February 10, 2025 • 38 mins
Enterprise Incident Response & Crisis Management with Combat Veteran, Ricoh Danielson
In this exclusive interview, we speak with Ricoh Danielson, a U.S. Army Combat Veteran of Iraq and Afghanistan turned cybersecurity expert.
Topics in This Interview (breakdown with timestamps below)
- How businesses can prepare for and respond to cyberattacks
- Best practices for personal security to safeguard your digital identity
- Safety measures after disasters and crisis management tips
- The rise of AI-driven ransomware and its impact on businesses
- Ricoh’s military experiences and how they shaped his approach to cybersecurity
Why Watch This Video?
- Learn from Ricoh’s expertise as a digital forensics powerhouse with experience handling high-profile hacks.
- Discover practical strategies to protect your business from ransomware and other cyber threats.
- Gain insights into effective communication during a breach or disaster.
About Ricoh Danielson: Ricoh is a U.S. Army Combat Veteran with over 9 deployments across Iraq, Afghanistan, and Africa. As the founder of Fortitude Tech LLC and 1st Responder, he has worked on high-stakes cases involving hospitals, corporations, and state governments. Recently featured on NTD News discussing cyberattacks in New Orleans and Las Vegas, Ricoh is also an author and sought-after speaker in the cybersecurity space.
Chapters:
- 0:00 Intro to Ricoh Danielson: Ricoh shares his journey from military service to becoming a leader in digital forensics and cybersecurity. Learn how his combat experience shaped his approach to crisis management.
- 2:15 How Businesses Can Prepare for Cyberattacks: Practical steps to defend against ransomware, phishing, and other threats using identity access management (IAM) and conditional access policies.
- 5:30 Personal Security Tips: Actionable advice on protecting your digital identity, recognizing phishing scams, and avoiding psychological tactics used by hackers.
- 9:45 Crisis Management After Disasters: Insights into preparing for grid failures or natural disasters with go bags, alternative communication plans, and safety strategies.
- 13:20 AI-Driven Ransomware Explained: A deep dive into polymorphic ransomware powered by AI—how it works and why businesses must stay ahead of these advanced threats.
- 17:00 Lessons from Military Service Applied to Cybersecurity: How Ricoh’s military background prepared him to handle chaotic situations like ransomware attacks on hospitals and global corporations.
- 20:00 The Role of CISOs and Board Communication: Challenges CISOs face when communicating risks to boards, securing equity in companies, and leveraging D&O insurance for protection.
- 24:00 How to Break Into Cybersecurity: Advice for aspiring professionals on certifications like Network+ and Security+, as well as opportunities in governance, risk, compliance (GRC), IAM, and privilege access management (PAM).
- 28:00 Quick Wins for Improving Cybersecurity Posture: Simple strategies like enabling conditional access policies in Microsoft 365 environments or conducting Business Email Compromise (BEC) assessments.
- 31:00 Crisis Management & Incident Response Strategies: The importance of alternative communication plans during crises—Ricoh shares exercises involving burner phones and laptops for CEOs.
- 34:00 Preparing for Grid Failures & Disaster: Tips on securing six months’ worth of food/water supplies, understanding ham radios for communication, and ensuring family safety during emergencies.
- 37:00 Cybersecurity Books by Ricoh Danielson - Ricoh introduces his books, including No-Nonsense Cybersecurity (https://a.co/d/43Myc13) for practical advice, FM Field Manual (https://a.co/d/1
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
The best advice anyone ever told me was...
I gotta go talk to the CEO and I gotta do a million dollar ask
how do I do that
that I was like what is metamorphic polymorphic Ransom word
how does it initiate itself
and basically
a terrorist organization in the Middle East
has just been compounding this
this artificial intelligence base
ransomware to was a lot of distinction
(00:22):
because these threat actors have to pay each other
and they weren't paying each other
and so now it's like all right
well game on
I'm gonna show the world this
and that incident spawned across five nations
over 200,000 in points were hit and it was it was wild
I've been to war nine times and I've seen it very calm
(00:42):
and I seen it just blow up
and when people don't have their kutramonts in the normality
behind what there is the behavior changes
so welcome to the Ransomware Rewind podcast
got Ricoh Danielson here
former military special forces
former lawyer
forensic expert and he's here to talk to us today about cyber security
(01:07):
new trends things that are going on in the private and public sector
and I really excited to talk to you
first first thing
why don't you just tell us a little bit about your background
yeah absolutely
hey Joe
good to meet you good to be on with everybody
good to see everybody uh
my name is Rico Danson spent some time in the military
I went overseas 9 times rotated to Iraq and Afghanistan
(01:30):
also in Africa as a heavy hitter as infantry man
but also doing some sort of some supports of special operations
additionally some Oga stuff
cool you know movies you see 13 Hours with only four guys
that was that was definitely me
after that went to law school was with Opds Officer Public Defense
supporting the digital forensic aspect of it
(01:52):
only doing capital punishment
death penalty murder cases
pulling forensics artifacts
and then decide to pivot and go to instant response digital Francis
which is way funner a lot more juicier could do Ransom negotiation
reverse malware and all this good stuff
and it been leaving the charge since then from a very long time now
how did you transition from the military to uh what you're doing now
(02:15):
so it was a very tough transition to be completely honest with you
after nine rotations
you become a certain way of operating and who you are
I remember going to my teammates right
remind you these are some very alpha guys
hey so I'm gonna go to law school boys and they're like yeah
that's not a good idea
all over so in Iraq so in Afghanistan different parts of the Ukraine
(02:37):
Israel and whatnot and they're all fighting and I'm just like
this is why I left guys
I'm not as big as they are anymore
I was 250 pounds and they're still rocking 2:50 I'm like hey
got some other things to do
it was it was all the force through the tree lines
to be completely honest with
I wanted to do some different after that after law school and whatnot
actually went and got 3 master's degrees
(02:57):
so I was very fortunate to get them all paid for
from the Wounded Warrior Scholarship
just it's a lot funner doing this stuff man
you also get that adrenaline kick to when you're responding to hack
it's really have to be in the moment
and there's a lot of moving parts
you wanna talk a little bit about
a recent hack you've help somebody with
(03:18):
actually
bring a very interesting topic and a good conversation piece
because it is very true
ever since I left
the military is always rushing towards the adrenaline
rushing towards the the thing
and one of the things is instant responses
why veterans and law enforcement FBI guys and girls do amazing in IR
if you notice
some of the big firms hire these people and that's kind of what we do
(03:40):
we thrive in chaos
and I think one of the biggest ones I've ever worked with there's two
one is the biggest burger maker in the world
I helped do one of their instant responses
and they're huge across that incident spawned across five nations
over 200,000 in points were hit and it was it was wild
(04:00):
it was pretty fun pretty fun exciting time it was really good
the most recent one was we did one for a state
Middle State of Tennessee
one of the second largest hospitals got hit with Ransom where
from a being Liam gang
and it was fascinating because it took down the whole hospital
it was like I've never I've said some weird stuff in my life
but going to a hospital where there was nobody inside
(04:24):
it's like this is creepy
looks like from The Walking Dead or something right
precisely precisely the organization got hit with from being Liam
they got some pretty nasty Ransom
where it took all their other information
after that
we help them recover within 84 hours in reimage
over 17 devices within 84 hours
(04:46):
and what that means
it was just late nights hard work working with the Secret Service FBI
insurance carriers and trying to do the right thing by the customer
and the same aspect
trying to mitigate and lower the risk and what not
so we worked those and also 15 other hundred
fifteen other hundred breaches as well
the hospital hacks are are really bad
(05:09):
I think that don't know what happened
but it seems like once the FBI took down Black Cat
they just took the gloves off and start going after hospitals
do you do you know when I turned because they they come like
we're gonna pack businesses and stuff
but we'll leave the hospitals alone
when did when did the attitude for hackers change on that yeah
(05:30):
so what happens is we got to be very mindful of this
is that Ransom threat acting and also ransomware itself
and the Ransom game is a billion dollar industry
so you have all these sub affiliates below
and all these other organizations
gang organizations right
and some of them really good
I think what happened is a few different things one
the FBI took the kid gloves off like you said
(05:50):
they went after them number two
one of the internal people
I believe will probably internal espionage or counter countersergency
there's a plant basically in there
release all their chats and everyone went at each other's throats
so that was pretty wild and then No. 3 is
was a lot of distinction
because these threat actors have to pay each other
and they weren't paying each other
(06:11):
and so now it's like all right
well game on I'm gonna show the world this and
once you remove unfortunately honor amongst thieves
now you just have straight gangster criminals
and that's what they did they're like alright
well everyone's game on
I just got a phone call the other day
that there was an elementary school that got hit
and I was like
what what why
and then right after that two hours later
(06:33):
there's a nursery house I am like
what is going on guys
like usually there's a rhyme or reason or method
but it's just everybody's fair game now
do you think the hackers are just out there scanning the internet um
looking using AI or their tools to find
open AP's company can can now for who has MFA and who doesn't
is that kind of what they're doing on the back end
(06:56):
yeah I think what's happening
there's a Ransom threat acting gang
or an affiliate gang that's doing the initial reconnaissance right
the kicking off showdown burp sweep
there's kind of like rolling around earth hey hey
I got a list of these things who wants to buy it right
and then somebody will buy it for a thousand bucks
2,000 bucks and they'll go back to doing their business
