.gif)
Unspoken Security
Unspoken Security is a raw and gritty podcast for security professionals who are looking to understand the most important issues related to making the world a safer place, including intelligence-driven security, risks and threats in the digital and physical world, and discussions related to corporate culture, leadership, and how world events impact all of us on and off our keyboards.
In each episode, host AJ Nash engages with a range of industry experts to dissect current trends, share practical insights, and address the blunt truths surrounding all aspects of the security industry.
Unspoken Security
The Journey from Victim to Advocate
On this episode of Unspoken Security, host AJ Nash welcomes Gary Berman, CEO of Cyberman Security. AJ speaks with Gary about his harrowing journey from successful business owner to victim of a persistent insider threat campaign. What started as financial fraud quickly spiraled into years of cyberstalking orchestrated by a group with suspected ties to a religious cult.
Gary's story unveils the devastating impact of insider threats that extend far beyond financial loss. He details the emotional and psychological toll of being relentlessly targeted, both personally and professionally. His experience underscores the often-overlooked connection between cybercrime and extremist organizations.
Now a cybersecurity advocate, Gary channels his experience into educating others. He discusses his work with Cyberheroes Comics and his latest venture: a platform designed to make high-level CISO talent accessible to small and medium-sized businesses.
The Journey from Victim to Advocate
Gary Berman: [00:00:00] unbeknownst to me and my wife, they had actually set up a shadow company. Using a different name, but using all of our intellectual property and I found out about that just because one of our clients sent a PowerPoint deck with the capabilities presentation. It didn't have our name on it.
And it had their name on it. We later learned there was an entire social engineering campaign. around, destroying us so they could steal our clients and our business. And so, for example, they went to our landlord and said that we were going to be declaring bankruptcy, you know, which was, not true
AJ Nash: [00:01:00] Hello, and welcome to another episode of Unspoken Security. I'm your host, AJ Nash. I spent 19 years in the intelligence community, mostly at NSA. I've been building maturing intelligence programs in the private sector for about eight years.I'm passionate about intelligence, security, public speaking, mentoring, and teaching, and I also have a master's degree in organizational leadership from Gonzaga University.
Go Zags! And I continue to be deeply committed to servant leadership. As a result, this podcast brings all of those elements together with some incredible guests to have authentic unfiltered conversations on a wide range of challenging topics. It's not gonna be your topical. I'm sorry. It's not gonna be your [00:02:00] typical.
Polished podcast. Perfect example. I don't do a lot of editing. my dog might make an appearance. She won't today, I don't think, because she's not around, but it happens. people argue and debate. we might even swear here. I'm notorious for that. and that's all okay. Think of this as a pod, the podcast really is more like a conversation that you'd overhear at a bar or after a long day at one of the larger cyber security conferences.
These are the conversations we usually have when nobody's listening. Today, I'm joined by my good friend, Gary Berman. Gary is CEO of Cyberman Security and refers to himself as the Forrest Gump of cybersecurity, which I think is fantastic. He's got a thirty year career focused on marketing communications and consumer research.
Until recently, he knew very little about technology and even less about cybersecurity. But now knows everything about the devastating effects of losing a company to a persistent series of insider attacks. Gary pivoted from victim to advocate to help others avoid the life altering consequences of hacking.
His educational vehicle is a superhero comic series, an animated platform called the cyber hero [00:03:00] adventures, defenders of the digital universe. And he's also the host of the cyber hero adventure show, where he shines the light on the true cybersecurity heroes who toil in anonymity. To keep all of us safe online, and I'm hoping many people in the audience are gonna connect with that.
I know a lot of folks, are having these discussions right now. Gary began his career as a founder and CEO of Market Segment Research, a leading firm specializing in the demassification of American marketing. his clients have included at &T, Best Buy, Ford General Motors, a lot of the big ones, right?
And his research, on multicultural markets led him to an appointment on President Clinton's commission on race. Gary's married to Valerie and his dad to Sarah and Ilana. Gary, is there anything more you want to add? Excuse me, anything I left out of your bio or anything else you want to highlight there?
Gary Berman: You know, thank you so much, first of all, for having me and thanks to you, AJ, for your service at the NSA and throughout your career. And, I, maybe this is a bit of a mutual admiration society. It's just that, you know, part of my mission is to shine [00:04:00] the light on the unsung cyber heroes who toil in anonymity to keep us safe, you know, work at home at school.
So thanks to you.
AJ Nash: Yeah, no, and thank you for that. so, as we get into the topic today, you know, we mentioned, you know, victim to advocate was in here. And that's actually the topic today. The topic is the journey from victim to advocate, right? So, listen, the world's a dangerous place. We all know that, I think. you know, every adult knows that.
