
From Battlefield to Boardroom: Ricoh Danielson’s Lessons on Cyber Warfare and Digital Forensics
Share
Podcast
About This Episode
In this episode, our hosts sit down with Ricoh Danielson, a national security expert, digital forensics professional, and US Army combat veteran of Iraq and Afghanistan, to explore the intersections of cyber warfare, digital forensics, and the evolving global threat landscape.
Get an inside look at how Ricoh’s experiences on the battlefield have shaped his career in cybersecurity and how the strategies employed in combat directly apply to the frontlines of cyber defense in both government and the private sector. From ransomware negotiations to the rising risks of volunteer cyber armies and nation-state actors, Ricoh shares real-world stories and insightful perspectives on how prepared we truly are—personally, organizationally, and nationally—for the next wave of hybrid warfare.
Podcast
Popular Episodes
50 mins
REPLAY: Someone Needs to Do Something, But Who?
Episode 278
March 26, 2024
47 mins
Cyberwar, Social Media’s Future and Passing the Mic with Peter W. Singer
Episode 206
November 8, 2022
56 mins
The Conga Line of Cybersecurity in 2022 with Manny Rivelo
Episode 167
January 25, 2022
48 mins
See Something, Do Something: A Conversation with Dmitri Alperovitch
Episode 160
November 30, 2021
Podcast
From Battlefield to Boardroom: Ricoh Danielson’s Lessons on Cyber Warfare and Digital Forensics

Rachael Lyon:
Welcome to To the Point cybersecurity podcast. Each week, join Jonathan Knepper and Rachael Lyon to explore the latest in global cybersecurity news, trending topics, and cyber industry initiatives impacting businesses, governments, and our way of life. Now let's get to the point.
Rachael Lyon:
Hello, everyone. Welcome to this next episode of To the Point podcast. I'm Rachael Lyon here with my co host, Jon Knepher. Jon, what's going on? Hi, Rachel. Thursday. Yes. Hi.
Jonathan Knepher:
Oh, it's a it's a great fabulous Thursday. Yeah. Happy to be on with you and, yeah.
Rachael Lyon:
I think there was a little article. Right? There's, some news popping up that I think we wanted to to talk a little bit about here at the top.
Jonathan Knepher:
Yeah. You know, there's, a lot of news happening here with this whole '23 and me thing. Mhmm. You know, it's kind of interesting to me that they got the okay and the go ahead to basically offer to sale all the genetic data of of their customers in order to satisfy, you know, creditor requests. And to me, that's something that I personally feel is quite alarming.
Rachael Lyon:
It's a little bit. Yeah. Yeah. Yeah. Wow. So I I think the, the impetus is on folks that have an account go and try to delete all of your information as possible, Or is that ship already sailed, Jon?
Jonathan Knepher:
I think that ship is still available for another another couple of days, right, until that happens. You can download all your data too. So, you know, you don't necessarily have to lose your data. Download it out. And then, if you don't want your data sold, yeah, go ahead and delete it.
Rachael Lyon:
Does anyone ever raise their hand, please sell my data? Is has anyone ever said yes to that? Yes, please.
Ricoh Danielson:
Yeah. I would I would hope not.
Rachael Lyon:
You know?
Jonathan Knepher:
Yeah. Well, the customers aren't the ones getting the cut. It'll be the creditors.
Rachael Lyon:
I know. Right? Exactly. Okay. So, I'm really excited for today's guest. We've got Ricoh Danielson he is a national security expert, a digital forensics expert and a US army combat veteran in Iraq and Afghanistan. Welcome Ricoh.
Ricoh Danielson:
Thank you so much. Really appreciate being here. And, yeah, if twenty three and me, if you're selling your data, I think you should get a cut of that. Exactly.
Rachael Lyon:
Yeah. You know, whatever that might be, 23¢ or, you know, I don't know how much to sell it for, but, you know, just just a little slice of the pie.
Ricoh Danielson:
Just a little slice. Not a lot. Yeah.
Rachael Lyon:
And, Jod, do you wanna kick this off today?
Jonathan Knepher:
Yeah. Yeah. So, you know, you know, looking at your your background here and your exposure to cybersecurity in in combat in, Iraq and Afghanistan, that's that's quite interesting. I was hoping maybe you could share with us how those experiences have have shaped your understanding of cybersecurity.
Ricoh Danielson:
Yeah. Yeah. That's a that's a really good question. So one of the things I did was when when I was a young PFC, private first class, we're doing raids in in Ramadi, Iraq, and also the Summa Triangle Of Death. And, after a while, you know, it wasn't just hidden grabs. It was like, Hey, grab and get all the intel you can. And we're like, all right, cool. And that was the first time I ever saw a digital forensics actually being kicked off.
Ricoh Danielson:
And my digital forensics then was very long process. You go in there, smash and grab the hard drive, and you pop it into the the reader. And then at that point, you dump the data and then the analysis for the analyst person started doing their data. And he's there's usually, like, an air force tech sergeant or something like that. And then then I was like, hey, you know, that's, that's very interesting. I think this is gonna be something bigger for the consumer market. I think it was kind of ahead of my time and we would continue to do these raids, grabbing cell phones. Fast forward, I, you know, I get out of the military after doing X amount of tours overseas.
