Computer forensics careers: Taking down a $1.2 billion Ponzi scheme

Few people know what it's like to help take down a $1.2 billion dollar Ponzi scheme, but that's exactly what today's guest did. Sam Rubin, VP at The Crypsis Group, explains how he had to re-create the crime within a courtroom, as well as the tasks of digital forensics folks at all levels, from intern to the person giving the testimony. There's a good chance you may want to go into a career in forensics after listening to all of Sam's stories.

Sam Rubin is a Vice President at The Crypsis Group, where he leads the firm’s Managed Security Services business, assists clients and develops the firm’s business expansion strategies. Sam is an industry-recognized cybersecurity professional with wide-ranging expertise in data breach incident response, digital forensics and cybersecurity risk management. Sam frequently serves as an expert witness and has provided expert opinions in numerous high-stakes matters, including a landmark civil trade secret misappropriation case, a criminal securities fraud matter and civil litigation stemming from a multi-billion-dollar Ponzi scheme. Sam is a frequent presenter, author and lecturer on cyber-related topics, including digital forensics and incident response, insider threats and information security best practices. Before joining Crypsis in 2017, Sam was at Stroz Friedberg, where he was Managing Director and head of the company’s west region digital forensic practice.

  • View transcript
    • [00:00] Chris Sienko: Cyber Work is celebrating its next major milestone. As of July 2020, Cyber Work has had over a quarter of a million listeners. We’re so grateful to all of you that have watched the videos on our YouTube page, commented on live release feeds, left ratings and reviews on your favorite podcast platform, redeem bonus offers, or just listened in the comfort of your own home. Thank you to all of you.

      Because our listenership is growing so quickly and because Cyber Work has big plans for the second half of 2020 and beyond, we want to make sure that we’re giving you what you want to hear. That’s right. We want to hear specifically from you. Please go to www2.Infosecinstitute.com/survey. That’s www2.Infosecinstitute.com/survey. The survey is just a few questions and it won’t take you that long, but it will really help us to know where you are in your cyber security career and what topics and types of information you enjoy hearing on this podcast. Again, that’s www2.Infosecinstitute.com/survey. Please respond today and you could be entered to win a $100 Amazon gift card. That’s www2.Infosecinstitute.com/survey.

      Thanks once again for listening and now on with the show.

      [01:18] CS: Welcome to this week’s episode of the Cyber Work with Infosec Podcast. Each week, I sit down with a different industry thought leader and we discuss latest cyber security trends, how those trends are affecting the work of Infosec professionals, while offering tips for those trying to break in, or move up the ladder in the cyber security industry.

      Our guest today is Sam Rubin, VP at the Crypsis Group. Sam has a wide-ranging professional career, incorporating incident response and digital forensics among other things, and he’s got some cool, deep in the trenches stories for us, as well as some advice for listeners who might want to get involved in digital forensics, or incident response themselves. I’m really looking forward to talking to him.

      Sam Rubin is the Vice President at the Crypsis Group, where he leads the firm’s managed security services business, assists clients and develops the firm’s business expansion strategies. Sam is an industry-recognized cyber security professional with a wide-ranging expertise in data breach incident response, digital forensics and cyber security risk management. Sam frequently serves as an expert witness and has provided opinions in numerous high-stake matters, including a landmark civil trade secret misappropriation case, a criminal securities fraud matter and civil litigation stemming from a multi-billion-dollar Ponzi scheme.

      Sam is a frequent presenter, author and lecturer on cyber related topics, including digital forensics and incident response, insider threats and information security best practices. Before joining Crypsis in 2017, Sam was at Stroz Friedberg, where he was the managing director and head of the company’s west region digital forensics practice. Sam, thank you so much for joining us today on Cyber Work.

      [02:46] Sam Rubin: Great. Great to be here, Chris.

      [02:49] CS: We always like to get the show started by getting a bit of our guest’s superhero origin story. You got quite a storied career. What first got you interested in tech and specifically, in cyber security?

