From Special Forces to Cybersecurity: Ricoh Danielson’s Journey to CISO and Digital Forensics Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

From Special Forces to Cybersecurity: Ricoh Danielson’s Journey to CISO and Digital Forensics

March 31, 2025 • Joe South • Episode 189

Send us a text

In this episode, host Joe sits down with Ricoh Danielson, a former Special Forces operator turned cybersecurity expert and CISO. Ricoh shares his incredible journey—from nine combat rotations overseas to law school, and eventually a career pivot into IT and digital forensics. Discover how military discipline, resilience, and adaptability shaped his path to leadership in incident response and ransomware negotiation. Packed with insights on cybersecurity careers, leadership mentality, and the future of satellite warfare, this conversation is a must-listen for aspiring security professionals and military transitioners. Connect with Ricoh at firstresponder.us or on Instagram
@rico_danielson_. Subscribe for more inspiring stories!

00:00 - Introduction to Ricoh Danielson

02:17 - Military Background and Special Forces Transition

06:40 - Career Pivot to IT and Cybersecurity

16:58 - Leadership Lessons in Cyber

35:40 - Digital Forensics and Ransomware Insights

47:56 - How to Connect with Ricoh

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1: 0:53

How's it going, Rico? It's great to get you on the podcast. I'm real excited for our conversation today.

Speaker 2: 0:58

Absolutely, man. Thank you very much for having me. I really appreciate it. Looking forward to rocking and rolling man.

Speaker 1: 1:03

Yeah, yeah, absolutely so, rico. I think you have a pretty interesting background right. Why don't you talk me through, or walk me through how your journey started through? Or walk me through how your journey started. Did you start at IT? Did you, you know, do some other, you know, some other sort of?

Speaker 2: 1:26

work right. Like, what does that beginning phase look like for you? Yeah, there's a lot to go over. You know, a very long time ago I was an operator in the military and also paramilitary. I was an infantryman in combat arms, did nine rotations overseas. I was actually pretty much, you know, just going out there doing what the warden needs to be done, doing the good Lord's work, doing door-to-door lead cells that's what I called it and just being the knuckle-dragger. And then I went to that to being a special operator, tier one operator, whatnot where I was like, hey, I think I see something, I need to do something different. Your body, your mind can only do so much, right. And I was like, hey, I'm going to go to law school.

Speaker 2: 2:06

So I went to law school, started doing that and after I finished law school I did one more pump in Afghanistan. And then I was like, hey, I was getting paid really good money, I was making like six figures. And I was like, hey, I need to get into IT. And I took an engineering job making $35,000 a year and it was rough man, but I knew I needed to get the hands-on experience and whatnot, because I knew the end goal was digital forensics.

Speaker 2: 2:26

And I started doing that busting my chops and whatnot, getting skin in my teeth and then started getting into incident response and forensics itself and I just started making headway and I knew the stuff I learned from the military, from counter-insurgency operations. I just knew how critical digital information was, and then law school on top of that. So I kind of accelerated my career to just being a incident responder or a forensicator. And then I was like, hey, I'm going to go now try my hand at being a CISO because I already had the leadership experience. And it was cool. Man, it was really cool, really interesting, real fun.

Speaker 1: 2:59

Okay so you covered a lot of ground there. Let's go back to you know, maybe, your days in the military right, what made you want to start going down the special forces route?

Speaker 2: 3:12

Yeah. So some of the stuff that we've seen is you know you go to traditional units right, you know field artillery, infantry units. You know you do some high-speed stuff. Like nobody really says, hey, you're doing some cool stuff, but you do some really cool things like TCPs, lps, recon, and then in the special operations community it's like you just get broken down even furthermore. It's like, hey, you get lesser equipment equipment, lesser guys, and you become a very own precision skill set. And at that point you're like, hey, let's just go through the training up, go to work up, go through all the cues, get your, get your um training, docking, certification, whatnot, and then get on to the team. And then when you get to a team, it's when you learn everybody else's job, like there are certain brigade level teams and there are, there are certain tri-level teams and also some other type of teams and you get even smaller and you say, okay, I have to know commo, I have to know intelligence, I have to know whoever's doing the door kicking, stuff like that. So you have to know these things. And once you become even a smaller team let's say eight to 12-man team you're very much of an integrated part of each other. So where this person left off, you will pick up and vice versa.

Speaker 2: 4:20

There was a nutrition company, I think it was called Soft Nutrition. They went out of business or they closed a business and it was a bunch of I think it was guys from third or fifth group and they were like hey, here's a book. They gave it to the next partner and be like go fill the orders this way, this is how we do it, blah blah. They gave it to their next partner and be like go fill the orders this way, this is how we do it, blah blah. And they were rocking really good business for a very long time. And the reason they show the close up is one they lost interest. And number two, they wanted to hand it off to another special operator who was from that team. And same premise applies in forensic. Same premise applies in cyber. You know, you want to. Birds of a feather flock together, right.

