March 31, 2025 • 48 mins
In this episode, host Joe sits down with Ricoh Danielson, a former Special Forces operator turned cybersecurity expert and CISO. Ricoh shares his incredible journey—from nine combat rotations overseas to law school, and eventually a career pivot into IT and digital forensics. Discover how military discipline, resilience, and adaptability shaped his path to leadership in incident response and ransomware negotiation. Packed with insights on cybersecurity careers, leadership mentality, and the future of satellite warfare, this conversation is a must-listen for aspiring security professionals and military transitioners. Connect with Ricoh at firstresponder.us or on Instagram
@rico_danielson_. Subscribe for more inspiring stories!
00:00 - Introduction to Ricoh Danielson
02:17 - Military Background and Special Forces Transition
06:40 - Career Pivot to IT and Cybersecurity
16:58 - Leadership Lessons in Cyber
35:40 - Digital Forensics and Ransomware Insights
47:56 - How to Connect with Ricoh
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
How's it going, Rico?
It's great to get you on thepodcast.
I'm real excited for ourconversation today.
Speaker 2 (00:05):
Absolutely, man.
Thank you very much for havingme.
I really appreciate it.
Looking forward to rocking androlling man.
Speaker 1 (00:10):
Yeah, yeah, absolutely so, rico.
I think you have a prettyinteresting background right.
Why don't you talk me through,or walk me through how your
journey started through?
Or walk me through how yourjourney started.
Did you start at IT?
Did you, you know, do someother, you know, some other sort
(00:33):
of?
Speaker 2 (00:33):
work right.
Like, what does that beginningphase look like for you?
Yeah, there's a lot to go over.
You know, a very long time agoI was an operator in the
military and also paramilitary.
I was an infantryman in combatarms, did nine rotations
overseas.
I was actually pretty much, youknow, just going out there
doing what the warden needs tobe done, doing the good Lord's
work, doing door-to-door leadcells that's what I called it
and just being theknuckle-dragger.
(00:54):
And then I went to that tobeing a special operator, tier
one operator, whatnot where Iwas like, hey, I think I see
something, I need to dosomething different.
Your body, your mind can onlydo so much, right.
And I was like, hey, I'm goingto go to law school.
So I went to law school, starteddoing that and after I finished
(01:14):
law school I did one more pumpin Afghanistan.
And then I was like, hey, I wasgetting paid really good money,
I was making like six figures.
And I was like, hey, I need toget into IT.
And I took an engineering jobmaking $35,000 a year and it was
rough man, but I knew I neededto get the hands-on experience
and whatnot, because I knew theend goal was digital forensics.
And I started doing that bustingmy chops and whatnot, getting
(01:36):
skin in my teeth and thenstarted getting into incident
response and forensics itselfand I just started making
headway and I knew the stuff Ilearned from the military, from
counter-insurgency operations.
I just knew how criticaldigital information was, and
then law school on top of that.
(01:57):
So I kind of accelerated mycareer to just being a incident
responder or a forensicator.
And then I was like, hey, I'mgoing to go now try my hand at
being a CISO because I alreadyhad the leadership experience.
And it was cool.
Man, it was really cool, reallyinteresting, real fun.
Speaker 1 (02:06):
Okay so you covered a lot of ground there.
Let's go back to you know,maybe, your days in the military
right, what made you want tostart going down the special
forces route?
Speaker 2 (02:19):
Yeah.
So some of the stuff that we'veseen is you know you go to
traditional units right, youknow field artillery, infantry
units.
You know you do some high-speedstuff.
Like nobody really says, hey,you're doing some cool stuff,
but you do some really coolthings like TCPs, lps, recon,
and then in the specialoperations community it's like
you just get broken down evenfurthermore.
(02:41):
It's like, hey, you get lesserequipment equipment, lesser guys
, and you become a very ownprecision skill set.
And at that point you're like,hey, let's just go through the
training up, go to work up, gothrough all the cues, get your,
get your um training, docking,certification, whatnot, and then
get on to the team.
And then when you get to a team, it's when you learn everybody
else's job, like there arecertain brigade level teams and
(03:03):
there are, there are certaintri-level teams and also some
other type of teams and you geteven smaller and you say, okay,
I have to know commo, I have toknow intelligence, I have to
know whoever's doing the doorkicking, stuff like that.
So you have to know thesethings.
And once you become even asmaller team let's say eight to
12-man team you're very much ofan integrated part of each other
(03:23):
.
So where this person left off,you will pick up and vice versa.
There was a nutrition company, Ithink it was called Soft
Nutrition.
They went out of business orthey closed a business and it
was a bunch of I think it wasguys from third or fifth group
and they were like hey, here's abook.
They gave it to the nextpartner and be like go fill the
orders this way, this is how wedo it, blah blah.
(03:48):
They gave it to their nextpartner and be like go fill the
orders this way, this is how wedo it, blah blah.
And they were rocking reallygood business for a very long
time.
And the reason they show theclose up is one they lost
interest.
And number two, they wanted tohand it off to another special
operator who was from that team.
And same premise applies inforensic.
Same premise applies in cyber.
You know, you want to.
Birds of a feather flocktogether, right.
Speaker 1 (04:05):
Yeah, it's interesting, you know, because I
asked that, because I feel likealmost a lot of those similar,
you know, mentality qualitiesthat you have to build to be
successful in that areatranslate actually over into
cybersecurity, right.
So I always, I always thinkabout it as, like you know, when
(04:26):
you're starting out, you'relike going into the suck, right,
I don't know how else toexplain it other than that,
right, like I'm, I wrestled abit, done some jujitsu and
whatnot, and you know, that'slike the closest you know
comparison that I could have,right, that I could ever have,
which is not even a comparison.
It is a comparison though it isa comparison though it is, it
has a similar mentality.
(04:48):
That's what I'm trying to say,right, because when you're in
practice, when you're goingthrough your training and
whatnot, from what I've heardfrom a lot of other Special
Forces operators they literallyjust say make a deal with
yourself that you're going tomake it to the next meal, you're
going to wake up, you're goingto go to breakfast, right, and
then when you're going to getdone with breakfast, let's just
(05:08):
make it to lunch and see whathappens.
You know like, okay, let's makeit to dinner now, right, and I
think a lot of those sameprinciples or that same
principle is really related inbusiness and IT and security
overall right, especially whenyou're making potentially a
career change.
You know, and sometimes evenfor myself, when I was starting
(05:31):
out in IT, I had to literallyhave those small little tiny
goals right Of like, hey, let'sjust, you know, let's make it
through the month.
You know like it's really hardright now financially, like you
know.
You said right, you started outat $35,000.
I started out right aroundthere as well.
I mean that's not a lot ofmoney.
(05:51):
That's tough For years I had toactually decide which bills I
was going to pay that month andwhich bills I could lapse.
You know, I mean like that's areal, that's a real struggle
right there.
It's really tempting, you know,to give up, right, and then
potentially even like, make apivot, maybe go back into what
(06:13):
you were doing before.
How did you, how did you staystrong to the path that you
decided to go down?
Speaker 2 (06:19):
once you went down it , it was very I call it the
accordion effect right.
I knew that I wanted to be aninstant responder on my own firm
, be a CISO.
I knew that was the end goaland I had to go backwards a lot.
You brought up a very goodpoint.
You had to choose which billsyou're going to pay.
My number one bill was alwayschild support.
It was $1,700 a month and I waslike, okay, that is a
(06:41):
no-brainer, I will fight, kickand scream for my rent.
That's the next one.
Everything else in betweenbecause I had no car payment,
couldn't afford one, and I wasliving off my retirement at that
time I was like everything elsein between is going to, is up
on me.
So I want to go be a bouncer.
I would go do securityoperations.
There are these really quickpumps that you go over to like
Sudan, angola, libya or likeSierra Leone Congo for like
(07:03):
three or four months at a time.
I'll go do those and make somemoney come back.
So, as I was progressingforward.
But when I made the D markright, the decision was like I
know for a fact that I have tomake this decision and it's
going to hurt.
So instead of going overseas, Iwould just do little odd jobs
here and there.
Dude, I've never met a lot ofIT guys who know how to operate
(07:29):
a backhoe right and so like, andalso other IT.
Some IT guys, not a lot, butsome they don't know how to use
a drill.
So I'm just like, hey, I'm, youknow, I'll start building stuff
.
Speaker 1 (07:35):
So I started building things and little by little,
but now it's 100% cyber you know, yeah, yeah, that's a mentality
that I think a lot of people,you know, are lacking and
potentially even like lookingfor in some way.
Right, like I remember, youknow again, right, when I was
making that little amount ofmoney, I was doing everything I
(07:56):
possibly could on the side, youknow, not just to make ends meet
, but I was trying to make thattime be as valuable as I
possibly could towards reachingmy goals of getting into
cybersecurity.
And it took me two and a halfyears between realizing that I
wanted to go into cybersecurityto actually achieving it.
(08:18):
It took me two and a half yearsand I was being told no, every
single day, literally everysingle day, because I'll be
applying nonstop.
So every single day I'd have aphone interview, phone screen,
one in the morning, one in theafternoon.
I said, if I don't walk awaywith an offer today,
(08:52):
cybersecurity probably isn't forme.
I'm going to go join themilitary or something.
I was that desperate.
Sure enough, it came through.
I got two offers at the end ofthat day blew me away.
I was like, okay, I finallyreached my goal, I finally got
my foot in the door.
Someone believed in me enoughto just say, yes, you know, to
to you know, give me anopportunity, right, that that's
(09:14):
all you really need.
Speaker 2 (09:16):
You know?
Now bring up an interestingpoint.
My experience was not funbecause I was a lot bigger than
I was, 250 pounds, like just rawmuscle, an operator guy fresh
out of law school.
And when I was getting IT dude,I've heard like stupid, you're
just a good looking dude, nobodyreally cares about you.
I'm like dude, like this.
I thought we're trying to solveproblems and people were so
(09:36):
mean, like in the teams, right,like you can just punch somebody
and you're just like I'm justgoing to punch you in the face
and this will be done real quick, like it's real simple.
But like a little it guy and Ihate saying this scrawny little
it guy who drives a Corvette,you know, and he is like you're
stupid and you're like dude,this is not going to go well.
Like just stop.
Speaker 1 (09:56):
Right, yeah, I mean these interviews.
And you know, I would be toldby, like, alleged directors,
right, they would just laugh atmy saying so when they would ask
me oh, how do you, you know,how do you do this, this basic
function of it?
How do you like promote a DCcontroller, whatever it might be
Right, and I'm just startingout, and my response would be
(10:19):
I'll work with my team to figureout how to do it, and if no one
else knows how to do it, I'mgoing to Google it.
Yeah, you know, like, and ifthat doesn't work, I'm going to
go pick up a Microsoft book andI'm going to figure it out.
And they would laugh at mesaying that, you know, you
should know this off the top ofyour head and this, and that I'm
like, well, how would I know itoff the top of my head if I
(10:40):
I've never had that opportunity?