      [03:01] SR: Sure. Yeah, I’ve been in this industry for about 17 years now. It’s been quite a long time. Back in 2003, I was actually working in the hill, on the hill for a US senator. Not in the cyber field. I was working for an attorney. She was recruited to open the Washington DC office of the place I was previously, Stroz Friedberg, which was then a very small organization, maybe about 20 people.

      I looked at that as an opportunity to jump into a new direction to try something new and Stroz Friedberg was a digital forensic investigative firm. Truthfully, I really didn’t even know what that meant. Being recently out of college, I thought that sounded really cool and a great opportunity. I jumped on it. That was the very beginning of my path in cyber security.

      [04:05] CS: Okay. You gave me some of the highlights here, but what were some of – from a learning, or a project perspective, what were some of the transformative, or turning point events, or opportunities that brought you to where you are now? Were there certain cases that you did, or certain, “I wanted to learn this and suddenly, everything changed for me.” Wan you give me some of your signposts?

      [04:28] SR: Right. Yeah, absolutely. When I started at Stroz back in 2003, as I said, I did not know much about this industry. I looked at some of my colleagues and peers and the people who were successful in digital forensics. I basically said, “Well, how can I do what they’re doing? How can I improve my skills and my technical knowledge, so I’m adding value to my company and helping clients out in the way they are?” I looked at every job and every role I had as a learning opportunity.

      The other thing I’ll say is when you’re at a growing company, that presents opportunities for the people who are in those organizations and demonstrate the initiative and the competencies to take on new challenges. Very early in my career, even though I didn’t have the formal training and technical background, I was put in situations where a client needed help and we had to figure out how to solve their very technical problems in digital forensics in cyber security and incident response. Maybe figuring out whether or not certain data was stolen, or misappropriated, or how a hack could happen. Those were the learning opportunities I had and I progressed in my career following that path.

      [06:06] CS: Yeah. Do you have any strategies? It sounds like you had a lot of situations where it was like, figure this out immediately, we’re beyond deadline or whatever. How do you keep your head in situations like that?

      [06:19] SR: Yeah. I mean, the nature of digital forensics and incident response is such that everything is an emergency. I mean, you can think about it almost as you’re a firefighter for situations. I mean, you could be enjoying your morning coffee and you get a call and it’s a company’s hair is on fire, because they’ve just realized that they’ve got a threat actor live in their environment and they need help now.

      Maintaining your cool is a big part of it. My strategy for that is I guess, that comes with experience, and it comes with surrounding yourself with a really talented team that’s also been in those situations and knows the right steps to take. That’s what right we try to do at my current company at Crypsis and what I’ve been fortunate to have in my career.

      [07:16] CS: Yeah. We talked with an incident responder and he was saying like, you got to keep your head – you got to keep cool, because it’s not like they’re going to get more hacked. The thing has happened. You have to know that you’re not going to help by running around in circles and freaking out.

      [07:31] SR: Right. Yeah. It’s tough, because for our clients, this is likely the worst day of their year, of their recent memory. It’s important for us to keep that in mind as we’re helping them, because even though we may see business e-mail compromise, or ransomware five days a week, this is the first and hopefully, the only time they’re having to deal with such a thing.

      [07:59] CS: Sure. One of the things that hooked me into your bio and especially the one I just read out there is that, well one, you work in digital forensics, which is a topic I don’t get to discuss a lot on the show and it’s very interesting. Two, you’ve been part of several major and interesting court cases, using your digital forensics background. I wanted to start with some of that. For our listeners who aren’t familiar, let’s start out with what digital forensics does as a practice and as a career and how it differentiates, say from mobile forensics, or computer forensics.

      [08:26] SR: Yeah. Well, just speaking from the beginning, digital forensics is really the application of investigative techniques and of science to study and interrogate digital media. That’s a broad category. It can mean everything from computers, to mobile devices, to SaaS applications, really anywhere where people are using, or interacting with digital information. The reason you do that and this is what makes it forensic, is that you’re recreating either how it was used, or what happened on it, or in some instances, what information it contained. For example, recovery of deleted information. That’s what digital forensic is.

