Tim Starks (13:51)

Foreign.

Dave Buettner (13:59)

Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try delete me. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com N2K and use promotion promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. It is always my pleasure to welcome Back to the show, Tim Starks. He is senior CyberSecurity reporter at Cyberscoop. Tim, welcome back.

Tim Starks (15:21)

Hey, how are you doing, Dave?

Dave Buettner (15:23)

I am doing well, thanks. I wanted to take this opportunity to kind of key off of two recent articles that you wrote for cyberscoop, one of the more recent than others. But I wanted to start with an interview that you did not too long ago with Harry Coker, who is the outgoing National Cyber Director. And I thought there were some really interesting insights that came from that interview. I was hoping you could kind of fill us in on some of the things you learned.

Tim Starks (15:52)

Yeah, thanks. I talked to him just as he was about to leave office, and we really covered a huge waterfront. He did. I think one of the things that if you talk to enough government officials and ask them, does your office have enough authorities? They will always say, yes, we have enough. But I think the fact that he was on the way out maybe made him say, actually, maybe we probably do need to have a little bit more of an active role. You know, it's an organization that is a White House organization, essentially, but there's also the National Security Council, and they have their own prerogatives and their own powers. And he was making the case that, hey, we're ready to. We're ready to take more of a lead, is what he was saying. He wasn't badmouthing the nsc. It was just. That was just one point he made. He's like, we can take a stronger role on certain things. And one example that he gave of something he wishes he could have had a stronger role in was the legislation that would have said, listen, Office of National Cyber Director, you will have a leading role in deconflicting cybersecurity regulations and making them harmonize a little bit more closely from agency to agency, sector to sector. So that was an example of a concrete way in which I could change. We talked about everything under the sun. It felt like everything that his office does and what he still thinks are the biggest outgoing threats, what hasn't been solved and still has to be solved more. We could go almost anywhere with this. Dave.

Dave Buettner (17:22)

Well, I mean, it's a remarkable interview, which is why I wanted to highlight it. It's an interesting moment in time that you captured, as you say, it's an opportunity for him to both look back and look forward. We touched a little bit about on the looking back, but I'd love to dig into that a little more. I mean, what are some of the things that he expressed as being achievements and were there More areas that he felt like they just sort of ran out of time or maybe they could have done better.

Tim Starks (17:52)

Yeah, I think he was. There was a speech he gave that kind of coincided with this. And I think on the side of things that he thinks that going forward still needs to happen. And this is not necessarily just an ONCD thing, just using the acronym for his office. There's just not enough money going out on funds to help state, local, tribal, territorial governments. That was an area that just. He just doesn't think there's quite enough money. And so it's not just money, but it's also, you know, capability and personnel. All those things, of course, go relate to money. He liked the idea of ONCD teaming up with the Office of Management and Budget to give not just budget guidance, but guidance, direction, something a little bit more concrete to say, hey, this is something. If you look at what we do now, that's great, but we need to be having a more muscular role in that. As far as stuff that he thought that they did good or that they were doing well and could cite his accomplishment, he was of the mind that. Well, the writing of the National Cyber Security Strategy and then implementing it. You and I have talked about that strategy numerous times and how remarkable it was compared to other strategies. There's a lot of work that they've done on trying to get agencies to improve secure Internet routing, trying to get memory safe, coding language out there, trying to make everything secure by design, which is something that the CISA office has done a lot of work on as well. So there's a number of areas where he thought they had made some concrete difference and essentially said, yes, this office is worth having.

Dave Buettner (19:34)

Beyond that, I mean, you know, sitting across from him, what was your impression of his state of mind? You know, how he was feeling about the legacy that he leaves behind with the agency.

Tim Starks (19:47)

Yeah, he's an interesting guy that I don't know how much you had talked to him before he ever or anybody much really had talked to him before he took this role. So it was a little bit of a mystery box about what we were going to get out of him. I think he had a very interesting approach to things, and his idea was, we want to tackle the hard problems. And when you tackle the hard problems, you're not always going to win. You're not always going to get everything you want. And he had said that repeatedly. I want to tackle the hard problems. I want to tackle the hard problems. The quote at the end of the story where he talks about what was fun in the job. He said it was getting beaten up with friends and colleagues, trying to do the right thing. So it's just a fascinating approach to thinking, oh, I'm going to go through the wringer. It's going to be a bad thing that's going to happen to me. But it's going to be fun because we're going to be working on it. It's going to matter. And I think he, you know, I think he had a certain amount of peace of mind, even under those circumstances. He says, yes, I didn't win everything. But he knew he wasn't going to win everything. And I think that made it so he was a little bit at peace with whatever he got done.

Dave Buettner (20:51)

Well, pivoting to an article you published recently, this is about President Trump making his choice for national cyber director. Who's in line here?

