 Welcome back everyone to day three of theCUBE's live coverage of MYs here in our nation's capital. I'm your host, Rebecca Knight, along with my co-host and analyst, John Furrier. We are joined by Sandra Joyce. She is the VP of Mandiant Intelligence, Google Cloud. Thank you so much for coming on the show. Thank you for having me. Yeah, we're excited to have you here. So there has been a marked shift in zero-day exploitation and cyber espionage tactics, especially from China. I'd love to have you talk to our viewers a little bit about what you're seeing and what you're observing now. Well, this transformation has really occurred over the last two years. And what we've been observing is this shift from China having, let's say, tier two or tier three level capabilities in the space, very noisy spearfishing emails. They have evolved to have the capability to take on operations that are very difficult to track, very difficult to understand and to mitigate. So they've really graduated into what I would consider a cyber superpower status at this stage. What are some of the tactics and strategies that they use for their attacks? And they're a state actor, but there's also off-state kind of activity where they enable, using open source, other tactics. What are some of the moves that they're making as a tier one or, as Kevin says, apex attacker? Varsity. They become the varsity team, pro ball, the speed of the game. What's their current moves? What are their plays? Right, so some of this has to do with really targeting what we call edge infrastructure, or those components or appliances that connect to the internet themselves, right? So there's one piece. There's also trying to evade EDR or the lateral movement technology we have in place to look at how endpoints are protected. So they're going to go after that, try to shut those things off or evade them completely. Another piece is they're issuing and exploiting zero days at a rate that already surpasses year to date. We've looked at about 60 or more, like 62, I think, where they've exploited zero days in the wild, not necessarily just China, but China's a big percentage of that. Last year was 55 for the whole year. So exploiting zero days, edge infrastructure, they're also looking at obfuscating obfuscation networks like routers from even home businesses and home offices. So they really are doing a lot of different things. Why now, what is it about this moment in time that has really, what's going on? I think that one axiom we always live by or once our rule is geopolitics begets cyber activity. And what we're seeing is the rising tensions between the US and China, and that's really changing the game in cyberspace. So we're seeing this very aggressive action on the part of Chinese threat actors, but it's really tied to these escalating tensions. We expect to see more of this type of thing when things are not going so well, because it is a way that you can do force or power projection with very little risk or repercussion. One of the things that Kevin talked about is keynote, the three things, he goes into the three things. I'm going to tell you three things and then tells them, then tells what you told them. Love that military kind of vibe there, but one of the things that was interesting was the public-private partnerships. So how do we, as in America and other countries, protect ourselves from premeditated moves? So China, obviously they orchestrate government, banks, personnel, AI now to target and premeditate, attack our country as if they dropped troops on our shores, but it's digital. They're digital, so they're digital troops. So how do we look at that as a country and how do companies protect themselves? I think one important principle to realize is that we have, for very important reasons, a delineation between what we allow our intelligence agencies to do domestically and what really belongs to the private sector. And this is to protect our civil liberties, our rights, our free speech and all of that. Well, this doesn't exist in other countries where, for example, the Chinese government can direct and can be very intrusive into the businesses within China. That's not how it works here. So if the people trying to protect us need insights into what threat actors are doing in the domestic space, in the private sector, they have to go ask the private sector. And that is why these public-private partnerships are so important because we need to be able to cover all of that ground. We need to be able to say, if they're abusing infrastructure in a company, we want to protect the privacy of those users, we want to protect the contracts that are in place, but can we talk about the threat actor activity and work together to bring them to justice? We have Space Force for Space, which is congested and contested, and more and more, it's obviously a fun topic as well. But is there going to be a military branch for cyber in the sense of offense, like to counter, strike or manage? You see recruitment going on for folks, FBI say, hey, work with us. Is there a future where there's digital soldiers? Well, the future is here. It's called Cyber Command, right? And the NSA being part of the Department of Defense is also conducting cyber operations. That is, their unclassified charter is that, in fact. And really, every branch of the military has a cyber force as well. So we do have a growing set of cyber expertise, second to none in the world. And so it's their role and also the private sector's role to help in the defense of our country. And the countries of allies and like-minded people who want a rule of law kind of environment. I always say gamers, I'll make a great candidate for potentially multiplayer fun. And actually the skills needed, what are some of the skills for folks watching out there, there are a lot of people who are passionate about what's happening. How do they know if they're a candidate for being a cyber