      It’s most often done in the context of litigation. Obviously, there’s criminal investigations. In the private sector, for a company like in my career, more often it’s in the context of civil litigation, a dispute between two companies. There are many different paths and avenues that it can follow, which in my mind what makes it very, very interesting. You can have cases that just vary night and day from one another and it’s all under the specter of digital forensics.

      [09:57] CS: This is more of an umbrella term for all of the things that we mentioned before. This is any data, or digital information and the forensic examination and retrieval and reporting on it.

      [10:10] SR: Yeah, that’s right. It would encompass mobile forensics and other things. Absolutely.

      [10:17] CS: From a career standpoint, what types of things – a lot of our listeners are just considering cyber security as a career and don’t know what they want to start with, but what things should you be learning, or studying, or getting involved with if you want to prepare yourself to possibly move toward a career in digital forensics?

      [10:35] SR: Yeah. I mean, that’s a great question. There’s no one right answer, which is maybe confusing, but also good for people who have taken one path or another and they want to get into this. At my current company, we hire from a very wide variety of backgrounds at Crypsis. The traditional computer science, study of information systems. That’s very helpful. Some universities now even have digital forensic undergrad curriculum. For example, Champlain College has a great program. University of Southern California here in Los Angeles where I am has a great program.

      That’s one thing. I think more critical, more important than just the technical subject matter is that ability to think critically and to have those technical skills, but also to combine that with very strong communication skills, because you’re engaging with clients who are having these problems. It’s one thing to be able to dive deep and do the technical, but it’s another skill that needs to be combined with that to communicate and to correspond with the people that you’re working with, whether it’s attorneys, or whether it’s the victim of a of a cyber-attack.

      [12:09] CS: Can you give me some – that’s not a specific example, but some examples of the type of problem-solving skills you need to be using on a daily basis in terms – like you said, if all the data has been deleted at the last minute, or because they know something’s in there or whatever, what are some of the problem solving skills you have to bring to bear to say like, “Well, this thing’s not here. But how do I get it here?”

      [12:31] SR: Yeah. I think the biggest – one of the challenges that I see very often was very common with people earlier in their career, but even experienced practitioners. One of the hardest challenges is how do I wade through so much data? Even one hard drive, you’ve got, maybe it’s a terabyte hard drive. If you are looking at unallocated space, or all of the event logs, you’ve got millions of entries and you could scroll through that data for days, just one drive and investigations nowadays are commonly hundreds of hard drives, hundreds of endpoints, thousands even.

      What I see is that people really get overwhelmed, even when they’ve got one drive. How do I how do I find the signal and the noise? Even when they’re educated on the different artifacts, or places to look, they find – what we see is people will try and go through them serially and again, just very quickly, get overwhelmed. That’s part of the really – a good skill to learn is how do you filter through all that stuff to answer the questions that you have.

      [13:52] CS: Okay. Is that a thing, where you need to get familiar with certain types of tools that can help you? Are there just instinctual things that you say, “Oh, well. If there’s that many thousands and thousands of potential inputs or whatever, what do you do?”

      [14:15] SR: Yeah. What’s been helpful formulation is starting with the end in mind and thinking about it, okay, here’s the question – the problem I’m trying to solve. Let’s make up an example. Let’s say that our client is worried that somebody stole information from – they were at a company, they left that company and they went. They’ve now started a competing business. Our client is worried that they stole information on their way out the door.

      In that scenario, you can try and sift through every byte on a hard drive, or you can think like, “Okay. If they did that, how would they do that?” Maybe they would plug in a USB drive. Okay, if they plugged in a USB drive, what artifacts would that create on the system? Then looking specifically for those artifacts, well that would create something called a link file. There’d be a link file and there’d be an entry and the registry hive that reflects connection of that drive.

      What it comes down to is basically, having different hypotheses about things that would manifest themselves and then looking for those and testing those theories one by one, to assess whether or not something happened on a computer.

      [15:42] CS: That’s good old-fashioned deductive reasoning then, basically.

