The Grok that broke the camel’s back. - CyberWire Daily

Summary9 min read

CyberWire Daily Summary: "The Grok that Broke the Camel’s Back"
Release Date: July 15, 2025
Host: Kim Jones, Dave Bittner, Ethan Cook, Marco Elaise
Produced by: N2K Networks

1. Accidental API Key Leak Raises Security Concerns

Timestamp: [02:06]

In today’s briefing, Dave Bittner opens with a critical security incident involving Marco Elaise, a 25-year-old employee at the Department of Government Efficiency. Marco inadvertently exposed a private API key on GitHub, which provided unauthorized access to 52 Large Language Models (LLMs), including the latest Xai Grok 4 Git model. Despite Guardian flagging the breach, the compromised key remains active.

Dave Bittner highlights, “This marks the second such XAI leak by a Doge employee, raising concerns about systemic security failures and poor oversight within Doge.”
Timestamp: [02:06]

Further investigation by Krebs on Security reveals that Marco has a history of security violations, including previous instances of unencrypted data transmissions. Despite these issues, Marco was reinstated after lobbying efforts by Vice President J.D. Vance, allowing him continued movement through various federal agencies. This recurring negligence underscores significant lapses in government cybersecurity protocols.

2. North Korean Malware Campaign Escalates

Timestamp: [07:45]

The CyberWire reports an escalated malware campaign by North Korean threat actors, specifically the “contagious interview campaign.” Researchers have identified a new malware loader named XOR Index Socket, which has been downloaded over 9,000 times since June. This loader targets developers, job seekers, and cryptocurrency holders by embedding malicious code into 28 npm packages, facilitating the deployment of Beavertail malware that steals crypto wallet data and the earlier loader Hex Eval.

Ethan Cook emphasizes, “The campaign, linked to North Korea's Lazarus Group, uses fake job offers and tools to trick users into installing malware.”
Timestamp: [07:45]

Out of 67 malicious npm packages associated with this campaign, 27 remain active, with overall downloads exceeding 17,000 times. Socket has actively requested the takedown of these packages and the suspension of affected accounts. The use of evolving obfuscation techniques by the attackers poses ongoing challenges for cybersecurity defenders.

3. Ransomware Attack on Avantik Medical Lab

Timestamp: [10:15]

Avantik Medical Lab, a diagnostic firm based in New Jersey, fell victim to a ransomware attack orchestrated by the Everest Group on July 3rd. The breach resulted in the leakage of 31 gigabytes of sensitive patient data, spanning from 2018 to 2023, including medical records, Social Security numbers, insurance details, and credit card information.

Dave Bittner reports, “Avantiq has not yet notified patients. Those possibly affected should monitor accounts and consider credit protection steps.”
Timestamp: [10:15]

The attack was triggered when Avantik failed to engage with the attackers, leading to the public exposure of critical patient data. The situation underscores the dire need for robust ransomware response strategies within the healthcare sector to protect sensitive information and maintain patient trust.

4. Dark Web Marketplace Abacus Market Goes Dark Amidst Exit Scam

Timestamp: [12:00]

Abacus Market, once the top-grossing dark web marketplace in the West, has abruptly gone offline. Security experts suspect an exit scam, a common tactic where administrators vanish with user funds. Reports of withdrawal issues surfaced in late June, signaling the potential disappearance of site administrators.

Marco Elaise notes, “TRM Labs suggests Vitro likely exited to avoid law enforcement, especially after Archetype's takedown.”
Timestamp: [12:00]

Abacus had been operational for four years, facilitating the sale of drugs, cybercrime tools, and counterfeit goods, with revenues surging 183% in 2024. The shutdown follows the recent takedown of Archetype, another prominent dark web marketplace, reflecting a shift in law enforcement focus towards arresting vendors rather than shutting down entire marketplaces. This strategy aims to create a more lasting impact on the dark web ecosystem by targeting key individuals behind illicit activities.

5. MITRE Unveils ADAPT Framework for Cryptocurrency Security

Timestamp: [14:50]

In a significant development, MITRE has launched ADAPT, a cybersecurity framework specifically designed to address threats in cryptocurrency and digital financial systems. Modeled after the renowned MITRE ATT&CK framework, ADAPT assists developers, financial institutions, and policymakers in identifying and countering risks such as phishing, ransomware, and double-spending attacks.

