Join us as Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, delves into the dynamic realm of cybersecurity at RSAC 2025. Hosted by the co-founder and co-CEO of SiliconANGLE Media, Dave Vellante, and theCUBE Research's principal analyst, Jackie McGuire, this engaging discussion uncovers the latest trends and strategies shaping the cybersecurity landscape.
In this video, Whitmore shares insights on their new role at Palo Alto Networks and efforts to enhance partnerships with government organizations. With a wealth of experience, they explore the evolving threat landscape, including the merging sophistication of nation-state and cyber-criminal actors, as well as the importance of rapid intelligence sharing. Through conversations with experts, viewers gain a deeper understanding of the complex dynamics in cybersecurity today, such as the insights into AI's role in defensive strategies.
The discussion sheds light on critical takeaways, such as the significant strides made by defenders in enhancing their responses to threats using AI, as highlighted by Whitmore and industry analysts. Key insights include the transformation of security measures, with organizations reducing their response times dramatically through AI advancements. According to Whitmore, the current state of cybersecurity emphasizes the need for cultural shifts and collaborative defense strategies among various sectors to counter effectively the growing complexities of cyber threats.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Wendi Whitmore, Palo Alto Networks
Exploring Cybersecurity Challenges and Innovations at RSAC 2025
Join us as Wendi Whitmore, Chief Security Intelligence Officer at Palo Alto Networks, delves into the dynamic realm of cybersecurity at RSAC 2025. Hosted by the co-founder and co-CEO of SiliconANGLE Media, Dave Vellante, and theCUBE Research's principal analyst, Jackie McGuire, this engaging discussion uncovers the latest trends and strategies shaping the cybersecurity landscape.
In this video, Whitmore shares insights on their new role at Palo Alto Networks and efforts to enhance partnerships with government organizations. With a wealth of experience, they explore the evolving threat landscape, including the merging sophistication of nation-state and cyber-criminal actors, as well as the importance of rapid intelligence sharing. Through conversations with experts, viewers gain a deeper understanding of the complex dynamics in cybersecurity today, such as the insights into AI's role in defensive strategies.
The discussion sheds light on critical takeaways, such as the significant strides made by defenders in enhancing their responses to threats using AI, as highlighted by Whitmore and industry analysts. Key insights include the transformation of security measures, with organizations reducing their response times dramatically through AI advancements. According to Whitmore, the current state of cybersecurity emphasizes the need for cultural shifts and collaborative defense strategies among various sectors to counter effectively the growing complexities of cyber threats.
Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, joins theCUBE’s Dave Vellante and Jackie McGuire at the RSAC 2025 Conference to explore the intersection of threat intelligence, AI and government partnerships. The conversation focuses on how cybercriminal and nation-state tactics are converging, and how defenders are responding in real time.
Whitmore shares how Palo Alto Networks is advancing its work with public sector organizations to improve intelligence sharing and response coordination. She also discusses how AI is help...Read more
exploreKeep Exploring
you have to do, really, is be able to leverage those tools for whatever your objectives are.add
What is the percentage of cases investigated by unit 42 last year that involved some sort of operational disruption in the cybersecurity realm?add
What impact can the transformation of mean time to contain have on organizations in terms of improving security, employee satisfaction, and overall performance?add
>> Everybody, welcome back to our live coverage of RSAC 2025. I'm Dave Vellante. I'm here with Jackie McGuire, and we're pleased to welcome back Wendi Whitmore, who's got a new role. She's the Chief Security Intelligence Officer at Palo Alto Networks. Great to see you again. Thanks so much for spending some time.
Wendi Whitmore
>> Always great to see you.
Dave Vellante
>> Yeah, can't get enough. I mean, it feels like every year, it's like this year flies by and we're back at RSA, RSAC now. So tell us about the new role. What's that all about?
