Patching can't wait. - CyberWire Daily

Summary7 min read

CyberWire Daily — "Patching Can't Wait."
Date: April 6, 2026
Host: Dave Bittner (N2K Networks)

Episode Overview

This episode covers pressing cybersecurity news, with a focus on urgent vulnerabilities requiring immediate patches, evolving threats from scammers and nation states, workforce challenges, AI's growing impact, and insights from industry leaders. The program also features in-depth interviews: Kevin McGee of Microsoft for Startups discusses trends and guidance for cybersecurity entrepreneurs, while analyst Ali Mellon explores the realities of nation-state cyber operations from her new book. The episode wraps with a light-hearted note on Microsoft Copilot's “entertaining” terms of use.

Key News Highlights

1. Fortinet Urgent Vulnerability Patch

[00:48–02:15]

Issue: Fortinet released an emergency hotfix for a critical vulnerability in FortiClient EMS impacting multiple versions; attackers are already exploiting it.
Nature of Flaw: Unauthenticated attackers can execute code via crafted requests due to improper access control.
Exploitation: Zero-day exploitation observed; over 2,000 servers exposed per Shadow Server.
Impact: Unpatched management servers risk rapid enterprise compromise.
Action: Fortinet urges immediate patching.
- Quote: “Fortinet urges immediate hotfix installation or upgrading to the latest version.” — Dave Bittner [01:42]

2. Major Outage in Russian Banking

[02:16–03:42]

Incident: Widespread outage crippled Russian banking apps, card payments, and ATM withdrawals, affecting regions like Moscow.
Affected Banks: Sberbank, VTB, Alfa Bank, T Bank, Gazprom Bank.
Consequences: Metro turnstiles stopped accepting cards — staff had to manually pass passengers.
Possible Causes: Could be linked to regulator blocks or Sberbank internal failure.
Broader Issue: Centralized infrastructure increases systemic disruption risk; incident reflects growing Russian internet regulation.

3. Cybersecurity Workforce Skills Gap

[03:43–05:16]

Findings: The SANS Institute and GIAC report workforce issues are shifting from raw staffing shortages to critical skills gaps now directly causing breaches.
- 60% of organizations lack necessary capabilities.
- 27% link breaches to skills gaps.
- 74% of teams feel AI is reshaping workforce structure.
Regulatory Pressure: Jumped from influencing 40% of hiring to 95% in a year.
Impacts: Delayed projects (57%), slower incident response (47%), technology adoption hindered (42%).
- Quote: “Workforce capability gaps now represent a direct security risk, especially in critical infrastructure environments, the report warns.” — Dave Bittner [04:30]
Advice: Prioritize training, certification, AI governance.

4. CyberCorps Scholars Struggle to Find Federal Jobs

[05:17–06:16]

Issue: Many scholarship recipients can't secure required federal cybersecurity roles amid fewer agency job openings and post-freeze hiring reductions.
Risk: Students may be forced to repay large scholarships if they can’t get jobs within 18 months.
Trend: Some graduates consider private sector; potential long-term impact on federal cyber workforce.

5. QR Code Phishing Scams

[06:17–07:07]

Threat: Scammers impersonate state courts, send QR code scams for fake traffic violations.
Mechanism: Messages urge victims to scan a QR code and enter info into a fake agency site.
Reach: Campaigns hit multiple U.S. states; helps criminals evade detection, harvest credentials.
Warning: State agencies do NOT collect payments by text.

6. Lawsuit over AI Chat Data Privacy

[07:08–08:03]

Development: Proposed class-action lawsuit accuses Perplexity of sharing sensitive user AI chat data (including financial, health info) with Google and Meta via ad trackers, even in incognito mode.
Coverage: Chats between Dec 2022 – Feb 2026.
Risk: Highlights privacy issues of conversational search tools.

7. Cambodia Outlaws Online Scam Centers

[08:04–09:01]

Action: New law penalizes operators with 2-5 years in prison, $125k fines; harsher penalties for organized crime.
Scope: Targets laundering, data harvesting, recruitment linked to scams.
Context: Southeast Asia is a major cyber fraud hub; international pressure for action.

8. Physical Crypto “Wrench Attacks” in California

[09:02–10:02]

Incidents: Series of violent home invasions targeting crypto holders in San Francisco, San Jose, Sunnyvale, and L.A.; attackers sometimes pose as delivery drivers.
Example: One victim lost $13M in crypto after being threatened.
Comment: “Wrench attack” refers to XKCD’s “$5 wrench” comic about physical coercion defeating sophisticated security.

