Inside the FBI: Cyber, Counterintelligence, and Career Paths

Show Notes

In this episode, we interview Matt Osegard, a retired FBI Supervisory Special Agent with over 21 years of experience in cybersecurity and counterintelligence investigations.

Matt shares his journey from Army officer and classroom teacher to leading cyber and counterintelligence operations inside the FBI. We discuss:

• What training at Quantico is actually like
• How agents get assigned to cyber and counterintelligence roles
• The evolution of cybercrime and ransomware investigations
• The investigative mindset required to solve complex cyber cases
• What happens when an organization calls the FBI during a cyber incident
• How the FBI works with international partners to pursue threat actors across borders
• Advice for anyone considering a career as an FBI Special Agent

If you’re interested in cybersecurity careers, federal law enforcement, counterintelligence, or how cybercrime investigations really work, this episode gives you an inside look at the mission and the mindset behind the Bureau’s cyber operations.

Come hang out with us in the Cybersecurity Mentors Skool community. It’s free to join.

Chapters

• 0:00: Opening And Guest Introduction
• 2:32: From Army Officer To Seventh-Grade Teacher
• 6:51: Why The FBI And Getting To Quantico
• 9:34: Life And Training At Quantico
• 14:10: Assignments Across FBI Programs
• 16:56: Counterintelligence Explained
• 19:21: Cyber’s Evolution Inside The Bureau
• 21:36: Roles On A Cyber Squad
• 27:13: The Investigator Mindset And Training
• 31:48: First Contact: How The FBI Engages Victims
• 37:02: Case Stories: Wires, Ransomware, And Stalking
• 41:40: International Cooperation And Legal Attaches
• 45:44: Career Advice For Joining The FBI
• 50:06: Reflections, Legacy, And Closing

Transcript

Opening And Guest Introduction

SPEAKER_01 0:00

I think with investigations and and cyber investigations certainly you you ha you gather a lot of puzzle pieces to try to put the puzzle together. And a lot of the puzzle pieces that you get aren't part of your puzzle. And so you gotta discard those or know to discard those and keep at it, right? Uh just like you said, uh and the technique that you use today, it didn't work today, but it might work the next time you try it.

SPEAKER_02 0:29

Did you teach me?

SPEAKER_04 0:32

Then learn flight. Make your roll done your stuff.

SPEAKER_03 1:01

Welcome to another episode of the Cyber Security Netflix podcast. Today I'm joined by Matt Aftergard. Who is a hired supervisory special agent for the FBI? She served over 20 years for the FBI, mainly as a Chicago field office. I had the pleasure of meeting Matt at the FBI Sea Field Academy at Monico. I talked about it a few times. You're probably tired of me talking about it. But I had a great, I mean it was a great experience. It was really cool to hang out with Matt and the guys that are really fighting the fight with us from the FBI. And before I went, they told me they're like, hey, you know, don't get all excited and and uh and start to sign up for the FBI. Fortunately, probably fortunately, I'm too old. But I'm not gonna lie, when I was there, I was like, you know what? If I was in my 20s, I would be interested in doing this. I mean, that that was my experience with Matt and others just professional, just you know, in it for the right reasons, trying to protect Americans, trying to be uh be that frontline defense and help us all uh battle the threat actors that are out there from different ways and different places. But that was that was my experience. So, anyways, long introduction, but thank you, Matt. Uh thanks for joining us.

From Army Officer To Seventh-Grade Teacher

SPEAKER_01 2:28

Thank you very much for having me. And the CISO Academy is a great thing, and uh FBI would be happy to have someone of your caliber. So an event like that could turn into a recruiting event too, if if we look at it the right way.

SPEAKER_03 2:40

That's probab part of what I wanted to bring you on today is just kind of give people an idea of what that career path looks like, right? Um to get to be working at the FBI, to be working in cyber with the FBI. Uh but before we get there, we're gonna get there. Um let's talk a little bit about your your journey to get there. Um I didn't realize this, but you were a teacher at one time. So how did how did you how did that land? How did you get to that path to becoming a teacher?

SPEAKER_01 3:11

Sure. I'm gonna start this by saying I'm retired from the FBI. So uh today the the viewpoints that I give are mine, uh my opinions, and they're not the official position of the FBI, uh, but I'm excited to talk about it because it is a great place. So, yeah, I uh grew up in very rural Wisconsin, uh, attended Marquette University and got an undergraduate degree there and participated in the Army ROTC program. So after graduation um was commissioned into the Army and I served for about four years as an armor officer, mostly in Germany. Uh had met my future wife uh in the early part of my time in the Army, and so when I left uh active duty service, I moved to Louisville, Kentucky, which is where she and her family are from, and uh and didn't have a job when I got there. But I had studied history and teaching at Marquette and so got a job teaching uh initially seventh grade social studies. And uh that was a great experience in a really awesome school district. Um I was teaching and coaching some cross country and track. Um that the first year I taught was 9-11 happened, uh about three years, three weeks into my tenure there, and uh kind of had a thought uh you know, I'd just gotten out of the army and I knew now that uh all the all the people I'd been serving with were now gonna be engaged in whatever was to come after 9-11, and I had some thoughts about uh wanting to get back into that game somehow. And so uh after that first year of teaching, I put in an application with the FBI, who I knew was h was gonna hire a lot of people, and it took about two years. Uh I you know, I didn't have a real special background that they were looking for at the time. They they were always looking for attorneys, military intelligence, police officers, accountants, foreign language specialists. I had none of those discernible skills, so it took a while. Uh but in 2004 uh came on board with the FBI and was um after the training at Quantico was assigned to the Chicago office, where I spent almost my whole career. I did one tour at headquarters and during that time worked primarily counterintelligence uh and then l at toward the end of my career supervised some cyber work at the FBI.