Wendi Whitmore
>> Yeah, well, first just want to say excited to be here. We always enjoy talking to you, and the program here is so great. So Chief Security Intelligence Officer, so really what I'm tasked with is bringing our intelligence insights to life for our clients. So what does that mean? How do we build resilient cybersecurity programs both within our commercial client base, as well as with government organizations? So I'm doing even a lot more partnering with federal government organizations both within the US and abroad to really make sure that our partnerships remain strong and that we're sharing intelligence rapidly.
Dave Vellante
>> That's cool. Last night, we did theCUBE at Sundown in Bocadero. We were there with Open Policy and NYSE, and there were a number of folks there that were service companies or software companies helping organizations get fed grant certified, which is not the easiest thing in the world to do.
Wendi Whitmore
>> Right.
Dave Vellante
>> So that's key. Okay. What's the latest? Threat intelligence, you know, Jackie and I were talking yesterday. I simplify things with the pyramid, nation-state actors, you know, e-crime, organized crime, and then hacktivists, and AI giving the bottom end of the pyramid more capabilities. Jackie, you have a little more nuanced approach, but what are you seeing from the threat intelligence?
Wendi Whitmore
>> Well, I think let's start with maybe two areas here. So oftentimes, we distinguish nation-state actors and cyber criminal actors, with nation-states being some sort of political objective, cyber criminals obviously having typically a financial motivated, looking for a return on their investment. And one of the areas that we're really seeing is that it's becoming more difficult and challenging to distinguish those two groups.
Dave Vellante
>> Really?
Wendi Whitmore
>> And oftentimes, it's because if you think about nation-state actors, if they can use really capable toolkits that have been built by someone else and potentially have the plausible deniability that that wasn't them, then great. There's just so many effective tools out there that all of those teams can leverage. The second part of that is that when we think of cyber criminals, I think we often previously have thought of a less capable group that's loosely affiliated. There's some teenagers in basements, and they're part of it. And I'm not saying that that part isn't happening, but what I'm saying is that is now a well-funded group that is commanding in the billions if not trillion dollars annually collectively and taking portions of their proceeds and investing that into R&D. So you're not looking at, again, a kid in the basement. You're looking at a well-funded hacker in a penthouse who flies private jets around the world. And so those are two different things in that regard. And then the second part that I was going to cover is something we're seeing actually now increasingly coming from nation-state actors as well, but also predominantly from cyber criminals, which is disruption. So 86% of the cases that unit 42 investigated last year involved some sort of operational disruption, the inability to provide a service or care to a patient, the inability to process records, to process payroll, to provide payments to vendors and suppliers. And all of that then oftentimes commands public attention, but it also just puts so much pressure on these organizations to make a quicker decision, to decide to pay or not to pay, or to take some sort of action. And I know we're going to talk about more in the nation-state side, but I think there's increasing concern that a lot of these compromises going into critical infrastructure could be certainly laying the groundwork and the framework for that type of action moving forward.
Dave Vellante
>> Because the conventional wisdom is at the top of my simplified pyramid, there are fewer, but they're more sophisticated, and in the middle of the pyramid, there are more, but they're less sophisticated. You're saying those two worlds are maybe coming together in terms of sophistication?
Wendi Whitmore
>> Starting to mesh a bit.
Jackie McGuire
>> Well, I assume they're having to fund their own operations, right? So some of these nation-states are not the wealthiest states in the world, and I imagine that if you have thousands of hackers, that eventually, you're going to need to fund your operations somehow. So I guess there's also kind of an incentive to kind of merge the two worlds, so that you're also making a profit on your nation-state acting.
Wendi Whitmore
>> Well, so a fantastic example of that would be what the North Koreans are doing, and that's twofold, I would say.
Jackie McGuire
>> That was the first country that came to mind. It's like they're not a wealthy country, and so they need to pay for what they're doing.
Wendi Whitmore
>> Well, and initially, the thought is that they got into the ransomware operational type of work, so that they could actually fund nation-state capabilities and provide money back into the back-end machine. But now when you see these fraudulent employment scams, we see them also looking to lure developers. So not only they're putting fraudulent employees in large organizations throughout the world, but then they're looking to entice developers to apply for jobs which look fantastic, look very lucrative. They have built out these really sophisticated personas online. So if you investigate and say, "Well, who is Dave?" And, "Oh, look, Dave's already connected to everybody I know. He's got a track record that looks legitimate on LinkedIn. I'm going to apply for this job."
