How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats.

Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping organizations strengthen their cybersecurity posture and develop effective risk management strategies.

• [01:06] - Kelly is a cyber security engineer at Optic Cyber Solutions. It's her job to help companies protect themselves.
• [02:17] - Don't be embarrassed if you fall for a phishing scam.
• [03:01] - These attempts are getting more realistic. Kelly shares how she was briefly fooled by a phishing scam that looks like an email from her mother.
• [05:25] - The NIST Cybersecurity Framework is a voluntary framework for defining cybersecurity. An update was put out in February of 2024. They also added a new function.
• [06:01] - The five functions that organize a cybersecurity program have been to identify, protect, detect, respond, and recover. They recently added the govern function.
• [06:38] - The govern function is about defining your business objective and then putting protections in place that makes sense for those objectives.
• [09:01] - The identify function is focused on knowing what we have.
• [09:40] - Protect includes everything from identity management, authentication, training, data security, and platform security.
• [10:12] - Detect is looking at what's happening around us. It's continuous monitoring and knowing what happens if something goes wrong.
• [11:00] - Respond is knowing what the plan is when something does happen.
• [12:01] - Recover is about getting back to normal after something happens.
• [16:22] - Data centers want to make sure that they have redundant power supplies.
• [17:33] - We discuss some of the things that people might forget when identifying cybersecurity assets. Data and people need to be thought about as well as systems and hardware.
• [21:00] - We need to write things down and understand what systems and data connections we have.
• [23:10] - We talk about the importance of being aware of the physical space and who is actually supposed to be there.
• [24:46] - Data is one of the assets that often gets overlooked for protection. There are many new requirements that require data to be protected.
• [27:54] - Monitoring to understand what traffic you should expect and what is and isn't normal activity is also important.
• [31:10] - Transparency and communication are paramount for creating trust.
• [33:51] - Sometimes recovery doesn't mean 100%. Get up and running and prioritize the systems that matter most.
• [36:56] - With governance, you really want to look at what you're trying to do with the business and then translate cybersecurity to fit that objective.
• [37:27] - Have guidance documentation in place and have oversight.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Optic Cyber Solutions
• (MaPT) Maturity and Progress Tracker
• Optic Cyber Solutions on LinkedIn
• Optic Cyber YouTube
• NIST Cybersecurity Framework

When you search for customer service numbers online, you might come across a scammer’s number instead. It’s important to be cautious when sharing personal information, and to verify identities before responding to requests for sensitive data.

Today’s guest is Mona Terry. As Chief Victims Officer at Identity Theft Resource Center, she navigates the complexities of identity protection and identity crime recovery and management of multi-million dollar federal grants. She analyzes victim experiences to create ITRC’s Identity Report and to provide information about new and ongoing trends in identity crimes.

• [0:55] - Mona describes her role as Chief Victims Officer at Identity Theft Resource Center and how she found herself in this job.
• [3:18] - Identity crimes include theft, compromise, and misuse. What’s the difference?
• [4:26] - The number one recorded compromise is through scams, where people give their information to someone else.
• [5:30] - It is also becoming more common for someone to search for a customer service number and come across a scammer’s number instead.
• [7:01] - Some of the strategies in detecting fake websites are not helpful any longer with scammers using AI tools to make things look more legitimate.
• [10:10] - Misuse is when someone else takes over your account and is making charges or establishing new accounts in your name.
• [11:41] - Account takeovers don't only include credit cards. Social media account takeovers can be just as dangerous and more common.
• [13:28] - Identity theft is what it sounds like—stealing information with the intent to misuse it.
• [15:24] - If you suspect something is compromised, Mona recommends freezing your credit account.
• [16:45] - Freezing your account and checking credit reports is easier than it used to be.
• [19:32] - Mona describes how the Identity Theft Resource Center walks victims through the steps in resolving problems.
• [21:23] - Some situations are harder to resolve than others.
• [23:51] - Team members at Identity Theft Resource Center are not therapists, but they are trauma informed and listen to victims as they are guided through a process.
• [26:27] - When working with the Identity Theft Resource Center, clients get a recovery plan.
• [29:08] - If victims have tried something or don’t feel comfortable with something, ITRC can step in and help.
• [31:50] - Don’t be afraid to check for problems. Sometimes problems don’t show themselves immediately.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Identity Theft Resource Center Website

We often put off changes and schedule them to start on January 1st. Many of these idealistic resolutions fail shortly after beginning, so it is important to be thoughtful when planning so that you can set yourself up for success.

Today’s guest is Dr. Leslie Becker-Phelps. Leslie is a noted psychologist who authored a number of books, including Insecure in Love, The Insecure in Love Workbook, and Bouncing Back from Rejection. She writes the Authentically You Blog and the Psychology Today Making Change Blog. Additionally, she is a national speaker and hosts a YouTube channel.