SPEAKER_03 5:22

Yeah. Wow. So back to to your teaching days, what what was it like to teach a bunch of seventh graders? As you might imagine. Yeah, yeah. I mean, look, like there's a lot of there's actually a lot of skills that you get from teaching a bunch of seventh graders. Yeah.

SPEAKER_01 5:40

This is a really good school and a lot of good kids, but um I think that first year I had uh was responsible for almost 200 kids. And so for me, you know, I kind of thought, well, I came out of the army, like what's gonna nothing should be harder than that. And in many ways teaching was uh, you know, sure trying to reach and impact uh all those different uh people at that age and just manage the uh uh not just manage the classroom, but the the grading and the how do you give an honest assessment for that many people? It was uh it was a wake-up call for me for sure. Yeah. Uh but a great learning experience as well.

SPEAKER_03 6:16

Well and and back to the army, like uh how did that how did you pick the army? I mean you were in the army R O T C so that helps you get a glimpse of it.

Why The FBI And Getting To Quantico

SPEAKER_01 6:26

Uh I think going back to high school, uh it was it was something I had certainly considered uh to do at some point in time. Um my my my dream in high school was to be a college wrestler. And uh and I did do that a little bit in college, but but I wasn't a super you know, I wasn't to the level of success to be you know a superstar. And so um I I knew a guy in high school who had gotten a ROTC scholarship, and they had a big awards ceremony when I was a freshman and really looked up to this guy. And uh, you know, they gave out all these scholarships, five hundred dollars here, seven hundred dollars there, two hundred dollars there, and then this Air Force officer walks out and gives this kid a sixty thousand dollar scholarship. And I thought, well, maybe that maybe that would be a good option. So I applied for an army uh scholarship and was blessed to to get that and uh allowed me to go to Marquette and get some incredible training in ROTC while I was there and then an unbelievable experience in the Army as well.

SPEAKER_03 7:27

Yeah, that's very cool. Yeah, um, so then why the FBI? What what you know is all you know, did you know somebody in the FBI? Did you have some insight into that?

SPEAKER_01 7:39

I didn't really. There was a lady I worked with whose husband was an FBI agent, um, and uh I didn't know him you know closely, but I think there was definitely a mystique about the FBI. Um I remember in the Army um uh a a friend or two of mine uh got to go uh work at a special headquarters. It was a lot of things going on in the Balkans at that time, late 1990s, very early 2000s, and so they were doing some war crimes work uh and it was an interagency effort. And these lieutenants that who I served with came back and told these incredible stories about getting to work with the FBI and the you know the really neat things that they were doing, and I think that put a stamp on the quality of that organization, other than just the reputation that it had and has uh when I was growing up too, right?

SPEAKER_03 8:32

Yeah. Okay. So you show up at Quantico, right? Was it uh was it a um oh mo oh you know, you've been through you've been through the army, been through boot camp, so you had some of that experience of you know indoctrination and all that, but how was it different?

Life And Training At Quantico

SPEAKER_01 8:49

I didn't know what to expect. Um one of the neatest things was the uh w when I came in they were they were putting a lot of people through Quantico, they were hiring a lot of people. So every two weeks, fifty new agents would arrive at Quantico and start uh I think it was eighteen weeks at the time I went, so there were a lot of classes there, it was very busy. But the class ahead of you moves you into your dorm room. So you're greeted at the front door by these other brand new agents. Everybody's super professional, uh you know saying hello to each other in the hallways, and they they move all your things into the room. And then my second impression that was really good was uh my roommate was already in the room, of course I'd I didn't had never seen him or met him before, but he's got an army poncho liner, which if you've been in the army, you've you've got a at at that era anyway, you've got a poncho liner. So I knew we were gonna get along and uh you know, but uh some the the curriculum there is is great. I usually describe Quantico as a for for a new agent as a cross between high school and college and the military. And you know, you're in some i in the beginning at least when I went, we were in classes that were not completely unlike high school, you know, lecture classes, taking notes, take tests. It was a little bit like college in that you're living in a dorm. You're sharing a room, uh, you're sharing a bathroom with with two other guys, you're eating in a cafeteria, uh you know it's it takes you back a a number of years to that environment. And then a little flavor of the military as well, because you're doing some training that are that is you know, tactical training, a lot of firearms training, some defensive tactics, not maybe exactly like the military, but but definitely some some military type aspects to it. So that's kind of a gentleman's course. You go on Monday to Friday. I I was expecting, you know, kind of worse, like uh there'll be some middle of the night hijinks or uh extensive weekends in the field and there wasn't wasn't too much of that. So you got to spend your off time as you please, and it it was an opportunity to make friends with those other fifty people in my class, really.

SPEAKER_03 10:58

Yeah. Yeah. I ate at that cafeteria and that was like okay, I get the vibe, right?

SPEAKER_01 11:04

I'll tell you what, like the when you went, it was a lot nicer than when I went. It was an older cafeteria back then.

