Episode 37: Cyber Crime Conversation with Michael F.D. Anaya
This week, Leah has a practical real-world conversation about cyber crime with former FBI agent, Michael F.D. Anaya. Michael is currently the Head of Cyber Risk at Expanse (one of Forbes 25 fastest-growing venture-backed startups). He leads a team of skilled analysts who reduce the attack surface of large Fortune 500 companies and government agencies. He also has 14 years of FBI experience as a Special Agent, leading extensive investigations and overseeing countless arrests, search warrants, and dismantlements of cyber threat actor sets. He has spoken on cybersecurity topics over 500 times around the world and was considered “one of the FBI’s most talented presenters.” He also serves on the Board of Advisors for an emerging cybersecurity startup, DEVCON.
Connect with Michael F.D. Anaya on LinkedIn: https://www.linkedin.com/in/michael-f-d-anaya/
Check out Michael's YouTube Channel: https://www.youtube.com/channel/UC6zlWp2soZUofdMRVq8hG6A
Subscribe to Workman Forensics
Transcript of Episode 37: Cyber Crime Conversation with Michael F.D. Anaya
Leah Wietholter (00:00):
Hi, I'm Leah Wietholter, owner of Workman forensics. And this is the investigation game podcast.
Leah Wietholter (00:10):
Welcome to the investigation game podcast. I'm your host, Leah Wietholter, CEO of Workman forensics in Tulsa, Oklahoma. On today's episode, I'm joined by Michael FD Anaya. Michael works in Atlanta as the head of cyber risk at Expanse. Expanse is one of Forbes, 25 fastest growing venture back startups. He leads a team of skilled analyst who reduced the attack surface of large fortune 500 companies and government agencies prior to expanse. Michael worked for the FBI as a special agent, leading extensive investigations and overseeing countless arrests, search warrants and dismantlement of cyber threat actor sets. He also serves on the board of advisors for an emerging cybersecurity startup Devcon. Thank you for joining me today, Michael.
Michael F.D. Anaya (00:54):
Thanks for having me. I appreciate it.
Leah Wietholter (00:56):
So today we're going to talk about cyber security, but before we get into that, I'd really love to talk about your experience at the FBI. And I'm sure that's like, people just love talking about FBI experience. So was this something that you always wanted to do or how did you end up there?
Michael F.D. Anaya (01:11):
That's a great question. I do get asked that quite frequently. I just kind of like applied an Ironman. I never thought I'd work in there. Just kidding. I was something I always wanted to do. I remember my first exposure to FBI personnel was when I was in high school. I went to, what was it called? I think it was a, it's like a cafeteria style restaurant. I forgot what it's called anyway, hometown buffet. That's what it was. I was at hometown buffet and I'm sitting there and my friends and I had the brilliant idea that we're going to basically stay there, lunch to dinner and just pay one time. So this was like our brilliant idea. This was high school. So at the time it was earth shattering and we made this revolution or re revelation there. I was just like, Oh my God, we just stay here.
Michael F.D. Anaya (01:53):
But just pay once. And literally it was just kind of funny looking back at it anyway. So stroll like inch in walk in a SWAT team. And I didn't know there were spots at the time. I just knew there were a bunch of guys wearing all black FBI at the time, all black. They now they no longer do that now, but they walked in wearing all black and it was a SWAT team and it's had epi on the shirts and I was just like, Oh my God, this was El Paso, Texas. And I was just like, this is amazing. So it was one of the first interactions I had. And at the time I didn't have the courage to go up to any of the agents and introduce myself or talk to them, my friends and I just got in the background. But anyway, so that was my first real exposure to the FBI.
