Such clinics rely on university students to provide free cybersecurity services to local institutions. By deploying students to community organizations to improve digital defenses, university cybersecurity clinics aim to give students cybersecurity experience, improve local defensive capacity and steer students toward work in cybersecurity.

“This investment that Google’s made today recognizes the value of experiential training. This is not only important for national security but for economic opportunities and national innovation,” Kemba Walden, the acting national cyber director, said at Thursday’s event announcing the funding. “Cyber clinics provide an on-ramp to cyber careers by enabling students from different backgrounds and majors to learn cyber skills.”

Google will partner with the Consortium of Cybersecurity Clinics to distribute the funding. Consortium members include Stillman College and the University of Texas system, who partnered with Google at the event.

Walden noted that the office’s forthcoming workforce strategy will focus on collaborative efforts to build cybersecurity capacity at a time when large numbers of cybersecurity jobs remain unfilled in the United States.

The international cybersecurity nonprofit ISC2 estimates that there are approximately half a million open cybersecurity jobs in the United States, which is a 17% jump from 2022 despite an 11% increase in new entrants to the field.

Google’s announcement dovetails with growing interest in Congress to invest in and expand the U.S. cyber workforce. “Other countries are starting to do cybersecurity as well or perhaps even better than the United States,” Rep. Jay Obernolte, R-Calif., said at Thursday’s event. “We need to incentivize students to pursue careers in fields like cybersecurity to reverse that trend.”

In announcing the funding, Google CEO Sundar Pichai said that cyberattacks pose a growing risk to the U.S. economy, costing billions of dollars over the past few years, and that the increased use of AI in security contexts has the potential to make digital systems more secure.

“Just as technology can create new threats it can also help us fight them,” said Pichai, who met with White House officials and members of Congress to discuss AI while in Washington. “AI can also profoundly change how security professionals do their jobs, with better tools for detecting and resolving threats.”

Google’s investment in cyber clinics is the latest in a series aimed at boosting the cybersecurity workforce. Earlier this month, the company announced a $12 million research program with universities in New York. In May, Google announced a cybersecurity certificate addition to its Google Career training program.

At a hearing Thursday before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, representatives of ISC2 and other cybersecurity organizations testified about the need for Congress and federal agencies to be more proactive in training America’s future cyber workforce.

“It is clear that the shortage of talent and burnout are issues that both the public and private sector face therefore it is an issue we must tackle together,” Andrew Garbarino, R-N.Y., said in his opening statement. “Our nation’s cyber workforce challenges are widespread and must be addressed through a strategic cross-cutting approach that avoids duplication.”

With reporting from Christian Vasquez.

The post Google announces $20 million investment for cyber clinics appeared first on CyberScoop.

Overall, less than 50% of all respondents said their agencies are “at least somewhat prepared in case of a cyberattack,” according to Verizon Frontline Public Safety Communications Survey.

Law enforcement agencies reported stronger confidence than others in their ability to thwart cyberattacks, but overall, only 15% said their agencies are “very prepared.” Fifty-six percent said they’re only “somewhat prepared.”

The survey of 1,825 first responders from across the U.S. — a group that includes responders from fire departments, emergency medical services, police and emergency call centers — comes as ransomware remains a significant issue for local governments. Earlier this year, the FBI warned local governments that “cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses.”

Cybersecurity was just one part of the national survey that focused mostly on how first responders are relying on new technologies. Respondents said that while smartphones and land mobile radio are the technologies they rely on most heavily today, they predicted that some other, more rare technologies are bound for greater use.

These include augmented reality and virtual reality applications, which today are used by only 1% of responders, according to the survey. Twenty percent of first responders said they believe AR and VR will be an important technology in their field within the next five years.

Drones, today used by only 8% of responders surveyed, were expected by 40% of first responders to play a greater role. Internet-connected vehicles, used by 41%, were projected by 64% of respondents to be an important technology in the coming years.

The Verizon report points to the 5G wireless standard as a critical technology to support many of these emerging technologies. Seventy-seven percent of respondents agreed that 5G will be either a “top” priority or an “important” priority for the future of public safety.

First responders named unreliable networks, outdated tools and lack of interoperability as their three top concerns when it comes to technology. Only 4% said they considered customer service when choosing a network provider.

The post Many public safety agencies remain unequipped to defend against cyberattacks appeared first on CyberScoop.