And then lo and behold, "Hey, as part of round two, we need you to download this software package from GitHub." And oftentimes, people are applying for these jobs on their corporate laptops, so now we're going to infect them. But all of that, then, I think when this first started coming out, and we started doing investigations and seeing this, we thought, "Okay, this is a one-off here, one-off there." And now the scale of it, I think, is becoming much more obvious, and that's a sophisticated nation-state operation that's taking in money from multiple parts in order to bring back to their economy.
Dave Vellante
>> Well-thought-out strategy.
Jackie McGuire
>> And it's more of a long-term game too. Dwell times are up. So you were talking about these actors kind of putting more emphasis on a company to make a decision. Is that correlated with the fact that ransoms are not being paid as often, that ransom payments are dropping? Is that why they're putting more pressure on companies with operational?
Wendi Whitmore
>> It's a great question, and it's an interesting dynamic because initially when we saw ransomware disappear encryption of data, what that led to is more companies investing in technology to be able to successfully get access to their backups and not have to pay a ransom. The technology there has increased, business processes have improved, and so organizations by and large are doing that really well. I also think that related too, then we moved to kind of this idea of extortion, like, "I'm going to put your information out here." I think we all have become somewhat apathetic, I don't know, might be too strong of a word, but we hear about data breaches every day. So it's like, "Oh, okay, this company gets breached, this company gets breached. I'm not as worried about that as a consumer," for example. So now, I think that both of those have contributed to what we see is this complete disruption because if you are in the news because you can't conduct patient care, you can't check people into your facilities, that becomes a very newsworthy story, and it puts so much pressure on these organizations.
Jackie McGuire
>> And I think we've even heard of hackers reporting to the news that they've compromised places.
Dave Vellante
>> Oh, yes.
Jackie McGuire
>> They're like, "Hey, FYI, just so you know, this company's not disclosing it."
Wendi Whitmore
>> Right? "They haven't filed their disclosure with the SEC, and we just want to let you know we were here."
Jackie McGuire
>> Yeah.
Dave Vellante
>> Publicly debating and refuting the company's claim. I mean, that's .
Jackie McGuire
>> Materiality is very subjective, as it turns out. The SEC says you have to disclose material cyber events, but they don't really say what material means, so I guess that's very subjective.
Wendi Whitmore
>> Well, on the company's lens, it's often really difficult to determine that within a four-day period.
Jackie McGuire
>> Yeah.
Wendi Whitmore
>> Information is flying at you incredibly quick. It's dynamic. Something you thought was clear and accurate could be completely refuted two hours later because you get new data. So that's a challenging part that we are always working with our clients with, as well as the lawyers, to say, "Hey, okay, we need to make factual statements based on what we know now," but again, that could change very quickly, especially in those very early days of an investigation.
Jackie McGuire
>> Because they're getting better at covering their tracks, right? So we're seeing, especially the nation-state actors, they're fantastic at clearing logs. They go through and just blow out any indication they were in there, and so I think a lot of times the blast radius looks a lot smaller than it is, and then you're like, "Oh, actually, it looks like they got to all of these things. They just were able to blast the logs before we backed them up."
Wendi Whitmore
>> Well, and that in combination with just having malwareless attacks.
Jackie McGuire
>> Yeah.
Wendi Whitmore
>> So it used to be 10 years ago, I was investigating these attacks, and we'd be like, "Oh, they compromised 300 systems in an environment that maybe had 10,000 employees," and that was really common, and you could tell because you could see which pieces of malware were on those systems, which systems they only accessed, but didn't put malware on. Now, to your point, they not only clean the evidence, but they're oftentimes very adept at looking at, "Hey, we're going to use the tools that already exist within the infrastructure," so you're not looking for malware. You're searching for evidence of malicious use of existing tools and some sort of process that's out of place.
