AI, Attack Velocity, and the Defender's Clock

Rachael Lyon:
Welcome to the To The Point Cybersecurity podcast. Each week, join Jonathan Knepher and Rachael Lyon to explore the latest in global cybersecurity news, trending topics and cyber industry initiatives impacting businesses, governments and our way of life. Now, let's get to the Point. 

Pulling that thread a little bit more. I mean we were talking before we got on about kind of the 22 seconds, right. That a Mandiant research project found. 22 seconds for AI to map your entire infrastructure. So ostensibly the defender's clock is gone, you know, so as they're figuring out how to stand up AI to be defensible, you know, I keep coming back to this idea of are we moving to offensive cyber territory? Which is a little scary, but with AI and the window gets smaller and smaller and smaller.

How are organizations, you know, how do they protect themselves today? I mean obviously AI is part of that answer, but there's a lot of businesses and organizations out there and it's going to take time for them to get there. And do they have that time to figure it out?

Jeremiah Baker:
Yeah, from my perspective, and not to be like super, you know, the intent is not to be shocking or like trying to scare anybody, but it's as simple as this. If the attackers are doing it, we have to be that much faster and better than them. There's no choice. I don't think it's a subjective thing. It's very much like what are we willing to lose? And if we're not willing to lose it, then we have to do something about it. This old thinking, this human thinking of that, we have more time and it won't happen to me and it won't be that damaging and I can put it off. I feel that era is over. We have to think like a malicious hacker to beat the hacker.

We have to think like the cybercriminals. And that starts at the top, especially in bigger organization. Well, any organization, right. And leadership have to make it part of the DNA of the business or else we know what happens. Right. I don't think it's a big mystery. And you know, to this point, like I'm going back, this is going back 27 years. But when I was a young man, I was asked to speak at an all company conference.

And this is before people even had high-speed Internet at home. And the point of the conference was I'd been very lucky implementing something called Siebel CRM and it was a non-web-based CRM platform. The leader in the industry at the time, the fastest growing technology business in US history in 1999 and they said to me please share what you think the future is. And I said well we don't really have high-speed Internet at home but there will be a concern as this all progresses where companies are not going to want to potentially share their data in someone else's storage room and move web-based and do all this kind of stuff. But back then we didn't even really have Internet at home. We weren't that connected. So most things were done on site, protected in an environment that sat inside the business like a large Fortune 100, Fortune 50 which I was implementing probably the first web-based CRM called Siebel eService for a Fortune 50. This before Salesforce.com probably even had their first client.

So you know, things have changed since then aggressively over the last quarter of a century where we are so connected that we can't ever have this attitude but of just nothing's going to happen. And I can wait. But again, how do you instill that into an organization? Because most of the time from what I'm seeing where they really care is either they inherently care and they're really concerned about risk mitigation or they touched the hot stove and had been attacked before and it changed their immediate perception where they said all right, hear ye, hear all, we got to do something about this and if we don't get ahead of it it's still going to continue to be this problem of oh my gosh, I wish I had done something sooner.

Jonathan Knepher:
How do we deal with though the change of velocity that's happening and I think some of the severity, the Copy Fail vulnerability that was disclosed just a day ago right now, reliable privilege escalation on basically every Linux box out there and there was zero prep time before that was publicized for normal end users. How do we deal with this?

Jeremiah Baker:
That's a good question and I may not have the perfect answer for that. I mean maybe we wouldn't be sitting here if I did. But I think it's just again it's a matter of understanding the attack surface, how the attacks are happening and then using our very smart people on our teams and in the industry to create the response to that. So if someone is able to quickly identify a vulnerability and attack it then on our defensive side we have to be quickly as quick, quicker rather than that. So that again it's that cat-and-mouse like you don't. You know the old saying used to be you don't have to outrun the bear, you just have to outrun everyone else that's behind you. But now I think we all have to outrun the bear because it's so fast. So it's a matter of proactive defensives.

That's what I think it really comes down to. And we have to start implementing inside of our companies, inside of our organizations, we have committees and groups that say we're thinking like the bad guys. And sometimes we may even bring the bad guys around or learn from them and put the proper tool sets and ideologies in place to protect against it. Otherwise we're just going to be sitting ducks because we know one thing for sure, they're going to use the tools to automate these types of attacks to be more effective and try to make it like grabbing gold from us. So it is a. I think, Rachael, to your point as well earlier, like from the board level, we have to take it seriously. We can't treat it as an afterthought and then get the smartest people in the room that can help us protect it. And then from our leadership's perspective, say, look, we're a team here.