SPEAKER_03 11:11

Yeah, yeah, yeah. Yeah, it was nice. I'm not gonna complain. Um, so at some you know, once you get in and you start getting through the training, how how long are you typically there at Quantos?

SPEAKER_01 11:22

I think when I went it was about 18 weeks. And that's changed, you know, it it's uh it was probably a little shorter before I went. Uh but it but it's uh it it covers kind of a once over of what you might be expected to do as an FBI agent. So, like I said, you start with a bunch of classroom instruction on laws and investigations and the Fourth Amendment, um you take a bunch of academic tests. And then you do you you kind of build into uh some ta more tactical scenarios. Like we're we're learning about how an investigation progresses and the different things you can do in an investigation, and now we're gonna we're gonna practice some of those. We're gonna do some surveillance, we're gonna uh we're gonna interview someone in a you know non-confrontational setting, and then you build on that. You're then you start doing some shooting and you do some defensive tactics training in the gym, some fitness, you're taking fitness tests here and there, and then toward the end, you're actually kind of I I think they still probably do this, but you're working you're as a class, you're working on an investigation. Of course it's a notional investigation, but it incorporates, or at the time it incorporated, you know, drugs, fraud, potential terrorism, smuggling, some of the different types of things that the FBI would investigate. And so toward the end you're doing more high risk uh you know, law enforcement type operations in the the fake town called Hogan's Alley that they have there. Uh and so uh uh and it you've got some specialized training, maybe in a little little exposure to cyber, a little exposure to counterintelligence, just some of the some of the things that the FBI does that you you might do once you get assigned to a field office. Um and then, you know, once you've passed all those tests, defensive tactics, shooting, fitness, all the academic tests, uh then you graduate. Um and and when I was there part way through you would have an orders night where you you find out where you're gonna be assigned. Um that was exciting, nerve-wracking, anxiety-filled evening where you you go in there with no idea where you're gonna be living in a few months, and you and then you leave with with an office that you're gonna be assigned to.

SPEAKER_03 13:31

So Yeah. I I remember when you when they mentioned that and uh and thinking about wow, I didn't I just didn't realize that was how it worked. Um and so that was a big it's a it's a big deal, right? They've got the the the map and you know you used hopefully not Alaska. I mean I don't know, Alaska might be cool. I mean for some periods of the year.

unknown 13:51

Yeah.

SPEAKER_01 13:51

I think a lot of people go up there and don't they uh they don't come back. They they really like it up there.

SPEAKER_03 13:55

Yeah. Yeah, yeah. But you just you know it and I'm sure it's kind of like based on what they need.

Assignments Across FBI Programs

SPEAKER_01 14:00

You know, maybe it's just the the dartboard, but it's it's very much on needs of the bureau at that time that your class is coming through. And uh now uh so that was very time honored. They had kind of followed that same protocol for decades. And uh just before I retired last year, they moved, at least then I I don't know if it I presume it's lasted, to a model where they they assign you that office before you go to Quantico.

SPEAKER_03 14:26

Wow, okay. So you know Wow, okay.

SPEAKER_01 14:30

A little little you know, a little more kinder and gentler and friendlier. Uh but that that that orders night was a pretty cool tradition too.

SPEAKER_03 14:38

Yeah, yeah, for sure. Um so I was gonna ask about Cyber as well. Before I talk about that though, I think this may be another misconception, or I I just didn't realize. You're kind of the twist army knife of what you might be doing as a as an agent, a special agent. Um can you talk about that a little bit and how uh you know, hey, this is what we need and this is what we're gonna plug you into. How does that work?

SPEAKER_01 15:08

Sure. Um so the FBI's got a a a very broad range. It's you know, it's a federal law enforcement agency, it's also a member of the intelligence community, it's got a really broad range of uh federal criminal violations and threats to national security that are under its purview. So uh each FBI office, there are 55 around the country, and they are charged with uh investigating those violations of all those laws and those threats to national security. So every office is going to have a component that is focused on uh organized crime, criminal enterprise, cyber, counterintelligence, counterterrorism, public corruption, uh hate crimes, I know I'm probably forgetting some things, and I apologize to the FBI people who listen to this who are who will want to fill in those blanks, but you know, a a whole a whole bunch of uh variety of of threats uh that you could get assigned to. So once the office determines, you know, who who are the new agents arriving here in a few months, um most offices undergo a process where they're gonna try to put that person's skill set to use. Uh so if you know if someone comes into the FBI, say with uh a cyber type background and they're interested in doing that kind of work, you know, hopefully the office can can make that happen. Sometimes it works, sometimes it doesn't. Sometimes there's a gaping hole in the gang program, and and that's where you're just gonna start out, uh regardless of what your background is. Uh but it when when the numbers are uh you know relatively full, either in the field offs you're going to or across the bureau, that's when people kind of get to the offices that they want to get to more likely and get to do the assignments that their skill set and their interests line up uh more likely.

unknown 16:54

Okay.

Counterintelligence Explained

SPEAKER_01 16:55

So in my case, I I don't think I knew how to spell counterintelligence, uh, but uh I was interested in it, and uh and that's where I was initially assigned.

SPEAKER_03 17:05

Well, that's good. I think it's a good lead-in. So could you talk about counterintelligence and and just describe that for folks?