Jackie McGuire
>> Yeah.
Dave Vellante
>> Living off the land, I think they call it.
Wendi Whitmore
>> Absolutely.
Jackie McGuire
>> Yeah, and a potential back door. And I think that's the hardest thing, is you can find a back door when it was just a house, but we're now trying to secure these 800-story-tall business buildings, and you could hide a back door anywhere. And I think that's one of the scariest things with my friends who do incident responses. You're just praying that you found everything there is to find, and sometimes it's really difficult.
Wendi Whitmore
>> Well, and that points, I think, to the need to leverage AI from a defensive perspective. So you cannot do what you just said manually and be effective, not at the speed or the scale that these attacks are coming at. So your ability to take those tasks, which used to be manual, which are very routine and repetitive for humans, and provide those to the machines who can do that much more effectively, and leave your smartest humans to do the more sophisticated analysis is critical.
Jackie McGuire
>> That they thought they were going to be doing when they got their degrees in comp sci, right?
Wendi Whitmore
>> Right.
Jackie McGuire
>> It wasn't just hitting "Dismiss" on a bunch of tier one alerts.
Dave Vellante
>> I want to ask you about hot wars. Last time we talked, I mean, Ukraine was going on, and we've certainly seen cyber be a fundamental part of that war. Israel and Gaza, interested to see if you see any activity there in the threat intelligence because certainly there's a big debate. I mean, there's a lot of division over what's happening there. Are nation-states or individuals trying to disrupt there? What are you seeing in terms of the threat intelligence within hot war zones?
Wendi Whitmore
>> Well, I think the cyber security landscape is just another battlefield element, so it's leveraged in advance. So to prep the battlefield, so hey, if I'm going to stage a physical attack on a power plant, I might take out the power from a cyber attack in the 24 hours prior to that, so that their defenses are down. We're seeing that in many places, and I think that's here to stay. There's no doubt that that's part of war at this point. From a disinformation perspective, that continues to occur and be another element where information can be used to throw a population off or maneuver in a certain way. I think it all kind of begs the question that many organizations, but certainly the US government is asking, which is should the cyberspace be its own force? Is it a different... We have land, air, and sea, and now this is a different domain, just like space is. So I think there's a lot of questions about how do we effectively protect this moving forward and coordinate across all of these elements when cyber is at the epicenter of all of them?
Jackie McGuire
>> And cyber is not one thing anymore either.
Wendi Whitmore
>> Right.
Jackie McGuire
>> So I'm thinking about we've seen Russian interference in GPS in Europe, so we were seeing not only planes getting false terrain alerts where the planes would pull up unnecessarily, but also the GPS that routes delivery trucks. So we've seen Russia starting to experiment with jamming those GPS's and routing those trucks to the wrong places. Yeah, I think everything is now a cyber risk, so I don't even know if making it its own... You almost have to have kind of a physical secure... Almost like we've dissected security within security because I don't even know that one force would be able to tackle GPS...
Wendi Whitmore
>> It's within everything, right?...
Jackie McGuire
>> and the FAA, and all of these things that we're all of a sudden like, "Wow, these things are all connected to the internet, and some of the technology underneath them is 30 years old."
Wendi Whitmore
>> Right.
Jackie McGuire
>> That's crazy.
Dave Vellante
>> Your premise is it has to be embedded into each. Is that what you're saying?
Jackie McGuire
>> Well, I think cyber security is no longer a term that means a specific thing.
Wendi Whitmore
>> Yeah.
Jackie McGuire
>> Because everything in the world is now connected to the Internet, so everything's a cyber security issue. So yes, I mean, cyber is the fifth front of war, but you almost have to get more specific than that because there's the people who are messing with physical infrastructure, there are the people who are messing with cloud computing, there's the critical... I think there's just a lot more to it. So when we say cyber security, most people outside security think computers, and hacking, and malware, and things like that. They don't think like, "Hey, my power supplier is actually connected to the Internet, and somebody could literally shut down my power station next to my house and cut my electricity." I don't think most people think of that as a cyber security issue, but that's what we're seeing, right?
