because we're getting numb, we're kind of over. I mean, from a consumer perspective, I know a lot of people that have started, I mean, if you said two years ago, oh, I got a ransomware note and they're threatening me with $5,000, people would probably pay a lot more. Now you get it so often it's like, yeah, that's probably a scam, you know, like. So I think there's a lot of, like, numbness around cybersecurity as a whole. And we really need to, like, button up, are the way that we're communicating how to be safe and protect yourself from cybersecurity risks and how to protect your company as well.
[08:51]
David Spark
Yeah. The situation with the fact that so many are not paying and actually have new solutions because there's more vendors offering new solutions out there and the fact that the government is flat out, you know, trying to push people not to do it because, you know, honestly, I mean, it's a simple economics. If nobody pays the ransom, then the ransomware will go away. The problem is ransomware is not going away because people are paying the ransom. Simple as that.
[09:17]
Caitlin Sarian
Yeah.
[09:17]
David Spark
And. But also at the same time, while everyone knows that to be true, people have a business. Sometimes it is far cheaper to pay the ransom than to actually get rid of it yourself.
[09:29]
Caitlin Sarian
Yeah. So let's go to the next very.
[09:32]
David Spark
Interesting Abandoned AWS cloud storage is a major cyber risk, so researchers from Watchtower. Just bear with me on this one. Researchers from Watchtower discovered around 150Amazon Web Services S3 buckets that were formerly used by organizations for software development and updates, but were then just abandoned. This happens a lot. So the researchers registered the unused buckets using the original names for a total of around $400 enabled logging on them to see what requests might flow into them. In a two month period, the S3 buckets received a staggering 8 million file requests, including those from governing agencies in the US, UK, Australia, Fortune 100 companies, banking institutions and cybersecurity companies just turning them back on. So had the researchers been threat actors, they could have responded to any of these requests with malicious software updates, allowing them to access to the requested organization to AWS environment or virtual machine. So AOS quickly sinkholed the S3 buckets that Watchtower identified. But the broader risk posed by abandoned cloud services still persists. All right, this is a totally regular story, Caitlin, and a feature on the show. Yeah, the problem of repositories and pieces of a company's internal IT infrastructure not being disabled after person or the company disappears. It's a perfect in for cybercrime. So what say you? How can organizations do a better job at patching up these neglected vulnerabilities? It's just, you know, things get spun up and just stay up.
[11:05]
Caitlin Sarian
Yeah, I mean as my back in the day, I was a consultant for a very long time, so I saw this happen constantly. And then you know, technology turns to shelf where they don't realize it's still connected or they're not using it or they're kind of using it. I mean I did a lot of DLP technology back in the day and people had it turned on, but they weren't looking at any of the vulnerabilities that was coming. And I'm like, this is worse, this is worse for you to know, like see that it's coming but you're not doing anything or like not even realizing that it's there. I think they need to treat this as like similar to identity access management. Right. Which is a super, super important thing. Like they need to start making sure and this is not any, any crazy solution, but you need to start having like an inventory of all your tech stack and understanding, you know, where everything sits and what everything's going through. But it's the asset management.
[11:52]
David Spark
Yeah, the asset management category just exploded. I would say started like maybe six, I'm gonna say Maybe eight years ago.
[11:58]
Caitlin Sarian
Took off kind of a pipe dream. But I mean that's goals, right?
[12:03]
David Spark
Well, there are, I mean, you know, there are some vendors that are doing extraordinarily well in this area. But you know, you get the classic line of you can't protect what you don't know. And everyone knows this and you know, and said over and over and nobody disagrees with it. We're guilty of this and need to start random suffixes to our buckets. Now I actually, yeah, maybe that's if you're going to make a bucket, label it a certain way so I know to go find it again. That's a good idea. Ccl. Yeah, much appreciated but any other thoughts on this, Caitlin?