Michael F.D. Anaya (02:34):
And side note in case you're wondering we didn't stay till dinner. I had, I had a orthodontist appointment and the break from our plan, that was my first exposure. Fast forward. I graduated, went to go to work. The private sector didn't really find it as rewarding as I thought it would be an ultimately one do something that added, it created more of an impact and allowing me to really help people. One of my underlying desires is to help people and so decide what better way to do it and apply for the FBI. So I did, I was accepted is a very intense process to a selection process, probably the most difficult selection process that you can go through. It was one of those things that at the end of the day, when it came out to their side, it was such a feeling of fulfillment. I felt very rewarded afterwards and being in the Bureau was really an amazing experience. I was there for about 14 years, total. And I loved every moment of it. Just fascinating. This is the work I did and some exposures and experiences I was able to have there again, couldn't have it anywhere else. So I loved my time. There
Leah Wietholter (03:35):
Was your degree in computer science or cyber security or something related
Michael F.D. Anaya (03:40):
Kind of. So it was in business computer systems, which is a kin to MIS or management information systems. So it was like computer science, light taught out of the business school. It's very common. And so I had a major there, animator and finance and a minor in communication. And so my first job was as a software developer. I was a programmer. So that is really what helped me get into the Bureau was that background in software development because at the time, and they still are looking for people with that background.
Leah Wietholter (04:09):
Yeah. I remember that being one of the options and that was the option I crossed out. So so what types of cases did you work while you were with the Bureau?
Michael F.D. Anaya (04:20):
So almost the entire time I worked cyber crime or cyber related cases. And by that, I mean, principally data breaches network, intrusions, business, email, compromises, everything that essentially use a computer ops basically working, I tend to work more sophisticated cases. So the more sophisticated data breaches that involved international nexus, which most of them do. But basically the ones that are very difficult to solve they brought me in to deal with most of those that was kind of my specialization while I was in Los Angeles, where I started. And then I promoted to other positions in the Bureau. I eventually left running a squad out of Atlanta relative today. And I was managing a group of agents, data, scientists, and analysts, basically going in and after a multitude of various threat actors from nation state actors on the cyber front to criminal actor sets to even more advanced prolific people who were facilitating schemes that I really can't talk about because they were still ongoing, but it was just very interesting and Israel, a lot of complexity associated with these types of cases, more so than other criminal cases.
Michael F.D. Anaya (05:33):
Do you think about it? These individuals for facilitating criminal schemes in the cyber arena tend to be more sophisticated. There's a layer of anonymity associated with using cyber-related techniques that other criminals aren't afforded. So you think about you go into Rob a bank there's cameras, it's a very low tech type of a crime versus you go in and take more money. If not 10, 20, 30 times as much through a data breach a much more sophisticated and much harder to identify and track down. But anyway, that was one of the things I specialized in when I was with the FBI. Yeah. That's cool. So do you have a favorite case that you can talk about a man favorite case favorite case? That's an interesting question. I have a number of cases that come to mind. I can tell you like one of my more enlightening moments in my tenure with the Bureau, it one was my favorite case.
Michael F.D. Anaya (06:25):
It was just one of those more moments that stuck with me. I still remember literally like it was yesterday. It was a very low tech crime, basically the person to facilitate able call her Brenda for this interview, she basically was doing a check fraud. Essentially what she did is she identified that there was an individual who had a large sum of money that she felt they wouldn't recognize it being stolen. And they didn't for a long period of time. So she took about two to $300,000. All she did was when her husband asked her to deposit a check, she took that check, just simply took the check number or check the routing number, the account number and connected her credit card to it, very simple. And she used it to pay down a lot of credit card debt. She had a cure and that she took about, I think, two to $300,000 on the individual who was being victimized as a very wealthy individual.
Michael F.D. Anaya (07:16):
And didn't even notice this was missing or happening until his accountant presented this to him. And he's like, Oh yeah, that's not me fast forward presented to us and said, this is a very simple case. We went out, talk to her and it was very fascinating. This really started me really thinking about the mindset of the criminal, but as we were interrogating her in a Starbucks, so it was, this is where it's like a surreal scene. We're in a Starbucks. She agreed to meet us there. And we're about 70 or 80 miles outside of Los Angeles. So we're waiting there. She arrives, we're talking with her, she's playing Tom. Which I mean, obviously, why would you ever admit to what you're doing? So she's playing dumb as if nothing happened. So we're talking to her, she's now starting to identify that we know what she did.
