Houken blends stealth and chaos. - CyberWire Daily

Summary9 min read

CyberWire Daily: Episode Summary – "Houken Blends Stealth and Chaos"

Release Date: July 2, 2025
Host: N2K Networks

1. Recent Cybersecurity Incidents and Threat Landscape

The episode begins with a comprehensive overview of notable cybersecurity incidents and emerging threats impacting various sectors globally:

Haken Intrusion Campaign in France
- Summary: France's cybersecurity agency, ANSI, reported that entities across government, telecom, media, finance, and transport sectors were targeted by the Haken intrusion set, exploiting zero-day vulnerabilities in Ivanti cloud service appliances.
- Link to APT41: The Haken group is associated with UNC5174, linked to the sophisticated Chinese contractor hacking group APT41.
- Motives: The campaign exhibits both espionage and financial motives, including crypto mining and mass email theft from a South American ministry.
- Advanced Techniques: Attackers utilized sophisticated zero-day exploits and noisy public Chinese tools, indicating a multi-party operational approach.
- Ongoing Threat: Both Haken and UNC5174 remain active, targeting internet-facing systems globally for opportunistic exploitation.
Ransomware Attack on German Charity Deutsche Welthungerhilfe (WHH)
- Incident Details: WHH, a German hunger charity, was targeted by a ransomware-as-a-service group demanding 20 bitcoins (~$2.1 million) for stolen data.
- Response: WHH did not pay the ransom, shut down affected systems, engaged cybersecurity experts, notified data protection authorities, and involved law enforcement.
- Continued Operations: Despite the attack, WHH maintains its humanitarian efforts in regions like Gaza, Ukraine, and Sudan.
- Previous Targets: The same group has previously attacked hospitals and nonprofits, including Easter Seals.
AT&T Launches Wireless Account Lock Feature
- Purpose: To combat SIM swapping and account takeover attacks, AT&T introduced a new feature preventing changes to billing information, number transfers, SIM swaps, and device upgrades without app or customer support verification.
- Availability: The feature is accessible to individual, business, and prepaid customers, with only primary and secondary account holders able to manage settings.
- Industry Context: This move follows similar security enhancements by competitors T-Mobile and Verizon amid rising concerns over breaches like Salt Typhoon.
Cyber Attack on SE Health in Missouri
- Impact: SE Health experienced a breach exposing data of over 263,000 patients, including names, Social Security numbers, medical records, and insurance details.
- Operational Disruption: The attack compromised electronic medical records and disabled phone systems, forcing staff to revert to manual processes.
- Response: SE Health is offering 12 months of free identity protection and collaborating with law enforcement. No misuse of data has been reported yet.
Qantas Suffers Largest Data Breach in Years
- Details: Hackers accessed a third-party call center platform, compromising data of 6 million customers, including names, emails, phone numbers, birth dates, and frequent flyer information.
- Response: Qantas detected unusual activity promptly, containing the breach without impacting operations or flight safety.
- Reputational Impact: The breach exacerbates ongoing reputational challenges for Qantas, with CEO Vanessa Hudson emphasizing the seriousness of data security and apologizing to customers.
Critical Vulnerabilities in Agoram Core Open Discovered
- Findings: USD Hero Lab identified multiple critical vulnerabilities in Agoram Core Open, allowing unauthenticated attackers to fully compromise systems through remote code execution with root privileges.
- Vulnerabilities Include: Command injection, path traversal, plain-text password storage, XML external entity attacks, SSRF cross-site scripting, and incorrect authorization.
- Risk: These flaws pose severe risks, enabling full system takeover without authentication if unpatched.
Ransomware Attack on Southwood Financial in Virginia
- Incident: Southwood Financial, a private student loan administrator, was hit by the Akira Ransomware Group, compromising personal data of borrowers and potential employees.
- Exposed Data: Includes names, Social Security numbers, birth dates, addresses, phone numbers, emails, and other account details.
- Response: The company began notifying affected individuals on June 27, filed a data breach report on June 30, and is offering credit monitoring and a helpline for assistance.
US Treasury Sanctions Russian ASA Group
- Accusations: The ASA Group is accused of providing bulletproof hosting services to ransomware gangs and darknet drug markets, aiding criminals in evading law enforcement.
- Sanctions Details: CEO Arsenyi Penzev and three other leaders were sanctioned. Penzev and Yuri Bozoyan were arrested in Russia for ties to the Blackspruit marketplace.
- Broader Crackdown: The sanctions target AZA Group subsidiaries involved in criminal infrastructure, part of a coordinated international effort.
Johnson Controls Ransomware Attack
- Impact: A major ransomware attack disrupted Johnson Controls' global operations from February to September 2023, affecting over 100,000 employees across 150 countries.
- Attackers: The Dark Angels ransomware group is suspected, demanding a $51 million ransom to decrypt systems and delete 27 terabytes of stolen data.
- Financial Toll: Incident response and remediation costs reached $27 million by early 2024, with expectations of rising further.
- Operational Disruption: The attack forced Johnson Controls to shut down parts of its IT infrastructure, impacting customer services worldwide.