Ethan Cook explains, “ADAPT offers tools for threat emulation, detection, and security assessments, aiming to support organizations, especially those with limited resources, in securing digital payment technologies.”
Timestamp: [14:50]

Developed with input from over 150 experts, ADAPT maps real-world adversary tactics targeting digital assets, providing a comprehensive resource to enhance the security posture of entities operating within the evolving digital financial landscape.

6. Concerns Over Cybersecurity Budget Cuts Under the Trump Administration

Timestamp: [17:30]

Cybersecurity experts are increasingly worried that steep budget cuts and layoffs under the Trump administration are undermining federal cybersecurity and information sharing efforts. Reports indicate that nearly one-third of the cybersecurity and infrastructure security agency workforce has been reduced, with key threat-sharing programs facing defunding.

Dave Bittner highlights, “This has led to a sharp drop in public-private collaboration, leaving critical infrastructure more vulnerable to attacks.”
Timestamp: [17:30]

The reduction in workforce and funding has caused significant backlogs in programs like the National Vulnerability Database and Common Vulnerabilities and Exposures (CVE) system. Experts warn that political pressures have silenced federal cyber teams, stalled proactive security measures, and fractured communication channels with the private sector, thereby weakening the United States' cyber defenses at a pivotal time.

7. UK’s National Cybersecurity Centre Launches Vulnerability Research Initiative

Timestamp: [19:50]

In response to growing cybersecurity threats, the UK's National Cybersecurity Centre (NCSC) has initiated the Vulnerability Research Initiative (VRI). This program fosters collaboration with external cybersecurity researchers to enhance the UK’s capability to identify and address both software and hardware vulnerabilities.

Kim Jones states, “The VRI complements NCSE's internal efforts and will help build a best practice framework for vulnerability research, including in emerging areas like AI-powered discovery.”
Timestamp: [19:50]

By partnering with skilled experts, the VRI aims to conduct comprehensive assessments, test mitigations, and disclose findings through the NCSE’s equilibrium process, thereby reinforcing the UK's cybersecurity infrastructure and promoting a culture of continuous improvement and innovation in vulnerability management.

8. Hill Associates Settles Federal Cyber Fraud Allegations

Timestamp: [21:10]

Hill Associates, an IT contractor based in Maryland, has agreed to pay $14.75 million to settle federal allegations of cyber fraud. The company was accused of violating contracts with federal agencies, including the Department of Justice and the Treasury, between 2018 and 2023. The charges include billing for underqualified personnel, unauthorized cybersecurity services, unapproved fees, and inflated overhead costs.

Dave Bittner reports, “The settlement, brought under the False Claims Act, includes an additional payment of 2.5% of Hill's annual revenue, totaling over $18.8 million through 2030.”
Timestamp: [21:10]

The Department of Justice emphasized the importance of holding IT contractors accountable for failing to meet cybersecurity and billing standards. Hill Associates has not admitted liability and has yet to provide a public response. This case marks the latest in a series of False Claims Act settlements targeting contractors accused of compromising cybersecurity integrity.

9. CISO Perspectives: Addressing the Cybersecurity Talent Gap

Timestamp: [12:45]

In an insightful segment titled "CISO Perspectives," Kim Jones and Ethan Cook engage in a deep discussion about the ongoing challenges and potential solutions related to the cybersecurity workforce gap. The conversation, timed at [12:45], revolves around themes of fear, opportunity, and the evolving nature of cybersecurity as a profession.

Dave Bittner reflects, “There needs to be more industry leaders. I think one of the best quotes that you had, Kim, was when you talked about the first person to do it. It's always hard.”
Timestamp: [24:29]

The discussion highlights the surplus of entry-level cybersecurity job seekers over available positions, as Ethan Cook points out, “For every 100 entry-level jobs, we have 110 entry-level workers vying for that.”
Timestamp: [18:42]

Ed Vasco, CEO and serial entrepreneur, contributes the analogy comparing cybersecurity training to medical residencies, emphasizing the need for practical skills and real-world experience: “If you create or foster certain skills on your own in high school, you can technically come into a cyber role and become proficient.”
Timestamp: [15:23]

The conversation also delves into whether cybersecurity should be considered a trade or a profession, with Larry advocating for a trade-focused approach at the entry level, while Ed Vasco argues for treating it as a profession with defined career pathways. Dave Bittner summarizes, “Cyber is a profession and we have to treat it as one. But that doesn't mean we just ignore the technical aspects.”
Timestamp: [22:50]

In conclusion, Kim Jones and Ethan Cook emphasize the importance of proactive leadership and fostering diversity within the cybersecurity field to bridge the talent gap and enhance organizational security postures.