Michael F.D. Anaya (08:00):
And we presented with evidence key findings facts. I'm using a lot of techniques that I learned and cultivated in the Bureau, really connecting with her. Everything's working well, her husband arrives. And so my partner basically takes him and sits at another table. I continue the interrogation interrogation, where it sounds from her perspective is more conversation. Okay. In reality, I'm implementing a lot of techniques that I'm building rapport and helping her feel more connected with me so she can share it. So, but anyway, from her perspective, this is simply a conversation. So eventually her husband gets up, walks over to her and says, Hey, I feel like I need to be here. And she looks at her watch and is around close to three o'clock. She's like, honey, I need you to go pick up the kids. And this is a defining moment, this conversation. And again, like a movie, like it was playing out like a movie.
Michael F.D. Anaya (08:50):
He's like, no, I think I need to be here for this. Like, I really feel like I should be here with you while you're to you. And she's like, no, trust me. It's okay. It's just a misunderstanding. I have it under control. So then he reluctantly leaves. And at that moment she confessed, she just says, okay, here, you're right. I did that. She explained to us that one of her justification's was that she took a lot of debt. She had multiple academic degrees. I don't recall if she had a PhD, but I know she had multiple master's degrees, like multiple masters, like two or three of them. I think three MIRVs overkill. And I think at the time, I, it seems like you have too many master's degrees. Well, she just had, you made bad decisions. She had no criminal history. She was married, two children, they were younger.
Michael F.D. Anaya (09:34):
And at the time I was single, I didn't have any kids, but when I left that interrogation, that interview, I felt like, you know what? She's not a criminal as you traditionally think of the term criminal. I think when we think of cyber criminal, criminal, we're thinking of someone who's in a dark lit or dimly lit room with a hoodie or in their parent's basement, which is, I know I actually did identify hacker in his parents' basement. It's another story. But she wasn't that she was prototypical or she wasn't prototypical. She was atypical. However, she started me thinking about the criminal mind and it started me realizing, it took me down a path of really uncovering. It's not so much that you're born with a predisposition. There is that element. But the mass majority of individuals I interrogated and interviewed, they weren't born with a predisposition.
Michael F.D. Anaya (10:24):
They made bad decisions. And there was a lot of contexts that surrounded their decisions. And it really started me thinking about how important context is to understanding why we do what we do. So anyway, so this wasn't the most interesting case, but it started me down this path. And because of it, I created a sort of thought process. I turned the red light paradox. How do you define this paradox? I'm glad you asked. So the red light paradox basically the best way to frame it as ask is ask you like, so Leo, would you run a red light? You know what I mean?
Leah Wietholter (11:01):
Yes I do. Actually. It depends. That's a great answer. There's a high problem.
Michael F.D. Anaya (11:07):
Ability you intrinsically relating toward no is my assumption because you're, you're in theory, most of us recognize a lights. Having a, having a traffic light is for a reason, or we're sitting at an intersection, there's a high probability. You're thinking about it. And in terms of the day light situation or daytime event where you're sitting at a red light at three in the afternoon, you're like, okay. Yeah, I should probably sit here. Cause it makes sense logically. But if you changed the context, if I asked you, would you run a red light at 3:00 AM in the morning, all of a sudden everything changes. And so where in one environment you wouldn't do it in the second environment, you would do it because at some point at 300, like, okay, well I'm sitting here. I don't see any cars. I feel like I'm kind of, I'm actually, I should be given a ticket for just being so dumb to sit here.
