Maria Tranquilli (12:55)

Will Talk to Me ABC Tuesday they took his daughter.

Brandon Karp (12:58)

She's coming home alive.

Maria Tranquilli (13:01)

Will Trent the series critics are calling powerful Must see TV continues to thrill. Shouldn't we strategize before we go in there?

Brandon Karp (13:09)

If we screw up this case, a.

Dave Buettner (13:10)

Cop killer walks free.

Maria Tranquilli (13:11)

With the riveting conclusion to a two part season premiere, TBI get down will tread all new Tuesday on ABC and stream on Hulu.

Brandon Karp (13:27)

Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K Cyber threats are evolving every second and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Maria Tranquilli is Executive Director of the Common Mission Project. She recently got together with N2K's executive editor Brandon Karp to discuss the origins and impact of Hacking for defense and how universities can get involved.

Brandon Karp (15:43)

And we are joined today by Maria Tranquilli, the Executive Director of the Common Mission Project. Maria, thank you so much for joining us today.

Dave Buettner (15:51)

I'm so happy to speak to you today. Brendan.

Brandon Karp (15:53)

So curious for our listeners to understand. Some of them may have heard of Hacking for Defense or Common mission project or BNNT. We've had a few folks on the podcast over the last few months, including Steve Blank, about those programs. But can you give us, in your own words, what is Common Mission Project? What does that organization do?

Dave Buettner (16:14)

Absolutely. So the Common Mission Project is a global entity. We are present in the United States, Australia, the UK and expanding. We ensure that mission driven entrepreneurs, specifically within universities at the moment, are able to access the Lean Startup methodology through a program titled Hacking for Defense. We also offer Hacking for Diplomacy, Hacking for Homeland Security, and soon to be shared Hacking for Manufacturing. We're actually piloting Hacking for Manufacturing currently in the United States, and we're hoping to expand that program not only throughout universities and research institutions across the US but also with our allied counterparts across the globe.

Brandon Karp (17:00)

Oh, very cool. And for this audience, right? Our podcast mostly speaks to professionals in the cybersecurity and national security industry. This idea of hacking is obviously very familiar to them. Can you kind of share what this Hacking four series of programs is all about and how they work?

Dave Buettner (17:20)

Absolutely. So just to speak to the global dynamics that we are seeing at the moment, we know that the complexity of national security and defense problems will only intensify as the years go on. And we also know that there are rapid advancements in technologies like cybersecurity, AI, artificial intelligence, unmanned systems, all of which are very important technology verticals within the defense space and also across the private sector. And we also see this globally. There is very high level of interest across allied partners, including NATO, including the Ministry of Defense in the UK and including the Department of Defense in the United States. So when it comes to the hacking for programs, we ensure that mission partners across our global entities are able to identify problems that need to be solved at the speed of a startup. And in order to do that, we partner with bmnt. It's actually our for profit arm. BMNT works with our government partners to help those government entities identify problems that need to be solved at speed. Those problems are then deployed into research institutions and classrooms. Again, across our global instances in which we are running one of our hacking for programs, students, and I'd like to say here, students mean very specifically undergraduate and graduate level students. So we have students that are sophomores all the way through four to five years of schooling in universities working, yes, working on these problems. So they are handed problems to validate. There's a number of reasons this is incredibly important. One, we don't want the Department of Defense in the United States Ministry of Defense, etc. To waste time building solutions for problems that are not to be solved or have not yet been validated. Students will actually validate those problems and they do this in a number of ways. They ensure that they are doing proper customer discovery within the government and across government entities to narrow down to exactly the right problem that needs a solution paired with it. And this can take one month, this can take three months. It really depends on the type of customer discovery that these students are able to do from customer discovery through problem validation. Students then, with the help of Common Mission Project, have the opportunity to be funded, to travel, to understand even more deeply how to build solutions to those problems. So I'll stop there. Brennan, any specific questions there?

Brandon Karp (20:24)

Yeah, yeah. It strikes me that this is a pretty sophisticated set of programming. I mean, the model itself sounds fairly complex. You're managing multiple stakeholders, some in the government, certainly some at research institutes and universities, managing student work and sounds like curriculum as well. That is a very complex program, I imagine that's evolved over many years. Can you share maybe where we are today in terms of some of the successes that this program has had?