Speaker 1: 4:58

Yeah, it's interesting, you know, because I asked that, because I feel like almost a lot of those similar, you know, mentality qualities that you have to build to be successful in that area translate actually over into cybersecurity, right. So I always, I always think about it as, like you know, when you're starting out, you're like going into the suck, right, I don't know how else to explain it other than that, right, like I'm, I wrestled a bit, done some jujitsu and whatnot, and you know, that's like the closest you know comparison that I could have, right, that I could ever have, which is not even a comparison. It is a comparison though it is a comparison though it is, it has a similar mentality. That's what I'm trying to say, right, because when you're in practice, when you're going through your training and whatnot, from what I've heard from a lot of other Special Forces operators they literally just say make a deal with yourself that you're going to make it to the next meal, you're going to wake up, you're going to go to breakfast, right, and then when you're going to get done with breakfast, let's just make it to lunch and see what happens.

Speaker 1: 6:03

You know like, okay, let's make it to dinner now, right, and I think a lot of those same principles or that same principle is really related in business and IT and security overall right, especially when you're making potentially a career change. You know, and sometimes even for myself, when I was starting out in IT, I had to literally have those small little tiny goals right Of like, hey, let's just, you know, let's make it through the month. You know like it's really hard right now financially, like you know. You said right, you started out at $35,000. I started out right around there as well. I mean that's not a lot of money.

Speaker 1: 6:44

That's tough For years I had to actually decide which bills I was going to pay that month and which bills I could lapse. You know, I mean like that's a real, that's a real struggle right there. It's really tempting, you know, to give up, right, and then potentially even like, make a pivot, maybe go back into what you were doing before. How did you, how did you stay strong to the path that you decided to go down?

Speaker 2: 7:12

once you went down it, it was very I call it the accordion effect right. I knew that I wanted to be an instant responder on my own firm, be a CISO. I knew that was the end goal and I had to go backwards a lot. You brought up a very good point. You had to choose which bills you're going to pay. My number one bill was always child support. It was $1,700 a month and I was like, okay, that is a no-brainer, I will fight, kick and scream for my rent. That's the next one.

Speaker 2: 7:39

Everything else in between because I had no car payment, couldn't afford one, and I was living off my retirement at that time I was like everything else in between is going to, is up on me. So I want to go be a bouncer. I would go do security operations. There are these really quick pumps that you go over to like Sudan, angola, libya or like Sierra Leone Congo for like three or four months at a time. I'll go do those and make some money come back. So, as I was progressing forward. But when I made the D mark right, the decision was like I know for a fact that I have to make this decision and it's going to hurt. So instead of going overseas, I would just do little odd jobs here and there. Dude, I've never met a lot of IT guys who know how to operate a backhoe right and so like, and also other IT. Some IT guys, not a lot, but some they don't know how to use a drill. So I'm just like, hey, I'm, you know, I'll start building stuff.

Speaker 1: 8:28

So I started building things and little by little, but now it's 100% cyber you know, yeah, yeah, that's a mentality that I think a lot of people, you know, are lacking and potentially even like looking for in some way. Right, like I remember, you know again, right, when I was making that little amount of money, I was doing everything I possibly could on the side, you know, not just to make ends meet, but I was trying to make that time be as valuable as I possibly could towards reaching my goals of getting into cybersecurity. And it took me two and a half years between realizing that I wanted to go into cybersecurity to actually achieving it. It took me two and a half years and I was being told no, every single day, literally every single day, because I'll be applying nonstop. So every single day I'd have a phone interview, phone screen, one in the morning, one in the afternoon.

Speaker 1: 9:24

I said, if I don't walk away with an offer today, cybersecurity probably isn't for me. I'm going to go join the military or something. I was that desperate. Sure enough, it came through. I got two offers at the end of that day blew me away. I was like, okay, I finally reached my goal, I finally got my foot in the door. Someone believed in me enough to just say, yes, you know, to to you know, give me an opportunity, right, that that's all you really need.

Speaker 2: 10:09

You know? Now bring up an interesting point. My experience was not fun because I was a lot bigger than I was, 250 pounds, like just raw muscle, an operator guy fresh out of law school. And when I was getting IT dude, I've heard like stupid, you're just a good looking dude, nobody really cares about you. I'm like dude, like this. I thought we're trying to solve problems and people were so mean, like in the teams, right, like you can just punch somebody and you're just like I'm just going to punch you in the face and this will be done real quick, like it's real simple. But like a little it guy and I hate saying this scrawny little it guy who drives a Corvette, you know, and he is like you're stupid and you're like dude, this is not going to go well. Like just stop.

Speaker 1: 10:49

Right, yeah, I mean these interviews. And you know, I would be told by, like, alleged directors, right, they would just laugh at my saying so when they would ask me oh, how do you, you know, how do you do this, this basic function of it? How do you like promote a DC controller, whatever it might be Right, and I'm just starting out, and my response would be I'll work with my team to figure out how to do it, and if no one else knows how to do it, I'm going to Google it. Yeah, you know, like, and if that doesn't work, I'm going to go pick up a Microsoft book and I'm going to figure it out. And they would laugh at me saying that, you know, you should know this off the top of your head and this, and that I'm like, well, how would I know it off the top of my head if I I've never had that opportunity? And that's, it's such a poor, such a poor mentality, right, like, because that would never fly, like you said, that would never fly in the military, right Like?

