B (8:05)

From phishing to ransomware, cyber threats are constant. But with Nord Layer, your defense can be too. Nordlayer brings together secure access and advanced threat protection in a single, seamless platform. It helps your team spot suspicious activity before it becomes a problem by blocking malicious links and scanning downloads in real time, preventing malware from reaching your network. It's quick to deploy, easy to scale, and built on zero trust principles so only the right people get access to the right resources. Get 28% off on a yearly plan at Nordlayer.com cyberwire daily with code CYBERWIRE28 that's nordlayer.com cyberwire daily Code CYBERWIRE28 that's valid through December 10, 2025. Most environments trust far more than they should, and attackers know it. ThreatLocker solves that by enforcing default deny at the point of execution. With Locker Allow listing, you stop unknown executables cold. With Ring Fencing, you control how trusted applications behave. And with Threat Locker DAC defense against configurations, you get real assurance that your environment is free of misconfigurations and clear visibility into whether you meet compliance standards. Threat Locker is the simplest way to enforce zero trust principles without the operational pain. It's powerful protection that gives CISOs real visibility, real control, and real peace of mind. ThreatLocker makes zero trust attainable even for small security teams. See why thousands of organizations choose ThreatLocker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo@threatlocker.com N2K today.

D (10:17)

Joining me once again is Tim Starks.

B (10:18)

He is a senior reporter at cyberscoop.

D (10:21)

Tim, welcome back.

E (10:22)

Thanks for having me back.

D (10:24)

So very interested to read your coverage of some comments from National Cyber Director Shawn Cairncross about some upcoming plans from the Trump administration when it comes to.

B (10:36)

Cyber what do we got here? Tim?

E (10:38)

Yeah, it feels like they're moving pretty early on compared to the Biden administration, certainly on putting out a national cybersecurity strategy under this second Trump administration, the Draft is complete, according to Brett Leatherman, who's a top FBI official. He says that's been circulated to him. You know, Sean, Ken Cross said it's been circulated to the interagency. So it's not just the FBI from here to when the actual strategy is released is vague. You know, this is where it got hung up in the Biden administration as this interagency process. But he's talked about there are six pillars. He didn't say what all six pillars were. He did say what two of them were, and he hinted at two more.

D (11:14)

Okay, go on.

E (11:17)

So two of them are, you know, what the administration, I think, is trying to put out there is sort of its signature cyber difference maker, which is we're going to impose costs on adversaries in a way that we haven't seen before. We're going to make it so that the signal is sent. You're not allowed to do some of these things you've been doing to us in cyberspace. I think that's the big one. Second one is public private partnership. We've heard this before, but to get a little bit more specific, and by before, I mean my entire life partnership. But tweaking it. You'll recall the Biden administration, their sort of big signature thing was, let's shift the burden on who's responsible for protecting people in cyberspace. In their case, it was the private sector was a big part of that. This administration is saying, too many regulations. We need to do something about that. There's some bipartisan sentiment that the regulations have been a little too hasty and that they've been conflicted. They're going to say, we're going to spell out what we expect for each critical infrastructure, sector by sector of the private sector. And then the ones that were hinted at were enhancing the cyber workforce. That's something that's going to be interesting to see, considering how much this administration has done to essentially get rid of a significant portion of the cyber workforce with all the changes they've been making. And then the other is modernizing federal government security, modernizing the technologies that government uses to protect itself, launching some pilot programs for new technologies, speeding up procurement, testing technologies at the national labs. A little bit more skin on the bone than we've seen from Sean Karen Cross on this to date. There have been a little bit of hints that he's trickled out about this, and now they're trickled out even more. It feels like it's starting to get a little bit more concrete.

D (13:14)

I always feel like those modernizing programs are kind of like painting the Golden Gate Bridge when you start on one end and by the time you get to the other, it's time to go back to the, to the other end and start all over again, you know.