Dave Buettner (20:57)

Absolutely. I love that you asked. So first I'll say we are coming up on our 10 year anniversary of hacking for Defense programs.

Brandon Karp (21:05)

Happy, happy decade of running this. That's awesome.

Dave Buettner (21:08)

Thank you. Thank you. Well, I have to tell you, I am standing on the shoulders of giants. The founders of this program, Pete Newell and Steve Blank, who I know you've spoken to in the past, are two incredibly dynamic individuals that have brought me into this ecosystem to help scale and expand even further than the footprint that they have built. So Far so currently we are looking at that 10 year anniversary coming up it through the second quarter of 2025. So we're hoping and this is a shout out to everyone listening. We are really excited for pairing the 10 year H4D anniversary with a National Security Innovation Education conference. And we have some very. Thank you. And we have some very specific goals to hit during that conference. We are looking to eventually, and I will say inevitably establish a PME or professional military education curriculum. We're also looking to instate and or establish across one or multiple US based universities, a US degree program that specifically focus on national security innovation and entrepreneurship. So the beginning of the conversation will occur during our celebration Q2 2025.

Brandon Karp (22:36)

Yeah, very curious about any intel you can share about how organizations might get involved or individuals. There's a lot of folks here in this audience that you're speaking with who are very committed to professional education and certification and development, especially around workforce initiatives and those educational pursuits that you were mentioning.

Dave Buettner (22:55)

We are interested in any academics or universities that would be interested in contributing to developing PME professional military education curriculum. That goes for both private and public institutions. So public and private universities, the door is open specifically for individuals that like yourself. Actually Brendan, I know that we've actually talked about how we might engage the Navy specifically and I know you're doing some great work there and delivering H4 at a very specific university. So we're very interested in military institutions, public and private institutions playing their part and having a stake and a say in the type of curriculum that is developed as well as the US based degree program that I had mentioned. So Intel, I will say we are just on the coattails of having delivered our sixth annual Red Queen Innovation Conference. This is an executive level conference that is annual. Steve Blank and Pete Newell, along with myself and a few other individuals delivered this conference just a few weeks ago and we had an incredible contingent of the Ministry of Defense presence from the uk, DIU and other US based defense organizations, as well as NATO present. So it's one of the first moments in recent history in which all of these stakeholders are in the same room making decisions about what defense innovation and what defense education could look like. So when you ask about Intel, I would say it's very likely that the same individuals that attend our executive level convenings, some of which are private, some of which are public, will be with us during spring of 2025 for this upcoming anniversary and event.

Brandon Karp (24:54)

Great.

Brandon Karp (24:54)

Well everyone should keep an eye out then for those announcements. It does sound like a great Event moving into your second decade of these hacking four programs, what is the vision? Where does Common Mission Project go from here? What is the impact that you're looking to have in your second decade of running this?

Dave Buettner (25:12)

I love this question. There's so much that I am excited to gain traction on and to deliver in the next 10 years. Very specifically, I would say the linchpin here is ensuring that what I know to be our greatest asset, not only in America, but across allied nations, is ensuring that we are preserving and protecting the spirit of innovation and entrepreneurship. And where does that lie? Specifically, we know that retention within our defense organizations and government organizations is at an all time low. We also know that incoming individuals that are right now in university that will be exiting university and looking to enter our economy with really interesting mission focused jobs. They need a pathway forward. And that is one way in which Common Mission steps in and ensures that not only our new talent, but talent right now that needs to be retained within these organizations does remain within those organizations. So my main focus, one of three, I'd say there are three pillars of focus. One, again, ensuring that our ecosystem is steady, our ecosystem is well fortified and that we're preserving the spirit of innovation and entrepreneurship across different stakeholders, which includes all of that new and current talent. It includes all of our academics who need consistent training and consistent access to really interesting problems and really, really interesting and challenging curriculum that they can then deliver in the classroom as well. As I'll say this, the second tier very specifically is scaling our programs across allied nations.

Brandon Karp (27:12)

Okay.