Ricoh Danielson:
And I was like, you know what? Let me revisit that idea. And digital forensics was there, but it wasn't what it is now. And when I was going to middle law school, I've had this brilliant idea to start up my own digital forensics firm. And I because I met two secret service people and FBI person. Like, if if you want to be in the game, do this. And I started doing it and then I landed like a huge, death penalty case, a huge murder case in Phoenix, Arizona. Never forget Joey Matthews versus state, one of getting that guy license versus a death penalty. And because of the digital evidence.
Ricoh Danielson:
And then at that point it was Jody area's trial. It was all these other wild, huge trials. And then we started pivoting into like more corporate security, more like a corporate espionage insider threat and response. And it just, you know, propagated from there. And now, you know, kind of being, getting into the space of, well, been in the space of ransomware negotiation, ransom negotiation itself with threat actors, you know, understanding what they need, what they, who they popped, what's the grants and demand and how we're going to negotiate it, and then help facilitate the payment of the ransom sometimes for different clients. So it's it's pretty pretty awesome to be in the space, I think.
Rachael Lyon:
Agreed. I just can only imagine all of the information you uncover. You know? And cyber is there's so many things that maybe you don't want to know that you know and you have to kind of compartmentalize but, it is kind of amazing what you could find through digital forensics.
Ricoh Danielson:
There's a lot of things I didn't want to see but I was like, hey, you know, you you gotta see everything. Right? You are the unbiased, unwavering truth in between, and you are the representation of the digital evidence itself. And, yeah, it's it's pretty fascinating. It's pretty wild. Right.
Rachael Lyon:
It's, and I think about it in the context of, you know, kind of combat conflict being in theater. You know, there's, like, the cyber armies getting stood up, right? I mean, it's you gotta fight cyber with cyber in addition to, you know, the on the ground tactics. You know, how how did the digital forensics that you were pulling on the ground inform, you know, tactical execution? And did it inform a lot of strategy, you know, and and help you guys pivot or whatever you needed to do for the mission?
Ricoh Danielson:
Yeah. Much like what we do now is we gather the evidence. We're like, okay, these threat accreditation states, right? If you look at it and just remove the threat accreditation states to a terrorist organization or an HVT, a high value target, you'll say, hey, we're gonna go get Hassan, whomever or Ali, whomever, right? Chemical Ali was one of the biggest targets. We went, got cell phone. We're like, okay, we started doing the data mapping. We're like, all right, this is our next target. Let's go forth, get the boys, get the rain, get queued up, get, get the con op going and let's go execute. Then that one led to a next one.
Ricoh Danielson:
So, the spanning tree of this digital evidence actually, you know, was very, very fascinating. You do that on top of, different type of, technology that can intercept text messages, cell phone conversations, and whatnot. And it's it becomes very, very wild, and you can make a split decision and also a command decision that'll either save people's lives or get you a huge victory in the battlefield. And there's the same premise applied if you look at, you know, if we look at the state of Israel, right, when Hamas and those organizations, what they were doing is they were doing their cyber attacks, trying to infiltrate and whatnot. And the Israeli, government unit eight thousand two hundred. I spent some time with them, spend a lot of time overseas, working with them. They were actually to narrow it down the building, the floor in the room. And and then they would actually carry out their, you know, the response, whether it's lethal or non lethal or a raid or DDoS attack or something of that matter.
Ricoh Danielson:
But, these really got it got down pretty good, and we actually learned quite a bit lessons from them.
Jonathan Knepher:
Yeah. I think they've they've been amazing on a lot of their other, operations as well that we've heard about too over the years. So that's, they've been quite impressive in in my opinion. But thinking about that, what what kind of what kind of parallels from from, you know, these these types of, like, actual, you know, warfare and and cyberwarefare do you see in terms of of strategy and risk and so on, especially comparing it to the rest of the business you're doing now?
Ricoh Danielson:
Yeah. So there's a lot of parallels. There's a lot of methodologies that are pretty much the same. If you can dominate three areas, sea, air, and land, right, network hardware, and also the the radio Internet waves, you can pretty much dominate any type of battlefield, whether it's digitally or physically, right? When I went to Ukraine, I actually saw this firsthand because the Ukrainians actually took a play out of our own book. And they're like, hey, we're gonna go ahead and dominate there, which is all the drones and whatnot. They're using various technologies. The one thing they don't tell you is that they're using different, drones actually to cause jamf interception, right? They're causing radio frequency interception. They're doing it that way.
Ricoh Danielson:
So as much as you'll see these these warfare tactics on the physical part being played out much more on the tactical as well from the technology perspective.
Rachael Lyon:
I loved I could talk about this all day. You know, so so coming back to this notion of, you know, cyber warfare, right? And and you look at like, you know, Ukraine is an example with the volunteer cyber armies. You know, what's going on in, you know, the South China Sea and and and the landscape is just really changing, you know? And so how how do you see this global cyber threat landscape, moving forward? It seems very complex and also very scary if you've got you know, volunteer cyber armies on both sides, you know, not really being managed. And, you know, how how how can that impact, these conflicts ahead?