And that's, it's such a poor,such a poor mentality, right,
like, because that would neverfly, like you said, that would
never fly in the military, rightLike?
Speaker 2 (10:51):
the teams.
Speaker 1 (10:52):
The teams really self self police each other where
it's like, when you're notliving up to the standard,
there's someone there that'sgoing to be like hey, you're not
living up to the standard andyou're putting our lives at risk
, and so we're going to figurethis out real quick, you know,
and like you're going to makethe adjustment because I don't
feel like dying today becauseyou didn't do the work.
(11:12):
You know.
Speaker 2 (11:14):
Yeah, you brought up a good point.
One thing is like, hey, you gettwo tries right.
You're like, hey, one you'renot getting a team level.
Somebody from the team is goingto coach you up Good to go.
Second one we're going to sendyou back to the schoolhouse and
see how you do and you come backrefresh.
Good to go, let's keep goingright.
(11:39):
The third thing is like, hey,this just might not be for you,
right, because we're going toask you to eat a lot of big
banks, world banks incybersecurity and one of the
biggest burger flippers in theworld.
The sheer arrogance of directorswere like you have to be this.
I'm like guys, no offense, butyou were just Googling this, how
to do that?
Like, come on.
(11:59):
And so, like you know, beingcoming from law enforcement
background and also an attorney,I'm just like it's a no
nonsense, no bullshitconversation.
Like guys, let's just be honestwith each other.
And the weird part is a guy inmy same position when I was
doing IR for a big, bigorganization.
He's like you can't talk tothose guys like that.
I was like the hell I can man.
(12:22):
Like like, just like you know,today is a special day out that
you're a prick or you're just aprick all the time.
So which one is it?
So, and they would be like youcan say that I'm like, dude, be
a man, be the self-relyingperson, like, stand up for
yourself, dude.
And that's why I think IT likethis is where this amalgamation
of toxic leadership and likesuper smart guy undermines it.
And it's just like, and I and Isee, and I've I have friends of
(12:44):
mine who are female and they'rejust like I don't even want to
be in cyber because they gettreated poorly.
And I'm like man that sucks.
Speaker 1 (12:50):
Yeah, I um, yeah, there's a lot there, right, you
know my wife is a teacher, right, and so I'm, I'm a very strong
mentality, right, I'm verystrong, uh, personality, I guess
.
And if I feel like someone isintentionally trying to get one
over on me, right, or trying tobully me into a situation, once
(13:12):
I identify it like it ends rightthere, right, like you know you
can you, you can try all youwant, but once I figure out your
scheme against me, like it endsright there, you know we're
handling this.
I'm going to call you out on aphone call, I'm going to call
you out an email to yourdirector and to their vp, right,
I've done all those thingsbefore.
(13:33):
Typically ends pretty well.
Typically, you know my wife,she'll come home and she'll talk
about something.
You know that she's dealingwith coworkers at school and
stuff like that, and I'm I'mjust like you know I'm.
I approach it obviously from mymentality.
I'm like you got to stick upfor yourself, you need to get in
their face.
And she's a small, you know,five foot two Asian lady Like
(13:53):
I'm, like you need to get intheir face, you know, tell them
you know all this differentstuff, and she's like, you
understand, I work at a school.
I'm like man, I would still doit, you know, like, but that's
like a difference in mentality.
Right when in the teams thatsort of thing is acceptable,
that's like the lowest level.
Right In IT, that's a littlebit more aggressive.
(14:15):
At the same time, you know, I'vehad teams of primarily women
before where they would go intothese meetings because I can't
be in 10 places at once, right,and so I would send them into
the meeting and I would tellthem they're going to ask these
questions, they want to talkabout this stuff.
Here's your answers.
We'll work through them, youknow, and we'll develop the
(14:35):
answer and whatnot, right,prepare them really well for
going into it.
They'll go into it and they'llsay you know exactly what I told
them to say, right, andeveryone you know on this
opposing team, well, we'll justcompletely dispute everything
that they said, even though it's100% correct, that they said,
(14:58):
even though it's 100% correct,and I mean I had to do this a
couple of times where I wouldhave to sit down with the person
and, you know, tell them like Iwould give them then the exact
same answer.
You know that that they weregiven during that meeting and
when they accepted it, I'll belike, well, what's the
difference?
When my team says it Exactly,don't you think that they're a
reflection of me?
Like they're, they're saying itbecause I told them to say it
and it's the correct thing to do, like I'm not telling you to do
(15:20):
something that's incorrect.
You know we're going to put thecompany at risk or anything
like that, and you know thatwhole mentality kind of shifts a
bit when it's like you know, Ikind of discounted this person
because of you know how theylooked or how they acted, or
their age or gender, whatever itmight be.
Speaker 2 (15:39):
Right, or their technical acumen, and that's
another one.
Yeah, yeah, I do.
I'm right there with you, man.
I've been in plenty of meetingswhere I've been sidelined and
it's just like you're juststupid, right and it's.
I have a person that I workwith daily, extremely smart man,
and there are days I'm likedude.
The reason you're notsuccessful the way you want to
be is because your personalacumen like you need to know how
(16:01):
to just talk to people, and Ithink if in it, more
specifically in cyber, if youcan tell a story and you're nice
, nice and you're good, you'redecent, not the best, not the
worst, you're decent I thinkyou're going to kill it.
Speaker 1 (16:17):
Yeah, yeah, one of the things that you learn when
you're going up the ladder, soto speak, and security is being
able to tell that story so thatall levels can understand what's
going on, right, like that's.
That took me I mean, that tookme a couple of years, honestly,
to learn it.
I'm still mastering it Right.
But, honestly, to learn it, I'mstill mastering it right.
But you need that executivebuy-in, you need the technical
(16:40):
expertise buy-in, you need themiddle managers buy-in, right.
You need all these peoplebuy-in and they all view this
information differently.
They all want to receive itdifferently in different formats
and whatnot, right?
So how do you tell the story ina way that explains why we
should encrypt this data to anexecutive, whereas I don't have
(17:01):
to explain why we need toencrypt it to a technical person
.
I need to explain how to do itright.
Maybe that's the part that Ineed to explain and I think
identifying that early on ispretty key.
But I do kind of want to circleback right to in your story and
similar with mine.
Once you identified the areayou wanted to go in, you really
(17:22):
stopped at nothing to go and doside work that you had skills in
and whatnot, and similar tomyself.
When I identified I wanted toget into security, I started
doing everything I could on theside to actually make that
happen right.
It didn't happen overnight andI think that's what a lot of
people get discouraged fromright and in the teams, right, a
(17:45):
lot of that training takesyears, you know, like I hear
Sean Ryan talk about how it tookhim two years to get through
training right and then hefinally gets to the teams and he
thinks he's just going to goand, you know, operate and
things like that, and then he'ssitting on a bench for you know,
six months, eight months, whilehe's then learning everything
else and he's like man, I justtrained for three years
(18:05):
basically to do this job and Ican't even do it, you know, and
it's a it's an interesting mindshift Not everyone understands
it?
Speaker 2 (18:15):
Your ego.
Your ego is your worst and bestenemy, right Even myself.
You go through the pipeline twoyears.
You know that's all the Q's andthis, that and the other.
Your MOS is your specialty,training and whatnot.
When you get to your unit,they're like that's cool, this
is how we do it over here.
You know, and you're like okay,and you're like and then how
you clear a house is a verydifferent dynamic of clearing
(18:36):
house in the schoolhouse versushere, right.
And then you do jointoperations with some of the
SEALs Marine Raiders, you knowother guys and whatnot and
you're like wait, you guys havea whole different process.
And then you do a workup, liketwo or three or four or five
months workup.
Then you're like okay, now weget along.
Then the alpha ego is you haveto get away from right.
The alpha egos you have to getaway with from right.
(18:58):
Like if you can get alongwithout beating the shit out of
each other, you'd be all right.
So, like there's some big boys,like I'm a pretty big guy
myself, but like big boys, bigegos, you know like it's pretty
rough.
But you know the question is,will you stop at nothing to
achieve?
And that's I believe we can do.
One of the things I learned along time ago was you can do
everything with nothing.
You can, you can, you can yeahyeah, you absolutely can.
Speaker 1 (19:21):
I mean, I, I personally, I I feel like we
always have whatever we needwithin us.
You know already, right?
Like you know, I'm a christian,I'm a believer, right, so I I
obviously I relate that to, tomy religion and whatnot but I
feel like, whatever you'retrying to accomplish, whatever
path you're trying to go down,you already have whatever it
(19:42):
takes already inside of you.
It's just up to you to identifyit, utilize it and use it to
your best abilities and whatnot.
Right, and I think I'll giveyou some background.
Right, because this is why Ikind of bring up the military a
bunch.
Right, because this is why Ikind of bring up the military a
bunch.
Right, because in high school Iwent to a very poor high school
(20:02):
, so we had military researchersat our high school just
constantly, right, every singleweek we had someone out there.
I was a wrestler, right, sothey would try and poach me
every single day of the week.
I didn't go into the militaryout of high school.
I was tempted to.
I know a lot of friends that Iwrestled with.
They went into the military,ended up in different units and
whatnot, right.
But I always thought, okay,I'll go to college and then I'll
go to the military.
The reason being is that Ididn't want to make military
(20:24):
service out to be for a collegeeducation.
I wanted to get that collegeeducation and then I wanted to
go and do the military stuff andin between my sister needed a
kidney.
So I donated my kidney to her,unknowingly at the time,
disqualified me from everybranch of the military, for
every job that you couldpossibly have in the military,
right?
So it was like, oh, okay, so Iget to save my sister's life,
(20:46):
but you can't take me, eventhough I need to save all my
water as everyone else and I'lldo everything else.
Like, okay, whatever, right.
In all of this process I wentdown and I just researched I
mean, even to this day Iresearched non-stop right the
mentality, the training andeverything else like that and so
for myself, I try to take thatmentality, just just grab just a
(21:09):
piece right and bring it intomy life so that I can be more
successful and, you know, really, really grow myself.
So I wanted to give you thatthat pep talk, right.
Because, I'm bringing up adecent amount and not everyone
listening right Knows that aboutme, right, so it makes more
sense.
I don't want people out thereto be like, oh, this
(21:29):
cybersecurity guy, he's talkingabout the military, you know as
if like uh, he's a wannabe orwhatever.
Speaker 2 (21:35):
It's like no, no, no, you know I get a lot of hate,
especially from the guys that Iwas on teams with.
Like I did nine rotationsoverseas, right, and everyone's
like why do you sit with thesesmart guys?
And I'm like Jesus, guys,seriously, do you hear yourself?
I'm like, gentlemen, like wewere the best at what we did,
like there's only a time andplace for conflict and violence,
right, yeah, what does the nextphase of life look like?
(21:58):
And so I'm an imposter herejust hanging out BSing on the
cyber side.
I honestly feel that way, butI'm at the top now, but I just
I'm like so much like you peoplehear me like well, what do you
know, rico?
You're not, you didn't comefrom IT.