[12:34]
Caitlin Sarian
No. I mean again, I think it's similar to like identity access management. Right. A lot of times we spin up like people have certain admin privileges, et cetera, et cetera and we need to start like locking it down or having some, similar to CCL having some way of identifying through naming convention or something where like if someone leaves and they were in charge of those buckets, like someone either can take over or it's, it's, it's difficult. I mean I would love to say it's an easy fix, but especially for large companies that's. It's not as easy as it thinks.
[13:06]
David Spark
It's. It sounds easy, but it isn't.
[13:09]
Caitlin Sarian
Sounds very easy.
[13:11]
David Spark
Now let's get a word from our sponsor. That's Threadlocker. So Threadlocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach. This is really key how they do this. Essentially if you deny access, it really kind of limits what can be done. So they do this to reduce the attack surface and mitigate potential cyber vulnerabilities. You want to learn more? I know you do. Start your free trial, go to the website, visit threatlocker.com it's spelled just the way it sounds. T H R e A T Threat Locker L O C K E R.com Go check them out.
[13:54]
Caitlin Sarian
Are you going to the Threat Locker conference?
[13:56]
David Spark
I will be at the Threat Locker conference. Glad you asked me that. Yes. That'll be the 18th through the 21st. Actually if you go to our site, we do have a code. I don't know it off the top of my head, but it's for $200 off. Please check it. We're doing a live show of the CISO series podcast at Zero Trust World, that's the name of their conference and also we'll be shooting some video there. So we're going to record the show on the 21st, but the whole event goes from the 18th to 21st. You're not. Are you going to be able to be there or you got to conflate?
[14:28]
Caitlin Sarian
No, I was invited. Too late. I was. I'm out of town. I'm going to London for an AI situation, but I'm so sad to miss it because I heard nothing but amazing things about Zero Trust World. And I also have a code, but they're very long codes to get 200 off, so no one needs to pay full price either. His name is.
[14:45]
David Spark
We have it. You. We have both a promotional video up and we also have announcement also if you go to the right, we also on our events page, it's mentioned there so you'll. You'll see the promotional code. All right, next story. Meta says it may stop development of AI systems it deems too risky. So Meta CEO Mark Zuckerberg has pledged to make artificial general intelligence AGI openly available. But meta's New Frontier AI framework outlines scenarios where it may withhold highly capable AI systems due to safety concerns. Meta classifies such systems as quote, high risk or quote, critical risk, based on their potential to aid in cybersecurity breaches or biological attacks, with critical risk systems posing catastrophic unmitigable threats. The framework, guided by expert input rather than strictly empirical tests, reflects Meta's attempt to balance openness with security, especially amid criticism of its open AI strategy. All right, Kaylin, it's certainly hard to put the AI genie back in the bottle. In fact, it's never going to happen. I don't think anyone wants to, but I find it rather chilling that I said both words or both phrases, cybersecurity breaches and biological attacks in the same sentence. Does it cause you concern when a person who essentially owns a big chunk of the modern Internet world comes out with such a statement? A little scary, yes.
[16:11]
Caitlin Sarian
To be fair, I think it's actually better that he came out with that statement rather than ignore the fact that it couldn't happen. So it makes me a little bit feel a little bit better. I think he, it makes sense. I mean, like you said, he owns so much, and they have. The amount of data that Meta has is unreal. So if they're starting to build AI off of the data that they have, I would be scared, too. And like you said, you can't put the genie back in a bottle or Pandora Back in the box. Right? If we start trying to put Pandora back in the box, we're not going to be as innovative as we need to with AI. Like, we have to figure out how to use AI to the best of our ability. We have to be innovative. And again, we can see how China did that with Deep Seek, and we can see other companies being innovative with AI. And I think for a while, the US was very scared to see what happens, what could happen with AI, that we didn't really innovate as much as we need to. I think it actually is a really good sign that he's saying, like, we. We can see all these threats potentially happening because they have that much data, which means that he's going to proceed with caution, hopefully. And that's. I mean, I took it as a positive. I. I think a lot of people, technically, from a business perspective, if they were unethical, could have spun some crazy AI up with all the data that Meta has, and it could have been, again, bad cybersecurity threats, biohacking, everything like that. But I actually am very happy to hear that he's going to try to be more mindful, especially with the data that they hold. Does that make sense?
