Blake and Cynthia take an in-depth look at the evolving ransomware threat landscape, the interplay between government and private sector in cybersecurity, and the challenges and opportunities presented by new technologies like AI.
Blake and Cynthia take an in-depth look at the evolving ransomware threat landscape, the interplay between government and private sector in cybersecurity, and the challenges and opportunities presented by new technologies like AI.
Timestamps:
[00:00:00] Blake: Hello and welcome to We're In. A podcast that gets inside the brightest minds in cybersecurity. I'm your host, Blake Thompson Heuer, and today I am joined by Cynthia Kaiser, senior Vice President at Anti Ransomware platform provider Halcyon and a former FBI, cybersecurity official.
[00:00:14] Cynthia, thanks so much for joining me.
[00:00:16] Cynthia: Thank you for having me.
[00:00:17] Blake: Now you head up Halcyon's Ransomware Research Center. Uh, and that's got an eye toward sharing and aggregating critical information on the nature of this threat. Uh, what can you tell me about your work there? What's that effort like
[00:00:30] Cynthia: It looks like a lot of building right now. Uh, I'm really excited to be here and, uh, be able to. Build a ransomware research center the way that I think it needs to be after, you know, my many years in the FBI and working with industry, identifying exactly what we can do to make a difference in the lives of everyone is gonna be really fun, and the ability to then build out partnerships from that.
[00:00:58] When I was at the FBII was there pre cybersecurity advisories. So if your listeners know what those are, they're the, you know, documents you get that come out of the US government that say this is a threat. But before kind of that, like 20 19, 20 18 ish period, each agency was doing them separately. FBI was doing its own. DHS was doing its own. And I think, you know, NSA was somewhere out there thinking about doing things public too. And so it took a lot to bring the agencies together to say like, it's much better for one voice. Hey, we have information that we can all help each other with. And now it seems like of like, just matter of course, right?
[00:01:42] Of course. Like why would we do anything else? But it wasn't that way. And so I'm thinking about that and I have a lot of feelings. Like it feels very similar. Now that I'm at Helcyon, I'm thinking about like, okay, how do we approach and get other companies or defenders, experts together and understand and, and figure out those right lines between competitive, collaboration because we have to fix the gaps that are still present. We've gone come a long way. We have a long way to go, and I'm just really excited to be at a place where we can, uh, have the freedom to do a lot of new things. Some of them are gonna work really well.
[00:02:24] Blake: For listeners unfamiliar, I think you, most recently before joining Halcyon, you were deputy assistant director in FBI's cyber Policy Intelligence and engagement branch. What you mentioned about the various agencies, kind of stovepiped almost at a certain point in, in, in the, you know, maybe late 2010s.
[00:02:38] How did you go about kind of trying to concentrate that or, the best, most single source information into the hands of the private sector while you were with FBI, uh, especially when you're talking about intelligence that might not be easy to, you know, declassify or separate from the signals intelligence that it, that it came from.
[00:02:55] How did you get that into the hands of private sector folks to actually, you know, who could actually act on it?
[00:03:00] Cynthia: I remember the first time I had to review and approve something that was going to go out on the internet in public, and it was,
[00:03:10] Blake: Scary moment. Scary.
[00:03:11] Cynthia: It was, it was a, you know, when I came to Cipher division in 2017 and uh, and just being so seized up with like, "God, what if we get certain things wrong? Like there's so much risk here. I don't know how to do this." And we went from the kind of those moments where there were few and far between to almost a a hundred from the FBI la, uh, in, uh, 2024. And it took a lot of conversations. A lot of successes. Like see, having people see like how much of an impact you could have and a lot of culture change across NSA, across FBI, uh, across some of our other IC colleagues to know that the information that they've collected from a, uh, more exquisite source.
[00:04:03] Might then all of a sudden be needed to go out publicly. And I think at first everyone was kind of waited on the, Hey, we have to protect sources at all costs, what do we do? But I think some of the changing nature of the cyber threat also helped us change along with it. So much infrastructure that's used now is disposable.