2. Workforce Analysis Interview: Will Marco on Technology Workforce Trends

In an insightful segment, Will Marco, CEO of Four One Insights and N2K CyberWire Senior Workforce Analyst, delves into the current trends and challenges facing the cybersecurity workforce.

a. Workforce Challenges and Market Dynamics

Pandemic Impact and Market Whiplash
- Observation: The cybersecurity workforce experienced extreme fluctuations due to the pandemic. Initially, there was a surge in hiring anticipating a permanent shift to digital operations.
- Current Trend: Economic uncertainties, rising interest rates, and geopolitical tensions have led to a hiring pullback, causing confusion and recalibration in workforce expectations.
- Quote:
  "[...] the pendulum is starting to swing back the other way again. And this is leading to that whiplash where I think a lot of people just don't know what's going on in such a frothy market."
  (14:15 Will Marco)
Cybersecurity Talent Shortage Debate
- Data Insights: According to CyberSeek data, there are approximately 74 skilled cybersecurity workers for every 100 positions available, indicating a talent gap.
- Expectation vs. Reality: While there is a surplus of about 110 entry-level workers for 100 available jobs, employers often seek candidates with advanced degrees, certifications, and extensive experience, creating an expectations gap.
- Quote:
  "There is clear evidence of a talent shortage... but that does mask the reality that a lot of people in the field are facing."
  (16:10 Will Marco)

b. Employer Strategies: Upskilling and Recruitment

Investment in Current Workforce
- Trend: Forward-thinking employers are increasingly investing in upskilling and reskilling their existing employees to bridge the talent gap.
- Benefits: Companies see significant ROI, saving over $10,000 per role in hiring costs and benefiting from longer employee tenure and higher engagement.
- Quote:
  "The companies who do [invest in training], they see significant ROI on their training investments."
  (18:44 Will Marco)
Expanding Talent Pipelines for Diversity
- Approach: Employers are broadening their recruitment strategies by removing rigid degree and certification requirements, focusing instead on candidates' potential and foundational skills.
- Outcome: This shift not only enhances diversity but also reduces hiring costs and increases employee retention.
- Quote:
  "I really think that many employers should think about how to expand the aperture of the candidate pool and their talent pipeline so that they can start to hire more of these missionaries and save some money..."
  (22:04 Will Marco)

c. Education and Training Effectiveness

Curriculum Innovation
- Hands-On Learning: Successful training programs incorporate practical experience, partnering with local security operations centers (SOCs) to provide students with real-world cybersecurity exposure.
- Employer Collaboration: Training providers are actively engaging with employers to align their curricula with in-demand skills and competencies.
- Quote:
  "I think that a lot of the more innovative programs have started to try and incorporate more hands-on learning into their curriculum."
  (20:34 Will Marco)

