Your business isn't too small or unimportant for someone to spy on you. Sadly it is extremely easy to extract highly sensitive information from employees and co-workers.
Such information may include anything that your competition can use in order to have an unfair advantage over you - lists of clients, contracts, your pricing, your top talent compensation packages, budget, best marketing channels, etc.
Robert Kerbeck, spent years as a business spy, before he switched sides. He claims that in a few minutes he can find out all that information about almost any company with a few simple phone calls.
In this episodes he shares
💥 The technics that can be used to extract such information
💥 Who are the easy targets
💥 And, most importantly, what your organization can do to protect itself
Connect with Robert on Linkedin
Hi, It's Isar the host of the Business Growth Accelerator Podcast
I am passionate about growing businesses and helping CEOs, business leaders, and entrepreneurs become more successful. I am also passionate about relationship building, community creation for businesses, and value creation through content.
I would love it if you connect with me on LinkedIn. Drop me a DM, and LMK you listened to the podcast, what you think and what topics you would like me to cover 🙏
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Isar Meitis (00:00):
Hello and welcome to the Business Growth
Accelerator.
This is Isar Meitis, your host,and I have a special topic for
you today, one that I've neveractually touched in 175 episodes
of this podcast.
And the topic is gonna be aboutbusiness intelligence or
business espionage and it's areal thing.
And I know a lot of people,myself included, running
(00:21):
multiple businesses, totallyignore that topic because in
your head,"well, I'm too small,I'm too different.
Why would anybody spend the timeto spy on me, et cetera." But
the reality is just think aboutwhat you could do in your
business or what yourcompetition can do to your
business if they had access to,let's say, your pricing, or when
(00:44):
each of your contracts end withthe people that they support as
well, or which one of yourclients are experiencing
difficulties with your productsor services, or if they knew the
compensation package of your toptalent, or if they have access
to your sales presentations.
or your marketing budget and howyou invest it, and so on and so
forth.
Obviously, if you know thatabout your competition, it's a
(01:07):
huge tool if they know it aboutyou.
You have a problem.
So like I said, most businessleaders, myself included,
totally ignore that because it'snot a comfortable thing to talk
about.
It's one of those things you'drather, you know, push under the
carpet and never look at it.
But the reality is it's real andit's out there and companies are
doing it to their competitionall the time.
(01:29):
And hence, I'm really excited tohave Robert Quebec as our guest
today.
Robert has been doing this,meaning helping companies.
Avoiding issues of being spiedon for over a quarter of a
century.
So he knows One of two thingsabout this topic is also the
author of the book Ruse thattalks about business
(01:50):
intelligence and how to be moreaware of it and how to avoid it.
And again, since this is a topicthat is critical, that could
cripple a business or help itexcel, I'm really excited to
have him as a guest today.
So Robert, welcome to theBusiness Growth Accelerator.
Robert Kerbeck (03:06):
wow.
Well, thank you.
What a great introduction.
Isar.
Isar Meitis (03:09):
Thank you.
Robert.
I assume you didn't go tocollege to be a business
espionage expert because I don'tthink they teach that in
college.
So, take me back to when in yourcareer or what event in your
career was the aha moment or theaha process?
Sometimes it's just one thingthat kinda like had the light
bulb going above your head andsaying, this is a big deal and
(03:31):
somebody should do somethingabout it.
Robert Kerbeck (03:33):
Yeah.
So, you know, I, my hometown isPhiladelphia.
my Eagles just lost a, a toughgame in the Super Bowl,
unfortunately.
But it they had a great season.
And my great-grandfather soldhorse carriages in Philadelphia
before cars were invented.
And when cars were invented, heswitched over, became one of the
first car dealers inPhiladelphia.
My grandfather took over thatbusiness.
(03:54):
My father took over thatbusiness, and I was supposed to
take over that business.
But when I was in college, Ikind of fell in love with
acting.
I wanted to try to move to NewYork to be an actor.
I didn't know anybody that haddone that.
It seemed insane.
So when I graduated, I workedfor my dad.
but something about car salesjust didn't feel right.
Kind of the trickery, you know,of sales, dishonesty of car
sales.
(04:14):
So I finally got the courage.
I moved to New York, and ofcourse actors need survival jobs
and who stumbles into a careeras a corporate spy.
But that's what happened to me.
Isar Meitis (04:26):
so.
Pure luck, basically.
Robert Kerbeck (04:29):
Happenstance.
Just crazy.
You know, the, the, you know,the luck of the universe or the
bad luck of the universe to, youknow, I don't think of it as bad
luck.
I mean, look, I would notrecommend my career as a
corporate spy to anyone, thoughclearly it's a hell of a good
story.
And, and people have been veryinterested in the story and in
my book.
You know, you gave a greatintroduction because all, every
single thing that you said aboutwhat spies do, what spies are
(04:51):
after, that's what we did.
Everything that you said, that'swhat we are after.
You know, people would say,well, what kind of information
are spies gathering?
And I basically say, we werehired to get the playbook on our
competitor to use a footballanalogy.
So our clients would come to usand our clients were.
The largest companies in theworld, the largest publicly
(05:11):
traded companies in the world,and small private companies.
And they would always come to uswith a laundry list of things
they wanted to know about theirrivals, which was usually
anything and everything from Ato Z.
And it was our job to go out andget that information.
And I'm here to tell you, as aspy, I got that information from
my clients.
99.999999% of the time..
(05:35):
Wow.
And you wanna talk about, youknow, the name of your podcast,
which I love.
You wanna talk about a way toaccelerate your business?
How about learning everythingabout your competitor?
Everything about how they setup, how their products work, how
their products are priced, whothe top talent is, what they
have in the pipeline.
Are they expanding?
Are they contraction?
Revenue's up, revenue, stats,you know, contracts, clients,
(05:58):
everything.
Think about how quickly youcould accelerate your business.
And by the way, that's what wewere hired to do.
You know, we would be hired bysomeone that in their market was
number 7, number 9, number 15,number 6, because they wanted to
be number 1 or number 2.
Yeah, and that's why they wouldhire us, and then we would go
after the top two or three firmsin their industry.
(06:20):
We would study the top two orthree firms in their industry,
and then we would furnish themthese reports that had all of
this intelligence to help themmove up.
Isar Meitis (06:30):
Wow.
first of all, it's really a)eyes opening and b) disturbing,
so depending on, on, on how youwanna address this topic, I
guess.
But let's talk about thepractice itself.
First of all, I assume the factyou were an actor or an aspiring
actor probably helped you.
But let's really talk about you.
(06:51):
The, the information could beanything but the methods, I
assume there's a list of methodson how companies approach other
companies in order to get in.
Can you give us the top fiveways that companies, that, spies
use in order to have access tocompany information?
You mean how we would get theinformation?
(07:12):
Yeah, yeah, yeah.
So I, I assume it's a mix oftechnology and human
engineering,
Robert Kerbeck (07:17):
correct?
Yeah, correct.
You know, I like to say that Ihack people, not systems.
Okay.
and you know, at the end of theday, you know, we live in an era
now where, cyber crime is a, youknow, nearly a trillion dollar
industry.
cybersecurity is of the utmostimportance.
we're seeing the proliferationof ransomware attacks, which by
the way, are only going to getworse.
I read an article the other daythat said 80% of ransomware
(07:40):
attacks, no one is caught.
No money is recovered.
So why would anybody stop doingransomware if you have a four
out of five chance of completelygetting away with the crime.
Yeah, yeah, yeah.
Right.
So, when we started out, sowe're talking early 90s the
woman who had this small spyfirm only hired actors, right?
(08:01):
Because we could obviously, doaccents, we could do voices, we
could create personas, we couldcreate stories.
And obviously we were goodstorytellers and so we would
convince people, to tell usthings that they should never
tell us.
And in the beginning we would goin person, we would go to
conferences, we would go toevents, we'd go to bars.
But what we quickly learned wasthat we were able to gain much
(08:25):
more information using theanonymity of the phone call.
To get people over the phone tobelieve we were some executive,
cuz we could imitate executive'svoices.
You know, all I had to do wascall and listen to an
executive's voicemail.
Hey, this is Rick Jones incompliance.
I'm not here.
Leave a message and I could go,oh, I can imitate his voice.
(08:45):
And then we would all of asudden be calling someone as
Rick Jones and people on theother end of the line would be
like, oh my God, I got the headof compliance.
Oh, oh yes, Mr.
Jones.
Oh my gosh.
Well, how can I help you?
Because people in corporateAmerica, corporate around the
world, are taught what?
They're taught to be a goodteammate.
They're taught to help outpeople.
And firms now, small and largehave offices all over the place.
(09:07):
Even a small firm will have twoor three offices in two or three
different locations.
They'll have an office in Israeland they'll have an office in
Hong Kong and they'll have anoffice in the us, even a small
company.
And so you can be somebody froma different office.
And people will know thatperson, but they probably don't
talk to that person that often.
Maybe they've spoken to themonce, you know, whatever.
(09:27):
And, and by the way, we wouldkind of do research to
understand what were the odds ofthese people knowing each other?
Well, And, and again, that was abig thing about being a good
corporate spy, is you would do alot of research in advance
before you made any of these,what I call rusing phone calls,
you know, hence the title of mybook.
and so in terms of like the topfive techniques is a little
(09:48):
tricky to say because every callwas bespoke.
In other words, Custom.
Whatever ploy we were gonna, youknow, and in the book I detail
the compliance ploy, the insideploy, the dropping the
grapefruit ploy.
And I won't spoil it for anypotential readers or, or
listeners.
cuz my book is on audible ifpeople like to listen to books.
(10:09):
So I don't wanna spoil it foranybody.
But yeah, all of the ploys weused are delineated.