and then the initial door kick
that's another 10,000 two hundred thousand dollars
(07:18):
then the lay of the land where people want to just hang out
get latter movement own different admin accounts
that's another hundred thousand dollars
so
I think as a progress forward is gonna become more and more dynamic
yeah
yeah it's nuts
what do you see in the future for trends and new technologies
as far as packing goes and and what company should watch out for
(07:40):
yeah I think before it gets better is gonna get a lot worse
when I was in Israel I
we were I met with the unit 80 200 great unit great cyber unit
and they talked about
they saw first ever metamorphic and polymorphic ransomware
and I was like whoa
what transformers what's going on
and that I was like what is metamorphic
(08:02):
polymorphic ransomware and how does it initiate itself
and basically
a terrorist organization in the Middle East
has just been compounding this
this artificial intelligence base ransomware to morphicize itself
and has been released in a while now so what I think
it's gonna happen is
the polymorphic and metamorphic Ransom war is gonna hit the industry
post the next two years
(08:23):
fakes artificial intelligence and additional on top of that
like the sophistication behind authenticity is gonna get very
very dynamic and it's gonna be a hard hit
a hard target to hit yeah
the episode on deep fakes
that's really fascinating
going back to the polymorphic metamorphic
uh
(08:43):
sounds like they're using AI to program these viruses
to put on my tinfoil hat uh
once in a while but you know
we saw what happened with Russia trying to hack Ukraine with a check
you know came back on them and
you know took out one of their major gas installations
is there the potential of one of these viruses getting out of control
(09:06):
and just like yes
becoming its own thing
yeah what I think it's gonna actually take the better bad parts of the
the power that has worked has not worked
and I believe more likely it's mature in itself as we speak
and more than likely
it will probably release itself to a lower infrastructure
lower security area you're probably looking anywhere Middle East
(09:29):
East Africa or even eastern block
Europe
because the infrastructure is just not as robust as people think
it is additionally
the security is not as robust speak about Ukraine
I went there to go check out the war to see what's going on
and also the cyber warfare aspect of it
and they're still threat I can gang
still operating as if there's a war going on
(09:50):
and they're caring about their own business against the United States
against every other world place
but the Ukraine you're like this is fascinating huh
I always thought that was fascinating
when I found out that it's not illegal to hack the US in Russia
there's no like rules against that is that is there something to that
so there's no all per se
(10:11):
but once you conduct in that inadvertent access unauthorized access
stealing and stuff like at that point
and it depends on the magnitude of it
is definitely extraditable and depends where you hail from
if you're a nation state threat acting group
that's a different premise of prosecution versus a Ransom word
threat acting gang what I'm noticing is that
(10:34):
the United States kind of leaves it open to invite
because we want to see what's out there right
we that's the best type of counter certainty is hey
invite them in take their goods reverse engineer and be better at it
that's what we're known for
now for the acting what we're noticing
when he used to work for a company called Blackwater back in the day
what we used to do is actually go get the bad guys in other countries
(10:56):
now companies like that are approaching companies like us say hey
show us where the bad guys are do you wanna come with us
and it's a it's a pretty heavy fee but yeah
I see that that turning now gonna be happening interesting
no
do you have any insight info on the stoly um
hack and how they you know
how they went bankrupt and everything
(11:17):
did you hear about that one
no I have no insight on that one so haha yeah
so this company stoly is the vodka brand
I guess they had a cyber attack and at the same time Russia like
confiscated like two other factories
seem like it was a coordinated attack on them
to put them out of business
because I don't think Putin in the ownership got along
(11:40):
I don't know you know I don't know like what bad blood or what
but it just seemed a little bit too like
convenient that all stuff happened at once
so I don't know anything about that one
I had to do a little more research
but from a from a law fair perspective from a cyber perspective
we've seen it in our own country
we'll see it from the top down
you'll see
(12:01):
you know CEO CFOs being targeted and then also big organizations
I mean why wouldn't you do that to bleed out your competition
if you're being fun about the other side
so that sounds about right to me
you know
cool
that's that's what I want to talk about stole days
it's kind of funny when
(12:21):
it's kind of like crazy when like big brands get
get hacked
do you guys want the PR and stuff too or
yeah so what we do is whenever we have we have an initial engagement
um we've seen other brands get hit like the big
you know burger makers the kings of burgers you know
some people who are maybe called Wendy's and what not you know
we we meet with these people and we have a team right
(12:44):
we have 40 we're 41 strong
we show up we do instant response in semi commanding
we burn our own general counsel or we refer it out
and then right there is a mass communication right
we sit there with the organization say okay
what's your cover story to hold them off
what are you gonna tell people
how are you gonna tell how you can disseminate
because that would determine your
(13:04):
your legal stance negligibility or will be during if
if you're alive or not right
so depends on how you control the narrative additionally
you're gonna have to provide
credit monitoring and stuff like that to different people
so what does that look like
and it's all about controlling the narrative
and it's all about wrangling the news as well
you're gonna have to have a good PR person
absolutely another thing that I see is that
(13:27):
companies have people inside that are like
going to Twitter or Facebook and saying hey
you know my
my company's down I think it might be hacked
how do you control the people on the inside
yeah so what you do is a couple agreements
right
and then also punitive damages
you can sit on a grim like that say if you
you know demean
deface or misrepresent the
(13:49):
the company you're reliable for punitive damages
one of the best organizations that I
that we hospital here in Tennessee was uh
we showed up and they immediately told everybody like
you're allowed to post whatever you want however
can you post this one message
and it was
we're doing the best we can with what we got first responders here
(14:09):
we work a lot forcement everyone else in between is here
and that message just propelled itself through
through different to different channels
actually control the narrative very very positively
that's something people should put in their incident response plan
is their communication
strategy
maybe even have a pre written statement
statement saying they were
(14:30):
you know cause all you have to do is
upload anonymously that you hack to IC three or something like that
and you're already
you know
you know cooperating with law enforcement right yeah
even if you're not like calling them and not getting them involved
uh so there's
there's way to like few things so that you know
you look a better light
(14:52):
I'm glad you brought the IC through thing
and also different regulators
here's what we're seeing all right
from the instant response perspective
and also the eternal perspective will gather all of our information
we'll go ahead and be like hey
here's all your stuff
here's the evidence you're gonna need to move forward however
the FBI and also other organizations unless it's $1 million and above
they're really not interested
(15:14):
so they're gonna be like alright
so go ahead and handle that
we'll we'll catch up with you later and same with the regulators
we've been noticing and we and the regulators are amazing people
I just believe that they're very understaffed extremely understaffed
and we we helped a client submit acclaim and also notification
and they're like yeah
we'll get you next year pretty wild
but you still have to do it though good faith right right
(15:35):
and you have the Republic company of the SEC rules right right
so the SEC rules that's one thing I don't agree with
but I see value one
you definitely should be reporting mechanism but number two
how are you going to prosecute the technologies
or go after the sisso or the sisso or whatever
or CIO
in reality
(15:56):
like you said the presidents basically as a whipping mechanism
I think it's the whole wrong premise as a matter of fact
I think the SEC should be used as a leveraging point
not as a whipping tool
I completely agree
and I think that diesels get blamed first and they have the least
least amount of power of the board
even if they're if they're on the board
(16:16):
it's usually like a
they're kind of like half on it a lot of times
and then they get blamed
I don't think cecils are in a really good situation right now
but what do you think about all that
yep so I've been to Cisco before
I've been to Cisco six different times for healthcare organizations
IoT and hospitals and the first thing I always ask is
part of my onborn requirement is I want equity in the company
(16:38):
I'll forego the salary but I want equity and at that point
once you're issued equity
that means you have skin in the game
if you're a sisso
and you don't sit at the board level or the ownership level
you're being set up for failure and unfortunately and it's just sad
and then No. 2 is unless you're with a bigger financial firm right
unless you're with the huge firm
I would definitely position that and then on top of that
(16:59):
if you're not in the position of power
then you're in the position of risk deference
you can defer your risk to different people
this is your deal not my deal
I'm not owning that risk
so when the hammer drops and it will and it will drop
you're not the one getting hit or if you do get hit
you're not gonna get hit that much alright
you're giving the information to the
Chiefrest management officer or the CFO
(17:20):
and they're doing
they're the one that has the responsibility for that
after you get info exactly
exactly additionally what I would
I was highly encourage my fellow cisos and cybersecurity offers
officers is go get DNL insurance
director and operator or officer insurance
you need that I don't care what your company says
you're gonna need it
because there will be a time where they're gonna be like alright
(17:42):
we're gonna sue everyone like whoa
whoa whoa and personally
I've had to go get on a few different business ventures myself
so that's just for me though
now I completely agree I have a background in insurance
