Newsletter

12.07.2021 | 7'' read

On the passing of Dark Reading’s Tim Wilson

by Ryan Naraine

This edition of the newsletter is presented by Process Unity and SecurityWeek.


* The most clicked link from last week’s newsletter was the just-breaking New York Times piece on Apple slapping a lawsuit on NSO Group over the Pegasus iPhone hacks.
Note.

Monday blues.A few thoughts on the passing of Tim Wilson, the well-respected security journalism pioneer who co-founded and nurtured Dark Reading into a cybersecurity industry fixture it is today.

I didn’t know Tim very well but I’ve always paid very close attention to his work as we competed over the years.  I’ve been in constant awe of his ability to build a substantive, respected, must-read publication in an industry where “news” is mostly manufactured by marketers flush with VC cash.   Believe me, this is a near-impossible task.

He was a quiet man who always seemed to be avoiding the limelight.  Whenever I ran into him at security conferences, he was always far from the action, smiling and nodding through a hallway conversation, no doubt working a news angle or securing a speaker to showcase at his public events.

When I ran marketing at Bishop Fox and Tim was working on his new INsecurity Conference series, we spent time on the phone discussing speakers and presentations and one thing that stood out was his insistence — directly so — on avoiding hype while educating his audience.   He cherished his credibility with the Dark Reading audience and made that known on every call we had.

His passing leaves a big hole in our industry.  He was a rare breed who proved there’s success in the media business with credible, reliable, meat-and-potatoes journalism.  Tim Wilson will be missed by all of us.

~*~*~*~*~
Following my rant last two weeks ago on Zoom’s security problems, it’s refreshing to see the company finally add an automatic updater to the Zoom client.  They even issued a press release.

_ryan

On to the newsletter…


Sponsored.

Join this SecurityWeek panel discussion on Aligning Internal Cybersecurity Practices with External Third-Party Risk Management, presented by our friends at Process Unity.  You will learn now to:

  • Map external third-party risk to internal cybersecurity controls
  • Evaluate control effectiveness against both internal and external risks
  • Identify potential fourth-party risk
  • Prioritize cyber/third-party risk projects based on control gaps and domain inefficiencies
  • Build a world-class cybersecurity program that protects against internal and external threats

Here’s the link to register and add to calendar.


The Iran/Israel cyberwar.

There’s something uncomfortable about the ongoing cyber-operations in Iran and Israel that are clearly affecting civilians in both countries.  Here’s the latest:

Apple’s NSO Group/Pegasus lawsuit.

Just as I was about to hit send on last week’s newsletter, Apple dropped the NSO Group lawsuit bombshell.  Let’s catch up quickly:

Research discoveries.

Essays.

  • Gavin Wilde warns about the fetishization of offensive cyber capabilities to combat the ransomware wealth transfer: “Left unchecked, the fetishization of offensive cyber power risks becoming a self-reinforcing fixture of U.S. cybersecurity policy and international deliberation on norms. If the gauntlet is thrown down for military cyber units to conduct offensive operations against non-state entities abroad — particularly in retaliation for damages that are primarily financial and criminal in scope — the issue becomes as much about which behaviors the United States is endorsing as those it seeks to curb.”
  • In August 2020, two FBI agents showed up unannounced on the doorstep of TechCrunch security writer Zack Whittaker asking for an audience on a story he had published the year before. “Legal demands against reporters are not uncommon; some even see it as an occupational hazard of working in the media. Demands often come in the form of a threat, almost always compelling the journalist or news outlet to retract a story, or sometimes even to stop a story before it’s published. Journalists covering cybersecurity — a beat rarely known for its chipper and upbeat headlines — are especially prone to legal threats by companies or governments wanting to avoid embarrassing headlines about their poor security practices.”
  • Crossbeam CISO Chris Castaldo responds to a proposed bill in the U.S. Congress to deal with ransomware: “While Rep. McHenry’s bill is a good first step to counter ransomware attacks, further legislation is required to cover all ransom requests, regardless of an organization’s size or the industry they operate in, and simultaneously dissuade ransomware operators from targeting American businesses in the first place and incentivize businesses to mature their defenses against attacks.”
Zero-day watch.

Leftovers.

Tangentially.

P.S. Full podcast episodes are available on the SecurityConversations.com home page, and on all major platforms. Subscribe directly: Apple/iPhoneGoogle/AndroidSpotify and Amazon/Audible.
|

This site uses cookies and may process personal data based on our Privacy Policy