512 | Adam Darrah | Former CIA | Insights on Russian Affairs, Election Interference, and Cybersecurity

Show Notes

Peek behind the curtain of national security with Adam Darrah, a former CIA analyst and cybersecurity expert with deep insights into Russian affairs.  Adam shares how analysts provide nuanced information to policymakers, contrasting the rigorous intelligence work with the dramatized portrayals in shows like Jack Ryan.

Make sure to check out Jason on IG @drjasonpiccolo

Chapters

• 0:00: Cybersecurity and National Security Insights
• 11:29: Foreign Influence in U.S. Elections
• 28:07: Understanding and Managing Cybersecurity Risks
• 42:20: Cybersecurity Podcasts and Government Support

Transcript

Speaker 1: 0:00

Whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa whoa. Hey, welcome to the protectors podcast. Excellent show today. Looking forward to this conversation because cybersecurity is where it's at and cybersecurity when it it comes to elections, because we know it's coming up in a few weeks here with Adam Darrah. He is a cybersecurity expert and former intelligence agency type the IC. You know we could say you're overt. You were an analyst with the CIA. Were you a targeter or an analyst?

Speaker 2: 0:43

Both. I spent the majority of my career as an analyst and just have had some really fun times in my last couple of years. You a targeter or an analyst? Uh, both uh spent majority of my career as an analyst and just have had some really fun times in my last couple of years as a targeter.

Speaker 1: 0:50

You know, with your background with Russia, man, like you know your bachelor's degree, your master's, and then did you mostly solely work Russians type stuff when you were there.

Speaker 2: 0:59

Yeah, I spent my entire career working against the Russian Federation. I made a slip of the tongue during getting my security clearance about talking about working. I made a slip of the tongue and my yeah. My interrogator did not like how I phrased this, but yes, I spent my last my academic career learning about Russia, speaking, reading, writing Russian, and then at the agency working against the interests of the Russian Federation I think that you know and then at the agency working against the interests of the Russian Federation.

Speaker 1: 1:26

I think that you know. I really like the attitude of you know what I want to learn as much as I can about a potential target and having that opportunity to learn all you can about Russia. Then get into the agency and actually do it, because so many people know like you get into the federal government, you may want to work in one area, and especially an agency as big as the CIA. You may want to get into one area and they may be like, hey, you know what, we need a body over here, even if they hired you for a specific job, so we know what that deal is. That must have been pretty cool too.

Speaker 2: 1:59

It is and the agency is very gracious.

Speaker 2: 2:01

You know you can make your career being an ultra specialist in something CT, china, russia, iran, right, you can become like a renowned expert in an area or about like weapons or something.

Speaker 2: 2:28

But it also offers you a second career track which is like a jack of all trades. You know, for the very ultra curious about all everything you know you can do technical things, you can do analytic things, you can do SIGINT things, you can volunteer to do and learn about many countries or many weapon systems. So it's indeed the federal government is amazing what it's amazing at, and one of those things is accommodating kind of both personality types the ultra curious and want to bounce around around, or those of us who really loved enjoying learning about a target to help inform policymaking Right, like, because that's the goal, we want to arm the American policymaker with as much nuance to make informed decisions to protect the interests of the United States of America and its people. And so that's what felt good is being thought of as like okay, this individual knows what they're talking about. This is not like some hotshot rookie out of the academy, that's like no, do this. You know this is well thought out policy nuance and it was very rewarding.

Speaker 1: 3:17

One of the agencies I work with and you're going to love this and it's all going to tie in here Nuance, nuance and being a subject matter expert. So one of the agencies I worked with at one time I was like, hey, how do you guys get the information to do what you do? And they were like, and I looked at around the room it's like 20s and 30-year-old people and not to say that there's anything wrong with that. But when they say we just Google it, they just Google it. And I say you don't work with the IC, you don't work with the other components. Oh no, we just Google it.

Speaker 1: 3:48

So I'm like man, I'm like, well, do you use Google Scholar at least? I mean like, where do you get your information from? Oh no, we just Google it. So when you have people like you who become a subject matter expert, you become a resource, not just for the agency, but it goes beyond the bureaucracy. So if someone from another um bureau says, hey, reach out to the agency or the IC with an ODNI or whatever it says we need an expert on this, boom, you know. Hey, we know where this comes from. You saw Jack Ryan, you know how that works.

