Targeting schools is not cool. - CyberWire Daily

Summary7 min read

CyberWire Daily: "Targeting Schools is Not Cool" - May 8, 2025

Hosted by N2K Networks

Episode Overview

In this episode of CyberWire Daily, host Dave Bittner delivers a comprehensive briefing on the latest cybersecurity threats, vulnerabilities, and industry developments. The episode features an in-depth conversation with Caleb Barlow, CEO of Cyberbit, focusing on the persistent cyber skills gap and strategies to bridge it. Additionally, the podcast pays tribute to Joseph Nye, a luminary in international relations and cybersecurity. This summary encapsulates the key discussions, insights, and conclusions presented in the episode.

Key News Highlights

1. Lockbit Ransomware Gang Compromised

Timestamp: [02:02]
Details: The Lockbit ransomware group suffered a significant breach, resulting in the leakage of internal data. Hackers defaced Lockbit's dark web affiliate panels with a message condemning cybercrime: "Don't do crime, Crime is bad. Xoxo from Prague." A MySQL database dump revealed approximately 60,000 unique Bitcoin addresses, detailed ransomware configurations, and over 4,400 chat logs from victim negotiations spanning December 2024 to April 2025. This exposes Lockbit's operational mechanisms and affiliates' strategies in customizing attacks.

2. Emergence of "Lost Keys" Malware

Timestamp: [02:02]
Details: Google researchers have identified a new malware variant named Lost Keys, deployed by the Russian state-backed hacking group Coldriver (also known as Star Blizzard, UNC4057, and Callisto). Previously engaged in phishing, Coldriver now employs Lost Keys to steal files and system data through fake captcha sites that trick users into executing malicious PowerShell code. Targets include diplomats, journalists, and NATO-linked entities.

3. Noodle File Stealer Campaign

Timestamp: [02:02]
Details: Cybercriminals are distributing Noodle File Stealer via deceptive AI tool advertisements on platforms like Facebook. The multi-stage attack begins with users downloading a zip file masquerading as a video editing tool, which installs malware that captures browser credentials, crypto wallets, and can deploy remote access tools such as Xworm. The malware leverages Telegram for data exfiltration and evades detection by operating payloads in memory.

4. Critical Vulnerabilities Patched by SonicWall, Apple, and Cisco

SonicWall:
- Timestamp: [02:02]
- Details: SonicWall urges immediate patching of three critical vulnerabilities in its SMA 100 series devices, one of which is actively exploited. Discovered by Rapid7, these flaws can lead to remote code execution as root across multiple devices. SonicWall recommends enabling MFA, monitoring logs for unauthorized access, and using a Web Application Firewall for enhanced protection.
Apple:
- Timestamp: [02:02]
- Details: Apple has addressed a critical remote code execution flaw in macOS related to improper bounds checking in the SIPs utility. The vulnerability allows attackers to execute arbitrary code via malicious ICC profiles. Users are advised to update to the latest OS versions promptly, despite no active exploits being reported.
Cisco:
- Timestamp: [02:02]
- Details: Cisco released patches for 35 vulnerabilities across various products, including critical flaws in iOS XE wireless LAN controllers and identity services. Notably, a significant vulnerability in iOS XE allows unauthenticated attackers to upload arbitrary files via crafted HTTPS requests, potentially compromising devices entirely. Users should update affected systems immediately as no workarounds exist.

5. Iranian Hackers Target German Modeling Agency

Timestamp: [02:02]
Details: Iranian state-linked hackers, associated with APT 35 Charming Kitten, cloned the website of Hamburg's Mega Model Agency to surveil Iranian dissidents. The counterfeit site features a dormant private album link intended as a phishing lure. Obfuscated JavaScript on the site collects extensive visitor data, aiding in stealthy surveillance and facilitating future targeted cyberattacks.

6. SentinelOne's EDR Bypassed

Timestamp: [02:02]
Details: Researchers at AONS Strozfriedberg uncovered a method called "Bring Your Own Installer" (BYOI) that can bypass SentinelOne's Endpoint Detection and Response (EDR) protections. By exploiting the upgrade process, attackers can momentarily disable defenses, allowing them to deploy ransomware such as Babook. SentinelOne has implemented mitigations, including enforcing local upgrade authorization by default, and other vendors have been privately notified of similar risks.