SPEAKER_01 17:13

Yeah, at the most basic level, it is our efforts to counter spying by f foreign governments, foreign adversaries. So historically, that is espionage. Um that would be our adversaries operating intelligence officers, you know, most classically out of an out of an embassy. Uh, and and their job would be to steal U.S. secrets to advance the interests of of their country against us. Over the course of decades that has gotten a lot more complex. And you know, these days uh you don't necessarily that you don't necessarily have to have an intelligence officer posted at an embassy to do that. Uh you can uh there are and it's more than just stealing secrets as well. It could be stealing technology from a company that uh you want your your key company that's in your country to gain a competitive advantage over the United States. It could be try to you know influence an election. It could be a regional issue that maybe isn't directly against the United States, but maybe you've got two rival countries that don't like each other, and they are you're doing things in the United States to sway American influence in their favor against their adversary. So um you know a lot of different facets to that. And then you know, more recently this has become a part of our cyber work. It's uh I say our cyber work is broken into two buckets. Uh criminal work that is focused on you know people not connected to a nation state that are doing computer intrusions, usually for monetary gains, sometimes for other reasons. Uh but our the other is the second bucket is our national security bucket, and it's those same intelligence services and military intelligence services. Uh they're doing a lot of those things that they've historically done. It's just now they've got a team of hackers to do it over the over the internet.

SPEAKER_03 19:00

That that's really good. Um when you were coming up and and starting, you know, when you were assigned in your first offices, um cyber was probably very young, right? Like how much how much was cyber discussed and and how did you see it increased?

Cyber’s Evolution Inside The Bureau

SPEAKER_01 19:18

I got to see a little bit of it. It was you know, I wasn't assigned to that squad, but um as a new agent that uh we had one cyber squad when I first started out, and uh I think some of the they had some great people on it, but some of the case types of cases they were doing at that time were uh DVD pirating cases. Right? You've got that warning on the mu on the movie that it's illegal to take that and the FBI feel is there, like they were enforcing that or we were enforcing that at the time. Yeah. And so yeah, very uh it was it had been around a little bit, but wasn't super sophisticated. It you know, around the time I came in was post-9-11, so they're bringing a lot of people on board for the terrorism fight, but they were hiring people with computer science backgrounds in order to develop a better cyber workforce. And so I think over the course of my career that program matured exponentially uh to where we've got very sophisticated tools and people uh and a great strategy too to to really go after the the you know the the worst of the worst uh criminal actors and nation state threats. Um and uh yeah, it it's a it's really developed a lot.

Roles On A Cyber Squad

SPEAKER_03 20:54

So I think that brings me to there's two things. I don't want to forget it. I wrote it down. The different types of roles in the FBI. You mentioned that you wanted to mention this, so you want to go into that a little a little bit?