that's what I do as my day job
directors and officers insurance is really important
but you have to watch out a lot of since 2020 and 2021
there's been a lot of like cyber exclusions on there
(18:03):
or total cyber exclusions
or there'll be a
basically a caveat in the policy
saying that if it stems from a cyber incident
then we're not gonna cover it
and this was in response to like
directors and officers policies
covering cyber incidents when they weren't supposed to
but it was over correction because if it's a bad board decision
(18:24):
it still should be covered if they're sued for it
even if it came from a cyber incident right
yeah to to pay or not pay the Ransom how you handle the communication
did you report it or not report it
you know those are all like uh
important decisions that the board has to make either in the moment or
you know plan for it beforehand yeah
(18:44):
even for myself
I'll carry just even general light Bill or general light Bill
and also eno insurance
because at some aspect I'm like hey
I can do X y and Z but I'm not gonna be held liable for that right
I mean
I'm not doing anything crazy criminal or anything like that but hey
this is this is not good and I'm not gonna take the blame for it
so especially if a sisso reports you to CFO bad report structure
(19:09):
why do you think it's a bad reports structure
well if you're a sisso right
and your importance is CFO
the CFO sees black and white right
zeros and ones is either
it's a positive indicator or negative indicator
your cost uh
department or your revenue department in every aspect of it
this the security is more than likely a cost department
(19:29):
and they're gonna be like
how can I lower the cost so much more
and they have to and they control it
if you sit next to a right above and I've sat there before
it's like here's the lay the land
here's what need the investment of it and here's why
if you can do it that way it's a little bit better yeah
I think there should be a class in Cecil College
like talking to the board
(19:50):
I could be that like the class
sir
board communication 1:01
because the way that the board talks and the way that
you know
cyber security department it department
you know looks at things as completely different
yep I'm glad you brought that up
I had no tons of technical sysos then I'm like dude
you should never be in a boardroom ever and
(20:13):
and then you have guys like me or you know
staff members like me or like you can speak the high level
you can speak the technical you can speak here
so I think you're you you're very right
there needs to be some sort of course of interpersonal skills
yeah and I think uh
you know return on risk or return on um
investment for cyber securities getting a little bit better
(20:34):
the way that they're quantifying it
there's some some good software and and new things coming out for it
but it's very hard to quantify like what you're gonna get back by
you know possibly not getting hacked you know
like how do you communicate that
we got to put this in because
there's this percent chance that we're gonna lose this percent money
and we like multiply that
(20:55):
you like use miter or like what
there's a guy you should meet his name is Ross Young
he's a former CIA guy and he taught me this in mind
you were at the same level very
very smart gentleman but too smart sometimes and he was like
you gotta tell the story we go you gotta tell the story and I'm like
alright well
what story we telling he is like
how much you're saving the world
(21:16):
and how much they're not losing business
and I was like got it however
your metric your KP
where your key performs indicator
cannot be the fact that we did not get breach
that's that's bad right
you cannot do that because so what happens when you do get breach
you're fired boom right so that's just like a good idea
so think it's a matter of telling the story hey
(21:37):
we have a contract requirement we have regulator requirements
here's what it means the top line revenue
we able to close these business deals
because we were able to get this certification
and here's why right
so at that point the conversation changes
that you're a contributor to the top line revenue
hmm
like that
yeah yeah
(21:57):
this should tune into this part yeah
this is really good
I I
I'm on I'm on a chat with about 1,000 different csos
and I love it
because you can actually have the gloves off conversation
you're like hey
sit down this is a tough conversation
how do you do this how you do that
and one of the conversations is like look
I gotta go talk to the CEO and I gotta do a million dollar ask
(22:18):
how do I do that
here you go
this is how you do a gentleman and what ladies so like yeah yeah
it's really that you guys talk to each other cause it's uh
it can be a lonely position you know uh yep
you kind of but it in between like a couple different uh apartments um
it's kind of a thankless job
(22:39):
it is a very thankless job
and you are the was they would say two analogies
you are the Jesus Christ of earth
and everyone praises you and whips you
and the other part is you're very much like a Leonidas right
like you're gonna lead the charge
but the only got 200 people behind you
so and the rest of the world's coming for you
so I believe those two analogies depict being the sissy
(23:00):
so that's awesome
so in I wrote two books actually three books this year
but one of them was like a very art book
I'll send you one okay
and it's for a coffee table book
and basically use artificial intelligence images and whatnot
and one of the things was in there is the Sisso right
and it's a it's a shield it's a gladiator
and it's and it's very much to me the depiction of a true Sisso
(23:23):
because you're gonna you're gonna go into combat
you're gonna get hit and the question is
how are you gonna survive and who's coming with you
and you're the general of the it department
you're called into action
you're watching over the castle walls and then sometimes you gotta go
into battle
that's a good analogy
you haven't always been a to so or incident response person
for the people listening here that wanna get into cyber security
(23:46):
that are interested in it
how did you transition
so when I was going from you know
member law enforcement law
just being infantry man and ground pounder
there was only three recommendations I would give it to me
and I still recommend it
but now you have so much more and so much easier
so much more accessible stuff
best advice someone ever told me was remember the internet
(24:08):
all it is just a big network
that's all so you need to understand networking
you need to understand security A plus
I wouldn't worry about but I'll say network and plus and security plus
so to be A2 recommendations
and I read those every year just because everything is changing right
um if you want to do now
if you're very let's say
let's say you're non technical person and you're very good at policy
(24:28):
I will start my journey off in GRC risk governance and compliance
I would definitely lean into that very
very heavily one
nobody wants to do it two
it's a wide open field and number three
not everyone
can do it because technical people don't like to read stuff
they're just like
I wanna go fix right
so I met amazing brilliant people in the non technical side
(24:48):
and they started like traditional stuff
you know bachelor's green
so it's just GREE and they just got it right
now from the technical side
I've seen people who have no education whatsoever do amazing
I've seen people who are pencessors
instead of respondent or reverse malware
so that really depends on the skill set right
what you're trying to do what you're trying to achieve
(25:09):
the third one I always tell people and I always push people to
because I don't think people are paying attention to it
is identity access management
and the I am a super non technical deal
that'll get you in the technical weeds
and then No. 3 is gonna be your ability to control who gets what
the moment you're sent access control network
I think your goal at that point interesting uh
(25:30):
I read somewhere recently that insurance companies are
are looking more on uh privilege access management too
when they're writing policies is becoming where they're going from
you know endpoint detection
being like the leading indicator to taxes management
so that makes a lot of sense
yeah so you have payment Pam right
privilege management
identity and also mission access management those agistic management
(25:54):
if you can master those two things
but here's the thing
either is gonna cost you in labor hours or is gonna cost you in tools
there's some really amazing Pam tools
and also some multi factor tools that are gonna cost a lot of money
but then there's some ways you can do it at the non technical level
where you can say I'm gonna turn this rule on
turn this role and make users go a certain way
(26:15):
and the user experience that you can control the access management
yeah it's uh
I feel like with the tools people have uh
just by changing you know some configurations
they can make a lot
huge improvement in their
cyber security stance without spending any money
do you have any examples of those
yeah so one comes to my mind anytime we work an incident
(26:38):
the first thing we always ask for is we need
we need to know what's in your environment right
whether it's Exchange Server on pram or with O3 65 environment
we see this a lot
3 65 environment as nobody has conditional access turned on
those are quick wins very fast
there's about 45 to 47 default rules
you can just turn on and it won't hurt anybody
(27:00):
and it'll add you add that extra permission of layer
I think it's a great idea that's what I believe absolutely yeah
we had a
somebody get into one of our employees emails
and the thing we did just stop that from happening again is just
we don't let anyone from outside the United States
access our our network and just limited geographically and you know
(27:24):
I know that some people have VPNs and they can get around that but
it takes out like the guy in Russia
that's just like going in and checking
they can get in
yeah so there's that you could do that right
Geo fencing the another one is you could do any type of applications
such as like Digital Ocean or something like that
you just you're like hey
we don't do that we don't allow people to access it that way
(27:46):
they'll be like a brave browser or something like that
and the other thing is what I recommend to people to do is
do a business email compromise assessment
these are called Becs right
or if you want to call them due diligences
and that's where you kind of look in your environment like okay
what's going where
one of the things we notice is what the insurance company is
they'll hit us up and they'll say hey
these two people bought each other
(28:07):
can you go in as an independent person
as an organization
and do a business email compromise assessment to let us know
and that's what we do and it's pretty pretty awesome
what what is involved in that kind of assessment yeah
so basically what we do is we show up