7. PowerSchool Faces Renewed Extortion

Timestamp: [02:02]
Details: Following a December 2024 breach affecting over 60 million students and 9 million teachers, education technology firm PowerSchool is experiencing renewed extortion attempts. Hackers are targeting individual school districts with stolen data, despite PowerSchool's initial belief that the breach was contained. The company has alerted law enforcement and is actively assisting affected districts.

8. CrowdStrike Implements Workforce Reduction Amid AI Shift

Timestamp: [02:02]
Details: CrowdStrike announced layoffs affecting approximately 500 employees (5% of its workforce) as part of a strategic pivot towards artificial intelligence (AI). CEO George Kurtz highlighted AI's role in streamlining operations and aiming for $10 billion in annual revenue. Despite revenue growth, CrowdStrike reported a $92.3 million quarterly loss. The company anticipates related costs to reach up to $53 million and faces challenges in maintaining employee morale amid the reductions.

In-Depth Interview: Caleb Barlow, CEO of Cyberbit

Topic: The Cyber Skills Gap and Bridging the Experience Divide

Understanding the Skills vs. Experience Gap

Timestamp: [13:18 - 22:33]
Caleb Barlow's Insight:
- Skill vs. Experience: Barlow suggests that the prevalent notion of a "skills gap" may be more accurately described as an "experience gap." He points out that while there are approximately 450,000 unfilled cybersecurity positions in the U.S., many of these roles require hands-on experience with specific commercial tools like Splunk, QRadar, or Google Chronicle. This creates a barrier for new graduates who possess theoretical knowledge but lack practical experience with industry-standard tools.
- Educational Shortcomings: Current cybersecurity education often emphasizes open-source tools and manual testing methods (e.g., Kali Linux for penetration testing) but falls short in providing training on commercial platforms that are in high demand in the industry. Barlow emphasizes the need for educational institutions to integrate practical, commercial tool-based training into their curricula.
- Recruitment Challenges: He highlights the inefficiency and cost of recruiting experienced professionals who may not even possess the claimed expertise. Barlow argues that training internal candidates provides better long-term value, reduces recruitment costs, and enhances employee retention.
- Vendor Support: Barlow advocates for vendors to offer free or low-cost licenses for educational purposes, enabling students to gain hands-on experience with the tools they will encounter in the workforce.

Strategies to Bridge the Gap

Timestamp: [19:28 - 25:53]
Developing Internal Talent:
- Training Programs: Barlow encourages organizations to invest in training programs that upskill existing employees rather than solely focusing on hiring experienced candidates. He likens this approach to sports training, where continuous practice and exposure to challenging scenarios build the necessary reflexes and expertise.
- Curriculum Development: Forward-thinking Chief Information Security Officers (CISOs) are now developing structured training curricula that incorporate the deployment and mastery of new tools. This proactive approach ensures that teams remain adaptable and proficient with evolving technologies.
- Cost Efficiency: By training internal staff, companies can significantly reduce recruitment costs and improve employee satisfaction and retention. Barlow estimates that this method can save organizations substantial resources compared to traditional hiring practices.
- Performance Measurement: Implementing measurable training outcomes allows organizations to assess readiness and performance, ensuring that employees are adequately prepared to handle real-world cyber threats.

Caleb Barlow's Analogies and Recommendations

Sports Training Analogy:
- Timestamp: [23:12 - 25:53]
- Explanation: Barlow draws parallels between cybersecurity training and sports, emphasizing the necessity of regular, rigorous practice against formidable opponents to develop resilience and expertise. Just as athletes improve through continuous competition, cybersecurity professionals must engage in repetitive, challenging exercises to hone their skills and adapt to evolving threats.
Mindset of Aspiring Cybersecurity Professionals:
- Timestamp: [23:37 - 25:53]
- **Barlow discusses the mindset of individuals entering the cybersecurity field, highlighting the importance of dedication, continuous learning, and practical experience over mere credential accumulation. He stresses that real-world application and time spent "in the seat" are critical for developing the reflexive responses needed to counter sophisticated cyber adversaries.