Michael F.D. Anaya (11:54):
And you're like, I'm running this red light. So that's the red light paradox. And nutshell, it simply is just looking at a situation where normally you would say, I would never do that. You change the context and now you're faced with the same situation, but through a different lens. And now you're like, we know what I think I will do it. Now. We, if you think about this now, Leo, you don't have to answer this one, but there's a high probability. You and others have done things that were wrong. And we think about it when you do it the first time you feel really guilt, but you do it the second, third, fourth, a hundred time later, a hundred times later, all of a sudden the guilt is no longer apply. It's because becomes more normalized. And so that's kind of where it also becomes that concept of, or it gets back to that concept of context.
Michael F.D. Anaya (12:38):
So if you run a red light, go back to that one, you run a red light habitually over and over and over again. At some point you're gonna be like immune to it. It's not going to mean anything to you. A lot of people who I interrogated fell into this paradigm, they didn't want us. They felt tremendous guilt. They did the second, third, fourth, you know, by the hundred time that guilt was eroded, they've already justified their actions and contextually. They played it on their mind where it was warranted and they continue to do it. That was the vast majority of criminals. I interviewed interrogated felt into that type of thinking, where it was very contextual, more nuanced. And it's not something most people think about. Most people think it's very clear black and white. Unfortunately it really isn't when you deal with criminality.
Leah Wietholter (13:23):
Yeah. So we, we talk about that a lot in the CFE, you know, fraud space for sure that so many white collar criminals, it's their first offense. Did you find that in the cyber world as well?
Michael F.D. Anaya (13:36):
Yes. It's funny you say that because I'm willing to bet. They're what in law enforcement circles call it low hanging fruit. So the ones, that's your first offense. You make the most mistakes. If you think about it, if I were to ask you to bake a, I don't know lemons, heart, or you've never done before, you probably aren't gonna do a great job of it. Same thing with criminal criminality prior to tell you break a law or do something illegal, you're probably not gonna be great at it the first time. However, if you've done it several times a hundred times later, and no one's caught you, you're probably con pretty good at your craft so much harder to catch those individuals. But a lot of times I did interact with people who would probably deem low hanging fruit and that there were easier to catch the more sophisticated, the more I'm hardened criminals and the people who've really thought through their craft, much, much harder to find.
Leah Wietholter (14:23):
So having worked financial crimes for the majority of my career, I have like this go to list of how certain businesses, you know, organizations can protect their business from embezzlement. Let's say, and you know, there's a whole host of financial crimes, but like embezzlement is the most common that we work like as a private firm, just for our firms specifically. And even whenever I think back to the Bureau, like those were the most common crimes that came in. You know, we didn't have a lot of pump and dump schemes or mortgage frauds. I mean, we had those too, but embezzlements were just so common. We'll be right back to this interview.
Michael F.D. Anaya (15:02):
Hey guys, what's up? It's Matt Christiansen and Lindsey, Ivy from cyber craft. We're honored to be here and on your show, Lindsay say, hi, Hey, how's everyone doing? Lindsay's the brains behind all this. We got together, two communities, the cybersecurity and the anti-fraud community and said, let's put together one event and bring these two groups together that are fighting a shared adversary. And that is people who steal money or data or both it's October 1st. And second registration is completely free. Go to cyber craft, summit.com. You'll be able to register for free and attend as many courses you can day and night for those two days. And you're going to be able to earn up to 19 CPE credits for free. Our keynotes are amazing. They're Forbes tech council speakers they're leaves in this space. We even have the man who busted Bernie Madoff. Many of your listeners will know that it's Frank Casey, please join us October 1st and second cyber craft, summit.com. We hope to see you there. Thanks guys.
Leah Wietholter (16:02):
Welcome back to the podcast. What were the most common types of cyber cases that you worked at the Bureau or that you saw at the Bureau and then even now in your current job?