it's usually a fixed fee for certain amounts of
of endpoints and what not
(28:27):
we show up more like hey
we need Global Reader I have an access and also
no admin access on top of that to the environment
and at that point we start pulling different forensics
for artifacts and different elements
we scrutinize the overall and tenant
and then we start understanding what is a lay line
what looks normal to the organization and what doesn't
usually nine times out of 10
we scratch the servers and we find that hey
(28:49):
there's been a threat out here environment
they're shuffled around this invoice fraud type deal
when I'm dealing with cyber insurance clients
I see a lot of funds transfer fraud
yeah
invoice manipulation what what are some ways to avoid that
one of the mortgage companies in
Tennessee that I went to go give a lecture with
they're like we don't make any funds transfers
(29:10):
the pick up the phone first and I'm like well
okay in Tennessee you gotta stand right
like it's pretty slow and simple here so people are like
hold on man let me call you right quick and you're like alright
call me that's No. 1 No. 2
just remember this threat actors operate on three different things
pain fear and pleasure okay
and there's always gonna be a sense of urgency hey Rico
(29:32):
this is the CEO
I need you to do this right now this I'm in a lot of pain
I'm a lot of this if you don't do this
this is what's gonna happen
and the remedy the pleasure is I need you to transfer the money
no questions asked
pain for your pleasure
slow down
pick up the phone I am them you know like teams number whatever
but they're on the way to the airport of course they are
they're just getting on a plane though
(29:53):
absolutely cool
perfect um
I'll put it this way
500,000 dollar transfers do not happen like that right
there's a lot of due diligence
if anything called the attorney or the cunning county like hey
what do you think right
haha um
the again the urgency the urgency just slow down hang tight
you're not gonna lose your job ask the validating question yeah
(30:16):
I see that a lot on the personal level too with fishing emails
it's always like
they're gonna cancel your account or it's gonna go to collections or
or some kind of like penalty
that's gonna happen if you don't click the link
and deal with it right away
oh yeah that's the that's the pain part and the real question is this
you got to sit down and ask yourself like
that pain that this can be flicked it right
(30:38):
is it really that bad like no
not really so yeah
what's the funnest part of your job
you get to see the true essence of a person during crisis
like
I've seen grown men just crumble and I've seen great people stand up
step forward and it's just
it's just wild
and then the other part is you actually get to help people
(30:59):
we get to do some really
really cool things like bring down big and some gangs scam artist
we help tackle one of the cartels call centers
you know stuff like
like the stuff you see in the movies are like
all this is what we do every day
nice not all heroes wear capes
I love it no
not all used to back in the day but
what do you what do you uh wish people ask you um
(31:22):
that you never get asked
that's a good question I've been asked that one
you know
given where they are in life
what should they be doing with security and technology itself
living in Tennessee
I used to live in the West Coast in California and in LA
San Diego and Phoenix and a lot fast pace right
a lot of fast pace and I noticed here in the Midwest
(31:42):
is that nobody really understands it
tenacity in the fullness of technology
and a lot of I wish a lot of people would take the time and say hey
your technologies Rico what should I be looking at
not now but what should I be looking at
what should I be getting to know
because technology is already here and it's moving extremely fast
and I think in the next seven years
(32:03):
you're gonna see a dramatic increase of something
you'll see it
yeah something we haven't even heard of yet
yeah that's usually how it goes yeah
usually every seven years whenever like it goes
especially with technology
and what will happen here is artificial intelligence
what not like I eat every seven years and then every four years
and then every year that's what's gonna happen
(32:23):
you know we talked about tinfoil hats and stuff and you know
having we like to have a little fun on this podcast and just do like
what ifs like what a
what catastrophes or things that could happen
you know if this and this happened um
that you could that you've you know
just thought of in your head at some point yeah
(32:44):
so living in I live in the country right um
one of the things that I always worry about and
and I think it's a very true thing is in the event
one of the grids goes down right
and in the event one of a major transformer within the region
within the county goes down
what is power look like what is sustainment look like
what is food shelter and also fighting look like
(33:05):
been to war nine times
and I've seen it very calm and I seen it just blow up
and when people don't have their kutramonts in the normality
behind what there is the behavior changes so
what if this happens what does that look like
are we ready or we're not ready
you know stuff like that
yeah that's scary
I know that a great going down is definitely something that
(33:28):
that could happen either from a cyberattack and EMP
um
it just be like a storm like what happened in Texas
um like three years ago
so yeah I mean
people need to be ready they should have what
like at least a week's worth of food and water
so that I'll say six months
six months yeah
six months and then you'll probably need a good
(33:49):
figure out how your water situation
and then unfortunately you know
you're fighting situation
like how are you gonna defend your family and stuff like that
absolutely
yeah that point the concealed weapons laws don't really matter
yeah that point the other would always wonder is um
you know our cell phones right
whatever happens to our cell phones if there's a cell phone outage
and do you have that multi layer effect of like
(34:12):
okay
Verizon at t the big ones go away
what about the smaller ones
do you know how to operate a ham radio for communication
cause at the end of the day we people need to be able to communicate
right same thing with your internet
you know we have
we have the steady fast internet
but what is your fail over
yeah that's a good point
and you know when you're
you're doing instant response with companies now
(34:33):
they need to have a contingent
they need to have contingencies in place too for their communication
right cause you know
you have to assume that you may not have email
you mean the phone system may be down um
they could be listening on your phones or emails yep
so what do you what do you recommend for that
yeah the alternative communications plan right um
(34:53):
one thing when I was working one of the
one of the world's biggest banks
we would do this exercise once a year is we would go meet the CEO CFO
why not we would take their cell phone and would take that
and we would figure out a way
how for them to get a turn of communication going
and I was always going to Walmart buying burner phone
buying burner laptop and standing up like okay
we're gonna start communicating this way um
(35:15):
and it was very fascinating because you have
you have these individuals were worth billions of dollars
and you pull them out of their environment
and it's quite fascinating
cause they're like oh
I actually have to go to Walmart like we have to go to Walmart
let's go to Walmart I own a Walmart but I can't see and and it's like
yeah like this is this is the real deal
and whenever I was working
like presidential details and also State Department details
(35:38):
this was ingrained to us right
we had a little go bag and then we had our a pack
and then our a pack had everything in
but our go bag was for us because we
would have a burner phone $10,000
a red passport and an alternative means get out of the country
and that's the same mentality I have with these CEOs
I was like you need to have a go bag sir
so you have your bag that has all your equipment
(36:00):
but then you have something that's on your body as well
in case you lose your backpack yeah
or unless you gotta roll out right
or you gotta you gotta get out of Dodge
like usually $10,000 in the Middle East country
or an African country will get you across the continent very quickly
so yeah and I've
I've heard on some podcasts that
some good advice for just people that are just around
(36:22):
just like walking around
you should always have a hundred dollar Bill on you cause you know
it's it's easy by
and most times you can like
pay somebody 100 bucks to get you somewhere yep
so we used to word Haiti in Africa right
also in Afghanistan we were notorious for bribing people we were like
we're not above it we're like
we're gonna
we had commandeer to ship from Miami and brought some stuff over here
(36:44):
and I was at the port and I remember we're going
so the guys I was like what do you guys want like money
I was like perfect easy how much
and they're like
oh 500 bucks like perfect just give me the ship please
so um money goes a long way
no matter where you are in whatever country
absolutely cool um
thank you so much for coming pod um
you know we're
we're growing podcast pretty small
(37:06):
so having a high profile guy like you on
it's pretty cool where can people find you
yeah you can find me on Instagram
really want to Rico underscore Danielson underscore LinkedIn
of course um
but yeah I'm everywhere
I'm on the news every night pretty much
so if you really need something from me
I can drop an information
mail address
and also a phone number if you really want to get in contact
(37:29):
absolutely awesome and you said you wrote a couple books this year
what books were they and how do people get a hold of those
yeah so they're on Amazon
so I've actually written a total about 10 bucks
and the last year I spent most of it
so one was a no nonsense no BS cyber security
this is like how to do cyber security and have the
authentic conversation that you really need to with your people right
(37:52):
number two was the FM Field Manual
which is a very lightweight art book of cyber security
I realize a lot of people don't do art in cyber
so I made it as a coffee table
I was like here you go
and then I made the bigger one
the TM the tactical manual was very
very technical
it's about 207 pages along with pictures and what not says
(38:13):
here's how you do X y and Z
um they're 90 bucks on on Amazon
definitely recommend that
and when people say it's kind of expensive
like what you think about it took me two years to create each one
and at $1 a day I think we're all right
that's awesome yeah
definitely check that out
and we'll put the links in the show notes
and yeah thank you for coming
if you're ever down in San Diego
(38:34):
I'd love to do one in person
and yeah
thanks again for coming hopefully I'll be there soon
rock and Roll Joe
thanks man
The best advice anyone ever told me was...