Speaker 2: 11:44

the teams.

Speaker 1: 11:45

The teams really self self police each other where it's like, when you're not living up to the standard, there's someone there that's going to be like hey, you're not living up to the standard and you're putting our lives at risk, and so we're going to figure this out real quick, you know, and like you're going to make the adjustment because I don't feel like dying today because you didn't do the work. You know.

Speaker 2: 12:07

Yeah, you brought up a good point. One thing is like, hey, you get two tries right. You're like, hey, one you're not getting a team level. Somebody from the team is going to coach you up Good to go. Second one we're going to send you back to the schoolhouse and see how you do and you come back refresh. Good to go, let's keep going right. The third thing is like, hey, this just might not be for you, right, because we're going to ask you to eat a lot of big banks, world banks in cybersecurity and one of the biggest burger flippers in the world.

Speaker 2: 12:43

The sheer arrogance of directors were like you have to be this. I'm like guys, no offense, but you were just Googling this, how to do that? Like, come on. And so, like you know, being coming from law enforcement background and also an attorney, I'm just like it's a no nonsense, no bullshit conversation. Like guys, let's just be honest with each other.

Speaker 2: 13:02

And the weird part is a guy in my same position when I was doing IR for a big, big organization. He's like you can't talk to those guys like that. I was like the hell I can man. Like like, just like you know, today is a special day out that you're a prick or you're just a prick all the time. So which one is it? So, and they would be like you can say that I'm like, dude, be a man, be the self-relying person, like, stand up for yourself, dude. And that's why I think IT like this is where this amalgamation of toxic leadership and like super smart guy undermines it. And it's just like, and I and I see, and I've I have friends of mine who are female and they're just like I don't even want to be in cyber because they get treated poorly. And I'm like man that sucks.

Speaker 1: 13:44

Yeah, I um, yeah, there's a lot there, right, you know my wife is a teacher, right, and so I'm, I'm a very strong mentality, right, I'm very strong, uh, personality, I guess. And if I feel like someone is intentionally trying to get one over on me, right, or trying to bully me into a situation, once I identify it like it ends right there, right, like you know you can you, you can try all you want, but once I figure out your scheme against me, like it ends right there, you know we're handling this. I'm going to call you out on a phone call, I'm going to call you out an email to your director and to their vp, right, I've done all those things before. Typically ends pretty well. Typically, you know my wife, she'll come home and she'll talk about something. You know that she's dealing with coworkers at school and stuff like that, and I'm I'm just like you know I'm. I approach it obviously from my mentality. I'm like you got to stick up for yourself, you need to get in their face. And she's a small, you know, five foot two Asian lady Like I'm, like you need to get in their face, you know, tell them you know all this different stuff, and she's like, you understand, I work at a school. I'm like man, I would still do it, you know, like, but that's like a difference in mentality. Right when in the teams that sort of thing is acceptable, that's like the lowest level. Right In IT, that's a little bit more aggressive.

Speaker 1: 15:08

At the same time, you know, I've had teams of primarily women before where they would go into these meetings because I can't be in 10 places at once, right, and so I would send them into the meeting and I would tell them they're going to ask these questions, they want to talk about this stuff. Here's your answers. We'll work through them, you know, and we'll develop the answer and whatnot, right, prepare them really well for going into it. They'll go into it and they'll say you know exactly what I told them to say, right, and everyone you know on this opposing team, well, we'll just completely dispute everything that they said, even though it's 100% correct, that they said, even though it's 100% correct, and I mean I had to do this a couple of times where I would have to sit down with the person and, you know, tell them like I would give them then the exact same answer.

Speaker 1: 15:59

You know that that they were given during that meeting and when they accepted it, I'll be like, well, what's the difference? When my team says it Exactly, don't you think that they're a reflection of me? Like they're, they're saying it because I told them to say it and it's the correct thing to do, like I'm not telling you to do something that's incorrect. You know we're going to put the company at risk or anything like that, and you know that whole mentality kind of shifts a bit when it's like you know, I kind of discounted this person because of you know how they looked or how they acted, or their age or gender, whatever it might be.

Speaker 2: 16:32

Right, or their technical acumen, and that's another one. Yeah, yeah, I do. I'm right there with you, man. I've been in plenty of meetings where I've been sidelined and it's just like you're just stupid, right and it's. I have a person that I work with daily, extremely smart man, and there are days I'm like dude. The reason you're not successful the way you want to be is because your personal acumen like you need to know how to just talk to people, and I think if in it, more specifically in cyber, if you can tell a story and you're nice, nice and you're good, you're decent, not the best, not the worst, you're decent I think you're going to kill it.