I'm like you're right man.
Speaker 1 (22:17):
Like I'm like you're right, man, but I'm here, right.
Yeah, I feel like the depththat you have to go into with
the teams and with security islike the same level, right, and
the teams you know.
I mean, you have to know somany different things.
You know just from a surfacelevel, right things.
(22:38):
You know just from a surfacelevel, right, civilian looking
in on it.
When you said everyone knowseveryone else's job, it's like,
okay, well, there's legitimatedifferent jobs, like there's a
comms guy out there, there's a,you know, a med guy out there,
there's snipers, and you knowall this different stuff, right,
everyone has to have that sameskillset.
The reason being is that ifsomeone goes down, you can't
just be like, oh well, our medicis down, no one's providing
(22:58):
medical.
Now, right, that isn't arealistic situation.
And in cybersecurity whereaslives are not at stake, of
course, and whatnot.
But in my opinion, to be asuccessful security practitioner
, you have to be so deep and sointimate with these systems that
you know it better than thepeople that designed it.
(23:18):
That's a very realistic thing.
It takes a long time to achieveit.
It's very difficult to achieveit, obviously, but you still
have to have that understanding,that know-how.
I have a good friend of minewho's been in security for a lot
longer than me and he saidsecurity professionals typically
earn their paycheck two tothree times a year.
(23:40):
If it's any more than that,your company is probably going
under Probably.
And he literally explained itlike this the security people
are typically the most skilledpeople in the IT organization
because you could take asecurity guy and put them on a
systems team or a networkingteam or a cloud infrastructure
team and it may be a little bitdifficult, it may be a little
(24:01):
bit slower, you know for theresult right for a couple of
weeks, but eventually they'regoing to pick it up pretty quick
and they're going to get intothat flow and they'll understand
what's going on and whatnot.
When you're actually applyingsecurity principles, you have to
know all of those underlyingservices and processes and
everything else about thatsystem before you start
deploying.
(24:22):
You know an EDR agent to itright and blow it up and blow up
your alerts and everything else.
Speaker 2 (24:29):
Yeah, it makes sense.
Man, you brought up somethingvery, very keen is that
cybersecurity professionals arevery adaptable, and I think
that's very needed.
The other thing is it takes alittle bit of time.
I'm noticing cybersecurity,especially senior cybersecurity,
the CISOs.
Like I'm a CISO myself we'refinding ourselves in more of a
product security mindset, like,hey, here's our product, here's
how we secure it, because that'sthe next evolution of a CISO.
(24:51):
I think right now the CISOmarket is oversaturated and
everybody wants to drive a ship,everybody wants to have those
cool initials behind the name.
It's just not worth it, right,if you ask me, but there is
basis of merit to it, right, toget there.
You brought up something veryinteresting on the teams is that
you know when your medic goesdown there's no medical
attention.
The interesting part is I'vebeen shot.
(25:11):
Right, if you ever get shot,the first thing they're going to
, the first thing that's goingto happen, is not the medics
going to come.
Your buddy should be able tocome, pull from your medical kit
and be like you need to manageyourself up.
I got to lay down suppressivefire and get in the fight, and
it's funny because everyone'slike well, where's the medical I
do?
We're all busy in thefirefighting, but you got to get
yourself buddy, so yeah, yeah,that, yeah, that's interesting
(25:36):
man.
Speaker 1 (25:37):
It's a fascinating other side of the world, for me
at least.
Right, when you start divinginto that kind of mentality and
whatnot.
You know, like what you said,right, everyone wants to be a
CISO now and I think that theysee these big paychecks and
that's what they want, but theydon't see the risk, they don't
(25:59):
see the sleepless nights, youknow, they don't see all the all
, all the nuances that there areto the job.
Right, where it's interesting,you know, successful CISOs at
least in my opinion, they get.
They get their, their feedbackor their status report from,
like, the very technical peopleOkay, tell me exactly where this
(26:20):
body is buried, tell me what itlooks like, give me all those
details, so to speak.
And those people are the onesthat are staying up in the
middle of the night, that havetheir own lawyers, that are
going to court for behalf ofthem for whatever, whatever
issue that's going on.
And I always seem to.
(26:40):
I always seem to respect thoseCISOs with that technical
capability, right, or thattechnical mindset, a little bit
more, because they weren't justa manager and they just weren't
an executive or anything likethat.
They were someone that trulywanted to know, hey, what's
going on in this environment,like I legitimately need to know
(27:02):
because I need to be able toprint the board.
For hey, we need $2 million togo and buy this thing, otherwise
we're going to pay 20, you knowin fees and fines if something
ever were to go wrong or whatnot.
Speaker 2 (27:15):
Yeah, everybody wants to be a rock star, until you
got to do a rock star stuff,right, yes?
Or everybody wants to be agangster, so you got to do some
gangster stuff.
Uh, being a CISO is not allcracked up to be.
I highly recommend that you dosomething that's I think
everybody should be a CISO, uh,just so you get the expert, uh
expertise that you need andexperience and then realize that
(27:36):
you don't want to do it.
Speaker 1 (27:39):
Yeah, yeah, that's very true.
I wonder, I think I would wantto be a CISO.
Sure, I'm at the point in myown career where I'm moving past
wanting to be super technicaldeep in the weeds.
Right, I kind of want to moveinto you know more of overseeing
(28:03):
and whatnot.
So we'll see how that goesright.
I know someone that was supertechnical went into management,
hated it, went back to being youknow, super technical and he
just stayed there and he lovesit, you know.
Speaker 2 (28:17):
I think you have to be in the right mentality, right
mind frame, right phase of lifeto be like, hey, this evolution
of life is different.
Right, because I'm dude.
You know, people who work forme are extremely brilliant,
reverse malware, ransomnegotiators and nice, nice
people.
But they're like I don't know.
I don't know how you do whatyou do, Rico, I wouldn't want to
(28:38):
do it.
I'm like I love dealing withclients.
That's just me.
But at the same aspect, I'mlike I was there, not as
technical as you are, but I justrealized I like this stuff
better and I changed my mind.
And a lot of technical peopleare like no, I just want to turn
this one widget and wrench.
I was like have a little bitmore.
Speaker 1 (29:00):
Yeah, that's a really good point and that's something
that I try to touch on quite abit.
Right Is, you know, buildingyour career and your skill set
off of what's coming rather thanwhat's here today.
Right, you should have thestuff of what's here today.
You should have that skill set.
You should be able to, you know, operate and whatnot to the
(29:20):
highest levels, but you shouldalso be looking, you know, to
what's coming.
Right.
So for myself, at least thepast couple of times.
Right, it's been tied to adegree, right.
So I got my master's degree andthat kind of catapulted me into
security and cloud security.
Now I'm working towards my PhDdoing you know, satellite
security for communications PhD.
Doing you know satellitesecurity for communications
(29:44):
satellites and implementing zerotrust within it to prepare for,
you know, post-quantum.
Right, because I see all thosethings going on and my mentality
is the next big war is going tostart in space long before it
ever starts on the ground.
Right, we kind of saw that withUkraine to some extent, where
they were hacking their powergrid.
No-transcript, just turn offall communications.
(30:39):
No one in that country is makinga cell phone call out.
They're not making a satellitecall out.
They're not doing.
They're not getting internet,you're not getting power, you're
not getting water, right.
All that stuff is actually tiedinto the satellites and in some
ways.
So if that were to ever go down, you know you have.
You have pretty major issues,at least in my opinion, right in
(30:59):
my own research.
Yeah, yeah.
So I'm trying to prepare andadjust and grow my skill set
towards that area for somethingthat I guess you know feasibly.
I guess it may never happen,but I think it'll be here in
five to ten years.
Speaker 2 (31:14):
Right, it's definitely happening.
I went to ukraine to go see itfor my own eyes and I have a
different perspective of the warand also went to gaza and
israel to see the reality of thesituation.
I have a different perspectiveof the war, and also with the
Gaza and Israel to see thereality of the situation.
I have a different perspectivetoo.
You know, being on the news, Ican kind of do that when it
comes to, you know, satellitewarfare.
What I think is, if you look upand you adopt and understand the
(31:37):
methodology of Blitzkrieg, withthe Germans created right,
dominate the Aresian land all atone time, you can definitely
dominate the whole battlefielditself.
So you're not too far off.
I think you're spot on the gameand you'll more than likely see
it maturitize and amassesizeand materialize within the next
three to five years.
We're already here, you know.
(31:58):
It's just a matter of watchingthe satellite fall out of the
damn sky now.
So, and we'll see it.
So I think you're spot on man,I think you are where you're
supposed to be and I think youyou're honestly, you're way
ahead of the people, way aheadof the other people yeah, yeah,
it's um, you know it's.
Speaker 1 (32:16):
It's interesting because I'm I'm also like tying
it towards you know kind of likean arduous task of getting a
PhD.
When I started this whole PhDthing I never thought it would
be this difficult.
I figured two and a half, threeyears I'll be done.
I think I started a year and ahalf ago and now I'm looking at
(32:37):
three years.
It's a little tight, it's alittle close there.
There's so much more to it.
And but that also speaks to thecommunity, the phd community,
and how they kind of self-governand, you know, really gatekeep
in a good way.
Right, they don't want justanyone getting a phd, they want
(33:00):
you to truly be an expert inthis area, like Like, if we're
going to put PhD at the end ofyour name, you better know this
topic inside and out, like theback of your hand.
You know which is.
It's something that Iappreciate for sure, because I
wouldn't want it to be like youknow an overnight you know PhD,
pay this amount, you know, andyou get it, or whatever.
(33:21):
That wouldn't be rewarding tome.
You know but I, this amount,you know, and you get it, or
whatever.
That wouldn't be rewarding tome, you know, but I to shift
gears a little bit.
You know I was doing a littlebit of what I call light
research right before thepodcast, right, well, five, 10
minutes before the podcast whereI just pull you up on LinkedIn,
right, see, see what's there.
So I saw some forensicscapabilities you know that you
(33:43):
potentially specialized in,currently specialize in with
your company.
Can you talk to me about someinteresting engagements with
forensics?
Because I feel like forensicsis a part of cybersecurity that
people don't really think aboutthat much, and when I studied it
in my master's it was reallyeye-opening, because you're
(34:04):
reverse engineering a systemthat someone else designed right
there on the fly and you'retrying to figure out what ties
to what and how it allcorrelates and whatnot,
traditional forensics, which Idid for law enforcement and also
Office of Public Defense workin civil and criminal cases.
Speaker 2 (34:24):
then you have on-the-fly incident response
forensics, right, which is twodifferent dynamics, and some of
the things that we've seen islike you know, the most recent
one was a redirect from aRussian, the Russian Rutsku,
which is a nation-state threatactor, right.
And they got really good inregards to multi-factor
authenticating, uplinking,outloading your multi-factor,
(34:45):
unhinging it and thenre-engaging it, and it's like
whoa.
So a lot of the stuff istraditional reverse malware
trying to figure out where thebot came from, how it implanted
itself, and also extracting theC2 node along with TTPs and IOCs
.