Tribute to Joseph Nye

Timestamp: [26:24]

In a heartfelt acknowledgment, CyberWire Daily honors the late Joseph Nye, who passed away on May 6 at the age of 88. Nye, renowned for coining the term "soft power," made significant contributions to international relations and cybersecurity. His work emphasized the integration of cybersecurity into international policy and the development of norms to govern state behavior in cyberspace. As a founding member of the Global Commission on the Stability of Cyberspace and former dean of Harvard's Kennedy School, Nye's legacy endures through his influence on global diplomacy and the protection of civilian infrastructure from cyber threats.

Concluding Insights

The episode effectively underscores the multifaceted challenges in the cybersecurity landscape, from emerging threats and vulnerabilities to the ongoing struggle to cultivate a skilled workforce. Caleb Barlow's insights into the experience gap shed light on actionable strategies to bridge the divide between education and industry requirements, advocating for a paradigm shift towards hands-on, practical training. As cyber threats continue to evolve, the emphasis on continuous learning and adaptive training becomes paramount in safeguarding digital infrastructure and maintaining global cyber stability.

For more detailed information on today's stories, visit CyberWire Daily Briefing. Share your feedback to help us deliver the insights that keep you ahead in the ever-changing world of cybersecurity.

Loading summary

Transcript31 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire the lockbit ransomware gang has been hacked. Google researchers identify a new info stealer called Lost Keys. Sonicwall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw and Cisco patches 35 vulnerabilities across multiple products. Iranian hackers clone a German modeling agency's website to spy on Iranian dissidents. Researchers bypass Sentinel One's EDR protection. Education tech firm Power School faces renewed extortion. CrowdStrike leans into AI amidst layoffs Our guest is Kayla Barlow, CEO of Cyberbit, discussing the mixed messages of the cyber skills gap and honoring the legacy of Joseph Nye.
[02:02]
Caleb Barlow
Foreign.
[02:09]
Dave Bittner
It's Thursday, May 8, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great to have you with us. The Lockbit ransomware gang has been hacked, leading to a major leak of its internal data. Yesterday, Lockbit's Dark web affiliate panels were defaced with a message stating don't do crime, Crime is bad. Xoxo from Prague and including a link to download a MySQL database dump. The leaked database contains 20 tables including nearly 60,000 unique Bitcoin addresses, detailed ransomware build configurations and over 4,400 chat logs from victim negotiations between December 2024 and April of this year. This breach exposes the inner workings of Lockbit's ransomware as a service operation, revealing how affiliates customized attacks and communicated with victims. The incident follows previous law enforcement actions against Lockbit, including infrastructure seizures and arrests, further destabilizing the group. Google researchers have identified a new malware called Lost Keys used by the Russian state backed hacking group Cold river, also known as Star Blizzard, UNC4057 and Callisto. This group, known for phishing, now uses Lost Keys to steal files and system data via a fake captcha site that tricks victims into running malicious PowerShell code. Cold river active since 2022 targets diplomats, journalists and NATO linked groups. Lost keys like earlier malware, Spica is used in selective espionage operations tied to Russian intelligence services. Elsewhere, scammers are spreading a new malware called Noodle File Stealer using fake AI tools and Facebook ads. The campaign targets users with a multi stage attack that begins on phony AI websites offering free image or video generation. Victims download a zip file disguised as a video editing tool, which installs malware that steals browser credentials, crypto wallets and can deploy remote access tools like Xworm. The malware uses Telegram for data exfiltration and evades detection by running payloads in memory. SonicWall is urging customers to patch three critical vulnerabilities in its SMA 100 series devices, one of which is being actively exploited. Discovered by Rapid7, the flaws can be chained to allow remote code execution as root multiple devices are affected. Patches are available in recent firmware versions. SonicWall advises enabling MFA checking logs for unauthorized access and using the Web Application Firewall for added protection. A critical remote execution flaw in macOS allows attackers to run arbitrary code if a user opens a malicious ICC profile found by Trend Micro's Zero Day Initiative. The bug stems from improper bounds checking in macOS's SIPs utility. Apple has patched it in recent OS versions. No active exploitation has been seen, but users should update immediately due to the risk and technical details now being public. Cisco has released patches addressing 35 vulnerabilities across multiple products, including critical flaws in iOS XE wireless LAN controllers and identity services. Engine 1 significant