Craigslist founder Craig Newmark has a new project up his sleeve: recruit hundreds of millions of people to start spreading awareness about basic cyber hygiene — and he's bringing that push to the RSA Conference this week.

Why it matters: Cybersecurity has long had a messaging problem, not helped by its alphabet soup of technical jargon.

• But Newmark says that mindset is why most people and companies are still so easy to hack.

Driving the news: Thousands of cybersecurity experts, executives and investors are in San Francisco this week for the RSA Conference (RSAC), one of the biggest annual industry gatherings.

• Newmark is speaking on his new public awareness campaign at a session later today.

What they're saying: "The big challenge is that IT people, engineers, we tend to make things more complicated than they need to be," Newmark told Axios in an exclusive interview ahead of the panel.

• "Basic cybersecurity hygiene will prevent a lot of problems," he added. "People need to do the basics to protect themselves, their families, their homes."

Zoom in: Newmark's philanthropy arm unveiled the Take9 campaign in September.

• The idea is simple: Take nine seconds before acting in response to something suspicious, like a phishing email.
• So far, the campaign has taken off: Take9 has run several billboards across the country and its videos have received 24 million views. Kiersten Todt, a former Cybersecurity and Infrastructure Security Agency official under the Biden administration, is spearheading the operation from her new role as president of creative agency Wondros.
• "We're continuing to get so much traction because everybody has a story," Todt told Axios.
• One example: A micro-influencer saw one of Take9's billboards in Los Angeles, reached out to Take9, and shared a story about a recent encounter with scammers. And Todt said those stories come through the campaign's inbox pretty often nowadays.

Flashback: Three years ago, Newmark announced a "cyber civil defense" initiative to spend more than $50 million on grants to educate Americans about cybersecurity threats.

Threat level: Nation-state spies, cybercriminals and scammers continue to find plenty of success targeting Americans without much innovation.

• Last year, scammers made off with about $16.6 billion through schemes including ransomware, impersonation scams and business email compromise, according to the FBI.

The big picture: Cybersecurity has started going more mainstream in recent years. One of the co-creators of Netflix's "Zero Day" series — which follows a former president as he investigates a cyberattack on all of the country's critical infrastructure — will also speak on Newmark's panel.

Between the lines: Those pop culture references still lean heavily into fear, uncertainty and doubt — something many cyber experts say could lead people to tune out the message.

• Cybersecurity is difficult to talk about in a binary, Todt notes. "It's not like, 'Don't do drugs,' 'Don't start fires,'" she said.
• Instead, Take9 is centering its message around the idea of understanding and meeting people where they're at.
• "Because it happens to everybody, now the stories are no longer about shame," Todt said. "It's about sharing, and this ability to say, 'It's OK, but we should all now learn from each other.'"

The intrigue: Cybersecurity vendors and investors at RSAC can play a huge role in educating the masses and making cyber hygiene easier to practice, Newmark and Todt said.

What's next: The Take9 campaign has started engaging with companies to help train their employees, customers and clients on the basics of cyber hygiene — such as using a password manager, updating your software, and taking a few seconds before responding to a suspicious email.

Top cyber officials in the Trump administration are among those here in San Francisco this week — though the NSA and Cyber Command are both absent after President Trump unexpectedly fired Gen. Timothy Haugh this month.

• Typically, the U.S. government's entire roster of cyber officials attends the RSA Conference to meet with industry stakeholders, but it was unclear until last week what presence — if any — Trump's team would have.

Why it matters: DOGE-fueled workforce and budget cuts have created uncertainty about what role the federal government intends to play in protecting U.S. organizations and citizens from malicious hackers.

Zoom in: Homeland Security Secretary Kristi Noem will be on the RSAC main stage today talking about her cybersecurity priorities and the Trump administration's accomplishments ahead of its 100th day in office.

• The Defense Advanced Research Projects Agency is also bringing its city-themed cyberattack simulation — which it debuted at the DEF CON hacker conference in August — to this week's conference. The simulation follows how a ransomware attack on a local hospital would impact a fictional city.
• Michael Garcia, associate chief of policy at CISA, spoke at a panel yesterday about responding to critical infrastructure attacks. Richard Evanchec, an FBI section chief, was also on that panel.
• Some officials at CISA and the Office of the National Cyber Director, including nominees, are also in town to take meetings on the sidelines of RSAC with industry executives, Axios has learned.