So I mean it really it's verydynamic.
(35:06):
I mean some of those things.
We have to understand that theransom game is a multi-tiered
game.
It's a billion dollar industryand you have multiple factors in
there.
The guys who create theransomware and also the
exfiltration tool are twodifferent teams.
The guys who are actually doingthe ransom negotiation is a
different affiliate.
So it depends who you're kindof dealing with.
We've seen some wild things.
I've worked over 1,500different ransomwares and it's
(35:27):
just, you see, old dogs, newtricks, repackaged stuff.
I mean zero days all the way tohappy birthday attacks.
I mean, you name it, we see it.
But a lot of it has to do withtraditional vulnerability
management and doing this cyberhygiene 101, right, do the right
thing, right place, right timeand you'll be okay.
But a lot of companies are like, no, we're fine, I'm like okay,
(35:49):
and now cyber insurance is love, cyber insurance.
We do work on behalf of cyberinsurance.
Speaker 1 (35:54):
They're not stupid, they actually have their own IR
teams and they're like, hey,we're going to go ahead and use
this as a discovery tool andthat's okay yeah, man, like ir
tabletops, I went through an irtabletop within the last 12
months, yeah, and you know, oneof the one of the biggest
critiques that I gave the restof the rest of the teams, rest
(36:14):
of the company was that when weknew that an attack was underway
and, you know, ongoing, no oneeven thought to reach out to
security.
Right, shouldn't have that beenthe first call?
Like, because in thishypothetical scenario, we went
10 days without someonenotifying security.
So it's like, it's like, guys,I understand, like we're
(36:37):
security, we should, we shouldknow, we have the tools in the
right place to identify it andwhatnot, right, but you're the
product owner, you should knowwhen your product is encrypted,
you should know when itshouldn't be.
Speaker 2 (36:50):
Yeah, you know I'm surprised.
You know I say when in doubtsecurity out, right, like just
call somebody, reach out.
You know what I correlate it tois people want to have
validation, like I own this, Iown that.
I'm like dude.
Right now, during an incident,there's no time for egos,
there's no time for brashness.
Do not fire anybody, becausethat is the worst thing you can
do right there and then,especially if you fire a CISO
during that, you just set thewrong tone immediately.
(37:12):
So yeah, doing tabletops andincident response tabletops is
very paramount.
Speaker 1 (37:18):
A lot of companies don't do that still and it's
very insurmountable and andneeded yeah, yeah, I'm a friend
who used to work for aninsurance company and it seemed
like he was doing incidentresponse.
I had for incident response.
I mean he worked, he worked, uh, you know, 100 hour weeks for
two months straight, you know,and and they they did fire a
(37:42):
couple people like during thattime and the biggest feedback
you know from the cso was, hey,right now is literally the worst
time that you could be firinganyone.
You know, like, how about wejust let our guys do the work,
because you know we don't haveany other options?
You know, like, what are wegoing to do?
We're going to call a crowdstrike and they're going to
(38:03):
charge us 1.5 million to enterour environment.
You know, like, come on thatthat's exactly it.
Speaker 2 (38:09):
I mean, as a ciso, you kind of have to make those
decisions.
But you know I think you'resending the wrong time.
We start firing people.
Number two like you need allhands on deck, you need wrench
turners and fire people is justgoing to put your back against
one and also make you look likean idiot, you know.
Speaker 1 (38:25):
Yeah, it starts showing incompetence almost at
the leadership level, right whenit's like you're firing us in
what situation, you know, likeyou already laid us off you know
half of the team or whatever,and then you're going to start
firing people Like do you knowwhat you're doing?
Speaker 2 (38:44):
Yeah, usually executives want to see money
right and then money iscorrelated to emotion,
especially from the executiveperspective, because they were
like, oh, we're in pain, I'mgoing to cause pain, who's
responsible?
Fire that person, boom, andit's like dude, you know, like
one of my CISO gigs a very longtime, my first CISO gig ever.
It was very interesting becauseI was like I'm going to do my
first one, I'll grind my teethat night.
(39:05):
I remember I'll stay up late atnight.
And then company got shut downfrom the FBI and I was like Whoa
, like that was just wild.
I was like, okay, I'm, I'm outof here, man, like I don't want
anything to do with this.
Speaker 1 (39:19):
I mean, how bad do you have to be as a company to
get shut down by the FBI or anyagency?
Let alone.
Speaker 2 (39:29):
Well, they were doing some interesting things and
they've been dealt withaccordingly, but I can't really
say too much about it.
But they attracted theattention of a federal agency
and they always like, hey, I'mout of here, Like I can't have
any part of this.
Speaker 1 (39:42):
Yeah, those guys at the federal agencies.
I mean, they're like pit bullson a chain right, and once they
get a little whiff of something,it's like, oh well, let me get
a little bit more, let me seewhat else is there right, and
they start peeling back theselayers and there's like no
stopping it.
You know, they have like thesecurity curiosity from their
(40:04):
side too.
They have that unquenchablecuriosity.
Speaker 2 (40:07):
Yeah, usually when working on the digital forensics
for the civil and criminalcases, it was very interesting,
Whenever I work in an FBI case.
When we saw one of theircharges, we knew they had 25
additional charges.
Speaker 1 (40:20):
I was just waiting.
Speaker 2 (40:22):
I was like okay, here we go.
Speaker 1 (40:27):
Yeah, they have.
Like what a 97, 98% convictionrate for a?
Speaker 2 (40:30):
reason yeah, they don't go out for people they
can't convict, right.
Speaker 1 (40:35):
I mean that's a part of the criteria too.
When a DA is determining ifthey're going to prosecute you,
they look at your assets, right,yeah, yeah.
Well, how much money does thisguy actually have access to
where he can put up a validlegal defense and are we going
to lose if they do that and allthat sort of stuff?
(40:55):
That was a part of I got mybachelor's in criminal justice
and that was a part of it that Inever even thought of before
and you always see it with your,with your, your company and
whatnot, typically in thebenefits, like you could pay for
the legal services for like 10bucks, you know, a month or
whatever it is.
It's like.
Whenever I see that, I'm likeit's a no-brainer.
Why do I care about ten dollars?
Speaker 2 (41:16):
you know yeah, it's true.
It's true.
Um, usually, whenever you havelike legal services, I always
tell people mindful.
I used to write legal contracts.
I'm like there's always aclause to get out, a
provisionary clause to get outof that.
So be mindful of what you signup for, because it might not be
what you want.
Speaker 1 (41:33):
Yeah, I always read everything before I sign it
probably too much.
Fairly, recently there was anemployment contract that came my
way you know the numbers madesense but then you start reading
the fine print and it's like,wait, you want me to, you want
(41:56):
me to do what.
You want to take ownership ofmy social media accounts?
Yeah, yeah, you uh want tocontrol what I can say and when
I can say it, and everythinglike this is a security engineer
role.
What are you trying to do here?
You know, like I'm not.
Speaker 2 (42:12):
I'm not the ceo of the company I was working an
insider threat job once, right aproject for very world big real
estate firm and a huge, huge,huge.
And they were like you need togo talk to this person about
what they post on social media.
And and my caveat, my exit wasguys, we're not the world police
, they didn't name, drop us.
Who cares?
(42:32):
We don't like that.
Like we don't like that, it'snot good for cause.
And I realized then like thisis just me and my internal
dialogue, like I love insiderthreat, like that's a really
good program.
If you can ever do it, do it.
But the problem is, is that what?
There's a fine line of like atwhat point are we kind of
overreaching here and shoot, dowe care?
(42:52):
This is one.
This is when I was working fora bank and they're like, hey, go
investigate this person.
I'm like, all right, cool.
So I pull up our social media,blah, blah, and like she's
making baked goods on theweekends.
We can't have that.
I'm like you do realize she'slike a power BI analyst, right,
like what does it matter?
And they're like she didn'tdisclose it.
I'm like, and there's this guy,Code, ethics and Compliance,
(43:15):
and I go, hey man, let me askyou, is it your interpretation
of the Code Ethics andCompliance, or is it the
interpretation of it?
And he's like well, this is theway I read it.
I'm like, dude, you havenothing else to do, I'm not
doing this, I'm not doing this.
And then I got relieved of myduties and I'm like I'm out of
here, dude, like I got intoanother job project.
But it blew my mind.
Speaker 1 (43:34):
I was like, guys, this is not at all what we
should be doing or spending ourtime on right, yeah, and it's
you have to be able to, you know, really like stand by your own,
your own principles, your ownmorals, so to speak.
Right, because there's there'sso many opportunities in so many
different ways where they want,you know, you, to be the, the
(43:57):
so-called executioner.
Right and like, track it downand, you know, build the case
and everything for something asminuscule as oh, they've been
goods on the weekend and they,they potentially sell it for,
you know, 10 bucks, lord forbid,Lord forbid, if a person trying
to get out of debt or, betteryet, put their kid through
college, you go work for that.
Speaker 2 (44:17):
You go work for a bank and they're like hold on.
You work at the YMCA on theweekends.
We can, we can't have that.
I'm like who is an employer todictate to you of your wealth?
So it's just me, though.
Speaker 1 (44:27):
Yeah yeah, no, I mean it's.
Some employers have thatmentality and it's.
It's very weird to me, rightlike, because, like, my
mentality is it's not happeningbetween you know, eight and five
or nine and five, what does itmatter?
Right like, I'm signing thiscontract right here, my time is
allocated for you for that timeframe.
If needed, I work extra, youknow, as needed, obviously,
(44:52):
given, given the situation andwhatnot.
But if I'm, if I'm, you know,if I'm canceling calls for your
company to go and do stuff onthe side, that's different.
Right, it's different.
Yeah, that's a differentscenario.
But if that's not happening,then what power do you actually
have in this arena?
Because that wouldn't hold up incourt, you're not purchasing
(45:13):
this person's life contract andsaying, until you resign, we get
100% of your time.
It's like no, no.
Speaker 2 (45:21):
No, I know what you mean.
Yeah, exactly.
Speaker 1 (45:24):
Yeah, percent of your time.
It's like no, no, no, I knowwhat you mean.
Yeah, exactly yeah, yeah it's.
It's always frustratingwhenever I see that, because
it's just like come on, likecome out of the dark ages.
Speaker 2 (45:32):
Nope, it's the old school ceos like you gotta do
this yeah right right.
Speaker 1 (45:39):
well, rico, we didn't talk a whole lot about your
company.
You know, just talked almost 50minutes where they can find
your company and if they wantedto, you know, reach out and
learn more about that.
Speaker 2 (46:11):
So, on a personal level, if anybody wants to reach
out, you can look me up onYouTube I'm on there and then
also on Instagram Ricounderscore, danielson,
underscore, right, no-transcript.
(46:44):
Some of the things that we canbe very noticeable of is just,
you know, be very intentional ofyour time with me.
I usually take meetings or, youknow, meet with people that are
very intentional, like tell mewhat you want, I'll get you what
you need.
