45 billion cyberattacks a day?! Media myths and working in cybersecurity

Chris Sienko: 0:00

Today on CyberWork, ken Weston of Panther Labs has a bit of fact-checking he wants to do on some of the text stories we read in the papers every day. Does JPMorgan really get 45 billion cyber attacks per day? Really, are there other factors in this number that aren't being emphasized in the interest of chasing panic clicks? Ken and I talk about responsible ways to cover big security stories in the news, ways that each of us can become cyber fact-checkers and advocates, and Ken tells me about how his personal interests have turned into the creation of some very, very cool anti-theft tools. You can hear me audibly blown away by one in particular, so I'll be able to check that out. All this and more career advice today on CyberWork Music playing Well. Welcome to this week's episode of the CyberWork with Infosec Podcast. Each week, we talk with a different industry thought leader about cybersecurity trends, the way that these trends affect the work of Infosec professionals while offering tips for breaking in, and the way that these trends are being developed.

Ken Westin: 1:47

Hi Chris, thanks for having me. I appreciate it. I'm a big fan of yours. I got really interested in website development. I got interested in Subscript for endroit and founder of Bitube in turned it in for good, so taking cybercriminal code things like that and using it for theft recovery purposes, and that's how I kind of got into kind of the offensive side of security, and even as a small startup. And I ended up unveiling organized crime groups, worked very closely with law enforcement, got very involved in OSN or open source intelligence, where I would help with them with a lot of these investigations, unveiling people's identities, things like that. So really got deep into the investigation side. Then I went to go work at a company called Tripwire where I was sort of the right hand to the CTO. I really liked the investigation side of things. And then I got invited to come work at Splunk, which was really great for me. I was already using the tool. I loved it, particularly for, you know, ingesting data sources. You're really not sure what the fields are going to be in relevant things like that. So I ended up being one of the first security specialists because I just started getting moved into the security market, which was sort of a modern take on SIM and then sort of been sticking with the data platform ever since worked for Elastic where I led competitive intelligence and security strategy. Then I was at short standard cyber reason, where we had sort of an XDR platform. I got really in depth into ransomware, which was really interesting, and now I'm in there, which is sort of the next take, and I sort of what I believe is sort of the modern SIM, particularly for cloud applications and things like that.

Chris Sienko: 4:36

Okay, can you speak more to that? What about it, you said, is the sort of like, the sort of bleeding edge in that regard.

Ken Westin: 4:43

I think a lot of it is like a lot of you know, I think around 2006 is when we started migrating everything to the cloud with AWS and this mad dash to the cloud. What's funny is a lot of these sort of legacy. Sim tools were really designed for on-prem and data centers, things like that. They weren't cloud native and I found that with, like with Panther, they're doing a really good job of taking advantage of a lot of the resources that are available to you, like in AWS, to make it much more cost effective, higher performance, particularly when you're dealing with high volume, high velocity log sources like AWS, cloud trail or application logs, identity logs, things like that that a lot of the legacy sends really struggle with, and also being able to apply detections in real time and then also having I found a lot of times these searches and detections I was writing would be almost 200 lines of code and really is code. And with Panther, they started doing is actually treating this code. So you actually have version control, roll things back, incorporating like CI, cd sort of pipelines and things like that that we're used to on the dev ops side, and applying that to our detections and our security logic, which just sort of made sense, so sort of a no brainer for me to team up with Panther and been here for almost a year now and I love it.

Chris Sienko: 6:01

Yeah, that's awesome. So you gave us a really good sort of overview of some of the jobs that you've moved through, including Splunk and whatnot. So, to think of it in more of a sort of macro way, can you tell me what some of the through lines that connect your career, what are some things that drew you to each of these, these positions and these roles Like? What are the? What are the problem big problems that you like solving, I guess?