Michael F.D. Anaya (16:12):
So it really comes down to the big three, the big three cyber cases that really affect people at large are going to be one data breach. So data breach is one. Most people think about when they think of cyber. This is where someone comes in without authorization into a protected network and take something of value. That's essentially what data breaches. That's a vast majority of what people perceive to be the most prolific type of crime. It actually isn't the most prolific type of crime is business, email compromise. The volume is just so high. That's so easy to do, but busy email compromises, and then your listeners are probably aware of it. But for those of you who might not be, I'll kind of explain it. Basically. It's just soulful engineering. It's a situation where we'll say I take on a, we'll say situation comes up or like Leah, I'm going to pay you a certain amount of money for services rendered.
Michael F.D. Anaya (17:05):
And so another element comes in, we'll say the criminal and the identify what's happening. And we'll say they make a compromise, a small compromise where they're either going to take either a breach upon your email server or my email server. Now you do need to do that. We'll say I'm another technique. We'll say I'm starting off my business and is very successful in a boastful, which a lot of startups are. And we're going to announce to the world, Hey, we've just received $400 million of funding. If you think about what that is, it's really just telling everyone around you in a public setting, I got lots of money in my pocket, so anyone wants to steal it. It's in my pocket. And so that's fine, a lot of startups and they make those announcements. They need to be aware that by doing that, you also tell the criminals, I have lots of money.
Michael F.D. Anaya (17:49):
So either way, at some point, some identifies there's valuable information being exchanged between you and I. What they'll do is either through a direct breach or just trying to socially engineer, one of us, they'll try and intercept that communication. And we'll say in this example, Leah, I'm going to pay you a hundred thousand dollars for services rendered. They see that they try to make the intercept and they act as me whether or not me. And so they'll tell you, Hey Leah, it's Michael. I changed my bank account. It's not the one you use the pain. It's this other one. So that's business, email compromise. And now you, in this situation on assumingly, I'll go sure, Michael, and you just redirect funds. That was the most common crime that is being facilitated. And the one that is the most prolific, because it's so easy to do.
Michael F.D. Anaya (18:33):
And there's so many different variants of it. The other one is ransomware. So ransomware is whereby somebody comes in, they infiltrate a computer principally or network, and they encrypt key components in that network, principally data. And then encryption prevents you from basically doing anything. Operating could encrypt your customer database. It could encrypt a like for you as far as an individual, your pictures, whatever you deem valuable. So it is impossible for all intents and purposes for you to unlock it without the decryption key. So in order to basically get the decryption key data and proposition you for a proposal, pay us money, and then we'll decrypt the information we encrypted. So that's ransomware. So those are the big three cyber crimes that I dealt with when I was with the FBI and that are still extremely popular today. And my company that I'm currently with, we really help mitigate people for data breaches. We help identify their asset inventory, identify where all the assets are and I can kind of dig, dig into that deeper level later, if you like, sort of explained to you specifically what we do and why that is so important,
Leah Wietholter (19:41):
I'm curious, what's your kind of go to list to help people prevent, or at least reduce their risk of these types of crimes?
Michael F.D. Anaya (19:55):
It depends, right? Depending on what the crime is, each a little different, you know, kind of like a generic list. I have like a kind of when you're my two, so one leads into sort of what my company does, but it's key for us to do. And even as individuals, but keep track of inventory hardware, software that is on your company networks, you have to keep track of that or in your personal connection. It's like if, if you're a solopreneur, someone who operates their own business and you're like, I don't really need to worry about cybersecurity. I got one, one laptop and that's all I have is high probability. You actually have a lot more assets. It's asking conversations with individuals who feel this way. And then I started digging deeper. I go worry story data like, well, technically I have this extra hard drive and then I store it in the cloud or is the cloud like a Google or AWS?
