CyberWire Daily – March 9, 2026
Episode Title: From Tehran to the Apple II
Episode Overview
This episode of CyberWire Daily dives into a wide spectrum of cybersecurity news and developments, from ongoing global cyber conflict (including Israel's strike on Iran’s cyber warfare HQ) and significant U.S. policy updates, to the practical deployment of new malware strains, and headline-grabbing cases in cybercrime. It features an interview with John France, CISO at ISC2, presenting key findings from their 2025 Cybersecurity Workforce Study, which spotlights the shifting landscape of in-demand cybersecurity skills—especially the rising importance of AI. The episode concludes with a nostalgic look at how AI is now capable of auditing and analyzing decades-old low-level code, illustrated by an audit of an Apple II program.
Key News Highlights
1. Israel Strikes Iran’s Cyber Warfare HQ
[00:12 – 04:00]
- News: Israel claims responsibility for striking an alleged cyber warfare compound in Tehran, also housing the Intelligence Directorate and elements of the Islamic Revolutionary Guard Corps.
- Impact: Actual effect on Tehran's cyber capabilities is unclear.
- Expert Insight:
- Distributed Threats: Physical facilities aren’t always central—operations can continue thanks to distributed infrastructure and remote operators.
- Resilience: “These pre-positioned capabilities... could allow operations to continue even while domestic connectivity is degraded.”
2. Trump Administration’s New National Cyber Strategy
[04:00 – 06:30]
- Pillars: Emphasizes offensive capabilities, federal network protection, zero trust, advanced encryption, workforce development, regulatory streamlining, and use of AI/post-quantum cryptography.
- Industry & Political Reaction:
- Industry groups welcome focus on deterrence and innovation.
- Some lawmakers say it is “vague and lacking a detailed implementation plan.”
- More guidance promised.
3. Department of Homeland Security Leadership Shake-Up
[06:30 – 08:00]
- Details:
- CISO Hemant Baiduan, Deputy CISO Amanda Day exit.
- Part of a broad realignment, consolidating IT leadership across DHS agencies.
- Concerns about a “brain drain” amid global tension.
4. Malware & Threat Activity
[08:00 – 11:40]
- Velvet Tempest – ClickFix Intrusions:
- Uses social engineering (“fake captcha”) and Windows tools to deploy Donut Loader and Castle Rat backdoor.
- Attack chain: Malvertising → Command execution → Downloaders → PowerShell scripts (recon, credentials, loaders).
- No ransomware found in this case, though group is known for major strains (Revil, Conti, Lockbit).
- Linux Malware – Clipx Daemon:
- Novel clipboard hijacker targeting X11 Linux environments.
- Monitors clipboard, rewrites crypto addresses to attacker-owned.
- No C2; operates autonomously using stealth techniques.
- “Reflects a shift toward autonomous, user-focused financial malware on Linux systems.”
5. Cybercrime Prosecution: Ghanaian Romance Scammer
[11:40 – 13:00]
- Derek Von Yebo: Pleads guilty to global romance/Fraud/BEC scams — losses >$100 million.
- Sentence: Faces up to 20 years, restitution over $10 million.
6. Government Surveillance via Online Advertising
[13:00 – 15:00]
- New reporting: US Customs & Border Protection used location data from advertising real-time bidding (RTB), bypassing warrants.
- Privacy Impact: Demonstrates risks in ad tech ecosystems—activists call for law reform and user vigilance.
Industry & Business Developments
Cybersecurity Startups and Market Moves
[15:00 – 15:30]
- Major investment rounds in AI-driven security and resilience platforms (Upguard, Jetstream Security, Threat Aware, etc.).
- M&A activity: Zurich Insurance acquiring UK’s Beazley; other tech acquisitions detailed.
FEATURE INTERVIEW:
John France, CISO at ISC2 – Insights from the 2025 Cybersecurity Workforce Study
[15:34 – 26:30]
Background and Scale
- ISC2’s workforce study draws input from over 16,000 professionals, tracking key trends year on year.
- Emphasizes trend analysis over absolute numbers.