10. Crypto Hacker Returns $42 Million Stolen from GMX

Timestamp: [30:25]

In a twist of irony within the cryptocurrency world, a hacker who illicitly obtained $42 million from GMX's Arbitrum-based liquidity pool has chosen to turn white hat. Instead of disappearing, the hacker decided to return the funds in exchange for a $5 million bounty.

Dave Bittner describes the incident, “The RE entrance attack, a classic smart contract exploit, allowed the attacker to siphon funds before the system caught up.”
Timestamp: [30:25]

Rather than vanish into the digital ether, the hacker adopted a "Robinhood meets Venmo" approach, retaining a portion of the funds while returning the majority. GMX has since secured the returned funds in its multisig wallet and is formulating a plan for redistribution. Interestingly, GMX's token price surged over 18% following the resolution, demonstrating the market's resilient response to rectified security breaches.

Conclusion

The episode of CyberWire Daily titled "The Grok that Broke the Camel’s Back" provides a comprehensive overview of the latest cybersecurity incidents, emerging threats, policy developments, and professional discourse within the industry. From accidental security breaches and sophisticated malware campaigns to innovative frameworks and workforce challenges, the episode underscores the dynamic and multifaceted nature of cybersecurity in 2025. Additionally, the engaging discussions in "CISO Perspectives" offer valuable insights into addressing the persistent cybersecurity talent gap, emphasizing the need for leadership, diversity, and professionalization within the field.

For more detailed insights and daily updates, listeners are encouraged to access the full episodes through N2K Networks and participate in ongoing conversations shaping the future of cybersecurity.

Notable Quotes:

“This marks the second such XAI leak by a Doge employee, raising concerns about systemic security failures and poor oversight within Doge.” – Dave Bittner [02:06]
“The campaign, linked to North Korea's Lazarus Group, uses fake job offers and tools to trick users into installing malware.” – Ethan Cook [07:45]
“Avantiq has not yet notified patients. Those possibly affected should monitor accounts and consider credit protection steps.” – Dave Bittner [10:15]
“ADAPT offers tools for threat emulation, detection, and security assessments, aiming to support organizations, especially those with limited resources, in securing digital payment technologies.” – Ethan Cook [14:50]
“This has led to a sharp drop in public-private collaboration, leaving critical infrastructure more vulnerable to attacks.” – Dave Bittner [17:30]
“The VRI complements NCSE's internal efforts and will help build a best practice framework for vulnerability research, including in emerging areas like AI-powered discovery.” – Kim Jones [19:50]
“For every 100 entry-level jobs, we have 110 entry-level workers vying for that.” – Ethan Cook [18:42]
“Cyber is a profession and we have to treat it as one. But that doesn't mean we just ignore the technical aspects.” – Dave Bittner [22:50]

Further Information:
For links to all of today's stories, visit CyberWire Daily Briefing. Share your thoughts and participate in the annual audience survey through the show notes. Stay updated by subscribing to CyberWire Daily for daily cybersecurity news and analysis.