[00:04:28] By the adversaries. They're not using it for very long. And so that started to change our calculus. And when we could put things out sooner, it's not like we were gonna be able to collect on something for years and years. We were able to put it out now, and that's what was important. And we also got to a point where even if we had maybe more exquisite collection, we could figure out a way then to recreate it in a unclassified way so that we could put it out more publicly.
[00:04:56] We got really creative. And really collaborative. But, uh, I think a lot of this was getting people's minds victim focused. And I think it sounds becomes easy once you're victim focused. Once you're really thinking about what do people need, what do we need to stop the adversary at the source, that then becomes a different conversation that people really welcome and it it's Interesting. It almost kind of started swinging some of the other way you start having these different battles. Uh, battles is the wrong word, right, for friendly conversations. But I remember a time where the FBI had seen some nation state adversaries using a vulnerability to get onto some critical infrastructure, uh, operational technology, uh, networks, but there wasn't, they weren't getting onto great parts of it, right? It was a lot of this kind of more showing you can get onto them or defacement type effort. But we had a lot of conversations across the government. We've already published this vulnerability. So now do we put this out and just say, Hey, Iran's doing it.
[00:06:01] And there were two camps, right? Like we've already said that this is a problem. Um, I'm in the camp of, but people take it more seriously when you find out a nation state's doing it. And so I think, uh, you know, we still had these conversations. They still weren't done because the nature of the threat changed.
[00:06:19] But really you just see everybody from China analysts ran analyst to cybercrime now thinking, oh, next we have to do an advisory, which is amazing and really much better for national history.
[00:06:33] Blake: Thinking back, you know, we laugh about it now. Your comment about pushing out the first kind of public piece of information that was maybe sourced from some of these more sensitive, previously classified environments. It is. It is a really serious step and a really intense thing to do, you know, for those.
[00:06:47] Not coming from the national security space or unfamiliar, you know, the sources and methods, the intelligence collection. This is all really high stake stuff and there are real people involved. There are real, you know, channels of intelligence that can be super valuable tracing to some of these nation states, some of these nasty ransomware actors.
[00:07:03] So, you know, it's no small thing and no small feat. I am glad you mentioned the attribution piece too though of, you know, whether to link it to Iran or China because. I have noticed in the last couple years, you know, ever since, well, last decade plus, ever since the release of Mandiant's, you know, landmark APT One report, it has become this kind of parlor game among, among cybersecurity companies in particular to try to name and shame, right?
[00:07:24] And tie particular countries or part even sometimes individuals behind the keyboard to these, to these, you know, ransomware campaigns and whatnot. How much does that sort of, who don it? Attribution information really matter in your experience. And, uh, you know, if an organization just doesn't want to be the next ransomware victim, do they really care if it's, you know, China or Iran?
[00:07:45] Cynthia: It matters more on the government and cybersecurity company, defender sides for a few different reasons. And I think people get wrapped around the axle even in those areas of, uh, we need to get down to, we don't have attribution. And you find out that what they meant was we don't know the exact individual.
[00:08:06] Okay. Did we need to know that? You do. If you're going to. Uh, charge an individual, but you may only need a country level attribution if you're gonna be talking and putting this out publicly and just warning really quickly. Or you may just need a, say, service level, uh, attribution. By that, I mean this was the Chinese military.
[00:08:32] Or something along those lines. Uh, attrition's really important in the government because it helps the government hold actors accountable. Um, and I don't just mean individuals being charged or even sanctions, but policymakers cannot even discuss potential options for response if they don't have at least some sort of fidelity on who was behind it.