Michael F.D. Anaya (20:43):
And doesn't, they don't really quite know. And I asked them, where is that store? They have no idea. Right. then I dig deeper would be our website. We have websites. You do, you have data there? Yes. I have data there. Do you have a point of sale system? And if they do, there's more data there. So you start digging deeper. There's a lot of data. So track that data is what's key. Develop a process for software it's dilute installation for yourself or end users that are going to be part of your company. The other thing is patch all applications right away and do it on a regular basis. So whether you're again, solo preneur, or you have a team of people you want to patch all applications. One of the big components here, candidly across the board is educate and practicing kind of good cyber behavior, including password management, identifying potential fishing efforts tracking devices that connect to your network.
Michael F.D. Anaya (21:31):
So just really good cyber hygiene that is really quite pivotal. Something else to do is constantly backup data. This really helps for ransomware attacks and keep multiple copies of that data. You back up, you want to make sure you test that theory. Cause sometimes I've come situations where companies or individuals feel like I'm a backup and play it, but they realized, well, they stopped backing it up because there was some sort of problem that occurred. Or when they look at the backups, it was corrupted because they're not actively checking it. So it's one of those things you can't just put in plan, forget it. You have to sort of keep accounting or keep an audit trail that to make sure to do some checks. So wait, hold on. Is that backup still work? Let's, let's bring that system back online to make sure everything's functioning as designed.
Michael F.D. Anaya (22:14):
So you want to make sure you check that some other basic components create complex passwords. And I say passwords, my passphrases in theory credential theft is extremely popular, but in theory in the future, I think there's more of a thought process moving away from password management. So that'd be something that'll be coming down in the future. But right now having complex pass phrases is key. And the part of the final thing I'll mention is you want to try to limit the number of administrative privileges, even if it's just your laptop, but definitely want to limit the number of administrative counts you have on your network or your company infrastructure. Basically what that does. It allows someone with administrative rights to do a lot. And if I'm a hacker or somebody who has unauthorized access, if I gain access to administrative rights, I just really have the keys to the kingdom.
Michael F.D. Anaya (23:01):
So you really want to limit that because you don't want to have multiple people with that. Accessibility have a finite number it's easier to maintain and track. So in case something is out of hand or someone does compromise it or compromise your user, they don't compromise that administrator and they don't compromise that privilege. Or if they replicated and you only have a finite number, you're like, well, hold on, we only have two minutes shooter counts. Why do we have another one in the system? There shouldn't be three. There should be only two again, indicators. But if you have everyone with have a multitude of accounts, you're not tracking any of it. It's almost impossible to discern somebody on your network that shouldn't be there.
Leah Wietholter (23:36):
Great list. And you know, even though we're talking about like data and technology and protecting those things, I mean, there's a lot of similarities between your list and even like a fraud risk assessment, because your employees are often the weakest link in these things. So if they have administrator passwords, you know, I wrote a story, not like a couple of years ago that has stuck with me about, you know, people's social engineering bank, employees to give them social security numbers and things like that. Like this bank could have had all types of controls on different things, but an employee with that access was able to, you know, compromise things for the entire bank. And so the education that you talked about and then limiting access, I mean, all great tips, real great. So since leaving the FBI and now working at expanse, what's your current focus and then like, how does expanse serve its customers?
Michael F.D. Anaya (24:33):
My focus is I run a team of very sophisticated analysts and what we do is we help pull apart data that we're given by other elements of expands to help identify vulnerabilities within a company's network. So that's what my team does that go back a little bit, take more macro perspective. What expanse does expanse basically helps reduce a company's attack surface and by they do that by identifying all assets that that company might have. So you think about a small operation. They don't have a lot of assets. So most of our companies are government or large corporations. So let's look at a hypothetical. So let's look at best buy best buy is not a customer of expanse, but at best buy we're we think about best buy there's a massive number of assets have across the globe, computers, multiple systems sitting in the cloud, sitting in on prem, just a multitude of assets.