Speaker 1 (46:59):
Yeah, yeah, that makes sense.
It's more efficient, yeah,efficient use of your time and
theirs, exactly, yeah, awesome.
Well, thanks, rico, for comingon.
I really do appreciate.
You know, I really enjoyed ourconversation.
Speaker 2 (47:12):
Hey, rock and roll man.
I really appreciate you, manyeah, absolutely well, thanks
everyone.
Speaker 1 (47:17):
I hope you enjoyed this episode.
How's it going, Rico?
It's great to get you on thepodcast.
I'm real excited for ourconversation today.
Speaker 2 (00:05):
Absolutely, man.
Thank you very much for havingme.
I really appreciate it.
Looking forward to rocking androlling man.
Speaker 1 (00:10):
Yeah, yeah, absolutely so, rico.
I think you have a prettyinteresting background right.
Why don't you talk me through,or walk me through how your
journey started through?
Or walk me through how yourjourney started.
Did you start at IT?
Did you, you know, do someother, you know, some other sort
(00:33):
of?
Speaker 2 (00:33):
work right.
Like, what does that beginningphase look like for you?
Yeah, there's a lot to go over.
You know, a very long time agoI was an operator in the
military and also paramilitary.
I was an infantryman in combatarms, did nine rotations
overseas.
I was actually pretty much, youknow, just going out there
doing what the warden needs tobe done, doing the good Lord's
work, doing door-to-door leadcells that's what I called it
and just being theknuckle-dragger.
(00:54):
And then I went to that tobeing a special operator, tier
one operator, whatnot where Iwas like, hey, I think I see
something, I need to dosomething different.
Your body, your mind can onlydo so much, right.
And I was like, hey, I'm goingto go to law school.
So I went to law school, starteddoing that and after I finished
(01:14):
law school I did one more pumpin Afghanistan.
And then I was like, hey, I wasgetting paid really good money,
I was making like six figures.
And I was like, hey, I need toget into IT.
And I took an engineering jobmaking $35,000 a year and it was
rough man, but I knew I neededto get the hands-on experience
and whatnot, because I knew theend goal was digital forensics.
And I started doing that bustingmy chops and whatnot, getting
(01:36):
skin in my teeth and thenstarted getting into incident
response and forensics itselfand I just started making
headway and I knew the stuff Ilearned from the military, from
counter-insurgency operations.
I just knew how criticaldigital information was, and
then law school on top of that.
(01:57):
So I kind of accelerated mycareer to just being a incident
responder or a forensicator.
And then I was like, hey, I'mgoing to go now try my hand at
being a CISO because I alreadyhad the leadership experience.
And it was cool.
Man, it was really cool, reallyinteresting, real fun.
Speaker 1 (02:06):
Okay so you covered a lot of ground there.
Let's go back to you know,maybe, your days in the military
right, what made you want tostart going down the special
forces route?
Speaker 2 (02:19):
Yeah.
So some of the stuff that we'veseen is you know you go to
traditional units right, youknow field artillery, infantry
units.
You know you do some high-speedstuff.
Like nobody really says, hey,you're doing some cool stuff,
but you do some really coolthings like TCPs, lps, recon,
and then in the specialoperations community it's like
you just get broken down evenfurthermore.
(02:41):
It's like, hey, you get lesserequipment equipment, lesser guys
, and you become a very ownprecision skill set.
And at that point you're like,hey, let's just go through the
training up, go to work up, gothrough all the cues, get your,
get your um training, docking,certification, whatnot, and then
get on to the team.
And then when you get to a team, it's when you learn everybody
else's job, like there arecertain brigade level teams and
(03:03):
there are, there are certaintri-level teams and also some
other type of teams and you geteven smaller and you say, okay,
I have to know commo, I have toknow intelligence, I have to
know whoever's doing the doorkicking, stuff like that.
So you have to know thesethings.
And once you become even asmaller team let's say eight to
12-man team you're very much ofan integrated part of each other
(03:23):
.
So where this person left off,you will pick up and vice versa.
There was a nutrition company, Ithink it was called Soft
Nutrition.
They went out of business orthey closed a business and it
was a bunch of I think it wasguys from third or fifth group
and they were like hey, here's abook.
They gave it to the nextpartner and be like go fill the
orders this way, this is how wedo it, blah blah.
(03:48):
They gave it to their nextpartner and be like go fill the
orders this way, this is how wedo it, blah blah.
And they were rocking reallygood business for a very long
time.
And the reason they show theclose up is one they lost
interest.
And number two, they wanted tohand it off to another special
operator who was from that team.
And same premise applies inforensic.
Same premise applies in cyber.
You know, you want to.
Birds of a feather flocktogether, right.
Speaker 1 (04:05):
Yeah, it's interesting, you know, because I
asked that, because I feel likealmost a lot of those similar,
you know, mentality qualitiesthat you have to build to be
successful in that areatranslate actually over into
cybersecurity, right.
So I always, I always thinkabout it as, like you know, when
(04:26):
you're starting out, you'relike going into the suck, right,
I don't know how else toexplain it other than that,
right, like I'm, I wrestled abit, done some jujitsu and
whatnot, and you know, that'slike the closest you know
comparison that I could have,right, that I could ever have,
which is not even a comparison.
It is a comparison though it isa comparison though it is, it
has a similar mentality.
(04:48):
That's what I'm trying to say,right, because when you're in
practice, when you're goingthrough your training and
whatnot, from what I've heardfrom a lot of other Special
Forces operators they literallyjust say make a deal with
yourself that you're going tomake it to the next meal, you're
going to wake up, you're goingto go to breakfast, right, and
then when you're going to getdone with breakfast, let's just
(05:08):
make it to lunch and see whathappens.
You know like, okay, let's makeit to dinner now, right, and I
think a lot of those sameprinciples or that same
principle is really related inbusiness and IT and security
overall right, especially whenyou're making potentially a
career change.
You know, and sometimes evenfor myself, when I was starting
(05:31):
out in IT, I had to literallyhave those small little tiny
goals right Of like, hey, let'sjust, you know, let's make it
through the month.
You know like it's really hardright now financially, like you
know.
You said right, you started outat $35,000.
I started out right aroundthere as well.
I mean that's not a lot ofmoney.
(05:51):
That's tough For years I had toactually decide which bills I
was going to pay that month andwhich bills I could lapse.
You know, I mean like that's areal, that's a real struggle
right there.
It's really tempting, you know,to give up, right, and then
potentially even like, make apivot, maybe go back into what
(06:13):
you were doing before.
How did you, how did you staystrong to the path that you
decided to go down?
Speaker 2 (06:19):
once you went down it , it was very I call it the
accordion effect right.
I knew that I wanted to be aninstant responder on my own firm
, be a CISO.
I knew that was the end goaland I had to go backwards a lot.
You brought up a very goodpoint.
You had to choose which billsyou're going to pay.
My number one bill was alwayschild support.
It was $1,700 a month and I waslike, okay, that is a
(06:41):
no-brainer, I will fight, kickand scream for my rent.
That's the next one.
Everything else in betweenbecause I had no car payment,
couldn't afford one, and I wasliving off my retirement at that
time I was like everything elsein between is going to, is up
on me.
So I want to go be a bouncer.
I would go do securityoperations.
There are these really quickpumps that you go over to like
Sudan, angola, libya or likeSierra Leone Congo for like
(07:03):
three or four months at a time.
I'll go do those and make somemoney come back.
So, as I was progressingforward.
But when I made the D markright, the decision was like I
know for a fact that I have tomake this decision and it's
going to hurt.
So instead of going overseas, Iwould just do little odd jobs
here and there.
Dude, I've never met a lot ofIT guys who know how to operate
(07:29):
a backhoe right and so like, andalso other IT.
Some IT guys, not a lot, butsome they don't know how to use
a drill.
So I'm just like, hey, I'm, youknow, I'll start building stuff
.
Speaker 1 (07:35):
So I started building things and little by little,
but now it's 100% cyber you know, yeah, yeah, that's a mentality
that I think a lot of people,you know, are lacking and
potentially even like lookingfor in some way.
Right, like I remember, youknow again, right, when I was
making that little amount ofmoney, I was doing everything I
(07:56):
possibly could on the side, youknow, not just to make ends meet
, but I was trying to make thattime be as valuable as I
possibly could towards reachingmy goals of getting into
cybersecurity.
And it took me two and a halfyears between realizing that I
wanted to go into cybersecurityto actually achieving it.
(08:18):
It took me two and a half yearsand I was being told no, every
single day, literally everysingle day, because I'll be
applying nonstop.
So every single day I'd have aphone interview, phone screen,
one in the morning, one in theafternoon.
I said, if I don't walk awaywith an offer today,
(08:52):
cybersecurity probably isn't forme.
I'm going to go join themilitary or something.
I was that desperate.
Sure enough, it came through.
I got two offers at the end ofthat day blew me away.
I was like, okay, I finallyreached my goal, I finally got
my foot in the door.
Someone believed in me enoughto just say, yes, you know, to
to you know, give me anopportunity, right, that that's
(09:14):
all you really need.
Speaker 2 (09:16):
You know?
Now bring up an interestingpoint.
My experience was not funbecause I was a lot bigger than
I was, 250 pounds, like just rawmuscle, an operator guy fresh
out of law school.
And when I was getting IT dude,I've heard like stupid, you're
just a good looking dude, nobodyreally cares about you.
I'm like dude, like this.
I thought we're trying to solveproblems and people were so
(09:36):
mean, like in the teams, right,like you can just punch somebody
and you're just like I'm justgoing to punch you in the face
and this will be done real quick, like it's real simple.
But like a little it guy and Ihate saying this scrawny little
it guy who drives a Corvette,you know, and he is like you're
stupid and you're like dude,this is not going to go well.
Like just stop.
Speaker 1 (09:56):
Right, yeah, I mean these interviews.
And you know, I would be toldby, like, alleged directors,
right, they would just laugh atmy saying so when they would ask
me oh, how do you, you know,how do you do this, this basic
function of it?
How do you like promote a DCcontroller, whatever it might be
Right, and I'm just startingout, and my response would be
(10:19):
I'll work with my team to figureout how to do it, and if no one
else knows how to do it, I'mgoing to Google it.
Yeah, you know, like, and ifthat doesn't work, I'm going to
go pick up a Microsoft book andI'm going to figure it out.
And they would laugh at mesaying that, you know, you
should know this off the top ofyour head and this, and that I'm
like, well, how would I know itoff the top of my head if I
(10:40):
I've never had that opportunity?
And that's, it's such a poor,such a poor mentality, right,
like, because that would neverfly, like you said, that would
never fly in the military, rightLike?
Speaker 2 (10:51):
the teams.
Speaker 1 (10:52):
The teams really self self police each other where
it's like, when you're notliving up to the standard,
there's someone there that'sgoing to be like hey, you're not
living up to the standard andyou're putting our lives at risk
, and so we're going to figurethis out real quick, you know,
and like you're going to makethe adjustment because I don't
feel like dying today becauseyou didn't do the work.
