Kevin McGee (10:09)

Foreign.

Dave Bittner (10:21)

Testing is resource intensive, slow and expensive, providing only a point in time snapshot of your application's security, leaving it vulnerable between development cycles. Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities. Outpost 24's continuous pen testing as a service solution offers year round protection with recurring manual penetration testing conducted by Crest certified pen testers, allowing you to stay ahead of threats and ensure your web applications are always secure. And now a word from our sponsor Black Kite. If third party risk is keeping keeping you up at night, you're not alone. It's a constant battle. Black Kite's third party cyber risk platform is built on real world threat intelligence straight from their research team's ongoing breach analysis, dark web monitoring and attacker tactics. That means you get a hacker's eye view of your supply chain to proactively spot risks. And speaking of research, they just dropped their 2025 third party breach report breaking down last year's biggest trends and what's coming next. Grab the report now at www.blackkite.com.

Maria Vermazes (11:59)

Kevin McGee was at the RSA conference this past week as our intern gathering Kevin on the street interviews and today he's closing out RSAC 2025 with a high energy medley of interviews straight from the show floor from some of cybersecurity standout voices. Here are his conversations.

Christopher Sim (12:15)

Christopher Sim and I'm the CTO at Bulletproof, so we are in the managed security services provider space. So looking after customers for all their services need pretty much your full IT shop, helping them from their implementation, incident response monitoring and detection of their cybersecurity needs.

Kevin McGee (12:33)

So what are you hoping to see at RSA as the new products, new technologies make connections. What's, what's your goal here?

Christopher Sim (12:39)

I would say a bit of networking and seeing all the new AI advancements and that's a huge buzzword that's going around the industry over the past few years. But the advancements on large language models and how that can actually help cybersecurity and us as defenders in the space is going to be a game changer for me.

Kevin McGee (12:54)

So you're the CTO of an mssp, so your job is not just to build the technology for your company but also help other customers. It's a big responsibility. What do you think you're going to see here at the show that'll help you do your job better and serve your customers better.

Christopher Sim (13:09)

I'm looking for a lot of the integration pieces. How can we solve the pain points for us as a service provider as well as our customers to bring to be able to consolidate all of the threats that are happening, be able to make our tools work better together. Because believe it or not, there's a lot of third party tools that are not talking together. And if we, if that can start to change, whether it's through agents in some way or form, depending which providers is making them, then that could help our customers and us be able to resolve all of our challenges.

Chase Cunningham (13:41)

Dr. Chase Cunningham title is Dr. Zero Trust and company is Dr. Zero Trust. And that's me.

Kevin McGee (13:47)

Awesome. We're sitting at the Cybersecurity Canon Breakfast and you've got a book coming out at rsa.

Chase Cunningham (13:53)

Yeah, I've got two of them that just dropped this month. One is the sequel to my Gabriel novel called Variable and the other one is a book about the stock market impact of breaches called Buy the Breach.

Kevin McGee (14:02)

That's pretty fascinating. Where did you come up with that title or where did you come up with that concept from?

Chase Cunningham (14:07)

I was just looking at the data and seeing that there was a trend and how things were affecting company stock values when a breach did occur. And to me, I was just as a former analyst or current analyst, I guess I was just like, there's got to be something to this. And I did 10 years worth of data research and sure enough, there's a very clear trend.

Kevin McGee (14:26)

So what's the big themes you think will be at the show this year?

Chase Cunningham (14:29)

Well, I'm pretty sure we're going to see a lot of AI. I'm pretty sure we're going to see a lot of SOC sort of stuff. And then I think we're also going to see a lot of MSP work.

Kevin McGee (14:38)

Awesome. And you've got a session?

Chase Cunningham (14:40)

Yeah, I'm doing zero trust and 5G and then I also have two book signings as well, so it's going to be busy.

Kevin McGee (14:47)

Fantastic. Thanks, Philip.

Helen Patton (14:49)

Hey, I'm Helen Patton. I'm a cybersecurity advisor currently with Cisco.