Ricoh Danielson:
Yeah. So I think you have to look at it from a special operations perspective, right? And, you have to do force multiplication. You have to give people the purpose. You have to give them the pride and also breadbeat the bullets, right? And also the ideology of what we're fighting world. One thing we we did very well in Iraq and Afghanistan, there was maybe four to six of us on the team. We would go to remote village and be like, we want to train you, and we want you to go find that guy. And then it's like, who have a problem? So it's called force multiplication. This is the same methodology and premise applies.
Ricoh Danielson:
I have a really weird theory that I think that we're finding ourselves if you, if you will. I think there's a lot of counter counter corporate espionage or, and we're just going back and forth that, but that's a theory. Right. But how do you manage these unregulated, unloyal cyber armies right? And it has to go do with ideology, you know, what are we fighting for? Are we fighting for America or we fight for freedom or we fight for both right? So it really depends or we are fighting for a sovereign nation or we fight for ideology really depends on what what is needed. Now, the way you, you kind of control and attribute that is give the people what they want and what that is anywhere from money, greed, or attention. Right? And once you can narrow those down those down, I think you have them solo and you can control the army. What I do see happening is the days of a grunts, right, myself, a knuckle dragger on the battlefield running the, you know, with the machine gun on the field It's not over. It's gonna be very specific in time.
Ricoh Danielson:
But I think the more these complexities show up in cyber warfare, the more it's gonna require a new era of soldier, which is we see with drones, and now we're going to see what the analysts, cyber warfare analysts and whatnot.
Jonathan Knepher:
And are are you seeing as well, like, these nation states being involved in kind of expanding the this into other areas like ransomware and cyber espionage and other things on the, you know, bleeding into the commercial side as well.
Ricoh Danielson:
Yeah. So let's just say, you know, take the big juggernaut in the conversation with China. China is really, really good at figuring you out, figuring out where your pain points are. I've been solicited to myself. They came to me. They're like, we'll pay for these things. We'll pay for this. And I'm like, how do you guys even know that? And they already know you.
Ricoh Danielson:
Right? So the three things they want to operate on is pain, fear and pleasure. Right? They're going to pick enough plain enough beer to give you enough pleasure. Right? And then we, when you look at it from a global perspective, let's just say Africa, right? Africa, right down the middle is being divided between The United States on the left and, China on the right. And you have these, sub factions of combat, and China is really good at what they do. They set up a warfare tactical communication center, and they have all these small little branches where you can come up and carry out your attack and do what you got to do. Right? Same thing on the physical battlefield. Look at South Sudan, for example, I have a lot of friends over there that are fighting the good fight, and they're going back and forth over territory against the Russians or Russian private military contractors. So it really depends where our area of focus is at, which will lead us to our next battlefield.
Rachael Lyon:
So coming back a little more domestically, you know, so much of this seems to be happening really far away from us.
Ricoh Danielson:
Happens here too.
Rachael Lyon:
Yeah, exactly. And I I'd be curious in your your opinion here, you know, how prepared are Western nations, you know, that are a little bit, you know, stable for the most part, economically and otherwise. How prepared are Western nations for this kind of hybrid cyber warfare? I mean, are are we as prepared as we should be or what's your perspective there?
Ricoh Danielson:
No. I think so. If you look at the public sector or private sector, let's just say big organizations who've picked up a million dollars into their cybersecurity program or a hundred thousand dollars, you're you're okay. At least you got something. Right? You're fighting for yourself. But when it comes to the, you know, that's for the private sector. When it comes to the public sector, I do not believe that local municipalities, local government, or even the federal government is ready for a cyber attack of this magnitude that's come from. And the reason is because the first thing in order for you to dominate another country, you have to take out their water mitigation.
Ricoh Danielson:
And what's it called? If somebody hits an electric electrical grid in The United States, the transformer replacement, the mechanics behind it is so far down the logistical chain. It's you're done. It's over. Right? You saw that from a natural disaster in Asheville, you know, in Tennessee or North Carolina. Right? We can that was a natural disaster, and we can't even bounce back from that. So if there's a cyber attack that let's just say DDoS that overloads a grid or, you know, causes a surge and blows out, you know, some sort of indirect, EMF, I don't think that the public sector is ready. Now privately, I think we can fend for ourselves and we have reasonability to bounce back from it. But if you ask me, I don't think The United States is ready yet.
Rachael Lyon:
And and I guess unless we just take everything offline and go back to manual, that's my favorite recommendation. That's
Ricoh Danielson:
Right. They have these books and notebooks. Exactly.
Jonathan Knepher:
And and on that front, are there are there are there things that we as as as private individuals and, you know, on the commercial side that we should be doing to protect ourselves from those kinds of attacks? Right? Like Yeah. What what what are kind of the key things we need to do to to make sure that something like that doesn't affect us?
Ricoh Danielson:
Yeah. From a personal perspective, right, even a small business perspective, I if you could afford it, right, you know, you look at the CISSP model, right, and then you go through the whole disaster recovery area. Let's look at that domain. Just apply me your personal life, like, hey. Do you have a backup? Do you have a backup generator? Do you have a backup? If you can't afford that, you can get a Jackery or some sort of lithium battery, whatever. Number two would be, you know, know your digital footprint. If an enemy can't see you, they can't shoot you. Same premise applies in the digital era.