vulnerability in iOS XE wireless controllers allows unauthenticated attackers to upload arbitrary files via crafted HTTPs requests, potentially leading to full device compromise. In ise, two critical vulnerabilities enable remote attackers with read only access to execute arbitrary commands and alter configurations due to insecure deserialization and improper input validation. Additionally, Cisco addressed high severity SNMP flaws in iOS, iOS XE and iOS XR that could cause denial of service conditions. Users are strongly advised to update affected systems promptly, as no workarounds are available for these vulnerabilities. Iranian State Linked hackers tied to APT 35 charming kitten cloned a German modeling agency's website to spy on Iranian dissidents. The fake site discovered this month mimics Hamburg's Mega Model Agency and features a fake model profile with a dormant private Album link, likely a fishing lure. Obfuscated JavaScript collects detailed visitor data including browser and device fingerprints, IP addresses, and plugin info. The data is sent to a disguised analytics endpoint aiding in stealthy surveillance and future targeted cyberattacks. Researchers at AONS Strozfriedberg discovered a technique called Bring your own installer that can bypass SentinelOne's EDR protection. By exploiting the upgrade downgrade process of the SentinelOne agent, attackers can briefly disable its defenses, leaving endpoints exposed. One threat actor used this method to gain admin access and Deploy Babook ransomware. SentinelOne responded with mitigations, including enabling local upgrade authorization by default. While no current EDRs are confirmed vulnerable when properly configured, other vendors were privately notified of the risk. Despite paying a ransom After a December 2024 breach, education tech firm PowerSchool now faces renewed extortion as the hacker targets individual school districts with stolen data. The breach affected over 60 million students and 9 million teachers. PowerSchool had believed the incident was contained after the hacker shared a deletion video. However, recent threats prove otherwise. At least four school boards have been contacted and the reused data matches that from the initial attack. PowerSchool has alerted law enforcement and is assisting affected districts. CrowdStrike is laying off about 500 employees 5% of its workforce, in a move aimed at boosting efficiency. CEO George Kurtz framed the decision around the growing role of AI, which he says will streamline operations and fuel growth toward $10 billion in annual revenue. While the company highlights AI as a force multiplier, its own regulatory filings caution about AI risks, including potential errors and legal liabilities. Despite increasing revenue, CrowdStrike posted a $92.3 million loss in its latest quarter. The layoffs are a harsh blow to affected employees and the company acknowledged the pain caused layoff. Related costs are expected to total up to $53 million. CrowdStrike joins other tech firms turning to automation while cutting staff amid economic uncertainty Coming up after the break, my conversation with Kayla Barlow from Cyberbit on the mixed messages of the cyber skills gap and honoring the legacy of Joseph Nye. Traditional pen testing is resource intensive, slow and expensive, providing only a point in time snapshot of your application's security, leaving it vulnerable between development cycles. Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities. Outpost 24's continuous pen testing as a service solution offers year round protection with recurring manual penetration testing conducted by Crest certified pen testers, allowing you to stay ahead of threats and ensure your web applications are always secure. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy just Use Indeed. When it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed. Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus we with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed According to Indeed Data worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. It is always my pleasure to welcome back to the show Caleb Barlow. He is the CEO at Cyberbit. Caleb, welcome back.
[13:19]
Caleb Barlow
It's always a pleasure to be here with the voice of the cybersecurity industry. Dave, how are you today?
[13:25]
Dave Bittner
I feel a little. A little teased. I feel a little. You should feel loved.
[13:30]
Caleb Barlow
You should feel loved. It's all loved.
[13:31]
Dave Bittner
All right, okay, I will take that. I will take that. So, you know, just a few days ago on our Cyberwire Daily, I was talking about the skills gap and questioning whether it is actually a thing, because you see lots of news stories about the skills gap, but then you see lots of people pushing back and saying, no, it's not really a thing. What's your take on this, Caleb?
[13:56]
Caleb Barlow
Well, I mean, look, I think, and I'll actually credit Simone Petrella and I were having this dialogue and she said to me, you know, is it really a skills gap or is it an experience gap? And, you know, I thought about this a lot. I'm becoming more and more convinced it's an experience gap. And here's where you really see it. Like there's what, Roughly speaking, if you look at cybersec, any given day, it's about 450,000 open unfilled security jobs in the United States. Right?