Speaker 1: 17:10

Yeah, yeah, one of the things that you learn when you're going up the ladder, so to speak, and security is being able to tell that story so that all levels can understand what's going on, right, like that's. That took me I mean, that took me a couple of years, honestly, to learn it. I'm still mastering it Right. But, honestly, to learn it, I'm still mastering it right. But you need that executive buy-in, you need the technical expertise buy-in, you need the middle managers buy-in, right. You need all these people buy-in and they all view this information differently. They all want to receive it differently in different formats and whatnot, right? So how do you tell the story in a way that explains why we should encrypt this data to an executive, whereas I don't have to explain why we need to encrypt it to a technical person. I need to explain how to do it right. Maybe that's the part that I need to explain and I think identifying that early on is pretty key. But I do kind of want to circle back right to in your story and similar with mine. Once you identified the area you wanted to go in, you really stopped at nothing to go and do side work that you had skills in and whatnot, and similar to myself.

Speaker 1: 18:24

When I identified I wanted to get into security, I started doing everything I could on the side to actually make that happen right. It didn't happen overnight and I think that's what a lot of people get discouraged from right and in the teams, right, a lot of that training takes years, you know, like I hear Sean Ryan talk about how it took him two years to get through training right and then he finally gets to the teams and he thinks he's just going to go and, you know, operate and things like that, and then he's sitting on a bench for you know, six months, eight months, while he's then learning everything else and he's like man, I just trained for three years basically to do this job and I can't even do it, you know, and it's a it's an interesting mind shift Not everyone understands it?

Speaker 2: 19:08

Your ego. Your ego is your worst and best enemy, right Even myself. You go through the pipeline two years. You know that's all the Q's and this, that and the other. Your MOS is your specialty, training and whatnot. When you get to your unit, they're like that's cool, this is how we do it over here. You know, and you're like okay, and you're like and then how you clear a house is a very different dynamic of clearing house in the schoolhouse versus here, right. And then you do joint operations with some of the SEALs Marine Raiders, you know other guys and whatnot and you're like wait, you guys have a whole different process. And then you do a workup, like two or three or four or five months workup. Then you're like okay, now we get along.

Speaker 2: 19:45

Then the alpha ego is you have to get away from right. The alpha egos you have to get away with from right. Like if you can get along without beating the shit out of each other, you'd be all right. So, like there's some big boys, like I'm a pretty big guy myself, but like big boys, big egos, you know like it's pretty rough. But you know the question is, will you stop at nothing to achieve? And that's I believe we can do. One of the things I learned a long time ago was you can do everything with nothing. You can, you can, you can yeah yeah, you absolutely can.

Speaker 1: 20:14

I mean, I, I personally, I I feel like we always have whatever we need within us. You know already, right? Like you know, I'm a christian, I'm a believer, right, so I I obviously I relate that to, to my religion and whatnot but I feel like, whatever you're trying to accomplish, whatever path you're trying to go down, you already have whatever it takes already inside of you. It's just up to you to identify it, utilize it and use it to your best abilities and whatnot. Right, and I think I'll give you some background. Right, because this is why I kind of bring up the military a bunch. Right, because this is why I kind of bring up the military a bunch. Right, because in high school I went to a very poor high school, so we had military researchers at our high school just constantly, right, every single week we had someone out there. I was a wrestler, right, so they would try and poach me every single day of the week.

Speaker 1: 21:03

I didn't go into the military out of high school. I was tempted to. I know a lot of friends that I wrestled with. They went into the military, ended up in different units and whatnot, right. But I always thought, okay, I'll go to college and then I'll go to the military.

Speaker 1: 21:15

The reason being is that I didn't want to make military service out to be for a college education. I wanted to get that college education and then I wanted to go and do the military stuff and in between my sister needed a kidney. So I donated my kidney to her, unknowingly at the time, disqualified me from every branch of the military, for every job that you could possibly have in the military, right? So it was like, oh, okay, so I get to save my sister's life, but you can't take me, even though I need to save all my water as everyone else and I'll do everything else. Like, okay, whatever, right. In all of this process I went down and I just researched I mean, even to this day I researched non-stop right the mentality, the training and everything else like that and so for myself, I try to take that mentality, just just grab just a piece right and bring it into my life so that I can be more successful and, you know, really, really grow myself. So I wanted to give you that that pep talk, right.

Speaker 1: 22:12

Because, I'm bringing up a decent amount and not everyone listening right Knows that about me, right, so it makes more sense. I don't want people out there to be like, oh, this cybersecurity guy, he's talking about the military, you know as if like uh, he's a wannabe or whatever.

Speaker 2: 22:28

It's like no, no, no, you know I get a lot of hate, especially from the guys that I was on teams with. Like I did nine rotations overseas, right, and everyone's like why do you sit with these smart guys? And I'm like Jesus, guys, seriously, do you hear yourself? I'm like, gentlemen, like we were the best at what we did, like there's only a time and place for conflict and violence, right, yeah, what does the next phase of life look like? And so I'm an imposter here just hanging out BSing on the cyber side. I honestly feel that way, but I'm at the top now, but I just I'm like so much like you people hear me like well, what do you know, rico? You're not, you didn't come from IT. I'm like you're right man.