• [1:00] - Leslie describes what she does in her career as a psychologist and author.
• [2:32] - Throughout her work, Leslie continued to go back to the question, “What makes it so hard for some people to change?”
• [5:47] - There’s nothing wrong with New Year's Resolutions. But waiting to start making a change till a specific day is not effective.
• [7:02] - You can feel good about yourself and recognize that change is good to move towards.
• [8:23] - When people are insecurely attached, they have a negative sense of self. What is driving them forward is negativity.
• [9:58] - It takes a lot of work to be able to be compassionate with yourself.
• [11:49] - Leslie discusses some small changes she made for herself that allowed her to be consistent.
• [15:04] - Leslie explains the Michelangelo Effect.
• [17:47] - Relationships you are in have an impact on your self-esteem.
• [19:02] - Just because it feels true, doesn’t mean it is true.
• [20:17] - Adding in the word “yet” gives us an idea of a future that will be different.
• [21:24] - Setbacks will happen, but they are not failures.
• [24:18] - You have to be persistent in making changes you want to make.
• [26:47] - If you can’t seem to make a change, you have to get into the micro parts of yourself and find out why.
• [28:32] - Leslie suggests making different levels of goals.
• [30:15] - Prepare yourself for good days and bad days. How can you support yourself on a down day?
• [33:10] - When you are having really good days, you can clearly remember the days you struggle. Write a letter to your future self on a down day.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Dr. Leslie Becker-Phelps Website
• Dr. Leslie Becker-Phelps on YouTube

Data is continuously being collected and this information can lead to misleading conclusions about an individual. Without proper context, behavior can be misinterpreted. This underscores the need for data privacy laws and stronger protections against data brokers.

Today’s guest is Jeff Jockisch. Jeff is a passionate data privacy researcher dedicated to exploring the evolution of technology, our search behaviors, trust dynamics, and safeguarding of our information. As Managing Partner at ObscureIQ, he specializes in advanced data removal and privacy risk mitigation for enterprises and government organizations.

• [0:58] - Jeff describes his career and what he does in the field at ObscureIQ.
• [3:35] - Instead of taking his career into the compliance field, he took his expertise to the intersection of data privacy and data science.
• [4:40] - Jeff explains what a data broker does and breaks down a recent data breach.
• [5:40] - The legal definition of what a data broker is is very narrow.
• [6:42] - The data that is collected by data brokers can literally be anything, like health care data, drivers licenses, and viewing habits online.
• [7:32] - One of the worst types of data that is collected is cell phone location data.
• [8:46] - Data tells a story, but pieces might be missing. Data can paint an inaccurate picture of someone.
• [10:18] - Data can be interpreted in different ways.
• [12:41] - Your digital footprint can be deleted. But in addition to deleting it, your behavior needs to change.
• [13:50] - Apps track data automatically for ads.
• [16:31] - All of these companies are collecting our data, but they’re not securing it.
• [19:42] - What can someone do with collected data? The possibilities are endless.
• [21:38] - Data that is collected can also show other people who are connected to you.
• [23:10] - Some things can be deleted, including public records.
• [25:09] - The problem is that the data brokers are massively powerful.
• [27:15] - Check out the links below for resources that Jeff recommends on the steps to take in order to delete the data you are leaking.
• [29:57] - Jeff shares an experience of almost being a victim of a scam.
• [33:10] - Scammers sound totally reasonable in the moment, even when we reflect and feel stupid for making a decision.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• 7 Steps to Reduce Your Digital Dust by 90%
• Tactical Privacy Wire
• Jeff Jockisch on LinkedIn
• A Tactical Privacy Wire on the Creation of Secure Sock Puppets
• Empowering Digital Citizenship with Privacy Video
• Empowering Digital Citizenship with Privacy PDF

When a recruiter contacts you, it’s essential to do your homework, verify their sources, and trust your instincts. If something seems too good to be true, it probably is. While it can be frustrating to be this skeptical, being cautious can protect you and your finances. Today’s guest is John Sidoti. John is the Senior Director of Information Technology at Social Current. He has over 30 years of experience as an IT generalist with wide and varied experience across all aspects of the IT spectrum.

• [0:50] - John shares his background and discusses his extensive and varied career in IT.
• [3:32] - Even as a director, John keeps hands-on projects going to keep working in the field.
• [4:45] - John describes an experience of himself falling victim to a scam on LinkedIn.
• [7:56] - At some point in the process, John realized that something seemed off.
• [9:40] - After speaking with this scam company, he continued to receive copied and pasted messages from other “recruiters”.
• [12:21] - Although the copy and website look and sound very legitimate, there are some things we can look for that raise red flags.
• [14:13] - Many scammers create fake profiles that look very professional and well done. But take the extra step and research the company and individual.
• [15:57] - In the grand scheme of things, the people who have been victimized by these types of scams are vulnerable and desperate for employment.
• [18:22] - Anyone can purchase a domain name and pull together a website using a free or cheap template that all look very legitimate.
• [20:05] - Once you know the markers, you can see them coming.
• [21:07] - Look at the domain names and how long they have been registered.
• [22:30] - Don’t assume it is just an email world. If a company does not have a legitimate phone number, it is a red flag.
• [24:02] - Another red flag is when a recruiter has been working with just one single company in their career.
• [26:45] - Recruiters should not be asking for personal information. The company will do that, not a recruiter.
• [29:43] - It’s okay to be a little cynical about this in order to protect yourself.
• [31:34] - There are other places that need to be looked at closer as well, specifically Facebook Marketplace.
• [34:16] - When you look closely at sponsored posts that seem too good to be true, you’ll notice that they are all from bots.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest

Today’s threat actors and social engineers leverage social media to observe individuals’ patterns and habits. They encounter you at a coffee shop or another familiar spot. They begin to establish trust, which makes you more susceptible to their tactics.

Today’s guest is Peter Warmka. Peter is a retired CIA officer with over two decades of breaching the security of organizations overseas in pursuit of intelligence. He is the founder of The Counterintelligence Institute, author of two books, conference speaker, consultant, and educator on the dangers of human hacking.

• [0:56] - Peter shares his background and what he has done in his interesting career.
• [3:27] - The Counterintelligence Institute helps organizations and individuals understand what types of information threat actors are trying to steal.
• [6:08] - Peter discusses the surprise his friends and family experienced when learning he had been working for the CIA.
• [9:13] - There are some skills that Peter had to learn when going into this career, but other skills came more naturally.
• [11:15] - Trust is different in various societies, and Americans are particularly vulnerable.
• [13:31] - Peter explains how he developed trust with others.
• [16:00] - There are ways to leverage trust in this type of work.
• [19:32] - Peter discusses international breaches and the types of intelligence breaches from other governments.
• [23:11] - The internet has made information so readily available to everyone, including information you may not want them to have.
• [25:19] - There are different types of information found on the different kinds of social media platforms that all come together to paint a whole picture.
• [28:09] - Human hacking, or social engineering, can be accomplished through five different communication channels.
• [31:21] - Peter describes a very powerful and common in-person scenario.
• [35:53] - We have to get away from the silo-approach, thinking that breaches are only coming from the IT network.
• [37:24] - Peter wrote a book in the early days of Covid-19 for organizations. He then wrote a book geared more towards individuals.
• [39:41] - Privacy and security settings are great, but platforms can still be hacked.
• [41:56] - It shouldn’t be “trust, then verify.” It needs to be “verify, then trust.”
• [44:27] - AI tools have made things even more complicated for victims and easy for threat actors.
• [46:37] - LinkedIn specifically is overwhelmed with fake accounts.
• [48:50] - Workplace education on this topic is backwards in organizations since they are seen as compliance training.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Counterintelligence Institute Website
• Peter Warmka on LinkedIn

Creating habits of healthy skepticism when receiving texts or emails can prevent you from clicking on phishing links. Everybody is vulnerable online, especially when distracted or in a hurry. But cultivating critical thinking and self-awareness can enhance protection against manipulation.

Today’s guest is Perry Carpenter. Perry is an award-winning author, podcaster, and speaker with over two decades in cybersecurity, focusing on how cyber criminals exploit human behavior. As the Chief Human Risk Management Strategist at KnowBe4, Perry helps build robust, human-centric defenses against social engineering-based threats. His latest book FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions, tackles AI’s role in deception.

• [1:02] - Perry shares his background and what his career has entailed.
• [4:01] - Regardless of how much people say, spend, or do on security-related issues, the people side of things is hard to control.
• [5:25] - Perry has always been interested in deception and misdirection.
• [6:59] - Even as a security professional, Perry has experienced enough distraction to click a phishing email.
• [9:43] - It is easier to be distracted and not follow usual healthy security habits than being on a computer.
• [12:24] - We fall into habits easily, especially when the behavior is simple and easy.
• [16:00] - Technology based deception is more available to anybody than in any other time in history.
• [18:10] - Security professionals and often pushed in the roles of giving advice.
• [19:40] - Reflection questions like “Why is this in front of me?” might prevent someone from falling victim to a scam.
• [26:58] - Everybody is vulnerable. Even though cybersecurity professionals know more on the topic than some others, it is still possible for them as well.
• [30:40] - Pig butchering and crypto scammers sometimes actually do send money back as a tactic to earn trust and increase hope.
• [34:42] - We have to have a healthy skepticism of the information environment that we live in.
• [36:39] - There are very few situations in life where you won’t benefit from slowing down and thinking things through.
• [38:41] - Perry suggests a family activity that will help boost understanding of pressure tactics.
• [40:17] - The narratives or tells that work for someone might raise a red flag to others.
• [43:25] - As a society, we’ve gotten to a point where we don’t like to introspect.
• [45:59] - Perry discusses the content of his most recent book and how it is information without the “easy way out”.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions by Perry Carpenter
• Perry Carpenter on LinkedIn