d. Diversity in the Cybersecurity Workforce

Progress and Challenges
- Ethnic Diversity: There have been significant strides in increasing ethnic diversity within the cybersecurity sector over the past decade.
- Gender Diversity: Contrary to ethnic diversity improvements, gender diversity has seen a decline.
- Quote:
  "We see in it more broadly, but it has grown fairly dramatically in terms of representation. But it's actually gone in the opposite direction when it comes to gender diversity."
  (22:04 Will Marco)
Effective Strategies for Enhancing Diversity
- Non-Traditional Hiring: Recruiting from non-traditional talent pools, such as candidates without formal degrees or extensive experience, fosters a more diverse and committed workforce.
- Benefits: Organizations benefit from longer tenure, lower turnover, and higher engagement rates among diversely hired employees.
- Quote:
  "But by contrast, when we see that employers are willing to hire people who don't come in the door with a pristine resume, that they are usually rewarded with longer tenure rates, lower turnover rates, higher employee engagement..."
  (22:04 Will Marco)

e. The Impact of AI and Automation on Cybersecurity Workforce

Integration into Workflows
- Current Use: AI is increasingly embedded in cybersecurity operations, aiding in threat intelligence, data analysis, automated processes, and even code writing.
- Potential Risks: While AI enhances efficiency, over-reliance may degrade critical thinking skills among cybersecurity professionals.
- Quote:
  "We're also starting to see that that AI has some unintended consequences for many individuals and many teams... the more you use AI, the worse your critical thinking gets."
  (24:37 Will Marco)
Future Outlook:
"AI is certainly becoming more integrated into the day-to-day workflows for a lot of cybersecurity teams... but we also need to ensure that we're not handing over all of the reins to AI just yet and still retaining some critical thought for ourselves as well."
(24:37 Will Marco)

f. Advice for Aspiring Cybersecurity Professionals

Balancing Technical and Human Skills
- Essential Skills: Beyond technical expertise, soft skills such as critical thinking, communication, and empathy are increasingly valued.
- Human-Centric Roles: As AI handles more routine tasks, the ability to interact with diverse teams and translate technical concepts to non-technical audiences becomes crucial.
- Quote:
  "Cybersecurity jobs are more likely to be requesting many human skills like critical thinking, like communication, like all of these legacy, foundational skills..."
  (27:11 Will Marco)
Continuous Learning and Certification
- Ongoing Education: Staying updated with the latest certifications and technical skills remains important, alongside cultivating enduring human skills.
- Quote:
  "While I think it's always going to be important to focus on building the latest and greatest skills that are in demand, I think it's always going to be valuable to obtain new certifications that employers value."
  (27:11 Will Marco)
Personal Anecdote:
Will Marco humorously emphasizes the importance of soft skills by citing his own experience:
"Never underestimate the importance of that public speaking class. Right?"
(28:43 Dave Bittner & 28:49 Will Marco)

3. Notable Quotes with Timestamps

"There is clear evidence of a talent shortage... but that does mask the reality that a lot of people in the field are facing."
— Will Marco (16:10)
"But by contrast, when we see that employers are willing to hire people who don't come in the door with a pristine resume, that they are usually rewarded with longer tenure rates, lower turnover rates, higher employee engagement..."
— Will Marco (22:04)
"We're also starting to see that that AI has some unintended consequences for many individuals and many teams... the more you use AI, the worse your critical thinking gets."
— Will Marco (24:37)
"Never underestimate the importance of that public speaking class. Right?"
— Will Marco (28:49)

4. Conclusion

The episode "Houken Blends Stealth and Chaos" provides a thorough examination of recent cybersecurity threats and delves into the evolving dynamics of the cybersecurity workforce. Through Will Marco's expert analysis, listeners gain valuable insights into talent shortages, the importance of upskilling, diversity challenges, the impact of AI, and actionable advice for aspiring cybersecurity professionals. As the cyber threat landscape becomes increasingly complex, understanding workforce trends becomes crucial for organizations aiming to build resilient and adaptive cybersecurity teams.

For more detailed coverage and daily updates, visit the CyberWire Daily website.