Kevin McGee (14:52)

We're at the Cybersecurity Canon Breakfast. It's a great show at 7am on day one. So tell me about the Cybersecurity Canon and what you're doing at rsa.

Maria Vermazes (15:02)

Sure.

Helen Patton (15:02)

So the Cyber Security Cannon project has actually been around for about 10 years and the goal of the project is to share cyber wisdom with the community. So we have a whole bunch of people who are security OGs who read books and write reviews and then hopefully the rest of the community can learn from them and know what to read and what they can avoid. So that's what we do. So while I'm here at the conference this year, I'm interested to know what wisdom looks like. I want to know what wisdom looks like around AI. I want to know what it looks like around geopolitical things. And I'm just interested in hearing what people are thinking thinking and how they're approaching that for their security programs.

Kevin McGee (15:43)

So many of the committee members have books at the bookstore and the cyber security canon will have volunteers at the concierge at the bookstore. So tell me about that.

Helen Patton (15:51)

Yeah, for sure. So the cyber canon has a bookshelf at the bookstore that gives you everyone who's made it into the hall of fame. So if you really quickly want to go in there and know that you're getting a good book that's worth reading, you just go straight to that bookstore store, that bookshelf. And we have committee members who are there to help you think about what you might want to read. So that happens as well. So we're super excited to be here. The bookstore has been a great partner for us.

Kevin McGee (16:16)

And you've got a book in the works. Can you tell me about that?

Helen Patton (16:19)

Yeah, I do. So Josiah Dykstra and I are co writing a book and it's for people who want to get into cyber security who are already mid career in some other security in some other non security profession. So we know there's a lot of people making it through college and right at the bottom of the funnel. But there's not a lot of resources out there for people who just want to switch. So career switches and it will come out later this year. So excited about that.

Kevin McGee (16:47)

That's an area bringing new people into the profession and young people and diversity to our profession has been a real hallmark of your career. Can you tell me more about that?

Helen Patton (16:56)

Yeah, sure. So I was lucky enough to be the CISO at the Ohio State University for eight years. And when you work at a university, you spend a lot of time thinking about what are we training our young people and what does that mean for their future career. And really when I started my career, we didn't have any sort of structured way of training people to come into cybersecurity. So I've spent my career trying to help academics understand how professional operators think and also help professional operators think how academics think and try and translate that. And it's been rewarding and frustrating all at the same time.

Kevin McGee (17:33)

Wonderful. Thank you very much.

Jeremy Vaughn (17:35)

Jeremy Vaughn with Startleft Security and I am the CEO and co founder.

Kevin McGee (17:42)

So how was your trip here?

Jeremy Vaughn (17:44)

Man? I am exhausted. But it is Sunday. Even though I'm exhausted, I'm fired up.

Kevin McGee (17:50)

What you been doing here since you got here?

Jeremy Vaughn (17:53)

I have been mingling. I've already been to two meetings before this and then I had a another event with the investment management group and then I'm here at the Microsoft event.

Kevin McGee (18:04)

Start Left. Coolest name. Tell me what it is. What do you do?

Jeremy Vaughn (18:08)

Star Left it is. You cannot get any further left than people. So in security we always forget about people. I think we've been doing cybersecurity for wrong for 25 years. That's what we're solving is we're solving the challenges at the core, empowering developers and helping this shift left movement actually succeed.

Kevin McGee (18:31)

Awesome. So what do you think the big themes of the show are going to be?

Jeremy Vaughn (18:35)

Well, I'd be remiss if I didn't say AI. I mean I'm on an AI panel but no AI. How do you secure AI? How AI is going to impact business in the future and just a lot of what happens with security when AI is introduced into an organization I think is going to be super huge topics.

Kevin McGee (18:58)

Any sessions you're looking forward to?

Jeremy Vaughn (19:01)

I am looking forward to learning about AI and what all cybersecurity actually hackers, what hackers are saying how they're looking at AI, how they're going to manipulate how businesses are using AI.