Speaker 2: 4:17

It's exactly the same thing.

Speaker 1: 4:20

Just like Jack Ryan. Next thing you know you're you're in like some backwaters thing doing deals with like you know thing. You know you're you're in like some backwaters thing doing deals with like you know ultra terrorists and you're taking out people. So when you go to you know I don't know whether or not this ttp is or whatever, but when you go to become an analyst, do they send you through any type of uh, firearms training or any of that type of stuff? I mean, obviously, if you're going to go overseas, they probably put you through some snapshot, but overall, yeah.

Speaker 2: 4:44

So I think the last thing anybody wants, especially America, is anything to get so bad anywhere where an analyst has to pick up a firearm.

Speaker 2: 4:54

I think, once it ever gets to that point anywhere in the world, like it's go time right, like it's go time for the world to intervene. But all joking aside, you know there are, you know, in areas of the world where it is, where it's very hostile, like what's something that's considered a war zone, there is extra training that is required in order to go to those areas. For everyone that is that is, that is that is TDYing or PCSing right, moving there forever to do an assignment full time, or moving there for a week, six months, three weeks to do a temporary assignment. And so, yes, there is training for all types of situations and firearms training, regardless if you're an analyst or not, is required in our hostile parts of the world. And I used to tell my mom I'm like mom, trust me if I ever go there. Mom, I'm like mom, trust me if I ever go there and if I ever have to pick up my firearm, like the world's coming to an end we are very well, yeah, we the, the, the military assets on the ground.

Speaker 2: 5:53

There um are. We have such amazing, we have an amazing military. The United States military is just amazing, and so heaven forbid an analyst would ever have to pick up a weapon.

Speaker 1: 6:03

Now you pushed out of there. What 2018? 2018, yeah, now let's talk about this for a little while Now. I used to work at the border, I used to do counter-smuggling type stuff and at the border they would say, hey, you know what? The cartel and all the smuggling organizations will keep dossiers on anybody who's proactive or anybody who's an agent. Did I believe that I or anybody who's you know an agent? Did I believe that? I don't know? But you, being the expert on Russia, have you ever been like kind of said, hey, you know what? That car doesn't look right. My email doesn't seem right in your personal life, because you know you become a target, whether or not it's on US oil or abroad. So now that you become the subject matter expert, they might be like, hey, you know what, this guy's an overanalyst. Or even if you're a covert, they might be like, hey, you know what? Huh, we might want to take a look at him and see if we could flip you to work for the other side.

Speaker 2: 6:53

Yeah, and this is an interesting thing that makes like. This is like so what I'm about to say is going to sound conspiratorial, but it's not conspiratorial if it's true, right. And so the North American mind, and let's say, the Western European sensible North American sensible mind, can't wrap their minds around the fact that there are hostile nations who don't really have a bottom in terms of two things, who they're willing to look at as a threat, meaning a threat and or an access point to important information, either now or 15 or 20 years from now. And the second thing that it's hard for the American mind to understand is that hostile nations devote a lot of their resources to undermining the interests of these great United States. They have buildings, they have, you know, they're allowed to operate freely in a free society here. And so, now that I've been on the inside and I've also participated in a much smaller scale operation to orchestrate coincidences across the world, there is no such thing as a coincidence. Now, I don't believe there's any such thing as a coincidence. Now, I don't believe there's any such thing as a coincidence. So these things matter.

Speaker 2: 8:08

If something is all of a sudden weird in your email, it's not a coincidence. If, all of a sudden, you're traveling and you keep seeing the same person or people around you everywhere you go. It's not a coincidence. They're just keeping an eye on you to see if they can have their moment, right. Maybe they just looking to see like, are you doing something Like we don't. We think you are what you say. You're not, but we're not sure. So we're going to keep an eye on you. So it may just be as innocent as keeping an eye on you or wanting to recruit you, but yes, our electronic presence and what happens on our electronic, within our electronic footprint, it matters. It's not a coincidence.