(11:12):
You know.
Speaker 2 (11:14):
Yeah, you brought up a good point.
One thing is like, hey, you gettwo tries right.
You're like, hey, one you'renot getting a team level.
Somebody from the team is goingto coach you up Good to go.
Second one we're going to sendyou back to the schoolhouse and
see how you do and you come backrefresh.
Good to go, let's keep goingright.
(11:39):
The third thing is like, hey,this just might not be for you,
right, because we're going toask you to eat a lot of big
banks, world banks incybersecurity and one of the
biggest burger flippers in theworld.
The sheer arrogance of directorswere like you have to be this.
I'm like guys, no offense, butyou were just Googling this, how
to do that?
Like, come on.
(11:59):
And so, like you know, beingcoming from law enforcement
background and also an attorney,I'm just like it's a no
nonsense, no bullshitconversation.
Like guys, let's just be honestwith each other.
And the weird part is a guy inmy same position when I was
doing IR for a big, bigorganization.
He's like you can't talk tothose guys like that.
I was like the hell I can man.
(12:22):
Like like, just like you know,today is a special day out that
you're a prick or you're just aprick all the time.
So which one is it?
So, and they would be like youcan say that I'm like, dude, be
a man, be the self-relyingperson, like, stand up for
yourself, dude.
And that's why I think IT likethis is where this amalgamation
of toxic leadership and likesuper smart guy undermines it.
And it's just like, and I and Isee, and I've I have friends of
(12:44):
mine who are female and they'rejust like I don't even want to
be in cyber because they gettreated poorly.
And I'm like man that sucks.
Speaker 1 (12:50):
Yeah, I um, yeah, there's a lot there, right, you
know my wife is a teacher, right, and so I'm, I'm a very strong
mentality, right, I'm verystrong, uh, personality, I guess
.
And if I feel like someone isintentionally trying to get one
over on me, right, or trying tobully me into a situation, once
(13:12):
I identify it like it ends rightthere, right, like you know you
can you, you can try all youwant, but once I figure out your
scheme against me, like it endsright there, you know we're
handling this.
I'm going to call you out on aphone call, I'm going to call
you out an email to yourdirector and to their vp, right,
I've done all those thingsbefore.
(13:33):
Typically ends pretty well.
Typically, you know my wife,she'll come home and she'll talk
about something.
You know that she's dealingwith coworkers at school and
stuff like that, and I'm I'mjust like you know I'm.
I approach it obviously from mymentality.
I'm like you got to stick upfor yourself, you need to get in
their face.
And she's a small, you know,five foot two Asian lady Like
(13:53):
I'm, like you need to get intheir face, you know, tell them
you know all this differentstuff, and she's like, you
understand, I work at a school.
I'm like man, I would still doit, you know, like, but that's
like a difference in mentality.
Right when in the teams thatsort of thing is acceptable,
that's like the lowest level.
Right In IT, that's a littlebit more aggressive.
(14:15):
At the same time, you know, I'vehad teams of primarily women
before where they would go intothese meetings because I can't
be in 10 places at once, right,and so I would send them into
the meeting and I would tellthem they're going to ask these
questions, they want to talkabout this stuff.
Here's your answers.
We'll work through them, youknow, and we'll develop the
(14:35):
answer and whatnot, right,prepare them really well for
going into it.
They'll go into it and they'llsay you know exactly what I told
them to say, right, andeveryone you know on this
opposing team, well, we'll justcompletely dispute everything
that they said, even though it's100% correct, that they said,
(14:58):
even though it's 100% correct,and I mean I had to do this a
couple of times where I wouldhave to sit down with the person
and, you know, tell them like Iwould give them then the exact
same answer.
You know that that they weregiven during that meeting and
when they accepted it, I'll belike, well, what's the
difference?
When my team says it Exactly,don't you think that they're a
reflection of me?
Like they're, they're saying itbecause I told them to say it
and it's the correct thing to do, like I'm not telling you to do
(15:20):
something that's incorrect.
You know we're going to put thecompany at risk or anything
like that, and you know thatwhole mentality kind of shifts a
bit when it's like you know, Ikind of discounted this person
because of you know how theylooked or how they acted, or
their age or gender, whatever itmight be.
Speaker 2 (15:39):
Right, or their technical acumen, and that's
another one.
Yeah, yeah, I do.
I'm right there with you, man.
I've been in plenty of meetingswhere I've been sidelined and
it's just like you're juststupid, right and it's.
I have a person that I workwith daily, extremely smart man,
and there are days I'm likedude.
The reason you're notsuccessful the way you want to
be is because your personalacumen like you need to know how
(16:01):
to just talk to people, and Ithink if in it, more
specifically in cyber, if youcan tell a story and you're nice
, nice and you're good, you'redecent, not the best, not the
worst, you're decent I thinkyou're going to kill it.
Speaker 1 (16:17):
Yeah, yeah, one of the things that you learn when
you're going up the ladder, soto speak, and security is being
able to tell that story so thatall levels can understand what's
going on, right, like that's.
That took me I mean, that tookme a couple of years, honestly,
to learn it.
I'm still mastering it Right.
But, honestly, to learn it, I'mstill mastering it right.
But you need that executivebuy-in, you need the technical
(16:40):
expertise buy-in, you need themiddle managers buy-in, right.
You need all these peoplebuy-in and they all view this
information differently.
They all want to receive itdifferently in different formats
and whatnot, right?
So how do you tell the story ina way that explains why we
should encrypt this data to anexecutive, whereas I don't have
(17:01):
to explain why we need toencrypt it to a technical person
.
I need to explain how to do itright.
Maybe that's the part that Ineed to explain and I think
identifying that early on ispretty key.
But I do kind of want to circleback right to in your story and
similar with mine.
Once you identified the areayou wanted to go in, you really
(17:22):
stopped at nothing to go and doside work that you had skills in
and whatnot, and similar tomyself.
When I identified I wanted toget into security, I started
doing everything I could on theside to actually make that
happen right.
It didn't happen overnight andI think that's what a lot of
people get discouraged fromright and in the teams, right, a
(17:45):
lot of that training takesyears, you know, like I hear
Sean Ryan talk about how it tookhim two years to get through
training right and then hefinally gets to the teams and he
thinks he's just going to goand, you know, operate and
things like that, and then he'ssitting on a bench for you know,
six months, eight months, whilehe's then learning everything
else and he's like man, I justtrained for three years
(18:05):
basically to do this job and Ican't even do it, you know, and
it's a it's an interesting mindshift Not everyone understands
it?
Speaker 2 (18:15):
Your ego.
Your ego is your worst and bestenemy, right Even myself.
You go through the pipeline twoyears.
You know that's all the Q's andthis, that and the other.
Your MOS is your specialty,training and whatnot.
When you get to your unit,they're like that's cool, this
is how we do it over here.
You know, and you're like okay,and you're like and then how
you clear a house is a verydifferent dynamic of clearing
(18:36):
house in the schoolhouse versushere, right.
And then you do jointoperations with some of the
SEALs Marine Raiders, you knowother guys and whatnot and
you're like wait, you guys havea whole different process.
And then you do a workup, liketwo or three or four or five
months workup.
Then you're like okay, now weget along.
Then the alpha ego is you haveto get away from right.
The alpha egos you have to getaway with from right.
(18:58):
Like if you can get alongwithout beating the shit out of
each other, you'd be all right.
So, like there's some big boys,like I'm a pretty big guy
myself, but like big boys, bigegos, you know like it's pretty
rough.
But you know the question is,will you stop at nothing to
achieve?
And that's I believe we can do.
One of the things I learned along time ago was you can do
everything with nothing.
You can, you can, you can yeahyeah, you absolutely can.
Speaker 1 (19:21):
I mean, I, I personally, I I feel like we
always have whatever we needwithin us.
You know already, right?
Like you know, I'm a christian,I'm a believer, right, so I I
obviously I relate that to, tomy religion and whatnot but I
feel like, whatever you'retrying to accomplish, whatever
path you're trying to go down,you already have whatever it
(19:42):
takes already inside of you.
It's just up to you to identifyit, utilize it and use it to
your best abilities and whatnot.
Right, and I think I'll giveyou some background.
Right, because this is why Ikind of bring up the military a
bunch.
Right, because this is why Ikind of bring up the military a
bunch.
Right, because in high school Iwent to a very poor high school
(20:02):
, so we had military researchersat our high school just
constantly, right, every singleweek we had someone out there.
I was a wrestler, right, sothey would try and poach me
every single day of the week.
I didn't go into the militaryout of high school.
I was tempted to.
I know a lot of friends that Iwrestled with.
They went into the military,ended up in different units and
whatnot, right.
But I always thought, okay,I'll go to college and then I'll
go to the military.
The reason being is that Ididn't want to make military
(20:24):
service out to be for a collegeeducation.
I wanted to get that collegeeducation and then I wanted to
go and do the military stuff andin between my sister needed a
kidney.
So I donated my kidney to her,unknowingly at the time,
disqualified me from everybranch of the military, for
every job that you couldpossibly have in the military,
right?
So it was like, oh, okay, so Iget to save my sister's life,
(20:46):
but you can't take me, eventhough I need to save all my
water as everyone else and I'lldo everything else.
Like, okay, whatever, right.
In all of this process I wentdown and I just researched I
mean, even to this day Iresearched non-stop right the
mentality, the training andeverything else like that and so
for myself, I try to take thatmentality, just just grab just a
(21:09):
piece right and bring it intomy life so that I can be more
successful and, you know, really, really grow myself.
So I wanted to give you thatthat pep talk, right.
Because, I'm bringing up adecent amount and not everyone
listening right Knows that aboutme, right, so it makes more
sense.
I don't want people out thereto be like, oh, this
(21:29):
cybersecurity guy, he's talkingabout the military, you know as
if like uh, he's a wannabe orwhatever.
Speaker 2 (21:35):
It's like no, no, no, you know I get a lot of hate,
especially from the guys that Iwas on teams with.
Like I did nine rotationsoverseas, right, and everyone's
like why do you sit with thesesmart guys?
And I'm like Jesus, guys,seriously, do you hear yourself?
I'm like, gentlemen, like wewere the best at what we did,
like there's only a time andplace for conflict and violence,
right, yeah, what does the nextphase of life look like?
(21:58):
And so I'm an imposter herejust hanging out BSing on the
cyber side.
I honestly feel that way, butI'm at the top now, but I just
I'm like so much like you peoplehear me like well, what do you
know, rico?
You're not, you didn't comefrom IT.
I'm like you're right man.
Speaker 1 (22:17):
Like I'm like you're right, man, but I'm here, right.
Yeah, I feel like the depththat you have to go into with
the teams and with security islike the same level, right, and
the teams you know.
I mean, you have to know somany different things.
You know just from a surfacelevel, right things.
(22:38):
You know just from a surfacelevel, right, civilian looking
in on it.