I gotta go talk to the CEO and I gotta do a million dollar ask
how do I do that
that I was like what is metamorphic polymorphic Ransom word
how does it initiate itself
and basically
a terrorist organization in the Middle East
has just been compounding this
this artificial intelligence base
ransomware to was a lot of distinction
(00:22):
because these threat actors have to pay each other
and they weren't paying each other
and so now it's like all right
well game on
I'm gonna show the world this
and that incident spawned across five nations
over 200,000 in points were hit and it was it was wild
I've been to war nine times and I've seen it very calm
(00:42):
and I seen it just blow up
and when people don't have their kutramonts in the normality
behind what there is the behavior changes
so welcome to the Ransomware Rewind podcast
got Ricoh Danielson here
former military special forces
former lawyer
forensic expert and he's here to talk to us today about cyber security
(01:07):
new trends things that are going on in the private and public sector
and I really excited to talk to you
first first thing
why don't you just tell us a little bit about your background
yeah absolutely
hey Joe
good to meet you good to be on with everybody
good to see everybody uh
my name is Rico Danson spent some time in the military
I went overseas 9 times rotated to Iraq and Afghanistan
(01:30):
also in Africa as a heavy hitter as infantry man
but also doing some sort of some supports of special operations
additionally some Oga stuff
cool you know movies you see 13 Hours with only four guys
that was that was definitely me
after that went to law school was with Opds Officer Public Defense
supporting the digital forensic aspect of it
(01:52):
only doing capital punishment
death penalty murder cases
pulling forensics artifacts
and then decide to pivot and go to instant response digital Francis
which is way funner a lot more juicier could do Ransom negotiation
reverse malware and all this good stuff
and it been leaving the charge since then from a very long time now
how did you transition from the military to uh what you're doing now
(02:15):
so it was a very tough transition to be completely honest with you
after nine rotations
you become a certain way of operating and who you are
I remember going to my teammates right
remind you these are some very alpha guys
hey so I'm gonna go to law school boys and they're like yeah
that's not a good idea
all over so in Iraq so in Afghanistan different parts of the Ukraine
(02:37):
Israel and whatnot and they're all fighting and I'm just like
this is why I left guys
I'm not as big as they are anymore
I was 250 pounds and they're still rocking 2:50 I'm like hey
got some other things to do
it was it was all the force through the tree lines
to be completely honest with
I wanted to do some different after that after law school and whatnot
actually went and got 3 master's degrees
(02:57):
so I was very fortunate to get them all paid for
from the Wounded Warrior Scholarship
just it's a lot funner doing this stuff man
you also get that adrenaline kick to when you're responding to hack
it's really have to be in the moment
and there's a lot of moving parts
you wanna talk a little bit about
a recent hack you've help somebody with
(03:18):
actually
bring a very interesting topic and a good conversation piece
because it is very true
ever since I left
the military is always rushing towards the adrenaline
rushing towards the the thing
and one of the things is instant responses
why veterans and law enforcement FBI guys and girls do amazing in IR
if you notice
some of the big firms hire these people and that's kind of what we do
(03:40):
we thrive in chaos
and I think one of the biggest ones I've ever worked with there's two
one is the biggest burger maker in the world
I helped do one of their instant responses
and they're huge across that incident spawned across five nations
over 200,000 in points were hit and it was it was wild
(04:00):
it was pretty fun pretty fun exciting time it was really good
the most recent one was we did one for a state
Middle State of Tennessee
one of the second largest hospitals got hit with Ransom where
from a being Liam gang
and it was fascinating because it took down the whole hospital
it was like I've never I've said some weird stuff in my life
but going to a hospital where there was nobody inside
(04:24):
it's like this is creepy
looks like from The Walking Dead or something right
precisely precisely the organization got hit with from being Liam
they got some pretty nasty Ransom
where it took all their other information
after that
we help them recover within 84 hours in reimage
over 17 devices within 84 hours
(04:46):
and what that means
it was just late nights hard work working with the Secret Service FBI
insurance carriers and trying to do the right thing by the customer
and the same aspect
trying to mitigate and lower the risk and what not
so we worked those and also 15 other hundred
fifteen other hundred breaches as well
the hospital hacks are are really bad
(05:09):
I think that don't know what happened
but it seems like once the FBI took down Black Cat
they just took the gloves off and start going after hospitals
do you do you know when I turned because they they come like
we're gonna pack businesses and stuff
but we'll leave the hospitals alone
when did when did the attitude for hackers change on that yeah
(05:30):
so what happens is we got to be very mindful of this
is that Ransom threat acting and also ransomware itself
and the Ransom game is a billion dollar industry
so you have all these sub affiliates below
and all these other organizations
gang organizations right
and some of them really good
I think what happened is a few different things one
the FBI took the kid gloves off like you said
(05:50):
they went after them number two
one of the internal people
I believe will probably internal espionage or counter countersergency
there's a plant basically in there
release all their chats and everyone went at each other's throats
so that was pretty wild and then No. 3 is
was a lot of distinction
because these threat actors have to pay each other
and they weren't paying each other
(06:11):
and so now it's like all right
well game on I'm gonna show the world this and
once you remove unfortunately honor amongst thieves
now you just have straight gangster criminals
and that's what they did they're like alright
well everyone's game on
I just got a phone call the other day
that there was an elementary school that got hit
and I was like
what what why
and then right after that two hours later
(06:33):
there's a nursery house I am like
what is going on guys
like usually there's a rhyme or reason or method
but it's just everybody's fair game now
do you think the hackers are just out there scanning the internet um
looking using AI or their tools to find
open AP's company can can now for who has MFA and who doesn't
is that kind of what they're doing on the back end
(06:56):
yeah I think what's happening
there's a Ransom threat acting gang
or an affiliate gang that's doing the initial reconnaissance right
the kicking off showdown burp sweep
there's kind of like rolling around earth hey hey
I got a list of these things who wants to buy it right
and then somebody will buy it for a thousand bucks
2,000 bucks and they'll go back to doing their business
and then the initial door kick
that's another 10,000 two hundred thousand dollars
(07:18):
then the lay of the land where people want to just hang out
get latter movement own different admin accounts
that's another hundred thousand dollars
so
I think as a progress forward is gonna become more and more dynamic
yeah
yeah it's nuts
what do you see in the future for trends and new technologies
as far as packing goes and and what company should watch out for
(07:40):
yeah I think before it gets better is gonna get a lot worse
when I was in Israel I
we were I met with the unit 80 200 great unit great cyber unit
and they talked about
they saw first ever metamorphic and polymorphic ransomware
and I was like whoa
what transformers what's going on
and that I was like what is metamorphic
(08:02):
polymorphic ransomware and how does it initiate itself
and basically
a terrorist organization in the Middle East
has just been compounding this
this artificial intelligence base ransomware to morphicize itself
and has been released in a while now so what I think
it's gonna happen is
the polymorphic and metamorphic Ransom war is gonna hit the industry
post the next two years
(08:23):
fakes artificial intelligence and additional on top of that
like the sophistication behind authenticity is gonna get very
very dynamic and it's gonna be a hard hit
a hard target to hit yeah
the episode on deep fakes
that's really fascinating
going back to the polymorphic metamorphic
uh
(08:43):
sounds like they're using AI to program these viruses
to put on my tinfoil hat uh
once in a while but you know
we saw what happened with Russia trying to hack Ukraine with a check
you know came back on them and
you know took out one of their major gas installations
is there the potential of one of these viruses getting out of control
(09:06):
and just like yes
becoming its own thing
yeah what I think it's gonna actually take the better bad parts of the
the power that has worked has not worked
and I believe more likely it's mature in itself as we speak
and more than likely
it will probably release itself to a lower infrastructure
lower security area you're probably looking anywhere Middle East
(09:29):
East Africa or even eastern block
Europe
because the infrastructure is just not as robust as people think
it is additionally
the security is not as robust speak about Ukraine
I went there to go check out the war to see what's going on
and also the cyber warfare aspect of it
and they're still threat I can gang
still operating as if there's a war going on
(09:50):
and they're caring about their own business against the United States
against every other world place
but the Ukraine you're like this is fascinating huh
I always thought that was fascinating
when I found out that it's not illegal to hack the US in Russia
there's no like rules against that is that is there something to that