Speaker 2: 8:46

And so you know people will say things like oh, I'm just right, I'm just a this, I'm just a that. And I would tell people like, for example, I was meeting with a customer once and it was a very select group of people, and I looked over and I saw just, let's call them staff, right, staff just around. I said if I were to recruit an equivalent in Russia or China of these people, it's a career maker, right, like? These people know everything. So you're never just a just Nope. So please rest easy at night, live your life, enjoy being a free, freely operating American citizen, wherever you are, it's great. But like, if something feels wrong, it's wrong, and that includes emails, that includes people following you or not. Right, like, don't be paranoid. But like if something's off and like all of a sudden you're special, if all of a sudden you're like huh, why did this get sent to me, you know?

Speaker 1: 9:49

I would imagine the only time you're going to know and this is if you have a solid nation state like a russia or china or something the only way you're going to know if you're being followed is if they're bad at their job, if you're really good at your job or if they want you to know that you're. They're following you because they want to make that introduction, and I love what you said there. It's never just anything, because if you want to infiltrate an organization, whether that be the CIA or whether that be public sector because we got to remember the public sector has people trying to infiltrate them as well, especially when it comes to infrastructure and cyber and everything else and we'll get into that in a little while but sometimes the best way in is through the lowest common denominator. That is why, like well, you know, we'll probably talk about it I love social engineering, because what the social engineering is and if anybody doesn't know out there is what they do is they find that lowest common denominator. They send in the emails they send in just so they can kind of get their way into the networks, into the buildings, into this and that, but to recruit people as sources, why not grab a low level, low level fruit, because you know what happens then is then you have someone inside and then they can recruit your next source. So now you have a wall between you and them and like so let's say I want to go after.

Speaker 1: 11:07

Let's say I used to work for Homeland Security. Let's say I want to, I need someone in a certain section. I need to. I'm a, I'm a nation state, I'm a, I'm a bad foreign actor and I need someone in a certain section. What I would do is I would look for the admin people, I would look for someone who has access, who can get me into there, who maybe could get me an introduction or whatever you know. And then when you get a personal relationship to start building, you never know. So yeah, I mean, it's true, it is absolutely true. You're never just anything.

Speaker 2: 11:38

You're never just anything, and with certain adversarial nation states, with certain adversarial nation states, everybody matters to them, right? So, especially, I mean by very nature, totalitarian dictatorship types are insecure, just by nature. No-transcript. Yes, really, just for that, that petty. Yes, that petty. Do x, y and z. Yes, really, just for that, that petty. Yes, that petty.

Speaker 1: 12:50

So it's never just right like, definitely, live your life, don't be paranoid uh, but you know, I love, I keep thinking about this little it's like a little comedy clip meme where the guy's sitting on his bed, he's got glasses on and he all he's doing is just stewing hate online, stewing hate online. And now you know, 2018, 2017, I mean, what was that? The um, the um, the summer, the, the real reason twitter became huge, the arab, arab spring arab spring, yeah, so arab spring was, like you know, using social media to have an uprising.

Speaker 1: 13:23

Now, social media since then has like, grown to be like it's everyday life. There's three or four different things I check each day, like the Facebook, the Instagram, the X slash, twitter. So now you have such access. These people have access to everybody they want to get a hold of through social media and to stew the pot. So let's get into this with the election coming up.

Speaker 2: 13:45

Let's do it, and that's an excellent example. So you have the Arab Spring. Now. If you're I'm going to use the term bad guy, if you're a bad guy dictator in one of these hostile nation state countries, you're sitting back watching social media used to misinform, organize and turn a population against a sitting leader, legally elected or otherwise. If you're a bad guy presiding over a brittle totalitarian system of governance that relies on thuggery, bribery and brute force to maintain order and a sense of pride, what would you think about that?

Speaker 2: 14:30

Two things, uh-oh. We have to either create a parallel thing, a native parallel thing that we can control, and we can also, at the same time, turn this against the West, because obviously this is the only reason the West did this and promoted this social media movement was to overthrow people like me, and instead of using a military. Now this brilliant Western regime has this ecosystem out in California that only produces things to overturn governments, right, and so they mirror their decision-making based on the things that they think that they would do to us. Right, they mirror it. They're like oh, that's obviously the reason Twitter exists, or X is to overthrow people, so it's a CIA, it's a CIA tool, 100%. So this is a very important thing for everyone listening to keep in mind is that the Arab Spring, the uprising, whatever we want to call it, the use of social media in those events has and continues to have an effect on how dictators or totalitarian types view everything.