Michael F.D. Anaya (25:26):
They've made a various number of acquisitions over years. So there's a high probability. It's very, very difficult for best buy, to keep track of all that. And I know that because I know a former colleague of mine used to work for best buy. And he shared with me some of the trials and tribulations he had, but that is very, very onerous for a company to do, to note all of their assets as each, as if they were a company, how complex they can get. You have different business units that are doing their own thing that are basically spinning up instances in the cloud that are basically marketing wants to create some new buy new domains and to market a specific campaign. So to track all that becomes extremely complex and cumbersome for companies and most don't do it. Well, what expanse does we specialize in that? So as, as that network grows and continues to expand expanse, tracks, all of it as it grows. And so even when the it team doesn't know about it expands knows. And so then we can come back on a regular basis and let the people who we interact with say, Hey, here's your new asset inventory as it has changed and evolved, that's our specialization.
Leah Wietholter (26:33):
Gosh, I remember whenever I first started my practice, I had, I don't know, six or seven employees, I mean, and this was in the first year business or something. And I remember that one guy, he was an intern and he left. And so I was getting his computer to give it to our it consultant. And I noticed that he had like downloaded all kinds of stuff on his computer and I'm like, Oh my gosh. You know, and, and my background being from the Bureau, I mean, everything was like locked down all the time. Right. And you had to lock your computer whenever you walked away from it. There were just different things. And that's when I really started realizing like, Oh, I need controls on like what my employees are doing. But then also like what you're saying, tracking, like if somebody says, Hey, Leah, we need a flow chart program. Can I, you know, I've researched this, can I buy this? And I just say, Oh yeah, sure. But then that's another like software. And now information is being stored in this flow chart software. And just keeping track of that even for our small shop is so much, so that's a really cool service that y'all provide. I want to switch gears just towards the end of our time here. And you've traveled and spoken on cybersecurity topics. And I'm curious, what are, what are some of your favorite topics to speak about?
Michael F.D. Anaya (27:55):
Oh, that's a good one. It's funny because you say I used to do so many more speaking gigs. I miss it. I must be on stage. If anyone listening is interested in me, check on my YouTube channel is type in my name. My COVID-19 now there's one event I've recorded. And so just let you know this in the Bureau. They don't really allow you to record your presentations, but I give about 500 they're all or more. They're all within the Bureau. So almost none of them are recorded. So I have one, actually it was posted Bureau that record so people can see me onstage. I love it. So I missed traveling and actually given a lot of conversations with people or presentations and having conversations after the presentation. But topics I like talking about cybersecurity clearly is one of my key ones, the criminal mind you know, I've really started doing a little bit more work in that arena trying to really piece together.
Michael F.D. Anaya (28:45):
I have a presentation we're talking about the four key observations I've made. I'm also trying to get more relevant content. Video I'm about to launch is about talking about tech talk. And my thoughts on tech talks specifically it's connections with the Chinese government and what that means. And I think most people who are in the U S don't quite understand what that actually implies. And so I take time to explain it. So that's something I like chatting about. So like relevant information. So those are just some things, the big three talking about explaining to people, you know, data breaches, walking them through the intrusion life cycle, what that looks like, help them understand vulnerabilities that exist. There's an exercise I really like to do where I'll take a team of individuals and show them a series of homes and ask them, they're like be a burglar with me.
Michael F.D. Anaya (29:35):
And so we collectively work together and we act as if we're burglars from breaking into these like four distinct homes. And I take that. We, so it actually really fun exercise, but those of you listening, who are like how their homes broken into it can be kind of sensitive. You're like, ah, God, I had that happen to me. But generally speaking, people who participate as a activity really enjoy it. And, but it gets them the right mindset because essentially a hacker's going to take that same perspective, but on your network or on your computer, that just very, it's a digital world versus the physical world, but the same process goes into play. So walking them through that process, because at the end of that conversation, I then transitioned to network security and draw that comparison between breaking into a home. It's a kin to break it into a network. Anyway, I could go on and on by the way, Leah. So I'll stop there, but let's give you some ideas of things I'd like to chat about.