Ken Westin: 6:28

Yeah, I think a lot of it is. I think I'm really good at connecting dots Sometimes dots that other people don't see I have. I'm a little neurodivergent, as a many people are in the street and I found that this was. It was sort of a superpower that I had. I still even conduct Investigations and in my free time, helping expose some nation-state actors things like that as a hobby. You know, that's what really drives me. And also finding new and innovative things like I'm. I don't do well with. You know, sort of. You know, just go over here and you know, do this can presentation. You know I have to innovate. I always want to do something new. And then also, you know, being able to conduct those investigations. That's something I really love. So I really like working with data. You know being able to, you know, find things other people wouldn't see the connecting the needles and the haystack things like that. Yeah, yeah.

Chris Sienko: 7:20

Yeah, oh. I should about yeah, please, please, speak more on that. I, what are the what aspects of it? That sort of are sort of stimming for you. Because yeah, we just we just spoke to several people who work in in sort of neurodivergent elements of cybersecurity. So what, like when you say you're, you're helping to uncover nation-state actors and almost as a hobby, like what, what, what, what aspects of that are, are, are so especially sort of pleasing to your to your brain.

Ken Westin: 7:46

Well, I can say I'm actually have a presentation I'm gonna be giving at Cactus con here a few weeks. Also I'm giving it at the sands OSN Summit in DC March 1st. It's called. Every contact leaves a trace, where I sort of talk about Some of these investigative techniques that I built. And yeah, okay, there was one that I bill or was like. I found like there was image data in Exit data, so it's metadata that's embedded in images, and back at the time there wasn't really a way to search for that data. So I actually built a search engine. I actually mined all of flickered a bunch of photo sharing websites where I was actually extracting the serial number of the Megan model of the camera. And, yeah, you could do a search for the serial number and I'll show you a photo of all the camp, the photos that were taken with that camera that we find online and it up. It was used for stolen camera recovery. We ended up. The first case I had was John Heller. He was on assignment for getting images and seven thousand dollars was a camera. Equipment were stolen from him. He just turned around and it was gone and a year later he see, if you use my tool. He saw it was on like a con mist or something like that. They did it a write-up on it, did a search and he got a hit and he found that, traced it back to this one photographer, found him on you know flicker and then trace, trace his Facebook profile down and he notified the LAPD. Lapd went and found it and then they talked to him and they said, hey, I bought this from a guy on eBay and they gave the information about the eBay seller. They went to him and they said, well, I bought it from and in California and LA from this guy on Craigslist. I'd still have the address. So a year later the police went in there to this apartment and they went in there. I found all sorts of stolen property. What, oh my gosh? So it's technology that you know it didn't exist at the time because, yeah, but the data was there. It's just no one knew how to look for it or how to wait to search through it. And so one little piece of information, a serial number of a camera. We got sort of unlocked this and I end up, you know, doing a bunch more like that, but I think there's always that sort of piece and that's why I kind of talk about the element of creativity when we're doing Investigations. It's not a sure. It's about thinking outside the box and finding, you know, those little pieces of information that maybe we weren't looking for before.

Chris Sienko: 9:57

Yeah, I think that that's something that we I banged the drum on very, very regularly here, which is that you know, your, your skill set is not just I can use this tool, it's that when this tool doesn't work, what are you going to do next and what are you gonna do after that? And how do you keep looking until you, you know, because it's a you know, certain People will say, well, I tried the thing that it's supposed to, that's supposed to take care of it, and it wasn't there. So therefore it must not be there. But, um, you know, there's. There's just so many other sort of variations. You know that you can, that you can use, and that might well be the best version of that that I've ever heard. So I am, I am. We might just have to have you on again to talk just about that, but anyway, one, one topic at a time, let's hear. So, as I mentioned at the top of the show, we started our initial conversation when I saw you comment on a recent news story in which JP Morgan claimed that they deal with quote 45 billion cyber attempts per day. So, first of all, eagle eye media consumers should already be seeing a yellow flag here. You know there's 45 billion is a big number, but the operative word is 45 billion cyber attack attempts. So in your comment you you said, quote this type of messaging is not helpful to the industry. Without providing more specifics, it feels similar to the cyber apocalypse we experienced a few years back to instill fear and consumers and businesses. In this instance, I'm pretty sure they're referring to vulnerability scans, ddos attempts, bots, etc. Most of which are automated and that really attacks, but I guess that depends on how they define an attack, context that I believe is lacking in the statement. So I can tell me more about this situation and this type of news coverage around security? Because Even for people who don't read past the headlines of stories, which is unfortunately fair and fair few, this one Still gives a pretty big clue that there's more here that meets the eye, but predictably it seems to be Priming the pump for more think pieces about the overwhelming cyber problem, etc. So, leaving aside, you know, insiders, sites and publications around cybersecurity, what tell me, what your impressions of how cybersecurity is covered in these big media outlets?