So you can see them in actionand then of course, I hope
learn.
Wow.
I need to let my people know notto do that, or, you know, I let,
I need to let my mother know notto do that because, you know,
their corporations are beingfished and scammed and
individuals are being fished andscammed.
Right.
For sure.
(10:29):
and so we all need to do abetter job of recognizing these
things, in advance becausecorporate America and, and
again, global, global corporate,you know, companies are spending
insane amounts of money toprotect their systems, their
servers, the firewall, theencryption, the blah blah, blah,
blah, blah, and a minusculefraction of that on training
(10:50):
their people and educating theirpeople not to get hacked.
And if I can hack your people, Idon't need to hack your systems.
I can have your people do it forme.
Awesome.
So, so let's talk about this.
Really, let's talk.
What training like this shouldlook like?
What should, yeah, let's say,let's start with the employees
(11:13):
first.
Like, if I'm an employee of acompany, what are red flags that
I should know Is a red flag whensomebody's calling me or
somebody sent me an email ordoesn't matter.
Today we have right, 50different means of
communication, no WhatsAppmessages.
right.
slack channel doesn't matter.
Right?
But whatever, whatever the casemay be, somebody's in
communication with me.
(11:33):
Saying there's somebody else,which again, happens to me every
single day.
Multiple times.
Yeah.
Because I communicate with a lotof people from within the
organization, from outside theorganization, suppliers,
clients, potential, whatever.
What are red flags I should bereally aware of that would say,
huh?
This.
Doesn't add up, and I shouldprobably raise a hand stop what
(11:55):
I was about to do and asksomebody.
Right.
Well, before I answer thatquestion, the first thing I
wanna say is that corporationsneed to do penetration testing.
They do it all the time withtheir technology, but they don't
do it with the human being.
So they need to hire someonelike me.
And they don't have to hire me,but there are other people out
there that do this kind ofpenetration testing, for the
social engineering, the humancomponent.
(12:17):
And they need to basically, inreal time, see how bad their
problems are.
I'm telling you, 45 minutes Ican learn anything I want to
know about your company.
45 minutes.
Right.
So if you're cool with that,well then, you know, you can,
you can click off this, you canclick off right now, right?
But if you're like, oh my God,then you need to, get this kind
(12:37):
of penetration testing becauseeven if I give you the tips,
which I'm gonna give you now,your employees are turning over,
right?
So, so, so the people that youtrain today, you know, the, the
25 people you train today, the250 people, the 250,000 people,
whatever, they're constantlychanging.
So if you're not keeping theeducation up.
First of all, people are gonnabe inexperienced.
(12:59):
And by the way, I'm looking forthe inexperienced people.
I'm going on LinkedIn lookingfor the new hires, cuz those are
the people I'm gonna use to helpme hack, right?
So a couple of techniques.
Number one, it's always anemergency.
It's always an emergency, right?
We all get the phishing emails,the phishing texts, and the
phishing phone calls, andthere's always something you
(13:22):
need to do right now.
Plea, you gotta click on this.
You've been hacked, your creditcard information has been
stolen, your bank accounts arein jeopardy.
You know, same thing on thecorporate end, right?
There's been a, there's been a,an attack of spyware, and so you
gotta click on this to make sureyou're safe or.
whatever it Is so I I havepeople, you know, remember when
we were kids, we had the 5second rule, you know, that if,
if your gum fell on the groundor your chocolate candy fell on
(13:44):
the ground?
Yeah.
You know, your mom could pick itup and put it in your mouth.
5 seconds.
It was okay.
Well, I, I said, okay, look,we're older now.
I think we can handle a littlebit longer than 5 seconds.
I have a 30 second rule, whichis when you get the crazy email,
crazy text, crazy phone call,you don't do anything for 30
seconds.
Don't do anything for 30seconds.
Think about it.
Put the device down, close thelaptop, walk away.
(14:06):
Think about it.
Then go back after 30 seconds.
And now I guarantee you, whenyou go back, you're gonna look
at that same thing that you werepanicking you were about to
click on.
Oh my god, I've been hacked.
Oh my God, the company's beenhacked.
And you're gonna think about itand now you're gonna look at it
and you're gonna go, oh, well,oh wait.
And you're gonna see how itdoesn't make sense.
So that's something I think isreally big, is to be aware that
(14:28):
it's always gonna be anemergency, and to use that 30
second rule.
I love
Isar Meitis (14:32):
that.
You know, I, I was a, a, afighter pilot instructor in the
Israeli Air Force Academy.
Mm.
So we, we were flying with youngcadets who had just started
flying and you teach them how tohandle different emergencies.
You do it in the same and thenyou do it in the actual
airplane, whatever you can.
Right.
Not everything, but what wealways told them, the young
cadets, is when you have anemergency, there's one thing
(14:54):
you're allowed to do, which isto click.
There's like, It's all theairplanes.
I'm gonna date myself, but it'slike a analog stopwatch that's
mounted on the top of your hoodand you, you could click it and
it would run like the needlewould go.
And I said, the only thingyou're allowed to do in the
first 30 seconds is to click thething.
Hmm.
And think for 30 seconds becausenothing you're gonna do is gonna
(15:19):
make such an amazing differencein the first 30 seconds unless
you lost an engine.
That's a, a big difference, butthat's very, very rare.
Any other.
Malfunction you're gonna have inthe airplane your chances of
doing something wrong becauseyou're panicking as a young
cadet and making the situationworse are higher.
Yeah.
Than doing the wrong thing inthe first 30 seconds.
So it's the same exact rule.
Yeah.
But they literally like click onthe button and 30 seconds think
(15:44):
about the malfunction you justhave.
Yeah.
And that gives you like thatchance to take a deep breath.
okay, what am I actually facingright now?
Versus pulling a handle orpushing a button or something.
Robert Kerbeck (15:57):
whoops.
Reversible.
Isar Meitis (15:59):
Right?
That's right.
That's not something like, oh, Ishouldn't have done that.
So, that's right.
Same exact kind of thing.
I think it's a phenomenalguidance.
So you're saying from anawareness perspective, be aware
that it's gonna be an emergencyfrom a do something perspective
is take a deep breath, walkaway, don't do anything.
Come back after you had time todigest.
(16:21):
Yeah.
Robert Kerbeck (16:21):
Or show it to somebody before you do anything.
Show it to your supervisor.
Show it to your head of it.
You know, you know, go, go toyou know somebody else and say,
Hey, because again, another pairof eyes on it.
All of a sudden now everybody'slooking.
Everybody's thinking, now you'rethinking.
So you're not going to make thatmistake where you click on
something and in this era, oneclick can be enough that the
(16:45):
damage is done.
Right.
which is pretty, you know,pretty intense, but
unfortunately it's true.
One click and you can cause atremendous amount of damage to
your firm.
Isar Meitis (16:56):
So what's the second thing?
First thing is emergency and.
Take time to think about it.
What's the
Robert Kerbeck (17:00):
other thing?
Well, there are a lot of otherthings.
Another thing is that these,these Phish attempts, these
Rosing attempts, these socialengineering attempts are trying
to create some sort of rapportand friendship.
Right?
Okay.
So I'm gonna make you my buddy.
You're my buddy, right?
So, you know, if I'm calling youon the phone, if I'm sending you
an email, you know, Hey, it'sso-and-so.
(17:23):
I run this team.
Oh, I've heard about you.
You do this thing.
Oh God, I'm, you know, I can'tbelieve we've never met, or I
can't believe we haven'tcorresponded whatever.
I'm, you know, but I'm utilizingthis thing, this kind of
friendship thing that, you know,I'm kind of like your best
friend, your new best friend,and, and I'm jammed up.
We're on the same team.
(17:44):
Help me out.
Help me out buddy.
And I'm gonna tell you that mosttimes in corporate America, you
know, people are all too willingto do that because again,
they're thinking we're, we'rewith the same firm.
Yeah, we are kind of buddies,you know, corporate buddies.
and that was something, youknow, especially when we would
use accents and we would be fromdifferent offices, you know, so,
(18:06):
This is Gerhard calling from theoffice in Frankfurt, Germany.
We have a European Unionregulators here, and we need
some information from thestates.
Oh, hey Gerhard.
What's up buddy?
Oh yeah, I've seen your name.
You're in Frankfurt, right?
Oh, Yaman Frankfurt.
Oh, this is called Here Ya, youknow, and oh.
Oh, hey.
Well, wow, so weird.
You're calling me for Frankfurt.
(18:27):
You need information.
Es Germany.
Oh, okay.
Well, what do you need?
Right.
They're, they're not thinking,wait a second, why the heck does
the guy in Germany needinformation on the US server
systems, financials, talentreport, compensate, whatever I'm
asking for.
(18:48):
And by the way, sometimes it'sall of those things, right?
I'm asking for all of thosethings.
Yeah.
But they're like, well, he's,he's a real guy.
He's really in Germany.
You know, I'm impersonating thatsomeone exists, and what are the
odds that somebody.
Put on a fake German accent.
Isar Meitis (19:05):
It's a, it's like, yeah.
And, and calling me on somethingI actually know, like,
Robert Kerbeck (19:08):
correct.
Yeah.
Yeah.
Correct.
And you know, one of the thingswe learned in our spying was
that the, the crazier the ploy,the more insane, the more
outlandish, the more believableit was.
Do you know how many times, doyou know how many times people
said nine to Gerhardt?
Never.
Isar Meitis (19:30):
So, okay.
So rule number two is whensomething sounds crazy, too good
to be true.
Too good to be true.
It's probably not true.
Yeah.
Even though what you tell me isit's the other way around
because people saying, what arethe chances that somebody would
make up this scenario?
Right?