Ricoh Danielson:
If you know your holistic perspective and also your footprint, your digital footprint on the internet, and you can minimize that, that means you'll make yourself a lower, lower target to hit or even a no target. So that's a couple of different things when it comes from an infrastructure perspective, I definitely recommend always having two internets, one, satellite base and one having your own deal because the state of Tennessee, where I live, we love tornadoes and they come out every which way. I'll tell you what, I think we had over a hundred sirens in the last two weeks for a while. Oh, wow. So, looking forward to going back to Phoenix where nothing happens. So
Jonathan Knepher:
Nothing happens. It's just
Ricoh Danielson:
a little warm.
Rachael Lyon:
Just a little warm.
Ricoh Danielson:
They just
Ricoh Danielson:
Yeah. You go. Yes. And that's why I go to San Diego, you know, because they have the beach.
Rachael Lyon:
That's where Jon is. Yes.
Ricoh Danielson:
Nice. Perfect. Weathered year round.
Rachael Lyon:
It's
Jonathan Knepher:
always nice here.
Rachael Lyon:
Horrible place. I know.
Ricoh Danielson:
But those are some things I would try as a as a personal but if I'm a small business, I mean, I I see it every day. Small businesses, specifically small medical providers get hit because, one, I hate saying this doctors are good doctors, and they're not good business people. Right? And then they're not even further technologists. They're not. Right? They're not. When I was working a project a very long time ago at Phoenix, I met this CIO, Sysso. I was like, okay. He was a full, psych psychiatrist.
Ricoh Danielson:
And I was like, how does that work? And he's like, I just do this because he was a board member and I'm like, oh, well, okay. Good luck though. And it just, I really believe, like, we as cybersecurity professionals need to be entrusted to take care of the business and also the patients and the patients data that cannot defend itself.
Rachael Lyon:
Turning your attention a little bit to cyber policy. I mean, you're a national security advisor and you'll have a really interesting purview, right? I I'd be interested in your perspective of, you know, cybersecurity policy always feels like it's a little lagging, right, as we try to inch forward. And, you know, where do you see opportunities for us to, you know, make strides forward, be it in new policies, shaping old policies, execution, you know, or coordination. Right. You know, formation either within The U. S. Or among nations.
Ricoh Danielson:
Yeah. So when it comes to cyber policy, let's take US domestic policy first. Right? I really believe this is gonna rub the school the wrong way. You need to remove politicians from the policy opinion and let the technologists do it. Because one, that's gonna be very bureaucratic. And number two, you need to remove any attorney outside of cyber policy. And the reason is because I I went to law school myself. Automatically, I wanna argue with you and kind of like, well, don't do this, I'll do that.
Ricoh Danielson:
And it's just gonna get in the way. It's disingenuous and also provides no morality to the path forward. Now, that being said, technologists are very smart, right, and we have a chip on our shoulders sometimes, and we're the smartest person in the room, so we can we can do this accordant effect. Number two would be from the law perspective, law will always be behind technology, both. And there are laws now that need to be shored up. But the problem is you have to grease people's palms, you have to bribe people and I hate saying this and I hate being that one, but it's the reality, right? Because if you want a law change, you you have to know who to who to shake hands with. From a from a global perspective, imposing US law to another policy in a foreign country is gonna be very difficult. But there are similarities because we all want the same thing as protectionist.
Jonathan Knepher:
And extending that to, like, how should how should public and private partnerships, evolve in order to defend all of this critical infrastructure, as well that you've talked about?
Ricoh Danielson:
Yeah. So there has to be cohabitation, right? So when it comes to private organizations and public organizations, some like, let's just take the internet. A lot of people debate whether it's a utility or it's a right. Okay. So utilities, you have to pay more rights you should have. And the thing is somebody has to do that. So who owns it? And I believe there has to be co ownership and also collaboration behind that to balance out who needs to be where. And also possibly even some more of a majority ownership, but not too much, and that's kind of what we have to be very mindful of, because once you start doing those things, you're gonna start shaping the behavior and the direction and dictation of a certain community or even culture.
Ricoh Danielson:
So you have to be very mindful. In Myanmar, Myanmar, we actually saw that quite a big of whenever they were like, hey, everybody gets cell phone, but but you get you have to have one application on there and it's called Facebook. And then they started and then they noticed immediately there was a certain direction of policy change, right? So So we have to be very mindful and delicate that we're not having some sort of external influence on these technologies.
Rachael Lyon:
Coming back on this idea of coordination among nations, I'm curious in your point of view on NATO, Right? Does does NATO play a part here somewhere? And and I know the act of declaring war, particularly cyber war, right, can be sometimes hard because of attribution or or whatnot, but I'd love your perspective here.