Speaker 1: 15:44

Everything, absolutely everything, and you know what it doesn't. I like to bring up Russia a lot because it's such a huge. Russia and China, russia, china. But imagine this Imagine you're anywhere. You don't need a lot of money to provide this information. Anybody could do it. The cartels could be doing it, anybody, canadians could be doing it. I mean, it could be really literally anybody could provide disinformation. It doesn't have to be organized, but the organized actors will provide. You know, I would imagine the organized actors would be a hell of a lot better at it because they have the resources.

Speaker 2: 16:30

There's, that they have resources and they're counting on the various camps, these unwitting let's call them the unwitting influencers Right People like I always pick on my dad, but like people that we know.

Speaker 1: 16:35

Right or even ourselves.

Speaker 2: 16:36

We can pick on ourselves, Right. So we see something funny. That's derogatory about the candidate we don't like. That's derogatory about the candidate we don't like, Right. This candidate, you know, you know loves to, you know throw paper clips at kittens, Right, yeah, I bet they do, because they're so mean. And so we share the election or influence the election. But in that moment, to some degree, we become an unintentional or accidental influencer, right.

Speaker 2: 17:11

And so think about that at scale where there's a whole of government approach to it. In other words, at least two nations, I would say with high confidence, have a whole of government approach to interfering in United States elections Russia and China. In other words, it's a full court press to influence, gain access and to undermine our system of democracy. Their motivations are different, the way it looks is different, I would say. Arguably China prefers access to information over watching us implode so soon and to steal our technology, et cetera, et cetera, Whereas Russia has more, in my opinion, a more sinister intent to actually see us turn on each other and burn to the ground from a democratic perspective, from a democratic perspective, right. So you know, it's not just so. These resources and we can't even comprehend the resources at these governments' disposal to do this.

Speaker 1: 18:13

Billions of dollars to do it. Billions of dollars to do it. They have nothing but time too, and resources.

Speaker 2: 18:21

And it's in their interest to one keep the security apparatus healthy and engaged and keep them away from, let's say, internal problems in the regime, right, so having this enemy to attack on social media or anything like so, so it keeps the regime distracted, it keeps internal stakeholders distracted with, you know, these great United States. But it also it provides opportunities for corruption and to enrich and enrichment Right, it's a way to impress, it's a way to bring the biggest rat to the master, right. The kitty cat that brings the biggest rat to their master wins Right. And so this is another reason they do. It is they want to ingratiate themselves into the regime. And then there are these true believers, these true zealots in the government, in the security apparatus, that actually believe that, for whatever reason, these great United States actually has military intention, unprovoked military intention, to take them out and it's like come on, man, like so. So there there is a lot going on to influence, distract, um, misinform, agitate in in these elections now you're the vp of zero fox.

Speaker 1: 19:44

Now you guys put together in sums I mean intelligence, summaries and stuff like that. You put together packages. What are you seeing as far as, like, this election? I mean pre and post, what's your kind of like, your forecast?

Speaker 2: 20:20

In the near to medium term, the focus is going to shift away from influence or misinformation to inciting violent, possibly violent, reactions to the outcome. Right, and so my we think that that's what is the most likely to happen in the immediate aftermath of the election, regardless of who wins. Again, I want to make this very clear that it's easy, right, if we don't zoom out, if we don't widen our aperture, it's quite easy to see that like OK, if Russia is doing. Easy to see that like okay, if Russia is doing something against one candidate, that means they prefer the other candidate and they want the other candidate to win right. That's like the current kind of mainstream, modern, cool, analytic takeaway which is like, if Russia is promoting positive Donald Trump, it means they want Donald Trump to win.