Right.
So, but but you're saying thereality is if it's a scenario
(19:53):
that doesn't, doesn't makesense.
It doesn't.
Robert Kerbeck (19:55):
That's right.
That's right, exactly.
And your instincts.
You know, cuz so many times Iwould, you know, back in my
spying days, cuz obviously I,I'm retired and I've been
retired for a while now, and Iconsult, you know, I've gone
from offense, so to speak, tonow defense, right?
I help firms defend themselves.
so, you know, it, it, it, butpeople would always question and
they, and they would go, wait asecond.
Now why does a guy in Germanyneed, ah, okay, here it is.
(20:19):
So their instinct was to say,Yeah, but they would overrule
themselves.
So their first response was,this isn't, this isn't.
Ah, okay.
You know, and I think that's thething that people, again, in
terms of the training and thepenetration testing, a lot of
times we tell people, thinkabout it.
And once you think about it,usually your first instinct that
(20:41):
something's wrong here,something's fishy, there's a red
flag, it's right.
Your instinct is right.
Yeah,
Isar Meitis (20:48):
A good friend of mine used to work.
He, he's an IT guy again, nowhe's in IT security, but back
then he was just an IT guy whowas working for a, a, internet
supplier in Israel.
Mm-hmm.
And, but his background is likespecial security forces in
Israel.
The people guard the presidentand so on.
So he is very, very aware ofstuff that doesn't add up.
(21:08):
Right.
And he was walking down thecorridor and he is seeing a guy
with like, dressed up in like aworking uniform.
Carrying a ladder and sometools.
And he is like, who are you?
He's like, well, I'm here to fixthis, this and that.
I came here from this and thatcontractor said, do you have any
paperwork?
And the guy pulls out paperworkand shows him.
He's like, come with me.
Puts him in a room, locks thedoor and say, wait here.
(21:30):
Yeah.
And concentrate.
And he is like, why?
And he was penetration testingdone for them by somebody that
they hired.
Wow.
And he's like, how did you know?
He said, because you have brandnew shoes.
Your ladder doesn't have anystains on it or any dings on it.
Yeah.
You're not a service person.
You've never done this in yourlife because otherwise you would
look like you're doing service.
So, but you need this kind ofmindset, which 99.9% of us don't
(21:53):
have.
Like somebody walking with aladder down the corridor with a
bunch of tools just make sense.
That's right.
If it's a big corporate, likepeople are fixing stuff all the
time.
Right.
So you're saying be suspiciousto stuff that don't add up.
What other red flags out therethat people need to be aware?
Robert Kerbeck (22:09):
Well, I mean, that's such a great, you know,
incident that you just,described and how on it, this
guy was to, to pick up on that,to pick up on those clues.
And so what I tell people now isthat the clues can be difficult
to pick up on because I, youknow, look, I was a very good
corporate spy.
By the end of it, I was makingmillions of dollars a year.
Turning down major corporationscuz there was so much demand for
(22:31):
my work, I could only do so muchspying, you know?
Yeah.
So, what I tell people now is,you know, there was this very
famous expression, I think withReagan in the Russians during
the Cold War, which was, youknow, in the nuclear
disarmament, Trust but verify.
Right?
Trust.
But verify was like a big thingabout, you know, okay, well we
trust you Soviets, but wait, weneed to verify that you, this is
(22:52):
the truth in it.
I say, forget the trust, I say,you gotta verify.
You gotta verify.
And so when you get the strange,sir, and by the way, the social
engineering phone call,everybody thinks phone calls are
dead.
I'm here to tell you again, 45minutes right now.
I have tricks that I use to getpeople to pick up the phone.
(23:12):
People pick up the phone and ina weird so do way, the phone is
e is even better than everbecause people are just not
expecting it anymore.
They don't get that many workcalls.
They're, you know, you know,and, and work calls are
scheduled.
They know somebody.
So to get some strange callthat's an emergency.
people respond to it.
They're like, oh, wow.
This must, this, this has gottabe legit.
(23:33):
This has gotta be serious.
Sure.
How can I help you?
What do you need?
Yeah.
so I tell people all the time,you have to verify, forget about
trusting, forget about believingit.
Is that the email's correctthat, that you gotta go right
away.
I need to be sure I need, thisneeds to be proven.
and if it's a phone call, you'rejust gonna say, look, if you are
who you say you are, you'regonna send me an email now on
(23:54):
the company's, you know, fromthe company's, email system, and
you're gonna tell me exactlywhat you're doing.
You're gonna CC your superior onit, and you're gonna, you know,
have to put all this informationin there.
You know, and of course you'renot gonna get that email because
the person is trying to, youknow, our job was to get the
information right away becauseif we don't get it right away,
(24:14):
you, if you're suspicious andyou kind of bust us, that's what
we would call somebody thatwould go, yeah.
Hmm.
Now you're gonna spread the wordthroughout your company.
Hey, somebody's calling seekingthis information.
They're trying to penetrate us.
Right.
You know, and we don't wantthat.
So we, you know, we have to bevery careful or spies have to be
very careful.
And so they're very subtle withthat.
(24:35):
And that usually, you know, inthat situation, if somebody says
to me, you know, I, I need anemail, I need an, you know, you
need to, and I'd say, Noproblem.
I will send you an email.
I will cc my boss.
I will have every single thingon there.
You'll be absolute all.
Okay.
Okay, good.
Well, I, I just wanna be sure.
Yeah, no, no, no.
Trust me, I will have that emailto you within an hour.
It'll have every single thing init.
(24:55):
Okay?
Okay.
I, I'm sorry to doubt you.
I'm sorry to doubt you, but Ijust have to be sure.
No, you did the right thing.
You did the right thing.
and by the way, I got a coupleother things I gotta do.
First it might.
You know, maybe a little bitmore now, but definitely by the
end of the day I'll have theemail to you by the end of the
day.
Worst case scenario, first thingtomorrow.
Okay?
Okay.
No, that's fine.
Well, what have I done?
I've put this person to sleep.
(25:16):
Because now they're expecting anemail, which at first I said
would come within an hour, butit's not gonna come within an
hour.
Now I said, end of the day, it'snot gonna come within.
Now I said, first thingtomorrow.
It's not gonna be their firstthing tomorrow.
But now they're not tellinganybody else at the company
about this strange encounterbecause they're expecting it's
going to be verified and it'sgonna be proven.
(25:37):
And what does that do?
It gives me time to findsomeone.
To give me the information Iwant.
And that's another thing thatspies do is they're very good
at, when somebody is resistant,they, they read that person very
well.
They don't push it too far.
They calm that person down sothat that person's not gonna
give'em the information, butthey don't want that person
(25:59):
spreading the word throughoutthe firm.
Isar Meitis (26:01):
Yeah, yeah, yeah.
You don't want anybody puttingthe alarm
Robert Kerbeck (26:04):
handle on That's right.
On the wall.
That's right.
Yeah, exactly.
Yeah, exactly.
And that person's hand was onthe.
Yeah, yeah, yeah.
You got them to release it andgo.
Okay.
And now you're still good.
You're still good.
The, the, you know, the, thebank robbery is still o you
know, you're still, the, theplan is still on.
Yeah.
Isar Meitis (26:22):
Yeah.
Interesting.
I, I wanna ask a very technicalquestion, which I think I know
the answer.
I assume in the beginning, thatphone call or that email or
whatever, if you can, comesfrom.
Or looks like it's coming fromwithin the organization itself.
Right.
So by definition, you'reprobably gonna spoof a number or
an email, or correct.
Whatever, if you can correct.
To make that work, to make itlook more legit.
(26:43):
Is that a reasonable state?
correct assumption?
Robert Kerbeck (26:45):
Yeah.
Correct.
Yeah, yeah, yeah.
So in the beginning, what welearned was that when you would
call a company, and somecompanies still have this, which
is kind of embarrassing, if youwould call a company, You call
one of their numbers and youwould ask that person to
transfer you to a differentinternal number.
Your number would now show up asthe previous number.
(27:06):
So you would call the firstnumber and you would pretend you
got the wrong number.
You'd go, oh my gosh, I calledyour switchboard.
They switched me to your numberby mistake.
I don't know why.
I guess they're new.
I really wanted.
You know, this person over here,their number is this, and they,
when, then they go, oh, noproblem.
I'll just transfer you.
Oh, thanks so much.
And now your number is showingup as internal.
(27:27):
Right?
Of course.
Now we use call spoofing to dothe same thing, right?
So we can ha you can call spoof,you can get a, a different
number to show up.
And of course, all yourlisteners right now, we've all
been called spoofed.
We all get a number that showsup on our phone that looks
familiar.
Sometimes it'll have the sameprefix that we have.
Right?
Yeah.
Sometimes it'll actually be anumber that's in our phone
(27:49):
because they've seen that we'vecalled that number cuz they're
tracking us.
And so all of a sudden nowyou're, you're, wow.
You're answering that.
And then it's some sort of scamcon fishing thing, whatever
ruse.
Yep.
Isar Meitis (28:04):
Fascinating.
So now we know all these thingsthat are red flags.
What should an organization doin order to A) get people better
trained, and B) what's theprocess like?
What do you recommend now inyour current job as, like you
said, playing defense?
What are best practices to havewithin an organization, large or
(28:26):
small, that allows you to, Iwouldn't say avoid because you
probably cannot avoid, butreduce the chances of
Robert Kerbeck (28:33):
being hacked.
Oh, yeah.
And you can reduce the chancessignificantly.
I mean, significantly.
Look, if I can call your companyand now on one try get the
information.
I mean, that's just reridiculous.
But if I have to call yourcompany and I get, you know what
we call busted, rejected, andthis person busts me and that
person busted me, and thatperson busted me, and that
(28:54):
person busted me.