The Investigator Mindset And Training

SPEAKER_01 21:07

Right. So um I came in as an agent and and I'll say, you know, in the cyberspace, I think the FBI is uh, you know, the the core of cybersecurity are those folks defending a network. You know, for Clemson University like like you and your team or a company or a municipality. Um but there's a a whole industry of cybersecurity that's adjacent to that, and the FBI is one of those partners. And so you you our job is to conduct investigations primarily and and attribute who did the bad thing and bring them to justice, or if it's a nation state threat, uh that m that might be part of the equation, or just to stop them from being able to do the bad thing. Right? And so we've got a number of roles at in any in any office and at our headquarters to support that mission. The agent job is probably what most people think about when they think about the FBI. It's the largest portion of the FBI's workforce. Uh when I left there were about thirty seven thousand FBI employees and about thirteen thousand of those, I believe, are agents. Uh it's so i in an office uh you you would break your office into branches and squads, and squad is kind of basic work unit. And every FBI office has at least one cyber squad. And on that squad are typically going to be a group of agents. A typical squad is probably eight to ten agents. Sometimes it can be smaller, sometimes it can be a little bit bigger. And their job is to conduct investigations. And so they are gathering evidence. They're they're um uh taking complaints that come into the FBI and following up on those complaints to determine is this something uh that uh that we should open a new investigation into because it's it's bad. Uh you know, it it meets the threshold for a violation of a a crime. Um and it you know, it's uh maybe it's a critical infrastructure victim. Uh there's all these factors that might go into play. We talked to our US prosecutor's office about whether they would support opening a new case or not. Anyway, you're dealing with a lot of complaints. Uh in those complaints, you're also assessing uh is this complaint tied to something that's already being investigated? And I would say in the cyber world that happened a lot. We would get a complaint in Chicago, you know, someone's a victim of this apparent intrusion, um, which we look into a little bit and find, oh, there's there's enough signature here that we can identify this threat actor is owned by FBI Pittsburgh or whatever other office. And that would actually happen all the time with ransomware cases because the FBI would work ransomware cases kind of like we do our national security cases. Those those groups either give off enough of a signature or they've got that nickname for themselves that uh we'll kind of pick an office or two to to you know work the case against this particular ransomware group. So if uh you know FBI Tampa has a case on a particular ransomware group and there's a victim in Chicago, well, we're just gonna be the interface for FBI Tampa with this local victim. But anyway, the agents are they're gathering evidence. When they open an investigation up, it might be s uh working with our prosecutor's office to serve legal process to compel the production of records related to someone's use of a particular account or uh an IP address. Um they're uh conducting interviews with victims and witnesses and then potentially subjects at some point in time in the case, and they're at the highest level preparing for you know much more intrusive investigative techniques like writing an affidavit to present to a judge where you want to search an email account or you want to search a house because there's evidence of a crime in that house, and that's a big document. Uh you've got to put a lot of facts together, you make a compelling case that there's gonna be evidence of this crime there, and then uh and then actually doing a search. And so you've you've got to have the skills to not just put the case together, but but actually, you know, very early in the morning go into someone's house and and get that information. So those are all the you know a very wide set of duties that a that an agent has. Um but there's other roles that support the cyber mission as well. We've got computer scientists, um, and they're probably most closely associated with an actual network defender, like they're using sophisticated tools to look at malware, to r to review logs, uh, and they they provide a lot of assistance to to our investigations, uh, you know, high higher order technical assistance, I would say. Uh we've got uh digital forensic examiners, and those are kind of adjacent to our cyber investigative program, but uh not just within our cyber work, but in all of the work that the FBI does, and even our partner law enforcement agencies do, we're gathering a lot of digital evidence. And you want to make sure that you've got someone highly trained in chain of custody, uh, you know, ensuring that you're capturing this the right way, that you're not uh disturbing it, deleting it, uh changing it in some way that's not going to make it admissible in court, and that if it does go to court, they can explain how how all that uh was gathered and reviewed. Um so the digital forensic examiner job is a good one. And then there are other jobs that are not specifically cyber, but if you find yourself on a cyber job uh squad in that role, you might be doing a lot of cyber work. Like I had an intelligence analyst on my squad, and uh and his job for years was tracing cryptocurrency. And so he kind of self-taught in the beginning and and became very, very, very good at it. Uh, and so he he kind of owned most of the uh cryptocurrency wallets that our squad was tracing for uh you know many, many different investigations, and uh, you know, not just doing analysis of of what had happened with that uh with those funds, but uh setting up alerts so that if it ever moved that we we would be apprised of that. Um and then on certain occasions when we would get the the authority to seize funds, uh he was uh one of the one of the number of guys we could really trust to move that from the bad guy's wallet to the government controlled wallet uh and and make sure it got done correctly. Uh so provided a great service. Um and then we also had some tactical analysts that would do uh you know basically a lot of research into things that we would find in our investigations. So if an agent uh agents gathering a ton of records from grand jury subpoenas, uh court orders, uh through um you know cooperation of victims, and and uh oftentimes a lot of data is coming in, and they may review that to try to you know flesh out information that we might be able to follow up on. Like um one story I like to tell, we had a case on uh a couple guys who who um had been running we felt like we were running a marketplace and thought that we had identified who the subjects were, but weren't completely sure, and our tactical analyst used some information she gathered related to the this person's spending habits and and then seeing some things on social media that that person was wearing that lined up with things they had seen in those financial records. So just invaluable uh service that they could provide too. So all kinds of cool uh jobs in addition to the agent job.

SPEAKER_03 28:38

Let me apologize there for a second because I think it's just something that I I feel but I'm not sure if I put my finger on it. But that investigator mindset. Like there's a there's a mode that you kind of get into it. It's been a lot of different things. You don't know how to connect it's tough to do it when you can connect the dots, right? Okay, that's interesting. Let me I can weed out the noise of the all the volume of data or are just evidenced, right? Is that something that you know they try to teach, or is it just like on-the-job experience with the FBI? What is your experience with that?

First Contact: How The FBI Engages Victims

SPEAKER_01 29:29

I think it's a little bit of both, and I think the best agents are uh you know motivated to teach themselves a lot uh and uh creative and diligent and uh and will do you know testing on their own to test out their theories. But I'll also say the FBI does a really good job providing training to our workforce. Uh and so I could I would give you a couple examples, one of the former and one of the latter. The former, uh we had a complaint um that came in from a local police department, and it came through one of our sub uh suburban uh resident agency offices, and they said basically uh there was a threat uh a bunch of people received anonymously at this school on their phones, and uh the police department was kind of flummoxed over how they might be able to try to figure out who sent this threat and wondered if the FBI would help out. Uh that's not, you know, we didn't have a case open or anything like that. Not really a f necessarily a federal crime at this point, uh, but we have the ability to help local folks. And so I had uh computer scientists and an agent uh brought them in and kind of went over this with them and asked them what they thought, and they said, Yeah, we might let's let's just look into this and see if there's a way we could be able to help them out. So, you know, on their own initiative, they went out, did a bunch of research, found a paper that had been written on this topic recently, they that gave them some guidance, uh, got their phones tested, uh, tested this type of messaging, uh, tested, you know, trying to get some information off the phone, uh, and and basically figured out a process that a local police department could use if this came up again, uh it might be able to g gather the right information and then they could either give that to us to try to solve or if they had the right tools they could potentially do it themselves. Well sure enough, just a few weeks later the same police department had the same issue pop up and because these guys had of course they'd thoroughly tested this and felt like this is this is going to work and it's you know, it's it's something that a local police department could do uh, you know, on their own win in a time crunch, because you're gonna have to do this fairly quickly. And um sure enough it happened. They they followed the instructions, uh, they passed some information to us. Uh it was the end of the day, gave it to the computer scientists, and by the time he got off the train he had a phone number. Gave it back to the police department the next day it was a student uh needed to confess to it the next day. So, you know, that's a lot of that's that's a lot of initiative on their part. Right? Yeah. Uh and then the second category, the training, I had a lot of uh a lot of agents that come in with without a cyber background. Like I didn't have a cyber background either, right? Um Army Ranger came in, no cyber background at all, but really interested in learning. Uh police detective, no cyber background, but super interested in learning. These guys got you you're familiar with the SANS courses? Yep, yep. Right? So we use a lot of SANS at the time. I think both those guys got ninety-eight or a hundred on a four oh one test with no no background. And I know there's other people that do that, but impressive. And both became you know very, very outstanding investigators of cybercrimes in really short order. Uh and so that's obviously an initiative on their part, but also the certainly helped a lot with the the training that the Bureau provided them. Yeah.