Ricoh Danielson:
NATO's a tough one. Right? NATO seems to be the world police or the world advisor, if you will, but in reality, they want The United States to be the whipping child to go do the dirty work. And that's the hard reality of it. A lot of people don't want to hear, NATO wants to give money to The United States to the big war machine because The United States, we do well economically when we're at war. We're fighting something. Look at the great depression. Look at Iraq, Afghanistan, First Gulf War. Like, our economy does very well when we dominate another culture.
Ricoh Danielson:
However, we have to pay that money back to the NATO. Right? And NATO's foreign countries and whatnot. While NATO's premise is good, I think it's a little bit skewed and has been infiltrated and soured from different agendas, going back to where it has just been absolved. Like, there's just no use to have those ideology anymore. So in a UNICEF perspective, NATO's theory is good, but I don't know from a practical perspective. Yeah. That's a very tough one. Yeah.
Rachael Lyon:
You're right. It is. Yeah. Sorry, Jon. Didn't wanna cut you off.
Jonathan Knepher:
Oh, no. It's okay. It's okay. I was just thinking too, like, as as kind of go down the this path to of figuring out you know, you're talking about the the policy and in and in the the partnerships, like, are what what are the incident response protocols, and and are they sufficient for for all of these types of cyberattacks and and threats you've been talking about?
Ricoh Danielson:
Yeah. Policies work good in theory, but here's here's a problem we have now, a bigger problem. Incident response was really good and narrowed down for ten to fifteen, maybe twenty years. Right? But the we have two, three big juggernauts now. Now we have artificial intelligence in the mix. Now we have metamorphic and polymorphic ransomware. So, nobody's really talking about that and how to address that. I met a few think tanks here and there where they're like, hey, this is how we would address an artificial intelligence role from incident response perspective, but also here's how we would do, you know, isolation for metamorphic and polymorphic ransomware.
Ricoh Danielson:
So, that that's how I kind of approach those different attributes.
Rachael Lyon:
And this is a fun question. It's, the role of cyber exercises in war games. Like, what role do they play in preparing national security teams for large scale geopolitical conflict scenarios? I I I'm so excited for this answer.
Ricoh Danielson:
Sure. I have two answers for that. Mike Tyson said it the best. Everybody has a plan until they get punched in the face. And then the other one is, I remember being in Ramadi, Iraq and young TFC on the on the machine gun, 50 cal, he's like, hey, sir. I was like, what's going on? He's like, they're shooting at us. I'm like, I know. That's why we're here, son.
Ricoh Danielson:
Let's go. And so, it it just it's okay to war game. It's okay to train whatnot, but you need to take it a step further and actually really believe and breathe this stuff. Because if you're just saying, hey, we're gonna do the tabletop exercise. Our executives are here. You go get lunch. You go get trash at the steak, local steak house afterwards. That's cool.
Ricoh Danielson:
That's cute. Right. But you really, really need to like warfare train a simulated gamify something where you're going to remember, like, this is my role. This is my partner's role. Something in the special operations community that has done quite a bit is I know my job, I know your job, I know their job, and I know everyone else's job. So in the event I go down, they can take care of it. Same methodology should be applied at war game.
Rachael Lyon:
Right. It seems like a lot and very complex though, right? And and trying to prepare for so much of the unknown, right? And and there's only so much you can do.
Ricoh Danielson:
Yeah. I think if you pull yourself out of your environment, you can see the true nature of your, of somebody or your team. Right. So that's why in the military, even, even in law enforcement, we're like, hey, we're going to go over here right quick. And we don't say anything. We just go. And then all of a sudden the simulation's on right. And it's like you get hit from both sides and taking fire and someone will schedule it and you get the worst case scenario.
Ricoh Danielson:
And so if you, I think if you do that, but here's the thing though, we have to be, I have to be mindful of is that not everybody's a soldier and this is a job to them. I live and breathe cybersecurity. I love this stuff. And I treat it as a lifestyle. So I have no problem being in the element versus my friend over here. Sarah, she's like, I'll get to it. You know? And and that's okay. Or Jon or Sean is like, is it really that important? I'm like, yeah.
Ricoh Danielson:
Everything's important. You know? So balance. Balance. Yeah. Yeah.
Rachael Lyon:
Jon, do we wanna segue into my favorite portion of the personal panel?
Jonathan Knepher:
Yes. Yes. I was I was leaving it for you.
Rachael Lyon:
You know how I feel about this. Well, one of my favorite questions that I love to ask, you know, is is getting on the path to cybersecurity. I mean, you you talk about digital forensics, you know, in the military, but, is this an area that you had even thought about, you know, growing up or it's just something that you came upon and it sparked this interest and excitement, right, and challenge?
Ricoh Danielson:
So, it's a very interesting answer, or a very interesting question. I'll give you an answer. I thought for all my life I was going to be a knuckle dragger guy out on the battlefield. I was okay. That I was like, I'm going to probably die here and that's okay. Like, I'm, I'm okay with that. And then life happens and I get, I get injured a couple of times in Iraq and Afghanistan, Twenty Fourteen. I got shot and I was like, Hey, I kinda, I think someone's like, Hey, you shouldn't come back here.