And then finally I get somebodythat gives me some information.
But then this person, bu youknow, that's what you want, is
you want nine times out of 10,19 times out of 20, 49 times out
of 50 whatever.
The person is getting shut down,right?
and there are companies that,that have those high
percentages.
Apple is a great example.
Apple's one of the most secret,you know, secret firms in the
(29:14):
world.
You know, Steve Jobs from thebeginning, he put the fear of
God in his employees because hetold them, don't ever talk about
anything you do to your partner,to your kids.
Don't, don't talk about thatyou're designing the new iPad.
Don't talk, don't talk aboutanything because if you do,
Forget about just being fired.
Yeah, you're gonna be fired, butwe're gonna sue you.
(29:36):
We're gonna prosecute you.
And obviously people were like,"whoa." And he was serious.
And of course at Apple, peopledon't.
They don't release thosesecrets.
They don't fall victim to this.
But I'm telling you, that is theexception to the rule.
so I think companies, first ofall, one thing is that this type
of training can be a lot of fun.
You know, a lot of training iskind of boring, but you put me
(29:57):
in a conference room, you know,with a hundred employees and we
go through some of these rusescenarios where I bring people
up and we role play and we, andit's hilarious.
And, and people actually arefalling out of their chairs
laughing at some of theshenanigans that I talk about
people doing what, what I usedto do.
So it's a lot of fun, right?
And when you can make trainingfun for people, they remember
(30:18):
it, right?
Sure.
First of all, they have a goodtime and then they remember it
much more than they're likefalling asleep after the first
15 minutes and it's a two hourpresentation.
They don't remember anything cuzthey were bored out of their
mind.
They were on their phone.
So, so, how many
Isar Meitis (30:32):
times, just a, a practical questions.
How many times do you dopenetration testing and then use
those examples to show in thetraining?
itself
Robert Kerbeck (30:40):
Well, we do that often and, and you know what I,
what I do with companies thatwanna hire me is I say, look,
you know, I'm gonna penetrateyour firm.
I'm gonna show you howrelatively easy I can do it.
But the only thing I ask is thatthe people that I take advantage
of and I get information of,they cannot suffer any
consequences.
You can't penalize them.
You can't, you know, like that'sthe only thing I say, you know,
because, You know, I mean,obviously, you know, a lot of
(31:04):
the reviews of my book Ruse callme the World's Greatest
Corporate spy.
And you know, I think that wastrue because like I said, I was
making millions of dollars ayear spying for the biggest
companies in the world.
And you know, your audienceknows, you know, we all know the
Russian spy and the Chinese, theChinese spy on us, you know, the
spy balloon recently.
But again, most people are.
shocked To find out thatcorporations are spending
(31:26):
hundreds of millions of dollarsa year to spy on each other, and
so I just don't think it's fairthat some young person that I'm
able to get information fromsuffers some sort of
consequence.
So that's the only thing I tellcorporations is I'm gonna get
information from people, butthey cannot be punished as a
result.
Isar Meitis (31:45):
Interesting.
Okay, so what are, so now you'regoing into this training, what
are the main recommendations toa corporation from a best
practices that you recommend?
Again, I'm sure there's tailoredstuff per organization depending
on what you find, but I'm surethere's also the, here's a
checklist that of things youshould probably put in
Robert Kerbeck (32:02):
place.
Well, one of the first things isyou have to have a designated
person in the firm who's likethe social engineer.
you know, so that anytimethere's the social engineering
phone call, text, or email, oryou know, or from WhatsApp or
from whatever, wh where it'swherever the these things are
coming from, that there's someplace.
It could be one person, it couldbe a team of people that is
(32:24):
receiving these and loggingthese and responding to these.
Cause they can be critical andthey can cost your firm, you
know, insane amounts of money.
You know, I I, I was recentlyworking with a, a hospital that
had six facilities and they gotshut down.
They were, their computers werefrozen locked six.
(32:46):
Hospitals couldn't book anappointment, couldn't schedule a
cert.
I mean, it was insane.
Think about it.
That's hospital.
Yeah.
Because why?
Because one person, a youngperson clicked on something and
that opened the Pandora's box toall of these things that
happened.
Right?
So, I think that, there's gottabe firms designating small team
(33:09):
of people.
An individual depend, you know,again, depending on how mu, how
big the firm is, but you know,one to three people that these
are the people that areresponding to these, and
addressing these because, youknow, usually if there's one
attempted breach, you know, andif it, and, and if, and if,
let's say, you know, I seesomething suspicious, I forward
it to you.
You're the contact person.
(33:29):
Well, I'm not the only persongetting that.
Now.
I didn't click on it.
I came to you and I said, Hey,check this out.
I'm, I'm, yeah, you were right.
Good thing you didn't doanything.
Great job.
Woo.
But now it's going to otherpeople too.
So if you don't get this note,and if you don't send out a
company email warning, this iswhat's going on.
This is the phishing attempt.
They're trying to breach oursystem, blah, blah, blah.
(33:50):
Please do not da da da.
Please inform me of any, youknow, further incursions, you
know?
Right.
But, but if you don't have thatat your firm and I haven't sent
something to you, and now you'renot recognizing and sending it
out to everyone.
I'm just like, well, I didn'tclick on Woo.
Well, I'm okay, but then theperson next to me or, or you
know, home office, somebody attheir home, they did.
(34:11):
And so I think that's really, Iwould say the most important.
The two things are you have totrain your people.
That, that there are people outthere literally doing this kind
of stuff on a daily basis, andthere has to be somebody
internally whose job it is toreally attempt to mitigate the
da, the, the, the success ofthese attempts.
And then obviously the damagefrom these attempts.
Isar Meitis (34:32):
I think what's really interesting about this,
again, from a pure psychologicalperspective, it also gives a.
Pressure relief valve to thepeople themselves.
Mm-hmm.
Because now instead of likedealing it with your, you said
in the beginning, tell somebody,now you have a designated
somebody, there's somebody whogets paid to review stuff that
you're not sure of.
Right.
And I think from a companybehavior perspective, like an
(34:55):
employee behavior perspective,it's the easiest thing.
Oh, right.
I know I need to send this toSusan.
Right.
Every time something like thishappens.
That's right.
So first of all, you're a littlemore aware, but then it's like I
don't have to decide if it'sgood or bad.
I can just send it to Susan.
Now it's somebody else's problemand, and I can go on with my
day.
So I think it achieves that aswell.
The, the psychological aspectof, of helping people.
(35:17):
Do the right thing just byrelieving the responsibility
from them and putting
Robert Kerbeck (35:21):
it on somebody else.
Right.
And you know, one of the things,one of the challenges is the
people that work in thetechnology.
side of a corporation, thetechnology part of a
corporation.
And this is a bit of ageneralization, so I hope the
tech people out there won't getmad at me.
But, you know, tech people oftenare more introverted than
extroverted.
Yeah.
You know, they're more obviouslytechnology oriented, so the
(35:41):
human part of it is sometimes isa little foreign to them, and
they don't understand that ifthey're.
Kind of, you know, protectingboth sides of that equation.
You know, they're basically,they're, they're blocking the
front door but leaving the backdoor wide open.
Right?
Yeah.
And in this analogy you justused, where Susan's now, the
contact person, one of thethings that's great about having
(36:03):
this delineated contact personis I can help them and give them
a lot more information because,you know, in a training session
I can give so much information,but it's me.
Two hours, 200 people.
But that, that person I canreally spend a lot of time with,
send examples with role playwith, so that they really get
trained on what to look for andhow to deal with stuff.
(36:26):
and that, that, that's kind ofcool because then they become
your internal rosing expert,right?
Yeah.
So that you don't need me asmuch anymore cuz this person
really knows a lot of stuffabout the things that are going
on.
Isar Meitis (36:39):
Makes perfect sense.
I definitely great advice.
What else can a organization,corporation, company do other
than designating a person anddoing training or these are the
two main things?
Robert Kerbeck (36:51):
Well, the, I think look, really the main
thing is to recognize that thehuman being will always be the
weakest link in your security,in your cybersecurity.
And most firms don't recognizethat.
Or if they do recognize it,they're paying lip service to
the idea and they're going, ohyeah, yeah, we know that.
(37:12):
Spend more money on thatfirewall.
Spend more money on thatencryption, you know?
And they're not spending anymoney or, or hardly any money on
train, you know?
They're like, oh, well we sentout an email and we told people.
You send out an email, you knowhow many emails people get every
day?
Yeah.
You know, they're not readingthe email.
They're not taking the emailseriously.
They're busy.
You know, it's like, whereas ifyou're actually training people
(37:34):
and you show on a stage anexample of what can happen, the
interaction that can happen, youknow, and, and, and how
catastrophic it can be, theneverybody in the audience is
like, whoa.
You know, and that's, andthat's, that's what corporations
need to do, is they need to notjust pay lip service to, the
proverbial weakest link incybersecurity, the human being.
(37:57):
Robert, this was
Isar Meitis (37:59):
first of all, really eye-opening second,
really scary.
Mm-hmm.
But really cool too, if you'renot on the wrong side of, of
that occasion.
Right.
If people wanna know more, ifpeople wanna follow you, read
your book, work with you, what'sthe best way to to do these
things?
Robert Kerbeck (38:16):
Oh, well, thank you.
I always tell people thesimplest thing is just go to my
website.
it's just my name, Robertkerbeck.com.
K e r b e c k.
you can friend me there on anysocial media.
You can, buy, you know, ruse,you can buy the audiobook for
Ruse.
You can see the trailer, for theTV series that's in development
for Ruse.
Ooh, nice.
yeah, so, so, you know, it'sjust, it's the, the website is
(38:38):
really fun.