SPEAKER_03 32:58

I think one thing you said there too is diligent. What I found is that sometimes you just gotta be like just don't give up. And you have to come back to it later. Like that diligence of like don't you know it's frustrating, you run into brick walls, you run into dead ends, you run into dead ends, but usually it's where you just kind of keep keep going, keep going, and then all of a sudden you're like, oh, this this thing. I've eliminated so many things and then this thing, but that diligence sometimes it people will give up too soon.

SPEAKER_01 33:30

I think with investigations and and cyber investigations, certainly you you you gather a lot of puzzle pieces to try to put the puzzle together. And a lot of the puzzle pieces that you get aren't part of your puzzle. And so you gotta discard those or know to discard those and keep at it, right? Yeah. Uh just like you said, uh, and the technique that you use today, it didn't work today, but it might work the next time you try it. Or it didn't work today, and and we're gonna try this other thing. Um there was another um agent in the FBI that uh he was a self-taught agent in another office and took it upon himself. He was very diligent, and he would come up with these novel solutions to really difficult problems, and he just started publishing a blog, and it was so helpful to the whole workforce, uh, you know, all across the country to employ those techniques that he had figured out uh that would be very helpful, not just for his own investigations, but across the entire organization.

Case Stories: Wires, Ransomware, And Stalking

SPEAKER_03 34:27

Yeah. Well, um thinking about what it's like when somebody calls the FBI and and I'll give a short story about my experience of being called by the FBI, which which I thought was the FBI at the time, it actually turned out to be. Hey, the FBI is trying to get a hold of you on like uh okay, start Friday. I think it's a Wednesday. But anyway, that was done on campus to get a phone call. Okay, start, stop, everybody, start full, get on call, starting, five, four times, two does, two, two my teams, they had already seen it very timely, very helpful. Spoke to me about the FBI, the charity of the organizations, right? How good how helpful they can be to organizations that find to when you do get the phone calls, how it can be actionable and very timely to be able to jump in. But what when they call and you you are calling them and or they call you, what is that like, like the first you know, few hours to a couple of days? I know it depends on the situation, but from your perspective.

International Cooperation And Legal Attaches

SPEAKER_01 37:02

Sure. So you you uh especially if you're working, I'll say criminal cyber matters, you're whatever field office you're in, you're dealing with a lot of those complaints that come into the FBI. And they might come via a phone call, but they might come in via an email, or they might come as a complaint to our complaint center website, which is uh I s the letters I, C, and the number three.gov. The Internet Crime Complaint Center gets many, many, many, many hundreds of thousands of complaints every year, and some of those get routed to the field office for follow-up. Essentially, you're you're looking, you're assessing what information has been provided. Uh does it does it sound bad? Does it sound legitimate? Uh, what's the industry represented? Uh you know, is it a grandma that lost her life savings? Is it a Fortune 500 company? Is it a mom and pop manufacturing? Is it a public library? They come in from all over the place. Um and most times you're going to follow up with that victim via a phone call just to get a further assessment of this and pr and probably gather some more facts. And then uh take all that information that you've gathered and do some research. Uh, because in many cases in many cyber cases, what what you receive in your field office may already be something that somebody in another office is aware of or is already working on. And so you're looking at is this a bigger problem that someone else is dealing with already? And I can help out in that effort, you know, gather some more information and provide that to the this other agency or office that's doing this investigation. Or uh, you know, in some cases you find, hey, there's been six complaints that look just like this, but doesn't look like anybody's opened anything up yet. Right? And so um in in the cases where you know it looks like something's bad or it's uh it's a critical incident, nobody's looking at it yet, then you're gonna you're gonna open an investigation, like a federal criminal investigation into computer intrusion or unauthorized access. In in my case, uh I would always talk with our prosecutor's office first uh about the the facts of the complaint uh to make sure that we're gonna have support from the prosecutor's office in the conduct of that investigation, that they'll support issuing grand jury subpoenas, that they'll support if we need a search warrant, uh, you know, potentially down the road, somebody may get indicted, or we may do a search warrant at a residence. You don't want to start in a big investigation without the support that you're gonna need to conduct the investigation. So that's usually a a pretty important part of of opening an investigation as well. And then from there, once the investigation is opened, if that's the route that you choose to take, um it's a it's a slate that you it's that puzzle now that you've got to put together, whether it's issuing grand jury subpoenas, maybe you find other witnesses that you can follow up with. Um you know, I mentioned one of those, the detective agent. Um he was fairly new when I became the cyber supervisor in Chicago and and he had a case where you a number of people had had gotten hit with those pop-up scams and in a couple cases lost their life savings. And you know, he f he went around the country for uh for a a period of time interviewing these victims, gathering digital f evidence, digital forensic evidence, uh, put together a good case and that eventually resulted in the arrest of someone who wasn't from the United States. Uh so it's just a lot a like a lot a lot of diligence. The cases can take and often do take a long time. Uh so you're in for a a slog when you do open the investigation usually. And then on the other end, you would sometimes we are calling ahead of time, and I think that's an area the FBI has has grown in the cyberspace. I would always say we had kind of three three legged stool, the the main leg being doing the investigations. Always have done that. We're better at that now than we were ten years ago, twenty years ago, but that's the core of our work. Uh but increasingly we are the second leg is providing notices to people who you know are a victim or might be a victim that aren't are likely not aware of the work. And so getting in front of that crime, uh, because we sit on a lot of good inform not sitting on it, trying not to sit on it, but we we obtain a lot of really good intelligence from sources who want to provide that to us, foreign governments who provide that to us, other law enforcement agencies, other open investigations that, you know, through the course of their investigation develop some information. You know, we had a number of instances where we were able to tip off potential ransomware victims uh you know before the event actually occurred, and that it's a good feeling, and I'm glad the FBI's doing that. And then the third leg of that stool is kind of like the public outreach to just try to make people take cybersecurity more seriously.