9. Enterprise & Investment News

[10:03–13:38]

Investments:
- Census: $70M for global expansion.
- Above Security: $50M for insider risk.
- Variants: $21.5M for AI agents in finance.
Acquisitions:
- Airbus acquires Ultra Cyber (sovereign cyber).
- Rapid7 acquires Kenzo Security (AI detection).
- Databricks acquires Antimatter & Sift D AI (AI authentication and analytics).
Trend: Focus on agentic AI security, zero trust, and automation-heavy architectures.

Featured Interview: Kevin McGee, Microsoft for Startups

[15:22–25:06]

Emerging Trends for Cybersecurity Startups

Navigating Ecosystems:
- Startups partnering with hyperscalers (Microsoft, AWS) need organizational “scaffolding” and scale.
- Even Microsoft insiders can’t keep up with the pace of new products.
- Quote: “It can be very difficult sometimes to figure out and navigate Microsoft. I often find out about new products we’re releasing from customers because we’re doing so many different things and releasing so many things so quickly.” — Kevin McGee [15:40]
Finding & Supporting Startups:
- Prep work before conferences is key to finding innovative, often under-the-radar startups.
- Startups seldom have big booths; introductions and research are critical.
Microsoft’s Startup Programs:
- Multiple tiers—anything from “two folks in a dorm room” to enterprise growth support.
- Historical note: McGee himself used Microsoft’s BizSpark program as a founder in the 1990s.
- Quote: “It was not just access to the software … it was the access to customers, the support, the brand association.” — Kevin McGee [18:07]
Dominant Themes: AI, Agentic AI:
- AI is everywhere—if you’re not showing an AI angle, “you’re not even allowed in the door.”
  — Kevin McGee [19:18]
- Predicts “lagging surge” of startups that build solutions to problems AI adoption creates.
- Cites major acquisitions (Wiz) as end of one era and start of another.
Advice to Cybersecurity Startups:
- Know if you’re building a feature or a product; focus on the ideal customer profile (ICP).
- “Do things that don’t scale at first to learn … whoever learns faster wins.”
- Quote: “Are you building a feature or product? … Know your ideal customer profile. … The best companies are teams.” — Kevin McGee [20:40–23:55]
Common Pitfalls:
- Avoid vague pitches—get to the point, show the demo, deliver the “aha moment.”
- Quote: “Every pitch is not about a VC pitch … What problem are you solving? … Show me the demo, show me the POV.” — Kevin McGee [22:11]
Team Matters:
- Investors bet on teams with real entrepreneurial experience; co-founder teams are stronger.
Startup Support from Microsoft:
- Brand association, access to enterprise customers, platform support.
- Microsoft prefers a partner-first approach; only builds when partnership is unavailable.

Featured Interview: Ali Mellon, Author of "Code: How Nations Hack, Spy, and Shape the Digital Battlefield"

[25:50–30:42]

Key Insights on Nation-State Cyber Operations

Myth-busting:
- Nation-state cyber threats aren’t just targeted at largest organizations; small businesses are often used as attack vectors (e.g., NotPetya via Ukrainian tax software).
- Quote: “The supply chain is everything … The scale that you can get with those attacks is everything.” — Ali Mellon [26:15]
Most Dangerous Misconception:
- Belief that “it won’t happen to me,” especially among SMBs.
- Everyone’s connected; everyone’s at risk.
National Identity in Cyber Activity:
- Cyber operations reflect doctrine, culture, even social contracts.
- U.S.: Quiet, clandestine ops—expectation to act discreetly.
- Russia: Overt, bombastic attacks—competition for attention from leadership.
- North Korea: Cyberattacks for resource generation (cryptocurrency).
- Quote: “In Russia … everyone is vying for some type of attention from Putin, it makes it so much more difficult to execute … attacks in a coordinated way.” — Ali Mellon [28:23–30:42]

Closing Note: Microsoft Copilot’s Entertaining Terms of Use

[32:04–32:40]

Observation: Copilot’s terms plainly say it’s for “entertainment purposes,” may fail spectacularly, and isn’t to be trusted with serious decisions.
Industry-wide Caution: Comparable disclaimers reinforce that even pro-tier AI tools shouldn’t be blindly trusted.
Quote: “AI assistants can be useful, occasionally impressive and confidently wrong in equal measure. As the great philosopher Tom Waits stated, the large print giveth and the small print taketh away.” — Dave Bittner [32:28]

Notable Quotes & Moments

On startup growth:
- “If you sold to just Midwest credit unions and you own that market, that’s a great base to build from.” — Kevin McGee [21:35]
On myth-busting cyberwar:
- “You strip away the mythology about cyber war … it’s not chaotic, mysterious, or driven by shadowy geniuses.” — Ann Johnson [25:50]
On supply-chain risk:
- “The supply chain is everything. It is the way in for so many threat actors …” — Ali Mellon [26:15]