Speaker 2: 21:03

Or if they're promoting negative information about in this case, mr Walls candidate, a candidate's rhetoric notwithstanding right, just because a US former president or a potential or a current vice president says something that may be in policy in line with policy that Russia would prefer, it doesn't mean like, oh yay, we want that person to win right Because, fundamentally, their view of the United States is not limited to the person in charge. They actually understand our system very well and they know that we change so much that it's kind of hard to always get their way with one administration or whatever right. So I just want to be clear that my opinion is Russia does not have a preferred candidate because they like them more or that like, oh, we can do business with this person more. Maybe you know, but I think that's less likely. So what?

Speaker 1: 22:19

Now I was thinking, like, you know, it doesn't even matter who wins, because you have it's a 50 50 shot about disinformation and misinformation in order to skew hate and violence from either side, and that's what they want. They don't care if it's, yeah, full it's, they don't care who wins, because economically, yeah, you know, maybe whoever gets in charge next time, we'll either push for more tariffs or less tariffs, or more openness, more, less that. But but really it's just about making us hate each other even more.

Speaker 2: 22:50

That is the primary. That's their primary goal is to divide and undermine these great United States. Does it from the Russian perspective? Does it matter who can perhaps be more accessible to them? Yes, that is part of the calculus, but to say straight out that they prefer a Republican or a Democrat over the other is a bit to me, it's a bit off, because they would treat us the same, no matter what.

Speaker 2: 23:23

We've seen them be just as hostile under either type of president, you know, and so they are just equally kind of like hard to deal with, regardless of who's in charge. And so you know we are seeing what we anticipated to see in the run-up right, an increase, a gas pedal to the floor on, like voting fraud, you know, allegations, you know trying to really pull on the very unfortunate events like a very bad thing that happened last time in January, right. And so you know it sounds dark, but you know like they would prefer that we remain violently divided. And so that is what we are seeing and that we're likely to see these campaigns that are going to promote, like you know, certain groups to perhaps maybe dig in their position and make it a more, unfortunately, a more violent response to how the election plays out, and so that's what we don't like.

Speaker 2: 24:29

But, uh, that would be like they're a probable and most likely calculus in the near aftermath, during, right after, and then it's going to be, you know, just good, old-fashioned. In the medium to long term. It's going to be good, old-fashioned, just normal misinformation about bills, about, you know, promoting a foreign policy that you know that they would prefer towards them, right. So it almost seems like let's get you know, we will return to normal in terms of, like, trying to influence policy and stuff, but right now it's definitely going to be very in your face in terms of what's happening with our nation state adversaries that are really trying to get us now you guys don't just do insums and summaries on this and that and everything, but you also do brand protection.

Speaker 1: 25:18

Yeah that's uh, that's, I mean ipr, that's huge I mean there, I think there are more corporate spies out there than people could possibly imagine and we're not talking just human, we're talking like people just sitting behind a computer trying to probe, probe, probe to get information, to pull intelligence out of these to be made in the private sector. As far as, like you know, getting information and stuff, then obviously in the government, because government you're doing it in order to, you know, damage it or gain information. But in a private sector, when you get in their brands, man, you're talking intellectual property rights, you're talking about just corporate security yeah, and you know we, we, unfortunately.

Speaker 2: 26:03

so you know there's there are several approaches to this unfortunate issue that that happens right between great, great competitors, great, you know, in the private sector and you know for a while we saw an uptick in calls in the dark web, right.

Speaker 2: 26:19

So, in the criminal space of the Internet it's not a criminal space, but in the criminal spaces where we're dark, where where actors prefer to to do business, we did see an uptick in calls for insiders, you know, but it almost feels like they're busy doing other things right now. But, yeah, that is a that is a constant. That is a constant and standing intelligence requirement for for some of some of the bigger brands that we service is, in addition to protecting their image on social media or how their product is displayed on social media, phishing those types of things, in addition to those types of detections that we can do for our clients we also have. The more you know we scratch the surface a little bit. You know insider threat remains real to serve us a little bit. You know, insider threat remains real and, and at least in the dark web spaces, those calls to represent insiders remain constant.

Speaker 1: 27:13

Insider threat is just like spycraft brother. You know that just as well as I do. I mean when they're, when we were talking in the beginning of the conversation about them. Like you know, foreign states, nation states trying to infiltrate organizations they're doing the same thing in the corporate world, if not even more.