Ricoh Danielson:
You know? Great idea. And my father's statement would be like, use your mind, use your back, just be the best at it. Right. And I was like, I think it's time to use my mind. And so that's when I was like, Hey, I should start doing these things. And I've always thought about catching the bad guy, right? Bad person being operator, going to law enforcement organizations, you know, working at, you know, in the attorney field and whatnot, go get the bad person. But why can't I do it from a digital perspective? And that's how I kind of spawned from there. When I first came to digital forensics, I was not a technical person whatsoever.
Ricoh Danielson:
I was very much having the policy, GRC, auditing and whatnot. And I remember a lot of the cyber community, when I first started, they're like, dude, you're just an idiot. And I'm like, oh, that's not nice. And, but I realized in order for you to compete with the best, you have to be the best. So I became the best. Right? Exactly. And and I know I'm an outlier myself because the one the way I look, the the fitness that I am, and number three, like, the way I talk, in the cyber community. So I had to actually kind of become a chameleon and work with everybody.
Ricoh Danielson:
And, One of the things I always tell people is if you're gonna get into cyber, you don't have to be technical. You can work up to be technical, and that's okay. Just do not BS anybody because there is somebody who's gonna be extremely smart on that call, and they're gonna be like, that doesn't work. That's not true. And then it becomes like this argument, like, which is not needed and public berating is not needed. Right? When I would do calls, right, I remember my first CISO gig. I remember that, and it was an eye opener. I came out.
Ricoh Danielson:
I was like, hey, folks. Just let you guys know. I'm not the smartest person in the world. I don't have all the answers. I'm looking to y'all get the answers. And they would a level set very quickly. They're like, oh, thanks, Ricoh. I'm like, you're the network admin.
Ricoh Danielson:
Tell me what I need to do. And they're like, go, Ricoh. And it it was better that way. Right? Yeah. Because prior yeah. Because you
Rachael Lyon:
can't I mean, it's what I I find so fascinating about cyber, you can't fake it. Right? I mean, it it's they're clear, like, yes, no, black, white, if you will. You can't just kind of zhuzh your way through, which which I really appreciate and enjoy about this industry. Right? Because you're constantly learning. Constantly.
Ricoh Danielson:
Yeah. Or you're going to get schooled very quickly.
Rachael Lyon:
Very quickly.
Ricoh Danielson:
All those
Ricoh Danielson:
people.
Rachael Lyon:
So digging a little more on the personal side, you know, we used to have a government business and, you know, a lot of former military were part of that organization. And you and you talk to them a lot about their stories and, you know, some of them didn't work in cyber or anything, you know, and they came out of the military kind of not sure what was next, you know, and and you lose that framework, right, of everything scheduled and, you know, you go here at this time. Do you did you find that having that cybersecurity skill set helped you with making a transition from, you know, from the military to more kind of private life?
Ricoh Danielson:
Yeah. It it did help because in cybersecurity, there are sequential orders, right? This needs to happen. This this is not true. If you go here, they're gonna so give me like a good working chart. I think prior before getting out of the military, I think one of the things I was trying to get forward in law enforcement. It wasn't till later that I got law enforcement. And so it actually helped me provide a more clear direction of, okay, if this is true, then this is true in cyber. So it gave me more of a pathway forward.
Rachael Lyon:
And thinking in totality of all the things that you've done, all yeah. You know, all all the missions, all the all the experiences you had. Right? I mean, what's I mean, what's been the most impactful to you or what kind of, you know, really stopped you in your tracks, in terms of, wow, wow, that was unexpected.
Ricoh Danielson:
Well, 2014 was one of them, you know, getting shot. But I think it was like the mentorship of, of, you know, men when I was a young man of a very, very diverse group of men, you know, black, white, Hispanic, whatever. One of them came to me. I remember his name was Sergeant Sullivan. And he came up to me. He's like, like, Alright, Ricoh, so life's gonna happen, this will end. What type of man are you going to be? Not what I wanted to do, but what type of man I wanted to be? And I was like, well, okay, well, like, what about what I want to do? And, and he's like, that'll come. And so I've had a really good, those, those are the moments actually kind of stuck out.
Ricoh Danielson:
The other one was, getting one of my first CISO gigs, right? Chief of security officer and understanding how to be an executive that that was really eye opening. There's a difference between director and VP and then the CISO, like the acumen you have to have the way you have to talk, the way you have to present yourself, you know, can you take harsh criticism, you know, stuff like that. I think those are the two biggest points of my cyber life, that I kind of look at.
Rachael Lyon:
It's a really good point. It's, you know, we hear a lot of, you know, CISOs and, you know, how do you have these board level conversations because these are business conversations so you have to present it in terms that the board understands. Do you have any, you know, kind of boards of wisdom for CISO struggling here?
Ricoh Danielson:
Yeah. Yeah. Okay. So one of the things I this is me suffer flipping. Right? So I was a very scrappy chip on your shoulder, sis. So like, yeah. That's stupid. Don't do that.
Ricoh Danielson:
Right? That is not going to work well with people who control a medical organization. That is not gonna go well with the people who own a bank. Right? Owners of a bank, not just participate, but owners of the bank. Same in pharmacy. Right? My my skillset is huge in in medical. So you I hate saying this, but you have to become like them to speak to them. Right? If they dress a certain way, you might want to dress that way. If they look a certain way, you might want to look that way.
