The Hacker Mind Podcast: G-Men in Cyberspace

Fighting organized crime online might seem like a logical extension for law enforcement, but, in fact, it is not all that straight forward. 

Michael McPherson is someone with 25 years in the FBI, who has transitioned out to the corporate world, and can best describe the experiences on both sides of fighting cybercrime.

Listen to the latest episode at The Hacker Mind.com

Vamosi  More than twenty years ago, foreign terrorists bombed the World Trade Center in New York City.  I'm not talking about 9/11, I'm talking about February 1993. 

CBS NEWS:  Dan Rather, CBS News reporting from New York, where fire officials here in New York Cities now say that fires are burning in both towers of the World Trade Center that's right at the tip of Manhattan. The fire officials say smoke is billowing in the hallways of the twin 110 story towers at two towers. They're both honored and 10 stories. People are being evacuated from both buildings. Early indications are that perhaps 100 injuries or more.

Vamosi  That day in 1993, six people died and the event was front page news for weeks. It ultimately led to a federal terrorism investigation and in March 1994 four men were brought to  trial for carrying out the bombing. One of the defendants stated that he hoped his explosion would topple Tower One which would then fall into Tower Two, killing, in his estimate, the occupants of both buildings, which he estimated to be about 250,000 people. This, he said, was in revenge for the US support of Israel instead of for Palestine. Ironically, about eight years later, another group of terrorists flew two commercial jets into each of the Twin Towers and brought each of them down at a cost of more than 3000 lives. Here’s ABC news from that morning.

ABC: A fire in the World Trade Center was reported, this occurred about 15 or 20 minutes ago in downtown New York. In New York time, that would have been about 20 minutes or a quarter of nine. This is a time when literally 10s of 1000s of people are coming to work at the World Trade Center.

Looking at the top of the building you mentioned there's an observation center and I don't know what time it opens but I think it opens fairly early and people are up there at all hours of the day. Families of tourists coming in to look at the City of New York from the top are also there. I don't know if this building has the restaurant on top of it as well. But in those high floors, there are places where tourists team in the morning even if the regular workers weren't in and we remind you again that there was a terrorist bomb that did go off at the World Trade Center. years ago it was down in the garage level but we have

no way related to that. Right now on dealer ABC is doing dealer who was on the scene Don just give me some description again of what your what you can see now

what we're seeing, it appears that there is more and more fire and smoke enveloping the very top of the building and as fire crews are descending on this area. It does not appear that there's any kind of an effort up there yet. Now remember oh my god ... it ooks like a second plane ... that just exploded. I just saw another plane coming in from the side . That was the second explosion. You could see the plane come in just for the right hand side of the screen. So this looks like it is some sort of a concerted effort to attack the World Trade Center that is underway in downtown New York.

Vamosi I realized this isn't the typical InfoSec opening for The Hacker Mind but it is an important backstory for this episode's guest. He's a former FBI agent from New York City, one who fought drug lords and terrorists and then went on to help form the FBI cybercrime division. We know today. I hope you'll stick around 

[Music]

Vamosi Welcome to the hacker mind it original podcast from for all secure. It's about challenging our expectations about the people who hack for a living. I'm Robert Vamosi. And in this episode I'm talking with someone with 25 years of experience with the FBI who has now transitioned into the corporate world and who can best describe the experiences on both sides of fighting online crime today.

[Music]

Vamosi  The Federal Bureau of Investigations The FBI is a kind of a Federal Police for the United States. If a crime happens beyond the border of a given state or territory it is the FBI who will step in and handle the investigation. Here's a 1930s propaganda piece with FBI Director J. Edgar Hoover. 