Speaker 2: 27:33

That is an unfortunate truth Not to turn negative. But you know, sometimes you have nation state sponsored corporate espionage, right. So you know, again, like we talked about earlier, nothing is off limits to an adversarial nation state, and so getting access to state secrets is not relegated to only US official government sites or people, right. So you know corporations. Some of them have dealings with the United States government. Some of these people know people in government, right.

Speaker 2: 28:07

So it's a point of access to do a couple of things. One, influence policy and decision making in circles that matter from the nation states perspective, from the adversarial nation states perspective, right. Secondly, you can use your entry point to steal technology, steal and enrich yourself. And also it's also a great thing to do to embarrass a national brand. So you have, you have you go into a. You know, you have a cyber actor nation state sponsored can go in and blackmail them. You know, embarrass this great. You know American brand, for example. Right. So it serves multiple purposes to an insecure, for example. Right, so it serves multiple purposes to an insecure, brittle, totalitarian type of person.

Speaker 1: 28:50

So what do we do to protect? Let's say I'm just a small business. Let's say I have I'm not going to say small, small let's say you have about 500 employees. You have your basic cybersecurity apparatus, your online training for all your employees, but you know you're about to go big. How do you protect yourself?

Speaker 2: 29:11

I mean, it's kind of a broad statement, but cyber is kind of like you really do need to have like a cyber security perimeter, you do um and not just regular you know, whatever that comes on these computers nowadays, and not just regular, you know whatever that comes on these computers nowadays yeah, so I think, first and foremost, having awareness into what makes you an attractive target, right. So having those conversations like, okay, so we and I'm going to use an example, it's not silly, but it could be like I bake bread and I own a conglomerate of bread manufacturers and I'm about to go big. I'm going to make the jump from 500 to like I'm gobbling up. You know, I'm acquiring more bread baking facilities and stuff. We're going to go big, right, and so it's like okay, I bake bread at scale, I have cool technology, and and so it's like okay, so who are we attractive to Like? Why? Why are we attractive? Well, we have the personally identifiable information of all of our clients and their businesses. That's attractive to cyber criminals. We store data of our. We store client and customer data. That's attractive to cyber criminals.

Speaker 2: 30:30

Our executives, our board of executives, our board of investors, our C-suite a couple of them are sit on boards of. Let's say they sit on a board to help you know feed of. Let's say they sit on a board to help, you know, feed. You know disadvantaged places in the world right, they ship their bread to wherever there's an international emergency or international aid, right. It's like, okay, well, we have at least two executives that right.

Speaker 2: 30:58

So, like, you just need to understand your footprint and what makes you an attractive target and then plan from there. You know you can't. It's just we don't want to be scared to death and we're scared so much and we take so many security precautions that we can't function as a business, right, and or becomes cost prohibitive to to protect against everything, right. But I think understanding your footprint and understanding what makes you attractive is the first step to building out a program that makes sense and then that still allows you to pay pensions, health insurance, offer great benefits, right. So like it's. It's not easy out there, but that that would be my friendly advice my friendly advice.

Speaker 1: 31:47

Yeah, it's kind of like you know, make sure you check out the zero fox man, because I'm I'm looking through your website, everything as we're going through here, I keep thinking myself man, there's just with ai and and threat actors and just in general, there is such like, just such a like a game, a game out there, like you know, it's threat actors are playing a game trying to get information from anyone and anywhere. But it's not just threat actors, man, it's criminals. Money, money is key. There may not be like this big, you know nation state agenda. It is like regular hackers. It's regular people are like you know what? I need to make some money, so I'm going to go after these people.

Speaker 1: 32:25

Maybe they get hired to gaslight someone. You know. It could be anything. I mean you with. Nowadays you could everybody. So many people live in an echo chamber and so many of these companies can get gas lit. So let's say, I'm a competing company and I get that three or four layers in between me and whoever I recruited to go and gaslight someone. I hire an influencer to gaslight someone you know, because nowadays we have influencers, have so much power.