We are our best firewall as a group. We have to. We're our best defense. And it can be. We don't have the time to wait and see what happens. We just don't.

Rachael Lyon:
When you're talking about this, a visual kind of pops into my mind and kind of almost the idea of self protecting. Right. And almost like it's. Is it a bubble with spikes on it, you know, and then the attacker tries to get it and they get stung or something like that.

Jeremiah Baker:
Sounds fun.

Rachael Lyon:
Great for a movie, right?

Jeremiah Baker:
Yeah, I like this.

Rachael Lyon:
You get a movie idea going here, but it almost sounds like that's really what we need to get to, right?

Jeremiah Baker:
Yeah, yeah, I think so. I mean, again, it kind of goes to that concept where, you know, we had our business make money and do all these things and then cybersecurity came second. I think it's a Venn diagram where they're like layered on top of each other. They're the same thing. And I think we do have to think more offensively with the understanding that we're constantly being attacked. So we have to one just accept that and then put the proper defenses in place where it's. It's just part of our. It's part of how we do things now.

It has to be or else. Right, right.

Protecting Small Businesses

Jonathan Knepher:
So what are some of the specifics on like kind of mindset changes and so on for say, smaller businesses who don't have security teams?

Jeremiah Baker:
That's a good question. I would say that based on. So some of the work I do is with some of the cyber insurance folks. So what I like to do, I'm kind of nerdy engineer guy. So I like to think in terms of frameworks and keeping an idea of speaking with the cyber insurance folks. Where are most of your claims coming from? Right. And there's something called the Pareto principle 80/20 rule where basically 20% of things account for 80% of what's happening in any given organization. It's a prolific kind of thing.

It doesn't matter what we're talking about. So basically what they shared with me was that 80% of the claims continue to come from things like the wire fraud, fund transfer fraud, and it usually originates with an email or business account takeover. Then there's fund transfer fraud and then there's ransomware and traditional scams. So if we kind of understand where the real loss and the data breaches, the scams, the ransomware, the account takeovers, all that stuff are coming from and then reverse engineer how those things are happening and put the bait, what I'll consider the basic or standard things in place. We're mitigating our risk so that the odds of us becoming a victim of those types of attacks go way down. But the problem is somehow these small businesses have to be inspired and educated and alerted that they should do something versus waiting. And I think I don't know how to do that effectively at scale without there maybe being some form of regulation that demands it. You know, like we had PCI and HIPAA compliance and all those things, but some way that says like, look, you can't kind of operate unless you've shown that you've gone through these things and that may inspire security awareness.

Which then leads to okay, I know how I'm being attacked and the damages that can happen and to implementing the proper defenses, offenses and recovery so that we don't become out of business. Right. Or in big time trouble or lose all of our clients confidence. And this has been a concern since the day I got into cybersecurity. And that is how do you let them know what's happening to them before it happens and make them care enough about it to do something about it. And it's such a downside of human nature to where we don't genuinely care until we felt the pain.

Rachael Lyon:
Yep.

Jeremiah Baker:
And you know, I would love all ideas on how to wave that magic wand to figure out how to make people because it is the worst thing. And a lot of these calls come from that I get call from are calls from CEOs that I know that are in my network because I have a very large network of folks I deal with. And when they call me and I'm like, we talked about this last month, you know, and you didn't do anything about it. So that's the wrestling match that we all as defensive and protective folks in our kind of fiduciary responsibility to care for and protect our clients is probably the most challenging. It has nothing to do with tools and all that kind of stuff.

Rachael Lyon:
It really is. I remember that when GDPR went online and so many organizations were like, you know, eh, I'm not gonna do anything.

Jeremiah Baker:
It's nice out today, the sunshine. Yeah.

Rachael Lyon:
You know, and the fine versus spend to be compliant, you know, it's kind of a wash. So I'm just going to roll the dice and see what happens. But to your point, right, it is human nature. I mean it's we naturally gravitate to the path of least resistance.

Jeremiah Baker:
That's true. And then it can be too late. Right?

Rachael Lyon:
Like, exactly.