Loading summary

Transcript26 lines

[00:02]
Will Marco
You're listening to the Cyberwire Network powered by N2K.
[00:13]
Dave Bittner
Risk and compliance shouldn't slow your business down. Hyperproof helps you automate controls, integrate real time risk workflows and build a centralized system of trust so your teams can focus on growth, not spreadsheets. From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of Smarter compliance. Visit www.hyperproof.IO to see how leading teams are transforming their GRC programs. French authorities report Multiple ENT targeted by access brokers A ransomware group extorts a German Hunger Charity AT&T combats SIM swapping and account takeover attacks. A Missouri physician group suffers a cyber attack Qantas doesn't crash, but their computers do. Researchers uncover multiple critical vulnerabilities in Agoram Core Open. A student loan administrator in Virginia gets hit by the Akira ransomware group. The feds sanction A Russian bulletproof hosting service Johnson Controls notifies individuals of a major ransomware attack dating back to 2023. Will Marco, CEO of Four One Insights and N2K CyberWire Senior Workforce analyst, shares the latest technology workforce trends and the Iceblock app warms up to users. It's Wednesday, July 2, 2025. I'm Dave Pittner and this is your CyberWire Intel BR. Thanks for joining us. It's great to have you with us. France's cybersecurity agency ANSI reported that multiple government, telecom, media, finance and transport entities were targeted last year by a hacking campaign exploiting zero day vulnerabilities in Ivanti cloud service appliances. The intrusion set, dubbed Haken, is linked to the same threat actor mandiant tracks as UNC5174. ANSI suspects Haken is run by private operators selling access and data to state linked bodies resembling Chinese contractor hacking groups such as APT41. The campaign showed both espionage and profit motives, including crypto miner deployments and mass email theft from a South American ministry. Attackers used advanced zero day exploits alongside noisy public Chinese tools, suggesting a multi party approach, ANSI warns. Haken and UNC5174 remain active, targeting Internet facing systems globally for opportunistic exploitation. German charity Deutsche Welthungerhilfe, which provides food and emergency aid globally, has been attacked by a ransomware as a service group, the hackers listed WHH on their Darknet Leak site, demanding 20 bitcoin about $2.1 million for stolen data. It's unclear if the charity's systems were encrypted, but WHH confirmed it will not pay the ransom. The charity immediately shut down affected systems, engaged cybersecurity experts informed data protection authorities and involved police. Despite the attack, WHH continues its humanitarian work in Gaza, Ukraine, Sudan and beyond. The same ransomware group has previously targeted hospitals and nonprofits, including Easter Seals. WHH emphasized that their mission remains unchanged, stating their aid is more important than ever amid ongoing global crises. AT&T widely launched its Wireless Account Lock feature Tuesday to combat sim swapping and account takeover attacks. Available for individual, business and prepaid customers, the lock prevents changes to billing info, number transfers, sim swaps and device upgrades without verification via the app or customer support. Only primary and secondary account holders can manage settings. This follows similar security moves by T Mobile and Verizon. The launch comes amid heightened concerns after breaches like Salt Typhoon, with experts urging stronger multi factor protections. SE Health, a physician group in Greater St. Louis, suffered a cyber attack exposing data of over 263,000 patients discovered on April 21. The breach affected electronic medical records and disabled phone systems, forcing staff to use manual processes. Stolen data includes names, Social Security numbers, medical records and insurance details. The attack's method was not disclosed. There's no evidence of misuse so far, but Essie health is offering 12 months of free identity protection while law enforcement investigates. Qantas has reported Australia's largest data breach in years after a hacker accessed a third party call center platform containing data on 6 million customers. Exposed information includes names, emails, phone numbers, birth dates and frequent flyer numbers. The airline detected unusual activity and acted quickly to contain the breach, with no impact on operations or flight safety. While cybercrime group Scattered Spider has targeted other airlines recently, Qantas has not attributed the breach. The incident adds to Qantas reputational challenges following Covid era controversies, illegal worker dismissals and ticketing scandals. CEO Vanessa Hudson apologized, emphasizing data security is taken seriously. The airline notified national cybersecurity and privacy agencies and and said no passwords or login credentials were compromised. Though a significant data exposure is expected. Security researchers at USD Hero Lab discovered multiple critical vulnerabilities in Agoram Core Open that allow unauthenticated attackers to fully compromise systems. Chained together. These flaws enable remote code execution with root privileges. Issues include command injection, path traversal, plain text, password