The alleged hacker did not respond to a request for comment on Friday, but told The New York Times late Thursday that they’d socially engineered an Uber employee to gain access to the company’s systems. Screenshots shared across Twitter and other platforms seemed to demonstrate the wide-ranging access the attacker achieved, including to Uber’s accounts with Amazon Web Services, Google Suite and HackerOne.

The attacker told Corben Leo, a researcher and developer, that they gained access to a privileged access management tool which, when queried, revealed the credentials for the range of services.

That relative ease, according to a range of experts sharing initial opinions online, shows that this is a structural systems problem, not a problem at the individual employee level.

Coldwater’s tweet racked up nearly 1,000 retweets and nearly 4,500 likes in a matter of hours, with others sharing similar sentiments.

Bill Demirkapi, a researcher and security engineer with Microsoft, pointed out on Twitter that “the scope of the attack demonstrates another problem with centralizing authentication,” which is that “it can often be a single point of failure that can give attackers a wide variety of access, as we’ve seen in this example.”

If the details are accurate about how the attacker gained access, initially by spamming the employee with push-based multi-factor authentication requests, Demirkapi added, then this is not just an Uber problem. “The practices that led to their compromise are shockingly common,” he tweeted. “Vulnerable MFA is used everywhere, >60% of sites don’t even support hardware tokens.”

Similar attack methods were used in the recent breaches of Twilio, Okta and roughly 130 other companies, according to Group-IB, and experts say it’s a tactic on the rise.

“Why are we seeing an increase in SMS-based phishing? Because it’s working, becoming increasingly well documented by attackers, and there are now kits that make it easier to develop attacks to steal passwords and MFA codes,” tweeted Rachel Tobac, the CEO of SocialProof Security.

Organizations of all kinds are getting hit with these kinds of attacks, Sam Rubin, vice president at Unit 42 Consulting at Palo Alto Networks, told CyberScoop Friday. While not commenting specifically on Uber’s practices, Rubin said that although these attacks are not complex or sophisticated, “they’re still proving to be very successful.”

Ultimately “it comes down to educating employees to be aware of these tactics criminals are using to gain access to organizations,” he said. “They are often also using urgency and user fatigue to get people to click these links. If you’re unsure if IT or your help desk really sent a text message, reach out l directly to verify.”

Additionally, administrators could tighten MFA controls to reduce the risk, he said, a suggestion many others made Friday.

The post Blame game follows Uber hack. Experts say don’t fault employee. appeared first on CyberScoop.

The layoffs gained visibility after noted privacy lawyer Whitney Merrill tweeted a LinkedIn post from former Patreon privacy engineer Emily Metcalfe. “Wouldn’t trust my data there,” Merrill said on Twitter.

Patreon, which boasts as many as 8 million monthly users on its platform for fans to support creators and artists, suffered a major breach in 2015. Hackers broke into the company’s user database and released several gigabytes of internal data including usernames, email address and mail addresses. No credit-card numbers or Social Security numbers were accessed in the breach, the company said at the time.

In a statement to CyberScoop Thursday, Patreon said that the layoffs will have no impact on its security program.

“As part of a strategic shift of a portion of our security program, we have parted ways with five employees,” a company spokesperson wrote to CyberScoop in a statement. “The changes made this week will have no impact on our ability to continue providing a secure and safe platform for our creators and patrons.”

Employees have characterized the layoffs differently. “I and the rest of the Patreon Security Team are no longer with the company,” the engineer Metcalf wrote in the LinkedIn post.

Another former security employee, who wished to remain anonymous due to the terms of their severance agreement, disputed the company’s claims. That employee said that the team had already been understaffed prior to layoffs and the company had dramatically cut down on its use of external security vendors in the past four months.

“There are no qualified security personnel,” the employee said. “There is no one there to utilize the tools that we had in place.”

A company spokesperson declined to answer CyberScoop’s questions about how many security employees remained but claimed that a “a majority of our engineers and our vendors working on security remain in place.”

“We also partner with a number of external organizations to continuously develop our security capabilities and conduct regular security assessments to ensure we meet or exceed the highest industry standards,” the spokesperson said.

In reaction to the news, some creators on the platform have threatened to leave and take their subscribers with them.