When you said everyone knowseveryone else's job, it's like,
okay, well, there's legitimatedifferent jobs, like there's a
comms guy out there, there's a,you know, a med guy out there,
there's snipers, and you knowall this different stuff, right,
everyone has to have that sameskillset.
The reason being is that ifsomeone goes down, you can't
just be like, oh well, our medicis down, no one's providing
(22:58):
medical.
Now, right, that isn't arealistic situation.
And in cybersecurity whereaslives are not at stake, of
course, and whatnot.
But in my opinion, to be asuccessful security practitioner
, you have to be so deep and sointimate with these systems that
you know it better than thepeople that designed it.
(23:18):
That's a very realistic thing.
It takes a long time to achieveit.
It's very difficult to achieveit, obviously, but you still
have to have that understanding,that know-how.
I have a good friend of minewho's been in security for a lot
longer than me and he saidsecurity professionals typically
earn their paycheck two tothree times a year.
(23:40):
If it's any more than that,your company is probably going
under Probably.
And he literally explained itlike this the security people
are typically the most skilledpeople in the IT organization
because you could take asecurity guy and put them on a
systems team or a networkingteam or a cloud infrastructure
team and it may be a little bitdifficult, it may be a little
(24:01):
bit slower, you know for theresult right for a couple of
weeks, but eventually they'regoing to pick it up pretty quick
and they're going to get intothat flow and they'll understand
what's going on and whatnot.
When you're actually applyingsecurity principles, you have to
know all of those underlyingservices and processes and
everything else about thatsystem before you start
deploying.
(24:22):
You know an EDR agent to itright and blow it up and blow up
your alerts and everything else.
Speaker 2 (24:29):
Yeah, it makes sense.
Man, you brought up somethingvery, very keen is that
cybersecurity professionals arevery adaptable, and I think
that's very needed.
The other thing is it takes alittle bit of time.
I'm noticing cybersecurity,especially senior cybersecurity,
the CISOs.
Like I'm a CISO myself we'refinding ourselves in more of a
product security mindset, like,hey, here's our product, here's
how we secure it, because that'sthe next evolution of a CISO.
(24:51):
I think right now the CISOmarket is oversaturated and
everybody wants to drive a ship,everybody wants to have those
cool initials behind the name.
It's just not worth it, right,if you ask me, but there is
basis of merit to it, right, toget there.
You brought up something veryinteresting on the teams is that
you know when your medic goesdown there's no medical
attention.
The interesting part is I'vebeen shot.
(25:11):
Right, if you ever get shot,the first thing they're going to
, the first thing that's goingto happen, is not the medics
going to come.
Your buddy should be able tocome, pull from your medical kit
and be like you need to manageyourself up.
I got to lay down suppressivefire and get in the fight, and
it's funny because everyone'slike well, where's the medical I
do?
We're all busy in thefirefighting, but you got to get
yourself buddy, so yeah, yeah,that, yeah, that's interesting
(25:36):
man.
Speaker 1 (25:37):
It's a fascinating other side of the world, for me
at least.
Right, when you start divinginto that kind of mentality and
whatnot.
You know, like what you said,right, everyone wants to be a
CISO now and I think that theysee these big paychecks and
that's what they want, but theydon't see the risk, they don't
(25:59):
see the sleepless nights, youknow, they don't see all the all
, all the nuances that there areto the job.
Right, where it's interesting,you know, successful CISOs at
least in my opinion, they get.
They get their, their feedbackor their status report from,
like, the very technical peopleOkay, tell me exactly where this
(26:20):
body is buried, tell me what itlooks like, give me all those
details, so to speak.
And those people are the onesthat are staying up in the
middle of the night, that havetheir own lawyers, that are
going to court for behalf ofthem for whatever, whatever
issue that's going on.
And I always seem to.
(26:40):
I always seem to respect thoseCISOs with that technical
capability, right, or thattechnical mindset, a little bit
more, because they weren't justa manager and they just weren't
an executive or anything likethat.
They were someone that trulywanted to know, hey, what's
going on in this environment,like I legitimately need to know
(27:02):
because I need to be able toprint the board.
For hey, we need $2 million togo and buy this thing, otherwise
we're going to pay 20, you knowin fees and fines if something
ever were to go wrong or whatnot.
Speaker 2 (27:15):
Yeah, everybody wants to be a rock star, until you
got to do a rock star stuff,right, yes?
Or everybody wants to be agangster, so you got to do some
gangster stuff.
Uh, being a CISO is not allcracked up to be.
I highly recommend that you dosomething that's I think
everybody should be a CISO, uh,just so you get the expert, uh
expertise that you need andexperience and then realize that
(27:36):
you don't want to do it.
Speaker 1 (27:39):
Yeah, yeah, that's very true.
I wonder, I think I would wantto be a CISO.
Sure, I'm at the point in myown career where I'm moving past
wanting to be super technicaldeep in the weeds.
Right, I kind of want to moveinto you know more of overseeing
(28:03):
and whatnot.
So we'll see how that goesright.
I know someone that was supertechnical went into management,
hated it, went back to being youknow, super technical and he
just stayed there and he lovesit, you know.
Speaker 2 (28:17):
I think you have to be in the right mentality, right
mind frame, right phase of lifeto be like, hey, this evolution
of life is different.
Right, because I'm dude.
You know, people who work forme are extremely brilliant,
reverse malware, ransomnegotiators and nice, nice
people.
But they're like I don't know.
I don't know how you do whatyou do, Rico, I wouldn't want to
(28:38):
do it.
I'm like I love dealing withclients.
That's just me.
But at the same aspect, I'mlike I was there, not as
technical as you are, but I justrealized I like this stuff
better and I changed my mind.
And a lot of technical peopleare like no, I just want to turn
this one widget and wrench.
I was like have a little bitmore.
Speaker 1 (29:00):
Yeah, that's a really good point and that's something
that I try to touch on quite abit.
Right Is, you know, buildingyour career and your skill set
off of what's coming rather thanwhat's here today.
Right, you should have thestuff of what's here today.
You should have that skill set.
You should be able to, you know, operate and whatnot to the
(29:20):
highest levels, but you shouldalso be looking, you know, to
what's coming.
Right.
So for myself, at least thepast couple of times.
Right, it's been tied to adegree, right.
So I got my master's degree andthat kind of catapulted me into
security and cloud security.
Now I'm working towards my PhDdoing you know, satellite
security for communications PhD.
Doing you know satellitesecurity for communications
(29:44):
satellites and implementing zerotrust within it to prepare for,
you know, post-quantum.
Right, because I see all thosethings going on and my mentality
is the next big war is going tostart in space long before it
ever starts on the ground.
Right, we kind of saw that withUkraine to some extent, where
they were hacking their powergrid.
No-transcript, just turn offall communications.
(30:39):
No one in that country is makinga cell phone call out.
They're not making a satellitecall out.
They're not doing.
They're not getting internet,you're not getting power, you're
not getting water, right.
All that stuff is actually tiedinto the satellites and in some
ways.
So if that were to ever go down, you know you have.
You have pretty major issues,at least in my opinion, right in
(30:59):
my own research.
Yeah, yeah.
So I'm trying to prepare andadjust and grow my skill set
towards that area for somethingthat I guess you know feasibly.
I guess it may never happen,but I think it'll be here in
five to ten years.
Speaker 2 (31:14):
Right, it's definitely happening.
I went to ukraine to go see itfor my own eyes and I have a
different perspective of the warand also went to gaza and
israel to see the reality of thesituation.
I have a different perspectiveof the war, and also with the
Gaza and Israel to see thereality of the situation.
I have a different perspectivetoo.
You know, being on the news, Ican kind of do that when it
comes to, you know, satellitewarfare.
What I think is, if you look upand you adopt and understand the
(31:37):
methodology of Blitzkrieg, withthe Germans created right,
dominate the Aresian land all atone time, you can definitely
dominate the whole battlefielditself.
So you're not too far off.
I think you're spot on the gameand you'll more than likely see
it maturitize and amassesizeand materialize within the next
three to five years.
We're already here, you know.
(31:58):
It's just a matter of watchingthe satellite fall out of the
damn sky now.
So, and we'll see it.
So I think you're spot on man,I think you are where you're
supposed to be and I think youyou're honestly, you're way
ahead of the people, way aheadof the other people yeah, yeah,
it's um, you know it's.
Speaker 1 (32:16):
It's interesting because I'm I'm also like tying
it towards you know kind of likean arduous task of getting a
PhD.
When I started this whole PhDthing I never thought it would
be this difficult.
I figured two and a half, threeyears I'll be done.
I think I started a year and ahalf ago and now I'm looking at
(32:37):
three years.
It's a little tight, it's alittle close there.
There's so much more to it.
And but that also speaks to thecommunity, the phd community,
and how they kind of self-governand, you know, really gatekeep
in a good way.
Right, they don't want justanyone getting a phd, they want
(33:00):
you to truly be an expert inthis area, like Like, if we're
going to put PhD at the end ofyour name, you better know this
topic inside and out, like theback of your hand.
You know which is.
It's something that Iappreciate for sure, because I
wouldn't want it to be like youknow an overnight you know PhD,
pay this amount, you know, andyou get it, or whatever.
(33:21):
That wouldn't be rewarding tome.
You know but I, this amount,you know, and you get it, or
whatever.
That wouldn't be rewarding tome, you know, but I to shift
gears a little bit.
You know I was doing a littlebit of what I call light
research right before thepodcast, right, well, five, 10
minutes before the podcast whereI just pull you up on LinkedIn,
right, see, see what's there.
So I saw some forensicscapabilities you know that you
(33:43):
potentially specialized in,currently specialize in with
your company.
Can you talk to me about someinteresting engagements with
forensics?
Because I feel like forensicsis a part of cybersecurity that
people don't really think aboutthat much, and when I studied it
in my master's it was reallyeye-opening, because you're
(34:04):
reverse engineering a systemthat someone else designed right
there on the fly and you'retrying to figure out what ties
to what and how it allcorrelates and whatnot,
traditional forensics, which Idid for law enforcement and also
Office of Public Defense workin civil and criminal cases.
Speaker 2 (34:24):
then you have on-the-fly incident response
forensics, right, which is twodifferent dynamics, and some of
the things that we've seen islike you know, the most recent
one was a redirect from aRussian, the Russian Rutsku,
which is a nation-state threatactor, right.
And they got really good inregards to multi-factor
authenticating, uplinking,outloading your multi-factor,
(34:45):
unhinging it and thenre-engaging it, and it's like
whoa.
So a lot of the stuff istraditional reverse malware
trying to figure out where thebot came from, how it implanted
itself, and also extracting theC2 node along with TTPs and IOCs
.
So I mean it really it's verydynamic.
(35:06):
I mean some of those things.
We have to understand that theransom game is a multi-tiered
game.
It's a billion dollar industryand you have multiple factors in
there.
The guys who create theransomware and also the
exfiltration tool are twodifferent teams.
The guys who are actually doingthe ransom negotiation is a
different affiliate.
So it depends who you're kindof dealing with.
We've seen some wild things.