Ken Westin: 11:58

Yeah, I mean. I think, particularly in that case. It's like you know some it was a CEO of a particular division of JP Morgan made a comment that you know it's 45 billion. But I, and then of course the media, they latch onto that because that's a big number and I think what happens there, it gets clicks right and then you know that that generates more clicks, which gets more eyes on ads, which is how they're getting their revenue, which you know I can't really fault them too much on that. That's just sort of the way our media functions. But I think, particularly with cybersecurity, like we in this practitioners in this space, we hear those sorts of numbers and we roll our eyes. It's just like okay, whatever again. But I think what happened there is that a lot of the important context was actually missed, which I think would have been much more helpful. I think for the audience that was, you know, at that conference, but also for the general public, is well, that's automated attempts. There's a lot more automation, and she'd also mentioned that it doubled over the last year, which I think that's a really important trend for us to focus on. Not only are defenders leveraging automation, but attackers are as well. Attackers are leveraging automation and they're doing low and slow attempts. There's leveraging AI or machine learning specifically in a lot of their adversary attempts as well, and so I think it's important for us to, when we those kind of comments are made, to provide more context around it and what those numbers actually mean. Versus, oh, like 45 billion attempts, like the hackers are winning the cyber criminals.

Chris Sienko: 13:29

There's no way we can defend ourselves. It's under control.

Ken Westin: 13:32

Yeah, yeah, we're like. You know it's, you know it's going to be Lord of the Flies, things like that. You know it's, you know? These sorts of like commentaries, I think, are they don't do us any good, and I think, particularly in our industry like again, like when we start to hear that I think CISO is a particular they sort of become immune to that sort of fun, which you know means fear, uncertainty and doubt that we've tried to instill in them to get the buy products, things like that. I work in sales and marketing pretty heavily sort of more technical marketing, which means that I have to make it real. So I build demos, I build workshops, but when I do it, I build real infrastructure. I actually do real attacks, I show real scenarios, and I think that's important to the integrity of not only my own integrity but the industry itself and also the company that I'm working for. We don't want to go out there and provide FUD. You'll see a lot of like tech vendors that are saying that they're doing AI and things like that, but if you dig a little bit deeper, it's just okay. You're using statistics, that's not AI, and so I think what's happening here is that you know there's just this sort of marketing you know FUD that goes out there, and I think that's something that we need to address. It doesn't do anyone any good and I think that over time that the more honest we are with CISOs and security practitioners about these threats and what products can actually do, the better we're going to be able to serve them.

Chris Sienko: 14:53

Yeah, yeah, and we're going to get to the CISO angle in just a bit here, but I wanted to just sort of keep on the sort of media pattern I mean, it's hardly new, you know, I've been doing this since 2018. And one of the very first episodes we had was, you know, about security in the healthcare industry. And it was because at that point we were getting that kind of six o'clock news panic language of you know, hackers could disable your grandpa's pacemaker by remote control. Stay tuned, you know. So we could probably spend a year discussing the issues and changes needed around the problem. And you know, I agree that we can't blame them for doing it, but we can certainly blame the. You know you can blame the game, not the, not the, not the game player, for you know what, how this got to. You know clicks as engagements as news, but like, where do you think the issue primarily arises? I mean, is is. Is it because there's many large papers that have tech writer on staff but many more, just, you know, copy existing releases with no additional research or clarification? So is that where the issue lies? Or do you think there's a lack of baseline technology among readers and a desire to widely share apocalyptic news on social media. That keeps making these like. Don't forget to read the rest of the story. Articles so popular and profitable.