Kevin McGee (19:18)

Now you are a non technical founder. Do I get it right?

Jeremy Vaughn (19:23)

I am non technical. That has kind of become technical because I've sat with a super engineers for the last 20 years.

Kevin McGee (19:35)

How many RSAs have you done?

Jeremy Vaughn (19:36)

How many what?

Kevin McGee (19:37)

How many RSAs have you done, oh this is.

Jeremy Vaughn (19:39)

This is my third RSI. Yeah, maybe fourth. They all blend together.

Kevin McGee (19:46)

Anything else you want to leave for last thoughts?

Jeremy Vaughn (19:50)

I'm here. I'm really excited about the Microsoft partnership and what we're doing with Microsoft. But on the other side of that just really looking forward to meeting other partners and talking about Star Left and showing people our value.

Kevin McGee (20:07)

Awesome. Thank you sir.

Jeremy Vaughn (20:08)

Thank you.

Vika Schneider (20:09)

Hey.

Kevin McGee (20:09)

Hi everyone. My name is Vika Schneider. I'm the CEO of the and co founder of Pint. Pint is an expert in application security and I'm excited to be here in RSA and talking to you.

Kevin McGee (20:20)

Awesome. Do you have a long trip to get here?

Kevin McGee (20:22)

Very long to be honest. I came from Israel usually as startup you Spend your life between us and Israel, especially in cyber security startup. Yeah, long trip. Long trip. Like 24 hours.

Kevin McGee (20:32)

Well, you're jet lag. You just got here. What do you think the theme for this week is going to be?

Kevin McGee (20:37)

So, you know, I'm always energized. I'm not that jet lag. I think the theme of RSA will be this year, probably sticking stones. No, I'm joking. It will be an AI. AI. I think it's very, I think it's, it's like twofold AI. One, you know, how you leverage AI for security and how you're doing security for AI. So I think we'll see a bunch of those all over rsa and I'm excited to be part of it and appreciate you, Kevin, of, you know, taking that small note here.

Kevin McGee (21:07)

Awesome. Great to see you. We'll see you around this week. Thank you.

Maria Vermazes (21:10)

That was Kevin McGee reporting from the RSA conference show floor where he caught up with some of the industry's leading voices. Want to dive deeper into those conversations? Well, you can find all his guests linked in the show notes for you.

Dave Bittner (21:36)

Let's be real. Navigating security compliance can feel like assembling IKEA furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you've done it right. That's where Vanta comes in. Vanta is a trust management platform that automates up to 90% of the work for frameworks like SoC2, ISO 27001 and HIPAA, getting you audit ready in weeks, not months, whether you're a founder, an engineer, or managing IT and security. For the first time, Vanta helps you prove your security posture without taking over your Life. More than 10,000 companies, including names like Atlassian and Quora Trust Vanta to monitor compliance, streamline risk, and speed up security reviews by up to five times. And the roi? A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get $1,000 off vanta@vanta.com cyber that's v a n t a dot com.

Maria Vermazes (22:59)

This past week we were joined on the RSAC floor in San Francisco by our partner, Kevin McGee, and he's the Global Director of Cybersecurity Startups at Microsoft for Startups. And he was stepping into the role of our honorary intern. And Kevin hit up the show floor to gather insights and interviews with industry leaders. And all of them have been featured right here as RSAC wraps up, Kevin shares his reflections on the conversations that stood out and the key themes that he observed throughout the week. Here's Kevin.

