Joe Ryan (13:21)

Foreign.

Dave Bittner (13:28)

Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com Joe Ryan is head of Customer Enablement at Maltego Technologies. And in today's sponsored Industry Voices segment we discuss helping analysts in resource constrained environments overcome training gaps and use investigative tools more effectively.

Joe Ryan (14:30)

Really depends on exactly what type of analyst you are and what sort of investigation that you're working. You know, from the professional world where I am, we tend to serve two distinct types of analysts. We have our more cybersecurity focused analysts that might be dealing a little bit more on a network infrastructure level or dealing a little bit more with cyber threat intelligence and then we have on the other side, more of our kind of investigative analysts who might be dealing with the, you know, real world aspect of it in terms of actually looking into specific individuals or organizations. And oftentimes that kind of shapes the tasks that they're given and even the tools that they are provided and the working environment in which they're kind of in as well. So I think a lot of it kind of boils down to exactly the job. But then what we really start to see is the sort of resource constraints kind of play out across that. Because if you're working in private industry, often you might find yourself a little bit more resourced. You might have a few more tools at your disposal, whether that's software or access to particular data. But then oftentimes we find that maybe government agencies, for instance, some of those, if they're not on a federal level or something, may not be quite as well resourced. And so they're, they're given a little bit less to work with and have to either rely a little bit more on perhaps open source intelligence or just being a bit more resourceful and flexible in how they conduct those investigations.

Interviewer (16:26)

Well, help me understand here, Joe. I mean, to what degree does a typical analyst have influence over the types.

Dave Bittner (16:34)

Of tools that they are able to work with?

Joe Ryan (16:38)

Yeah, so this is a great question, and I come from a background working in law enforcement and government agencies, and I can tell you in my experience, it does depend on the agency and it does depend on the organization as a whole. I've seen investigators, particularly for instance, if they're working in something like digital forensics, who say, look, I just cannot do my job unless I have tool X or something equivalent. And if you can't provide me with tool X, then you really can't expect me to be able to fulfill the responsibilities of this role. And so I think sometimes the individual analyst or the individual investigator really does have a lot of say in what they, what they can do and what they need. But then you also have pattern environments when you're working in much larger organizations where you're probably just given a set of tools to work with and you really just have to make do with that set of tools. But I would encourage all organizations to always talk to those end users, talk to the people who are doing those investigations, because they're the ones that are hands on with those tools day in and day out. And if they find that they're not able to do their job as well as they might be able to with other tools, especially with the rate that technology is evolving right now, then you might find that the outcomes for the entire organization are just not where they could be. If those boots on the ground might have a little bit more voice in that conversation.

Interviewer (18:26)

Well, in your experience, are there any common mismatches here between what the analyst thinks are the most effective tools for them versus what, let's just call them the powers that be, decide that they're going to fund.

Joe Ryan (18:43)

So in general, I don't see much of a mismatch in terms of which products are needed and which products are given. What I tend to see a mismatch in is actually the more of the change management and the implementation side of things. So oftentimes organizations do try to do what's best for their outcomes and what's best for their investigators or their analysts by providing them with perhaps what they think is a better tool, a newer tool, a faster tool. But then maybe they do that without even talking to the individuals. And those individuals are not solely reliant on one tool. Oftentimes they're using multiple tools and they've become very proficient at using those tools together. They have certain workflows that they do on a regular basis, they have certain integrations set up, maybe they have automations set up, maybe they have resources in place for sharing particular data from one tool to another. And when that is disrupted to introduce a new tool into maybe their tech stack, if you will, then that can cause a lot of problems. So it's not always just do you have the best, shiniest tool for the job. It's also how does that tool really fit into the everyday work that you're doing? Both the workflows that you've established, but then also how does it play with all of the other pieces of technology and solutions that you already have implemented within your day to day work?

Interviewer (20:31)

What are the common elements here for folks who are having success? Obviously nobody has unlimited resources, so you have to dial it in.

Dave Bittner (20:41)

The folks who are effective in doing.