engineer or a scientist or warrior or participant? There are so many jobs in cyber security. And so if you like solving problems, if you want to defend your nation, if you want to defend your organization, if you like to tell the stories of what happens in an investigation, if you're curious about things, that's really all it takes. And then after that, just see where you have expertise and where you have natural talent. So if you want to code, lots of open spaces for people who want to code. If you're not a coder, we still need analysts, people who speak different languages. We need people who know how to pull apart investigation. We need people who can communicate about it in our comms team, who can put the message out. So there's really a wide swath of attributes that are needed to really provide that collective defense. We had some great women on yesterday and other experts. They said, it's fun. Cyber security is actually fun. It's a fun job. So there's a lot of folks out there who are always interested in this. Talk about AI. Now, AI is coming around the corner. That's going to be an enabler for this next generation of defenders, okay? And we did a poll on Twitter with our audience that who wins with AI, the attackers or the defenders? Now, the votes were the attackers, but the most people initially, no, the defenders. So there's a shift of opportunity to get a leg up, so to speak, with AI. What's your view on that one? Definitely a defender's advantage. And there's a lot of reasons why. I mean, the technology that's in place right now for AI has actually been around for quite a while. So the development of it has come a long way. But these language models are going to help cybersecurity workers do the parts of their job that aren't that fun, right? Things like efficiency and what they're doing, helping to find anomalies in a bunch of alerts. It's that kind of 10xing of the analyst and 10xing of the researcher that is going to make a difference. Right now, we're looking at something like a 750,000 person cybersecurity workforce shortage. And we've been trying to do a lot to fix that. Let's graduate more people. Even Google's got a bunch of really great programs to certify and to teach and learn and get into that. But on the demand side of the jobs, the jobs are hard, they're fun, like you said, but they're really hard too. A lot of it is because there's a lot of manual tasks. That's where AI can come in and help. That's what Kevin Mandier was saying, that this is the solution to the burnout that so many cybersecurity teams face that AI can really help them with those road tasks. It'll be part of the solution, right? So there's never a magic pill, right? But what we're seeing is that it has the potential to really allow a cybersecurity worker to do so much more than they used to be able to do. So this whole leaderboard aspect fascinates me about the nation-states. Obviously, China's number one now. Russia kind of built a number two. North Korea, you could argue maybe in two, three. And then Iran and others. Is the Ukraine war, some say it was a test kitchen for Russia in a lot of their cyber? It's been talked about publicly in articles. Not sure if you agree with that or not, but now that you've got the conflict, has that forked and changed the power dynamics between Russia and China, or is China just surpassing them just on pure execution? It really depends on what we're asking about. Are we asking about just sheer numbers? Well, then China would be there. But if we're asking about true technical capabilities, we still have tremendous capability from the Russian threat actors that we track. And that's a really serious issue, is that the technological capability is very sophisticated. What we've learned, though, from the invasion into Ukraine is a lot of important lessons. We've seen that the Russians were able to exploit some, they were able to gain access because there had been placement in a network for years already. So they had done their homework right before going in. We've learned that when infantry battalions were moving through, we saw that they were being taken over, like networks were being taken over physically as they moved along, which means they had embedded cyber-action teams with their groups. We learned that they would use information operations together with their cyber-actions. So if there was anything good from years and years of Russian aggression, is that we have learned a lot about what they can do and what they're capable of. One of the things that, we were back and I had been talking a lot on theCUBE here and as well, other events is culture, is what's your vision on how cyber culture is very collaborative, obviously sharing's a big part of it. Yeah, share responsibility, there's some seams there, okay. But as the lights get turned on on some of these tactics that are state-sponsored, but not obviously their fingerprints aren't on it, whatever, however they're executing, but as it becomes well-known that they're involved, these state actors, what's the policy going to, what's the punishment, what's the effort? Is it collaborative, do we go more global? Is the opportunity with geopolitics to be more collaborative? What's your vision on how we solve this problem where we say, all right, enough's enough, stay in your lane, don't screw around anymore. This is an interesting time, it's not just a military response, the classic sense, but there needs to be a response. What's your vision on that? Well, the way I see it is, some of these cyber problems actually don't get solved with cyber means. Some of these are diplomatic issues, some of these are the geopolitical issues that need to be solved first, because a lot of, for example, cyber criminals and others are operating out of areas where there's no riskier repercussion for what they're doing. And it's going to take that host country to take action against them, or to stop the actions