SPEAKER_03 41:53

Sure. Yeah, do you want if there's any uh examples, example cases that you've you know you sanitize that you want to share, I think that would help kind of solidify what it looks like.

Career Advice For Joining The FBI

SPEAKER_01 42:06

Um I think in terms of complaints coming in, uh I uh I can think of uh one of the more interesting ones. I got a call late on a I don't think it was a Friday night, but it was a late on an evening uh from another supervisor. Uh he had previously given an outreach talk and and whoever some of the people in that audience saved his number and then th they ran into a problem and called him and he called me and uh in in this instance a retired couple was planning to move back to the area and we're gonna close on a house the next day and had a really big down payment to make and they wired it, but the bad guys got in between them and the title company and uh and so the wire went to the wrong place. So they're in a hotel room in tears and their money's gone. And what can we do? Right? We don't have an investigation open. Uh the FBI had put a process in place uh where we'll kinda advocate on that victim's behalf with banks. And in this particular case, I actually knew a person who worked at the bank, gathered some at all the information I could from them, realized that the the place that this money went to w uh I had a friend who worked in like f working in fraud, they're a retired agent, gave him a call and within t twenty minutes he told me that the money's frozen. It took him a while to get it back, but and so sometimes there's things you can do in the moment that that you know, stop the bad from happening. Um and so you want to act with a sense of urgency in those cases. Um it I would say you know, in my time as the supervisor there in Chicago, probably half of all the the the official complaints that came in to the office were ransomware complaints. And so those uh s in in many of those instances it's already investigation that's open in another office. That office has got, you know, a whole sheet of information that's available twenty four seven. We're gonna we're gonna look up, hey, what what information can we provide this victim that might help them? You know, how how do these people typically get in? Well how do they negotiate, you know, T T Ps indicators of compromise, uh that the victim may or may not be able to get on their own. Um and then there'll be a a bunch of questions that they want us to ask of that victim. to to help advance that investigation that's happening in this other field office. In a few rare instances there's a ransomware attack and it's a group that's not known yet. And then it's kinda you you're you're pulling in resources to now open a new investigation into something that's really serious, right? Where uh you know in uh certain situations, depending on the victim, you know, life safety could be at play in those instances. And uh if it's a new group, you're probably not going to help them out of the incident, uh, because you don't have information yourself. But you can look, hey, were there other complaints filed on this group that haven't been acted on yet or maybe not written up yet? And maybe we can gather some information really quickly and at least get the decision makers and the victim some reliable information that they can use to help them make a decision. Um and so you're you're you're still trying to act with a sense of urgency in those instances. And then um the other types of cases that we would have, every once in a while we might get a stalking case. Right, where someone's broken into someone's devices and they're you know essentially trying to ruin that person's life. Right. Uh and you want to you know make sure you help that person too.

SPEAKER_03 45:41

Yeah um I think one thing too that I would like to hear your opinion on this is when you when an incident happens and you're thinking it's an intern it's likely depending on what it is, it's likely an in an international adversary. Right. Especially ransomware, sophisticated ransomware also definitely nation state things. And it's frustrating you're you know we know that it's not simple you you guys are going to show up we're gonna call you guys and you're gonna show up at their door and and kick it in and take them and take them back to the states right um but though you know it's one of the things you guys showed during the the academy is that you do it there are successes. It takes a joint effort across you know those countries and and our partners and and it's good to know that that is it is possible but at a minimum you're still fighting the fight but it is frustrating that that's the way it is it's just the way that we're internationally connected everything's connected and when I see something I I kind of first go to this is probably a threat actor that's not here in the States right and I've had my experiences with that but any what are your thoughts on on that perspective?