[00:08:53] And that matters for the long-term deterrence of cyber operations, especially, you know, malicious kinda cyber attacks against the US. When you get down to the, a company like Halcyon where we're, you know, trying to, uh, help organizations defend against some of these actors or even down to the net Defender itself, what we really need to know is, how is all of this technically similar because then it helps us defend better. And so sometimes that does mean it's easier if we know it was a certain group versus another. Sometimes, I mean, functionally, it doesn't matter to the customer, it doesn't matter to the victim. They wanna defend, they wanna stop activity, and they could really care less if it's China, Russia, Iran, or ransomware, or maybe I should say they should care less. What we found in the FBI sometimes is you needed to say, Hey, this is, no, seriously, this is being. Used by the adversary. Uh, this is being used by China, it's being used by Iran. Uh, for sometimes people to sit up and take that seriously, which you know, isn't the right perspective because it doesn't matter if it's China, Russia, Iran, or aliens.
[00:10:08] It's going to affect your network no matter what. And uh, just because it's a nefarious military adversary. It also doesn't mean that, uh, criminals aren't the most important, uh, or, or effective or likely attacker on your network. So attribution, I think there's changing nature of it, but what we really have to get down to an industry and government is in the exact moment why. And if we can do why? If we can answer, why is it for understanding TTP is it for understanding our policy options and giving policymakers the ability to do things. Those are completely kinda different tracks and might require different levels of effort.
[00:10:51] Blake: Right. I feel like if I were a CISO, I don't know if I would wanna know if it was a nation state. 'cause then I'd worry my insurer, my cyber insurer might cancel the payout from the ransomware damages if they think it's a, an act of war exclusion or whatnot. But that's a different conversation now. I I that's a, that's a whole nother can of worms.
[00:11:08] We don't need to go down the cyber insurance path. But I, I, I did wanna ask, of course, you knew it was only gonna be a matter of time before we brought up ai, so I'll just drip off the bandaid now and, and ask, uh. I guess from the threat perspective, because I, I've, I've spoken with a lot of, uh, you know, cybersecurity experts on, on this podcast, and many have been, you know, generous enough to share their insight and expertise, and the prevailing thinking is that seems to be that AI is gonna help.
[00:11:31] The offense side, at least in the short term, more than it will defenders who are gonna catch up and try to leverage AI themselves. Um, what are you noticing on the ransomware threat front? How are they leveraging ai, you know, building AI tools maliciously to, to be more effective at scaling up attacks?
[00:11:46] What have you and Halcyon been seeing?
[00:11:49] Cynthia: So I think where we've seen, uh, AI being used and, and I said this when I was back at the FBI as well, is if you kind of look across and you identify the kill chain, all the potential uses the most. Frequent adopters and users, or even people who are just kind of playing around with it. Were China and cyber criminals and so on the cyber crime side in particular, we see a few things now and are watching for a few things in the future.
[00:12:21] Uh, one, which a lot of your listeners are probably well aware of is it makes their lives more believable. Whether that's a phishing campaign that now has a lot better. Language, it maybe is more tailored to something that would be more effective at having you click on it. Uh, the ability to do that more rapidly.
[00:12:45] So phishing attacks are up, just, you know, an incredibly high amount compared to the year before. If you are, uh, looking at all of that, uh, it's just means that the adversaries can try to find new ways to target you. And I'm especially worried about deep fakes and how cyber criminals are using those. To try to compromise networks.
[00:13:12] I think we were also worried as, uh, we were looking at the election in 2024, like, what, what are, what are people gonna use DeepFakes for? Are they gonna try to influence the electorate? And we had all this swirl around this, and I remember I was part of these conversations and what really happened is, is financial fraudsters are using it a lot more. So
[00:13:29] Blake: CFO wire me $20,000. Right. You know,
[00:13:32] Cynthia: yes, exactly. You know? Yeah. Your CEO calls you behind him is the, uh. Vacation home that you've seen him call from before. He normally calls you on whatever messaging app you're talking through and says, Hey, I need you to join, uh, this meeting on the other line. It's urgent. Here's the link. A lot of us would click on that.