Timestamps for Key Segments

| Segment | Time | |-----------------------------|----------------| | Fortinet Emergency Patch | 00:48–02:15 | | Russia Banking Outage | 02:16–03:42 | | Workforce Skills Gap | 03:43–05:16 | | CyberCorps Job Struggles | 05:17–06:16 | | QR Code Phishing | 06:17–07:07 | | AI Data Privacy Lawsuit | 07:08–08:03 | | Cambodia Scam Crackdown | 08:04–09:01 | | Crypto Wrench Attacks | 09:02–10:02 | | Business/Investment News | 10:03–13:38 | | Interview: Kevin McGee | 15:22–25:06 | | Interview: Ali Mellon | 25:50–30:42 | | Microsoft Copilot Terms | 32:04–32:40 |

Summary Tone

Factual and engaging, with a steady delivery of news and commentary that blends urgency (patch vulnerabilities now!), real-world insight (startups, skills gaps), and wit (AI “entertainment purposes only”).

This episode is a must-listen (or read) for professionals seeking the latest in cyber risk, guidance on startup challenges, industry investment trends, and nuanced analysis of global cyber threats.

Loading summary

Transcript57 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K.
[00:14]
Narrator/Host
No, it's not your imagination. Risk and regulation really are ramping up, and these days customers expect proof of security before they'll even do business. That's where Vanta comes in. Vanta automates your compliance process and brings compliance, risk and customer trust together on one AI powered platform. So whether you're getting ready for a SoC2 or managing an enterprise governance risk and compliance program, Vanta helps keep you secure and keeps your deals moving. Companies like Ramp and RYTR spend 82% less time on audits with Vanta. That means less time chasing paperwork and more time focused on growth. For me, it comes down to this. Over 10,000 companies, from startups to large enterprises, trust Vanta to help prove their security. Get started@vanta.com cyber. Fortinet releases an emergency update for a critical vulnerability A major outage disrupts Russian banking apps A new report highlights critical skills gaps Cyber Core Scholars struggle to secure jobs Scammers use QR codes in fake traffic violation schemes A proposed lawsuit accuses perplexity of oversharing users AI transcripts Cambodia outlaws scam centers Scammers impersonate Harvard IT staff with wrench attack Threats of violence Life imitates Art Kevin McGee from Microsoft for Startups describes emerging trends on our afternoon cybertea segment with Ann Johnson speaks with Ali Mellon about her new book Code How Nations Hack, Spy and Shape the Digital Battlefield. And users find CoPilot's terms of use highly entertaining. It's Monday, april 6th, 2026. I'm dave bittner and this is your cyberwire intel brief. Thanks for joining us here today. It's great as always to have you with us. Fortinet has released an emergency update for a critical Forta client enterprise management server vulnerability that attackers are already exploiting in the wild. The improper access control flaw lets unauthenticated attackers execute code through crafted requests. The issue affects multiple forticlient EMS versions. Researchers observed zero day exploitation in the past few days. Shadow Server reports more than 2,000 exposed instances online. Exposed management servers can enable rapid enterprise compromise. Fortinet urges immediate hotfix installation or upgrading to the latest version. A major outage disrupted banking apps and card payments across Russia, blocking transactions, ATM withdrawals and transit fares in several regions, including Moscow. The incident affected major banks including Sberbank, vtb, Alfa Bank, T Bank and Gazprom Bank. Metro turnstiles reportedly stopped accepting cards, forcing staff to allow passengers through. The cause remains unclear. Some reports link the disruption to Internet regulator Razkamnazdor blocking infrastructure addresses or VPN services, while officials reportedly cited an internal Sberbank failure. Sberbank confirmed the outage but did not explain the cause. Centralized payment infrastructure can create systemic disruption risk. The incident also reflects tightening Russian Internet controls, including proposed whitelist access restrictions during disruptions. A new report from the SANS Institute and GIAC finds the cybersecurity workforce crisis is shifting from staffing shortages to critical skills gaps that are already contributing to breaches. About 60% of organizations report their teams lack necessary capabilities, while 27% link breaches directly to those gaps. Regulatory pressure influencing hiring surged from 40% to 95% in one year. At the same time, 74% of teams say AI is reshaping workforce structure, including some entry level roles, while increasing demand for AI security specialists and governance expertise. The report also finds workforce strain is slowing operations. About 57% of organizations report delayed projects, 47% report slower incident response and 42% say skills gaps limit monitoring and technology adoption. Only 19% consider their teams fully skilled. Workforce capability gaps now represent a direct security risk, especially in critical infrastructure environments, the report warns. Organizations must prioritize structured training, certification and AI governance to maintain operational resilience as regulatory demands and automation reshape cyber roles. Cyber Corps scholarship recipients are struggling to secure required federal cybersecurity jobs, raising concerns about a weakening talent pipeline into government service. At a recent Virtual Cyber Corps career fair, only about 40 agencies participated, down from more than 75 typically attending in person. Many agencies lacked cybersecurity openings or directed applicants to USA Jobs. Instead, scholars must secure qualifying roles within 18 months or risk repaying scholarships that can total hundreds of thousands of doll. Some graduates now report considering private sector jobs amid limited entry level federal opportunities and lingering effects from last year's hiring freeze and workforce cuts. CyberCorps has long supplied early career cybersecurity talent to federal agencies. Reduced hiring access could undermine workforce development and discourage future public service participation. Despite continued policy emphasis on expanding cyber capacity, scammers are impersonating