Ken Westin: 16:04

Yeah, so there's this sort of catastrophic sizing of of these different types of events that occur, and I think a lot of that is. I hate to say it, but when you look at security, you know social engineering is one aspect that we always talk about and something we work on, but sometimes I feel like media and PR is a form of social engineering, sort of a master's in engineering. So when they try to do these sort of scare tactics, what they're actually doing, I think, is actually preying on people's ignorance of cybersecurity, and I think that what we can do as practitioners in the media is actually do a better job of educating people about what these types of incidents actually are. You know, if we want to do it responsibly, if our goal is to just get clicks and get eyes on a, you know, a blog post or something like that to get ad revenue, you know that's one thing, but when we dig a little bit deeper into these, I think we need to really provide more context and stop trying to scare people, because when we do that, you know the conversation just wanes. Like you really can't have conversations with some of those people. You'll see the folks that the conspiracy theorists come out of the woodwork, all that sort of thing, and I think again, it doesn't do us any, it doesn't help us at all. If anything, it just increases our anxiety and you know, frankly, I think we have enough.

Chris Sienko: 17:20

Yeah, now, that was interesting. Do you have any sort of ideas of how to sort of construct the counter narrative? Because, as you were saying that, I almost imagined like a sort of build-nigh-of-the-science guy, but for security, that who just kind of like is a figure. That's like, hey, wait a minute. You know, like let's, let's put this to the test, and so forth. But, like you know, cybersecurity professionals are already, you know, pretty overworked as it is. But, like, what are your thoughts in terms of reframing this narrative? I mean, you know, some of the blame has to come to JPMorgan Chase, if they said 45 billion attacks, you know, or whatever, because they were clearly not saying oh, and also, most of those are automated, so don't worry about it too much. But you know, there was a clear sense of like you know, hey, we're under a lot of stress right now, so you should really feel sorry for us, or whatever, I don't know.

Ken Westin: 18:11

Yeah, I think a lot of. It is like, when you start hearing those sorts of numbers, I think it's important for people to think about. What are they trying to sell me and that particular piece with JP Morgan. What they're positioning themselves as and it's true is like a lot of banks are becoming software companies. I've worked very closely with a lot of financial companies and over the years, I've even had spent a lot of time in some of their stocks and helped them build out some of their programs, and the threat is really very real. I mean it's insane how many types of attempts and types of attacks they're dealing with everything from again, credit card fraud and trying to hack into the infrastructure, all this sort of thing. So the threat is very real, but I think what they're trying to position themselves as is trying to say that we have more talent than, like, say, some of the big tech companies that are out there protecting your data and things like that. So what they really are trying to say is sell their own product. They're trying to position that we're more secure than maybe another bank or what have you. So I think that's the important thing is, when you hear those sort of hyperbolic numbers, it's important to sort of take a step back and it's like wait, what are they trying to sell me? What are? Why are they saying this? Why are they trying to scare me? And then kind of work backwards from there.

