ESW #267 – Tim Cathcart, & Steven Turner
Full Audio
View Show IndexSegments
1. Breaking into Cyber – Perspective from a High School – Tim Cathcart – ESW #267
High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Guest
Dr Cathcart has a Ph.D. from Virginia Tech; masters from Lincoln Memorial University, National Defense University, University of Alaska Fairbanks, and University of Alaska Anchorage; and his undergrad is also from the University of Alaska Anchorage. In addition, he has an Associates degree from the Community College of the Air Force. He has industry certifications from PMI as a Project Management Professional; and CompTIA’s ITF+, A+ and Security+ cyber-related certifications.
Dr. Cathcart retired from the Air Force in 2017 after nearly 32 years in uniform, as both enlisted and officer. He served in a variety of assignments to include the Joint Chiefs of Staff, Headquarters Air Force, National Guard Bureau, command, and operational positions. Currently, he teaches Mathematics, Cybersecurity, and Computer Science classes at Bearden High School, Knoxville, TN.
Hosts
2. Clearing the Air on Zero Trust – Steven Turner – ESW #267
Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because: 1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc) 2. a vendor is using 'zero trust' as a metaphor (small z, small t) 3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t) 4. the CMO said it needs to be somewhere on the website for SEO 5. someone told a founder to put it in the sales and/or pitch deck
Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend.
Segment Resources: - NIST SP 800-207 - https://csrc.nist.gov/publications/detail/sp/800-207/final - UK NCSC ZT Guidance - https://github.com/ukncsc/zero-trust-architecture - USA CISA/OMB ZT Guidance - https://zerotrust.cyber.gov/ - DOD ZT Reference Architecture -https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZTRAv1.1(U)_Mar21.pdf - Microsoft ZT Guidance - https://docs.microsoft.com/en-us/security/zero-trust/
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Steve is a security architect at Microsoft. He started his career through trial by fire that is MSP life. He pivoted to securing everything from waste facilities and transportation infrastructure to huge financial services organizations, and even mixed in some industry analysis in for good measure. He’s passionate about coming up with security solutions that make colleagues happy and bad actors cry.
Hosts
3. Zimperium, Crypto Heists, NPM Attack, $11B For CyberSec, & a Threat to SPACs – ESW #267
In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: TokenEx Raises $100M in Series B Funding$100M Series B, led by K1 Investment Management. Tokenization isn't new to market and is often associated with the CASB market, though it can be considered a standalone technology. It's certainly a useful approach: instead of exposing sensitive data to risk, you replace it with a token. In the (often rare, depending on use case) case someone needs to view the actual sensitive element, they can do that in a more protected manner through a different workflow.
- 2. FUNDING: Cyera raises $56 million Series A for cloud data security platformSure, let's call the company Cyera, it's only one letter different from Cyvera, which PANW acquired for $200M in 2014. No one remembers that. Funding "led by Sequoia Capital, alongside Accel, and Cyberstarts. René Bonvanie, CMO Emeritus of Palo Alto Networks, also participated in the financing and joined the board, with Armis Security co-founders Yevgeny Dibrov and Nadir Izrael also taking part." Sounds like it aligns with what we're seeing advertised as "Data Security Posture Management". There aren't a whole lot of tools in the cloud that discover, categorize, and track what data is being used or stored where, which is the gap Cyera is looking to fill.
- 3. FUNDING: Compliance and security startup Theta Lake raises $50M for commercial expansion – SiliconANGLE$50M Series B, Led by Battery Ventures with Lightspeed Venture Partners, Neotribe Ventures, Cisco Investments, RingCentral Ventures, Salesforce Ventures and Zoom Video Communications Inc. also participating. Including the new funding, The company has raised more than $70 million to date. Theta Lake is a data security vendor that uses NLP and other techniques to detect security and compliance issues across data that isn't typically well analyzed or tracked (voice, video, chat, email, documents). Integrates with collaboration tools, comms tools, meeting software, etc
- 4. FUNDING: Cyberpion raises $27M Series A for its external attack surface management platform – TechCrunch$27M Series A, led by US Venture Partners with existing investors Team8 and Hyperwise participating. Cyberpion is an external attack surface management (EASM) tool. The only differentiator I'm seeing between this and other EASM tools is that, if they spot a subdomain takeover risk, it sounds like they're saying that they'll go ahead and do the takeover so no one else can.
- 5. FUNDING: Wing Security launches its end-to-end SaaS security platform, raises $26M – TechCrunch$20M Series A led by GGV Capital (the other $6M was the seed round). Claims to automatically discover, monitor, and automatically remediate security issues related to 3rd party SaaS tools in use by employees.
- 6. FUNDING: Cloaked raises $25M Series A – TechCrunch$25M Series A, co-led by Lux Capital and Human Capital. Founded by the sartorially-aware Bhatnagar brothers, Cloaked appears to be a B2C going after the privacy market by generating fake identities with throwaway email addresses and phone numbers.
- 7. FUNDING: Nucleus Security generates $20M for unified vulnerability managementThis is a $20M Series B, led by Lead Edge Capital. Nucleus seems to be going after the vulnerability prioritization market, along side Cisco-acquired Kenna and remediation-pivoted Vulcan Cyber. A bit late to market, I couldn't find any real differentiators on their website.
- 8. FUNDING: Clear Skye lands $14M to simplify identity governance on ServiceNow
- 9. FUNDING: Cybersecurity Startup Hackuity Emerges Out of Stealth With a €12M funding
- 10. FUNDING: Skiff bags $10.5M to build private/collaborative workspaces – TechCrunch
- 11. FUNDING: Apono raises $5 million Seed round for permissions management platform
- 12. FUNDING: Cleveland Inno – AgileBlue raises $3M, adds Tribeca ESP as investor
- 13. FUNDING: Secfense raises $2 million in its next investment round
- 14. ACQUISITIONS: Mobile security firm Zimperium to be acquired by Steven Mnuchin’s private equity group
- 15. TRENDS: Startup Self-Repricing as a Recruiting Tool by @ttunguz
- 16. SUPPLY CHAIN: Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
- 17. THREATS: A Beautiful Factory for Malicious Packages
- 18. THREATS: Pwning Microsoft Azure Defender for IoT
- 19. BREACHES: Hackers Steal About $600 Million in One of the Biggest Crypto Heists
- 20. BREACHES: Philip Stafford on Twitter – “Just the six days to notice $600m had gone”
- 21. FEDERAL: White House Proposes $10.9 Billion Budget for Cybersecurity
- 22. REGULATIONS: PCI DSS 4.0 – The Ultimate Guide
- 23. REGULATIONS: SPAC crackdown: SEC proposes new rules stripping its advantages over traditional IPOs
- 24. NEW PRODUCT: F8th Inc."Protects against account and session takeovers, web bots, and insider threats". Pronounced "faith"??
- 25. NEW PRODUCT: SandboxAQ Launches with Prominent Investors Including T. Rowe Price, Eric Schmidt, Breyer Capital, Guggenheim Partners and Thomas Tull, and Customers Including Vodafone Business, Mt. Sinai Health System and Wix
- 26. NEW PRODUCT: Threat Jammer. Risk assessment for your peace of mind
- 27. NEW PRODUCT: Bandura Cyber relaunches as ThreatBlockr with a new solution to block malicious network traffic – Genre Lyrics
- 28. SQUIRREL: Dyson’s bizarre new headphones have a built-in air purifierhttps://www.theverge.com/2022/3/30/23000577/dyson-zone-noise-cancellation-headphones-built-in-air-purifier