Vika Schneider (23:28)

Kevin McGee here. Normally, I'm the Global Director of Cybersecurity for Microsoft for Startups, but this week I'm just Kevin, the intern for the Cyber Wire, bringing you another update from the always loud, always packed halls, expo floors, and trying to social engineer my way into the after parties of RSAC 2025. Let's start with the obvious. Yes, RSA is big. It's loud, it's gaudy, it's obnoxious, it's, let's just say, vendor heavy. But everything is so expensive. Just attending should come with massive stock options, grants. But someone said something to me this week that really stuck. What is RSA? It's like 40,000 of us, defenders, colleagues and cyber friends all just happen to show up in San Francisco at the same time. And honestly, that's what it feels like. You bump into friends you haven't seen in years, on sidewalks, in the coffee shop, in a hallway. You run into folks you only know from their much younger and filtered looking social media profiles. Yeah, you all do it. We're onto you. You get to meet the people behind the newsletters, the podcasts, the blogs, the news stories. And maybe, if you're lucky, you get to grab a selfie with someone like super famous, maybe Dave Bibonary. This year the themes were loud and clear. It's goats. More on that later. And of course, agentic AI. But what does agentic AI mean? Well, ask 40,000 people like I did and you'll get 40,000 different answers like I did. But as we shift into the final days of rsa, the conversations are starting to move beyond the hype and are starting to get real. Yes, there are a ton of abstract buzzwords, architecture, future gazing, and just plain bizarre ideas pulsing through this conference. But as the week goes on, I'm starting to have a really different approach to the conversations that I'm having. It's more operational reality and tactical implementation, moving from concept to context. We're not just talking about AI agents doing security tasks. We started to dive into conversations like what they should be doing, what they should be trusted with, how to govern their decisions, where humans must stay in the loop. It's not quite just hype anymore, but we've got a lot of homework to do in this area now. I like to spend as much of my RSA time as I can with startups, and I can tell you it's tough out there. For them at these big shows, they've poured their heart and soul into their products, they've maxed out their travel budgets to be here and now they've got a tiny booth at the back of the expo while a company with a goat petting zoo. Yes, it really happened. If you're there and you know, you know is giving away drones two aisles over. If you're here and something catches your eye, stop and talk to the founder. Ask them what they're building and why it matters, and you'll also get a look into the future and see what's coming down the pipeline. This year. There's a lot of talk about consolidation, but I don't think innovation's going anywhere. In fact, I think we're seeing more creativity and innovation than ever. Along with all the AI hype, I'm seeing thousands of new startups launch, many that will be occupying the big booth real estate in the years to come. So wrapping up every year, RSA comes up and I wonder, do I really want to go? All that travel, the meetings I'll miss, the emails that'll pile up, but every time I come, I leave with the same feeling. I'm so glad I did, because for all the noise, all the chaos and all the goats, there's something here that reminds me why I love this industry. It's the people, the purpose, the defenders who show up. All of you have big responsibilities, important missions and difficult jobs. It's nice to see the community come together. Not just to learn, network, collect swag and meet Dave Buettner, but also have some fun. So that's a wrap. I'm Kevin McGee, Kevin the intern, turning in my highly sophisticated and expensive voice capture equipment with the tape over the buttons I'm not allowed to press, and headed home for another successful rsac. See y'all next year. Anyone want a share ride to the airport? This search pricing is ridiculous.

Maria Vermazes (27:24)

You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Sygenta Co Founder FC about making the leap from hacker to entrepreneur. Then speak with three Microsoft for Startups members, Matthew Chiodi of Serby, Travis Howerton of Reg Scale and Carl Mattson of Endor Labs. Whether you're building your own startup or just love a good innovation story, be sure to listen in. And that's the Cyber Wire for links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out our research Saturday Tomorrow this week, Dave sits down with Shaked Reiner, principal security researcher at Cyberark, who is discussing their research on agents under attack. Threat Modeling Agentic AI That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com N2K Senior Producer is Alice Carruth. Our Cyber Wire producer is Liz Stokes. We are mixed by Trey Hester with original music and sound design by Elliot Piltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Maria Vermazes in for Dave Buettner. Thanks for listening. Have a fantastic weekend.

Dave Bittner (30:02)

What's the common denominator in security incidents, escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra, ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to SpectorOps IO today to learn more. Spectrops see your attack paths the way adversaries do.