Jeremiah Baker:
It's a wrestling match again that we have with how can we get folks to really care about protecting themselves, right. And not go into that reverse paranoia mode where they just put their head in the sand.

Human Behavior as the Attack Surface

Rachael Lyon:
Now I want to pull this thread a little bit more too on protecting oneself. So I have this interest in anthropological studies and I think a lot about current generation. My generation, we did not have these things, we got them as we got older. But generations that are born with access to all of this and they live their lives on social media, just everything is out there and they're going to move up into management leader, executive level and their lives, their entire lives have been online. And so when we're looking at AI and social engineering and you know, how do we see things playing out in that regard? Because it's a very different landscape when you start thinking about.

Jeremiah Baker:
And I think that to that point, one of the groups that I deal a lot with are ultra-high-net-worth individuals, also known as family offices, which is basically in simple terms someone that has made about 300, $350 million in net investable assets will genuinely at that point or generally create a family office. It's a small company to manage their family's wealth. All the extended things of the family. If they have vacation homes and home purchases and things like that, they're very concerned about what they call the next generation or the rising gen, the children. What are they putting on social. Are they sharing? Hey, I'm on a private jet and I'm flying to here and all their geolocation and all that kind of stuff is available. They're concerned about it. And I think that from my perspective, the answer is still quite simple.

In all of this, it's what are you willing to give up? What are you willing to lose? If you are not willing to give it up and lose it, then you got to protect it, verify it, and. Or don't do it, right? And I work with some folks that are. I consider them friends. They are at the largest AI companies. And for example, one day they texted me and said, hey, I had to take down all my social media, including LinkedIn, you name it, I have to erase my profile as best I can on the Internet because we are under extreme attack. And sure enough, one of my contacts started to reach out to me via text message. And it seems strange, and this is a woman that I've known some time, and I spoke at an event at Stanford and that's how we met. And we held a global family office summit there, and she was in the audience and we'd stayed in touch afterwards, just talking about business and all the interesting things that go along with cyber.

And then one day I received a text message and it said, hey, I'm thinking about selling a bunch of stock or something like that and would you be interested, bro? And I'm like, so I caught that. And I'm like, so I'm like, let me go outside of even the work email, let me go to the Gmail that I have. Hey, is this really you? Like, yeah, it's me, bro. And I'm like, oh no, the phone must have. I'm thinking the email, the Gmail was taken over, probably a SIM swap on the phone. So it took over the actual phone account and ported it out. So this person may have. I haven't confirmed it, but may have been heavily targeted in that sense.

So real damage can happen. And some people are heavily targeted, but then oftentimes, like within organizations. Rachael, you'd mentioned this earlier, like with MFA, like, do I have to do it? Whole company is set up on all the protective measures, basic cybersecurity, hygiene. And the CEO, who's my friend, said, hey, do I really have to give up this BlackBerry? That's outdated because I love it. And I'm like, if you want to avoid A, B and C, you do. And you're making everybody else do it. So we're only as strong as our weakest link, right? And that's the problem again with thinking is our footprint, our attack surface, all that kind of stuff. It's only as good as the weakest thing that exists in it.

And usually I say this kind of jokingly, but it's the meat computer that causes the vulnerabilities, right? It's this. It's our human behavior we have.

Rachael Lyon:
Hilarious.

Social Media Risk vs. Value

Jonathan Knepher:
So it's interesting too that you bring up social media in that way. Like, is it worth it to be on social media? Like, should we all be doing what your friend is saying and get offline?

Rachael Lyon:
Just scrub it, right?

Jeremiah Baker:
Honestly, I wrestle with it all the time because I like to track and measure, like, how much value is it really bringing? And I've even personally, over the years limited a lot of my things that I put on social. I try to be very careful about what I put on there because what is it really getting us? Like, what do we really get out of it, right? Outside of like maybe looking, you know, and I don't mean this to be cruel, but like, hey, look at me. Look where I am. Aren't I important? Look at who I'm with. This kind of thing, like, that is. That's opening us up to risk, right? And depending on our risk tolerance and what we're willing to deal with, I think that the social media, or I often like to call it synthetic social because it's not real. It's not like we're sitting, breaking bread with somebody and having a, you know, we're sharing the same airspace. It's.

