CyberWire Daily

Sumedh Thakar, President and CEO of Qualys, a leader in enterprise security and compliance, talks about reframing cybersecurity as business risk management. He outlines creating a Risk Operation Center to drive real remediation. He explores agentic AI as a force multiplier and the need for vendor guardrails and regulatory clarity.

Christy Wyatt, CEO of Absolute Security and endpoint resilience expert, explains why cyber risk is now a business continuity problem. She describes firmware-embedded remediation and rapid device recovery. The conversation covers downtime drivers, Rehydrate Ready activation, AI’s impact on resilience, and practical steps for cross-functional planning and rehearsed recovery.

Sam Rubin, Senior VP at Palo Alto Networks Unit 42, an expert in Iranian threat tactics and incident response. He discusses Iran's shift to identity weaponization and how enterprise admin tools are being abused. Short takes cover supply-chain strategies, containment after outages, and why hardened identity controls matter. Quick, topical, and focused on active threats and defensive priorities.

Ethan Cook, writer and researcher at N2K who helped produce the season, reflects on the cyber talent ecosystem. He shares an outsider’s take on fear vs opportunity in hiring. They debate hands-on training, skills-based hiring, career pathways, diversity, and proposals like state SOCs and regional professional bodies.

Brian Long, CEO and co-founder of Adaptive Security, explains how AI-driven impersonation and deepfake hires create a new identity attack surface. He discusses why fake or remote-only applicants evade controls. Short takes cover HR onboarding gaps, motives of malicious hires, and practical defenses like in-person verification and targeted training.

A product leader recounts a nonlinear career path and how wearing many hats helped him grow. He describes juggling marketing, engineering, sales, and customer retention. There is a focus on continual learning, finding opportunities, and democratizing product security. He emphasizes taking calculated risks to advance and achieve mission-driven goals.

A retrospective stroll through the biggest cyber breaches of the last decade. They revisit Sony, OPM, WannaCry, NotPetya, Equifax and SolarWinds and why those incidents mattered. Discussion covers supply-chain risk, long-term intrusions, the rise of ransomware and why healthcare and genetic data are especially vulnerable.

Omer Ninburg, CTO of Novee Security and vulnerability researcher exploring multi-agent LLMs for scaled PDF hunting. He describes how embedded PDF engines and services can be weaponized. He recounts clever bypasses like SVG/HTML nesting and iframe vectors. He explains training agent swarms to reproduce and scale reliable vulnerability discovery across client and server PDF ecosystems.

Urgent AI workflow vulnerability and a critical PTC Windchill flaw put enterprise systems at risk. Phishing and malware spike linked to Middle East conflict. Google accelerates its post-quantum plans. Alleged RedLine developer faces extradition and long prison time. Pro-Ukraine hacktivists deploy disruptive ransomware in Russia.

A candid look at why relationships between security teams and vendors have become strained. Stories about mismatched incentives, communication gaps, and trust issues. Practical expectations for clearer contracts, honest dialogue, and realistic engagements. A call for mutual respect and better alignment to reshape the cyber ecosystem.