state courts in new text message campaigns that pressure recipients to scan QR codes tied to fake traffic violation notices. The messages claim recipients owe $6.99 for unpaid toll or parking violations and include images of alleged court warnings. Scanning the QR code redirects victims through a captcha to phishing sites impersonating state agencies where attackers collect personal and credit card data. Reports span multiple states, including New York, California and Texas. QR code delivery helps evade detection and enables credential theft at scale state agencies warn they do not request payments by text message. A proposed class action lawsuit alleges perplexity shared users AI chat transcripts, including sensitive personal information with Google and Meta without users knowledge or consent. The complaint claims prompts, follow up questions and full conversations were transmitted through advertising trackers such as Meta, Pixel and Google Ads, even when users enabled Incognito Mode. The lawsuit alleges financial and health related queries were exposed and says non subscribed users faced broader sharing risks. The case covers chats from December 2022 through February 2026 and accuses the companies of failing to disclose tracking practices. Undisclosed sharing of AI chat transcripts could expose sensitive research behavior and personal data at scale. The lawsuit highlights growing privacy risks as users increasingly rely on conversational search tools. Cambodia has passed its first law specifically targeting online scam centers, introducing prison sentences and fines for operators as authorities expand a nationwide crackdown. The legislation sets penalties of two to five years in prison and fines up to $125,000 for online scam offenses, with harsher penalties for gang activity or large scale victimization. The law also targets money laundering, data harvesting and recruitment tied to scam operations. Officials say the measure supports a broader campaign to dismantle hundreds of suspected scam sites following international sanctions and criticism. Southeast Asian scam compounds have become a major source of global cyber enabled fraud. Formal critical statutes may strengthen enforcement and signal increased regional pressure on organized fraud networks. Harvard University is warning affiliates about an active social engineering campaign in which attackers impersonate IT staff to steal login credentials and sensitive data. Officials say attackers are directing targets to fraudulent websites or urging them to join live calls to capture credentials. The alert follows similar activity reported at the University of Pennsylvania and comes after recent phishing and breach related incidents affecting Harvard systems. Targeted impersonation attacks can bypass technical defenses by exploiting user trust. Harvard urges affiliates to avoid unsolicited IT contacts and report suspected activity immediately. A series of violent wrench attacks targeting cryptocurrency holders in San Francisco, San Jose, Sunnyvale and Los Angeles has raised concerns about physical threats tied to digital asset theft. In one case, attackers posing as delivery drivers forced entry into a San Francisco home and stole about $13 million in Bitcoin and Ethereum after threatening the victim. Investigators believe suspects sometimes accessed victims delivery accounts to obtain addresses. Authorities arrested multiple suspects linked to several incidents, though investigators, including the FBI, suspect higher level organizers may be involved. Cryptocurrency's irreversible transfers can make holders attractive targets for coercion based theft, expanding cyber risk into the physical domain. Wrench attack, by the way, refers to the famous XKCD comic, which we will link in the show. Notes Turning to our Monday business briefing, recent cybersecurity investment and acquisition activity reflects continued momentum around artificial intelligence, insider risk and platform consolidation across the sector. Census raised $70 million to support global expansion, while Above Security emerged from stealth with $50 million for insider risk capabilities. Variants secured $21.5 million to expand investigative AI agents for financial institutions. On the acquisition side, Airbus agreed to acquire Ultra Cyber to strengthen sovereign Cyber capabilities, and Rapid7 acquired Kenzo Security to advance AI driven detection and response operations. Databricks also acquired Antimatter and Sift D AI to enhance authentication and threat analytics for AI systems. Investment and consolidation activity increasingly centers on agentic AI security, Zero trust, networking and compliance driven platforms, signaling a shift toward automation heavy security operations architectures. Be sure to check out our complete business briefing that's part of Cyberwire Pro and it drops every Wednesday on our website. Coming up after the break, Kevin McGee from Microsoft for Startups describes emerging trends on our afternoon cyber tea with Ann Johnson.
[13:39]
Ann Johnson
Anne speaks with Ali Mellon about her
[13:41]
Narrator/Host
new book Code How Nations Hack, Spy and Shape the Digital Battlefield and users find CoPilot's terms of use highly entertaining. Stay with us.
[14:07]
Ann Johnson
Maybe that's an urgent message from your
[14:09]
Narrator/Host
CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI to make their tactics more sophisticated, Doppel uses it to fight back from automatically dismantling cross channel attacks to building team resilience and more. Doppel outpacing what's next in social engineering? Learn more@doppel.com that'S-O-P-P-E-L.com.
[14:47]
Depop Advertiser
You tell yourself no one wants your college era band tees, but on Depop, people are searching for exactly what you've got. You once paid a small fortune for them at merch stands. Now a teenager who calls them vintage will offer that same small fortune back. Sell them easily on Depop. Just snap a few photos and we'll take care of the rest. Who knew your questionable music taste would be a money making machine? Your style can make you cash start selling on Depop where taste recognizes taste.
[15:23]
Narrator/Host
Kevin McGee is global director of Cybersecurity Startups at Microsoft. I recently caught up with him at RSAC 2026. Gave him a break from being my intern to hear him describe some of the emerging trends he's tracking. When it comes to startups, you need