so there's no all per se
(10:11):
but once you conduct in that inadvertent access unauthorized access
stealing and stuff like at that point
and it depends on the magnitude of it
is definitely extraditable and depends where you hail from
if you're a nation state threat acting group
that's a different premise of prosecution versus a Ransom word
threat acting gang what I'm noticing is that
(10:34):
the United States kind of leaves it open to invite
because we want to see what's out there right
we that's the best type of counter certainty is hey
invite them in take their goods reverse engineer and be better at it
that's what we're known for
now for the acting what we're noticing
when he used to work for a company called Blackwater back in the day
what we used to do is actually go get the bad guys in other countries
(10:56):
now companies like that are approaching companies like us say hey
show us where the bad guys are do you wanna come with us
and it's a it's a pretty heavy fee but yeah
I see that that turning now gonna be happening interesting
no
do you have any insight info on the stoly um
hack and how they you know
how they went bankrupt and everything
(11:17):
did you hear about that one
no I have no insight on that one so haha yeah
so this company stoly is the vodka brand
I guess they had a cyber attack and at the same time Russia like
confiscated like two other factories
seem like it was a coordinated attack on them
to put them out of business
because I don't think Putin in the ownership got along
(11:40):
I don't know you know I don't know like what bad blood or what
but it just seemed a little bit too like
convenient that all stuff happened at once
so I don't know anything about that one
I had to do a little more research
but from a from a law fair perspective from a cyber perspective
we've seen it in our own country
we'll see it from the top down
you'll see
(12:01):
you know CEO CFOs being targeted and then also big organizations
I mean why wouldn't you do that to bleed out your competition
if you're being fun about the other side
so that sounds about right to me
you know
cool
that's that's what I want to talk about stole days
it's kind of funny when
(12:21):
it's kind of like crazy when like big brands get
get hacked
do you guys want the PR and stuff too or
yeah so what we do is whenever we have we have an initial engagement
um we've seen other brands get hit like the big
you know burger makers the kings of burgers you know
some people who are maybe called Wendy's and what not you know
we we meet with these people and we have a team right
(12:44):
we have 40 we're 41 strong
we show up we do instant response in semi commanding
we burn our own general counsel or we refer it out
and then right there is a mass communication right
we sit there with the organization say okay
what's your cover story to hold them off
what are you gonna tell people
how are you gonna tell how you can disseminate
because that would determine your
(13:04):
your legal stance negligibility or will be during if
if you're alive or not right
so depends on how you control the narrative additionally
you're gonna have to provide
credit monitoring and stuff like that to different people
so what does that look like
and it's all about controlling the narrative
and it's all about wrangling the news as well
you're gonna have to have a good PR person
absolutely another thing that I see is that
(13:27):
companies have people inside that are like
going to Twitter or Facebook and saying hey
you know my
my company's down I think it might be hacked
how do you control the people on the inside
yeah so what you do is a couple agreements
right
and then also punitive damages
you can sit on a grim like that say if you
you know demean
deface or misrepresent the
(13:49):
the company you're reliable for punitive damages
one of the best organizations that I
that we hospital here in Tennessee was uh
we showed up and they immediately told everybody like
you're allowed to post whatever you want however
can you post this one message
and it was
we're doing the best we can with what we got first responders here
(14:09):
we work a lot forcement everyone else in between is here
and that message just propelled itself through
through different to different channels
actually control the narrative very very positively
that's something people should put in their incident response plan
is their communication
strategy
maybe even have a pre written statement
statement saying they were
(14:30):
you know cause all you have to do is
upload anonymously that you hack to IC three or something like that
and you're already
you know
you know cooperating with law enforcement right yeah
even if you're not like calling them and not getting them involved
uh so there's
there's way to like few things so that you know
you look a better light
(14:52):
I'm glad you brought the IC through thing
and also different regulators
here's what we're seeing all right
from the instant response perspective
and also the eternal perspective will gather all of our information
we'll go ahead and be like hey
here's all your stuff
here's the evidence you're gonna need to move forward however
the FBI and also other organizations unless it's $1 million and above
they're really not interested
(15:14):
so they're gonna be like alright
so go ahead and handle that
we'll we'll catch up with you later and same with the regulators
we've been noticing and we and the regulators are amazing people
I just believe that they're very understaffed extremely understaffed
and we we helped a client submit acclaim and also notification
and they're like yeah
we'll get you next year pretty wild
but you still have to do it though good faith right right
(15:35):
and you have the Republic company of the SEC rules right right
so the SEC rules that's one thing I don't agree with
but I see value one
you definitely should be reporting mechanism but number two
how are you going to prosecute the technologies
or go after the sisso or the sisso or whatever
or CIO
in reality
(15:56):
like you said the presidents basically as a whipping mechanism
I think it's the whole wrong premise as a matter of fact
I think the SEC should be used as a leveraging point
not as a whipping tool
I completely agree
and I think that diesels get blamed first and they have the least
least amount of power of the board
even if they're if they're on the board
(16:16):
it's usually like a
they're kind of like half on it a lot of times
and then they get blamed
I don't think cecils are in a really good situation right now
but what do you think about all that
yep so I've been to Cisco before
I've been to Cisco six different times for healthcare organizations
IoT and hospitals and the first thing I always ask is
part of my onborn requirement is I want equity in the company
(16:38):
I'll forego the salary but I want equity and at that point
once you're issued equity
that means you have skin in the game
if you're a sisso
and you don't sit at the board level or the ownership level
you're being set up for failure and unfortunately and it's just sad
and then No. 2 is unless you're with a bigger financial firm right
unless you're with the huge firm
I would definitely position that and then on top of that
(16:59):
if you're not in the position of power
then you're in the position of risk deference
you can defer your risk to different people
this is your deal not my deal
I'm not owning that risk
so when the hammer drops and it will and it will drop
you're not the one getting hit or if you do get hit
you're not gonna get hit that much alright
you're giving the information to the
Chiefrest management officer or the CFO
(17:20):
and they're doing
they're the one that has the responsibility for that
after you get info exactly
exactly additionally what I would
I was highly encourage my fellow cisos and cybersecurity offers
officers is go get DNL insurance
director and operator or officer insurance
you need that I don't care what your company says
you're gonna need it
because there will be a time where they're gonna be like alright
(17:42):
we're gonna sue everyone like whoa
whoa whoa and personally
I've had to go get on a few different business ventures myself
so that's just for me though
now I completely agree I have a background in insurance
that's what I do as my day job
directors and officers insurance is really important
but you have to watch out a lot of since 2020 and 2021
there's been a lot of like cyber exclusions on there
(18:03):
or total cyber exclusions
or there'll be a
basically a caveat in the policy
saying that if it stems from a cyber incident
then we're not gonna cover it
and this was in response to like
directors and officers policies
covering cyber incidents when they weren't supposed to
but it was over correction because if it's a bad board decision
(18:24):
it still should be covered if they're sued for it
even if it came from a cyber incident right
yeah to to pay or not pay the Ransom how you handle the communication
did you report it or not report it
you know those are all like uh
important decisions that the board has to make either in the moment or
you know plan for it beforehand yeah
(18:44):
even for myself
I'll carry just even general light Bill or general light Bill
and also eno insurance
because at some aspect I'm like hey
I can do X y and Z but I'm not gonna be held liable for that right
I mean
I'm not doing anything crazy criminal or anything like that but hey
this is this is not good and I'm not gonna take the blame for it
so especially if a sisso reports you to CFO bad report structure
(19:09):
why do you think it's a bad reports structure
well if you're a sisso right
and your importance is CFO
the CFO sees black and white right
zeros and ones is either
it's a positive indicator or negative indicator
your cost uh
department or your revenue department in every aspect of it
this the security is more than likely a cost department
(19:29):
and they're gonna be like
how can I lower the cost so much more
and they have to and they control it
if you sit next to a right above and I've sat there before
it's like here's the lay the land
here's what need the investment of it and here's why