[14:24]
Dave Bittner
That's what they say.
[14:25]
Caleb Barlow
You know, I don't, I don't think that number's Totally off. Now, maybe some of those aren't real jobs. We could probably agree. There's definitely a few hundred thousand open, unfilled jobs. Okay, okay, sure. Now, the other thing is like, we're also at a time in an industry where, and I don't know what this number is, but there are definitely tens of thousands of people that have been laid off in the security industry that are looking. And I get those resumes every day. And you know, in the US we graduate somewhere between 20 and 30,000 people a year that kind of are looking for a cybersecurity degree, a career that can't really find that first job that they really want. They're getting jobs, but they're not necessarily getting jobs that they want in the society. And you need to look no further than what's happening with recruiting to understand why.
[15:10]
Dave Bittner
So what do you think the reality of the gap is? Where's the disconnect here?
[15:14]
Caleb Barlow
Well, I think the disconnect, believe it or not, is the usage of commercial tools. And if we look at most cybersecurity education, right, it often starts with red teaming, penetration testing, and you're going to go through some sort of an exercise, maybe using a Kali Linux platform, a lot of common open source tools, and you know, you're learning the basics of how to do manual penetration testing, manual red teaming, and then you switch over to the defensive side. But the reality when a recruiter goes out and looks for a job and how that dialogue goes is, hey, you know, I'd really love to get somebody maybe on the younger side, maybe, you know, it's an entry level job, but it'd be great if they had like a couple years of experience using Splunk or qradar or Google Chronicle and you know, extra bonus points if they've maybe, you know, configured a firewall. Okay, So a recruiter hears that they don't write entry level job, they go program their search and AI agent to search on Splunk, Chronicle, you know, Palo Alto firewalls, because those are the easy things to find. So the reality is if you don't have these commercial tools on your resume and frankly have that experience, you, you're going to get filtered out and never even looked at by the recruiter.
[16:29]
Dave Bittner
You know, I think back to my own experience in college. I was studying radio, television and film and was looking to a broadcast career when I got out, which I did for 20 years, but it was the time I spent working in the TV station on campus. And to your point, using the equipment in the TV station, you know, the videotape machines, the cameras, the, the cables, you know, all that kind of stuff. That's what got me work right out of college of being able to say to people, yes, I know how this machine works. What's the equivalent of that TV station on campus for folks who are looking to get their hands on the real security tools, I think you're spot on.
[17:13]
Caleb Barlow
So, you know, my experience was very similar. I was studying to be an electrical engineer. I went to the Rochester Institute of Technology where they require you to go there for five years for an engineering degree and one of which is four co op rotations. So when I graduated, I had all of this commercial experience at times with companies that were hot at the time that nobody's probably ever heard of anymore. But the point is like, you're walking out the door with all this commercial experience. Someone takes a look at your resume and it's like, okay, well which job do you want? I think the same is true whether it's through an internship, whether it's through, you know, and I'm, you know, full disclosure, I'm pitching my own deck here, right? Cyber range training, like where you're going to get hands on with these commercial tools or some other experience where you're going to get. And the term I always use is eyes on glass, hands on keyboard, using the things you're going to use in industry. Now this takes on two forms, right? One, it's the responsibility of the student to go find these opportunities and to go find these internships. But also I think we have to look at higher education and say, look, if we're not training on the exact same tools and platforms that someone is going to be using in the real world job, then we're doing these students a disservice. And that's the other side of this we've really got to think about is as vendors in the vendor community, are you offering licenses to your product for educational use maybe at no or low charge? Because that's the other thing that's going to make the difference. And you know, these schools go out there and look at, you know, the price of buying a lot of these tools and go, look, these things are hundreds of thousands of dollars for a student. Well, it's not going to happen. Right, right. But truth of the matter is most of the vendors, if approached by a university and asking for classroom use, most of them have programs where it's free or very low cost to use these commercial tools.
[19:02]
Dave Bittner