[15:40]
Kevin McGee
a certain level of scaffolding to work with a hyperscaler like us or AWS or whatnot, because you'll get on a call with 60 people from the, from Microsoft and they're all going to want things from you. So you need sort of a certain level of size and complexity within your organization to be able to, to tap into hyperscalers. But when you build that infrastructure, then you can sort of get the lift off that comes with working with us. It can be very difficult sometimes to figure out and navigate Microsoft. I have all the entire tools to see who people are. I often find out about new products we're releasing from customers because we're doing so many different things and releasing so many things so quickly. So. And I've given up being, you know, being upset about that, that I can't keep up on everything.
[16:28]
Ann Johnson
Right. And here we are at RSAC 2026. We are on the show floor, right in the middle of everything. And it is my pleasure to welcome Kevin McGee from Microsoft. Kevin, thanks for joining us here today.
[16:44]
Kevin McGee
Thanks for having me, Dave.
[16:45]
Ann Johnson
I always get it wrong, so I'm going to ask you to say it yourself because your title somehow gets convoluted in my brain. What is your official title with Microsoft now?
[16:56]
Kevin McGee
I wish I had my notes so that I get it right. I lead our cybersecurity portfolio for Microsoft, for startups globally.
[17:03]
Ann Johnson
All right, let's dig into that. When you are at a conference like this and part of your responsibility is finding and nurturing that next generation of cybersecurity startups, what's your strategy for surveying the lay of the land when it comes to new companies?
[17:20]
Kevin McGee
I think a lot of it is the prep work up front. So knowing who you want to see, who are those interesting ones who can make a connection to some of the smarter startups because they won't have a booth maybe to go by and see, they won't have a presence here. So connecting with them is a little more difficult. If you want to see Microsoft or CrowdStrike or Palo, you can go to their gigantic booth and it's pretty easy to book a meeting or whatnot. But the startups don't really necessarily have those connections. They're harder to find. So you have to do the reconciliation upfront, I think is really the key. And then introductions and whatnot can be one of the best ways to figure
[17:54]
Narrator/Host
out who to speak to now as
[17:56]
Ann Johnson
part of your position, the way that you all do things with the Startup group at Microsoft. Do you have an inbound channel where people are hopefuls, are reaching out to you?
[18:08]
Kevin McGee
Yes. So we have a whole set of programs. I like to think of it as kind of like an airplane. Microsoft restarts an airplane. We have different classes of. If you're two folks in a dorm room with a case of beer and a pizza and you've got an idea, we've got a solution for you. If you need a higher level of service or go to market product growth integrations, we have a service for you as well, too. Ultimately, the program's based on how do we make partners successful. And I founded my first two companies in the 90s on BizPark, which was then what Microsoft for startup was called. And it was not just access to the software because it came on disk ads. They used to send me a box of disk ads. It was the access. It was the access to customers, it was the support, it was the brand association. And I think we've really gone back to our roots with the program, which is why I'm excited to sort of have the later part of my career associated with the program as well too.
[18:58]
Narrator/Host
Yeah.
[18:59]
Ann Johnson
So when we're here at a conference like this and there is one topic that is so dominant, so present, you know, and this year it's AI, and not just AI, but agentic AI is every booth, it seems. If you don't have that as part of your message, why. Why are you even here?
[19:18]
Kevin McGee
You're not even allowed in the door.
[19:21]
Dave Bittner
Exactly.
[19:22]
Ann Johnson
But how do you track what's next? Because I would guess, correct me if I'm wrong, that a lot of the companies, the startups want to ride on the coattails of that.
[19:36]
Kevin McGee
Yeah.
[19:36]
Ann Johnson
But you still have to keep your eye on what's coming after that.
[19:40]
Kevin McGee
I think there's. We're at this inflection point. I think when we look back, maybe the Wiz acquisition will be sort of the end of the one phase, the beginning of the new one. So I'm sort of tracking what's happening in the AI space, what they're building and seeing how broken it is, and then knowing that three to six months later there will be a startup surge to fix those problems. So I think we'll. We'll see a lagging surge of cybersecurity startups behind the technologies. So take mcp. I didn't even know what MCP was three, four months ago. Probably I'm way behind some of the viewers, but now I'm looking at six different companies that are in that space. Because of the wide adoption. So I'm trying to get ahead of the curve in that way. And I think this, there's a new wave coming up, and I've heard consolidations, you know, gonna end our industry. I think it's the exact opposite. I think we've kind of closed off one phase. We're at the beginning of the next one.
[20:30]
Ann Johnson
What, what is your advice for those hopeful startups? Do you have a general checklist of you should have these things in place?
[20:41]
Kevin McGee
I can tell you what works and what doesn't.
[20:43]
Ann Johnson
Oh, that's even better.
[20:44]
Kevin McGee