Speaker 1: 23:11

Like I'm like you're right, man, but I'm here, right. Yeah, I feel like the depth that you have to go into with the teams and with security is like the same level, right, and the teams you know. I mean, you have to know so many different things. You know just from a surface level, right things. You know just from a surface level, right, civilian looking in on it. When you said everyone knows everyone else's job, it's like, okay, well, there's legitimate different jobs, like there's a comms guy out there, there's a, you know, a med guy out there, there's snipers, and you know all this different stuff, right, everyone has to have that same skillset. The reason being is that if someone goes down, you can't just be like, oh well, our medic is down, no one's providing medical. Now, right, that isn't a realistic situation. And in cybersecurity whereas lives are not at stake, of course, and whatnot. But in my opinion, to be a successful security practitioner, you have to be so deep and so intimate with these systems that you know it better than the people that designed it. That's a very realistic thing. It takes a long time to achieve it. It's very difficult to achieve it, obviously, but you still have to have that understanding, that know-how.

Speaker 1: 24:25

I have a good friend of mine who's been in security for a lot longer than me and he said security professionals typically earn their paycheck two to three times a year. If it's any more than that, your company is probably going under Probably. And he literally explained it like this the security people are typically the most skilled people in the IT organization because you could take a security guy and put them on a systems team or a networking team or a cloud infrastructure team and it may be a little bit difficult, it may be a little bit slower, you know for the result right for a couple of weeks, but eventually they're going to pick it up pretty quick and they're going to get into that flow and they'll understand what's going on and whatnot. When you're actually applying security principles, you have to know all of those underlying services and processes and everything else about that system before you start deploying. You know an EDR agent to it right and blow it up and blow up your alerts and everything else.

Speaker 2: 25:22

Yeah, it makes sense. Man, you brought up something very, very keen is that cybersecurity professionals are very adaptable, and I think that's very needed. The other thing is it takes a little bit of time. I'm noticing cybersecurity, especially senior cybersecurity, the CISOs. Like I'm a CISO myself we're finding ourselves in more of a product security mindset, like, hey, here's our product, here's how we secure it, because that's the next evolution of a CISO. I think right now the CISO market is oversaturated and everybody wants to drive a ship, everybody wants to have those cool initials behind the name. It's just not worth it, right, if you ask me, but there is basis of merit to it, right, to get there.

Speaker 2: 25:58

You brought up something very interesting on the teams is that you know when your medic goes down there's no medical attention. The interesting part is I've been shot. Right, if you ever get shot, the first thing they're going to, the first thing that's going to happen, is not the medics going to come. Your buddy should be able to come, pull from your medical kit and be like you need to manage yourself up. I got to lay down suppressive fire and get in the fight, and it's funny because everyone's like well, where's the medical I do? We're all busy in the firefighting, but you got to get yourself buddy, so yeah, yeah, that, yeah, that's interesting man.

Speaker 1: 26:30

It's a fascinating other side of the world, for me at least. Right, when you start diving into that kind of mentality and whatnot. You know, like what you said, right, everyone wants to be a CISO now and I think that they see these big paychecks and that's what they want, but they don't see the risk, they don't see the sleepless nights, you know, they don't see all the all, all the nuances that there are to the job. Right, where it's interesting, you know, successful CISOs at least in my opinion, they get. They get their, their feedback or their status report from, like, the very technical people Okay, tell me exactly where this body is buried, tell me what it looks like, give me all those details, so to speak.

Speaker 1: 27:20

And those people are the ones that are staying up in the middle of the night, that have their own lawyers, that are going to court for behalf of them for whatever, whatever issue that's going on. And I always seem to. I always seem to respect those CISOs with that technical capability, right, or that technical mindset, a little bit more, because they weren't just a manager and they just weren't an executive or anything like that. They were someone that truly wanted to know, hey, what's going on in this environment, like I legitimately need to know because I need to be able to print the board. For hey, we need $2 million to go and buy this thing, otherwise we're going to pay 20, you know in fees and fines if something ever were to go wrong or whatnot.

Speaker 2: 28:09

Yeah, everybody wants to be a rock star, until you got to do a rock star stuff, right, yes? Or everybody wants to be a gangster, so you got to do some gangster stuff. Uh, being a CISO is not all cracked up to be. I highly recommend that you do something that's I think everybody should be a CISO, uh, just so you get the expert, uh expertise that you need and experience and then realize that you don't want to do it.

Speaker 1: 28:32

Yeah, yeah, that's very true. I wonder, I think I would want to be a CISO. Sure, I'm at the point in my own career where I'm moving past wanting to be super technical deep in the weeds. Right, I kind of want to move into you know more of overseeing and whatnot. So we'll see how that goes right. I know someone that was super technical went into management, hated it, went back to being you know, super technical and he just stayed there and he loves it, you know.

Speaker 2: 29:10

I think you have to be in the right mentality, right mind frame, right phase of life to be like, hey, this evolution of life is different. Right, because I'm dude. You know, people who work for me are extremely brilliant, reverse malware, ransom negotiators and nice, nice people. But they're like I don't know. I don't know how you do what you do, Rico, I wouldn't want to do it. I'm like I love dealing with clients. That's just me. But at the same aspect, I'm like I was there, not as technical as you are, but I just realized I like this stuff better and I changed my mind. And a lot of technical people are like no, I just want to turn this one widget and wrench. I was like have a little bit more.