I've worked over 1,500different ransomwares and it's
(35:27):
just, you see, old dogs, newtricks, repackaged stuff.
I mean zero days all the way tohappy birthday attacks.
I mean, you name it, we see it.
But a lot of it has to do withtraditional vulnerability
management and doing this cyberhygiene 101, right, do the right
thing, right place, right timeand you'll be okay.
But a lot of companies are like, no, we're fine, I'm like okay,
(35:49):
and now cyber insurance is love, cyber insurance.
We do work on behalf of cyberinsurance.
Speaker 1 (35:54):
They're not stupid, they actually have their own IR
teams and they're like, hey,we're going to go ahead and use
this as a discovery tool andthat's okay yeah, man, like ir
tabletops, I went through an irtabletop within the last 12
months, yeah, and you know, oneof the one of the biggest
critiques that I gave the restof the rest of the teams, rest
(36:14):
of the company was that when weknew that an attack was underway
and, you know, ongoing, no oneeven thought to reach out to
security.
Right, shouldn't have that beenthe first call?
Like, because in thishypothetical scenario, we went
10 days without someonenotifying security.
So it's like, it's like, guys,I understand, like we're
(36:37):
security, we should, we shouldknow, we have the tools in the
right place to identify it andwhatnot, right, but you're the
product owner, you should knowwhen your product is encrypted,
you should know when itshouldn't be.
Speaker 2 (36:50):
Yeah, you know I'm surprised.
You know I say when in doubtsecurity out, right, like just
call somebody, reach out.
You know what I correlate it tois people want to have
validation, like I own this, Iown that.
I'm like dude.
Right now, during an incident,there's no time for egos,
there's no time for brashness.
Do not fire anybody, becausethat is the worst thing you can
do right there and then,especially if you fire a CISO
during that, you just set thewrong tone immediately.
(37:12):
So yeah, doing tabletops andincident response tabletops is
very paramount.
Speaker 1 (37:18):
A lot of companies don't do that still and it's
very insurmountable and andneeded yeah, yeah, I'm a friend
who used to work for aninsurance company and it seemed
like he was doing incidentresponse.
I had for incident response.
I mean he worked, he worked, uh, you know, 100 hour weeks for
two months straight, you know,and and they they did fire a
(37:42):
couple people like during thattime and the biggest feedback
you know from the cso was, hey,right now is literally the worst
time that you could be firinganyone.
You know, like, how about wejust let our guys do the work,
because you know we don't haveany other options?
You know, like, what are wegoing to do?
We're going to call a crowdstrike and they're going to
(38:03):
charge us 1.5 million to enterour environment.
You know, like, come on thatthat's exactly it.
Speaker 2 (38:09):
I mean, as a ciso, you kind of have to make those
decisions.
But you know I think you'resending the wrong time.
We start firing people.
Number two like you need allhands on deck, you need wrench
turners and fire people is justgoing to put your back against
one and also make you look likean idiot, you know.
Speaker 1 (38:25):
Yeah, it starts showing incompetence almost at
the leadership level, right whenit's like you're firing us in
what situation, you know, likeyou already laid us off you know
half of the team or whatever,and then you're going to start
firing people Like do you knowwhat you're doing?
Speaker 2 (38:44):
Yeah, usually executives want to see money
right and then money iscorrelated to emotion,
especially from the executiveperspective, because they were
like, oh, we're in pain, I'mgoing to cause pain, who's
responsible?
Fire that person, boom, andit's like dude, you know, like
one of my CISO gigs a very longtime, my first CISO gig ever.
It was very interesting becauseI was like I'm going to do my
first one, I'll grind my teethat night.
(39:05):
I remember I'll stay up late atnight.
And then company got shut downfrom the FBI and I was like Whoa
, like that was just wild.
I was like, okay, I'm, I'm outof here, man, like I don't want
anything to do with this.
Speaker 1 (39:19):
I mean, how bad do you have to be as a company to
get shut down by the FBI or anyagency?
Let alone.
Speaker 2 (39:29):
Well, they were doing some interesting things and
they've been dealt withaccordingly, but I can't really
say too much about it.
But they attracted theattention of a federal agency
and they always like, hey, I'mout of here, Like I can't have
any part of this.
Speaker 1 (39:42):
Yeah, those guys at the federal agencies.
I mean, they're like pit bullson a chain right, and once they
get a little whiff of something,it's like, oh well, let me get
a little bit more, let me seewhat else is there right, and
they start peeling back theselayers and there's like no
stopping it.
You know, they have like thesecurity curiosity from their
(40:04):
side too.
They have that unquenchablecuriosity.
Speaker 2 (40:07):
Yeah, usually when working on the digital forensics
for the civil and criminalcases, it was very interesting,
Whenever I work in an FBI case.
When we saw one of theircharges, we knew they had 25
additional charges.
Speaker 1 (40:20):
I was just waiting.
Speaker 2 (40:22):
I was like okay, here we go.
Speaker 1 (40:27):
Yeah, they have.
Like what a 97, 98% convictionrate for a?
Speaker 2 (40:30):
reason yeah, they don't go out for people they
can't convict, right.
Speaker 1 (40:35):
I mean that's a part of the criteria too.
When a DA is determining ifthey're going to prosecute you,
they look at your assets, right,yeah, yeah.
Well, how much money does thisguy actually have access to
where he can put up a validlegal defense and are we going
to lose if they do that and allthat sort of stuff?
(40:55):
That was a part of I got mybachelor's in criminal justice
and that was a part of it that Inever even thought of before
and you always see it with your,with your, your company and
whatnot, typically in thebenefits, like you could pay for
the legal services for like 10bucks, you know, a month or
whatever it is.
It's like.
Whenever I see that, I'm likeit's a no-brainer.
Why do I care about ten dollars?
Speaker 2 (41:16):
you know yeah, it's true.
It's true.
Um, usually, whenever you havelike legal services, I always
tell people mindful.
I used to write legal contracts.
I'm like there's always aclause to get out, a
provisionary clause to get outof that.
So be mindful of what you signup for, because it might not be
what you want.
Speaker 1 (41:33):
Yeah, I always read everything before I sign it
probably too much.
Fairly, recently there was anemployment contract that came my
way you know the numbers madesense but then you start reading
the fine print and it's like,wait, you want me to, you want
(41:56):
me to do what.
You want to take ownership ofmy social media accounts?
Yeah, yeah, you uh want tocontrol what I can say and when
I can say it, and everythinglike this is a security engineer
role.
What are you trying to do here?
You know, like I'm not.
Speaker 2 (42:12):
I'm not the ceo of the company I was working an
insider threat job once, right aproject for very world big real
estate firm and a huge, huge,huge.
And they were like you need togo talk to this person about
what they post on social media.
And and my caveat, my exit wasguys, we're not the world police
, they didn't name, drop us.
Who cares?
(42:32):
We don't like that.
Like we don't like that, it'snot good for cause.
And I realized then like thisis just me and my internal
dialogue, like I love insiderthreat, like that's a really
good program.
If you can ever do it, do it.
But the problem is, is that what?
There's a fine line of like atwhat point are we kind of
overreaching here and shoot, dowe care?
(42:52):
This is one.
This is when I was working fora bank and they're like, hey, go
investigate this person.
I'm like, all right, cool.
So I pull up our social media,blah, blah, and like she's
making baked goods on theweekends.
We can't have that.
I'm like you do realize she'slike a power BI analyst, right,
like what does it matter?
And they're like she didn'tdisclose it.
I'm like, and there's this guy,Code, ethics and Compliance,
(43:15):
and I go, hey man, let me askyou, is it your interpretation
of the Code Ethics andCompliance, or is it the
interpretation of it?
And he's like well, this is theway I read it.
I'm like, dude, you havenothing else to do, I'm not
doing this, I'm not doing this.
And then I got relieved of myduties and I'm like I'm out of
here, dude, like I got intoanother job project.
But it blew my mind.
Speaker 1 (43:34):
I was like, guys, this is not at all what we
should be doing or spending ourtime on right, yeah, and it's
you have to be able to, you know, really like stand by your own,
your own principles, your ownmorals, so to speak.
Right, because there's there'sso many opportunities in so many
different ways where they want,you know, you, to be the, the
(43:57):
so-called executioner.
Right and like, track it downand, you know, build the case
and everything for something asminuscule as oh, they've been
goods on the weekend and they,they potentially sell it for,
you know, 10 bucks, lord forbid,Lord forbid, if a person trying
to get out of debt or, betteryet, put their kid through
college, you go work for that.
Speaker 2 (44:17):
You go work for a bank and they're like hold on.
You work at the YMCA on theweekends.
We can, we can't have that.
I'm like who is an employer todictate to you of your wealth?
So it's just me, though.
Speaker 1 (44:27):
Yeah yeah, no, I mean it's.
Some employers have thatmentality and it's.
It's very weird to me, rightlike, because, like, my
mentality is it's not happeningbetween you know, eight and five
or nine and five, what does itmatter?
Right like, I'm signing thiscontract right here, my time is
allocated for you for that timeframe.
If needed, I work extra, youknow, as needed, obviously,
(44:52):
given, given the situation andwhatnot.
But if I'm, if I'm, you know,if I'm canceling calls for your
company to go and do stuff onthe side, that's different.
Right, it's different.
Yeah, that's a differentscenario.
But if that's not happening,then what power do you actually
have in this arena?
Because that wouldn't hold up incourt, you're not purchasing
(45:13):
this person's life contract andsaying, until you resign, we get
100% of your time.
It's like no, no.
Speaker 2 (45:21):
No, I know what you mean.
Yeah, exactly.
Speaker 1 (45:24):
Yeah, percent of your time.
It's like no, no, no, I knowwhat you mean.
Yeah, exactly yeah, yeah it's.
It's always frustratingwhenever I see that, because
it's just like come on, likecome out of the dark ages.
Speaker 2 (45:32):
Nope, it's the old school ceos like you gotta do
this yeah right right.
Speaker 1 (45:39):
well, rico, we didn't talk a whole lot about your
company.
You know, just talked almost 50minutes where they can find
your company and if they wantedto, you know, reach out and
learn more about that.
Speaker 2 (46:11):
So, on a personal level, if anybody wants to reach
out, you can look me up onYouTube I'm on there and then
also on Instagram Ricounderscore, danielson,
underscore, right, no-transcript.
(46:44):
Some of the things that we canbe very noticeable of is just,
you know, be very intentional ofyour time with me.
I usually take meetings or, youknow, meet with people that are
very intentional, like tell mewhat you want, I'll get you what
you need.
Speaker 1 (46:59):
Yeah, yeah, that makes sense.
It's more efficient, yeah,efficient use of your time and
theirs, exactly, yeah, awesome.
Well, thanks, rico, for comingon.
I really do appreciate.
You know, I really enjoyed ourconversation.
Speaker 2 (47:12):
Hey, rock and roll man.
I really appreciate you, manyeah, absolutely well, thanks
everyone.
Speaker 1 (47:17):
I hope you enjoyed this episode.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!