Yeah. One is, are you building a feature or product? Know what you're doing? If you're building a feature you want to sell to a bigger company, build a company that way. But if you got a very small total addressable market and it's a feature, not a product, that's one thing. We kind of figure out where you are, and then two, know your ideal customer profile. A lot of the startups I talk to, who do you sell to? We sell to everybody. You'll never gain any expertise understanding that. Find, you know, one customer you can serve really well. Figure out everything there is to serve them well and do a great job and execute and then work on your next ideal customer profile, icp. And I think that's really the way to scale because then you understand a customer problem and you're delivering a real solution, and that's ultimately what customers are buying. They're not buying the technology, they're not buying the model. They're buying a solution to their problem, and everyone feels they have to sell to everybody. Well, if you sold to just Midwest credit unions and you own that market, that's a great base to build from. I feel. We have this Silicon Valley story where you're supposed to go large, go quickly. Sometimes you need to move in a small area to really understand the problem. Like Y Combinator really, really preaches this as the approach to do things that don't scale at first to learn, and whoever learns faster, I think wins in the market.
[22:05]
Ann Johnson
Are there common pitfalls that you see people, the mistakes that people make that sort of sink their hopes or chances?
[22:12]
Kevin McGee
I think every pitch is not about a VC pitch. I don't really need to know the history of the company. I don't need to know the lineage of every one of your founders. Get to the point. What problem are you solving for the customer? How big of a problem it is, and how does it work? I think customers want to get to pass the slides. Show me the demo show me the pov. And so one of the questions I ask quite often, and you'll hear me in a lot of my interviews, is what's the moment when the customer says, I get it. When you do your presentation? Skip everything before that and go right to that. Right. Because that's really where, where the traction happens when, when they have their aha moment. Everything before that is just noise till they get to that. And then you'll see them actually then say, oh, yeah, well, okay, well, that's your presentation. Everything you said after I asked that question to your presentation. Get rid of all the stuff before.
[23:05]
Ann Johnson
How important is the team?
[23:06]
Kevin McGee
I think the team really matters for, especially for VC raising and whatnot. They want to bet on folks that have been there, done that before. Having built a few companies myself, I think I really got lucky. The first one had a little bit of victory disease. The second one, oh, those are the lessons I learned that made the third one super successful. So I think having a team is really key. And then having been a founder myself, it's a tough slog. I think we have this TV version or movie version where there's this lone genius that invents something. The best companies are teams, you know, Hewlett Packard team, you know. Yeah, yeah, Bill and Paul, Steven. Yeah. You bring different aspects to the relationship, but also you can share the load. I think that's really key.
[23:55]
Ann Johnson
What do you bring to the startups in terms of the spectrum of support that they get when they partner up with Microsoft?
[24:05]
Kevin McGee
I think, and this. A lot of big companies are doing this, not just us. I think it's the right thing to do for innovation in our marketplace. One, just brand association can be a huge thing. Hey, we're working with Microsoft. Two, enterprise distributions are key. We have huge contracts with all sorts of major customers. So if you want to get into XYZ bank, we have probably 60 people working with that account already. If you can prove your product solves a problem and enhances and extends our solutions, we're happy to make that introduction. So there's sort of the trust. There's also just the platform that we make enabled. So a lot of our solutions we're building now are exactly platforms. And our philosophy, at least mine, is we look to partner, partner, partner. Then we'll build it if we can't find a partner in the market space, and then maybe we'll look at buying it. So we're very open to entrepreneurs building on our platform. Quite the opposite of what you think. We're not looking to sort of compete in every market. We're actually looking to enable entrepreneurship and so are many of the other major vendors. And I think that's just, just good for our industry as a whole.
[25:06]
Ann Johnson
All right, well, Kevin McGee from Microsoft, thanks so much for joining us.
[25:09]
Kevin McGee
Thanks for having me, Dave.
[25:14]
Narrator/Host
There's a lot more to this conversation than we have time to share here, so please check out the full unedited interview. You can find a link to that in our show. Notes. On today's segment from Microsoft Afternoon cybertea podcast with Ann Johnson. Ann speaks with Allie Mellon about her new book Code How Nations Hack, Spy and Shape the Digital Battlefield.
[25:50]
Ali Mellon
Today on Afternoon cybertea, I am joined by Ali Mellon, a principal analyst and one of the most clear eyed voices in cybersecurity today. One of the things you actually do beautifully in the book is you strip away the mythology about cyber war, the idea that it's chaotic or that it's even mysterious or driven by these shadowy geniuses. What do you think is the most dangerous misconception leaders still have about nation state cyber attacks?
[26:16]
Dave Bittner
Honestly, it remains that these attacks won't happen to them, that they don't apply to them. I especially see this with small and mid sized businesses and unfortunately the reality is that it's just not true. I think about and I talk about in this book NotPetya as a great example of this. How did NotPetya start? It started with this tax document software created by this company, Intellect Service, which was a small family owned Ukrainian company that just made tax software and was just doing that for the country of Ukraine. It was a small business, it was a family run business and it ended up causing such a larger conflict when it was originally hit and especially in the past few years. And I know that your team has done a ton of research here that's been really valuable to paint this picture. The supply chain is everything. It is the way in for so many threat actors that don't want to just target the big players and want to find ways in that are a little bit more simple for them or where they can take advantage of some things that they might not be able to take in these larger scenarios. And unfortunately, like the scale that you can get with those attacks is everything too. So especially as we move forward, as we continue to somehow be even more interconnected than we are already today, that is the thing that really needs to be driven home, is that at the end of the day, everyone has a role to play in this and it's important that we address that at the source and do our best to have the strongest security posture possible.