[00:13:51] That feels normal. And so, you know, being able to get onto networks in that way, that's the kind of initial access. Once they're on, this is where I start worrying a little more. Uh, they're able to identify patterns across a network and behavior that helps 'em obscure their activity more so knowing which times there's downtime on a network and which times there's more, there's higher level of activity, allows them to be more active during those times.
[00:14:18] Uh, being able to, uh, find the areas that would help them, blind endpoint detection, uh, identify some of those vulnerabilities that might be already on a system. We see them doing that as well and uh, it really kinda just helps them obscure more what they're doing and then. Finally on what we're seeing them do, and then I'll get to what I'm most worried about, uh, is think about how much information is normally taken from a network when data is exfiltrated a lot and people, there used to have to be somebody in backend and maybe they were developing some scripts to go through it, key researching it, but a lot of times it was really hard too.
[00:14:59] PDFs are hard to search. It like mass right there. There's a lot of complications. LLMs were made for this. So being able now to, uh, take a lot off of a network but use an LLM to figure out what the crown jewels are.
[00:15:14] Blake: Yeah, they can really twist the knife a lot easier.
[00:15:16] Cynthia: They can, they can. So I think what we're watching for, and you know, we see some groups claim, but don't necessarily have a lot of, uh, proof on is polymorphic malware. So malware that, um, changes when it's on a network because it sees that it's being detected in some way or makes it not nefarious once it's already there. So you don't have a human involved in changing that. It's just changing naturally. That's what I, that's what keeps me up at night kind of worry.
[00:15:43] Because that's gonna make a lot more difficult to defend. But I, I do think that AI right now is, uh, the advantage to the defender. There's so many cool things you can do with AI from a defensive perspective, you know, Halian does that. We do, we do like behavioral analytics and I've just thought that like a lot of different companies do.
[00:15:59] But like, it's so cool to be able to think about like, not just signatures, but behavior.
[00:16:03] Blake: Yeah.
[00:16:04] Cynthia: And, um, and then there's all these other AI based tools that will also really help defenders as long as they're also putting a lot of, um, security around the. In-house AI tools that they might be building because they're also pulling all of their good data together to build some of these AI tools and it's requires a lot of more security around it.
[00:16:26] So, you know, there is this defender advantage, which I do think is true right now. Um, as long as we continue to, uh, up how good we do, we don't, we're not satisfied.
[00:16:37] Blake: Well, I may just have to kind of recalculate my response there because I'm gonna give your response a little extra weight. Having been with the FBI quite recently, now with literally an anti ransomware platform company, uh, that defenders have the advantage. Okay. Uh, tally won for the Defenders. I can definitely see that being the case with some of the exciting, uh, technologies and tools coming out.
[00:16:59] Cynthia: Fragile advantage is what I would say.
[00:17:01] Blake: So we've won, is what you're saying is what I mean? No, I'm just kidding. Problem solved. No, I I, I would be curious to hear, speaking of problems exactly how. These ransomware actors are getting it. You, you, you mentioned the more realistic phishing emails.
[00:17:14] I feel like that's kind of everybody's mind's eye image of a breach or most people's of like, okay, you get the phishing email, you get them to click the link you're in. Uh, what, what other vectors of, you know, initial breach are you seeing are, are these ransomware attackers taking advantage of known vulnerabilities?
[00:17:29] Are they, um, you know, getting in through supply chain attacks? Um, what, what, what sort of vectors are most prominent nowadays? One
[00:17:38] Cynthia: So the ones that I have us most worried and we see really frequently are being able to abuse or compromise identity or authentication mechanisms. So, uh, being able to gain access to not just kinda credentials that you might buy, right, uh, that somebody's selling on the dark web, but also, uh, being able to exploit single sign-ons.
[00:18:05] Weaker multifactor authentication. If I could give advice to any company right now, it would be to have phishing resistant multifactor authentication. So we see, uh, the ransomware reactors able to, uh, hijack the multifactor authentication processes where it just is a push text, you know, or push call, uh, that's not necessarily good enough anymore.
