Last Month in Security 011: Former White House CIO Theresa Payton

In this edition of the Halcyon video/podcast series Last Month in Security, host Anthony M. Freed and panelists Ben Carr and Stacey Cameron sit down with Theresa Payton, CEO of Fortalice Solutions, whose many claims to fame include being the first and only female White House CIO:

First, we delve into the subject of how best to recognize women and other traditionally underrepresented groups in security specifically, and STEM fields in general. Theresa has been named in numerous “influential women in security” style lists and media articles, so we discuss the balance that needs to be struck to be effective.

Highlighting role models is important so we can attract more unrepresented groups to the field, but we need to do it in such a way as to not perpetuate the “other” stigma by creating classes of professionals, which can work against the intended goal of more inclusion, instead of simply recognizing everyone for their individual skills and accomplishments without regard to qualities that are otherwise completely irrelevant.

We then jump into trends we are seeing in some recent ransomware attacks that demonstrated some unconventional infection vectors and talk about the challenges they pose to traditional cybersecurity defense frameworks.  

For example, the Akira gang used an unsecured webcam to bypass EDR systems, how Medusa deployed a malicious ABYSSWORKER driver to disable EDR using a BYOVD (Bring Your Own Vulnerable Drive) technique, and how RansomHub’s EDR-Killer tool is showing up in recent Medusa, BianLian and Play Attacks.

We wrap the show with a look at one of Theresa’s best-selling books, Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth, that explores the complexities of digital deception and cyber manipulation that threaten the integrity of everything from our elections to our personal security.

Theresa describes the growing sophistication of digital propaganda campaigns that have had a significant impact on democratic processes. Prior to the last election, there was little change in combating disinformation, and post-election efforts seem to have regressed, hindering progress in addressing misinformation.  

Theresa asserts that in order to counteract misinformation and protect our electoral systems from foreign influence, it is essential to implement comprehensive strategies that promote media literacy and enforce regulations holding platforms accountable for the spread of disinformation.

About Our Guest:

Theresa Payton is a trailblazer in cybersecurity and technology, known for her deep expertise and impactful leadership. She made history as the first female Chief Information Officer (CIO) at the White House, serving under President George W. Bush from 2006 to 2008, where she managed IT operations for the Executive Office of the President.

Before her White House role, Payton built a strong foundation in the financial sector, holding executive positions in banking technology at Bank of America and Wells Fargo. These roles gave her a comprehensive understanding of cybersecurity challenges within the financial industry. Her academic background includes a double major in economics and business from Immaculata University, along with a computer certification program that ignited her passion for technology.

Following her public service, Payton founded Fortalice Solutions in North Carolina, where she now serves as President and CEO. Under her guidance, the company has grown into a leading national security firm, staffed by experts dedicated to defending organizations and government entities against cyber threats. She also co-founded Dark3, a cybersecurity product company, further cementing her influence in the industry.

Payton is widely recognized for her ability to break down complex cybersecurity topics for the public. She has shared her insights on high-profile programs such as The Today Show, Good Morning America, Fox Business, and Fox News. She also served as a lead investigator on the CBS reality series "Hunted," in which teams tried to evade capture by expert trackers.

Her achievements have earned her numerous honors throughout her career. Security Magazine named her one of the "Top 25 Most Influential People in Security," and she was awarded "Woman Cybersecurity Leader of the Year" in 2019. In recognition of her efforts to fight cybercrime, she also received the FBI Director’s Community Leadership Award.

Theresa’s books include:

• Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth: This book explores the complexities of digital deception and cyber manipulation that threaten the integrity of elections and personal security.  

• Privacy in the Age of Big Data: Co-authored with Ted Claypoole, this book examines the challenges to personal privacy in the digital age and offers practical advice on defending privacy rights and protecting one's family from data breaches and identity theft.  

• Protecting Your Internet Identity: Are You Naked Online?: Also co-authored with Ted Claypoole, this work explores the concept of online identity, and the risks associated with digital footprints, guiding readers on managing their online personas and safeguarding personal information.

Your Hosts:

Anthony M. Freed, Halcyon Director of Research and Communications: Freed is a strategic communications leader, award-winning writer, publisher and podcast producer who was previously a freelance security journalist leading headline-making investigations that included the Symantec NAV source code leak, the mass compromise of US government agency account credentials, the denial-of-service attack that took down WikiLeaks, and more. Freed is also the principal researcher who produces the quarterly Halcyon report Power Rankings: Ransomware Malicious Quartile - Inside Data Extortion Attacks.  

Ben Carr, Halcyon Chief Security and Trust Officer: Carr is a Security & Risk Executive and recognized thought leader with more than 25 years of results driven experience in developing and executing security strategies. Carr has served in global leadership roles at advanced technology, high risk, and rapid growth companies such as Ericsson (Cradlepoint), Qualys, Aristocrat, Tenable, Visa and Nokia. Ben has served as a member of the Board of Directors for organizations such as IT-ISAC and NTXPKUA. He is an advisor for Noname Security and Syn Ventures and has previously served on Advisory boards for Living Security, TruStar, Mimecast, Qualys, and Accuvant.  

Stacey Cameron, Halcyon Chief Information Security Officer (CISO): Cameron has over twenty years of industry experience in information security supporting private corporations, civilian federal agencies, and DoD agencies’ classified and unclassified environments. She has supported a variety of compliance initiatives such as DoD Information Technology Security Certification and Accreditation Process (DITSCAP), DoD Information Assurance Certification and Accreditation Process (DIACAP), DISA’s Computer Network Defense Service Provider (CNDSP) program, Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), FBI Criminal Justice Information Services (CJIS), North America Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), PCI DSS, ISO 27001/2, HIPAA, SOC 2, NIST SP 800-171 (DFARS) - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and Cybersecurity Maturity Model Certification (CMMC) readiness.  

Subscribe to the Show:

• Apple Podcasts  

• Spotify  

• Amazon  

• Podcast Index  

• Podcast Addict  

• Podchaser  

• Pocket Casts  

• Deezer  

• Listen Notes  

• Player FM  

Halcyon.ai eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more, and check out our quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.