SPEAKER_01 46:58

Yeah it's uh you're you're correct in this in the cyber world within the FBI that's an a unique aspect of working those types of cases because almost never is your subject your victim is in your territory, right? That's why they called you but the subject almost never is and a lot of times they're not even in the United States if you if or when you figure out who they are or where they are. One of the things that uh we we do have going for us is we've got a a very robust legal attache program. Um and and that is FBI agents with some support staff posted in embassies around the world essentially to foster good relations with law enforcement in those countries that they're posted in to advance our investigations and then of course we're needed if if they've got uh work where we can assist them that there's a whole process that that can happen. But uh in a lot of those positions now are folks from our cyber workforce because it's been a really really successful endeavor uh there's a there's a lot of cooperation globally among the cyber workforce. Now we don't have one in Moscow I don't expect a lot of cooperation out of Beijing but uh many many other countries are are very very cooperative with the United States and um one of the really cool things about that aspect of our work is we have a lot of unique authorities powers that that we can execute in the United States. There are other law enforcement agencies that have uh unique powers and authorities maybe things that that would would take a high legal bar for us to clear to do in the United States that might be the first thing they do in their country. And so you could actually get lucky that you know some element of that crime is in this foreign country because you could very easily get the the evidence that it it is unique out of there. Gotcha. You know the the Russia's a b a bad one. There's a lot of cyber actors in Russia and it's hard obviously to get your hands on them. Right. But uh that doesn't mean if they don't travel to the wrong place that that they can't get picked up or that there can't be other you know concerted efforts amongst the federal government to bring basically bring pain to them. Seizing assets, destroying infrastructure um you know and and there are plenty of examples of success in that lane as well.

Reflections, Legacy, And Closing

SPEAKER_03 49:28

But yeah it's it's certainly that's an added complexity to cybercrime is that it's not just even a United States um uh function yeah I I thank you for that I think that helps give folks a perspective of of what your your side of the house and and it is challenging but I it's come a I think it's come a long way I I think you would agree.

SPEAKER_01 49:52

Yeah for sure. And I guess that's something I should mention too if you could get into the FBI later in your career you could you know go uh live and work overseas and and represent the FBI and and uh help out the cyber mission in that space.

SPEAKER_03 50:07

Well let let's bring that then to um all right you've convinced me Matt I I'm you know fresh out of college or I'm in college and I I think this this sounds amazing. You know what does that look like you know if you were going to give a recommendation hey I want to join the FBI what is it what does that look like? What would you recommend?

SPEAKER_01 50:29

I think uh regardless of what role you're in in the FBI you want to be able to talk to people you should be curious yeah we talked about diligence earlier uh you know whatever your job is in the FBI whether it's agent professional support staff analysts you're analyzing cryptocurrency whatever it is uh you're gonna be solving problems right so you you want to be diligent and curious uh be able to talk to people whether that's uh you one day if you're an agent specially you might be you might be talking to a murderer a kidnapper next day you might be talking to a congressperson next day the C CO of a you know Fortune 500 company or a prominent university in the Southeast. But you want to be able to talk to people. If if you're you know not in yet generally stay out of trouble because there's a robust background check uh involved in that. Um and then the advice I I like to give the FBI and you can find this on their website um I I don't have all the memorized uh to to go over here but they've got a set of core competencies that apply to every employee. And it's things like judgment, decision making, um uh initiative, communication, problem solving. Make sure that you're getting yourself experience in you know having success in those competencies. Uh because when you apply for a job whether it's an agent job or another job, they're gonna ask you questions and they're they're gonna want you to have demonstrated competence, success, leadership in those areas. And so it's probably not unique to the FBI. Those are pretty common competencies but uh you know have that uh in your back pocket uh you have some examples of success.

SPEAKER_03 52:21

Yeah. Yeah that that's I really really appreciate that. I think that's to me if I had heard this podcast you know twenty years ago it might be a different journey for me.

SPEAKER_01 52:35

Awesome well let's wrap it up any any last things you want to share?

SPEAKER_03 52:40

Well first of all thank you for very much for having me on here um I uh was very blessed to get to work at the FBI for uh tw uh 21 years uh it's full of wonderful people it's a great mission like I said it's it's a part of that cybersecurity apparatus in addition to the network defenders that's that's all you know part of that big team fight um and and it's just is a wonderful place to uh to not just do cybersecurity but to to serve you know serve something bigger than yeah uh than a paycheck or uh yeah the bottom line and it's full of great people full of great people absolutely yeah um I have it here if I can do it without disconnecting my cable so um our last I think their last night we were at the academy and um I saw you had this cool pin on your lapel and it was the G-Man. Oh yeah yeah and uh I was like I was like hey man I like that pin that's a cool pin and then uh later you gave me gave me this one actually um so thank you for that I keep it over here um and it's one of those things that it reminds me of of that that experience and that is I think to do with you yeah I think that's pretty unique to Chicago because it's the you know Chicago's a pretty historic even for FBI offices uh going back to the Al Capone gangster era uh and that's kind of a symbol of that uh era of our office so yeah absolutely great yeah all right everybody that's it um thank you for listening tune in to next time we'll see you thank you for tuning in to today's episode of the Cybersecurity Mentors podcast remember to subscribe to our podcast on your favorite platform so you get all the episodes join us next time as we continue to unlock the secrets of cybersecurity mentorship have questions topic ideas or want to share your cybersecurity journey join our school community at Cybersecurity Mentors where you don't have to do this alone.

SPEAKER_00 54:46

Connect with us there and on YouTube. We'd love to hear from you until next time I'm John Hoyt and I'm Steve Hicker at high collective