Loading summary

Transcript43 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network.
[00:04]
Ethan Cook
Powered by N2, Krogle is AI built.
[00:14]
Kim Jones
For the enterprise SOC. Fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, IT delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C R O gl.com A Doge employee leaks private API keys to GitHub North Korea's contagious interview campaign has a new malware loader A New Jersey diagnostic lab suffers a ransomware attack. A top grossing dark web marketplace goes dark in what experts believe is an exit scam. Mitre launches a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Experts fear steep budget cuts and layoffs under the Trump administration may undermine cybersecurity information sharing. A Maryland IT contractor settles federal allegations of cyber fraud. Kim Jones and Ethan Cook reflect on CISO perspectives and a crypto hacker goes hero and gets a hefty reward.
[01:59]
Marco Elaise
Foreign.
[02:06]
Kim Jones
2025 I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great as always to have you with us. Marco Elaise, a 25 year old employee at the Department of Government Efficiency, accidentally leaked a private API key to Xai's language models by posting it on GitHub. This key granted access to 52 LLMs, including Xai's latest Grok 4 Git. Guardian flagged the breach, but the key remains active. According to Krebs on Security, Elyse, who is access to multiple sensitive government databases, has a history of security violations and controversial behavior, including past unencrypted data transmissions. Despite this, he was reinstated after lobbying from Vice President J.D. vance and has continued moving through federal agencies. This marks the second such XAI leak by a Doge employee, raising concerns about systemic security failures and poor oversight within Doge. North Korean threat actors behind the contagious interview campaign have escalated their efforts with a new malware loader called XOR Index Socket researchers report. Downloaded over 9000 times since June, XOR Index targets developers, job seekers and crypto holders. It's embedded in 28 malicious npm packages used to gather host data and deploy Beavertail which steals crypto wallet data. Some packages also deploy Hex Eval, an earlier malware loader with over 8,000 downloads. In total, 67 malicious npm packages tied to the campaign have been downloaded more than 17,000 times, with 27 still active. The campaign, linked to North Korea's Lazarus Group, uses fake job offers and tools to trick users into installing malware. Socket has requested takedowns and account suspensions, warning of ongoing loader reuse and evolving obfuscation tactics. Avantik Medical Lab, a New Jersey based diagnostic firm, suffered a ransomware attack and data breach by the everest group on July 3rd. 31 gigabytes of sensitive patient data was leaked after the lab failed to engage with the attackers. The breach, first signaled on June 10, exposed data from 2018 through 2023, including medical records, Social Security numbers, insurance details and credit card information. Avantiq has not yet notified patients. Those possibly affected should monitor accounts and consider credit protection steps. Abacus Market, once the top grossing dark Web marketplace in the west, has gone offline in what experts believe is an exit, SC users began reporting withdrawal issues in late June, a common sign of admins disappearing with user funds. Though site admin vitro blamed DDoS attacks and a surge in users from the shuttered Archetype marketplace, skepticism remained. TRM Labs suggests Vitro likely exited to avoid law enforcement, especially after Archetype's takedown. Abacus had been operating for four years, selling drugs, cybercrime tools and counterfeit goods. With revenue surging 183% in 2024, experts say law enforcement now focuses more on arresting vendors than shutting down marketplaces, as vendor arrests have a broader and longer lasting impact across the Dark Web ecosystem. MITRE has launched adapt, a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Modeled after Mitre attck, ADAPT helps developers, financial institutions and policymakers identify and counter risks like phishing, ransomware and double spending. Built from input by over 150 experts, it maps real world adversary tactics targeting digital assets. ADAPT offers tools for threat emulation, detection and security assessments. It aims to support organizations, especially those with limited resources, in securing digital payment technologies and building trust in this evolving sector. Cybersecurity experts warn that steep budget cuts and layoffs under the Trump administration have severely undermined federal cybersecurity and information sharing. Bank info Security reports Nearly one third of the cybersecurity and infrastructure security agency workforce has been cut, and key threat sharing programs have been defunded. This has led to a sharp drop in public private collaboration leaving critical infrastructure more vulnerable to attacks. Programs like the National Vulnerability Database and common vulnerabilities and exposures are facing backlogs and funding threats, raising global concerns about vulnerability management experts say political pressure has silenced federal cyberteams, stalled proactive responses and fractured communication with the private sector. With major layoffs at agencies like the State Department and the possible expiration of key cybersecurity laws, many fear U.S. cyber defenses are weakening at a critical time. Meanwhile, the