What about, I guess maybe we'll call it the Third leg of the stool, which is the companies that aren't training people in house. Right. They want people to come in fully baked, ready to go with the experience. And they don't have those in house programs or even just the funding to get people up to speed. Where's the guilt there?
[19:28]
Caleb Barlow
Well, there should be a lot there. And look, I think for whatever reason, the cybersecurity industry has gotten a little drunk on just going out and hiring for the next level versus trying to build those people. Right. And I think here's the way you have to look at it, right? When you go out and hire someone that is an experienced professional on the tools you want, first of all, they're going to cost more. You're going to pay a third of their annual salary or more to a recruiter. So let's say you're recruiting for a job that's $100,000. Right. Just to use round numbers, you're going to pay $33,000 for the recruiter. You're going to get them on board. The reality in today's world, particularly in emerging geographies, is some reasonable percentage, maybe 20, 30% have lied on their resume about their experience. It's unfortunate reality. You're going to find out three months in that actually this person doesn't have 10 years of experience on splunk. They've never touched it before. Now you've got to get rid of them. And I'm only being a little bit sarcastic here. And you've got to start that whole process over again with a recruiter again versus if you had taken an existing top performer, skilled them up on that next tool set. You're only going to pay maybe 10% more in the bonus and the raise that you're going to give them. They're going to be a happy employee and you're going to have a known entity moving into that job where because you trained them, you know they're performant. Right?
[20:55]
Dave Bittner
Right.
[20:55]
Caleb Barlow
And that is, I'm finally starting to see a lot of the forward leaning CISOs start really changing. They say, okay, I need to take every year a certain percentage of my level one analysts and I need to turn them into level two. I need to take a certain percentage of my level two and I need to turn them into threat hunters. I think Those are the CISOs that are going to dramatically reduce their overall labor costs, dramatically reduce their retention and really be paying a whole lot less out to recruiters.
[21:23]
Dave Bittner
Yeah, I was going to mention the retention aspect of it because I think in an industry where people are hopping around a lot. That kind of nurturing can really pay dividends in having people feel a little connection to the company.
[21:38]
Caleb Barlow
Well, I mean, how many times have we seen security professionals that are bouncing around jobs? Every year or two. Every year or two getting a higher salary because we're recruiting from a finite group of people. There aren't enough people in the pool. So we all show up wanting the same skills and basically just drive the cost up artificially versus if we took the time to train people. I mean, yes, it might take you six months for somebody working at a level one to get them ready to go to level two. Now they haven't stopped working the whole time. They're just training a little bit in the off time, let's say over six months. But how is that really any worse than spending three months with a recruiter trying to find the right person? Two months of them onboarding and training and a month of them being performant, you're really only losing maybe a month and saving a fortune in the process.
[22:31]
Dave Bittner
Right. And training them for exactly what you need.
[22:34]
Caleb Barlow
Exactly. And the, what gets really interesting is I'm seeing CISOs now that have a curriculum that they want to mandate down for this to happen. So they're looking at what do I need to do? Because, like, a lot of people, for example, are moving off of qradar, as you know, that kind of winds down and moving to maybe Microsoft or Palo or Google Chronicle. Well, okay, I need to train up my team so they lay out a curriculum. Hey, over the next year, I want to train everybody up. We're going to deploy these new tools and we'll actually be able to measure when people are ready to switch. That's pretty cool in my mind.
[23:13]
Dave Bittner
Let's switch over just a bit and talk about the students themselves, the folks training. You mentioned cyber ranges. You know, here at N2K, we have practice tests, those kinds of things. I mean, what's, what's the mindset of someone who is in this mode of getting up to speed? What, what kind of, is, is it a situation where they're putting a lot of pressure on themselves? Where do we stand there?
[23:37]
Caleb Barlow