Chris Sienko: 19:24

Yeah, yeah. When they used to tell us on Saturday morning cartoons that you know frosty flakes with part of a balanced breakfast, you had to really do the extra detective work to realize, oh, you should probably eat something other than the cereal or whatever. And if they're saying, like we can defend all of this stuff, you have to sort of actually think about like what does that actually mean in terms of like your sort of your cyber team and what they're really like doing for you? So further on in your statement, you also brought it back to cybersecurity as a whole and, as you said, erdos quote also refers to quote fraudsters, which can also include credit card fraud, bec attempts, et cetera, and not just hackers. And so, as you said, here we need to get beyond the fear, uncertainty and doubt narratives and security and push on real threats with appropriate context, not just push monsters under bed narratives to keep scissors up at night. So let's talk a little more about that, like one. One new story you can take to the bank is that cybersecurity professionals, especially those in the high responsibility positions like CISO, suffer enormous rates of burnout and turnover, not to mention the lingering fear that something could go wrong, that the buck might side with them and magically turn into a termination. So, like, what do we do in terms of going beyond that and sort of getting it back to you know, a responsible form that doesn't, you know, doesn't turn you know CISOs into the new target?

Ken Westin: 20:44

Yeah, I think well, like in that particular quote to, she mentioned fraudsters, which you know that gets beyond, like cyber criminals like that can also incorporate business email, compromise, fishing attempts. There's all sorts of other sort of crimes that kind of float into that. And I would even say now that pretty much any crime that is committed, whether it's white collar fraud, anything like that has a cyber component. Pretty much every criminal is going to have some sort of a cyber component, whether it's, you know, evidence is being collected from closed caption video, video or you know what have you, and that particular case too, like a credit card, you know, trying to swipe a stolen credit card, like how many of those attempts are actually occurred? I would really like to see a breakdown from JP Morgan of like what, those 45 billion, how do those actually break down? Is that like four billion fishing emails that are getting sent out? If that's the case, then you know fishing. Like if, if you're as a CISO, if you're concerned, that you know I always call my sort of persona is Steve and accounting, he clicks on every link, no matter what, no matter what fishing training you send him to this guy in accounting, he just will click on whatever link it's sent to him he'll open any attachment. Yeah, right. And so what I tell CISOs is if that's what you believe, if you have a Steve and he's the one person that can bring your entire company down, you really need to increase your overall security posture. You need to actually plan for those occasions when someone does click a link. How, how deep can they go? We need to start looking at the layers of the security union. How, if someone like Steve, what permissions does he have? If he has access to admin, admin access to a particular database, maybe he shouldn't like all these sorts of things? It's you know. You really need to look at the picture as a whole and not these sort of individual attacks Like it's going to be this fishing email that's going to bring my company down. That's very rarely the case. Of course, ransomware is a whole different thing, but then there's protections that are in place for that. So it's important to sort of look at the threat, understand some of those numbers, what they actually mean, and then I always kind of look at it as a funnel. Okay, sure, there's 44 billion, but then how many do we actually block at this level? Here's how many actually got through, how many of these actually became security incidents. You know, sure, there's 45 billion attempts, but there's maybe only a hundred actual incidents that we need to be concerned about.

Chris Sienko: 22:59

Yeah, okay. Well, let's go one step higher for SISOs. You know we hear these new and changing threats from two packing tools machine learning, accelerated attacks. What is your advice to SISOs and by extension, I guess they're C-suite peers and stakeholders in the company to parse these terrifying quote, unquote new threats and turn them as you said. You broke it down very nicely with regards to Steve, but like, how do you turn these scary stories into credible security policy? That doesn't resemble throwing money at the boogeyman in the closet and hope that it goes away.