“You are destroying our livelihoods by failing to provide security,” artist Suzanne Forbes wrote to the company in a tweet. “My Patreon has always been supported primarily by computer security professionals. Guess what they’re doing now? Deleting their accounts.”

CyberScoop has reached out to Forbes for comment.

This is the third layoff at Patreon in three years. Patreon laid off 36 employees last year and 13 percent of its workforce in 2020. It’s not immediately clear how many of those employees were on the security team.

The post Patreon security team layoffs cause backlash in creator community appeared first on CyberScoop.

A boutique industry of auditing firms formed over the past few years to deal with the emerging technology now boasts up to a year-long wait time to even begin working with customers and a growing list of job openings they can’t fill quickly enough.

And investors are flocking to get a piece of the action, too, pumping millions of dollars into firms that promise to help safeguard an increasingly fragile cryptocurrency ecosystem.

From the outside, the race for security seems like a long overdue course correction for an industry now plagued by near-weekly multi-million dollar hacks. However, security experts in the industry don’t all necessarily see the boom in business as an unmitigated win for the industry, they tell CyberScoop. Instead, they say it points to a much deeper challenge for the industry: cultivating the kind of security talent needed to keep a growing financial industry under the constant threat of hacks safe.

“It is not a good thing that there is a dependence upon external consultants for core competency required to build blockchain software,” said Dan Guido, founder of security firm Trail of Bits.

Crypto companies hire Trail of Bits to independently audit their code for vulnerabilities, a process that Guido emphasizes provides some reassurance to the company but does not constitute the same level of safety of full or ongoing security reviews.

While experts like Guido adamantly advise that companies have other security processes baked into their development and review processes, external audits have become a crutch for an industry hobbled by a lack of blockchain security experts.

“You have a talent shortage in cybersecurity, in general,” said David Schwed, chief operating officer of blockchain security firm Halborn. “And then a subsection of that is this new and emerging technology where it requires a different type of thinking than traditional cybersecurity professionals.”

Blockchain projects offer distinct challenges for security professionals. Foremost, many are written in newer and less common coding languages such as Solidity, narrowing the pool of individuals who can audit the code. Unlike many other systems, which are designed to be closed off in an effort to thwart attacks, the blockchain is public, meaning that hackers have an open book for vulnerabilities.

The bigger barrier to finding the right talent isn’t so much teaching people about blockchain as it is finding someone with the right mindset, Schwed says.

“I don’t want to say it’s a different level of paranoia, but that’s really is what’s required in this field,” said Schwed. “A transaction is immutable. It’s gone. That’s the important piece that they’ve got to understand.” Given the nature of some attacks, security experts must also understand how the technology works from the business side, he says.

Larger cryptocurrency companies take a similar approach in finding talent. Nick Percoco, the chief security officer at digital asset exchange Kraken, says that he looks for candidates who have both a strong security background and a hands-on interest in blockchain.

Percoco notes that while Kraken does use external audits for legal reasons, having an internal security team allows him to continuously test Kraken’s products for potential vulnerabilities. It also helps develop a company-wide security culture, something especially important as criminal and nation-state hackers increasingly go after employees of digital currency firms.

“It’s more than the systems, it’s more than the policies, it’s more than the software — it’s essentially a mindset that everybody in the company is put into,” said Percoco.

Both Schwed and Percoco pointed to bug bounty programs, in which independent security researchers report vulnerabilities for a reward, as another key avenue for finding new talent. Major firms like NFT platform OpenSea and Solana host their own hack-a-thons as a supplement to traditional audits.

As the industry waits on universities and traditional training programs to catch up to the needs of the blockchain industry, some security experts have taken a hands-on approach to nurture new talent.

“There’s the tragedy of the commons that happens with education and talent,” says Rajeev Gopalakrishna, a researcher who founded Secureum, an online learning community and boot camp for security experts interested in blockchain security. “Everybody wants to hire talent. But who is going to train them or build the content?”

Since 2021, hundreds of individuals have used Secureum’s online training program. Gopalakrishna says he knows of about 20 students who have gone on to full-time work with auditing companies though many have taken the skills to do more hobbyist work like bug bounty programs. Trail of Bits also offers an apprenticeship program for security experts interested in blockchain.

Human intervention isn’t the only answer. Experts also pointed to advancements in automated tools that can help developers with more basic security functions. But such tools will never be a complete replacement for human expertise, says Guido. His firm found in a study that automated tools caught only roughly 50 percent of vulnerabilities in blockchain projects.