FBI:  Of this one branch of the Federal Bureau of Investigation, the G Man. This is a Bureau of scientific mind. You monitor up to the minute in action Dan Meyer, the FBI and never sleep. The G men have become a legend. So what's the mystery behind their back? There's heroism we know that the memory of special agents who have given their lives to their duty to them and to their families. This picture is dedicated to soldiers in war while the world is at the victorious war that the G men have waged against organized crime. What mystery is there behind that triumph of law? Let's see. Let's ask Januar who, who as a young attorney became in 1924, director of the G-MAN

Hoover: Nothing mysterious about the manner in which the Federal Bureau of Investigation works. Its formula is a simple one. intensive training carefully investigated and highly efficient personnel plus rigid requirements in regard to conduct intelligence and integrity. The Special Agent must be a good marksman and have the courage to shoot it out with the most venomous public enemies. He must know how to take fingerprints and what to do with a mask. You must know that no clue, no matter how seemingly unimportant can be overlooked. You must have constantly before him the fact that science is a bulwark of criminal investigation, and you must realize that no case ever ends for the Federal Bureau of Investigation until it is solved and closed with the conviction of the guilty or the acquittal of the innocent. 

Vamosi The FBI agent is a common element of most crime shows today. Growing up I had a friend whose father worked in the FBI and he was just an ordinary dad. He showed up at things he was an ordinary person. But what he did was very important and still a lot of mystery around what he actually did. And then there are those that transition out of the FBI and go to work for private enterprise.

McPherson:  It's Michael McPherson. I'm the Senior Vice President of security operations for reliaquest.

Vamosi Michael McPherson is one of the people I interviewed at RSAC this year and he was there to support his new company

McPherson:  At Reliaquest. We like to say we make security possible for our customers, right? So what does that mean to them? We talk about how we're trying to increase their visibility of their network, we want to decrease their complexity of what they're seeing and help them manage risk. And how we do that is through using our security operations platform, gray matter is built on an open XDR architecture and we provide this as a service across their telemetry or whether it's on you know, on their network and their cloud or at the endpoint, or across all that telemetry. We can do that for them and provide that service anywhere, anytime.

Vamosi So you would think that if an FBI agent was working in cybercrime that they would have an experience working in computers to begin with, not the case with Michael, he started out working out as a typical FBI agent in New York City,

McPherson:  In the early days. I actually started as a drug agent up in New York City. And so you know, it's kind of an interesting journey of being in the FBI and how I ended up in this position because a lot of people asked me that, especially whenever like, was hey, how did you end up here?

Vamosi So both bombings in 1993 and 2001, of the World Trade Center, they each had a profound impact on Michael McPherson, as it did on all of us. He vowed to make a change in his life to better help the country.

McPherson:  It starts back in New York with his drug agent working in New York City working at Colombian drug squad, you know, just thinking that I had it all figured out, right that I was what I considered doing God's work at the time taking drugs off the street, putting bad guys in jail, doing the stuff you'd see on movies, car chases across the George Washington Bridge, undercover operations, you know, early morning rates all that stuff was fun. I was young single guy in New York, but I was ignorant to a lot of things were happening around the world and especially the terrorism threat. But I had no right to be as in the FBI, working in New York City, or office at 26 Federal Plaza is seven blocks of world trade center that had been hit in 1993. And six people were killed. But I never thought about terrorism. I didn't pay attention to it. What I say it was I was willfully ignorant to the threat of what it was about because I was just doing my thing until September 11 happened that day when I was working what I witnessed that day

Vamosi: If you were alive then, September 11 was a day of wall to wall television coverage of the fires and then the total collapse of buildings one and two. The deaths of more than 3000 individuals, with many more to die years later from contamination. And of the buildings damaged, Building 7, was also a hub for the FBI and other federal agencies. That damage done on 9/11 was a wake up call for everyone -- the United States had, in fact, been be struck by foriegn terrorists. And 9/11 made a change in how we as Americans viewed the world, and how our government and law enforcement agencies viewed their role in the world, and online.