Speaker 2: 32:53

So there is just it's not always about the nation state, you know it's not and and you know, and this, speaking of echo chambers like it's and it feels mean when we get a request in from from someone, you know that, like, again, security practitioners are underfunded, underappreciated and and and most of you know and and have a lot to do. Right, they have to answer a lot of questions from their bosses, from they have to answer for the news that people read in the company Like well, are we protected against this? Like, tell me more about this right. So, like, security practitioners on the line are juggling a lot. You know what C-suite executives are juggling a lot. And so, like, I'm not saying any of these questions or demands are coming from an evil place. It's just that we absorb so much news and information that it's overwhelming, right, and so part of our job at ZeroFox, but also all security practitioners, is to kind of bring some sanity to the conversation and to steer away from, like, the fear mongering part of cybersecurity, which is very 1990s. Like, oh, I can protect you, everything is, which is very 1990s. Like, oh, I can protect you, everything is going to get you. So we get questions such as from like a, let's say, small to medium sized right, like hey, my CEO is really nervous about nation state activity. What can we do to protect against nation state? It's like, okay, and so, like you don't want people to feel silly for a very understandably scary question, right, and so that's why I'm like well, hey, like understand that perhaps probably cyber criminals let's say, if you're a credit union, a local credit union like cyber criminals are interested in you more than a nation state, right, state, right, like so, so that that is what you know. So it's, it's easy, because there are a lot. Of.

Speaker 2: 34:46

Our industry is filled with a lot of really smart, bright people who, like want to defend, and this is why people get burnt out and they don't sleep because we care, right, people like us care. And it's like, yeah, call us anytime, call us anytime. We don't want, you know, we don't want anything to be done in our negative to happen to you on our watch. And I remember you may have heard this, you know, in DC circles it's like intelligence failures, but policy successes, right, and so, while nothing is happening, everything's fine. It's a great company success, right, hey, like we're great, the company had this vision.

Speaker 2: 35:16

But as soon as something bad happens that could, maybe could not have been prevented, maybe just like it. Just it was an unknown exploit and you got through, somebody got through, or somebody had a bad day and forgot to click a button, or somebody like, right, it could have been anything Right. And then that's a security failure, Right. And so, like a lot of the times, we're fueled by this fear of like being on the watch when something inevitable, when something bad happens, and and so security practitioners, um, you know, it's like you were in a, sometimes in a position where you can't really win because you know things, things move quickly, and when something happens, it's like, well, you should have told me about this. It's like, well, I don't want this to happen. You know, like I didn't say, your server was there.

Speaker 1: 36:01

There is so much out there. I mean, like I was looking at one of your, your intelligence summaries. When you're looking at just anything in general, you know you're talking about nation states down to lone wolves, so anything in between. You can't prepare for everything. You could have a great uh posture, you could put policy in place, you know if x, z happens, or SOPs, but the reality is you can't protect against everything and what's going to happen is whoever is targeting you is going to look for any vulnerability. They know what you're protected against. They know you may have this and that to protect your infrastructure, but they might be like, okay, well, who's protecting this over here? They're looking for any vulnerability and you cannot possibly prevent every attack, whether that's cyber, whether that's lone wolf, whether that's direct action or over any actions. So you can't but to have a good posture and have something in place. So let's say you have a zero fox and you guys, really, you get hired out, you put on retainer or whatever, and someone's like, oh my gosh, this just happened. They know who to call. You know that's one of the reasons I wanted to have you on today is because you know we have a mutual, the guy who does your relations. I'm like you know what? It's not always in the government's hand. The government listen, when something bad happens, you get hacked or whatever.

Speaker 1: 37:27

And this happens so much more than people could possibly imagine. Let's say, for instance, about eight, nine months ago, there's a small town in North Carolina, south Carolina, that gets hacked. The town gets hacked, payroll, everything is done. Nothing can happen in that town. You basically took that town offline. They get a hold of the federal government. The federal government goes well, we can't really help you. I mean, we could give you a grant. They get a hold of their state government and the state government goes well, you know, we're dealing with problems of our own. So they're basically on their own. So it's not just major. You know cities and major, this and everything. It's happening everywhere. So let's say, your corporation, a, you have five to 10,000 employees. If you don't have a cyber team on whatever on standby or are working for you directly, it's time to do it. And these towns out there need to actually contract out to have this happen as well, because critical infrastructure, cyber and everything is. It's more than people can possibly imagine. It's not just getting computers hacked, it's critical infrastructure.