that they're doing. While I think that putting up a vigorous defense is an absolute must, it's a moral obligation to put up the best defense possible, if we want to solve the core of this, that's outside of the cyber domain. That's up in the, how can we deter these actions? How can we get engagement with countries where we need to come to a place of peaceful coexistence? Because as these tensions rise at the end of the day, what do we want the future to look like? And I think everybody wants a peaceful coexistence, right? It's hard to think about those things when you're in the middle of what feels like the back and forth of a cyber conflict. So in this delicate geopolitical environment, how are you, how should organizations be thinking about the rise of China through these espionage acts and other state actors? What are you advising companies to do? Well, the first piece is if private sector companies think they're not a part of this stuff, that it's all out there like a geopolitical mess, that's for the government to solve. What we're seeing is they're on the front lines of this. So I'll give you a couple of examples. North Korea is stealing cryptocurrency from individuals and businesses in the United States to fund their own cyber operations and fund their nuclear program. So we have to be cognizant of things like that. Jenny Sterly, the head of CISA at DHS, said that in the event of a conflict with Taiwan, she publicly said that critical infrastructure in the United States would be a target. Well, most of that is owned by private sector. So all of those organizations had to sit up and take notice that they're a part of this. So in cybersecurity, a lot of people say it's a team sport. It is because it truly is collective defense. Individuals, businesses, organizations, and the government, all of us have a piece on this and we all have to work together. That's the culture piece too. That's changing a lot now. That's right. Is there anything that's jumping off the page in your mind that's new in cyber that wasn't a factor a few years ago relative to either culture, personnel, or technology, or just thinking? Well, one thing I've always liked about the security community is we all know who the bad guy is. We all know who the enemy is. And that has led to an industry like cybersecurity where we have competitors. We will compete vigorously with our competitors. However, we know each other. We all respect each other. And when tensions get high, if there is something that is truly wrong, we will call over and we will say, hey, are you seeing this because this is what we're seeing, it's serious. And in that way, that is one thing I really like about, especially in cyber intelligence, there is sort of a camaraderie amongst defenders and a defender community that's very strong. And without that, we wouldn't be where we are today. So we've talked a little bit about jobs in this industry. We've talked about burnout, the culture piece. I want to ask about your career because you are one of the best educated people we've ever had on theCUBE, many master's degrees and MBA, you're in a PhD program right now. So how are you thinking about the next generation, particularly of the next generation of women cyber defenders in this industry and making sure that they're getting the opportunities and they're rising to leadership positions and board positions? Well, academics only gets you so far. That to me is more, that's my hobby. That's what I do with my, that's my me time, right? But really it's about gaining experience where you can and making sure that you really take risks. When somebody says, hey, we need somebody to cover on this target, be the person that says, sure, I'll do that, I'll learn something new. And one of the reasons I like structured learning is because knowledge has a half-life. The things that we were talking about five years ago, they're not that relevant today. So where are the deep conversations happening that could be happening in a classroom? They're probably though happening in the middle of a cybersecurity conference where you can sit and you can talk to people who are going through a bunch of things. However you learn, however you educate yourself, just be a lifelong learner in whatever form that is, whether you're watching YouTube videos, you're taking courses on Coursera, you're going to conferences and talking to people, but always be learning. And if it happens to be at a grad school, fine. But that's not the only place to learn. The ability to level up too now, if you're coming into the industry, it could look scary from the outside. But to your point about technology shift and new things, people can come in and level up pretty quickly. Technology's changing so fast. Yeah, and there are a couple of things where I think that everybody needs to learn a little bit more of. AI is probably one of the first ones. If educate yourself, there's some great YouTube videos that Google's produced on what is AI, what does it mean, what are large language models. It really is anybody who wants to be serious in this industry really needs to understand those things. Another thing, geopolitically, tensions about things like semiconductors and chip technology, we need to know what those are. If we're in a situation where we might have a conflict over something like that, do we know a lot about it? And the more people that learn about it, maybe the more innovations we can come up with and alternative paths and other things. So this is a time where so much new technology is coming in, it's exciting, it's going to help us defend. So let's learn about it. As Kevin would say, we want to up our game. We want to up our game. Up our game here in the United States. Excellent, a great note to end on. Sandra Joyce, thank you so much for coming on theCUBE. Thank you so much for having me. I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE's live coverage of MWISE.