[17:42]
David Spark
No. You make a really good point. And I want to throw this out. There's a book out called Broken Code, which goes after not the most recent election, but the election before, about how Facebook knew of a lot of problems that were happening in terms of how their. How their posts were causing negative responses. I'm painting an extremely broad brush here. You got to read the book. But essentially what the book says is when Facebook had the option of dialing something down, dialing down, what you see that would be more negative, more bad for you to see in terms of, you know, continued conspiracy theories or whatnot. They choice to dial it down or dial it up or leave it the same. They always chose to. They always chose to. To just go with the. They chose to go with dialing it up or keeping it down purely because they're a public company and, you know, more traffic means more eyeballs. Now when that story came out, things have changed. If you talk to people over at Meta, they say, oh, my God, it's a very, very different story right now. It is not like that at all. I don't know. Do you talk to employees over at Meta? Have they. Do they kind of echo the same thing? Like, we're very aware of this. We're being more cognizant of privacy?
[19:08]
Caitlin Sarian
Yeah. I mean, I think it's A blessing and a curse that they have that much data. Right? They're collecting it. It's for business reasons. They're collecting a lot more than we think. But I do think they're being extremely transparent and they're also under the gun kind of so to speak with regulators and a lot of other privacy laws. So even though they have a ton of data, they're actually very transparent with like, you know, you can see the data they have on you, you can opt out. They have a whole privacy area. So they've really transformed that privacy section, personal opinion. And it makes it, it's not, you know, a lot of privacy policies. If you read companies privacy policies, it's a bunch of mumbo jumbo legal jarring that you can't understand. But Meta is actually, it's the opposite. It's like very, I mean, I always use their privacy policy as a good example of like what companies should be doing in terms of being transparent. So they've changed a lot. And I also think, you know, when he was explaining how, you know, certain presidents were forcing them to go certain ways or, you know, push out certain things, I think because that happened, he's trying to be extra cautious and even more transparent than before. So I actually think this is a really good sign.
[20:20]
David Spark
Personally, I agree.
[20:22]
Caitlin Sarian
We can't deny that there's going to be AI threats.
[20:24]
David Spark
Here's my bottom feeling about Meta. They, they have gone through waves of this of great and I know and oh great and like that it's been going back and forth with them. I like what I'm hearing right now. Let's just hope it keeps hold. But again, the, the. They are a public company. Things have gotten scarier. So this is where we're at, right? We're going to go to our last story here and I'm going to, I'm going to be honest with you, Caitlin, and to our audience, I may have trouble getting through this one here. And that is remembering Sean Bowen. So for those of you who have not heard, it is with unbelievable sadness that we are here at the CISO series morning. The loss of Sean Bone, who died tragically in a parachuting accident over the weekend. We were talking about, we were going to post a photo of him and we didn't even know if we could handle seeing him like doing this. Right. So that's why you don't see a photo of him right now. But if you listen to any of our shows for any length of time, you've likely heard Sean's keen insights and Quick wit. He was a relentless advocate for what we were trying to bring to the cybersecurity community here at the CISO series and unfailingly generous with his time and his expertise. We extend our condolences to his family, his friends, his co workers, and especially to his wife and his two very young children. Now I, I put together a tribute to SEAN on a LinkedIn newsletter and with it includes remembrances from our whole staff. If you just go to the CISO series page on LinkedIn, you can read them and share your comments. Some other, you know, some of our fans have left comments as well. I, I know, Caitlin, you didn't know Sean that well, but for those of you watching, you have to understand, you've probably seen him on this show many times. Sean was our go to guy. He was amazing on the microphone and when we had a last minute cancellation, we would ping. We would always say, get Sean, go get John. You can see if Sean can do it. And nine times out of ten he'd jump on. Sure, I'll do it. No, he was a ciso and you know, most recently he was the deputy CISO for gaming over at Microsoft. I mean, I think he had the job for maybe six months at the time. And just the fact that he gave us so much time and also he sung our praises. He was constantly saying, oh, you know, David, you got to talk to this person or mention my name and mention the CISO series. And we could not have spoken more highly of him as well. So we are very, very sad to have lost him. You know, honestly, the fact that we'll never have him on the show again is very, very sad. So I'm sorry that I had to broke up a little bit at the end there, but I now need to shift gears a little bit. We're off of that and get back to the cyber security stories. And I want to toss to you Caitlin, here. We talked about four other stories here. I want to know, are there any thumbs up or eye roller stories of this? Four stories that I read, not counting Sean's story.