[00:18:28] Uh, so being able to put that in second is while we still see, uh. Entities and organizations trying to use commonly known vulnerabilities. There's also a huge marketplace for zero days, and you know, these can go for millions and millions of dollars on the dark web if you find them. And you saw in the recent case with the SharePoint vulnerability, the on-premise SharePoint vulnerability where it's, it does, and it, and it seems obvious to me that when the nation state actors appeared like they were gonna be caught. got it quickly to their cyber criminal friends, whether they sold that or not. But they were able to then, then have, uh, conduct ransomware attacks, uh, against some of the same entities. And then, you know, finally it's a little bit supply chain, a little bit, just third party
[00:19:19] Blake: mm-hmm
[00:19:20] Cynthia: entities. So a lot of companies will outsource different types of activities, tick call centers. Well, we've seen some actors like Scattered Spider actually doing the research on individuals in some of these outsourcing companies, finding weaknesses, vulnerabilities in either coercing or paying an individual in that company to provide them with access. It's kinda like a whole new level of like spy and meets cyber crime that, you know, just seems still seems a little crazy to me.
[00:19:55] Uh, and so
[00:19:56] Blake: can make, these are quite lucrative targets once they're through. So it makes sense that if you could bribe somebody in, Hey, why not? That's scary.
[00:20:04] Cynthia: Exactly like the new kind of managed service provider attack. Uh, so those are the three areas that I'd really highlight for any listeners to know and be able to take measures to try to defend against.
[00:20:17] Blake: Hmm. Well I know Halcyon and, and also the sponsor of this podcast Synack, are both in the, kind of more proactive side, like, hopefully, hopefully avoid a breach, kind of, kind of cybersecurity company. That being said, obviously when the, when the badness does happen and ransomware attackers get in, I know the official stance is don't pay. Right? And, and especially at FBI, you know, you don't wanna be seen kind of bankrolling cyber criminal groups or supporting that. Uh, but that being said, when you have certain really critical functions or critical organizations that have been breached, I remember, you know, back in my journalism days when I was reporting on some of these critical infrastructure cybersecurity issues, you'd hear some chatter of, you know, even US officials telling like utilities, Hey, just pay the ransom.
[00:21:03] You know, get back what you need to continue operating. We'll try to investigate blah, blah, blah. Maybe claws some back. Where do you fall on these ransomware payments? Is it a black and white issue? Are there some shades of gray there? And, and, and what are your thoughts?
[00:21:17] Cynthia: You are definitely not black and white, like most things in cyber aren't. I think the FBI's official stance was, we didn't recommend it, but we also understood it was a business decision because like businesses have to make their own calculus themselves. For what, uh, is best for them, like in that time period.
[00:21:35] But I think where we saw our role, and I still see my role now, is to educate about what it means when you do pay and to educate about the risk of paying. So things that aren't evident is, uh, that if you pay, you may get attacked again. You're known then as an organization that's paid a ransom. So these affiliates that are in the ransomware ecosystem, the ones who are basically, you know, purchasing or leasing, uh, the malware to then attack various organizations with, work for more than one ransomware group. And so they've gained access already and they know that you are, you've paid, they might come back and attack you again. There's a lot of instances really in the last few years. Of ransomware groups of, of, of organizations, victim organizations being hit, you know, sometimes two different variants, three different variants in the same weeks. And so if you're known as somebody who pays, you are upping your risk of potentially being, uh, targeted again. Uh, and descriptors don't always work. So all like pe, you know, a corporation might pay and then they receive the decryptor back and I think the average is maybe about 65% of data is restored.
[00:23:00] It's not 100%. And so that can be like really, uh. Frustrating for an entity that did think they were gonna pay and, and get it all back. And, uh, they ended up, uh, not, uh, receiving what they needed. I mean, it shouldn't come as a shock to anybody. Uh, the rights from actors are putting a lot more effort into things that break your, uh, systems than into what fixes it.