I'm really proud of my.
Awesome.
Isar Meitis (38:42):
Perfect.
Robert, this was great.
very different form all my otherepisodes, but really fascinating
stuff.
I appreciate you spending thetime and sharing with me and my
audience
Robert Kerbeck (38:52):
what we want to accelerate, the businesses of
your listeners.
And one way to do that is to nothave the wheels fall off with
some spies getting informationon you.
Isar Meitis (39:03):
Awesome.
Thank you.
Thank you.
Hello and welcome to the Business Growth
Accelerator.
This is Isar Meitis, your host,and I have a special topic for
you today, one that I've neveractually touched in 175 episodes
of this podcast.
And the topic is gonna be aboutbusiness intelligence or
business espionage and it's areal thing.
And I know a lot of people,myself included, running
(00:21):
multiple businesses, totallyignore that topic because in
your head,"well, I'm too small,I'm too different.
Why would anybody spend the timeto spy on me, et cetera." But
the reality is just think aboutwhat you could do in your
business or what yourcompetition can do to your
business if they had access to,let's say, your pricing, or when
(00:44):
each of your contracts end withthe people that they support as
well, or which one of yourclients are experiencing
difficulties with your productsor services, or if they knew the
compensation package of your toptalent, or if they have access
to your sales presentations.
or your marketing budget and howyou invest it, and so on and so
forth.
Obviously, if you know thatabout your competition, it's a
(01:07):
huge tool if they know it aboutyou.
You have a problem.
So like I said, most businessleaders, myself included,
totally ignore that because it'snot a comfortable thing to talk
about.
It's one of those things you'drather, you know, push under the
carpet and never look at it.
But the reality is it's real andit's out there and companies are
doing it to their competitionall the time.
(01:29):
And hence, I'm really excited tohave Robert Quebec as our guest
today.
Robert has been doing this,meaning helping companies.
Avoiding issues of being spiedon for over a quarter of a
century.
So he knows One of two thingsabout this topic is also the
author of the book Ruse thattalks about business
(01:50):
intelligence and how to be moreaware of it and how to avoid it.
And again, since this is a topicthat is critical, that could
cripple a business or help itexcel, I'm really excited to
have him as a guest today.
So Robert, welcome to theBusiness Growth Accelerator.
Robert Kerbeck (03:06):
wow.
Well, thank you.
What a great introduction.
Isar.
Isar Meitis (03:09):
Thank you.
Robert.
I assume you didn't go tocollege to be a business
espionage expert because I don'tthink they teach that in
college.
So, take me back to when in yourcareer or what event in your
career was the aha moment or theaha process?
Sometimes it's just one thingthat kinda like had the light
bulb going above your head andsaying, this is a big deal and
(03:31):
somebody should do somethingabout it.
Robert Kerbeck (03:33):
Yeah.
So, you know, I, my hometown isPhiladelphia.
my Eagles just lost a, a toughgame in the Super Bowl,
unfortunately.
But it they had a great season.
And my great-grandfather soldhorse carriages in Philadelphia
before cars were invented.
And when cars were invented, heswitched over, became one of the
first car dealers inPhiladelphia.
My grandfather took over thatbusiness.
(03:54):
My father took over thatbusiness, and I was supposed to
take over that business.
But when I was in college, Ikind of fell in love with
acting.
I wanted to try to move to NewYork to be an actor.
I didn't know anybody that haddone that.
It seemed insane.
So when I graduated, I workedfor my dad.
but something about car salesjust didn't feel right.
Kind of the trickery, you know,of sales, dishonesty of car
sales.
(04:14):
So I finally got the courage.
I moved to New York, and ofcourse actors need survival jobs
and who stumbles into a careeras a corporate spy.
But that's what happened to me.
Isar Meitis (04:26):
so.
Pure luck, basically.
Robert Kerbeck (04:29):
Happenstance.
Just crazy.
You know, the, the, you know,the luck of the universe or the
bad luck of the universe to, youknow, I don't think of it as bad
luck.
I mean, look, I would notrecommend my career as a
corporate spy to anyone, thoughclearly it's a hell of a good
story.
And, and people have been veryinterested in the story and in
my book.
You know, you gave a greatintroduction because all, every
single thing that you said aboutwhat spies do, what spies are
(04:51):
after, that's what we did.
Everything that you said, that'swhat we are after.
You know, people would say,well, what kind of information
are spies gathering?
And I basically say, we werehired to get the playbook on our
competitor to use a footballanalogy.
So our clients would come to usand our clients were.
The largest companies in theworld, the largest publicly
(05:11):
traded companies in the world,and small private companies.
And they would always come to uswith a laundry list of things
they wanted to know about theirrivals, which was usually
anything and everything from Ato Z.
And it was our job to go out andget that information.
And I'm here to tell you, as aspy, I got that information from
my clients.
99.999999% of the time..
(05:35):
Wow.
And you wanna talk about, youknow, the name of your podcast,
which I love.
You wanna talk about a way toaccelerate your business?
How about learning everythingabout your competitor?
Everything about how they setup, how their products work, how
their products are priced, whothe top talent is, what they
have in the pipeline.
Are they expanding?
Are they contraction?
Revenue's up, revenue, stats,you know, contracts, clients,
(05:58):
everything.
Think about how quickly youcould accelerate your business.
And by the way, that's what wewere hired to do.
You know, we would be hired bysomeone that in their market was
number 7, number 9, number 15,number 6, because they wanted to
be number 1 or number 2.
Yeah, and that's why they wouldhire us, and then we would go
after the top two or three firmsin their industry.
(06:20):
We would study the top two orthree firms in their industry,
and then we would furnish themthese reports that had all of
this intelligence to help themmove up.
Isar Meitis (06:30):
Wow.
first of all, it's really a)eyes opening and b) disturbing,
so depending on, on, on how youwanna address this topic, I
guess.
But let's talk about thepractice itself.
First of all, I assume the factyou were an actor or an aspiring
actor probably helped you.
But let's really talk about you.
(06:51):
The, the information could beanything but the methods, I
assume there's a list of methodson how companies approach other
companies in order to get in.
Can you give us the top fiveways that companies, that, spies
use in order to have access tocompany information?
You mean how we would get theinformation?
(07:12):
Yeah, yeah, yeah.
So I, I assume it's a mix oftechnology and human
engineering,
Robert Kerbeck (07:17):
correct?
Yeah, correct.
You know, I like to say that Ihack people, not systems.
Okay.
and you know, at the end of theday, you know, we live in an era
now where, cyber crime is a, youknow, nearly a trillion dollar
industry.
cybersecurity is of the utmostimportance.
we're seeing the proliferationof ransomware attacks, which by
the way, are only going to getworse.
I read an article the other daythat said 80% of ransomware
(07:40):
attacks, no one is caught.
No money is recovered.
So why would anybody stop doingransomware if you have a four
out of five chance of completelygetting away with the crime.
Yeah, yeah, yeah.
Right.
So, when we started out, sowe're talking early 90s the
woman who had this small spyfirm only hired actors, right?
(08:01):
Because we could obviously, doaccents, we could do voices, we
could create personas, we couldcreate stories.
And obviously we were goodstorytellers and so we would
convince people, to tell usthings that they should never
tell us.
And in the beginning we would goin person, we would go to
conferences, we would go toevents, we'd go to bars.
But what we quickly learned wasthat we were able to gain much
(08:25):
more information using theanonymity of the phone call.
To get people over the phone tobelieve we were some executive,
cuz we could imitate executive'svoices.
You know, all I had to do wascall and listen to an
executive's voicemail.
Hey, this is Rick Jones incompliance.
I'm not here.
Leave a message and I could go,oh, I can imitate his voice.
(08:45):
And then we would all of asudden be calling someone as
Rick Jones and people on theother end of the line would be
like, oh my God, I got the headof compliance.
Oh, oh yes, Mr.
Jones.
Oh my gosh.
Well, how can I help you?
Because people in corporateAmerica, corporate around the
world, are taught what?
They're taught to be a goodteammate.
They're taught to help outpeople.
And firms now, small and largehave offices all over the place.
(09:07):
Even a small firm will have twoor three offices in two or three
different locations.
They'll have an office in Israeland they'll have an office in
Hong Kong and they'll have anoffice in the us, even a small
company.
And so you can be somebody froma different office.
And people will know thatperson, but they probably don't
talk to that person that often.
Maybe they've spoken to themonce, you know, whatever.
(09:27):
And, and by the way, we wouldkind of do research to
understand what were the odds ofthese people knowing each other?
Well, And, and again, that was abig thing about being a good
corporate spy, is you would do alot of research in advance
before you made any of these,what I call rusing phone calls,
you know, hence the title of mybook.
and so in terms of like the topfive techniques is a little
(09:48):
tricky to say because every callwas bespoke.
In other words, Custom.
Whatever ploy we were gonna, youknow, and in the book I detail
the compliance ploy, the insideploy, the dropping the
grapefruit ploy.
And I won't spoil it for anypotential readers or, or
listeners.
cuz my book is on audible ifpeople like to listen to books.
(10:09):
So I don't wanna spoil it foranybody.
But yeah, all of the ploys weused are delineated.
So you can see them in actionand then of course, I hope
learn.
Wow.
I need to let my people know notto do that, or, you know, I let,
I need to let my mother know notto do that because, you know,
their corporations are beingfished and scammed and
individuals are being fished andscammed.
Right.
For sure.
(10:29):
and so we all need to do abetter job of recognizing these
things, in advance becausecorporate America and, and
again, global, global corporate,you know, companies are spending
insane amounts of money toprotect their systems, their
servers, the firewall, theencryption, the blah blah, blah,
blah, blah, and a minusculefraction of that on training
(10:50):
their people and educating theirpeople not to get hacked.