UK's National Cybersecurity center has launched the Vulnerability Research Initiative to collaborate with external cybersecurity researchers. The initiative aims to enhance the UK's ability to identify and address software and hardware vulnerabilities. By partnering with skilled experts, researchers will assess targeted products, test mitigations, and disclose findings via the NCSE's equities process. The VRI complements NCSE's internal efforts and will help build a best practice framework for vulnerability research, including in emerging areas like AI powered discovery Maryland based IT contractor Hill Associates has agreed to pay? 14.75 million to settle allegations of contract violations with federal agencies. The company was accused of billing for underqualified personnel, unauthorized cybersecurity services, unapproved fees and inflated overhead costs. These actions allegedly breached contracts with the Department of Justice and treasury between 2018 and 2023. The settlement, brought under the False Claims act, includes an additional payment of 2.5% of Hill's annual revenue, over $18.8 million through 2030. The Department of Justice emphasized accountability for IT contractors who fail to meet cybersecurity and billing standards. Hill Associates did not admit liability and has not publicly responded. This is the latest in a series of False Claims act settlements involving contractors accused of cybersecurity related Frau Coming up after the break, Kim Jones and Ethan Cook reflect on CISO perspectives and a crypto hacker goes hero and gets a hefty reward. Stay with us. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees, personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your Active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Night to stay ahead of threats. Download it now@sempras.com purple-knight that's sempras.com purple-night Kim Jones, host of CISO Perspectives, and Ethan Cook, our N2K analyst, recently sat down to reflect on highlights from this season of CISO Perspectives. They revisit key moments, discuss recurring themes like the cybersecurity workforce gap, and get Ethan's outsider take on the conversations.
[12:45]
Marco Elaise
So you and I came together and met as you were doing the production work and the uplift work and the editorial work on this podcast. What was your exposure to cybersecurity prior to taking on this role?
[13:04]
Dave Bittner
So traditionally, little to none. I graduated from college and it had literally nothing to do with cyber. And as we've kind of found throughout the show, everyone seems to find a stumble of a way into cyber. And so I would say I have a understanding. Not a technical understanding, but an understanding.
[13:22]
Kim Jones
Cool.
[13:23]
Marco Elaise
And that's one of the reasons I wanted you to do the season wrap up with me because you will be as close to having a non biased tabula rasa view on the topic and the things you've heard, et cetera. So let's take a look. Regarding the theme of the cyber talent ecosystem as a whole, given what you have heard, read research, because you run my blog, what are your thoughts regarding the ecosystem as a whole before we start deep diving on different portions of it?
[13:56]
Dave Bittner
Ethan yeah, so taking a step back and looking at it from a zoomed out view, I would say the first thing of my observations is fear. There's a lot of fear in the ecosystem right now where it feels that people are unwilling to take a risk. So first observation I would say is fear. The second observation that I would say is opportunity. While there was a lot of talk throughout the season of wow, this is a problem That's a problem none of it ever came away with. This is an unsolvable problem, or this is something we can't fix, or we can't address, or we can't do something about.
[14:36]
Marco Elaise
So yeah, you double click on a couple of those things. So let's start with the fear aspect and in terms of how it relates to talents. And you talked a little bit regarding a lack of desire to accept the possibility where a mistake could be made. So back in episode 11, we brought in Ed Vasco, CEO serial entrepreneur, and he talked a lot about regarding that last component that seems to be missing as we're upskilling people and that is practical skills and real world experience within the environment.
[15:24]
Ed Vasco
Just like in medical, medical space, we have training hospitals, we have training programs that not all hospitals, not all doctor's offices accept residents, you know, except residencies, there are a select number and it's by that selection process that the industry within the medical program gets moved forward. And so there's this self selection. Most of these teaching hospitals are attached to a university. They combine the academic program and the experiential learning program. So I took the same kind of metaphor, same sort of alignment and said, well, the benefit I have here is that I'm attached into a university. They've given me the opportunity to build these kinds of platforms. Let's say in your experience as an operational cyber leader, would you be willing to allow early career professionals that opportunity to come in into a commercial SoC or into an operational SOC like Newground and have consequence?
[16:34]
Marco Elaise
One of the things that I also felt from the season is you're right, everybody wants that level of experience, but there's still that reluctance to create the mechanisms that allow people that experience.
[16:52]
Dave Bittner
Absolutely.
[16:53]
Marco Elaise