[23:18]
Caitlin Sarian
Oh, yeah. I mean, first of all, I, like you said I didn't know him obviously as well as you, but I heard just such amazing, incredible things and it's always so hard to hear losing someone like that so, so early on. And I'm sorry for everyone and their loss, especially his family and you and the team. So I just wanted to say that, I mean, I like every cybersecurity story. I think everything's very, very kind. I think the Coolest one to me, honestly, is I really like Zuckerberg's response with AI. I think it's a very responsible way of looking at it while still being innovative. So, I mean, I do like all the stories. There's not. I mean, I'm in cyber, so of course I nerd out on all these things. The S3 buckets, man, that's kind of a thumbs down.
[24:12]
David Spark
We've heard it. That's not a new story.
[24:15]
Caitlin Sarian
It's been around. But I really, I mean, obviously I've been very into AI and like just seeing how it all unfolds. And so the Gemini AI situation was very interesting and then and Zuckerberg, probably any of the AI stories, but I just, I love everything about cyber, so I love talking about this with you.
[24:31]
David Spark
Well, we love having you. And I want our audience to know if you're watching us on video right now. Caitlin's jacket matches my background. That is not an accident. That is not an accident. We made sure that happened. We are the best matched episode of we can review. So where people can find you is Cyber Security Girl. Like everywhere, right?
[24:51]
Caitlin Sarian
Yep, pretty much everywhere.
[24:53]
David Spark
Cybersecurity Girl, you'll find Caitlin in there, but cybersecuritygirl.com it'll go to all our profiles. But yeah, if you're not following her on TikTok and also on Instagram, those are like, those are the best places to watch all your stuff. But I've noticed you're moving a lot of that stuff over to LinkedIn as well. So huge thanks to our guest, Caitlin Sarian, owner and CEO of Cyber Security Girl llc. And also a huge thanks to our sponsor. That'd be Threat Locker Zero Trust, Endpoint protection platform. Remember, go to the website, get it. Get a free trial. I don't know if it's a free trial. I don't want to say that. Get a trial. Get a trial. ThreatLocker.com T H R E A T L O c k e r.com and thank you to our audience today. Today. I honestly, I don't know if what comments came in or didn't come in, but if we didn't get your comment on the screen, my apologies. We deeply appreciate you being here and participating and come back next week for another episode of Week in Review. It'll start at 3:30pm Eastern. Just register and join us on YouTube to add your comments live and just go to the events page@cisoseries.com and in the meantime, you can still get your daily news fix every single day on cyber security headlines every day. Just subscribe to our podcast. It's that easy. Now, Rich, who normally does this, he says, have a super sparkly day. You can have that, but I'm okay. If your day doesn't sparkle, it's cool with me.
[26:12]
Caitlin Sarian
Bye, everyone. Cybersecurity headlines are available every weekday. Head to CISO series.com for the full stories behind the headlines.