McPherson:  and up until that day, I think the FBI was the best reactive law enforcement agency in the world. But we were not proactive enough in stopping things. And since that day, I think the FBI changed the country but I also have this whole optic of instead of being reactive, proactive, and that kind of led me on a journey over the next 25 years. How we ended up here at this point. And you know, there's a lot in between that but at the end, I totally understand the cyber threat that that the nation is facing. And I told myself that I didn't want to be on the sidelines again, when the next major incident happened. So I can still be involved in something when I found a company that their sole mission is making security possible for customers partnering, what you're doing that just aligned exactly what I was doing the FBI so it was a great fit for me.

Vamosi So in 2001 Did the FBI have a cyber presence? Or were they in the process of still building it?

McPherson:  We're building it very nation state I gave him like, within a year or so I shifted to the counterterrorism effort when the FBI and trying to build this big machine and we talked about the cyber, the cyber terrorism threat that the nation faced and really back then it was a nation thought, hey, we started to brainstorm what could they do, but the adversary had no capacity, no capability to really do it. And then maybe had a will to do a couple things. They'd like to do some things, but they had no technical expertise to do it. So the vast majority of time we spent on the early days into cyberspace specialty care and tourism was how are they communicating? And you're using web forums and how are they moving some money around and that type of stuff, it was very, not sophisticated for significant period of time, unlike today, where you see, you know, the complex nature of nation state actors and you know, advanced criminal organizations that are given safe haven don't attack that the spectrum is wide now.

Vamosi So given Michael's experience with drug lords and terrorists, what is his opinion of the barrier to entry for people that are getting into cybercrime today? Is it hard? Is it something that takes rocket science? Are these petty thieves that are just turning to the online world? 

McPherson:  Well ,the barrier for entry to cybercrime is pretty low, right? So you can get people that are not sophisticated and getting into space right? They can go out and one website and buy credentials, they get on a network, and they can want another one to ransomware as a service provider. Ransomware he won't attack right? And where they're gonna go, they're gonna go to the least common denominator.

Vamosi This is a simple fact that if a criminal is walking down the street, that criminal is going to break into a house with an open window and a door that's unlocked. It's just common sense that the barrier to entry in this case, literally is pretty low. McPherson doesn't mince words here. You know,

McPherson: I think some of these companies are actually negligent in some of their cyber hygiene like they're allowing themselves to expose it as and at that level. At the unsophisticated hacker ransomware type. individuals, small groups, like they're just as many people they can probably find success, right? It's more of a harmless word. But on the other side of the spectrum you have these nation state actors who are really complex and really good, they want to get to networks, they're probably gonna they're gonna get into a network, but I think you're slowly going to see this convergence. I personally think this of this nation state actor with the cybercrime, hey, we built up a skill set of people working for a nation state, right? What's to stop them from moonlighting now and taking their skill sets out on the side and then and now making some money on it while they're still doing their day job. 

Vamosi Okay, so that's crazy. You have someone who works for the government to break into systems in other countries. And now they're taking those skills and at night, and on weekends, standing to make a profit from what they've learned through their governments

McPherson:  from the complex side of the nation state actor through advanced criminalization, to the low barrier of entry of, of people entering this dangerous field. It just makes it so much broader to defend against so I've always said, you know, we talk about just fundamental basic cyber hygiene and I'm tired of talking about it and companies are tired of hearing it. But I don't think the needle is really moving. 

Vamosi So given that an investigation is still an investigation, are there methods of investigation similar to what he was doing 20 years ago with drug lords? What he's now doing in cybercrime? Yeah

McPherson:  I mean, we have to be smarter and how we're doing it. So we have better tools than we've had before. We're stronger because of our partnerships, even just within the US government, like we talked those dysfunctional days and even years after September 11, of how agencies were probably too busy finger pointing at what happened and really trying to solve problems.