The reluctance to, okay, that's great, we need you to get experience somewhere, but you first. So let's double click on the other piece that you said regarding the opportunity.
[17:06]
Kim Jones
And.
[17:08]
Marco Elaise
I see you're right in terms of that this is something that nobody has thrown up their hands and said it can't be done. Which is great. But it seems to me that the nature of that opportunity is still ill defined. And where I'm going back to is Will Marco's episode where he talked about the data regarding what is the nature of the cyber opportunity out there and the openings that are out there. You want to talk to me a little bit about that one?
[17:40]
Dave Bittner
Yeah. For those who hadn't heard that episode, Will Marco came on and talked about cybersec data. And one of the things that I thought was just super illuminating about that conversation was how people are misusing cybersec data.
[17:52]
Ethan Cook
I have heard so many people at very high levels of the federal government and other places misuse the data. What that number actually is is that's how many unique job openings we saw over the past 12 months, which were unique online. It also isn't just what we think of as core cybersecurity workers. We're also looking at the network administrators who are responsible for cyber within an SMB or other IT professionals, or even in some cases, maybe even non IT professionals who still have a security component to what they do.
[18:34]
Dave Bittner
When I think back to Will's episode, something that really stuck out to me was his quote surrounding entry level jobs.
[18:42]
Ethan Cook
When we looked at this, we found that for every 100 entry level jobs, we had 110 entry level workers vying for that. That means that we actually had about 35,000 jobs, more entry level individuals looking for cybersecurity jobs than we actually had entry level cybersecurity jobs that they could fill.
[19:07]
Marco Elaise
I will take it a step further. There's another piece there regarding not just what he said about data, but in terms of how the world, the industry, the world, business, et cetera, is looking at and is hiring cyber professionals within the environment.
[19:29]
Ethan Cook
I call it hiring for mercenaries, not missionaries. You go after the mercenary who has the best resume. They look the best on paper. Maybe they went to some fancy school, they got some fancy certifications, they look amazing on paper. Problem is you want to hire them. So do all of your 20 biggest competitors and you are going to be in a bloodbath for talent if this is what you do.
[19:57]
Marco Elaise
So shifting gears again, I think part of some of the things we've heard centered around what makes a good cybersecurity professional. And you talked about putting structures like maybe legal around things, et cetera, within the environment. But one of the conversations that came up several times was the focus of episode two was, are we a trade or are we a profession? You want to dig into that a little bit, Ethan?
[20:26]
Dave Bittner
Yeah. This is a conversation that came out routinely throughout the season. And it was something that I grappled with because, you know, when I first saw the statement, my first thought was that as an outsider was why does it matter? Right? I then dug into the conversation and dove into it more and got into the nitty gritty details and understood the cost and benefit of both. And I really liked both Larry's who was in episode two, and Ed's characterization of the two, with Larry arguing that it transforms Midway through.
[20:59]
Larry
I've actually given some thought to that simply because. And I'm going to say I think we're both. I think we're both because of a couple of factors. When you think about the entry level components.
[21:14]
Ed Vasco
Right.
[21:14]
Larry
The entry level component of getting into cyber is very trade adjacent.
[21:20]
Ed Vasco
Right.
[21:21]
Larry
It's not about certifications, it's not about degrees, it's about skills. Which is why we say you can come out of high school and do this. Because if you create or foster certain skills on your own in high school, you can technically come into a cyber role and become proficient in the way that an organization needs you and go execute. So at that level I see it akin to a trade.
[21:50]
Dave Bittner
And then Ed arguing or stating that he believes that we're a profession with technical components.
[21:58]
Ed Vasco
I lean towards the idea and I lean. I expect that we are a profession that has technical representation. We have an opportunity to ensure that the pathways we create allow for people of not just diverse background but diverse skills to engage in this field and achieve certain kinds of milestones at a career level. If we don't treat ourselves as a profession that has technical orientation, then we're ultimately be relegated into a position.
[22:46]
Dave Bittner
That.
[22:46]
Ed Vasco
Doesn'T have business orientation, that doesn't have. All the other things that we talked.
[22:50]
Dave Bittner
About for years between the two of them and I think they bit the nail on the head is that we are a profession, cyber is a profession and we have to treat it as one. But that doesn't mean we just ignore the technical aspects and just blindly tune those off and put our blinders on and pretend like those aren't there. Those are a reality that we should acknowledge and build in to our systems. Similar to how other professions that are have a technical system. Maybe not technical in terms of technology, but technical aspects of them. They have a defined pathway that goes through it and a in a logical progression system. But they still have professional elements guiding the whole process. Process.