Interviewer (20:42)

That, are there common elements to their approaches?

Joe Ryan (20:47)

I think so. I think that one of the big things that people now this can kind of come from two directions. So you, you have the organizational side, right? You have the side of the, the organization that is actually acquiring new pieces of technology and solutions. And then you have the side of the vendors. And so I think from the side of the vendors you really need to understand that you're not the only tool in the toolkit of the end user of your product. Oftentimes they are using 2, 5, maybe 10 other tools in combination with your product, no matter how robust it might be. And so you really need to think about that as you work to enable those users to use your product. You would never want to not give them solutions for how to then integrate your tool with another tool. And so actually building your enablement material and your enablement contents with that in mind is incredibly important. And from an organizational side, I think again, this kind of goes back to that, that change management aspect and really investing time and resources, which I know for a lot of organizations is one of those things that they're not always so happy to do, but investing time and resources into, really intentionally incorporated, incorporating these solutions into everyday workflows. So whether that means we've just acquired a solution, so we want to invest in training for that solution, we want to take a week and have someone come in and train our entire team on how to use that solution, or we want to be very encouraging of our analysts to take time out of their busy schedules to actually upskill themselves on these tools. So when we say, hey, I have a new tool that I'm implementing, maybe also kind of saying, hey, I expect your day to day productivity to drop a little bit right now, because I do expect you to spend a couple hours a week really familiarizing yourself with this tool, going through whatever online training is provided, joining a couple of webinars, taking some courses, even if it's just watching some YouTube videos, encouraging that and not just expecting that to sort of happen organically, because I think that's what we, we think will happen. And nine times out of 10 people will completely ignore that focused solely on getting their work done. And oftentimes that leads them to not even adopting the new tool if they can help it, because they would rather just do the work the way they've been doing it and stay productive than take time to learn this new tool, which might make them more productive in the long run, but it's going to take time away from their work right now.

Dave Bittner (24:10)

Yeah, that's a really powerful insight.

Interviewer (24:12)

I mean, both from the point of view of kind of meeting people where they are, you know, meeting them in the middle, that human element. But also I think there's a lot, there's a tendency, especially for folks who've been at this for a while, to kind of even use new tools in old ways. You know, this is the way I'm accustomed to using it, but by giving them the freedom and encouraging them to.

Dave Bittner (24:35)

Take the time to learn things, it seems to me like in the long.

Interviewer (24:38)

Run that's going to be a positive outcome for all parties.

Joe Ryan (24:43)

Absolutely. I mean, upskilling is one of those things that again, is difficult even, even as a person who struggles with it daily, knowing that it would be good for me to kind of put aside work for an hour and take some time to, to upskill myself on something that I know might make me more proficient in the future. I struggle with that as a professional all the time. But it is something that I always encourage when I'm dealing, particularly with users of our platform, always encouraging them, take the course, watch the video, join the webinar, ask your questions. Because what we find is that when we actually get on the call with people, maybe they're struggling or maybe their organization has set up some kind of training. We finally get on the call with them and we get hands on with them inside the tool. And then they start to have those light bulb moments. That's when they start to make those connections and say, wow, this process that I have been doing manually, that might have taken me a couple of hours, I'm now able to do in a few minutes with this product I've never used before. And so, you know, they maybe just can't fathom, they maybe just can't understand how this new tool could speed things up and they just aren't quite willing to let themselves learn that. And that's not anything against these individuals. Right. Because that's just the nature, like you said, it's just I want to just kind of keep doing the thing that I've been doing. Maybe I'm using that old tool to solve a new problem, but I encourage people give those new tools a chance. And maybe this is a bit of a parallel, but we see that conversation happening a lot right now as it comes into AI and using these large language models. What they say is that AI will not replace you. A person who isn't afraid to use AI might be the thing that replaces you. And I say that that's kind of the same thing here for these tools. Right. It's not that a tool or a solution is going to replace you. It's that there might be a person who was willing to adopt these new technologies more openly than you are, and that person might be able to then do the work faster, better, with better results than you would be if you don't take that time to really open up and learn from those new solutions.