Dave Buettner (27:13)

We have an incredibly high level of interest from multiple countries, NATO allies, specifically from Estonia and Germany, et cetera. And we need to ensure that our hacking for programs are run across these countries. And there's a number of reasons. One, we know that the nature of the problems across defense and government organizations are duplicative. We know as far as what I have actually seen, we know that the same problems are looking to be solved across different countries. We need to ensure that we are not wasting money and wasting time solving the same problems. So one of the biggest opportunities that I see Common Mission Project having a very, a very unique stance on is the ability to actually make the invisible visible. Meaning we're able to take specific problems from across our allied nations, identify those through the data that we hold, and ensure that those nations are working together to solve the same problems. And there's a number of different ways that we will do this. It's through some of our executive convenings. It is through our programming that is delivered across universities. It's actually through deploying from our student fund to ensure that our donor dollars are going to solve the right problems. So I'd say that's our third pillar. It's really ensuring that our students have the capital that they need to do the research, to do the customer discovery, to do the travel that is needed so that they can validate those problems and go back to the government with an interesting solution.

Brandon Karp (29:11)

Fantastic. And it sounds like a functional approach. I love that taking advantage of the lessons learned and applying that broadly across all of the global partners. So well, you know, if folks are interested to learn more, to get involved somehow, whether they're at a university or one of these government stakeholders, where can people go to learn more about Common Mission Project?

Dave Buettner (29:34)

CommonMission US is the global instance and they can reach out directly to me through there.

Brandon Karp (29:41)

Great. Well, the the organization is the Common Mission Project. The program is hacking for and specifically hacking for defense. Maria, thank you so much for joining us today.

Dave Buettner (29:51)

Thank you so much, Brandon. It was such a pleasure.

Brandon Karp (29:54)

That's our own Brandon Karp speaking with Maria Tranquili, Executive Director at the Common Mission Project. For more information, we'll have links in our show Notes do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber. That's vanta.com cyber for $1,000 off.

Maria Tranquilli (31:24)

This episode is brought to you by Indeed. We're driven by the search for better. But when it comes to hiring, the best way to search for a candidate isn't to search at all. Don't search match with Indeed. Use Indeed for scheduling, screening and messaging so you can connect with candidates faster. Listeners of this show will get a $75 sponsored job credit to get your jobs more visibility@ Indeed.com SBO terms and conditions app.

Brandon Karp (31:58)

And finally, our Sisyphus desk tells us that Microsoft's Red Team took a hard look at over 100 of its own generative AI products and walked away with a humbling AI security is a moving target that's never fully secure. Their paper Lessons from Red Teaming 100 Generative AI Products outlines eight key lessons with one undeniable truth. AI doesn't just amplify existing security risks, it invents new ones. Know what your AI does? Larger models follow instructions better, but that means they're also better at following malicious ones. Great for hackers, less so for defenders. Lesson 2 Fancy Gradient based attacks are overrated when simpler tricks like phishing or UI manipulation works just fine. Red teaming is about uncovering novel risks, not just checking benchmarks. Microsoft developed Pirate, an open source toolkit to automate red teaming tasks. But human input remains vital. Experts not only spot subtle vulnerabilities, but also handle AI generated horrors that would make anyone's eyes water. And yes, RedTeamers need mental health care too. AI's harms lesson 6 notes are tricky to quantify, like bias baked into image prompts showing male bosses and female secretaries reinforcing stereotypes. Finally, lesson 7 slams feed AI bad inputs and it'll gleefully produce bad outputs, including spilling sensitive data. The takeaway AI isn't just a security headache, it's the whole migraine. But hey, at least it's job security for infosec folks, because every new AI risk is another reason to hire a defender. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com a programming note we will not be publishing on Monday, January 20th in observance of Martin Luther King Jr. Day. Check out your Cyberwire Daily podcast feed for some crossover with our T Minus Space Daily team for an interview with Kyan Space about data automation and space domain awareness. Don't miss it. Be sure to check out this weekend's research Saturday and my conversation with Nati Tal, head of Guardiolabs. Their research is titled Cross Exploiting a Zero Day Opera Vulnerability with a Cross Browser Extension Store Attack. That's research Saturday Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman, our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrella is our president. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here next week.