Well, there's a lot of, you know, there's a lot of challenge of getting, breaking into this industry. And I think we've done a little bit of a disservice to ourselves, assuming that, you know, certificate collection is the answer. And don't get me wrong, you know, industry certificates are valuable, particularly if you're going into consulting or a government job, because those are the two areas that really look at them. The reality is, I don't think most CISOs care if you have a certificate or not. What they care about is, do you know the technology and can you do the job? And this really comes down to kind of the brain science of this, of how do I train under pressure? Because it's not just about getting the book knowledge. It's not about passing the exam. I mean, don't get me wrong, passing the exam is important. Right. But I need to do that, and I need to have the time in the seat, because this is much more analogous to a sport. I'm up against a human adversary. I need. Just like I'm training for a sport, I need that pattern recognition of. Wait a minute. This is a little odd. I need to dig in here more. What is. What is this adversary's likely next move? What is their worst move? And that's only learned through time in the seat.
[24:44]
Dave Bittner
It needs to be reflexive.
[24:46]
Caleb Barlow
It needs to be reflexive, and that training needs to occur repetitive. So, again, let's use a sports analogy. Right? You don't get good at soccer or football. Well, I guess in some geographies, football and soccer are the same thing, but follow me through. Right?
[24:59]
Dave Bittner
I'm with you, Ken.
[25:00]
Caleb Barlow
You don't get good. You don't get good at this if you don't go out on the field every week and practice hard. Stop. Right, right. You also don't get any good at, you know, if you go out and train to be a lineman by reading a bunch of books, it's not going to end well in your first, you know, if I throw you on a D1 field, it's not going to end well. Right, right, right, right. Okay. The same is true in a sock, Right. Training has to be a regimented part of something you do every single week, which means it's got to be asynchronous, it's got to be easy to do, it's got to be measured, and it's got to be practicing. You got to push yourself. Right. If I only. If we were playing football and we only ever played against easy teams, we're not going to get any better. We've got to simulate playing against really hard adversaries so we know how to build up that muscle memory. And when the really hard adversary actually hits us, we're like, bring it on, baby. Because we're ready.
[25:53]
Dave Bittner
Yeah, absolutely. I'm a true believer that the best way to get better at something is to do it with someone who's better at it than you are. Yeah, yeah, absolutely. All right, well, Caleb Barlow is CEO at Cyberbit. Caleb, thanks so much for taking the time for us.
[26:08]
Caleb Barlow
Thanks, Dave.
[26:24]
Dave Bittner
Let's be real. Navigating security compliance can feel like assembling Ikea furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you done it right. That's where Vanta comes in. Vanta is a trust management platform that automates up to 90% of the work for frameworks like SoC2, ISO 27001 and HIPAA, getting you audit ready in weeks, not months. Whether you're a founder, an engineer, or managing IT and security for the first time, Vanta helps you prove your security posture without taking over your Life. More than 10,000 companies, including names like Atlassian and Quora, trust Vanta to monitor compliance, streamline risk, and speed up security reviews by up to five times. And the roi, A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get a thousand dollars off vanta@vanta.com cyber that's v a n t a v.com cyber and finally, we pause to remember Joseph Nye, who passed away on May 6 at the age of 88, leaving behind a profound legacy in international relations and cybersecurity. Renowned for coining the term soft power, Nye's insights into the dynamics of global influence reshaped diplomatic strategies worldwide. Beyond his theoretical contributions, Nye was instrumental in integrating cybersecurity into the realm of international policy. As a founding member of the Global Commission on the Stability of Cyberspace, he championed the development of norms to govern state behavior in cyberspace, emphasizing the importance of protecting civilian infrastructure from cyber threats. Nye's tenure as dean of Harvard's Kennedy School from 1995 to 2004 was marked by his commitment to preparing future leaders for the complexities of the digital age. He fostered interdisciplinary approaches, blending political science with emerging technological considerations, ensuring that the next generation of policymakers was equipped to navigate the challenges of cybersecurity and digital diplomacy. His dedication to public service, including roles as Assistant Secretary of Defense for International Security affairs and chair of the National Intelligence Council, underscored his belief in bridging academic theory with practical policy solutions. Joseph Nye's vision and leadership have indelibly shaped our understanding of power, diplomacy and the critical importance of cybersecurity in maintaining global stability. His contributions continue to inspire and guide scholars and practitioners in the ever evolving landscape of international relations. To all who knew and loved him, may his memory be a blessing. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2 we're privileged that N2k cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman our executive producer producer is Jennifer Ibin, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. What's the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to Spectrops IO today to learn more. Spectrops see your attack paths the way adversaries do.