Vamosi There was a fire in Northern California in 1991 in the Oakland Hills, and it grew rapidly out of control, overwhelming the Oakland Fire Department. There were other surrounding fire departments. But there was no formal way to contact them and enlist their help. Well, many did volunteer and drive their trucks to the fire, many more could have responded as well. Afterward, a system of mutual assistance was formed among the various municipalities in the Bay area of California. And this mutual aid system has been used many times since. Something like that was needed with online cybercrime or

McPherson: Our computer system did not talk to each other. So the FBI, the CIA, the NSA, the DOD, and like all those government agencies, that people think we should have all this information trying to connect those dots is so much easier said than done. And there were some healthy, probably mistrust among agencies at that time, too. So really, those growing pains we had to get through that are really highly functioning now at this point, you know, this many years later. And I think what you've hopefully what I think people have witnessed in those years after the US government really invested in partnerships among local and federal agencies working together, but in the last few years, we've made a shift as we need to do that same thing with the private sector, right? So we need to reach out more or we need to share more. We need to share when it makes us uncomfortable.

Vamosi One of the many successful public private partnerships is InfraGard. This is a partnership between the Federal Bureau of Investigation and members of the private sector that are aligned along the different segments of the US critical infrastructure. And there's a counterpart there's the 27 sector based Information Sharing and Analysis Centers are ISEC that are typically coordinated through the US Secret Service.

McPherson:  And I think too many times we're hiding behind this information secret, right? COVID secret We can't tell you what really what secret was the sources and methods that we how we collected it, but the actual information wasn't secret. So finding ways to get the information without exposing the sources and methods. And, you know, I think in the last couple of years, you know, as the LG agent in charge of the Tampa field office, overseeing his area of everything for cybercrime, to now security issues and being able to talk to CEOs of companies about you know, their exposure when they got hit by a ransomware and how they deal with it and walking through and talking through the US government capabilities, and how we can partner with them. So that's what makes us more effective. We talked about security, being a team sport, and that's what that really really means is that you're building these relationships before incidents and before problems happen.

[Music]

Vamosi So when I look at the government, I see a lot of acronyms. How does one separate who covers what, for example, does the US Secret Service do cybercrime? They do. But how do they differ from the FBI? And then there's the Cybersecurity and Infrastructure Security Agency, or CISA

McPherson:  CISA. Yeah, there is I think that's some of the maturity level which is plenty of work to go around. And I think in the days gone by, we fought about it. We have a strong relationship with CISA. You know, they're not a law enforcement intelligence agency right there. They're providing hardening of critical infrastructure, evaluating it, which goes hand in hand with us so we can partner with them and make us even stronger. There's nothing more frustrating for our company, and all of a sudden the alphabet soup of government agencies start showing up under an incident like they don't understand who we are. So the more we can show up and we can define, here's what I do it here's my partner does, you know the secret service there is some overlap with us, which is fine. We welcome their expertise and the space as well, too. I imagined it could be confusing to people if we don't message it right, right. Because we shouldn't be competing. We should be complementing and what we do. And I think, I think, you know, I'm probably biased where I came from, but I think we're doing a better job of that today than we ever had before. of sharing information you'll see sitting on each other's task forces, you'll see secret services and FBI space and FBI Secret Service base to deconflict those types of issues.

Vamosi So that's great that all of these agencies will show up. The problem is how do you choose a hierarchy to pass it around? Like, oh, I was the leader last time now it's your turn. Does that work? Somebody's got to take charge.

McPherson: I mean, yes and no. We're usually working together and sometimes we'll get copies and we'll say, Okay, you export, it'll export. Let's see, if we come up with the same thing, right, we're sending we divvy up certain jobs, hey, I'll do this part of it. And you do that part of it. Let's put let's, let's put it together. Because, like usually, you know, we're resource constrained, constrained as well too. Right? And depending on what the network is, someone in that team may have an expertise. Hey, this is something you specialize in more than we specialize in. And sometimes our local partners, the local sheriff's office and the guys are well advanced today. They can do it has to be the federal thing that has to be a solution.

Vamosi Okay, this makes sense. If someone is good at something, you should always try and leverage that, even if that person is in another agency.

