Digital Podcast

Episode 148: Joseph Menn on Cult of the Dead Cow also Veracode CEO Sam King on InfoSec’s Leaky Talent Pipeline


Join Now to Share


The Security Ledger Podcasts show

Summary: <br> In this week’s episode of the podcast: Joseph Menn’s new book Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World hit store shelves this week. We reprise our March interview with Joe and talk about the origins of CDC. Also: is the talent pipeline for information security empty, or has it sprung a leak? We’re joined by <a href="https://www.veracode.com">Veracode</a> <a href="#sponsor">*</a> CEO Sam King to talk about one of the top problems facing organizations: how to cultivate and keep information security talent. <br> <br> <br> <br> <br> <br> <br> <br> Joseph Menn’s new book on the seminal hacking group Cult of the Dead Cow was making headlines months before its release, after Menn – a reporter at Reuters – broke the news that <a href="https://www.reuters.com/investigates/special-report/usa-politics-beto-orourke/">presidential candidate Beto O’Rourke was a long standing member of the group</a>. That scoop helped propel Menn’s book to become a top selling cyber security book on Amazon even before it was released. With the <a href="https://www.nytimes.com/2019/05/31/books/review/cult-of-the-dead-cow-joseph-menn.html">book’s release finally here</a>, we’re reprising an interview with did with Joe back in March (<a href="https://securityledger.com/2019/03/podcast-episode-138-hacker-president-joseph-menn-talks-beto-and-cult-of-the-dead-cow/">episode 138</a>). <br> <br> <br> <br> The Cult of the Cult of the Dead Cow<br> <br> <br> <br> In our first segment, Joe and I talk about the origins of CDC in the early days of the Internet in the 1980s and 1990s to the group’s growth and release of the Black Orifice hacking tool in the late 1990s. <br> <br> <br> <br> Joseph Menn is an investigative reporter for Reuters and author of Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World.<br> <br> <br> <br> Joe tells me that the group’s early incarnations were more creative than technical: a loose gathering of computer enthusiasts exchanging ideas, writing and conversation via online bulletin boards. CDC was consistently irreverent and, even more important, fun and funny. Over time, that drew people to the group: more skilled hackers like Josh Buchbinder (“Sir Dystic”), <a href="https://en.wikipedia.org/wiki/Peiter_Zatko">Peiter Zatko</a> (aka “Mudge”) and <a href="https://en.wikipedia.org/wiki/Christien_Rioux">Christien Rioux</a> (aka “Dildog”). The addition of new, more skilled members drove CDC’s evolution into a more serious hacking group that produced “<a href="https://en.wikipedia.org/wiki/Back_Orifice">Back Orifice</a>,” a remote administration tool for Microsoft Windows that was among the first and most widely used Windows hacking tools.<br> <br> <br> <br> Solving Infosec’s Pipeline Problem<br> <br> <br> <br> In our second segment: its common knowledge that there are too few information security workers to meet the needs of our domestic economy or – indeed – the global economy, where the shortage of cyber security pros numbers in the millions. Furthermore, of the information security workers who are available to hire, there is an acute lack of diversity. They’re 50% to 51% of the population, but just <a href="https://www.prnewswire.com/news-releases/representation-of-women-in-the-cybersecurity-workforce-is-recalculated-to-20-percent-300821151.html">20 percent of information security professionals globally are women.</a> In countries like the U.S., racial and ethnic diversity is also a challenge in the information security space, which can exacerbate conditions for those working in the field.  <br> <br> <br> <br> <a href="https://securityledger.com/2018/02/podcast-episode-85-supply-chain-attacks-hacking-diversity-leon-johnson/" target="_blank" rel="noreferrer noopener">Epis...</a>