      [15:44] SR: Yeah. That’s an investigative skill. Absolutely. The challenge is to keep that focus in mind and not get bogged down.

      [15:52] CS: Okay. To move from very, very simple versions to the advanced level, you teased out some interesting sounding stories in your bio and you noted that you’ve “served as an expert witness and provided expert opinions in numerous high-stake matters.” We mentioned criminal securities fraud, Ponzi scheme. Could you tell me one or more of these stories and how you got involved in testifying with these cases?

      [16:14] SR: Yeah, sure. Let’s talk about the Ponzi scheme. There’s this guy and you can Google him, right now if you like. His name is Scott Rothstein. He was an attorney practicing in Southern Florida. Went down with this very notorious 1.2 billion-dollar Ponzi scheme. Essentially, what he would do was he had a big plaintiff’s class action, or plaintiff’s firm and he would essentially say that he had clients that he didn’t really have, and he would sell to various investors and private equity firms a piece of the settlement, like he would promise forthcoming.

      When my clients settle for multi-million dollars, you’ll get that as a return on your investment, but they want money now, so pay me and I’ll pay you later. He did this on an ongoing basis as a way a Ponzi scheme works, escalating the number of matters and the size of the claims, snowballing up to 1.2 billion dollars. Obviously, like all Ponzi schemes, it eventually collapses. In the wake of it collapsing, there are a lot of injured parties financially, the hedge funds and the investors that lost millions of dollars and there were a number of obviously, a criminal lawsuit against him, but there were a number of civil lawsuits as well.

      One of those civil lawsuits was against his bank. He obviously used a large national bank. The allegation was that his bank was complicit in his scheme and his fraud. The plaintiffs were saying, “You knew what he was doing. You helped him. You were part of that.” The defense, we were retained by his – this bank’s law firm to help them defend against this allegation, because they really didn’t know. They were duped just like everybody else.

      From an evidentiary standpoint, we needed to help look at the digital evidence and to uncover essentially, forensically, what Rothstein and his colleagues at his law firm were doing to perpetuate this scheme. We got through discovery in the litigation, we got our arms on the computers that he and his colleagues at his firm had used and their servers. Our goal was essentially recreate their fraud, see what they were doing to help show the jury that in fact, the bank was not complicit in it.

      When we dug in, it was amazing what we found, just the extent of essentially fabricating wire transfer records, so it looked like he had money coming in that he didn’t have. Basically, creating fake documents, creating fake e-mail correspondence to create these fake plaintiffs that didn’t exist. He went so far as to create a web server that he was running in a closet, where he had had his IT people essentially scrape the real web page of the bank and he created a fake website that would show his bank balance, so he would have investors come in and he would pull up the bank, the fake bank web page and they would see all the money that he supposedly had in his bank account, but it was all fabricated. It was a fascinating investigation that um really allowed us to dive deep into this 1.2 billion-dollar scheme.

      [20:10] CS: That’s amazing, because yeah, you’re not just looking for data, but you’re actually having to recreate, or fabricate his entire financial process and then help a jury understand what they’re looking at, right?

      [20:23] SR: Exactly. Yup.

      [20:25] CS: Yeah. I guess, I want to talk about that a little bit. Is digital forensics something that intrinsically involves face-forward testifying in court, or are there other jobs or tasks that can be done as well? You like to get to the raw meat of figuring out how this stuff is, but you’re a little – maybe you have a little stage fright or something like that. Are there jobs that a digital forensics person can do that don’t involve the face-to-face testimony, or reportage, or whatever?

      [20:56] SR: Yeah, absolutely. In fact, most of the matters don’t ultimately go to court. Even those that do, there’s always a team. If we’re talking about this 1.2 billion-dollar Ponzi scheme, we had dozens of forensic images and terabytes of data. I had a team working with me and at my direction. In the cases that do go to court, there will be one testifier. There’ll be a whole group of people who are supporting and who are vital to the success of the of the project.

      [21:37] CS: Yeah, contributing back-end stuff.