McPherson:  And I think as long as we're, we're coming to that level, and that's where it comes from the bosses to set the tone. Like it's not like the movies we show up on our array Jack and say, Okay, we're in charge. Nobody stand back. We don't need to do that anymore because we've matured sure 

Vamosi maturity accounts for some of that. But I would still think that you would need a hierarchy to deconflict and handle resources more effectively.

McPherson:  And I talked about that maturity that we learned in those painful days and years was a temporary limit of how you partner and how meaningful partnerships are, but we can push that into all these other avenues, whether it be counterintelligence, cybercrime, traditional crime, all those types of things, we realize how much more powerful we can do with our partners.

[Music]

Vamosi There's been a lot of analogies between the drug trade and terrorism in the real world  and mapping that into online. Given Macpherson's experience with actual drug lords in New York City, is the drug trade analogy, even accurate for online crime.

McPherson:  Yeah, there's a parallel for that, but I also would say that, you know, as much as we talk about the Big Four threats to China, Russia, Iran, North Korea, like the big like, there's nobody better than us as a nation in our capabilities. And when you see our, our intelligence and law enforcement people sitting down with the major Silicon Valley companies and talking about, you know, having hard discussions about privacy and security and all those types of things like those discussions aren't happening in other places. So as you know, we wring our hands sometimes and we think we're losing like we're still getting hit and if anybody gets hit on critical infrastructure, you know, it's a disaster. It's a mess, but I still think our capabilities, our offensive capabilities, that you know, whether it be cybercom that will, when and if we choose to unleash those types of things are powerful. So, you know, and I think certain adversaries understand a framework better than others, and I think that's the political dance of it as well too.

Vamosi So given that analogy, does the way the FBI handles these crimes today online map to the way it handled the drug lords back in the 1990s?

McPherson:  So these are our what I'm talking about criminal organizations, Eastern European criminal organizations sitting over there, you know, that are well organized. They're effective, they're there. They're powerful. They're

Vamosi: This sounds like we've had trouble bringing these people to justice and shutting them down. If we knew who they are. Why are they still out there?

McPherson:  Some are  given a safe haven, where they operate, there's an understanding of don't bother us and we don't bother you. So providing that safe space for them to operate in is dangerous. If you look at what happened after the Colonial Pipeline, you know, there was a lot of Western pressure put on Russia, on our evil and what was happening over there. sites were taken down. No, it felt like maybe there was headway happening. But I think that Russia Ukrainian push, push that and in the opposite direction.

Vamosi In early 2022, Russia was clamping down on online criminal organizations. And then, with the start of their conflict with Ukraine, Russia stopped. This then seemed more of a political gesture than an actual crackdown on actual crime.

McPherson: There are 100% political pressure on this. Yeah, there's a political aspect to this problem as well too, because there are people operating in safe havens that you know, they don't, they don't travel. It's pretty hard for us to put our hands on them. Right. So somewhat operating with impunity, sometimes

Vamosi And so it's almost like cooperative nature, before an invasion was kind of a way for Russia to enlist goodwill among other countries. And then when the invasion happened, it was very clear that that goodwill wasn't going to last. However, in light of the war, there's been a lot of cooperation among the nations who are supporting Ukraine. And I cover this more in depth in Ep 50 with Mikko Hypponen.  

McPherson:  Western nations got phenomenal. It's because everybody knows that no one can do this alone. They really can't like one agency can't do it when the government can't do it. When a company can't do it, even private sector companies are leveraged. I've always respected you know, in the cyber field, there's a healthy partnership or Brotherhood or sisterhood among CISOs. Around companies, right? They may be competing companies with different interests, but at the sisal level, like they all want each other to succeed, right and they want to share best practices and what's working, what's not working. And you can see it at conferences like this, where they're getting together and really talking about security. And I think that's when we start winning, right when we had that down and you see that more and more. It's not circling the wagon, just only caring about my company. It's Hey, if you're stronger, I'm stronger. Right. And I see that a lot. This is a community. I think it's  heartening for a good way for this country. Right. Because, you know, economic security is national security and I believe that you know, cyber, the cyber threat landscape is a destabilizing force in our economy, right and that threatens our national security.