storage, XML external entity attacks, SSRF cross site scripting and incorrect authorization. The findings were responsibly disclosed to Agoram. These vulnerabilities pose a severe risk, enabling full system takeover without authentication if left unpatched. Southwood Financial A private student loan administrator in Virginia suffered a ransomware attack attributed to the Akira Ransomware Group. The incident began on March 25 when suspicious activity disrupted its computer network. An investigation revealed that personal data belonging to borrowers and potential employees was compromised. Exposed information includes names, Social Security numbers, birth dates, addresses, phone numbers, emails and other account details. The number of affected individuals has not been disclosed. Southwood began notifying impacted people on June 27 and filed a data breach report with Vermont's Attorney General on June 30. The company is offering credit monitoring services and set up a helpline for questions and assistance related to potential identity theft or fraud. The U.S. treasury Department sanctioned Russia based ASA group, accusing it of providing bulletproof hosting services to ransomware gangs and darknet drug markets. AZA Group allegedly helped criminals evade law enforcement by renting IP addresses, servers and domains used for malware fraud and cyber attacks targeting U.S. defense and tech firms. CEO Arsenyi Penzev and three other leaders were sanctioned. Penzev and General Director Yuri Bozoyan were arrested in Russia for drug trafficking ties to to the Blackspruit marketplace. AZA has also been linked to pro Kremlin disinformation campaigns like Doppelganger subsidiaries, AZA International, AZA logistic and cloud solutions were included in the sanctions, part of a broader crackdown on criminal infrastructure used by cyber gangs. The action was coordinated with the UK and international partners. Johnson Controls is notifying individuals affected by a major ransomware attack that disrupted its global operations from February to September 2023. The multinational building automation and H Vac giant, employing over 100,000 people across 150 countries, confirmed attackers accessed its systems, stealing data and encrypting devices. The Dark Angels ransomware group is suspected demanding a $51 million ransom to decrypt systems and delete 27 terabytes of stolen corporate data. The attack forced Johnson Controls to shut down parts of its IT infrastructure affecting customer services worldwide. Costs for incident response and remediation had reached $27 million by early 2024 and are expected to rise. Dark Angels uses double extortion tactics, threatening to leak stolen data online to pressure victims into paying ransom. 2023 I guess you can't rush these things. Coming up after the break, Will Marko, CEO of Four One Insights, an N2K CyberWire Senior Workforce Analyst, chairs the latest technology workforce trends and the Iceblock app warms up the users. Stay with us. Did you know Active Directory is targeted in nine out of 10 cyber attacks. Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now@sempris.com purple-knight that's sempress.com purple knight foreign and now a word from our sponsor. Spy Cloud identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire Will Marco is CEO of Four One Insights and also an N2K cyberwire senior workforce Analyst. I recently caught up with him for the latest on technology workforce trends.
[12:59]
Will Marco
I've, you know, really, I say, taken a back door into the cybersecurity world as well as the IT world more generally. Of been analyzing both the cybersecurity as well as the IT workforce now for over 12 years. And I really just kind of stumbled into that because I've always loved economic analysis. I mean, you know, who doesn't love analyzing data on a Friday night? Not sure what anybody else does for fun, but I've always enjoyed wrapping my head around problems that really reside at the intersection of quantitative analysis and public policy. And the workforce is it really fits the bill. And so I've now been analyzing the cybersecurity workforce in particular for well over a decade and I've released a number of reports looking at the cyber workforce. But really my work in the space has culminated in the development of cyberseek.org I was one of the original founders of that website and have been producing data on the cybersecurity workforce now for a good chunk of my career. And so it's really become a passion project for me as well as something that hopefully adds a little bit of value to the community.
[14:07]
Dave Bittner
Well, let's talk about some of the workforce challenges that you see the cybersecurity industry facing today. What is top of mind for you?
[14:16]
Will Marco