Tim Starks (21:01)

Tim, this is another interesting pick. You might recall that at the time when they picked Harry Coker, he was a little bit out of the blue. I mean, I'd been hearing his name for a few weeks and eventually broke the story that he was going to be the pick. But what was interesting is that when he got picked, a lot of people said this guy doesn't have very much labor experience. And if you look at Sean Ken Cross, the pick for Trump, he has almost none. Coker had some for sure, and he worked at the nsa. He's a lifelong national security guy. Sean had a little bit of time in the White House where he intersected with national security. And other than that, there's just not a lot of cyber in his background. And even national security is not necessarily cyber security. So we don't really know the degree to which he has cyber experience. He worked in a, you know, he did sort of a foundation, he kind of fellowship job where he talked about emerging tech. And he has been an advisor to companies that are in the tech space. He was the chief operating officer, I think, twice at the RNC where, you know, I, I'm not making this up, Dave, but when I typed his name in to the Internet, just doing basic Google fuzz, I then also typed his name in Ann Cyber. And I got one link, one link.

Dave Buettner (22:28)

When does that ever happen?

Tim Starks (22:29)

No, I know it was him saying in 2016 that a Republican congressman saying that the RNC had been hacked was incorrect. That's it. So he's an interesting pick for that reason. And if you want to be more generous minded about what that could mean, I made this comparison to my editor recently. My editor right now, Greg Otto, is Someone who, who has a, has covered cyber security for a long time and gets it. Yeah, but I've had editors who don't know much about cyber security and don't, don't think much about it. And they bring a different perspective. They bring a different way of approaching the problem and approaching the way you write stories about it. So the fact that he is an attorney by training, you know, you can look that as a positive for how people conquer go after problems. The fact that he seems to be someone who's trusted by the Trump administration based on the fact that when he, when they made changes at the rnc, this was one of the guys they brought in to make those changes. And the fact that he's going to be maybe looking at it a little bit more fresh eyes than people who have been looking at it for a long time and are seasoned vets like me and you. You know, there's, there's, there's a potential that that could be an interesting thing, but it is, it is noteworthy that how little cyber experience there is in this and the person who's going to have, you know, what Congress intended. I almost hate saying this phrase, but they use it a lot. One throat to choke on cyber. The one person to go to when something was going on in cyber. So it's fascinating that someone has so little experience on this.

Dave Buettner (23:52)

Yeah, like you said, I mean, I suppose charitably you could say that he has a good amount of leadership experience that he brings to the job. So that, and as you say, loyalty, I think, are priorities for, for this administration.

Tim Starks (24:08)

Definitely. Definitely. You know, if you, if you were looking to pick somebody with cyber experience who had loyalty, you could have, you could find that. But they pick, they picked this man. And I'm not denigrating or judging or saying anything nice about the pick, for that matter. It's just, it is a fascinating dynamic that if you look at the number of people who served in this administration last time, who would like to serve in this administration this time, that you have cyber experience who could have taken this job on that exists, but instead they chose someone who, and by the way, who also are Trump adherents. People who like Trump and want to work for Trump.

Dave Buettner (24:44)

Right.

Tim Starks (24:45)

They, they nonetheless pick someone here who has less experience. And you could wonder whether this means that they're going to de. Emphasize the office. That's another potential way to interpret this. There's a lot of ways to interpret it. It's one of those kind of like, you know, Trump kind of classic Trump curveballs of like, okay, where did this come from? What's this gonna lead to? And we're far ways off from finding out what the actual goal of this was and what the outcome will be, to say the least. Yeah, well, he's got the nomination, but he's gotta be Senate confirmed. That's probably months away or a month or two at minimum. So it's gonna be a long ways away for us to find out what was really going on here, I think.

Dave Buettner (25:23)

Yeah, well, as we so often like to say, time will tell.

Tim Starks (25:27)

Yes, always.

Dave Buettner (25:30)

Tim Starks is senior at cyberscoop. Tim, thanks so much for joining us.

Tim Starks (25:35)

Thank you, Dave.

Zscaler Representative (25:50)

And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever. With AI tools, it's time to rethink your security. Zscaler Zero Trust+AI stops attackers by hiding your attack surface, making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.

Samsung Representative (27:06)

I can say to my new Samsung Galaxy S25 Ultra hey, find a keto friendly restaurant nearby and text it to Beth and Steve. And it does without me lifting a finger so I can get in more squats anywhere I can.

Dave Buettner (27:18)

1, 1, 2, 3 will that be cash or credit?

Tim Starks (27:23)

Credit.

New York Times Contributor (27:23)

4 Galaxy S25 Ultra the AI companion that does the heavy lifting. So you can do you get yours@samsung.com compatible with select apps. Requires Google Gemini account results may vary based on input. Check responses for accuracy.

Dave Buettner (27:42)

And finally, let's be honest, most of us spend more time online than in real life. But what happens to all that digital baggage when we log off for good? Estate planning usually focuses on money, property and who gets grandma's antique clock. But what about your social media, emails and cloud stored cat photos? If you don't leave instructions, your loved ones might be stuck navigating a bureaucratic nightmare of forgotten passwords and locked accounts. A handy guide from The New York Times suggests you start by creating a digital directive, a simple document outlining who gets access to your online accounts and what should happen to them. Keep your credentials in a secure password manager or an old school notebook. Just don't tape it to your monitor. And don't forget to assign a legacy contact for Apple, Google and Facebook, because if you don't, your profile could end up as a haunting reminder or worse, a playground for hackers. So plan ahead and save your loved ones the headache. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

Tim Starks (30:06)

Sa.