[MUSIC]

Vamosi McPherson has been outside the FBI for a while; he has a unique perspective in seeing the public private cooperation from both sides. I

McPherson:  personally know the FBI is taking leaps beyond that, right? Like I had, I was on a call with a CEO of a Midwest hospital system. You know, a year ago that got hit by ransomware and talking through it said, Look, I don't have the keys, and I certainly don't want you to pay for ransomware. But let me tell you some intelligence about this. strain of ransom. I know if you negotiate, you can negotiate it down to 60% of what you're paying, like, here's some things I know. I knew if I told him this stuff, he's probably going to pay. Like even I don't want him to but if I when I told him all the intelligence I knew about this network, I said this guy's probably going to pay but I needed to build that trust and say I'm gonna give you everything I got. So because I do want to know what he knows I want to access his computer, I want access to information. And you have to build trust somehow.

Vamosi Trust is hard, particularly in the security field. And it's always a two way street. You have to be able to trust the government agency, and they in turn, have to be able to trust the company.

McPherson:  You have to give stuff that maybe years ago the FBI would never sit with a CEO of a company and say, hey, you know here if you decide to negotiate, we've seen you have at least 45 days you can string this along before anything gets released. So you're tight, you can start talking about the timeline and get things together. So again, telling him those things. He's probably just something strategically I didn't want him to do, but I had to let him make a business decision based on all available intelligence. And I think that's how you build trust, 

Vamosi given that McPherson was once in the FBI does he recommend to his customers that they join InfraGard are one of the ISECs

McPherson:  Yeah, 100%. They know, information is power. Right? I know threat management, threat intelligence, and understanding that threat. Intelligence has to drive operations. So you have to make sure you're putting yourself in a space where you can collect an understanding intelligence and understand what it means to you. And I think that's where companies are failing. So we're saying just do this phishing test, but we're not really understood explaining the threat to people and I think if people understood threats, they would take better actions. So it all starts with intelligence, intelligence, sharing, joining InfraGard belonging to ICESat from all those types of networks who have a better understanding of it, and then you could understand how it affects you are you is your, whatever sector you you're in, is there a narrow supply chain going through there that's going to affect you and only for the company that that supply chain hit, they can hit you all out like so really understand how it affects you and I don't know if we spend enough strategic time thinking about that. It's, you know, playing Whack a Mole sometimes, which everybody's busy, we're all busy. But I think as leaders, you have to learn to carve out time to have that thought process and, mapping out where you are and where you want to be. 

Vamosi So what I'm hearing here is that it's a matter of conceptualizing it a bit more just telling people to do phishing tests. That's an isolation. They don't necessarily see how it impacts the broader scope of things.

McPherson:  Yeah, they may not understand, Oh, my company doesn't have anything anyway. Why would you want to do my company or not that can happen there or, you know, something else or catch it? Or you know what? I don't understand, hey, this is what you're sitting on. Right? And let me give you some that everyone loves war stories. Give me some real life examples. of other companies, other businesses who've been devastated by some of this. You could put yourself in your shoes. I mean, that could be me, if I'm not careful. And then what is the effect of that? I don't think we talked enough about that 

[Music]

Vamosi so you don't spend years in the FBI and not have a few good war stories to share? McPherson has one

McPherson:  look at you know, we talked about, you know, there was a water treatment facility in, in in Florida, when I was the agent in charge of field office there and they got hit with an attack and made some national news was right around the time of the Super Bowl a couple years ago and

CNBC:  New tonight and investigation underway after a hacker tried to poison a Tampa Bay area water system. Authorities say They boosted the amount of a chemical in Oldsmar, Florida's water supply up to dangerous levels. Now this happened on Friday, just two days before the Super Bowl. The Pinellas County Sheriff says the hacker increased the amount of sodium hydroxide in the water from 100 parts per million to 11,000.