Well, you know, I think that lately the cybersecurity workforce has really just been facing whiplash. We were coming off of the pandemic lows and then the pandemic highs where everybody was stocking up as many cybersecurity workers, as well as IT workers as possible, because everybody assumed that we were going to be moving online and everything was going to be going digitally for the foreseeable future. And so I think that a lot of people really got it stuck in their heads that, oh, this is going to be the way of the future. These jobs aren't going to go anywhere. And what we found is that in many cases, well, those jobs didn't really go anywhere. But the demand definitely shifted over the past couple of years once interest rates started rising, once there was more geopolitical uncertainty across the globe, which led to economic uncertainty. And all of these other factors have led to a bit of a pullback in hiring for cyber workers as well as IT workers more generally. And I think that a lot of people are now having to recalibrate what their expectations were for jobs, both in cyber as well as in the IT industry more generally. Now, the common narrative is that, well, a lot of this disruption is driven by AI. And we might talk about that a little bit later. I'm not quite sold on that idea just yet, but. But we're also now starting to see that although there was a pullback in demand for cyber jobs over the past few years, we're starting to see an uptick again. The latest cyber seek data, which were just released a few weeks ago, really confirmed that as we saw a growth of about 50,000 job openings calling for cybersecurity workers. And so I think the pendulum is starting to swing back the other way again. And this is leading to that whiplash where I think a lot of people just don't know what's going on in such a frothy market.
[16:03]
Dave Bittner
Where do you fall on the notion of there being a cybersecurity talent shortage?
[16:10]
Will Marco
So this is always a bit of a contentious issue, depending upon who you ask. I think that where I fall is probably somewhere in the middle compared to what other people might say. Some folks swear that there's a talent shortage. Some people say, oh, it's completely manufactured. There is no shortage. We have all of these people out there who are getting cybersecurity degrees and saying, hey, we can't find cybersecurity jobs. And I think the way that I come at this issue is that I try to take a very data informed perspective. And what we found when we look at the data is that there is clear evidence of a talent shortage. The Latest numbers from CyberSeq suggest that we only have about 74 skilled cybersecurity workers for every 100 that employers demand. However, that does mask the reality that a lot of people in the field are facing. And that reality is that it if your resume isn't stuffed full of degrees that are fancy, certifications that are fancy, many years of experience in the field, then you're actually probably going to have a pretty hard time finding a job, especially if you're an entry level worker. When we unpack the data a little bit more, we find that we actually have a surplus of workers at the entry level. Last time I checked, it was about a 10% surplus, which meant we had about 110 entry level workers for every 100 that employers were demanding. And so I think this is why you're starting to hear these conflicting reports from employers as well as individuals, where employers are saying, hey, we can't find the cybersecurity workers we need, and individuals are saying, hey, we're having a hard time finding a job, even though we did everything we were supposed to to enter into the field. The reality is a lot of employers are looking for somebody who has heightened years of experience or fancy credentials. And if you just finished a cyber program or a boot camp, it's going to be really tough for you to get foot in the door for the limited number of entry level jobs that there are. And so I think that while yes, we do see evidence of a talent gap broadly, we also find that there's an expectations gap between what employers are requesting and what's actually available in the candidate pool. And that leads to a lot of the challenges that we hear and the discordant messages from people across the cyber ecosystem.
[18:33]
Dave Bittner
Where do we stand when it comes to the employers in terms of them being willing and able to upskill the people who are already working for them?
[18:44]
Will Marco
It's a great question, and I think that a lot of employers are coming around to the realization that you really do have to invest in your people because you're not going to be able to go out and find that mythical purple unicorn candidate who has a CISSP and maybe a few other fancy credentials, has 10 plus years of previous experience in the technical cyber role, and has the 25 different skills that you're looking for, some of which have not even been available on the market for very long and no training programs are really focusing on them. And so I think that the more forward thinking employers are starting to come around to the idea that you really do have to invest in your people. But not all of the employers have really come around to that way of thinking just yet. But we do find that the companies who do, they see significant ROI on their training investments. When we find that employers are training for certain skills that are hard to find, on average, they can save $10,000 or more for their hiring costs per role that they're hiring for. And we see similar things when we look at employers who are willing to take out a degree requirement. We see similar things when employers are willing to take out certain certification requirements that might be nice to haves but not need to haves. And so it's not only good for employers to invest in upskilling and reskilling their people because they just have a limited candidate pool of folks who have those purple unicorn skills, but it's also good for their bottom line as a result.