Speaker 1: 29:53

Yeah, that's a really good point and that's something that I try to touch on quite a bit. Right Is, you know, building your career and your skill set off of what's coming rather than what's here today. Right, you should have the stuff of what's here today. You should have that skill set. You should be able to, you know, operate and whatnot to the highest levels, but you should also be looking, you know, to what's coming. Right. So for myself, at least the past couple of times. Right, it's been tied to a degree, right. So I got my master's degree and that kind of catapulted me into security and cloud security.

Speaker 1: 30:30

Now I'm working towards my PhD doing you know, satellite security for communications PhD. Doing you know satellite security for communications satellites and implementing zero trust within it to prepare for, you know, post-quantum. Right, because I see all those things going on and my mentality is the next big war is going to start in space long before it ever starts on the ground. Right, we kind of saw that with Ukraine to some extent, where they were hacking their power grid. No-transcript, just turn off all communications.

Speaker 1: 31:32

No one in that country is making a cell phone call out. They're not making a satellite call out. They're not doing. They're not getting internet, you're not getting power, you're not getting water, right. All that stuff is actually tied into the satellites and in some ways. So if that were to ever go down, you know you have. You have pretty major issues, at least in my opinion, right in my own research. Yeah, yeah. So I'm trying to prepare and adjust and grow my skill set towards that area for something that I guess you know feasibly. I guess it may never happen, but I think it'll be here in five to ten years.

Speaker 2: 32:07

Right, it's definitely happening. I went to ukraine to go see it for my own eyes and I have a different perspective of the war and also went to gaza and israel to see the reality of the situation. I have a different perspective of the war, and also with the Gaza and Israel to see the reality of the situation. I have a different perspective too. You know, being on the news, I can kind of do that when it comes to, you know, satellite warfare.

Speaker 2: 32:26

What I think is, if you look up and you adopt and understand the methodology of Blitzkrieg, with the Germans created right, dominate the Aresian land all at one time, you can definitely dominate the whole battlefield itself. So you're not too far off. I think you're spot on the game and you'll more than likely see it maturitize and amassesize and materialize within the next three to five years. We're already here, you know. It's just a matter of watching the satellite fall out of the damn sky now. So, and we'll see it. So I think you're spot on man, I think you are where you're supposed to be and I think you you're honestly, you're way ahead of the people, way ahead of the other people yeah, yeah, it's um, you know it's.

Speaker 1: 33:09

It's interesting because I'm I'm also like tying it towards you know kind of like an arduous task of getting a PhD. When I started this whole PhD thing I never thought it would be this difficult. I figured two and a half, three years I'll be done. I think I started a year and a half ago and now I'm looking at three years. It's a little tight, it's a little close there. There's so much more to it.

Speaker 1: 33:38

And but that also speaks to the community, the phd community, and how they kind of self-govern and, you know, really gatekeep in a good way. Right, they don't want just anyone getting a phd, they want you to truly be an expert in this area, like Like, if we're going to put PhD at the end of your name, you better know this topic inside and out, like the back of your hand. You know which is. It's something that I appreciate for sure, because I wouldn't want it to be like you know an overnight you know PhD, pay this amount, you know, and you get it, or whatever. That wouldn't be rewarding to me. You know but I, this amount, you know, and you get it, or whatever. That wouldn't be rewarding to me, you know, but I to shift gears a little bit.

Speaker 1: 34:22

You know I was doing a little bit of what I call light research right before the podcast, right, well, five, 10 minutes before the podcast where I just pull you up on LinkedIn, right, see, see what's there. So I saw some forensics capabilities you know that you potentially specialized in, currently specialize in with your company. Can you talk to me about some interesting engagements with forensics? Because I feel like forensics is a part of cybersecurity that people don't really think about that much, and when I studied it in my master's it was really eye-opening, because you're reverse engineering a system that someone else designed right there on the fly and you're trying to figure out what ties to what and how it all correlates and whatnot, traditional forensics, which I did for law enforcement and also Office of Public Defense work in civil and criminal cases.

Speaker 2: 35:17

then you have on-the-fly incident response forensics, right, which is two different dynamics, and some of the things that we've seen is like you know, the most recent one was a redirect from a Russian, the Russian Rutsku, which is a nation-state threat actor, right. And they got really good in regards to multi-factor authenticating, uplinking, outloading your multi-factor, unhinging it and then re-engaging it, and it's like whoa. So a lot of the stuff is traditional reverse malware trying to figure out where the bot came from, how it implanted itself, and also extracting the C2 node along with TTPs and IOCs. So I mean it really it's very dynamic. I mean some of those things.