Ricoh Danielson:
They speak away, you might want to do that. Right. And the other part is know how they want to be presented to you. I've had tons of bosses, ruthless bosses. They're like, your presentation is crap and go. Right. Or, and what I realized for myself was, I don't want to be that awesome. Like, Hey, appreciate the effort.
Ricoh Danielson:
Might want to try this one. Right. When it comes to the executive investor level, kind of where I'm at now is, is like, Hey, what are we trying to achieve? You can have a no nonsense, no BS conversation without profanity, without being mean, without being anything like that. You know? And then on top of that, I hate saying this, but like a lot of men in the cyber community have a really weird way of talking to women. So you need to control that. Right. And know your audience and know, have respect, not only for yourself, because if you look like an idiot, you're going to present as an idiot. Right.
Ricoh Danielson:
So, yep. I love that person.
Rachael Lyon:
If it walks like a duck, talks like a duck. Oh.
Ricoh Danielson:
Mike is dumb.
Rachael Lyon:
Jonathan, did you have any I I know we're coming up on time. Did you have any more questions? I know I've been monopolizing this entire conversation.
Jonathan Knepher:
I just wanna tie some of the pieces together. Right? Like, I I think your your journey through being going through law school in the middle of of this is very intriguing to me. How how how did you come up to that, and how did that it feels like that might have helped balance out some of the the cybersecurity after the the military experience.
Ricoh Danielson:
Yeah. So I was in middle of law school, and here's what I wanna do. I was like, I'm gonna be the best criminal defense. And I was like, Nah, I don't wanna do that. And then I was like, I want to do sports athletes, right? And any entertainment. So I got a little bit into that. And then I was like, this is really boring, because you deal with some crazy athletes and some crazy celebrities. And I was like, is the money really worth it? Because they come up to you, they're like, Hey, I need to I need to pay somebody shut up.
Ricoh Danielson:
And you're like, dude, what are you doing? And so if you just come to the point of life, you're like, do I really want to do this? And then the great thing about digital forensics in the middle of law school was digital forensics doesn't talk back. It doesn't is it's evidence. It's like, hey, this is what happened here. This is the truth. And the thing is, the truth kind of was like, there's you're representing the evidence that cannot represent itself. And that's what just kind of drove me to it. I was like, you know what? This zeros and ones has no fighting chance in hell court. I'll represent it.
Jonathan Knepher:
I like that. And and I think that's true. Right? Like, coming down to and finding the truth and, and being able to express it in a way that that aligns with, you know, the expectations, as well. So
Ricoh Danielson:
The truth the truth is either zero or something zero or one right?
Rachael Lyon:
This is satisfying I imagine right? I mean it's
Ricoh Danielson:
when I had my own private investigating firm, like we were doing forensics and like, and we would see everything like missing persons cases, like, we're like, alright, well, we ping the cell phone this way. This is the way and they were like, Oh, it worked. Yes. The other one was, you know, infidelity cases, like we would dump people's cell phones, and we're like, oh, alright, that's new. And then, you know, like the contraband cases, then, police departments would come to us all the time and be like, hey, guys, we can't get past the passcode. We have a murder case. And we're like, alright, we'll help you out. And this is how we would do it.
Ricoh Danielson:
We can't touch the computer, but we'll show you how to do it, you know, stuff like that. Like, it was really like, that was a fun time, real fun time. You know?
Rachael Lyon:
I imagine because it's it's kind of helping crack the code, right, to open the case wide up and, you know, get on the path to solving it and identifying perpetrator. Right. Or on
Ricoh Danielson:
the other side. Yeah. On the other side, we would have defendants like when I was working with the Office of Public Defense, we had a guy who was locked up for fifteen years, and nobody had ever looked at the cell phone, triangulation. And when I looked it over, I was like, Hey, I threw it out there. I was like, motion to dismiss based upon evidence. And they were like, Yeah, no problem. Boom, gone. I was like, Oh, man gets slapped back.
Jonathan Knepher:
That's awesome.
Ricoh Danielson:
So pretty like, I think it's balanced on both sides. That's why I love the evidence. The evidence is there.
Rachael Lyon:
Zeros and ones, right? Yeah.
Ricoh Danielson:
Zeros and ones are zeros and nothing.
Rachael Lyon:
Yeah, it's I love these, you know, murder shows and things like that. And and it it's crazy that, you know, some innocent people, as you know, right? Like before kind of the DNA typing and and all those things that, you know, could get have been wrongly accused. And it's been so long in in prison. And then you know these technology advancements you know give them an opportunity to to reclaim their life and I just I I hate to hear those stories but I love that there is remediation for those people. That's that's really exciting.
Ricoh Danielson:
I think for my next, my next trick, I already created it. I sold it. It was called autism care app, right? It was for an artificial intelligence, application that goes on your phone to treat people who live with autism, right? And who are functioning functioning people. But I think the next thing is to take that data set model and figure out not necessarily a cure, but also a means of method modality of how to make life a little bit better.
Rachael Lyon:
So to that point, I we love the AI topic. I mean, where where do you see that going and and kind of role that it plays both in the cyber warfare as well as the cyber solutions?