Ken Westin: 23:32

Yeah, I think one thing you'll hear a lot in the sort of the infosec media is AI is going to resolve all your woes. And we've seen this years ago. You know. We're seeing it again now that you need AI is going to solve all your problems, and that's not the case. Every in particular, it's a very human sort of crime because it's about deception and machines really don't understand deception. And we're even seeing this now where machine learning data models can actually be manipulated. Friends of mine in a company called Hidden Layer that's something that they're actually looking to block where you can actually take the data models by injecting bad data right. There's a ways of you know, prompt injections and things like that. There's always these sort of attacks that are going to go through it, so AI is not going to solve all those types of problems. I think you need to invest still in your security teams. I always refer to the sort of the situation as a cyborg versus an Android. They're selling you as an Android, which is sort of semi autonomous and you can do all these things as we can think like a human, and we're not there yet. What do you think more in terms of a cyborg, where we still have the human that's doing the thinking. They're still doing the kind of recognition, but we're leveraging these sort of machine learning and AI technologies to enhance their capability so they can sift through this data more easily. The technology is there, particularly like with Panther, when we're dealing with high volume log sources, things like that, that other Sims can't handle. There is technology out there that helps solve these issues, and they can do it in a much more cost effective manner than we were doing before. So I think it's important to sort of one up your tool sets, but also ensure that you're getting your security team updated as well. I feel like I'm always out of date, Like I'm old. I've been doing this for a long time. Like things I used to do to hack a Windows XP box don't apply anymore, particularly in the cloud. But container escapes is a whole new type of attack that would target cloud infrastructure, and there's a lot to learn about that. It's much more complex, but once you understand it, then you start to look at ways you can actually automatically block and detect some of that, and so really, it's about up leveling your tech stack as well as your tech skills on your team, and don't lay off your security team, Like that's one of the worst things that I've seen a lot of organizations do yeah.

Chris Sienko: 25:50

Oh, I know. Yeah, well, boy, you telegraphed perfectly into my next question here. Actually, that gives me two questions now. But yeah, so yeah, I mean, you said it perfectly You're half of your skills that you learned can be completely erased by tech changes in six months or 12 months or even less. So you basically said it like you need to keep on top of all these new changes and stuff, but everyone's also overworked. So do you have some advice on how to keep on top of these things and make it part of your work and not, hopefully, something where you have to study nights and weekends to do your day job more properly and this can just as easily go to managers and C-suite and stuff like that. How do you parcel out your team's time so that you can integrate learning these new things into your work week?

Ken Westin: 26:45

Yeah, I think incorporating and decompressing your staff, as well as training. The training, especially, shouldn't be something that you're expecting your employees to do in their free time. I think if you want to make it important and as part of your culture, then it needs to be incorporated into the workday, whether it's one or two hours that you allocate, maybe even a Friday or something like that. We try to make it like our company no Meetings on Friday, which is a great time to catch up. Also, take a course you're working on, maybe take an hour or two, and that frees you up mentally as well and it allows you to do your job better. If you are just throwing a bunch of work at your security teams and these tight deadlines, all you're going to do is either get them to leave you're going to burn them out, they're going to miss things. You need to really take care of them and think about mental health as well. It's just critically important. Like we always talk about making sure that our systems and things like that are healthy, well, we also need to make sure that our teams are healthy mentally and physically to be able to do their jobs and they're going to be able to do it better and those types of things too is when they can back off and they can think through things. They're actually still solving those problems. They're just doing it in their sleep. They're still thinking about the issues they run into. I don't know about you, but sometimes the best times I've actually solved a problem was actually by taking a step away from it, going from coming back to my computer and it's like oh, that's the solution, right.

Chris Sienko: 28:16

Yeah, yeah, people don't remember that your brain is actually still working on that problem that whole time when you're not directly thinking about it, and it might even be working on it on a deeper level. So, yeah, give it the time to do what it does well. So before we sort of move into the windup questions, I guess I wanted to move back a little bit to the notion of changing the media narrative. Involves us, the security community is going to be the ones, or has to be the ones, to sort of push back on these scare narratives, these fear and certainty despair narratives. Do you have any thoughts on people who are listening to this show, people who are professionals, people who are team leaders, becoming those kind of rank and file sort of security I mean, we use security champions as another term, but security ambassadors, like in terms of maybe doing writing letters to the editor or just sort of getting involved in sort of like security literacy in your area, cause it feels like I want to make sure that we don't just say like this needs to happen but there's no real mechanism for it. Do you have any thoughts on how to sort of reverse the tide of this kind of if it bleeds, it leads security covering?