if you can do it that way it's a little bit better yeah
I think there should be a class in Cecil College
like talking to the board
(19:50):
I could be that like the class
sir
board communication 1:01
because the way that the board talks and the way that
you know
cyber security department it department
you know looks at things as completely different
yep I'm glad you brought that up
I had no tons of technical sysos then I'm like dude
you should never be in a boardroom ever and
(20:13):
and then you have guys like me or you know
staff members like me or like you can speak the high level
you can speak the technical you can speak here
so I think you're you you're very right
there needs to be some sort of course of interpersonal skills
yeah and I think uh
you know return on risk or return on um
investment for cyber securities getting a little bit better
(20:34):
the way that they're quantifying it
there's some some good software and and new things coming out for it
but it's very hard to quantify like what you're gonna get back by
you know possibly not getting hacked you know
like how do you communicate that
we got to put this in because
there's this percent chance that we're gonna lose this percent money
and we like multiply that
(20:55):
you like use miter or like what
there's a guy you should meet his name is Ross Young
he's a former CIA guy and he taught me this in mind
you were at the same level very
very smart gentleman but too smart sometimes and he was like
you gotta tell the story we go you gotta tell the story and I'm like
alright well
what story we telling he is like
how much you're saving the world
(21:16):
and how much they're not losing business
and I was like got it however
your metric your KP
where your key performs indicator
cannot be the fact that we did not get breach
that's that's bad right
you cannot do that because so what happens when you do get breach
you're fired boom right so that's just like a good idea
so think it's a matter of telling the story hey
(21:37):
we have a contract requirement we have regulator requirements
here's what it means the top line revenue
we able to close these business deals
because we were able to get this certification
and here's why right
so at that point the conversation changes
that you're a contributor to the top line revenue
hmm
like that
yeah yeah
(21:57):
this should tune into this part yeah
this is really good
I I
I'm on I'm on a chat with about 1,000 different csos
and I love it
because you can actually have the gloves off conversation
you're like hey
sit down this is a tough conversation
how do you do this how you do that
and one of the conversations is like look
I gotta go talk to the CEO and I gotta do a million dollar ask
(22:18):
how do I do that
here you go
this is how you do a gentleman and what ladies so like yeah yeah
it's really that you guys talk to each other cause it's uh
it can be a lonely position you know uh yep
you kind of but it in between like a couple different uh apartments um
it's kind of a thankless job
(22:39):
it is a very thankless job
and you are the was they would say two analogies
you are the Jesus Christ of earth
and everyone praises you and whips you
and the other part is you're very much like a Leonidas right
like you're gonna lead the charge
but the only got 200 people behind you
so and the rest of the world's coming for you
so I believe those two analogies depict being the sissy
(23:00):
so that's awesome
so in I wrote two books actually three books this year
but one of them was like a very art book
I'll send you one okay
and it's for a coffee table book
and basically use artificial intelligence images and whatnot
and one of the things was in there is the Sisso right
and it's a it's a shield it's a gladiator
and it's and it's very much to me the depiction of a true Sisso
(23:23):
because you're gonna you're gonna go into combat
you're gonna get hit and the question is
how are you gonna survive and who's coming with you
and you're the general of the it department
you're called into action
you're watching over the castle walls and then sometimes you gotta go
into battle
that's a good analogy
you haven't always been a to so or incident response person
for the people listening here that wanna get into cyber security
(23:46):
that are interested in it
how did you transition
so when I was going from you know
member law enforcement law
just being infantry man and ground pounder
there was only three recommendations I would give it to me
and I still recommend it
but now you have so much more and so much easier
so much more accessible stuff
best advice someone ever told me was remember the internet
(24:08):
all it is just a big network
that's all so you need to understand networking
you need to understand security A plus
I wouldn't worry about but I'll say network and plus and security plus
so to be A2 recommendations
and I read those every year just because everything is changing right
um if you want to do now
if you're very let's say
let's say you're non technical person and you're very good at policy
(24:28):
I will start my journey off in GRC risk governance and compliance
I would definitely lean into that very
very heavily one
nobody wants to do it two
it's a wide open field and number three
not everyone
can do it because technical people don't like to read stuff
they're just like
I wanna go fix right
so I met amazing brilliant people in the non technical side
(24:48):
and they started like traditional stuff
you know bachelor's green
so it's just GREE and they just got it right
now from the technical side
I've seen people who have no education whatsoever do amazing
I've seen people who are pencessors
instead of respondent or reverse malware
so that really depends on the skill set right
what you're trying to do what you're trying to achieve
(25:09):
the third one I always tell people and I always push people to
because I don't think people are paying attention to it
is identity access management
and the I am a super non technical deal
that'll get you in the technical weeds
and then No. 3 is gonna be your ability to control who gets what
the moment you're sent access control network
I think your goal at that point interesting uh
(25:30):
I read somewhere recently that insurance companies are
are looking more on uh privilege access management too
when they're writing policies is becoming where they're going from
you know endpoint detection
being like the leading indicator to taxes management
so that makes a lot of sense
yeah so you have payment Pam right
privilege management
identity and also mission access management those agistic management
(25:54):
if you can master those two things
but here's the thing
either is gonna cost you in labor hours or is gonna cost you in tools
there's some really amazing Pam tools
and also some multi factor tools that are gonna cost a lot of money
but then there's some ways you can do it at the non technical level
where you can say I'm gonna turn this rule on
turn this role and make users go a certain way
(26:15):
and the user experience that you can control the access management
yeah it's uh
I feel like with the tools people have uh
just by changing you know some configurations
they can make a lot
huge improvement in their
cyber security stance without spending any money
do you have any examples of those
yeah so one comes to my mind anytime we work an incident
(26:38):
the first thing we always ask for is we need
we need to know what's in your environment right
whether it's Exchange Server on pram or with O3 65 environment
we see this a lot
3 65 environment as nobody has conditional access turned on
those are quick wins very fast
there's about 45 to 47 default rules
you can just turn on and it won't hurt anybody
(27:00):
and it'll add you add that extra permission of layer
I think it's a great idea that's what I believe absolutely yeah
we had a
somebody get into one of our employees emails
and the thing we did just stop that from happening again is just
we don't let anyone from outside the United States
access our our network and just limited geographically and you know
(27:24):
I know that some people have VPNs and they can get around that but
it takes out like the guy in Russia
that's just like going in and checking
they can get in
yeah so there's that you could do that right
Geo fencing the another one is you could do any type of applications
such as like Digital Ocean or something like that
you just you're like hey
we don't do that we don't allow people to access it that way
(27:46):
they'll be like a brave browser or something like that
and the other thing is what I recommend to people to do is
do a business email compromise assessment
these are called Becs right
or if you want to call them due diligences
and that's where you kind of look in your environment like okay
what's going where
one of the things we notice is what the insurance company is
they'll hit us up and they'll say hey
these two people bought each other
(28:07):
can you go in as an independent person
as an organization
and do a business email compromise assessment to let us know
and that's what we do and it's pretty pretty awesome
what what is involved in that kind of assessment yeah
so basically what we do is we show up
it's usually a fixed fee for certain amounts of
of endpoints and what not
(28:27):
we show up more like hey
we need Global Reader I have an access and also
no admin access on top of that to the environment
and at that point we start pulling different forensics
for artifacts and different elements
we scrutinize the overall and tenant
and then we start understanding what is a lay line
what looks normal to the organization and what doesn't
usually nine times out of 10
we scratch the servers and we find that hey
(28:49):
there's been a threat out here environment
they're shuffled around this invoice fraud type deal
when I'm dealing with cyber insurance clients
I see a lot of funds transfer fraud
yeah
invoice manipulation what what are some ways to avoid that
one of the mortgage companies in
Tennessee that I went to go give a lecture with
they're like we don't make any funds transfers
(29:10):
the pick up the phone first and I'm like well