Speaker 2: 35:59

We have to understand that the ransom game is a multi-tiered game. It's a billion dollar industry and you have multiple factors in there. The guys who create the ransomware and also the exfiltration tool are two different teams. The guys who are actually doing the ransom negotiation is a different affiliate. So it depends who you're kind of dealing with. We've seen some wild things. I've worked over 1,500 different ransomwares and it's just, you see, old dogs, new tricks, repackaged stuff. I mean zero days all the way to happy birthday attacks. I mean, you name it, we see it. But a lot of it has to do with traditional vulnerability management and doing this cyber hygiene 101, right, do the right thing, right place, right time and you'll be okay. But a lot of companies are like, no, we're fine, I'm like okay, and now cyber insurance is love, cyber insurance. We do work on behalf of cyber insurance.

Speaker 1: 36:47

They're not stupid, they actually have their own IR teams and they're like, hey, we're going to go ahead and use this as a discovery tool and that's okay yeah, man, like ir tabletops, I went through an ir tabletop within the last 12 months, yeah, and you know, one of the one of the biggest critiques that I gave the rest of the rest of the teams, rest of the company was that when we knew that an attack was underway and, you know, ongoing, no one even thought to reach out to security. Right, shouldn't have that been the first call? Like, because in this hypothetical scenario, we went 10 days without someone notifying security. So it's like, it's like, guys, I understand, like we're security, we should, we should know, we have the tools in the right place to identify it and whatnot, right, but you're the product owner, you should know when your product is encrypted, you should know when it shouldn't be.

Speaker 2: 37:43

Yeah, you know I'm surprised. You know I say when in doubt security out, right, like just call somebody, reach out. You know what I correlate it to is people want to have validation, like I own this, I own that. I'm like dude. Right now, during an incident, there's no time for egos, there's no time for brashness. Do not fire anybody, because that is the worst thing you can do right there and then, especially if you fire a CISO during that, you just set the wrong tone immediately. So yeah, doing tabletops and incident response tabletops is very paramount.

Speaker 1: 38:11

A lot of companies don't do that still and it's very insurmountable and and needed yeah, yeah, I'm a friend who used to work for an insurance company and it seemed like he was doing incident response. I had for incident response. I mean he worked, he worked, uh, you know, 100 hour weeks for two months straight, you know, and and they they did fire a couple people like during that time and the biggest feedback you know from the cso was, hey, right now is literally the worst time that you could be firing anyone. You know, like, how about we just let our guys do the work, because you know we don't have any other options? You know, like, what are we going to do? We're going to call a crowd strike and they're going to charge us 1.5 million to enter our environment. You know, like, come on that that's exactly it.

Speaker 2: 39:02

I mean, as a ciso, you kind of have to make those decisions. But you know I think you're sending the wrong time. We start firing people. Number two like you need all hands on deck, you need wrench turners and fire people is just going to put your back against one and also make you look like an idiot, you know.

Speaker 1: 39:18

Yeah, it starts showing incompetence almost at the leadership level, right when it's like you're firing us in what situation, you know, like you already laid us off you know half of the team or whatever, and then you're going to start firing people Like do you know what you're doing?

Speaker 2: 39:37

Yeah, usually executives want to see money right and then money is correlated to emotion, especially from the executive perspective, because they were like, oh, we're in pain, I'm going to cause pain, who's responsible? Fire that person, boom, and it's like dude, you know, like one of my CISO gigs a very long time, my first CISO gig ever. It was very interesting because I was like I'm going to do my first one, I'll grind my teeth at night. I remember I'll stay up late at night. And then company got shut down from the FBI and I was like Whoa, like that was just wild. I was like, okay, I'm, I'm out of here, man, like I don't want anything to do with this.

Speaker 1: 40:12

I mean, how bad do you have to be as a company to get shut down by the FBI or any agency? Let alone.

Speaker 2: 40:22

Well, they were doing some interesting things and they've been dealt with accordingly, but I can't really say too much about it. But they attracted the attention of a federal agency and they always like, hey, I'm out of here, Like I can't have any part of this.

Speaker 1: 40:35

Yeah, those guys at the federal agencies. I mean, they're like pit bulls on a chain right, and once they get a little whiff of something, it's like, oh well, let me get a little bit more, let me see what else is there right, and they start peeling back these layers and there's like no stopping it. You know, they have like the security curiosity from their side too. They have that unquenchable curiosity.

Speaker 2: 41:00

Yeah, usually when working on the digital forensics for the civil and criminal cases, it was very interesting, Whenever I work in an FBI case. When we saw one of their charges, we knew they had 25 additional charges.

Speaker 1: 41:13

I was just waiting.

Speaker 2: 41:15

I was like okay, here we go.

Speaker 1: 41:20

Yeah, they have. Like what a 97, 98% conviction rate for a?

Speaker 2: 41:24

reason yeah, they don't go out for people they can't convict, right.

Speaker 1: 41:28

I mean that's a part of the criteria too. When a DA is determining if they're going to prosecute you, they look at your assets, right, yeah, yeah. Well, how much money does this guy actually have access to where he can put up a valid legal defense and are we going to lose if they do that and all that sort of stuff? That was a part of I got my bachelor's in criminal justice and that was a part of it that I never even thought of before and you always see it with your, with your, your company and whatnot, typically in the benefits, like you could pay for the legal services for like 10 bucks, you know, a month or whatever it is. It's like. Whenever I see that, I'm like it's a no-brainer. Why do I care about ten dollars?