      [21:38] SR: Exactly. That don’t ultimately testify. That’s actually how you learn too. When I started, I was working at the direction of somebody else who was testifying and learning and following their guidance on how to conduct the investigation and what to look for, and ultimately, they would testify. I would learn from and emulate that. I saw again, to my point about adding value, I saw like look, that’s the thing that is the top of the pyramid and I want to be there and work my way up. I certainly started out being a contributor to the team.

      [22:15] CS: Okay. Yeah. Did you feel, by the time you were getting to these high-profile cases and you were leading them, did you feel like you – based on your past experiences that you had the tools that you needed? Or is it always you’re learning it new for the first time every time?

      [22:32] SR: Well, I think that’s one of the things that makes this job so interesting is that there’s always new artifacts, new operating systems, new technology coming online. The whole state of the art in digital forensics is actually always playing catch up. You can spend every day learning new tools, but if you’re busy, you’re always going to encounter a system that you haven’t worked with before. That’s part of the skill is being someone who’s resourceful and can learn new aspects as they go.

      [23:09] CS: Yeah. Walk me through on a day-to-day level, especially even entry versus executive level, what is the day-to-day work of a digital forensics expert? Just give me an entry level person. Are you just working on one case all the time, or do you have your hand in multiple things? You started as an intern who’s like, just get me this data for this thing and this data for this thing?

      [23:35] SR: Yeah. Well, it certainly varies organization by organization. A lot of digital forensics careers are certainly in law enforcement. I want to make that somewhat obvious statement, I guess. I will speak, of course, to what my experience has been and what it is at my current firm Crypsis.

      At Crypsis, we’re doing a lot of the forensic work. We’re doing is also, what you might call instant response. It’s DF, digital forensics and incident response. Our team of consultants and we’ve got a great team of almost a 100 people doing this work at any given time, they’ll have a handful of matters that they’re working on. The number will vary depending on how big or small they are. I’d say, probably three to five is average. What they’re doing is helping, basically solve the problem to investigate in that particular case.

      To give you an example, to make this more concrete, let’s say it’s a business e-mail compromise matter, where an organization has had their e-mail accounts hacked for purposes of some – the threat actor, or the bad guy perpetuating wire fraud. What we will have is a number of analysts on the matter, who are digging into the logs of the e-mail system and the computers of those accounts that have been infected to figure out how the threat actor got in, what did they access while they were in there. Is there any evidence that they took, or exfiltrated any information? Is the threat contained? That’s what the team is working on on an ongoing basis, across many dozens or scores of matters.

      [25:29] CS: Okay. What are people who are hiring in digital forensics looking for in candidates? What are some of the things you absolutely need to have on your resume, whether it’s experiences, or certifications, or info about things you’ve done before. How would a hiring manager look at that and say, “This is the best candidate”?

      [25:47] SR: Right. It depends on the level. We certainly hire across multiple levels, all the way to people coming right out of college, to the more experienced folks. At the entry level, it’s really more about aptitude and demonstrated interest and passion in the field, and the ability to problem solve and to learn from information. We don’t expect someone right out of the college of course, to have years of case experience under the belt, or even for that matter, a lot of specific expertise using the tools, or knowing the artifacts that we leverage. We plan on and do teach people how to do that.

      What we can’t really teach is the intrinsic intellect and intellectual curiosity to solve these types of problems, and some of the communication skills, both orally and writing that make someone a good consultant. We’re looking for people who can be great consultants. We’re looking for who can be problem solvers, and have some demonstrated technical competency that we think can be transferable into learning this field.

      For the more experienced folks that we hire, I think discussions about what they’ve accomplished in the field, some of these matter types that they’ve led. Certainly, there are certain certifications that are good markers. For folks, the CISSP. There’s an NK certification. NK is being one of the commonly used tools. I think that’s called the ENCE. There’s a number of certifications that SANS offers as well that we look for.

      In my opinion, the certifications while they’re great, are not – they don’t demonstrate with 100% certainty that someone has what we’re looking for. It’s really about what they can do with those certifications.