It brings out some interesting components of human nature. And then as you all know, it's used to subvert an attack as well. So I don't know, I haven't really seen. I personally haven't seen where it's been more beneficial than negative, if I'm to be completely blunt. And thinking back 27 years ago when I was on that stage at 22 years old talking about what I thought could happen in the future. Yeah, it's cool to be able to see pictures and share things and do all these things, but I don't think it's really progressed us from a protective mechanism. I don't think it's created a whole ton of positive outcomes. It's really opened our attack surface up to where we're kind of putting ourselves way out there where we.

When I was growing up, I couldn't even done that if we wanted to. Right. It didn't exist, so had a. I didn't even have a cell phone. At that time that I was talking on stage back then I fought that I didn't want it. And now it's like again, going back to the question of if you want to put all this stuff on social media, are you also willing to deal with all A, B, C, D, E, F, G risk that go along with it? If you are, then it's fine. If you're not, then don't use it. That's kind of my standard framework that I give.

It's just like a justice scale. You got to weigh the pros and cons and try to remove the emotional responses that may pop up. And I know with the younger generation, telling them not to be on something is traditionally very difficult conversation to have.

Rachael Lyon:
It's because I'm late to TikTok, but I love my TikTok, I'm not gonna lie. And, you know, I guess it was what, a year or so ago when it went offline and there was all this buildup like, oh my gosh, it's going offline, it's going offline. And then all of a sudden RedNote, right. The Chinese version of TikTok started coming up and all the instructions or the EULA, that's all in Chinese. People didn't care. Like, there were people I worked with like, ah, I don't care. I'm just accepting my TikTok.

I need something, I need a filler. Yeah. And I just kind of struck. They just didn't care, Jeremiah. They're like, whatever, my stuff's already out there. Like, what do I care about?

Jeremiah Baker:
That's the reverse paranoia. Right. I don't want to. Don't make me mentally lift those weights and be responsible. Whatever. We'll see what happens. And that, you know, honestly, it's very dangerous thinking. That's where the bad guys want us to think like that.

Rachael Lyon:
Exactly. And you think about the long-tail dwell times where they just sitting there waiting. You know, they got all the time in the world to wait and take advantage of an opening. Right?

Jeremiah Baker:
Yeah. Because they're not playing on the same rule book that we play on. Right. Their ethics, their standards are not the same at all. Two different mindsets.

Rachael Lyon:
Yeah. But you got to have the TikTok.

Jeremiah Baker:
Really. I don't use it, but you're welcome to it.

Rachael Lyon:
I know, I know. It's. You train the algorithm, though. I mean, I'm going to defend myself and it's all like, you know, bird and cat and dog stuff and it makes me happy.

Jeremiah Baker:
Yeah. That's on my Instagram, that's what I have. It's Labradors, beautiful scenic scenes, music. That's about it.

Rachael Lyon:
Yeah, exactly. Just happy things. Happy things.

Jeremiah Baker:
We need it.

Rachael Lyon:
We do, we do. You need a release with everything going on in the world, it can get a little heady.

Jeremiah Baker:
Oh yeah.

Jeremiah Baker's Path to Cyber

Rachael Lyon:
So I do want to be cognizant of time, but we have to get into my favorite questions. Jeremiah, as Jon knows, there is no linear path to cyber. And you started in the business world and then you've made your way into cyber quite, quite decidedly over, you know, a couple of decades. And I'm just curious on how did that journey come about to get you where you are today?

Jeremiah Baker:
Yeah, it was a weird kind of, not, I guess it wasn't orthodox, it was roundabout. I didn't go to school and study this in college and then get a CISSP certification and kind of get picked up by a company and go into. Started a little bit, like I said back in 1999, was speaking about the future of CRM and just because I was right time, right place, implementing a web-based CRM platform for a Fortune 50 and Tom Siebel, the founder, had found out about it and wrote to our company, we're the implementer, and said, who got that working? I want to talk to him. Then that opened me up to speaking on stage about the future of CRM and everything that goes with cyber risk and so forth. And cyber risk weren't even really a thought back then. That was like movie material. Right. So that started it.

But then about seven or eight years went by and I was consulting with lots of different companies, helping them really with growth, getting leads, getting sales and these types of things. I was the top salesperson at my last corporate job 21 years ago, and I was brought in to turn around a division of the company that they couldn't quite make sales happen for two and a half years. They brought me in to turn it around. I worked with about 45 sales reps as their subject matter expert. There's their SME, their engineer, and I would ride along with them on every call they did. And this is after breaking down what they were selling, putting it back together, repackaging it and making it attractive to a potential buyer. We ended up, I ended up helping the team sell into 60 enterprise accounts in my first eight months doing this. It was my first real, what I would consider like a sales type role.