okay in Tennessee you gotta stand right
like it's pretty slow and simple here so people are like
hold on man let me call you right quick and you're like alright
call me that's No. 1 No. 2
just remember this threat actors operate on three different things
pain fear and pleasure okay
and there's always gonna be a sense of urgency hey Rico
(29:32):
this is the CEO
I need you to do this right now this I'm in a lot of pain
I'm a lot of this if you don't do this
this is what's gonna happen
and the remedy the pleasure is I need you to transfer the money
no questions asked
pain for your pleasure
slow down
pick up the phone I am them you know like teams number whatever
but they're on the way to the airport of course they are
they're just getting on a plane though
(29:53):
absolutely cool
perfect um
I'll put it this way
500,000 dollar transfers do not happen like that right
there's a lot of due diligence
if anything called the attorney or the cunning county like hey
what do you think right
haha um
the again the urgency the urgency just slow down hang tight
you're not gonna lose your job ask the validating question yeah
(30:16):
I see that a lot on the personal level too with fishing emails
it's always like
they're gonna cancel your account or it's gonna go to collections or
or some kind of like penalty
that's gonna happen if you don't click the link
and deal with it right away
oh yeah that's the that's the pain part and the real question is this
you got to sit down and ask yourself like
that pain that this can be flicked it right
(30:38):
is it really that bad like no
not really so yeah
what's the funnest part of your job
you get to see the true essence of a person during crisis
like
I've seen grown men just crumble and I've seen great people stand up
step forward and it's just
it's just wild
and then the other part is you actually get to help people
(30:59):
we get to do some really
really cool things like bring down big and some gangs scam artist
we help tackle one of the cartels call centers
you know stuff like
like the stuff you see in the movies are like
all this is what we do every day
nice not all heroes wear capes
I love it no
not all used to back in the day but
what do you what do you uh wish people ask you um
(31:22):
that you never get asked
that's a good question I've been asked that one
you know
given where they are in life
what should they be doing with security and technology itself
living in Tennessee
I used to live in the West Coast in California and in LA
San Diego and Phoenix and a lot fast pace right
a lot of fast pace and I noticed here in the Midwest
(31:42):
is that nobody really understands it
tenacity in the fullness of technology
and a lot of I wish a lot of people would take the time and say hey
your technologies Rico what should I be looking at
not now but what should I be looking at
what should I be getting to know
because technology is already here and it's moving extremely fast
and I think in the next seven years
(32:03):
you're gonna see a dramatic increase of something
you'll see it
yeah something we haven't even heard of yet
yeah that's usually how it goes yeah
usually every seven years whenever like it goes
especially with technology
and what will happen here is artificial intelligence
what not like I eat every seven years and then every four years
and then every year that's what's gonna happen
(32:23):
you know we talked about tinfoil hats and stuff and you know
having we like to have a little fun on this podcast and just do like
what ifs like what a
what catastrophes or things that could happen
you know if this and this happened um
that you could that you've you know
just thought of in your head at some point yeah
(32:44):
so living in I live in the country right um
one of the things that I always worry about and
and I think it's a very true thing is in the event
one of the grids goes down right
and in the event one of a major transformer within the region
within the county goes down
what is power look like what is sustainment look like
what is food shelter and also fighting look like
(33:05):
been to war nine times
and I've seen it very calm and I seen it just blow up
and when people don't have their kutramonts in the normality
behind what there is the behavior changes so
what if this happens what does that look like
are we ready or we're not ready
you know stuff like that
yeah that's scary
I know that a great going down is definitely something that
(33:28):
that could happen either from a cyberattack and EMP
um
it just be like a storm like what happened in Texas
um like three years ago
so yeah I mean
people need to be ready they should have what
like at least a week's worth of food and water
so that I'll say six months
six months yeah
six months and then you'll probably need a good
(33:49):
figure out how your water situation
and then unfortunately you know
you're fighting situation
like how are you gonna defend your family and stuff like that
absolutely
yeah that point the concealed weapons laws don't really matter
yeah that point the other would always wonder is um
you know our cell phones right
whatever happens to our cell phones if there's a cell phone outage
and do you have that multi layer effect of like
(34:12):
okay
Verizon at t the big ones go away
what about the smaller ones
do you know how to operate a ham radio for communication
cause at the end of the day we people need to be able to communicate
right same thing with your internet
you know we have
we have the steady fast internet
but what is your fail over
yeah that's a good point
and you know when you're
you're doing instant response with companies now
(34:33):
they need to have a contingent
they need to have contingencies in place too for their communication
right cause you know
you have to assume that you may not have email
you mean the phone system may be down um
they could be listening on your phones or emails yep
so what do you what do you recommend for that
yeah the alternative communications plan right um
(34:53):
one thing when I was working one of the
one of the world's biggest banks
we would do this exercise once a year is we would go meet the CEO CFO
why not we would take their cell phone and would take that
and we would figure out a way
how for them to get a turn of communication going
and I was always going to Walmart buying burner phone
buying burner laptop and standing up like okay
we're gonna start communicating this way um
(35:15):
and it was very fascinating because you have
you have these individuals were worth billions of dollars
and you pull them out of their environment
and it's quite fascinating
cause they're like oh
I actually have to go to Walmart like we have to go to Walmart
let's go to Walmart I own a Walmart but I can't see and and it's like
yeah like this is this is the real deal
and whenever I was working
like presidential details and also State Department details
(35:38):
this was ingrained to us right
we had a little go bag and then we had our a pack
and then our a pack had everything in
but our go bag was for us because we
would have a burner phone $10,000
a red passport and an alternative means get out of the country
and that's the same mentality I have with these CEOs
I was like you need to have a go bag sir
so you have your bag that has all your equipment
(36:00):
but then you have something that's on your body as well
in case you lose your backpack yeah
or unless you gotta roll out right
or you gotta you gotta get out of Dodge
like usually $10,000 in the Middle East country
or an African country will get you across the continent very quickly
so yeah and I've
I've heard on some podcasts that
some good advice for just people that are just around
(36:22):
just like walking around
you should always have a hundred dollar Bill on you cause you know
it's it's easy by
and most times you can like
pay somebody 100 bucks to get you somewhere yep
so we used to word Haiti in Africa right
also in Afghanistan we were notorious for bribing people we were like
we're not above it we're like
we're gonna
we had commandeer to ship from Miami and brought some stuff over here
(36:44):
and I was at the port and I remember we're going
so the guys I was like what do you guys want like money
I was like perfect easy how much
and they're like
oh 500 bucks like perfect just give me the ship please
so um money goes a long way
no matter where you are in whatever country
absolutely cool um
thank you so much for coming pod um
you know we're
we're growing podcast pretty small
(37:06):
so having a high profile guy like you on
it's pretty cool where can people find you
yeah you can find me on Instagram
really want to Rico underscore Danielson underscore LinkedIn
of course um
but yeah I'm everywhere
I'm on the news every night pretty much
so if you really need something from me
I can drop an information
mail address
and also a phone number if you really want to get in contact
(37:29):
absolutely awesome and you said you wrote a couple books this year
what books were they and how do people get a hold of those
yeah so they're on Amazon
so I've actually written a total about 10 bucks
and the last year I spent most of it
so one was a no nonsense no BS cyber security
this is like how to do cyber security and have the
authentic conversation that you really need to with your people right
(37:52):
number two was the FM Field Manual
which is a very lightweight art book of cyber security
I realize a lot of people don't do art in cyber
so I made it as a coffee table
I was like here you go
and then I made the bigger one
the TM the tactical manual was very
very technical
it's about 207 pages along with pictures and what not says
(38:13):
here's how you do X y and Z
um they're 90 bucks on on Amazon
definitely recommend that
and when people say it's kind of expensive
like what you think about it took me two years to create each one
and at $1 a day I think we're all right
that's awesome yeah
definitely check that out
and we'll put the links in the show notes
and yeah thank you for coming
if you're ever down in San Diego
(38:34):
I'd love to do one in person
and yeah
thanks again for coming hopefully I'll be there soon
rock and Roll Joe
thanks man
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.