[20:22]
Dave Bittner
Looking at the education and training programs themselves, how successful are they at preparing candidates for the challenges they're going to find in the real world?
[20:34]
Will Marco
I think that a lot of the training programs out there are doing an admirable job of preparing their students for the real world. But it is always difficult when you're trying to translate what you're learning in the classroom to on the job experience. And so I think some of the more innovative programs have started to try and incorporate more hands on learning into their curriculum. Some are now even partnering with with local municipality focused SOCs or security operations centers where students may get firsthand experience working in a soc that is providing real cybersecurity services to local municipalities or small businesses that otherwise wouldn't be able to find a cost effective cybersecurity service option available. And so I think that there are some innovative approaches that training providers are trying to take, and most are really trying admirably to connect with employers in the cybersecurity ecosystem to learn more about the in demand skills, the in demand credentials, and the knowledge, skills and abilities that are needed to enter into the field.
[21:48]
Dave Bittner
Like a lot of sectors, I think the cybersecurity workforce has struggled with diversity. We're talking about gender, race, or even neurodiversity. What sort of things are working when it comes to that and what isn't?
[22:05]
Will Marco
It's a great question, and I'll preface this by saying that when we look at the data, we actually see a mixed picture in terms of the trajectory of the cybersecurity industry as it relates to diversity. On the one hand, we have seen that over the past 10 or so years the industry has made some significant strides in terms of trying to bring in people with more ethnic diversity. It's still not quite the same level. We see in it more Broadly, but it has grown fairly dramatically in terms of representation. But it's actually gone in the opposite direction when it comes to gender diversity. And so you see a bit of a mixed picture when you look at the data. And I think that one of the things that has been most effective for organizations who are trying to build a more diverse workforce is they're expanding the aperture of their talent pipeline and they're recruiting from non traditional sources of talent relative to where they've looked in the past. So, for example, that doesn't necessarily mean you put out a big sign that says, hey, we're looking for more diverse candidates, but it might mean that you're saying, well, hey, we're willing to hire somebody who doesn't have a bachelor's degree, or we're willing to hire somebody who doesn't have five to 10 years of prior work experience. And I usually liken this to hiring for missionaries versus mercenaries. I think that the default for many organizations for a long time has been you go after that mercenary who has many years of prior work experience, has a pristine resume, has all of these fancy skills and certifications and credentials. But guess what? There's a limited pool of those people. And if you want to hire them, so do 20 of your biggest competitors. And you're just going to be poaching from one another and driving up south salaries as you try to hire folks from this limited pool of talent. But by contrast, when we see that employers are willing to hire people who don't come in the door with a pristine resume, that they are usually rewarded with longer tenure rates, lower turnover rates, higher employee engagement, and a more diverse workforce, often without even having explicit diversity goals. And so I really think that many employers should think about how to expand the aperture of the candidate pool and their talent pipeline so that they can start to hire more of these missionaries and save some money by not hiring quite so many mercenaries.
[24:28]
Dave Bittner
Well, let's talk about AI. What's your outlook here? How do you suppose AI and automation might reshape the cybersecurity workforce?
[24:38]
Will Marco
You know, I think that AI is one of those hot button topics where everybody has an opinion and everybody has, I think, a vested interest in trying to tell you that their opinion is going to be correct. Often because there is a vested agenda that they have lurking behind the scenes. But the reality is, hey, it's a big new technology that is impacting many facets of the economy, and it's one of the fastest growing fields that we've ever tracked. And it's certainly the fastest growing in the IT space right now. But what I like to say is that it's really too early to make definitive statements. We're in the first inning and we're really not sure yet exactly what direction this technology is going to go. That said, we still can at least get a hazy gaze into our crystal ball if we try to look. And what we're starting to see is that AI is certainly becoming more integrated into the day to day workflows for a lot of cybersecurity teams. They're using it to help automate certain processes and workflows, especially as it relates to things like threat intelligence and just being able to search through all the reams and reams of data that are