[00:23:25] Blake: Yeah, the customer service doesn't strike me as, uh, topnotch. When you have somebody shaking you down, that's probably, if you're counting on that, you're already in a little bit of trouble. You did tell Cyber Scoop once, actually last November, that, uh, quote, "to be the good partner that we need to be, we need to ensure that FBI is also funded to be able to address this expanded attack surface. End quote.
[00:23:46] And obviously that was back when you were still with the FBI and that was before the latest, you know, Department Of Government Efficiency era and all the latest focus on that. Would you say now, especially, you know, looking at it from a, a private sector post, does, does FBI have the resources it needs to keep America safe?
[00:24:04] Cynthia: I think that, uh, the more resources that the FBI has, the more crimes they're going to be able to investigate. But that doesn't necessarily mean that they're hampered from like doing the work to counter the crimes that are the most impactful in the US. And I think you've seen that through just announcement after announcement of, you know, various take downs and charges and operations that have come continue to come. It feels like, you know, once every few weeks or once a week even. And so there's a lot of great work still being done. They're not hampered in their ability to do that. Um, and being able then to like. Like have those internal conversations about where money needs to go. I mean, I think that the FBI is well positioned to have hard, difficult conversations about if they have less as a bureau, what's the most important thing to do for national security?
[00:24:59] And I think there's a lot of awareness that cyber is incredibly important to continue to do, to continue to be worked. And, uh, from my end, I would not anticipate, uh, their. Being a, uh, just a falling off of, of what the FBI can do. But I do think that it's important for policymakers to remember that the more threat threats increase.
[00:25:24] You, you do have to think, look at like how do you continue to increase the budgets of all of the organizations that are doing this work? How do you continue to ensure you give money through state and local grants for their cybersecurity to defend against as well and bring it all together? Because it's a system like not one agency could be funded against the rest, and that it's fine.
[00:25:46] Like we have to make sure that it's a priority for funding policymaking. Effort across industry and government. Mm-hmm.
[00:25:56] Blake: No, that's a, that's a good point. I'm glad you also mentioned the state and local angle, because I feel like they get left outta the conversation too much when, you know, maybe they can't afford the shiny new cybersecurity tool, but hey, they're, you know, providing critical services for, for real people, for Americans, and, and absolutely need to be protected too and get some of this intel.
[00:26:14] Is that something that you'll be looking at with Halcyon, with the ransomware research center? Is some of this, some of your findings? Are these gonna be available? Like what will that. Um, level of coordination with some of these sled or smaller organizations look like
[00:26:28] Cynthia: I am really excited to continue the work that I've done for years with state and locals. I mean, they're just some of my favorite like, uh, network defenders to. Be working with, and all of these public servants who've chosen, uh, to have these jobs and these small to protect their communities, to protect their friends and family.
[00:26:47] I, it's, you know, it's just amazing to see what they can do sometimes on a shoestring budget, uh, that really make good choices. I'm really excited to be able to, uh, continue to work with them on the, you know, defensive side, like what does that defense look like, but also on the, like, what does good policy look like?
[00:27:07] At a state level, so at the Ransomware Research Center, we are going to have an element of. Collaboration and analysis to help create some data-driven policy solutions and analysis. And my hope is that a lot of that can be state focused because right now they will benefit just so greatly from. Uh, the assistance that industry can provide on best practices and kinda where the threat is now, and, and making sure that, you know, as some of that responsibility shifts from DC out to them, that they have the right information and are equipped to be able to, uh, address these huge problems.
[00:27:55] Blake: Yeah. Well, just a couple more questions and, and then, and then I'll let you get back to fighting ransomware. Um, I, of course, when you were with FBI, the Justice Department has the authority to bring indictments. You, you mentioned them earlier, this kind of steady drumbeat of, Hey, we're making it hard for, uh, ransomware actors.