E (13:27)

Yeah, it's true. And I, and I, you know, to Sean's credit, I think he seems aware of that. You know, the idea of trying to speed up procurement, I mean, certainly one of the issues with modernizing federal government infrastructure is that. Yeah, it's, by the time you put it in place, it's already, it's already obsolete. So how do you, how do you get around that? So it seems like he's at least trying to tackle that, that question that you're raising.

D (13:52)

Yeah. And speaking of deterrence or imposing cost, I mean, I think it's fair to say that that very much tracks with sort of broader policy trends within the Trump White House.

E (14:06)

Yeah. This is something that we've heard from more than just Shawn Cairn Cross, and we've heard it from Alexei Blizzell, who is the top NSC official. We've heard this from CISA officials. We've heard it from basically the entire administration, except for, and this is something going back to a story I wrote, a coup couple weeks ago, except for the President himself. Interestingly, you know, there's been a lot of talk about deterrence, talking about salt typhoon and that espionage campaign. When the president himself gets asked about cyber attacks, and again, let's be careful about how we use that word because a lot of people would say salt typhoon, what they were doing was not a cyber attack, it was espionage. And that's different. We can go back and forth, round and round. This is an age old debate in the cyber world. But the president's response when he's heard, when he's been brought up about salt typhoon or like the Russian campaign, the alleged Russian campaign against the US Courts that we've been hearing about in recent months, his response has been, yeah, you think we don't do that? Yeah, we do that too. We're better at it. So the idea of deterring cyber espionage is one that we've been hearing from administration officials under Trump, But Trump himself has been kind of shrugging his shoulders at the idea that that's even something worth noting.

B (15:22)

Yeah.

D (15:23)

The other thing that you alluded to that interests me is this notion of building up the cyber workforce amongst the feds. And we've seen folks from CISA talking about 2026 being a year of building up. And in the past year, everything We've seen with Doge and the ongoing kind of adversarial attitude towards certain CISA tasks. Is that a fair way to say it? Like, it's just, it's. I'm sitting back and waiting to see how this is going to play out in 26. How about you?

E (16:01)

I am, too. I mean, you know, I've been talking to some folk in that area, let's say, without revealing too much. And, you know, morale is terrible at the agencies, from what I've heard, that are working on cyber issues. I mean, Nick Anderson, who's at cisa, has talked about how great morale is, but that's not a lot of what I'm hearing. If you're a federal government employee in general right now, the people who I know who work in federal government, who still have their jobs are really just kind of hanging on until they can find something different or until they hit retirement age. We had a story that we wrote about people who might want to work for the federal government in the future under the Cyber Corps program. Those people are dispirited about the idea of going to work for the federal government.

D (16:49)

Now.

E (16:50)

There are not a lot of openings. We've heard more about the administration wanting to cut personnel even more across the federal government. It starts to get difficult to imagine who would want to take these jobs who don't already have them, because not only is there a shrinking availability, but, you know, there's the shutdowns that happen that are, that are morale crushing. Why would you want to go work for the federal government, especially in cyber, where you, you could have a really good paying job in the private sector? So the, the public, the public service element of it has been weakened. That's always been an appeal for the workforce. Let's go, let's go work for the government. Let's go help people. But if you're treated like an adversary, is that something you want to do? And those are some big questions. How do you incentivize these things? I mean, Sean talked about the idea of reaching out to vocational schools. That's something we actually heard from the prior national Cyber Director. That's a very different situation in terms of the idea of federal government service right now than it was under that administration?

D (17:57)

Yeah. How are you going to incentivize the, the best of the best who, even if they have a true interest in public service. My recollection and understanding is that a federal job, a government job, you might not have been paid as much. It might not have been as glamorous, as exciting, as in the private sector. But part of it was security, the fact that you knew you'd have a job and get a paycheck. And that's not so certain anymore.