      [28:04] CS: Jumping back to people who are entry-level and want to get in and have the passion and have the problem solving skill, but don’t have a lot on their resume to show for it yet, what are – are there some ways that they can pop their resume in that way to show you that they have that type of analytical brain? Or because, obviously like you said, the actual cheap skin or whatever, doesn’t matter as much. How do you look at an entry-level resume and say, “Oh, yeah. This person seems to be really passionate.” Is it in the cover letter? Is it in the way they talk about their past experiences?

      [28:41] SR: Yeah. I mean, certainly the way they present themselves when we’re doing an interview. Then if that passion, or spark in their eye comes through for this type of work. I’d say commonly, I mean, this is – everybody’s different, but what I’ve seen in a lot of great junior candidates is some way that they’ve explored their interest in their academic career. For example, a lot of universities have clubs, where they have a digital forensic, or incident response club, where they do capture the flag exercises, or they’re doing some of the things out there. I interviewed a candidate not too long ago, where I think he had built a network at his house. They’re just showing an interest in diving into this, even on their free time.

      [29:35] CS: That they’re in the game.

      [29:36] SR: Exactly.

      [29:38] CS: Get some skin in the game. Okay. To jump from that, if you’re maybe far from a large tech center, or you’re not – where you want to you start doing this type of work, say you’re in a different industry altogether, are there ways to get experience you need? You mentioned colleges and capture the flags and stuff, but are there – if you’re in another part of the country, or you’re not near a tech center, you’re caring for ailing parents or whatever, are there other ways that you can document your potential employers that you’re in this?

      [30:08] SR: Yeah. I think, especially in the times of COVID right now, we’re in an unprecedented environment of online learning, being just such a – as good as it’s ever been. I mentioned Champlain College. I think they’ve got a great online program. Even those that aren’t fully accredited universities, I’m sure – and I’m not up to speed on what all of them are. There are certainly numerous online courses, as short as an hour, up to the full college type thing that someone could dive into.

      In fact, one of my colleagues at Crypsis, when we hire – He’s been a colleague for a long time now, but when we hired him, he was making a career transition. He had been in it in IT and worked his way up, but realized where his real passion was was in digital forensics and incident response and cyber. On his own time, he took it on himself to enroll in some SANS courses and to just push his own knowledge in that direction. When we interviewed him, while he had no practical experience in DF or IR, he was coming to us with this demonstrated passion and his own initiative to learn these things. We gave him a shot and he very quickly became one of the best assets we had.

      [31:45] CS: Cool. Yeah. We’ve talked a lot about, specifically about digital forensics today, but you also mentioned incident response and you have data breach, risk management background, insider threats and so forth. There’s lots of people who are just getting on the ladder and it might be hard enough just to figure out digital forensics for them, but do you have any thoughts or advice for people who want to – who are on that path a little bit and want to diversify?

      I guess, what I’m trying to say is things like incident response and risk management and so forth. Are those significantly different where you’re going to have to learn different things? Or do you pick up a little bit of all of them just by being in this particular section of the industry?

      [32:29] SR: Yeah, there’s tremendous overlap and depending on who you talk to, you might get a different answer about the definitions of each. I would say, digital forensics and incident response are very intertwined. In my opinion, you can differentiate them a little bit, because digital forensics is often more of a historical – from a temporal perspective, it might be going back a little bit further in time. It’s often focused on one or few – a smaller number of items of media where IR, incident response is, it can very often be something’s happening now and it’s my enterprise.

      Certainly, forensics is more aligned with the litigation, where digital forensics is more about an active threat actor. The tools are very similar. What you’re looking at and interrogating on an endpoint can be very similar, so there’s tremendous overlap and they commonly are – the acronym is DFIR all the time.

      When you get into cyber risk management, cyber security, there’s more of the governance risk and compliance aspect of that, which is very different, and that you can get into, is this organization have a robust information security program that aligns with the standards, like NIST and ISO and the critical security controls? That is a bit of a different branch. At Crypsis, at my current firm, while they’re altogether in our professional services organization, we tend to have people that specialize a little bit more on proactive cyber risk mitigation, versus the incident response and DFIR on the other hand.