Ken Westin: 29:27

Yeah, I think we in the industry we can hold the media accountable. I think that's one thing is we can actually call them out. I've done that where I've called out a particular publication for publishing something that was inaccurate. They had someone that was also well known for spreading disinformation around nation state actors. They never quoted that person again. Another publication actually removed their quote altogether. So there are things that we can do is in the industry to do that, and I also think that marketing can help with that too, because that a lot of these publications are coin operated and if a publication continues to spread flood and they have a bad reputation, then maybe we shouldn't have our ads on their website. So that's something that the media will listen to. Is, all of a sudden, their ad revenues down? It's like why is that? Well, we published these articles and we kind of tried to scare people and we got some quotes from people that really weren't to know what they were talking about. We got called out in the media and we didn't back down. We kept doing it. But that's gonna maybe affect some change. So I think that we in the industry do have some cloud to be able to do that, whether calling them out in social media, in conferences, presentations, but also I think the security companies themselves can do it in the marketing departments with a little bit of advocacy. Like let's focus on investing in the publications and the brands that are gonna paint us in a good light, that are gonna do well for the industry, versus just trying to get them, to scare them and to buy in our product, because even if you do that, it's not gonna work out well. Maybe you'll get them like for a year, but they're not gonna renew.

Chris Sienko: 31:05

Yeah, they're gonna feel eventually that you were, even if you weren't the person pulling the lever. They know that you didn't stop the lever from being pulled. So do you have any parting advice for tech writers trying to cover these types of news stories in a way that underlies the importance of the issue, while not feeling like you're shaking up a can of bees in people's heads?

Ken Westin: 31:24

Well, I think one thing I've seen is like make sure that you do a little bit of background and some due diligence on the people that you're getting quotes from. Things like that I've seen time and time again where quotes get published from someone that really has no idea what they're talking about. They don't have any experience in the industry. That's been an issue. But sometimes I know that there's crunch time, there's deadlines, you gotta get a quote. But I think being able to have reputable folks that you go to that are gonna give you honest feedback around a particular incident, I think is critically important. The sort of building that network and there's a great network, particularly in FOSAC, I mean there's I have so many friends in the industry like we go to Def Con and Black Hat and it's just I don't even go to sessions anymore, we just hang out at the bar and like catch up on things in the industry. It's the best. But kind of getting tied into that where maybe that person not the expert on this topic, but they can direct you to someone who they know is, I think that's important to kind of build that community around it versus just trying to get a quote from anyone. So that's one thing you can do, but also becoming an expert yourself. There's a lot of great journalists out there, like Lorenzo, which had crunch. He's really not only does he find the right people, but he also understands the industry really well. So if someone does try to to bullshit them, that he's able to pick that out and call them out on it. That's the thing I really like to see. So I think some of the most the savvy journalists out there like there was a few in wire things like that can't remember all their names. I should try to name them, but they're really good Like I can. You know that's her Kashmir. I met with her. She did a thing on Forbes, had an article with her and she went to DEF CON for the first time and you know she met me and I showed her around and you know that's, you know, getting to know the people, getting to know the industry. I think that's really important. So if you're going to be reporting on InfoSec, I think if you can make yourself part of the community, not only is that going to help their stories cause you're going to be trusted, you're also going to find the people that you can trust to give you honest feedback.

Chris Sienko: 33:28

Oh, that's killer advice. I love that. I would love to see more news reporters coming to these big events like that and soliciting good advice. I think that could be a huge change. So on a personal note, as we wrap up today, ken, could you give our listeners the best piece of career advice you ever received? And the follow up is it's still advice you'd give to professionals for preparing to enter the field now?