Speaker 2: 42:09

you know yeah, it's true. It's true. Um, usually, whenever you have like legal services, I always tell people mindful. I used to write legal contracts. I'm like there's always a clause to get out, a provisionary clause to get out of that. So be mindful of what you sign up for, because it might not be what you want.

Speaker 1: 42:26

Yeah, I always read everything before I sign it probably too much. Fairly, recently there was an employment contract that came my way you know the numbers made sense but then you start reading the fine print and it's like, wait, you want me to, you want me to do what. You want to take ownership of my social media accounts? Yeah, yeah, you uh want to control what I can say and when I can say it, and everything like this is a security engineer role. What are you trying to do here? You know, like I'm not.

Speaker 2: 43:05

I'm not the ceo of the company I was working an insider threat job once, right a project for very world big real estate firm and a huge, huge, huge. And they were like you need to go talk to this person about what they post on social media. And and my caveat, my exit was guys, we're not the world police, they didn't name, drop us. Who cares? We don't like that. Like we don't like that, it's not good for cause. And I realized then like this is just me and my internal dialogue, like I love insider threat, like that's a really good program. If you can ever do it, do it.

Speaker 2: 43:36

But the problem is, is that what? There's a fine line of like at what point are we kind of overreaching here and shoot, do we care? This is one. This is when I was working for a bank and they're like, hey, go investigate this person. I'm like, all right, cool. So I pull up our social media, blah, blah, and like she's making baked goods on the weekends. We can't have that. I'm like you do realize she's like a power BI analyst, right, like what does it matter? And they're like she didn't disclose it. I'm like, and there's this guy, Code, ethics and Compliance, and I go, hey man, let me ask you, is it your interpretation of the Code Ethics and Compliance, or is it the interpretation of it? And he's like well, this is the way I read it. I'm like, dude, you have nothing else to do, I'm not doing this, I'm not doing this. And then I got relieved of my duties and I'm like I'm out of here, dude, like I got into another job project. But it blew my mind.

Speaker 1: 44:27

I was like, guys, this is not at all what we should be doing or spending our time on right, yeah, and it's you have to be able to, you know, really like stand by your own, your own principles, your own morals, so to speak. Right, because there's there's so many opportunities in so many different ways where they want, you know, you, to be the, the so-called executioner. Right and like, track it down and, you know, build the case and everything for something as minuscule as oh, they've been goods on the weekend and they, they potentially sell it for, you know, 10 bucks, lord forbid, Lord forbid, if a person trying to get out of debt or, better yet, put their kid through college, you go work for that.

Speaker 2: 45:10

You go work for a bank and they're like hold on. You work at the YMCA on the weekends. We can, we can't have that. I'm like who is an employer to dictate to you of your wealth? So it's just me, though.

Speaker 1: 45:20

Yeah yeah, no, I mean it's. Some employers have that mentality and it's. It's very weird to me, right like, because, like, my mentality is it's not happening between you know, eight and five or nine and five, what does it matter? Right like, I'm signing this contract right here, my time is allocated for you for that time frame. If needed, I work extra, you know, as needed, obviously, given, given the situation and whatnot. But if I'm, if I'm, you know, if I'm canceling calls for your company to go and do stuff on the side, that's different. Right, it's different. Yeah, that's a different scenario. But if that's not happening, then what power do you actually have in this arena?

Speaker 1: 46:03

Because that wouldn't hold up in court, you're not purchasing this person's life contract and saying, until you resign, we get 100% of your time. It's like no, no.

Speaker 2: 46:14

No, I know what you mean. Yeah, exactly.

Speaker 1: 46:18

Yeah, percent of your time. It's like no, no, no, I know what you mean. Yeah, exactly yeah, yeah it's. It's always frustrating whenever I see that, because it's just like come on, like come out of the dark ages.

Speaker 2: 46:25

Nope, it's the old school ceos like you gotta do this yeah right right.

Speaker 1: 46:32

well, rico, we didn't talk a whole lot about your company. You know, just talked almost 50 minutes where they can find your company and if they wanted to, you know, reach out and learn more about that.

Speaker 2: 47:04

So, on a personal level, if anybody wants to reach out, you can look me up on YouTube I'm on there and then also on Instagram Rico underscore, danielson, underscore, right, no-transcript. Some of the things that we can be very noticeable of is just, you know, be very intentional of your time with me. I usually take meetings or, you know, meet with people that are very intentional, like tell me what you want, I'll get you what you need.

Speaker 1: 47:52

Yeah, yeah, that makes sense. It's more efficient, yeah, efficient use of your time and theirs, exactly, yeah, awesome. Well, thanks, rico, for coming on. I really do appreciate. You know, I really enjoyed our conversation.

Speaker 2: 48:05

Hey, rock and roll man. I really appreciate you, man yeah, absolutely well, thanks everyone.

Speaker 1: 48:10

I hope you enjoyed this episode.

People on this episode

Joe South

Host