And if I can hack your people, Idon't need to hack your systems.
I can have your people do it forme.
Awesome.
So, so let's talk about this.
Really, let's talk.
What training like this shouldlook like?
What should, yeah, let's say,let's start with the employees
(11:13):
first.
Like, if I'm an employee of acompany, what are red flags that
I should know Is a red flag whensomebody's calling me or
somebody sent me an email ordoesn't matter.
Today we have right, 50different means of
communication, no WhatsAppmessages.
right.
slack channel doesn't matter.
Right?
But whatever, whatever the casemay be, somebody's in
communication with me.
(11:33):
Saying there's somebody else,which again, happens to me every
single day.
Multiple times.
Yeah.
Because I communicate with a lotof people from within the
organization, from outside theorganization, suppliers,
clients, potential, whatever.
What are red flags I should bereally aware of that would say,
huh?
This.
Doesn't add up, and I shouldprobably raise a hand stop what
(11:55):
I was about to do and asksomebody.
Right.
Well, before I answer thatquestion, the first thing I
wanna say is that corporationsneed to do penetration testing.
They do it all the time withtheir technology, but they don't
do it with the human being.
So they need to hire someonelike me.
And they don't have to hire me,but there are other people out
there that do this kind ofpenetration testing, for the
social engineering, the humancomponent.
(12:17):
And they need to basically, inreal time, see how bad their
problems are.
I'm telling you, 45 minutes Ican learn anything I want to
know about your company.
45 minutes.
Right.
So if you're cool with that,well then, you know, you can,
you can click off this, you canclick off right now, right?
But if you're like, oh my God,then you need to, get this kind
(12:37):
of penetration testing becauseeven if I give you the tips,
which I'm gonna give you now,your employees are turning over,
right?
So, so, so the people that youtrain today, you know, the, the
25 people you train today, the250 people, the 250,000 people,
whatever, they're constantlychanging.
So if you're not keeping theeducation up.
First of all, people are gonnabe inexperienced.
(12:59):
And by the way, I'm looking forthe inexperienced people.
I'm going on LinkedIn lookingfor the new hires, cuz those are
the people I'm gonna use to helpme hack, right?
So a couple of techniques.
Number one, it's always anemergency.
It's always an emergency, right?
We all get the phishing emails,the phishing texts, and the
phishing phone calls, andthere's always something you
(13:22):
need to do right now.
Plea, you gotta click on this.
You've been hacked, your creditcard information has been
stolen, your bank accounts arein jeopardy.
You know, same thing on thecorporate end, right?
There's been a, there's been a,an attack of spyware, and so you
gotta click on this to make sureyou're safe or.
whatever it Is so I I havepeople, you know, remember when
we were kids, we had the 5second rule, you know, that if,
if your gum fell on the groundor your chocolate candy fell on
(13:44):
the ground?
Yeah.
You know, your mom could pick itup and put it in your mouth.
5 seconds.
It was okay.
Well, I, I said, okay, look,we're older now.
I think we can handle a littlebit longer than 5 seconds.
I have a 30 second rule, whichis when you get the crazy email,
crazy text, crazy phone call,you don't do anything for 30
seconds.
Don't do anything for 30seconds.
Think about it.
Put the device down, close thelaptop, walk away.
(14:06):
Think about it.
Then go back after 30 seconds.
And now I guarantee you, whenyou go back, you're gonna look
at that same thing that you werepanicking you were about to
click on.
Oh my god, I've been hacked.
Oh my God, the company's beenhacked.
And you're gonna think about itand now you're gonna look at it
and you're gonna go, oh, well,oh wait.
And you're gonna see how itdoesn't make sense.
So that's something I think isreally big, is to be aware that
(14:28):
it's always gonna be anemergency, and to use that 30
second rule.
I love
Isar Meitis (14:32):
that.
You know, I, I was a, a, afighter pilot instructor in the
Israeli Air Force Academy.
Mm.
So we, we were flying with youngcadets who had just started
flying and you teach them how tohandle different emergencies.
You do it in the same and thenyou do it in the actual
airplane, whatever you can.
Right.
Not everything, but what wealways told them, the young
cadets, is when you have anemergency, there's one thing
(14:54):
you're allowed to do, which isto click.
There's like, It's all theairplanes.
I'm gonna date myself, but it'slike a analog stopwatch that's
mounted on the top of your hoodand you, you could click it and
it would run like the needlewould go.
And I said, the only thingyou're allowed to do in the
first 30 seconds is to click thething.
Hmm.
And think for 30 seconds becausenothing you're gonna do is gonna
(15:19):
make such an amazing differencein the first 30 seconds unless
you lost an engine.
That's a, a big difference, butthat's very, very rare.
Any other.
Malfunction you're gonna have inthe airplane your chances of
doing something wrong becauseyou're panicking as a young
cadet and making the situationworse are higher.
Yeah.
Than doing the wrong thing inthe first 30 seconds.
So it's the same exact rule.
Yeah.
But they literally like click onthe button and 30 seconds think
(15:44):
about the malfunction you justhave.
Yeah.
And that gives you like thatchance to take a deep breath.
okay, what am I actually facingright now?
Versus pulling a handle orpushing a button or something.
Robert Kerbeck (15:57):
whoops.
Reversible.
Isar Meitis (15:59):
Right?
That's right.
That's not something like, oh, Ishouldn't have done that.
So, that's right.
Same exact kind of thing.
I think it's a phenomenalguidance.
So you're saying from anawareness perspective, be aware
that it's gonna be an emergencyfrom a do something perspective
is take a deep breath, walkaway, don't do anything.
Come back after you had time todigest.
(16:21):
Yeah.
Robert Kerbeck (16:21):
Or show it to somebody before you do anything.
Show it to your supervisor.
Show it to your head of it.
You know, you know, go, go toyou know somebody else and say,
Hey, because again, another pairof eyes on it.
All of a sudden now everybody'slooking.
Everybody's thinking, now you'rethinking.
So you're not going to make thatmistake where you click on
something and in this era, oneclick can be enough that the
(16:45):
damage is done.
Right.
which is pretty, you know,pretty intense, but
unfortunately it's true.
One click and you can cause atremendous amount of damage to
your firm.
Isar Meitis (16:56):
So what's the second thing?
First thing is emergency and.
Take time to think about it.
What's the
Robert Kerbeck (17:00):
other thing?
Well, there are a lot of otherthings.
Another thing is that these,these Phish attempts, these
Rosing attempts, these socialengineering attempts are trying
to create some sort of rapportand friendship.
Right?
Okay.
So I'm gonna make you my buddy.
You're my buddy, right?
So, you know, if I'm calling youon the phone, if I'm sending you
an email, you know, Hey, it'sso-and-so.
(17:23):
I run this team.
Oh, I've heard about you.
You do this thing.
Oh God, I'm, you know, I can'tbelieve we've never met, or I
can't believe we haven'tcorresponded whatever.
I'm, you know, but I'm utilizingthis thing, this kind of
friendship thing that, you know,I'm kind of like your best
friend, your new best friend,and, and I'm jammed up.
We're on the same team.
(17:44):
Help me out.
Help me out buddy.
And I'm gonna tell you that mosttimes in corporate America, you
know, people are all too willingto do that because again,
they're thinking we're, we'rewith the same firm.
Yeah, we are kind of buddies,you know, corporate buddies.
and that was something, youknow, especially when we would
use accents and we would be fromdifferent offices, you know, so,
(18:06):
This is Gerhard calling from theoffice in Frankfurt, Germany.
We have a European Unionregulators here, and we need
some information from thestates.
Oh, hey Gerhard.
What's up buddy?
Oh yeah, I've seen your name.
You're in Frankfurt, right?
Oh, Yaman Frankfurt.
Oh, this is called Here Ya, youknow, and oh.
Oh, hey.
Well, wow, so weird.
You're calling me for Frankfurt.
(18:27):
You need information.
Es Germany.
Oh, okay.
Well, what do you need?
Right.
They're, they're not thinking,wait a second, why the heck does
the guy in Germany needinformation on the US server
systems, financials, talentreport, compensate, whatever I'm
asking for.
(18:48):
And by the way, sometimes it'sall of those things, right?
I'm asking for all of thosethings.
Yeah.
But they're like, well, he's,he's a real guy.
He's really in Germany.
You know, I'm impersonating thatsomeone exists, and what are the
odds that somebody.
Put on a fake German accent.
Isar Meitis (19:05):
It's a, it's like, yeah.
And, and calling me on somethingI actually know, like,
Robert Kerbeck (19:08):
correct.
Yeah.
Yeah.
Correct.
And you know, one of the thingswe learned in our spying was
that the, the crazier the ploy,the more insane, the more
outlandish, the more believableit was.
Do you know how many times, doyou know how many times people
said nine to Gerhardt?
Never.
Isar Meitis (19:30):
So, okay.
So rule number two is whensomething sounds crazy, too good
to be true.
Too good to be true.
It's probably not true.
Yeah.
Even though what you tell me isit's the other way around
because people saying, what arethe chances that somebody would
make up this scenario?
Right?
Right.
So, but but you're saying thereality is if it's a scenario
(19:53):
that doesn't, doesn't makesense.
It doesn't.
Robert Kerbeck (19:55):
That's right.
That's right, exactly.
And your instincts.
You know, cuz so many times Iwould, you know, back in my
spying days, cuz obviously I,I'm retired and I've been
retired for a while now, and Iconsult, you know, I've gone
from offense, so to speak, tonow defense, right?
I help firms defend themselves.
so, you know, it, it, it, butpeople would always question and
they, and they would go, wait asecond.