Of course, solving the blockchain security skills gap will only help security in the industry insofar as the growing number of crypto startups take advantage of it. The rapid development cycle of blockchain projects and the boom and bust nature of the industry means there will still always be developers who fail to prioritize security from the on-set.

“The overall security posture of the space was increasing, and then the bull market happens, and it’s really falling back to the way it was four years ago,” said Mehdi Zerouali, co-founder of security firm Sigma Prime. “And I think it’s just a matter of having so many more people joining this space, needing to potentially go through the same mistakes and realize the importance of security.”

Those mistakes are mounting. By one estimate, blockchain projects have lost more than $600 million worth of cryptocurrency from hacks in the second quarter of 2022 alone. And some of the biggest losses in 2022, including the record $600 million hack of Axie Infinity, were the result of traditional cyberattacks, not the exploitation of web3 technology. More recently, persistent attacks by North Korean hackers against cryptocurrency firms have rattled the industry and raised the concerns of the U.S. national security community.

“This has raised the stakes. It’s made the consequences of even minor failures much more severe,” said Guido. “And I just don’t think that many companies are prepared to operate in that kind of environment where they have a dedicated focus group of attackers that will stop at nothing until they achieve success.”

Those risks will continue to grow as blockchain technology develops and grows more complex.

“The average DeFi [decentralized finances] project we would look at one, two years ago has nothing to do with the average DeFi project that we would have now,” said Zerouali. “With innovation comes the question ‘How do you do so safely?’ It can be extremely difficult. So the more we progress the more complexity we’ll be facing, and the more risk we have to deal with.”

Correction 7/26/22: This story was updated because the original version incorrectly quoted Dan Guido, founder of security firm Trail of Bits, when referring to the use of external security consultants.

The post Spree of multimillion dollar hacks creates booming business for blockchain security experts appeared first on CyberScoop.

The CyberScoop 50 Awards celebrate and honor the accomplishments of cybersecurity leaders in both the public and private sectors. These people are responsible for protecting vital networks, information and critical infrastructure. Through their hard work, ingenuity, and creativity, they aim to fend off hackers, stay ahead of adversaries and protect American networks.

The post Cast your vote for the CyberScoop 50 appeared first on CyberScoop.

The IANS Executive Competencies report was developed from a research project examining what skills – technical and nontechnical – infosec leaders should develop or strengthen. From their study, IANS research produced a leadership competencies framework that uncovers 10 dominant competencies, grouped into three categories:

• Functional competencies foundational to the infosec role include technical ability, operations management, and governance, risk and compliance.
• Business competencies require building relationships and understanding the business, its customers and its financials. Competencies in this category are business acumen, business risk management and talent management.
• Leadership competencies center on the infosec leader that is effective at engaging with upper management, understanding power dynamics and assessing what motivates stakeholders. The competencies in this category are communication, culture and collaboration, executive presence and leadership agility.

The report also offers an assessment tool that evaluates individual leaders’ skillsets.

Learn more about the existing and upcoming important competencies needed for infosec leaders to excel. This article was produced by Scoop News Group for CyberScoop and sponsored by IANS Research.

The post Unpacking key competencies for infosec leaders appeared first on CyberScoop.

“I’ve traveled all over the world, from San Francisco to Singapore, and the only two things I have seen that have somehow lived up to all the hype that have preceded them are the Mask of Tutankhamun and Nate Fick,” tweeted Exum, a former senior Defense Department official, referring to an iconic golden mask that belonged to the eponymous Egyptian pharaoh.

Exum, now a consultant, said Fick will be perfect for the State role not primarily because he has ties to President Joe Biden, or that he has street cred with DOD as a Marine who completed two combat tours in Iraq and Afghanistan, but because he is a uniquely experienced leader with an enviable Rolodex populated with leaders serving throughout the executive branch.

“Nate has real friendships and relationships with some very senior officials across government, and that’s going to be really important for him and for the Department of State as it navigates the interagency conversation,” Exum said. “He has such close relationships with so many people working in this administration, in a variety of departments and agencies, that he’ll not only be an effective messenger for State Department equities, but he’ll also be an effective partner for people in other departments and agencies.”