Yes, but: The NSA and Cyber Command canceled their previously scheduled public appearances, and spokespeople for both agencies confirmed none of their officials are attending.

Between the lines: Major cuts at CISA and a U.S. Department of Justice investigation into former CISA director Chris Krebs have rattled the industry's trust in the federal government.

• Without that trust, companies may be less willing to share sensitive threat information with the government, and the government could lose visibility into the threats facing U.S. critical infrastructure — which is mostly owned by the private sector.

Investors aren't shying away from new funding ahead of this year's RSAC.

Why it matters: Tariff-driven anxiety has slowed down much of the economy, including new startup investments.

• But based on the sheer number of deals announced in the last month, macroeconomic anxieties have yet to trickle down to the cyber world.

Driving thew news: Startups often unveil new funding ahead of RSAC to help lure in prospective customers they may be meeting with on the sidelines of the show.

Zoom in: My inbox has been flooded with news of fresh funding rounds for weeks. Here's just a taste of what's already been announced (in alphabetical order):

• AI security startup Amplifier Security scored $5.6 million in seed funding, and that funding round, led by TechOperators, was oversubscribed.
• Augur, an AI-based threat prevention company, raised $7 million in seed funding led by General Advance.
• Israeli AI cybersecurity startup Cynomi raised a $37 million Series B round led by Insight Partners and Entrée Capital.
• Dataminr announced a $100 million investment from Fortress to further build out its generative AI and agentic AI products.
• Endor Labs, which offers a tool that helps companies secure open-source code, raised $93 million from DFJ Growth, Salesforce Ventures, Lightspeed Venture Partners and others.
• Lightrun, an Israel-based startup focused on protecting against insecure code, raised a $70 million Series B round led by Accel and Insight Partners.
• Qevlar AI, an automated security operations center company, raised an additional $10 million in funding from EQT Ventures and Forgepoint Capital International.
• Reco, an AI cybersecurity agent startup, has raised a $25 million round led by Insight Partners.
• Cloud security startup Sentra raised a $50 million Series B round from Key1 Capital, Bessemer Venture Partners and others.
• SixMap, a company focused on attack surface management, said it landed a $7 million seed round led by IAG Capital Partners.
• Spektion, which focuses on software vulnerability management, emerged from stealth with a $5 million seed round led by LiveOak Ventures.

Between the lines: Startups and investors are eager to fill the void that buzzy cloud security startup Wiz once filled before it entered an agreement to be acquired by Google.

What to watch: It's yet to be seen whether this momentum will keep pace or if this funding bump is just an RSAC blip in an otherwise anxiety-riddled economy.

@ D.C.

💪🏻 A group of more than 30 cybersecurity professionals and academics has published an open letter calling for the Justice Department to withdraw its investigation into former CISA director Chris Krebs. (CyberScoop)

🌎 The State Department plans to place the Bureau of Cyberspace and Digital Policy in the department's economic affairs wing, which could shift how the Trump administration pursues international cyber issues. (Cybersecurity Dive)

🏛️ The House Select Committee on China subpoenaed several China-based telecom giants as part of an investigation into broader security and national security concerns. (Reuters)

@ Industry

🤖 Microsoft has made its Recall feature available for broad use across its entire AI-enabled PC line after months of delays and security changes. (Axios)

💰 Palo Alto Networks intends to acquire Protect AI, a startup that focuses on securing AI systems, in a deal worth more than $500 million. (GeekWire)

📉 Darktrace's CEO says the AI-enabled cybersecurity company sold itself to private equity firm Thoma Bravo because it no longer had "the valuation we knew we could get." (Financial Times)

@ Hackers and hacks

🏥 Blue Shield of California disclosed a data breach that exposed 4.7 million members' personal information between April 2021 and January 2024. (BleepingComputer)

👀 The CEO of cybersecurity firm Veritaco is facing charges alleging he installed malware onto hospital computers. (Security Affairs)

🏎️ Vehicle marketing is back on the streets near the Moscone Center.

⏱️ In the span of five minutes, I saw:

• Apex Security had rented out an ice cream truck that said "Agentic Scoops" and parked it outside the W Hotel.
• Dope Security had wrapped a few Cybertrucks in its own logo.
• And a row of Toyotas had monitors on top of them advertising for Elastic.

As one of my favorite artists would say: Vroom, vroom.