[23:34]
Marco Elaise
So what is the one thing that we haven't talked about that you want to make sure that we talk about, that we mentioned etc. Before we close this off?
[23:46]
Dave Bittner
Yeah. So as I look at this problem, problems that are related to this system is this has been a issue that I have heard about since I've entered several years ago and it doesn't seem like we're any closer to solving. It seems like we're if anything further away from solving. There needs to be, especially in the absence of and the decline of certain things like scissors programs or some of these things that are happening. Right now, there needs to be more industry leaders. I think one of the best quotes that you had, Kim, was when you talked about the first person to do it. It's always hard.
[24:30]
Marco Elaise
When I talk to young or aspiring cyber professionals, I often hear that they're reluctant to apply for a position in a company because there's no one already there like them. Every time someone says this to me, my answer is the same. How the hell is it going to get any better if you don't show up? Folks, being the first at anything is hard, but if no one steps up to be the first person, nothing ever changes. Worse, you provide individuals in that company the excuse to keep their hiring practices unchanged since they can't find underserved candidates to apply. The world doesn't change through complaining. It changes through direct action. Be the courageous hero. If there's no role model, become one. Show up.
[25:19]
Dave Bittner
And while you were referencing diversity in that conversation, I think that applies to just about everything in life, which is it's never easy to be the person to say, I'm going to solve the talent gap. I think the better way. And the thing is getting people together as CISOs, as industry leaders to come together and actually make progress and not do the same thing that we've already been doing for 10, 15 years. Right? But if it matters and if you're passionate about this and from everyone that I have talked to throughout the season and from the people that I've heard over the years, cyber is one of those industries where people are nothing if not passionate about this industry.
[26:01]
Marco Elaise
Amen.
[26:02]
Dave Bittner
Then if you're passionate about this and you're doing it for the right reasons, then yes, while it is exhausting and tiring, it is worthwhile and gives tangible value. Not just yourself, not to just your organization, not to just the neighboring organization, but to the people who are coming in the next 10 years. The people who your customers, who you are guarding their information or who you are protecting their financials, etc, whatever your industry may be, they are valued in this. Outside of just, oh, I gotten a paycheck raise or oh, my industry, my job is secure for another two months or whatever it may be.
[26:34]
Kim Jones
That was Kim Jones, host of CISO Perspectives, in conversation with N2K's Ethan Cook. If you enjoyed their discussion and want full access to the entire season and their full conversation, become a pro member to unlock every episode you hear from us here at the Cyberwire daily, every single day now. We'd love to hear from you. Your voice can help shape the future of N2K networks tell us what matters most to you by completing our annual audience survey. Your insights help us grow to better meet your needs. There's a link to the survey in our show notes. We're collecting your comments through August 31st. Thanks. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus, with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Foreign is AI built for the enterprise soc, fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogel empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C-R-O GL.com and finally, in the crypto world's latest twist of irony, a hacker who nabbed $42 million from GMX's Arbitrum based liquidity pool has decided to turn white hat, returning the loot in Exchange for a $5 million thank you bounty. The RE entrancy attack, a classic smart contract exploit, allowed the attacker to siphon funds before the system caught up. But rather than vanish into digital obscurity, the hacker opted for the Robinhood meets Venmo route. Keep a cut, send the rest back. GMX now has the funds secured in its multisig wallet and is crafting a plan for redistribution. Meanwhile, GMX's token surged over 18% because apparently there's nothing like a good old fashioned heist turned refund to rally the market. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show notes. Please do check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here here tomorrow. Buying more tools won't make you more secure. Continually training your people will. In this episode, Cloud Range co founder and CEO Debbie Gordon shares how real world simulations are transforming readiness in 2025. Because your last line of defense isn't software, it's your team. Tune in now. Your stack depends on it.
[32:47]
Marco Elaise
Hi Kim Jones. Here on CISO Perspectives, we get candid with the thinkers, doers and trailblazers shaping cybersecurity leadership. No scripts, no sales pitches, just real stories and hard earned lessons from folks who've been there. If you're looking to grow as a leader or just want to hear how others are navigating this ever evolving field, listen to CISO Perspectives. It's your seat at the table.