coming in constantly in their networks. But it's also helping people to write more effectively. In some cases, it's also helping people to write code more quickly. But there's always some danger in any new technology that it gets misused. And we're also starting to see that that AI has some unintended consequences for many individuals and many teams. And one of the biggest consequences is that new research is coming out showing the more you use AI, the worse your critical thinking gets. You're offloading a lot of your thinking over to this new tool, and like any muscle, if you don't use it, you lose it. And that has some problematic implications, especially for our cybersecurity teams, where, hey, you have to be a good critical thinker, you have to have a healthy dose of skepticism when looking at the information that's being presented to you. And so I think that this is going to be one of the big challenges that both the cybersecurity workforce, as well as the workforce more broadly is going to have to grapple with as it relates to AI is, yes, it's a powerful tool, but we also need to ensure that we're not handing over all of the reins to AI just yet and still retaining some critical thought for ourselves as well.
[27:04]
Dave Bittner
What sort of advice would you have for someone who's looking to break into cybersecurity these days?
[27:11]
Will Marco
I would say that you really have to be able to both learn the technical side of cybersecurity, but also the human side. One of the things that we are seeing in the data is that, yes, cybersecurity workers, they have to know technical skills, and yes, you should always be focusing on embedding the latest and greatest skill sets into your arsenal. But what we're also seeing is that cybersecurity jobs are more likely to be requesting many human skills like critical thinking, like communication, like all of these legacy, quote unquote foundational skills that have been important for a long time and they're going to continue to be important and perhaps even more so in the age of AI, because as AI is able to take over some of the rote technical tasks that people were performing in the past, it puts a premium on the skills that are more uniquely human. And I think that what we're consistently hearing from employers is that, hey, it's great to have somebody who has technical skills, but we need somebody who can liaise with multiple teams, who can communicate technical concepts to a non technical audience and can just show the human empathy needed to be able to collaborate effectively with people across the organization. And so while I think it's always going to be important to focus on building the latest and greatest skills that are in demand, I think it's always going to be valuable to obtain new certifications that employers value. Let's not forget about the human skills that have enduring value.
[28:44]
Dave Bittner
Never underestimate the importance of that public speaking class. Right?
[28:49]
Will Marco
Exactly. Exactly. I probably use that more than just about any other class I took.
[28:53]
Dave Bittner
That's right.
[28:54]
Will Marco
That's right.
[28:56]
Dave Bittner
That's Will Marcos, CEO of Four One Insights and an N2K CyberWire Senior Senior Workforce Analyst. If you'd like to hear more from Will, he was a guest on our CSO Perspectives podcast right here on the N2K CyberWire network. Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Cempras created Purple Knight, the free security assessment tool that scans your Active Directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now at sempris.com purple-knight that's sempris.com purple knight.
[29:59]
Unknown
With a Venmo debit card, you can Venmo more than just your friends. You can use your balance in so many ways. You can Venmo everything. Need gas? You can Venmo this. How about snacks? You can Venmo that. Your favorite band's merch. You can Venmo this or their next show. You can Venmo that. Visit Venmo Me Debit to learn more.
[30:17]
Dave Bittner
You can Venmo this or you can Venmo that. You can Venmo this or you can.
[30:22]
Unknown
The Venmo MasterCard is issued by the Bancorp bank and a pursuant to license by MasterCard International Inc. Card may be used everywhere MasterCard is accepted. Venmo purchase restrictions apply.
[30:33]
Dave Bittner
And finally, IceBlock, an iPhone app for anonymously spotting ICE agents, has soared to the top of Apple's US App Store, thanks in part to US Attorney General Pam Bondi's criticism, which apparently doubled as free marketing. About 20,000 users in Los Angeles alone now receive alerts whenever ICE is sighted within a five mile radius, making it something of a Pokemon go for immigration enforcement. TechCrunch verified the app doesn't collect user data after Bondi's late Monday remarks. Downloads exploded overnight, proving once again that if you want something to disappear from public interest, the worst thing you can do is talk about it on national tv. And that's the Cyberwire, or links to all of today's stories. Check out our daily briefing at the Cyber. We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There's a link in the show Notes. Please do check it out. N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We're mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpie is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.