I was celebrated, sent all over the country to train all the reps on how I was doing it because I couldn't do it before, and I was in my, you know, in my twenties then, and one day I got called in. They said, hey, we're gonna sunset this product that you're doing. And I was like, I like sunsets, but it doesn't sound good in this context, right? Like, what the heck? And they're like. I'm like, what's that mean to me? And they're like, well, we're gonna have to let you go. And I'm like, what? You were sending me all over the planet to speak and calling me 'Deal a Day.' Because we were closing a deal a day and all this stuff.

And I'm like, wow, this is so weird. And I was so disappointed. And I couldn't figure out why they were doing it. And they ended up selling the business for over $58 million a few months later. And I wasn't the only one that they had let go. And I was like, oh, I see what they were up to, right? Headcount and magic work on the books and all that stuff. So I'm like, okay, making the financials look nice. And then that's when I made a decision.

Do I want to go back into looking for a corporate role? At 11 jobs in my first seven years out of school. Excelled at all of them, but could never quite make it click. Even though I was doing a great job, it would be. Somebody saw what I was doing, oh, no, this young guy is stealing my thunder. Get rid of them. You know, all the things that go along with that. My intentions were never to do that. It was just do a good job that I was hired for and help my team.

Rising Tide, right? Because I grew up, like you said, with 56 foster children. My parents were entrepreneurial. My mother was the oldest of 11 kids, my dad the youngest of seven. Neither graduated from high school for various reasons. So as you can see, when they're raising 56 foster kids, they needed extra income. So the idea there was they became entrepreneurs. And that's where I learned to be very protective and be a real entrepreneur, starting all the way back in the early 1980s. So in doing that, that's when I decided that I'm not going to go back and try to get another corporate job.

I'm going to do this kind of work for other companies, since I had a knack for it, and I was able to demonstrably help companies get leads, get sales, and grow, and been very fortunate over the last 20 years, 21 years, to have over $2 billion in total exit value across the portfolio. So we really did the work. But getting to the cyber story, how I got into cyber officially was my second or third client, going back to about 2007, was an ethical hacking firm and they were just starting out. And I said, what is that? It sounds cool, I don't understand what that is. And they'd come to me as an inbound lead and said, we need some help getting clients. And so what I did is I jumped in and really took the steering wheel. And we grew the business working with every major casino, bank, hospital, government organization, schools, got in every major media outlet without paying a single PR person or anything like that. But all we really did, the simplicity of it, was really cool work.

Finding vulnerabilities and major platforms, doing really cool hacking exercises, and then anonymized it, wrote it up, put it out on Twitter. Twitter at the time before X, the journalists would hang out there, oh, this is cool. Like high stakes, surprise, suspense. But it was real, real-world work. And when you're working with casinos and cool stuff like that, it's by nature very newsworthy, movie-worthy kind of stuff.

Rachael Lyon:
Yes.

Jeremiah Baker:
And we were able to get in the Economist, New York Times, Wall Street Journal, you name it. I can't even think of one major outlet that we didn't get in. And we didn't pay any of them. They came to us eventually. We built up a nice roster of journalists that said, anything you do, tell us about it first. Because it's our job to write on these things. And we created this nice little volley back and forth. And you can imagine over the years, I'm also the one on the front end of receiving every single new lead that came into the business.

Every major incident that happened came through me first. I was as a partner in the business, the gatekeeper, the person that managed all the relationships. And in that time, over 20 years, you really start to get immersed by activity more than a degree or any kind of certification. I was really in the trenches and on the front lines of cybersecurity. But it started as an effort of growing the business. And then eventually really cool things came up. Vice came and Vice television channel came and filmed us. We've had, you'd mentioned Wired.