[27:45]
Ali Mellon
I think that's right. I do think that a lot of folks, when they think about nation state actors, they think that they're going to attack the largest companies in the world. Right. The Global 2000 or the Fortune 500. And in reality, they're not always there. Right. They often find the softest targets to make a point.
[28:02]
Dave Bittner
Exactly.
[28:03]
Ali Mellon
So a core idea is that, and I love this by the way you talk about it, it's that cyber activity reflects national identity, whether it's history. You talked about a little doctrine, even culture, and you focus heavily on the US and on Russia and on China. What should executives understand about how these differences actually play out in cyber operations?
[28:23]
Dave Bittner
It was really fascinating as I was writing this book, because I originally started out with the intent to just look at the cyber attacks that these nations were perpetrating and focus most of my energies on that. But what I found is the more I went into it, the more that I couldn't ignore the regulations that were being put in place, the defensive actions that were being put in place, and the actual choices that the governments had made and the social contracts they'd established with their people and how all of those things factored into the defensive and offensive decisions they could make and what was available to them. It's been really interesting because I do feel like when we look at the United States as an example, it's so much quieter with the attacks, or it has historically been so much quieter with the attacks that have been perpetrated, much more focused on being clandestine as much as possible, concealing the existence of the operation in any way possible. And a part of that is because there is an expectation that the US Is going to act a certain way on the global stage. But you can contrast that with other nations. We can go beyond China and Russia into, like, North Korea as an example. There they use the cyber attacks that they do particularly to gather resources through Bitcoin and other cryptocurrencies, because there's no reason for them not to. It's not like we could sanction them more at this point. So they might as well go and use cyber attacks that way. Or you can look at Russia and see just how bombastic a lot of the attacks that they use are and how loud a lot of the attacks that they use are, because at the end of the day, all the attacker groups associated with Russia are trying to do is get as much attention, as much meaningful attention from Putin as they possibly can. And I find that really interesting. Because when we look at a lot of the historical decisions that have been made with these cyber attacks, so much of the success of the cyber attacks nation states perpetrate is based on the coordination that they have between different branches of the military. And so when you've set up a system like there is in Russia, where everyone is vying for some type of attention from Putin, it makes it so much more difficult to execute these attacks in a coordinated way where everyone plays their own part.
[30:42]
Narrator/Host
Be sure to check out afternoon Cyber Tea wherever you get your favorite podcasts.
[30:59]
American Express Advertiser
Go further with the American Express Business Gold Card earn 3 times Membership Rewards points on flights and prepaid hotels when you book through amextravel.com whether your destination is a business conference or a client meeting, Your purchases will help you earn more points for future trips. Experience more on your travels with Amex Business Gold. Terms apply. Learn more@americanexpress.com Business Gold AmEx Business Gold Card Built for Business by American Express
[31:29]
McDonald's Advertiser
K Pop demon hunters Haja Boy's breakfast meal and Hunt Trick's meal have just dropped at McDonald's. They're calling this a battle for the fans. What do you say to that, Rumi? It's not a battle. So glad the Saja Boys could take
[31:40]
Dave Bittner
breakfast and give our meal the rest of the day.
[31:43]
Narrator/Host
It is an honor to share.
[31:44]
Kevin McGee
No, it's our honor.
[31:46]
American Express Advertiser
It is our larger honor.
[31:48]
Dave Bittner
No, really, stop.
[31:50]
McDonald's Advertiser
You can really feel the respect in this battle. Pick a meal to pick a side
[31:57]
American Express Advertiser
and participate in McDonald's while supplies last.
[32:05]
Narrator/Host
And finally, Microsoft is drawing renewed attention to Copilot's Terms of Use, which plainly warn the AI assistant is for entertainment purposes only and may not work as intended. The notice, unchanged since late 2025, resurfaced online after users rediscovered language advising people not to rely on Copilot for important decisions. Microsoft has repeatedly issued similar cautions during demonstrations, emphasizing human verification is required. Comparable limits appear elsewhere in the industry, reinforcing that even pro branded AI tools may still discourage professional reliance. Vendor disclaimers quietly undercut the genius in every laptop narrative. The reminder is simple and straightforward. AI assistants can be useful occasionally impressive and confidently wrong in equal measure. As the great philosopher Tom Waits stated, the large print giveth and the small print taketh away. And that's the cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Vermazes. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[34:29]
McDonald's Advertiser
Your next chapter in health care starts at Carrington College's School of Nursing in Portland. Join us for our open house on Tuesday, January 13th from 4 to 7pm you'll tour our campus, see live demos, meet instructors and learn about our Associate Degree in Nursing program that provides prepares you to become a registered nurse. Take the first step toward your nursing career. Save your spot now at Carrington. Edu Events. For information on program outcomes, visit carrington. Edu Sci Fi.