      [34:28] CS: Got you. Okay. You have a lot of related areas of expertise, so I want to get your crystal ball predictions on things. Where do you see things, like breach mitigation and forensics investigation and risk management related fields going in the next five to 10 years? I assume they’re all going to be hugely growing, but do you see any procedural, or technical, or tool-based changes that are coming down the pipeline that you’re excited about?

      [34:53] SR: Yes. We think about that a lot here at Crypsis. Really, always in the context of how can we better help and protect our customers? What’s coming down the pike from a threat perspective? How is technology changing in a way that’s going to change the way we deliver our services? I think one thing that’s interesting is if you look back in time, there was this golden age of digital forensics, where it really meant – what digital forensics meant maybe five, 10 years ago was what we call now, dead box forensics, which was essentially, having a computer creating a forensic image, looking at that forensic image and that was forensics.

      Nowadays, it’s really as hard drive sizes explode, as IoT devices jump online, as enterprises are – incidents implicate an entire enterprise and not one computer, and you’ve got to consider thousands of endpoints for one case that each one of them is 500 gigs, you can’t do this dead box forensics. It just doesn’t scale. What we think about nowadays is how can we do forensics at scale? How can we tackle and answer these questions when we have to consider a 1,000, 5,000 all simultaneously?

      We actually spend a lot of time thinking about what tool sets do we need to bring to bear to do that? In addition to on the network, there’s also obviously cloud infrastructure. Whether it’s AWS, or Google Cloud, or Azure, that, plus SaaS applications, like Office 365, these all are introducing different areas to investigate that are really just exploding, and the tools and the techniques need to stay – they need to keep up with those different areas.

      [37:01] CS: Okay. Yeah, as we wrap up today, you’ve talked a little bit about Crypsis Group, but tell me some of the projects that you currently have in the works that you’re excited about.

      [37:09] SR: Yeah. I mean, Crypsis as a cyber security company, our mission every day is to help and protect companies. We do that by investigating and stopping cyber threats. We help over 2,000 organizations globally. We’re really, really busy doing incident response as I mentioned. We’re seeing every day, companies getting hit by enterprise ransomware attacks that are crippling their organization. We’re seeing business e-mail compromise that’s leading to millions of dollars of wire fraud, that we’re helping companies respond to. Our team has its hands very busy helping organizations with these types of problems. That keeps us busy and keeps our team focused. That’s what we’re doing every day.

      [38:08] CS: One last crucial question here. If our listeners want to know more about Sam Rubin or Crypsis, where can they go online?

      [38:14] SR: Yeah, sure. Our website, crypsisgroup.com. C-R-Y-P-S-I-Sgroup.com. Twitter we have @CrypsisGroup. LinkedIn, I’m at LnkedIn/SamRubin. R-U-B-I-N.

      [38:32] CS: Perfect. Sam, thank you again for joining us today on Cyber Work. This was super fascinating.

      [38:36] SR: Yeah, great. Thanks for your time, Chris.

      [38:38] CS: Thank you all for listening and watching. If you enjoyed today’s video, you can find many more of them on our YouTube page. Just go to youtube.com and type in Cyber Work with Infosec to check out our collection of tutorials, interviews and past webinars. If you’d rather have us in your ears during your workday, all of our videos are also available as audio podcasts. Just search Cyber Work with Infosec in your podcast catcher of choice. If you wouldn’t mind, we would love a five-star review and a review if you can spare the moment.

      For a free month of our Infosec skills platform that we discussed at the start of today’s show, just go to Infosecinstitute.com/skills and sign up for an account. In the coupon line, type the word cyberwork, all one word, all small letters, no spaces and you can claim a free month.

      Thank you once again to Sam Rubin and Crypsis Group and thank you all for watching and listening. We will speak to you next week.

Cyber Work listeners get a free month of Infosec Skills.

Use code “cyberwork” to get access to hundreds of IT and security courses today.

Get Started

About Cyber Work

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.

Get $100 for your feedback!

Take this short survey about the Cyber Work podcast and be entered for a chance to win a $100 gift card!