Wired picked us up very early. Let's see, Gizmodo came and did a mini documentary on that business. All kinds of interesting things happened. But my intro to cyber formally was really in helping to grow a cybersecurity business. And then that put me in the situation to kind of have a apprenticeship of learning about cybersecurity. And then when you're hearing this, all the calls that come in and you're getting the emails, you start to see those repeating patterns of, wow, this wire fraud, email account takeover, no MFA gift card scams, extortion, you know, holding people hostage, saying, I'm not going to do this, this and this unless you give me X amount of money. And then it just projected over time. And that's where my intro to cyber was not from a traditional route of going to a school for it, it was from being on the inside of it.

And then I learned through experience.

Rachael Lyon:
That's wonderful. And that's how you learn, really. I mean, it's not. You can't learn theoretically. You have to be hands-on.

Jeremiah Baker:
Yeah. One way or another. You need that apprenticeship.

Parting Words on the Future

Rachael Lyon:
Absolutely, absolutely. And then one final question. Any parting words that you may want to leave our listeners with, particularly as they may be navigating through AI transformation and uncertain world of evolution of AI and then the looming threat, of course, of quantum coming a reality sooner rather than later. There's a lot coming up. What are your parting words for them?

Jeremiah Baker:
I would say it goes to the overall conversation that we've had, if I'm able to simplify it, is that we have to erase this idea that none of us are under attack or I don't accept credit cards, so I'm not targeted. All that. We are all being targeted. And really the only thing we can do is get educated. How are the cybercriminals attacking us? Cybersecurity awareness training is what it's usually referred to. Most major companies have it. Most of the folks listening to your podcast probably are required to go through some form of security awareness training. If they're not, that would be step one that I would say to do.

Because how can you protect yourself if you don't know how you're being attacked? And a lot of it starts with us as individuals and not waiting for our company or our organization to do it for us. It's. We have to be curious and we have to think, how am I being attacked? What do I need to do to protect myself from these attacks? And if I can't do it myself, going to the proper people within my organization and asking them that question, and then ultimately, what am I willing to give up? Am I willing to suffer, you know, a wire transfer fraud attack? Am I willing to just let that money go away? Am I willing to allow someone just to get into my email account because I didn't want to set up MFA or any of the normal cybersecurity best practices with cyber hygiene and the standards, what am I willing to give up? If I'm not willing to give up, then I have to take that responsibility on myself to take the initiative to protect myself and my organization. And that's why I think our people are our best defense. Once we've decided that we want to be the superhero inside of our organizations and protect ourselves, our family and our co-workers and our overall business, I think we've kind of become like the Guardians of the Galaxy movie, you know, the Marvel stuff. Like that's what we need. I think we need to shift our thinking to be more like that. And again, do you want to sit in the back seat or do you want to take the driver's seat? You know, because if you're taking the back seat, then you're going to rely on, you're putting all your risk into someone else's control.

And I think that that's very, very dangerous thing to do. And we just. Cybersecurity has to be part of the DNA of everything we do. Just like leads like sales, any role in a business, it's equally, but I would say even more important than those other things. You can generate all the revenue you want, but one major catastrophe could wipe it all out. So that's what I'd say. It's like, learn how to think like a hacker, get educated in order to beat a hacker. And until we do that, we're kind of just waiting.

We're in the wind a little.

Rachael Lyon:
Absolutely. Wow. Well, Jeremiah, thank you so much for your insights. This has been a wonderful conversation and hitting on all my favorite topics, although we didn't hit on insider risk, but that's something for another time. So to all the listeners out there, it is a risk. We'll have you back and we'll talk about it. That would be great. So, Jonathan, let's tell our listeners what they need to do.

Are you ready?

Jonathan Knepher:
Smash that subscribe button

Rachael Lyon:
And you get a fresh episode every single Tuesday. So until next time, everybody, stay secure. Thanks for joining us on the To The Point Cybersecurity Podcast, brought to you by Forcepoint. For more information and show notes from today's episode, please visit forcepoint.com/podcast and don't forget to subscribe and leave a review on Apple Podcasts or your favorite listening platform.
 

About Our Guest

Jeremiah Baker, Cybersecurity Expert, Speaker, and Consultant

Jeremiah Baker is an ethical hacker-turned keynote speaker and author with nearly 20 years of experience in cybersecurity. A proven business growth strategist, he scaled a cybersecurity firm into a dominant industry player as an equity partner. His commitment to security is rooted in his personal experience growing up with 56 foster children, which taught him that a data breach is a fundamental loss of stability for people. Today, he leverages those lessons to protect companies and employees from cyber threats.

Check out his LinkedIn