Speaker 2: 38:36

Yeah, and it's. It's an overwhelming. It's an overwhelming thing to think about. Like you know, my heart's palpitating as you're talking about all these accesses and these avenues to really hurt people. And, at the end of the day, this is what it is with ill intent, behind a keyboard who made a decision that they think is going to bring them money and respect in a criminal world, or money and respect within certain government circles, and they're making a choice to intentionally harm groups of individuals who did nothing wrong except get up in the morning and do their day right. And so this is a human story. Yes, tech is the enabler of all this. To defend us. Like again, tech is a net positive on the world. I love tech.

Speaker 2: 39:30

It's a blessing right, we are living in a time of sci-fi and it's unbelievable and it's a positive thing, At the end of the day, like evil, people are making a decision to hurt individuals, and I'm including corporations in that. Corporations don't wake up every morning going. I really hope we get all of our company stuff exposed and embarrass ourselves, our families, and put all these people's lives at risk in terms of their identity or bank and bank accounts. And I mean what's more sacred, right Like? Nothing is sacred to these criminals and nation state actors, right, they? What is more sacred than our? Than like what we do on our keyboards? Right Like we research our dreams? Our dark side, our light side, our love side, our vulnerable side, our mean side.

Speaker 2: 40:25

Our relationship with technology is very intimate and so, for these bad actors are making a choice to take those vulnerabilities and use it for financial and reputational gain in these circles of criminals and ne'er-do-wellers in government, right, and so you know, this is a human story, Jason, and towns, corporations, people just need to have somebody they can call. They need to have somebody they can call and go. I need help. This thing happened, or I think this thing happened, I don't, I'm not sure, and so I like that. I like what you said a lot about having somebody to call.

Speaker 1: 41:08

It's almost like a cyber 911. It really is. Yeah, I dig it, man. So what do we? You know what's next for ZeroFox?

Speaker 2: 41:19

Look, we're in a we're gonna, we're, we're. We're always trying to get better at what our core business is. Right. We're trying to build out better sourcing to get people better information at all times. Right what we can to blend in to an environment hostile towards researchers and the law-abiding, tax-abiding, tax-paying populace. To get more information to empower security teams to do what's right for them and to protect their people and their clients. And so that's what we're doing, man, we're trying to get better. We have wonderful teams of intelligence professionals out all the time looking for ways to increase our aperture, trying to increase our vision into what's going on and into these darker, deeper recesses.

Speaker 1: 42:19

You said the word right there, darker. Now have you listened to the Darknet Diaries Phenomenal? That is the best. I'm sorry, rogan and all these other people. That is one of the best podcasts out there.

Speaker 2: 42:32

It's it, definitely it's. It's wonderful, the, the, the individual that runs, that knows what they're doing. It's phenomenal, great. And and and they, the individual that runs, that knows what they're doing. It's phenomenal Great and they have great access into great, great stories. Great for recovering a bad guy, bad guys or, let's say, way wayward youth and current wayward youth. You know it's, it's a great podcast.

Speaker 1: 42:52

Yeah, Everybody check out that one, but everybody's zero Fox. You guys are putting on a lot of good things, especially the corporate listeners out there and stuff like that. I think you really do need like a like a cyber 911. It really does. I mean, the government I always love that adage about the government's not going to be here to help. Believe me, working for the government for so many years, they do want to help. There are actually people in the government that want to help, but the problem is they don't have enough resources or finite. So organizations like yours are great and, by the way, I'm not getting paid for this to say this, I just think I really I enjoy talking cyber and I enjoy talking this whole thing.

Speaker 2: 43:25

So it's been a pleasure man. Yeah, you're. You're a very well-informed, great conversationalist. I've appreciated it and thank you for all the kind words and the shout out to our brand. You know, like, obviously I love, I love zero Fox. I appreciate what we do and but you know don't want to be overtly that we have there are many wonderful competitors out there, that there are many, many brands out there that are that are great, that will protect protect us against.

Speaker 1: 43:50

It's not even that I think we need to have you back on Cause, like when things come up, it would be great to have conversations, timely conversations, I'm into it.

Speaker 2: 44:00

I'd love it, thank you.