Now why does a guy in Germanyneed, ah, okay, here it is.
(20:19):
So their instinct was to say,Yeah, but they would overrule
themselves.
So their first response was,this isn't, this isn't.
Ah, okay.
You know, and I think that's thething that people, again, in
terms of the training and thepenetration testing, a lot of
times we tell people, thinkabout it.
And once you think about it,usually your first instinct that
(20:41):
something's wrong here,something's fishy, there's a red
flag, it's right.
Your instinct is right.
Yeah,
Isar Meitis (20:48):
A good friend of mine used to work.
He, he's an IT guy again, nowhe's in IT security, but back
then he was just an IT guy whowas working for a, a, internet
supplier in Israel.
Mm-hmm.
And, but his background is likespecial security forces in
Israel.
The people guard the presidentand so on.
So he is very, very aware ofstuff that doesn't add up.
(21:08):
Right.
And he was walking down thecorridor and he is seeing a guy
with like, dressed up in like aworking uniform.
Carrying a ladder and sometools.
And he is like, who are you?
He's like, well, I'm here to fixthis, this and that.
I came here from this and thatcontractor said, do you have any
paperwork?
And the guy pulls out paperworkand shows him.
He's like, come with me.
Puts him in a room, locks thedoor and say, wait here.
(21:30):
Yeah.
And concentrate.
And he is like, why?
And he was penetration testingdone for them by somebody that
they hired.
Wow.
And he's like, how did you know?
He said, because you have brandnew shoes.
Your ladder doesn't have anystains on it or any dings on it.
Yeah.
You're not a service person.
You've never done this in yourlife because otherwise you would
look like you're doing service.
So, but you need this kind ofmindset, which 99.9% of us don't
(21:53):
have.
Like somebody walking with aladder down the corridor with a
bunch of tools just make sense.
That's right.
If it's a big corporate, likepeople are fixing stuff all the
time.
Right.
So you're saying be suspiciousto stuff that don't add up.
What other red flags out therethat people need to be aware?
Robert Kerbeck (22:09):
Well, I mean, that's such a great, you know,
incident that you just,described and how on it, this
guy was to, to pick up on that,to pick up on those clues.
And so what I tell people now isthat the clues can be difficult
to pick up on because I, youknow, look, I was a very good
corporate spy.
By the end of it, I was makingmillions of dollars a year.
Turning down major corporationscuz there was so much demand for
(22:31):
my work, I could only do so muchspying, you know?
Yeah.
So, what I tell people now is,you know, there was this very
famous expression, I think withReagan in the Russians during
the Cold War, which was, youknow, in the nuclear
disarmament, Trust but verify.
Right?
Trust.
But verify was like a big thingabout, you know, okay, well we
trust you Soviets, but wait, weneed to verify that you, this is
(22:52):
the truth in it.
I say, forget the trust, I say,you gotta verify.
You gotta verify.
And so when you get the strange,sir, and by the way, the social
engineering phone call,everybody thinks phone calls are
dead.
I'm here to tell you again, 45minutes right now.
I have tricks that I use to getpeople to pick up the phone.
(23:12):
People pick up the phone and ina weird so do way, the phone is
e is even better than everbecause people are just not
expecting it anymore.
They don't get that many workcalls.
They're, you know, you know,and, and work calls are
scheduled.
They know somebody.
So to get some strange callthat's an emergency.
people respond to it.
They're like, oh, wow.
This must, this, this has gottabe legit.
(23:33):
This has gotta be serious.
Sure.
How can I help you?
What do you need?
Yeah.
so I tell people all the time,you have to verify, forget about
trusting, forget about believingit.
Is that the email's correctthat, that you gotta go right
away.
I need to be sure I need, thisneeds to be proven.
and if it's a phone call, you'rejust gonna say, look, if you are
who you say you are, you'regonna send me an email now on
(23:54):
the company's, you know, fromthe company's, email system, and
you're gonna tell me exactlywhat you're doing.
You're gonna CC your superior onit, and you're gonna, you know,
have to put all this informationin there.
You know, and of course you'renot gonna get that email because
the person is trying to, youknow, our job was to get the
information right away becauseif we don't get it right away,
(24:14):
you, if you're suspicious andyou kind of bust us, that's what
we would call somebody thatwould go, yeah.
Hmm.
Now you're gonna spread the wordthroughout your company.
Hey, somebody's calling seekingthis information.
They're trying to penetrate us.
Right.
You know, and we don't wantthat.
So we, you know, we have to bevery careful or spies have to be
very careful.
And so they're very subtle withthat.
(24:35):
And that usually, you know, inthat situation, if somebody says
to me, you know, I, I need anemail, I need an, you know, you
need to, and I'd say, Noproblem.
I will send you an email.
I will cc my boss.
I will have every single thingon there.
You'll be absolute all.
Okay.
Okay, good.
Well, I, I just wanna be sure.
Yeah, no, no, no.
Trust me, I will have that emailto you within an hour.
It'll have every single thing init.
(24:55):
Okay?
Okay.
I, I'm sorry to doubt you.
I'm sorry to doubt you, but Ijust have to be sure.
No, you did the right thing.
You did the right thing.
and by the way, I got a coupleother things I gotta do.
First it might.
You know, maybe a little bitmore now, but definitely by the
end of the day I'll have theemail to you by the end of the
day.
Worst case scenario, first thingtomorrow.
Okay?
Okay.
No, that's fine.
Well, what have I done?
I've put this person to sleep.
(25:16):
Because now they're expecting anemail, which at first I said
would come within an hour, butit's not gonna come within an
hour.
Now I said, end of the day, it'snot gonna come within.
Now I said, first thingtomorrow.
It's not gonna be their firstthing tomorrow.
But now they're not tellinganybody else at the company
about this strange encounterbecause they're expecting it's
going to be verified and it'sgonna be proven.
(25:37):
And what does that do?
It gives me time to findsomeone.
To give me the information Iwant.
And that's another thing thatspies do is they're very good
at, when somebody is resistant,they, they read that person very
well.
They don't push it too far.
They calm that person down sothat that person's not gonna
give'em the information, butthey don't want that person
(25:59):
spreading the word throughoutthe firm.
Isar Meitis (26:01):
Yeah, yeah, yeah.
You don't want anybody puttingthe alarm
Robert Kerbeck (26:04):
handle on That's right.
On the wall.
That's right.
Yeah, exactly.
Yeah, exactly.
And that person's hand was onthe.
Yeah, yeah, yeah.
You got them to release it andgo.
Okay.
And now you're still good.
You're still good.
The, the, you know, the, thebank robbery is still o you
know, you're still, the, theplan is still on.
Yeah.
Isar Meitis (26:22):
Yeah.
Interesting.
I, I wanna ask a very technicalquestion, which I think I know
the answer.
I assume in the beginning, thatphone call or that email or
whatever, if you can, comesfrom.
Or looks like it's coming fromwithin the organization itself.
Right.
So by definition, you'reprobably gonna spoof a number or
an email, or correct.
Whatever, if you can correct.
To make that work, to make itlook more legit.
(26:43):
Is that a reasonable state?
correct assumption?
Robert Kerbeck (26:45):
Yeah.
Correct.
Yeah, yeah, yeah.
So in the beginning, what welearned was that when you would
call a company, and somecompanies still have this, which
is kind of embarrassing, if youwould call a company, You call
one of their numbers and youwould ask that person to
transfer you to a differentinternal number.
Your number would now show up asthe previous number.
(27:06):
So you would call the firstnumber and you would pretend you
got the wrong number.
You'd go, oh my gosh, I calledyour switchboard.
They switched me to your numberby mistake.
I don't know why.
I guess they're new.
I really wanted.
You know, this person over here,their number is this, and they,
when, then they go, oh, noproblem.
I'll just transfer you.
Oh, thanks so much.
And now your number is showingup as internal.
(27:27):
Right?
Of course.
Now we use call spoofing to dothe same thing, right?
So we can ha you can call spoof,you can get a, a different
number to show up.
And of course, all yourlisteners right now, we've all
been called spoofed.
We all get a number that showsup on our phone that looks
familiar.
Sometimes it'll have the sameprefix that we have.
Right?
Yeah.
Sometimes it'll actually be anumber that's in our phone
(27:49):
because they've seen that we'vecalled that number cuz they're
tracking us.
And so all of a sudden nowyou're, you're, wow.
You're answering that.
And then it's some sort of scamcon fishing thing, whatever
ruse.
Yep.
Isar Meitis (28:04):
Fascinating.
So now we know all these thingsthat are red flags.
What should an organization doin order to A) get people better
trained, and B) what's theprocess like?
What do you recommend now inyour current job as, like you
said, playing defense?
What are best practices to havewithin an organization, large or
(28:26):
small, that allows you to, Iwouldn't say avoid because you
probably cannot avoid, butreduce the chances of
Robert Kerbeck (28:33):
being hacked.
Oh, yeah.
And you can reduce the chancessignificantly.
I mean, significantly.
Look, if I can call your companyand now on one try get the
information.
I mean, that's just reridiculous.
But if I have to call yourcompany and I get, you know what
we call busted, rejected, andthis person busts me and that
person busted me, and thatperson busted me, and that
(28:54):
person busted me.
And then finally I get somebodythat gives me some information.
But then this person, bu youknow, that's what you want, is
you want nine times out of 10,19 times out of 20, 49 times out
of 50 whatever.
The person is getting shut down,right?
and there are companies that,that have those high
percentages.
Apple is a great example.
Apple's one of the most secret,you know, secret firms in the
(29:14):
world.
You know, Steve Jobs from thebeginning, he put the fear of
God in his employees because hetold them, don't ever talk about
anything you do to your partner,to your kids.
