Podcast: Play in new window | Download (Duration: 29:16 — 33.5MB) | Embed
In this week’s episode of the podcast: Joseph Menn’s new book Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World hit store shelves this week. We reprise our March interview with Joe and talk about the origins of CDC. Also: is the talent pipeline for information security empty, or has it sprung a leak? We’re joined by Veracode * CEO Sam King to talk about one of the top problems facing organizations: how to cultivate and keep information security talent.
Joseph Menn’s new book on the seminal hacking group Cult of the Dead Cow was making headlines months before its release, after Menn – a reporter at Reuters – broke the news that presidential candidate Beto O’Rourke was a long standing member of the group. That scoop helped propel Menn’s book to become a top selling cyber security book on Amazon even before it was released. With the book’s release finally here, we’re reprising an interview with did with Joe back in March (episode 138).
The Cult of the Cult of the Dead Cow
In our first segment, Joe and I talk about the origins of CDC in the early days of the Internet in the 1980s and 1990s to the group’s growth and release of the Black Orifice hacking tool in the late 1990s.
Joe tells me that the group’s early incarnations were more creative than technical: a loose gathering of computer enthusiasts exchanging ideas, writing and conversation via online bulletin boards. CDC was consistently irreverent and, even more important, fun and funny. Over time, that drew people to the group: more skilled hackers like Josh Buchbinder (“Sir Dystic”), Peiter Zatko (aka “Mudge”) and Christien Rioux (aka “Dildog”). The addition of new, more skilled members drove CDC’s evolution into a more serious hacking group that produced “Back Orifice,” a remote administration tool for Microsoft Windows that was among the first and most widely used Windows hacking tools.
Solving Infosec’s Pipeline Problem
In our second segment: its common knowledge that there are too few information security workers to meet the needs of our domestic economy or – indeed – the global economy, where the shortage of cyber security pros numbers in the millions. Furthermore, of the information security workers who are available to hire, there is an acute lack of diversity. They’re 50% to 51% of the population, but just 20 percent of information security professionals globally are women. In countries like the U.S., racial and ethnic diversity is also a challenge in the information security space, which can exacerbate conditions for those working in the field.
Episode 85: Supply Chain Attacks and Hacking Diversity with Leon Johnson
But if we look deeper: is the problem that the pipeline of information security talent is empty of women and minorities, or has that pipeline somehow sprung a leak?
Sam King, the Chief Executive Officer of the firm Veracode worries that it may be the latter. King, who rose to the CEO position following Veracode’s recent spin-out from CA, said that often promising information security professionals simply drop out of the field and the workforce because they lack the support of their employer to juggle family and work obligations that are different from those of their male colleagues.
Interview: securing the University using NIST’s Cyber Framework
One of the most prominent female CEOs in an industry dominated by men, King joined me on the floor of the 2019 RSA Conference in San Francisco in March for a wide ranging conversation about her own journey to the corner office and how empathy may be the missing ingredient for many corporations anxious to hold on to talent.
Veracode is a sponsor of The Security Ledger. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.