Ricoh Danielson:
The first one to win the arms race is going to win the war. So what I think, I think The United States is a little bit behind, maybe, maybe a couple of years behind because we're barely saying we want our own national artificial intelligence, even though there's DARPA or whatnot. China has came out and was like we have our own national artificial intelligence and they're using it for bad, right? They're using it for global domination. We want to use it not only for military presence, combat, warfare, but also strategic alignment and also initiatives that can help us out. Right? So, I think The United States has enough, and we are the American dream, and I think it's they're gonna push forward with that. So
Jonathan Knepher:
If if it were to run as a national program, how how would you balance privacy and efficacy? Because those those seem like they're a little bit opposed.
Ricoh Danielson:
Something's gonna have to bend it. I hate saying that. Efficacy is, based upon moralities and the set of morals of interpretation. Right? If, if the person, the developer is, has an efficacy in the morality or the morale basis of XYZ, then don't go that way. Now, when it comes to privacy, I hate being this guy, but like there isn't a privacy. There there there is none. And so the thought is a good legal argument, like, you know, GDPR and also California rules regular. And that's great in theory, but reality, it's it's a failed policy.
Rachael Lyon:
It sucks. When GDPR first came about, I remember hearing a lot about companies, you know, like, you know, I'm just going to roll the dice and see how it goes, you know, because who's knocking on all the doors to check if these things are happening?
Ricoh Danielson:
So now now and I'm glad you brought that up. Now you have the premise of the SEC prosecuting CISOs. And so that actually sets a precedence, legal precedence in saying, hey, if you don't comply, we will legally reprimand you. In Mexico, Colombia, and Brazil, they actually do prosecute executives for technology negligence.
Rachael Lyon:
Yeah.
Ricoh Danielson:
And it's jail time and fines stuff. Yeah.
Rachael Lyon:
I've been hearing a lot more about that in recent years and, you know, boards becoming, you know, culpable, financially culpable, you know, when these incidents happen, you know, the stakes are very high.
Ricoh Danielson:
Look at the case of Uber, right? The Uber says, oh, the dude got jail time. And it that that's it. I was like, woah, way home, we're sending people to jail now. And, there was a specific senator who was like, just beating on the harp on them. And they she do a lot of money at him. To put him in jail and money. He did nights in service. He did.
Ricoh Danielson:
I think he did one year in jail and five years probation. But he's okay. But still like that, that put us as executive CISOs are like, like, woah, hold on. Yeah what what are you gonna do legally protect myself now?
Rachael Lyon:
Wow do we see that hindering our industry? I know we have a talent gap. Yeah. You know I hate to kind of thwart people from you know wanting to be part of this but also that that's a tough one to walk into.
Ricoh Danielson:
Yeah, I would definitely say my advice to CISOs or people who want to be CISOs always, always tell the truth or tell the tell the truth about the risks, right? Like, hey, here's our risks and document them. Number two, get yourself some sort of protection. Either be a good attorney, get yourself a good attorney or have one on retainer or the other part I'm starting to see is called DNO insurance director and officer insurance. Get that protect yourself. Because the business world has no loyalty, right? Cyber has no loyalty either. Unfortunately, zeros and ones. But I definitely recommend like it's a hell of a ride. I'll tell you that right now.
Ricoh Danielson:
Wow.
Rachael Lyon:
Alright. Jonathan, anything else? I just wanna be respectful of time.
Jonathan Knepher:
I don't know. Ricoh's now has has me all scared. So
Rachael Lyon:
I know. I know. I could keep talking, like, for
Ricoh Danielson:
an hour
Rachael Lyon:
or two. Make sure we cover all our bases. Well, Ricoh, thank you so much for joining us, today. This has been a great, great conversation. And thank you for, you know, putting up with all of our peppering of questions because this has been a wonderful, wonderful perspective that our listeners, haven't had before. And that's why we do this.
Ricoh Danielson:
Absolutely. We should do it again. Let me know. I'm here to be service and rock and roll.
Rachael Lyon:
Awesome. We love that because a lot can happen in a year.
Ricoh Danielson:
There's a
Rachael Lyon:
lot to talk about. We will absolutely take you up on that. So to all of our listeners, thanks again for joining us this week. And don't forget, you gotta smash. Right, Jonathan? Smash, smash, smash.
Jonathan Knepher:
Smash that subscribe button.
Ricoh Danielson:
Yes.
Rachael Lyon:
And you get a fresh episode right to your email every single Tuesday. So until next time, everybody. Stay safe.
About Our Guest

Ricoh Danielson, Digital Forensic Expert | Fortitude Tech LLC
Ricoh Danielson is a U.S. Army combat veteran of Iraq and Afghanistan. He is a digital forensic expert specializing in cell phone forensics for high-profile criminal and civil cases. Ricoh has a strong passion for cyber security, digital forensics, and incident response, which led him to start his firm, Fortitude Tech LLC, in the middle of law school, making it a powerful digital forensics entity in Phoenix and across the nation. He now owns 1st Responder, focusing on helping small to large businesses with incident response.
He is also a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management.