A

You're listening to the Cyberwire Network powered by N2K. Are you ready for AI in cybersecurity? Demand for these skills is growing exponentially for cybersecurity professionals. It's why CompTIA, the largest vendor neutral certification authority, is developing SEC AI Plus. It's their first ever AI certification focused on artificial intelligence and cybersecurity and is designed to help mid career cybersecurity professionals demonstrate their competencies with AI tools. And that's why N2K's SEC AI practice exam is coming out this year to help you prepare for the certification release in 2026. To find out more about this new credential and how N2K can help you prepare today, check out our blog@certify.cybervista.net blog and thanks.

B

And now a word from our sponsor the Johns Hopkins University Information Security Institute is seeking qualified applicants for its innovative Master of Science in Security Informatics degree program. Study alongside world class interdisciplinary experts and gain unparalleled educational research and professional experience in information security and assurance. Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy program, which covers tuition, textbooks and a laptop, as well as providing a $34,000 additional annual stipend. Apply for the fall 2026 semester and for this scholarship by February 28th. Learn more at CS JHU. Edu MSSI.

C

The word is policy orchest spelled policy as in a set of rules adopted across an organization and orchestration as in an automated series of processes to configure, coordinate and manage computer systems, data or software Definition the deployment of rules to the security stack across all Data Islands, Cloud SaaS, applications, data centers, and mobile devices designed to manifest an organization's cybersecurity First Principle Strategies of zero trust intrusion, kill chain prevention, resilience and risk forecasting. Example Sentence if we can make policy orchestration work at the application, at the platform, at the data and the network level, we then its applicability is going to be exponentially more valuable to everyone. Origin and Context in the early Internet days, say the late 1990s, orchestration wasn't a problem. We only had three tools in the security stack firewalls, intrusion detection systems, and antivirus systems. When we wanted to make a policy change, we manually logged into each tool and made the change. Fast Forward to the 2000 and 20s and our environments have morphed into enormously complex system of systems deployed across multiple data islands. Orchestrating the security stack for our first principle Strategies across all those data islands in some consistent manner with velocity is really hard to do compared to the early days. Truth be told, most of us don't do it that well. The goal of policy orchestration is to have one place to configure security policies for our first principle strategies so that we can deploy prevention and detection controls automatically to every tool in the security stack residing on every data island efficiently and quickly. We want the deployment of these detection and prevention controls to be finished in minutes to hours after setting the policy, not days to weeks to in many situations today, never. There are many potential tactics that infosec programs might use to accomplish this. They might incorporate policy orchestration into their DevSecOps process. They might install a commercial orchestration platform. They might use their own SOAR tool or security orchestration, automation and response. Or they may decide to outsource the task to a SASE vendor, Secure Access Service Edge or or an SSE vendor SASE minus the SD wan. Regardless of the approach, policy orchestration is a key and essential task that all InfoSet programs must master. Nerd Reference In a webinar in 2018, David Monahan from EMA Research explains the benefit of security policy orchestration and automation, or spoa, in one specific use case. Configuring the same policy on two different Vendor Firewalls One of the true advantages.

D

Of looking at security policy automation is the ability to standardize firewall policies across multiple vendors and being able to deploy those policies and manage them right. So you don't have to worry about using multiple GUIs to deploy one on a particular vendor and then a different GUI on another vendor. You can use a single management capability to deploy them across multiple vendors and still standardize those. So that's also a big advantage of security policy orchestration and automation in being able to help manage those firewalls when you have a heterogeneity environment.

C

Wordnotes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrick and me, Rick Howard. The mix, sound, design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening.

B

What's your 2am security worry? Is it do I have the right controls in place? Maybe Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally, get back to sleep. Get started@vanta.com cyber that's v a n t a dot com cyber cyber innovation day is the premier event for cyber startups, researchers and top VC firms building trust into tomorrow's digital world world. Kick off the day with unfiltered insights and panels on securing tomorrow's technology. In the afternoon, the 8th annual DataTribe Challenge takes center stage as elite startups pitch for exposure, acceleration and funding. The Innovation Expo runs all day, connecting founders, investors and researchers around breakthroughs in cybersecurity. It all happens November 4th in Washington, DC. Discover the startups building the future of cyber. Learn more at CID datatribe. Com.