Ken Westin: 33:53

I think. Well, one of them is my. It's from my dad, you know, when he was a funeral director, which was a nursing family business, european funeral homes, things like that. He did it because he loved helping people and you know he the best career advice he gave me is do what you love and the money will follow. So don't go after the money. There's a lot of people that are going into cybersecurity because that's what they're being told, where the money is, and things like that. And that's not initially the case. If you don't have passion for it, you're not going to do well at it. I'm lucky to you know. Again, I always tell people like people always ask how'd you get in the industry? And I'm like I really don't know. I kind of have to go back and look at it and I just really kind of follow my passion. It was just one thing led to another and so I think that's important. And then being a generalist I think is also helpful. Like it's funny, some of the most like brilliant people I know in this industry don't have technical degrees. It was their first degree. They came from liberal arts backgrounds, things like that, so they have a very well-rounded education, which I think is critically important. Being an expert isn't about knowing the answer, it's being able to figure it out, and sort of having that sort of robust background in education I think is critically important. So I think I tell people that too, that they want to go into cybersecurity careers. I'm like well, study, you know. Make that be a minor, maybe take computer science, you know, because you never know what's going to change. I think my entire career I've gotten into positions that didn't exist when I was in high school, right, like I was a web developer, like what the heck's the web, and then I got into cybersecurity. So all the careers I've had never existed when I was talking to my career counselor who told me to be a garbage man, right, so you never know. It really depends on you know if you follow those passions too, you understand your strengths, your weaknesses, things like that, versus trying to have other people sort of put that on you. I think is really important.

Chris Sienko: 35:43

Yeah, beautiful. So before we go, you talked about a little bit at the top, but tell us more about your company, Panther, and the platform you created and the services that you offer with it.

Ken Westin: 35:52

Sure, so we're Panther. We actually were started around 2018. Our founder is Jack Nagliari, brilliant engineer, who was at Airbnb. He wasn't happy with the off-the-shelf SIM solution so he built his own. He had an open source tool called Stream Alert, which he then turned into a company, panther, which we've gotten several rounds of funding. We're growing fairly rapidly, really focused on particularly the sort of the cloud and application domain for SIM use cases, really helping to solve that problem to make the SIM more cost-effective. Also, fast real-time detections, being able to search a full year of data, which that's just insane. You're lucky with other SIMs if you have 30, 60, 90 days of data retention that's searchable. And we're continuing to develop our product. We're advancing it pretty much every quarter and, yeah, we're at a lot more conferences. This year we're going to be at RSA, black Hat, all those Plus. I'll be traveling all over the world. This time too, we're actually we're just in Dublin, london. I'll be in France. We're going to be spreading the word not just in North America, but expanding our foothold in Europe as well.

Chris Sienko: 37:06

All right. Well then, my last question tied right into that. If our listeners want to learn more about Ken Weston or Panther Labs or, in this case, where you can be found, where should they look online for either of those things?

Ken Westin: 37:15

Just go to panthercom. I'm on Twitter or X or whatever it's going to call it. I'm just at K Weston, okay, and I'm also on LinkedIn.

Chris Sienko: 37:23

Congratulations on getting panthercom. That feels like that would have been taken before now, so that's awesome. Well, thank you so much for this great conversation and I really enjoyed learning from you and I love that story, so thank you very much, yeah. Thanks a lot, Chris Thanks for having us and thank you to our 80,000 plus cyber work viewers and subscribers. Your input, enthusiasm make this a joy to do each week. So if you have any topics you'd like us to cover or guests you'd like us to see on the show, drop them in the comments below. Before I let you go, just remember to visit info second, stutecom slash free to geta bunch of free and inclusive stuff just for cyber work listeners. That includes work bites, which is awesome, and I encourage you to watch our trailer. If you have better security awareness skills than your coworkers, what if those coworkers were a pirate, a vampire, an alien, a zombie or a fairy princess? Go check it out. It's a. It's a hoot. Info site Institutecom slash free is also the place to go for your free cybersecurity talent development ebook, where you can find in depth training plans for the 12 most common security roles, including sock analyst, penetration tester, cloud security engineer, information risk analyst, privacy manager, secure coder and more. One more time info site Institutecom slash free. And yes, the link is in the description. Thank you one last time to Ken Weston and Panther Labs and thank you all so much for watching and listening and until next week, happy learning.