Sheriff:  This is obviously a significant and potentially dangerous increase. Sodium Hydroxide also known as y is the main ingredient in liquid drain cleaners. It's also used to control water acidity and remove metals from drinking water in the water treatment plants. 

CNBC: The sheriff says a worker noticed someone remotely moving his mouse on his computer and quickly reversed that change before it could do so much damage. According to the CDC, high exposure to sodium hydroxide or lye can burn your eyes, damage your skin and cause temporary hair loss. 

McPherson:  supposedly within the system they're supposed to be 100 parts per million. I think that the right number was a lie getting put into the water to clean the water. Well, it went from 100 parts per million to 11,100 parts per million. So obviously Hey, what's going on here? Like you said every government agency showed up, CISA showed up, the FBI showed up, a secret service showed up to the local sheriff's office and we started peeling back and seeing what happened and who hacked it. And you know, we looked at how that critical infrastructure water supply water treatment facility was operating and they were ill equipped for what they're doing. You know, they didn't have unpatched software, they had shared passwords that had not been changed. You know, it was rushed on COVID to go to remote desktop protocols. They hadn't updated software, operating on Windows seven and all these types of things. And hey, these are fundamental issues that again, we all talk about what is an extra advanced tool we could do if we can't do the fundamentals right we can't do more advanced stuff and really shocking the next day. You know, I got an A call with all the people within the county, all the other city managers and stuff like this happening here. It's happening in other places and I think too many leaders are just assuming or delegating their risk down under thinking that shifts the risk of going to a third party vendor, like the risk is still without organization, right. It's still you own it. So I think it's still the responsibility of those executives to really understand, you know, you don't have to have the program. I think they'll ask the questions if you can't have a conversation about it. And understand what the risk you're assuming you're really putting people unnecessarily at risk.

Vamosi: So going back to the negligence of the companies in some cases. What, really, can be done about that? And, what they are doing, is any of that really effective?

McPherson: Right that they're really not you're still seeing, you know, with the companies not doing your patching on passwords and like I'm gonna still fail your fishing. I talk about this all the time with phishing things that drives me crazy because every company seems to do what we did in the government. Every quarter we run our phishing tests, right? And you get a list of people that fail it and those people that fail have to go do remedial training and go look at the course again, and then next month, or next quarter. We do the same tests and the same people fail. And the next month the same people say like at some point those people become an insider threat to your organization. Right? So because you're negligent, and somehow, companies have to start making sure there has to be consequences to this. Right. So this is an HR issue. This is a company wide issue. Additionally, this can't be just the security guy and the Cisco team and the CIO trying to do this, it needs to be driven from the top down from the CEO CEO down. Now you find those negligent insider threats. Oh, maybe it's a performance evaluation, whatever it is, there has to be some consequences to this. We can't just go to the cycle of okay, here's the next thing and I'll now take the test and see how you do next month because we're just we're not moving the needle. 

Vamosi I'd like to thank Michael McPherson for coming on the show and talking a little bit about his experience with the FBI. The public the public private partnerships are very important to fighting cybercrime can't do it alone. You need the help of everybody on both sides of the fence. You need the government to give you the support and the companies to come forward with the information that they have. Together. We can get on top of cybercrime.

Hey, if you enjoy this podcast, tell a friend. I bet there are others who like commercial free narrative information security podcasts. I have so many stories about hackers who are making a positive difference in the world. I don't want you to miss out. Let's get this conversation going DM me @RobertVamosi on Twitter, or join me on Discord. You can find the deets at The Hacker Mind dot com The hacker mind is brought to you every two weeks commercial free buy for all secure

For The Hacker Mind, I remain Robert Vamosi.