[00:28:10] Even if they reside in countries that lack extradition treaties with the us, they're, they're gonna feel it. They're not gonna be able to go vacation somewhere, allied, or, you know, maybe they'll worry and look over their shoulder for the rest of their lives in some cases. Uh, has there been an adjustment at Halcyon?
[00:28:24] You're not quite able to hack back, or you don't really have the authority to, to stop some of these actors at the source, so to speak? Uh, how, how's that been?
[00:28:33] Cynthia: You know, uh, I get asked this question a lot, including by my former colleagues at the FBI, and my answer even surprises me is that I don't feel like my job's that much different every day. Uh, being able to identify the tactics that adversaries are using and then get that out publicly, get them to cut back to customers, that's an element of disruption that I've always felt really strong and passionate about, and I get to do that now.
[00:28:59] I think the, you know. Differences are ones that, uh, show the two different sides of how you counter adversaries in the space. And that's one of the reasons I was excited to do the transition from government to industry is on the government side, you're really focused on holding actors accountable to deterrence.
[00:29:19] You know, what you can do to ensure that these actors have like less incentive to continue to target Americans, but. Within that kind of, you know, focus on the actors. How do we counter them? What do we do to them? There's always been a, there's a defensive element to that. And now on industry side, I get to be on the defensive side.
[00:29:41] And I will say, I mean, there's a, like, I think a probably larger scalability on some of the defense of blocking these actors, uh, overall on an everyday basis. And that to me is also exciting component. So I feel like the best practitioners in our industry do both. They go to industry and they do government.
[00:30:01] Um, you understand each other better. You know what each other need. I think the idea that now from my bench here, I'm going to be able to support partner with the government, uh, and give them information if, if helpful for their own efforts and still be able to help just every day organizations. Uh, I I'm excited.
[00:30:25] I'm excited. I'm excited about both. I've always loved, uh, my job at the FBI, I'm gonna, I think I'm gonna love it here too. Uh, just, it's a great industry. It's a great mission.
[00:30:34] Blake: Yeah, absolutely. And I think that the attitude too, and this is shared, I think just about any organization cyber, there's kind of a rising tide lifts all boats mentality, which I, I've certainly appreciated personally as well. Now, last question, and it's one that we ask all of our guests on the war in podcast, which is what's something that we wouldn't know about you Cynthia, just by looking at your probably fairly buttoned up link LinkedIn profile.
[00:30:57] Cynthia: It's, it's a lot less buttoned up now, and I'm
[00:30:59] Blake: That's true. That's fair. Yeah.
[00:31:02] Cynthia: Um, you know. I actually did a lot, spent a lot of my career not as a cyber analyst, but as a, uh, WMD analyst. So I was in kinda North Korea analyst by trade and as North Korea analysts, do you end up, you know, somehow getting into the zone of, uh, missiles, nuclear weapons, those kind of things.
[00:31:25] And I, I say that because I ended up hiring at the FBI, a lot of people out of. Uh, the kind of WMD work and end into cyber because they made great cyber. Uh, analysts, you know, they'd already taken the time to learn how to make the technical relatable. Like they were doing technical analysis and there's a lot of skills that were transferable and, uh, and so I think we were, you know, we used to joke, you know, we might be the only.
[00:31:56] Cyber team that could also build a WMD, but, uh, uh, but like, I think you know, it, it's a good, like, it's a good thought though, like, and I, I like telling the story because, you know, it's so hard sometimes to find great people in cyber and to figure out like how people can transition over. And it's really thinking about people who are in any technical discipline.
[00:32:16] We can, you know, bring them on board and, and make them part of, you know, what really is the national security challenge
[00:32:22] Blake: Starting to understand why the, why the US government banged on that cyber deterrence drum so hard over the last couple years. This was your team, wasn't it? Talking about deterrence and weapons of mass cyber destruction. Well, thank you so much for joining me again, Cynthia. Really appreciate it. And uh, great conversation and uh, good luck out there.
[00:32:38] Cynthia: Thank you. It was a pleasure being here.