Don't, don't talk about thatyou're designing the new iPad.
Don't talk, don't talk aboutanything because if you do,
Forget about just being fired.
Yeah, you're gonna be fired, butwe're gonna sue you.
(29:36):
We're gonna prosecute you.
And obviously people were like,"whoa." And he was serious.
And of course at Apple, peopledon't.
They don't release thosesecrets.
They don't fall victim to this.
But I'm telling you, that is theexception to the rule.
so I think companies, first ofall, one thing is that this type
of training can be a lot of fun.
You know, a lot of training iskind of boring, but you put me
(29:57):
in a conference room, you know,with a hundred employees and we
go through some of these rusescenarios where I bring people
up and we role play and we, andit's hilarious.
And, and people actually arefalling out of their chairs
laughing at some of theshenanigans that I talk about
people doing what, what I usedto do.
So it's a lot of fun, right?
And when you can make trainingfun for people, they remember
(30:18):
it, right?
Sure.
First of all, they have a goodtime and then they remember it
much more than they're likefalling asleep after the first
15 minutes and it's a two hourpresentation.
They don't remember anything cuzthey were bored out of their
mind.
They were on their phone.
So, so, how many
Isar Meitis (30:32):
times, just a, a practical questions.
How many times do you dopenetration testing and then use
those examples to show in thetraining?
itself
Robert Kerbeck (30:40):
Well, we do that often and, and you know what I,
what I do with companies thatwanna hire me is I say, look,
you know, I'm gonna penetrateyour firm.
I'm gonna show you howrelatively easy I can do it.
But the only thing I ask is thatthe people that I take advantage
of and I get information of,they cannot suffer any
consequences.
You can't penalize them.
You can't, you know, like that'sthe only thing I say, you know,
because, You know, I mean,obviously, you know, a lot of
(31:04):
the reviews of my book Ruse callme the World's Greatest
Corporate spy.
And you know, I think that wastrue because like I said, I was
making millions of dollars ayear spying for the biggest
companies in the world.
And you know, your audienceknows, you know, we all know the
Russian spy and the Chinese, theChinese spy on us, you know, the
spy balloon recently.
But again, most people are.
shocked To find out thatcorporations are spending
(31:26):
hundreds of millions of dollarsa year to spy on each other, and
so I just don't think it's fairthat some young person that I'm
able to get information fromsuffers some sort of
consequence.
So that's the only thing I tellcorporations is I'm gonna get
information from people, butthey cannot be punished as a
result.
Isar Meitis (31:45):
Interesting.
Okay, so what are, so now you'regoing into this training, what
are the main recommendations toa corporation from a best
practices that you recommend?
Again, I'm sure there's tailoredstuff per organization depending
on what you find, but I'm surethere's also the, here's a
checklist that of things youshould probably put in
Robert Kerbeck (32:02):
place.
Well, one of the first things isyou have to have a designated
person in the firm who's likethe social engineer.
you know, so that anytimethere's the social engineering
phone call, text, or email, oryou know, or from WhatsApp or
from whatever, wh where it'swherever the these things are
coming from, that there's someplace.
It could be one person, it couldbe a team of people that is
(32:24):
receiving these and loggingthese and responding to these.
Cause they can be critical andthey can cost your firm, you
know, insane amounts of money.
You know, I I, I was recentlyworking with a, a hospital that
had six facilities and they gotshut down.
They were, their computers werefrozen locked six.
(32:46):
Hospitals couldn't book anappointment, couldn't schedule a
cert.
I mean, it was insane.
Think about it.
That's hospital.
Yeah.
Because why?
Because one person, a youngperson clicked on something and
that opened the Pandora's box toall of these things that
happened.
Right?
So, I think that, there's gottabe firms designating small team
(33:09):
of people.
An individual depend, you know,again, depending on how mu, how
big the firm is, but you know,one to three people that these
are the people that areresponding to these, and
addressing these because, youknow, usually if there's one
attempted breach, you know, andif it, and, and if, and if,
let's say, you know, I seesomething suspicious, I forward
it to you.
You're the contact person.
(33:29):
Well, I'm not the only persongetting that.
Now.
I didn't click on it.
I came to you and I said, Hey,check this out.
I'm, I'm, yeah, you were right.
Good thing you didn't doanything.
Great job.
Woo.
But now it's going to otherpeople too.
So if you don't get this note,and if you don't send out a
company email warning, this iswhat's going on.
This is the phishing attempt.
They're trying to breach oursystem, blah, blah, blah.
(33:50):
Please do not da da da.
Please inform me of any, youknow, further incursions, you
know?
Right.
But, but if you don't have thatat your firm and I haven't sent
something to you, and now you'renot recognizing and sending it
out to everyone.
I'm just like, well, I didn'tclick on Woo.
Well, I'm okay, but then theperson next to me or, or you
know, home office, somebody attheir home, they did.
(34:11):
And so I think that's really, Iwould say the most important.
The two things are you have totrain your people.
That, that there are people outthere literally doing this kind
of stuff on a daily basis, andthere has to be somebody
internally whose job it is toreally attempt to mitigate the
da, the, the, the success ofthese attempts.
And then obviously the damagefrom these attempts.
Isar Meitis (34:32):
I think what's really interesting about this,
again, from a pure psychologicalperspective, it also gives a.
Pressure relief valve to thepeople themselves.
Mm-hmm.
Because now instead of likedealing it with your, you said
in the beginning, tell somebody,now you have a designated
somebody, there's somebody whogets paid to review stuff that
you're not sure of.
Right.
And I think from a companybehavior perspective, like an
(34:55):
employee behavior perspective,it's the easiest thing.
Oh, right.
I know I need to send this toSusan.
Right.
Every time something like thishappens.
That's right.
So first of all, you're a littlemore aware, but then it's like I
don't have to decide if it'sgood or bad.
I can just send it to Susan.
Now it's somebody else's problemand, and I can go on with my
day.
So I think it achieves that aswell.
The, the psychological aspectof, of helping people.
(35:17):
Do the right thing just byrelieving the responsibility
from them and putting
Robert Kerbeck (35:21):
it on somebody else.
Right.
And you know, one of the things,one of the challenges is the
people that work in thetechnology.
side of a corporation, thetechnology part of a
corporation.
And this is a bit of ageneralization, so I hope the
tech people out there won't getmad at me.
But, you know, tech people oftenare more introverted than
extroverted.
Yeah.
You know, they're more obviouslytechnology oriented, so the
(35:41):
human part of it is sometimes isa little foreign to them, and
they don't understand that ifthey're.
Kind of, you know, protectingboth sides of that equation.
You know, they're basically,they're, they're blocking the
front door but leaving the backdoor wide open.
Right?
Yeah.
And in this analogy you justused, where Susan's now, the
contact person, one of thethings that's great about having
(36:03):
this delineated contact personis I can help them and give them
a lot more information because,you know, in a training session
I can give so much information,but it's me.
Two hours, 200 people.
But that, that person I canreally spend a lot of time with,
send examples with role playwith, so that they really get
trained on what to look for andhow to deal with stuff.
(36:26):
and that, that, that's kind ofcool because then they become
your internal rosing expert,right?
Yeah.
So that you don't need me asmuch anymore cuz this person
really knows a lot of stuffabout the things that are going
on.
Isar Meitis (36:39):
Makes perfect sense.
I definitely great advice.
What else can a organization,corporation, company do other
than designating a person anddoing training or these are the
two main things?
Robert Kerbeck (36:51):
Well, the, I think look, really the main
thing is to recognize that thehuman being will always be the
weakest link in your security,in your cybersecurity.
And most firms don't recognizethat.
Or if they do recognize it,they're paying lip service to
the idea and they're going, ohyeah, yeah, we know that.
(37:12):
Spend more money on thatfirewall.
Spend more money on thatencryption, you know?
And they're not spending anymoney or, or hardly any money on
train, you know?
They're like, oh, well we sentout an email and we told people.
You send out an email, you knowhow many emails people get every
day?
Yeah.
You know, they're not readingthe email.
They're not taking the emailseriously.
They're busy.
You know, it's like, whereas ifyou're actually training people
(37:34):
and you show on a stage anexample of what can happen, the
interaction that can happen, youknow, and, and, and how
catastrophic it can be, theneverybody in the audience is
like, whoa.
You know, and that's, andthat's, that's what corporations
need to do, is they need to notjust pay lip service to, the
proverbial weakest link incybersecurity, the human being.
(37:57):
Robert, this was
Isar Meitis (37:59):
first of all, really eye-opening second,
really scary.
Mm-hmm.
But really cool too, if you'renot on the wrong side of, of
that occasion.
Right.
If people wanna know more, ifpeople wanna follow you, read
your book, work with you, what'sthe best way to to do these
things?
Robert Kerbeck (38:16):
Oh, well, thank you.
I always tell people thesimplest thing is just go to my
website.
it's just my name, Robertkerbeck.com.
K e r b e c k.
you can friend me there on anysocial media.
You can, buy, you know, ruse,you can buy the audiobook for
Ruse.
You can see the trailer, for theTV series that's in development
for Ruse.
Ooh, nice.
yeah, so, so, you know, it'sjust, it's the, the website is
(38:38):
really fun.
I'm really proud of my.
Awesome.
Isar Meitis (38:42):
Perfect.
Robert, this was great.
very different form all my otherepisodes, but really fascinating
stuff.
I appreciate you spending thetime and sharing with me and my
audience
Robert Kerbeck (38:52):
what we want to accelerate, the businesses of
your listeners.
And one way to do that is to nothave the wheels fall off with
some spies getting informationon you.
Isar Meitis (39:03):
Awesome.
Thank you.
Thank you.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!