Wendi Whitmore
>> Well, and I think what you're so accurately conveying is just the need for a cultural mindset shift in everything we do.
Dave Vellante
>> Yeah.
Wendi Whitmore
>> So when we work with organizations to prepare for these live action scenarios to simulate a breach, it's not like we are just speaking with the security professionals, and the boardroom, and the outside council, and the CFO. That has to extend to every vendor and supply chain provider that you're working with because you can't just repair if your networks go down. You really need to anticipate if one of their networks go down, and we can't process a critical part of our business, what are we going to do, and how are we going to operate in that? So it's a huge mindset shift because you said cyber security exists in every wearable that each one of us is wearing, and is tracking, and is connected to devices on the Internet.
Jackie McGuire
>> And it's shared fate.
Dave Vellante
>> Gut feel question for you. Maybe you can quantify it, but I doubt it. But when we were here three years ago, AI was just hitting, everybody's buzzing about it, and the general consensus was that initially that's going to advantage the attackers writing better phishing emails, et cetera, and then over time, the defenders would catch up. And we know it's a constant ratchet game. Where are we today in that? I mean, I was speaking to Nir Zuk at Palo Alto Ignite in New York City, and he said we've got to rethink everything. Essentially, he didn't say these words, I did, it's a do-over because everything we've learned now doesn't work anymore because that 1% that humans used to be able to handle, we can't handle it. We can take 99% off the table. Now, that 1%, we're getting overwhelmed. So you need AI to fight AI.
Wendi Whitmore
>> Right.
Dave Vellante
>> Has that gap widened since the last three years, or is it at all starting to narrow?
Wendi Whitmore
>> I think it's a question we all ask ourselves every day, right? It's such a cat and mouse game, and I think it will continue to be for some time. What he's talking about, I think, in particular too, is some of the tech debt that we see in these organizations, where it's like, "Wow, we've made these investments, but now that doesn't keep up with today's reality of what the battlefield looks like." And so your question, though, is more is the offense or the defense winning right now? And I think quantifiably, thus far, we've actually seen a lot of great strides on the defense when it comes to gen AI of just being able to take so many of those tasks that are repetitive that machines can do more effectively than humans, and then being able to translate that to actual time saves. And so one organization that we worked with transformed their mean time to contain from 19 days to less than 20 minutes. That's massive. That means those same people that are really qualified can now take on more challenging tasks. They can provide better results to the business. They can likely then be able to access better investments moving forward for their security team because they're now speaking a language that their executives at the highest levels and the board understand. And you actually get happier employees because they're solving more challenging tasks. They feel like they're having an impact, and so that's a huge win.
Dave Vellante
>> I think we've seen that in our lives. I know you've got to go, but we've talked about this, is that all the paper cuts are getting less, and less, and less, and so now you have more time to do strategic things. And your strategic backlog, which you never could even get to before because you're dying in paper cuts, is now backing up. And so it's a much more interesting, much more challenging day to day situation for folks. I wish we had more time, Wendi. I know you got a hard stop, so thank you so much for stopping by. I'll give you the last quick word, but some closing thoughts.
Wendi Whitmore
>> Yeah. Thank you for having us today. I think it's an exciting time. You've heard from all of our execs about the investments that we're making within AI. You're going to continue to hear more to come on that. I think we're incredibly bullish about the difference that we can make with our investments in AI and really making a true difference with our clients.
Dave Vellante
>> I really appreciate you stopping by theCUBE. Thank you.
Jackie McGuire
>> Yeah. Fantastic.
Wendi Whitmore
>> Thank you both.
Dave Vellante
>> Okay. Dave Vellante and Jackie McGuire. You're watching theCUBE's RSA-C 2025 coverage. We'll be right back right after this short break.
Dave Vellante
Jackie McGuire