Leah Wietholter (30:25):
Okay. So you did mention your YouTube channel and we'll put it in the show notes, but this ticktock video, like I'm subscribed to your channel. Are you going to put this out on your channel? The ticket?
Michael F.D. Anaya (30:36):
Oh yes. I'm the final edits are taking place. I think today I have my video guy tweaking some things by the time this show airs, it should be available. And then you can watch. It's really interesting. I love to get people's feedback on it because I do present something that, again, Leah, when you see it, you'll be like, okay, yeah, I get it. But I bet the vast majority people don't quite understand that connection with the Chinese government and what that could mean to the data that we're providing anyway,
Leah Wietholter (31:06):
Like jump off into this deep end. But we actually at our office have had community have had conversations about tic talk and concerns and just different things with that. And then we also just seem to notice whenever things are connected with China, like that seems to be a common topic that pops up here too. So I'm, whenever I see that video go live, I'm going to share it around the office.
Michael F.D. Anaya (31:27):
An idea for Yulia, but it's literally because the video is about 40 minutes long, but to literally just play it and then have a conversation afterwards and just discussion. Cause it'd be a good point for people to be like, what are your thoughts? And just literally have a discussion about it and to help sort of have people share thoughts and feelings and like, Oh, I don't like that. I agree with that. Or that's something that's interesting or I don't think that's a concern of mine anyway. I think there's a lot of opportunities there.
Leah Wietholter (31:52):
Okay. We're going to do that. I'm going to schedule that in. Cause that really has come up lately. So okay. You and I were both invited to speak at the cyber craft summit and we'll put a link to the registration in the show notes as well, but this is a free CPE training events focused on cyber craft security and anti-fraud, I'll be presenting our newest investigation game called the case of the cashflow fiasco. It's going to be so fun. But I'm curious as to your session, what is your presentation topic and what are you wanting? You know, our, our list, hopefully all of our listeners participate in this because it's free. But what are you going to be talking about in your session?
Michael F.D. Anaya (32:32):
So I want to be just talking about the criminal mind. So this one is going to talk about those four key observations I mentioned before except I'll dive into them. And so what I shared with you and your listeners kinda like a preview, it'll be a full blown out discussion about these four key observations I made throughout my time in tenure working my own cases, work at other people's cases and just sharing that with everyone. So I'm excited to sort of, again, here, if you have questions and concerns, I'm definitely open for I'd love to get reactions from the stuff that's honestly, my favorite thing to do after presentations or events is to hear how people heard what I said and then have a discussion, but anyway, that's why we chatting about it.
Leah Wietholter (33:14):
Great. Hopefully we're not scheduled at the same time so that I can participate in your session too. Well, well, thank you so much for your time today, Michael, it's been a pleasure talking to you and I'm looking forward to your session at the summit. And if our listeners are looking to connect, what is the best way to do so?
Michael F.D. Anaya (33:33):
So the best way to connect with me is LinkedIn. So LinkedIn just, you know, can send you this show, note it, I think my LinkedIn, LinkedIn, and then also, if you want to like just sort of watch some of the content I've created, I'm starting to use YouTube as my platform to share information lots of topics on tech talk, but I talk about empowering your workforce and some of the complications there are with that. So a lot of different things. So find me on YouTube.
Leah Wietholter (34:00):
Well, thank you again, Michael. It was great talking to you and hopefully we'll talk again soon.
Michael F.D. Anaya (34:07):
Alright. I appreciate it. Thank you for your time and thank your listeners for checking us out. I appreciate it.
Leah Wietholter (34:14):
The investigation game podcast is a production of Workman forensics. For more information about the topics we discuss on each episode, please visit Workman forensics.com. If you enjoy this podcast, please make sure to subscribe and leave us a review. You can also connect with us on any of the social media platforms by searching Workman forensics. If you have any questions, comments, or topic ideas for the podcast, please email us podcast@workmanforensics.com.