CyberWire Daily — "Patching Can't Wait." Date: April 6, 2026 Host: Dave Bittner (N2K Networks)

Episode Overview

Key News Highlights

1. Fortinet Urgent Vulnerability Patch

2. Major Outage in Russian Banking

3. Cybersecurity Workforce Skills Gap

4. CyberCorps Scholars Struggle to Find Federal Jobs

5. QR Code Phishing Scams

6. Lawsuit over AI Chat Data Privacy

7. Cambodia Outlaws Online Scam Centers

8. Physical Crypto “Wrench Attacks” in California

9. Enterprise & Investment News

Featured Interview: Kevin McGee, Microsoft for Startups

Emerging Trends for Cybersecurity Startups

Featured Interview: Ali Mellon, Author of "Code: How Nations Hack, Spy, and Shape the Digital Battlefield"

Key Insights on Nation-State Cyber Operations

Closing Note: Microsoft Copilot’s Entertaining Terms of Use

Notable Quotes & Moments

Timestamps for Key Segments

Summary Tone

CyberWire Daily — "Patching Can't Wait." Date: April 6, 2026 Host: Dave Bittner (N2K Networks)

Episode Overview

Key News Highlights

1. Fortinet Urgent Vulnerability Patch

2. Major Outage in Russian Banking

3. Cybersecurity Workforce Skills Gap

4. CyberCorps Scholars Struggle to Find Federal Jobs

5. QR Code Phishing Scams

6. Lawsuit over AI Chat Data Privacy

7. Cambodia Outlaws Online Scam Centers

8. Physical Crypto “Wrench Attacks” in California

9. Enterprise & Investment News

Featured Interview: Kevin McGee, Microsoft for Startups

Emerging Trends for Cybersecurity Startups

Featured Interview: Ali Mellon, Author of "Code: How Nations Hack, Spy, and Shape the Digital Battlefield"

Key Insights on Nation-State Cyber Operations

Closing Note: Microsoft Copilot’s Entertaining Terms of Use

Notable Quotes & Moments

Timestamps for Key Segments

Summary Tone

CyberWire Daily — "Patching Can't Wait."
Date: April 6, 2026
Host: Dave Bittner (N2K Networks)

CyberWire Daily — "Patching Can't Wait."
Date: April 6, 2026
Host: Dave Bittner (N2K Networks)