Deb Radcliff’s cyber-thriller Breaking Backbones: Information Is Power was released this spring. It’s the initial installment in her Hacker Trilogy series.
Deb is the first investigative journalist to make cybercrime a beat. Since 1996, she has been embedded in the hacker and law enforcement communities, learning the techniques, lifestyles and philosophies that make them unique. Deb has won several awards for her investigative reporting, most notably two Jesse H. Neal Awards: one for best individual feature, for “Hackers, Terrorists, and Spies” in Software Magazine, and the other for group reporting, best news story, Computerworld, “Wireless LANs: Trouble in the Air.”
In addition to her work as a novelist, Deb Radcliff is quite busy covering the cybercrime and cybersecurity beat as an analyst, author, speaker and thought leader. Look Left’s Davida Dinerman caught up with Deb to discuss her novels, the latest threats in cybersecurity and a look at some of the pioneering women in cybersecurity. Here are some highlights of the conversation:
- Cyberattacks grow more sophisticated by the day: “They’re way more planned out, every step of the attack. And these are long attacks that start at one point, go through several other points, then go onto a patch download, and then [it] does the same thing to all the companies it downloads. I actually do think that the US government's breach disclosure for government systems to make vendors disclose their breaches in their own software ecosystem is a help. I think it's actually the right direction. We are not seeing enough of this.”
- Compliance as code is becoming a bigger IT security trend, but the question is whose responsibility it should be: “It could land in the DevSecOps realm, where the developers are actually leading the charge for more security. Maybe there is going to be some kind of compliance development officer or development compliance officer coming out of this. Or it could literally shift right over to the compliance departments because they've got all these digital bills of materials with everything in their organization. They're going to be ranking which risks that they can live with and the ones they can't live with. And usually that falls to the risk and compliance department. The CISOs would be wise to oversee all of this, but I don't believe they've got the chops to be in charge of it.”
- Deb shares the challenges women face in the cybersecurity industry: “We have to do better than the guys. We know that. As I'm shaping my career into more of an analyst role right now, I have to promote myself. I have to say, ‘Look, I've created an analyst program for the SANS Institute. I ran it for 15 years. We developed a lot of topics around a lot of security content. I ran the whole thing. I drove the topics. I'm a smart person, and this is the role I see myself in.’”
Listen to the podcast now and subscribe to catch every episode.