Fick spent four years serving as the CEO of the national security think tank the Center for a New American Security, an elite organization with which several current Biden officials were formerly affiliated. He also serves on the board of the Council on Foreign Relations, which is heavily trafficked by former and current administration officials.

The State Department bureau will work to augment the Biden administration’s effort to provide digital aid to allies. It also will coordinate with international partners to manage threats and push American leadership to set global cyber standards, among other responsibilities. CyberScoop reported Wednesday that Fick was the administration’s selection for the ambassador post.

White House National Cyber Director Chris Inglis, for one, is a Fick cheerleader. Inglis said he can’t confirm or deny that Fick is the pick because it is for the State Department to announce, but added that he has worked with Fick in various capacities in the past and thinks he is “terrific.”

“He’s got a great reputation in the private sector, he’s shown himself to be a very good leader, both in the military and in the private sector,” Inglis said in an interview with CyberScoop on Thursday.

A diplomat who can navigate interagency tensions

Asked about the role Fick, a celebrated combat veteran, might play in helping State improve its relationship with the Defense Department — which has recently been contentious as the White House pared back some DOD cyber ops authorities by bringing State back into the decision-making process — Inglis said that as both a leader in the Marine Corps and as a private sector CEO, Fick possesses uncommon diplomacy skills.

Fick, Inglis said, is “somebody who can use the art of diplomacy to reconcile great and diverse sets of interests.”

DOD cyber authorities have been in the news since Tuesday when Cyber Command leader Gen. Paul Nakasone disclosed in an interview with the British outlet Sky News that the command has conducted offensive cyber operations to support Ukraine in its battle to push back against Russia.

“We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” Nakasone said in an interview with Sky News.

After the comments surfaced, White House press secretary Karine Jean-Pierre said the White House view is that the offensive cyber-operations do not violate a pledge Biden made not to attack Russia militarily unless the US or its allies are attacked.

Cybersecurity leaders abroad also celebrated the Fick pick. Ciaran Martin, who served as the first CEO of the National Cyber Security Centre in England, said that State’s new Cyberspace and Digital Policy ambassadorship is much needed.

“Most allies are likely to view this very positively,” Martin, who now teaches at Oxford and advises the cyber investment company Paladin, told CyberScoop by text. “They look to American leadership in global cyber discussions and there’s only so far that the operational agencies can go in this space. So, it’s hard to see many, if any, downsides in having someone senior in State with national security credibility who is close to the Administration in a role like this.”

Filling a void at State

For many years no one at State has had responsibility for the many aspects of the cyber portfolio encompassed by the new ambassadorship position, insiders say.

It is past time for the State Department to create the role Fick would enter, assuming there are no last minute, major hiccups in the vetting process, one former Five Eyes security official said. Toby Feakin, who was appointed Australia’s inaugural ambassador for cyber affairs and critical technology in 2017, is considered “the stalwart” the official said, but a number of other countries, including Russia, also have cyber ambassadors.

Kevin Sheives, who worked at State for nearly 15 years — most recently as a long-standing official on the China desk and as an adviser for the Global Engagement Center’s counter-disinformation work on China — said that Fick’s role will be critically important, but that because no one has owned the issue set so comprehensively prior to now, Fick could have a lot to grapple with.

“The ball was up in the air, it was an important ball, and no one either had the authority to catch it, or the capacity really to do it well,” said Sheives, who left State in 2020 and is now associate director at the International Forum for Democratic Studies at the National Endowment for Democracy. “Even when there was a political imperative to engage with some of these international organizations and put forward strong candidates and strong campaigns … people didn’t quite have the resources and structure to execute them.”

While some close to the Defense Department suggested Fick would not play much of a role in directing State’s input on the cyber operations decisions which are governed by the newly revised National Security Presidential Memorandum-13, Christopher Painter, who previously held the role of cyber coordinator at State, disagreed.

Painter, who was the most senior person in the department working on cyber issues during his tenure, said that he regularly worked with the DOD on cyber operations and believes that Fick’s celebrated military background can only help him in such a role.

Political connections could help

Painter said Fick’s ties to Biden, who he campaigned for in 2008 and delivered a keynote speech for when Biden was the nominee for vice president at the Democratic National Convention, will also be valuable.

Fick’s political connections could bolster his success in working with other major agencies involved in cyber issues like DOD, the Department of Homeland Security and the Department of Justice, Painter said.