Key Findings & Discussion Points
-
AI as a Critical Skill
- “AI is an in-demand skill—no surprise there. What’s surprising is...it was barely on the survey two years ago, now it’s the #1 desired technical skill by professionals and #2 by hiring managers.” (John France – 16:10)
- Reflects an industry shift: “It’s a focus on skills and skill sets rather than just the sheer number of people.” (16:47)
-
Evolving Skills Shortages
- Change in priorities from filling seats to ensuring candidates have current, relevant technical and non-technical skills:
- “Cybersecurity profession requires skilled professionals that are market-current.” (17:24)
- Non-technical skills—problem-solving, teamwork, communication—are more in demand.
- Change in priorities from filling seats to ensuring candidates have current, relevant technical and non-technical skills:
-
Disconnect Between Job Seekers & Employers
- Hiring managers and professionals disagree on top non-technical skills:
- “Number one non-technical skill demanded [by hiring managers] was problem solving at 29%...professionals put problem solving at 55% but communication skills on top.” (19:01)
- “If you have limited hiring opportunities, you’re going to want to hire people most compatible with what you’re looking for. That piece of rarity comes through, maybe that’s what’s stressing the market.” (19:27)
- Hiring managers and professionals disagree on top non-technical skills:
-
Entry-Level Positions & AI Displacement Fears
- “I don’t think that’s true.... Technology has always been moving at a pace ... What you do in that entry-level position has definitely changed.” (21:06)
- “Entry level people are probably AI natives...they’re well equipped and well placed to adopt it rapidly.” (21:41)
-
Pathways to Senior Roles in Cybersecurity
- “It’s about getting experiences in the arts of business, not just of security...I wholeheartedly embrace [the new landscape].” (23:12)
- Technical and business acumen must now both be developed.
-
Rapid Change and Adaptability
- “Getting comfortable with using modern tools...being comfortable in change and adopting new ways of working is probably where you have to really show your mettle.” (24:36–25:17)
Practical Advice for Practitioners and Employers
- “Look for a good balance between technical skilling and empirical knowledge...but also [develop] non-technical skills: problem-solving, teamwork, collaboration, communication, critical logical thinking...” (25:26)
- “It's not all about technology...it's about the intersection of those two.” (25:54)
- “Security pros are obviously about risk management ultimately...We are the purveyors of taking appropriate risk within appetite and in the business get what it needs to be done.” (26:13)
Memorable Quotes & Moments
-
On AI Skills Leap-Frogging the Field:
“If you looked sort of two years ago, it was either not on the survey or very, very low down and now it's ... the number one desired technical skill.” —John France [16:10] -
On Entry-Level Job Fears:
“Do we see the wholesale elimination of entry-level jobs by technology? Very, very rarely, if at all.” —John France [21:16] -
On the Profession’s Evolution:
“Our business skills and acumen have to complement it at the senior level. So... balance that against being able to communicate, talk and operate at a business level.” —John France [23:12]
Final Segment: AI Audits an Apple II Program
[28:22 – 29:30]
- Microsoft Azure CTO Mark Russinovich uses Claude Opus 4.6 AI to analyze his 1986 Apple II utility (“Enhancer”).
- AI decompiled the ancient 6502 machine code and instantly spotted subtle bugs (e.g., failure to throw errors when a line wasn’t found).
- Significance: Illustrates that modern AI can scrutinize low-level legacy code—a boon for defenders patching old systems, but also a “powerful new way” for attackers to hunt vulnerabilities in forgotten firmware and legacy code.
Notable Timestamps
| Segment | Timestamp |
|--------------------------------------------------------|----------------|
| Israel-Iran cyber strike | 00:12 – 04:00 |
| Trump admin cyber strategy | 04:00 – 06:30 |
| DHS leadership shakeup | 06:30 – 08:00 |
| Velvet Tempest, Clipx Daemon malware | 08:00 – 11:40 |
| Romance/BEC scammer prosecution | 11:40 – 13:00 |
| Gov’t tracking via online ads | 13:00 – 15:00 |
| Cybersecurity business & funding update | 15:00 – 15:30 |
| Interview: John France, ISC2 (cybersecurity workforce) | 15:34 – 26:30 |
| AI audits Apple II utility | 28:22 – 29:30 |
Tone & Style
The episode maintains an informative, brisk, and professional tone, interspersed with conversational directness—especially in the interview segment. Dave Bittner, the host, balances technical depth with accessibility, and the interview with John France is data-driven yet approachable.
For Further Reading
Links to all stories and the ISC2 Cybersecurity Workforce Study can be found in the CyberWire daily briefing (see show notes).
Summary prepared for listeners who need a comprehensive understanding of this episode’s most important topics and insights.