E (18:25)

Yeah, I think that that then starts to narrow the pool of people. One pool of them is the highly desperate, sadly to say, and the other pool is the true believers of the MAGA cause. And how much do we know? And I don't know the answer to this question. I'm not raising it because I'm implying anything, but how much overlap do you have between people who have cyber skills and are desperate and cyber skills and who are right wing true believers? I don't know what that nexus is. And that raises open questions about who would want to come do it. And those are the two pools. And I don't know that we know what the level of cyberskill is in those communities.

D (19:11)

Well, your reporting here closes with a quote from Sean Cairncross about his desire to kind of shop this around before just dropping it on people generally. Good response from other folks in government of that approach.

E (19:30)

I think people are impressed by his overall approach in terms of what he's actually using. The word he used, socialized. I don't know that it's a very close hold. Naturally, I've been asking people about what they've seen. But one thing I think is surprising and it seems like I'm being very skeptical of what's going on here. That's my job partially. But also you and I talked long ago when Sean Cairncross was picked for this job and there were a lot of people who were shrugging their shoulders and wondering what kind of job he was going to be able to do. As someone who didn't have virtually any cyber experience, he's impressed a lot of people on both the left and the right with his approach. He seems like he's done his homework. He seems like someone who is approaching these things carefully and thoughtfully is what a lot of the feedback is about his role. And so I think people are impressed by how he's going about this. I think that the questions come in about even if he approaches it well, how good of a job can he do under the circumstances of this administration?

D (20:36)

Yeah. All right, well, Tim Starks is senior reporter at Cyber Scoop.

B (20:40)

We will have a link to his.

D (20:42)

Reporting in our show Notes. Tim, thanks so much for joining us.

E (20:45)

Thanks for having me.

C (21:00)

At Talas, they secure what matters most. The most trusted companies and organizations utilize Thales cybersecurity products to protect critical applications, sensitive data and identities. Anywhere at scale. Through their innovative services and integrated platforms, Thales provides customers a greater visibility of risks, the ability to defend against cyber threats, close compliance gaps, and deliver trusted digital experiences for billions of consumers every day. That's Talas T H A L E S learn more@cpltalasgroup.com.

F (21:49)

Give Big save big with RAC Friday deals at Nordstrom RAC for a limited time, take an extra 40% off red tag clearance for a total Savings up to 75% off. Save on gifts for everyone on your list from brands like Vince Cole, Han, Sam Edelman and more. All sales final and restrictions apply. The best stuff goes fast, so bring your gift list and your wish list to your nearest Nordstrom rack today.

A (22:20)

And for our last story today. Well, if you thought the holiday season was only stressful for shoppers or think again. It turns out that cyber criminals are also making their lists and checking them twice, according to the latest Semperis ransomware risk report. Attackers love striking when we're distracted. Weekends, holidays, mergers, acquisitions. Basically, anytime your SoC is running on half power. With 78% of companies slashing sock staffing during off hours, attackers basically get the run of the house. And while organizations are distracted, shoppers aren't doing much better. Pre Crime labs says that threat actors are rolling out holiday themed phishing domains like their wrapping paper. More than 1,700 suspicious sites popped up before December even started, with Halloween and Black Friday scams spiking into the triple digits. Fake luxury stores, crypto seasonal tokens, travel deals to zombie festivals. Well, if it sounds festive, if zombies can be festive, someone is weaponizing it. And if you are bargain hunting on your phone, there's one more stalking stuffer for you. Privacy risk Yep, an analysis of top Black Friday apps found that they request an average of 29 permissions. Eight of them are considered dangerous, by the way, and dozens were not exactly truthful in their privacy policies. Big surprise, some apps said that they don't access your location while absolutely accessing your location. So whether you are in the boardroom or in the checkout line, remember that the holidays may slow us down, but they speed cybercriminals up. So stay merry and just stay alert too. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of our podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like this show. Please share a rating and review in your podcast podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our producer is Liz Stokes. We are mixed by Elliot Peltzman and Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Maria Varmazes in for host Dave Bittner. Thank you for listening. We'll see you tomorrow.