Interviewer (27:27)

And it's always so gratifying when you're working with someone and you see that light bulb go on.

Dave Bittner (27:32)

Right.

Interviewer (27:32)

You know, to make the connection.

Dave Bittner (27:34)

Yeah.

Interviewer (27:36)

So Joe, when we look at the spectrum of tools that are available, I think there's a wide range, you know, between things that are kind of one click and easy to use on the one hand, but on the other side, things that require a bit more depth, training and understanding. How do you bridge the gap between those two?

Joe Ryan (27:55)

Yeah, this is a big question right now because we find that pretty much both of these solutions in all kinds of industries have a place in the market. One of my kind of go to examples is around the design industry and we talk about a tool like the Adobe suite of products. And so you've got, for instance, Adobe Photoshop and Lightroom and all of these different tools that are out there. And if you've ever used any of these tools, you open them up for the first time and there's, you know, kind of 50 buttons across the left and the right and the top and you just have this big blank canvas to work with and you really don't even know where to start with a tool like that. But if you want to be a person that works in that industry, you just have to learn it. And then on the other hand, you have these very lightweight tools. You have a tool that might be a browser based tool like Canva, again kind of in that industry that's very sort of drag and drop, very user friendly. And what's great is that you can accomplish a lot with these simple tools. Depending on the level of work that you're doing, you're probably never going to reach that super, super high level of expertise. You're probably never going to reach being the very, very top of the game, depending on the work that you're doing. If you're using these sort of lower barrier to entry products. But if you're fine with that, and I feel like for analysts, oftentimes that's okay when you're looking at a product that might still give you all of the data that you're looking for or allow you to analyze that data in a, in a quick way. It doesn't really matter if you're using the sort of, you know, big name that's been around in the industry for 10 or 20 years and everyone just kind of quote unquote believes that this is what you have to use to be successful in this field. And that's because it's super complicated and only the best of the best know how to use. Doesn't really matter if you can find some other tool that's faster, that's more lightweight, then use that tool. And so for me, I would say it's about focusing on doing exactly what it is that you need to do. And if you find that you're able to accomplish your goals specific to your role with these more lightweight tools, then do it. I mean, there's, there's nothing stopping you and there's no reason that you shouldn't do it. And if you find that those results are only coming from these tools that kind of take a long time to fully understand, then yeah, really invest the time in those. Encourage your organization to invest the time in those. Look for the training that's out there. Because, you know, kind of going back to this example, you can find dozens and probably hundreds of courses online for how to use Adobe products. Because everyone knows how powerful they are and everyone knows how challenging they can be to use. So the resources are always out there. It's just a little bit up to the individual of how they choose to invest their time in learning this.

Dave Bittner (31:23)

That's Joe Ryan, Head of Customer Enablement at Maltego technologies. Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production, costing 10 times more to fix. Ox Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application security benchmark from AUX Security. And finally, Cloudflare just introduced a delightfully devious new tool, AI Labyrinth. Think of it as a digital hedge maze, only instead of confusing minotaurs, it's designed to baffle AI crawlers that ignore ignore no crawl signs. When these rude bots try to scrape your site, Cloudflare lures them into a labyrinth of AI generated web pages filled with convincingly real but utterly useless content. While the bot burns CPU cycles, navigating a maze of facts about soil types or lunar geology, your real content stays untouched. This strategy not only wastes the bot's time, but acts as a high tech honeypot. No human would click four links deep into nonsense. So if someone does, bingo, it's a bot. The maze helps Cloudflare identify and fingerprint bad actors without alerting them they've been duped. It's opt in and even available on free plans. So yes, Cloudflare is fighting fire with fire, or more accurately, AI with more AI. And that's the cyber wire for links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks Podcast, where I contribute to a regular segment on Jason and Brian's show. Every week you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I Dave Bittner, thanks for listening. We'll see you back here tomorrow. Foreign Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Delete Me. I have to say, Delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.