Painter said the most important factor determining Fick’s success will be the backing he gets from within State. Painter said he has spoken with both Secretary Antony Blinken and Deputy Secretary of State Wendy Sherman about the job, and he knows they have spent many hours thinking about the role, which underscores how closely they will likely manage and support Fick.

That support will be crucial, Painter said, because “there’s lots of bureaucracy.”

Fick lacks experience at the State Department and in diplomatic circles, which Painter said may be difficult for him at least initially.

“He brings certain attributes to the table, but it’s going to be a learning curve,” Painter said. “It’s a different culture.”

Some say Fick’s outsider status is just what is needed to shake things up at State.

“It is very good that he has private sector cyber experience, as a lot of the new Bureau’s challenges will center around how the State Department works with the private sector on international standards setting and digital economy efforts,” said Mark Montgomery, the former executive director of the Cyberspace Solarium Commission and the senior director of the Center on Cyber and Technology Innovation at the Foundation for the Future of Democracies.

Montgomery, who served as policy director for the Senate Armed Services Committee under former Sen. John McCain, said Fick’s military history is just the shot in the arm State needs.

“His Marine leadership experience will come in handy as he deals with State Department bureaucracy,” Montgomery added in comments he sent by email. 

The post Fick would bring much-needed energy jolt to State’s new cyber bureau, observers say appeared first on CyberScoop.

DHS said it had intended the board to be an “internal working group” designed to ensure the agency’s disinformation work “protects free speech, civil rights, civil liberties, and privacy.”

The decision to pause its work comes mere weeks after the board was announced and quickly decried. Twitter’s soon-to-be new owner, Elon Musk, tweeted of the board, “This is messed up.” Others, particularly on the right, likened the board to George Orwell’s Ministry of Truth in the dystopian novel “1984.” Republican legislators sent DHS Secretary Alejandro Mayorkas a blistering letter denouncing “the complete lack of information about this new initiative and the potential serious consequences of a government entity identifying and responding to ‘disinformation.'”

A DHS spokesperson said in the announcement that the board had been “grossly and intentionally mischaracterized: it was never about censorship or policing speech in any manner. It was designed to ensure we fulfill our mission to protect the homeland, while protecting core Constitutional rights.”

The spokesperson said that the attacks on the board had become a “significant distraction” from DHS’s work to fight disinformation.

Mayorkas has asked former DHS Secretary Michael Chertoff and former U.S. Deputy Attorney General Jamie Gorelick to lead a review of the agency’s efforts to address disinformation “while protecting free speech, civil rights, civil liberties, and privacy.” The review, which will be conducted through the bipartisan Homeland Security Advisory Council, also will recommend ideas for how DHS can achieve greater transparency across its disinformation-related work.

Nina Jankowicz, a disinformation scholar who had been appointed to lead the board, submitted her resignation Wednesday. As the backlash to the board became more heated early this month, Jankowicz endured personal attacks and physical threats.

“It is deeply disappointing that mischaracterizations of the Board became a distraction from the Department’s vital work, and indeed, along with recent events globally and nationally, embodies why it is necessary,” Jankowicz said in a message accompanying the DHS statement. “I maintain my commitment to building awareness of disinformation’s threats and trust the Department will do the same.” 

The post DHS halts Disinformation Governance Board amid strong backlash appeared first on CyberScoop.

The office (ONCD) formed last year after the Biden administration confronted a series of major incidents, including the Russian hack that used SolarWinds software to break into several federal agencies.

Kemba Walden will serve as the first principal deputy national cyber director and Neal Higgins and Rob Knake as deputy national cyber directors. Walden is an attorney who comes to ONCD from a position at Microsoft in which she was responsible for launching and leading the Digital Crimes Unit’s program to combat ransomware. Prior to Microsoft, Walden worked at the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security.

Neal Higgins, who will be the deputy national cyber director for national cybersecurity, most recently served as associate deputy director for digital innovation at the CIA. In that role, Higgins was responsible for CIA’s cyber operations, open source collection, data science and secure global communications. Prior to that, Higgins served as CIA’s director of congressional affairs and as deputy chief of the WikiLeaks Task Force.

Higgins and Knake have already begun their work at ONCD while Walden will be joining the office in the coming weeks.

The post Office of the National Cyber Director hires Microsoft exec, CIA official appeared first on CyberScoop.