I think most children do. It's dangerous in the physical world. It's dangerous in cyberspace. even for people who are educated, aware, smart folks, you know, becoming a victim of criminals is not does not mean you're any, you're not any of those things. It just means that happened. Like the criminals are also aware and smart and working very hard to do bad things to us.
So, you know, you have this comic book series. And so I'm a bit of a comic book fan. I'm not an expert. so anybody out there who wants to quiz me on details of comic books, you're going to find very quickly when I say I'm a fan, I probably would offend you. I'm not that deep into it, but I liked the comic book movies.
I grew up on some comic books and what I remember about comic books. is that every hero has an origin [00:05:00] story. So does every villain, I guess. but every character of significance has this origin story. You know, they were somebody and then they weren't. You know, Spider Man was bitten by a radioactive spider.
you know, Batman's parents were murdered when he was a child. You know, there's something that, That made them change, right? That the catalyst that sent them on a different path. So you have an interesting story as well. I don't think there's any radioactive spiders involved. At least I haven't heard of them, but I really wanted to dig in a little bit to your origin story.
You talked about going from victim to advocate, you know, and I think this is a really, really impactful story. So can we talk a bit about your origin story and what motivates you and what you're passionate about now?
Gary Berman: Yeah, thanks for that. That great question. You know, this whole notion of origin stories I learned is really in large part based on a well regarded mythologist, Joseph Campbell, who's passed away, but you know, he was considered by many to be one of the [00:06:00] generators of the hero's journey. And there's been a lot of science about that.
And in most stories, at least according to, to, Joseph Campbell, have exactly what you described. And there are actually a number of steps that can kind of be codified through the hero's, journey and, you know, here could be anything, you know, it could be because you're a good father or you love your dog or, you know, fill in the blank.
nature of storytelling. And so for me, just the fact that I am telling you that I learned this is part of why I refer to myself as the Forrest Gump of cyber security. You know, because everyone knows that movie, and Forrest just shows up in these historic and amazing situations, and there's no idea why or how he got there.
Well, you're looking at him. I mean, really. And we'll unpack some of the reasons why I say this, some examples of why I say that during our conversation.but to make a very [00:07:00] complicated story short, as you mentioned, my wife and I had started a, marketing company, data analytics, things like that was very successful.
after 10 years, we're able to sell 49 percent of it to, At the time, I think the largest or the second largest marketing company in the whole world, called the WPP Group based out of London, and they owned about 90, you know, companies, giant, and we were the smallest. We were just like a little rounding error, but still You know, we're incredibly grateful when these big companies didn't want to take on an assignment, you know, for like 200, 000.
We said, yes, please, you know, and it was great. It was really working. And until one day we started realizing that, you know, sales were sort of leveling off. You've been on a hockey stick growth curve. we didn't really have any. Understanding as to why, because, you know, we had a stellar reputation had done work.
You [00:08:00] mentioned national security for the White House and other things like that. And to, you know, sort of get to the bottom line. unbeknownst to us at the time, a group of insiders, trusted insiders, basically, spoofed, my identity, and our company's identity without anyone knowing it. So, but at the time, we had no idea until, one day, I got a call,remember those Motorola phones, the big bricks with the
AJ Nash: had one those. Actually. I thought I was so cool with that giant brick phone. It was good about, you know, an hour maybe, and it costs like a 12 a minute to use or some garbage. But
Gary Berman: Well, that's point. So because it was so expensive at the time, I didn't give the number out to, you know, many people at all. Only my, my better half, and, my joint venture partners. So lo and behold, my phone rings one day and, you know, I just knew that it was important for the saying.
And, you know, one of, The CEO of one of our [00:09:00] sister companies that we're doing great with, she, what is your policy on swearing
AJ Nash: no. Swear all you want. this is an adult. This is an adult program. Swear. All you want. yeah. I think the audience is aware. I say all sorts of things so you can direct quote or swear however you feel.
Gary Berman: Well, since there might be, you know,children, I'll just use the term. She said, WTF is going on with your company. And I'm going like, What do you mean?
AJ Nash: Uh oh.
Gary Berman: You know, that's what I said. she said, I just got a call from one of your people. I now know who it was, but at time had no clue. and the partner said to me, I was told that she had found religion and that she could no longer live with her conscience.
AJ Nash: Oh, no.
Gary Berman: there was rampant fraud in the call center, aspect of our business, which by the way, this insider ran and there, and so I went, Oh, you're no way [00:10:00] anyways. And she was steaming mad because we were friends. He was going great. They wanted me to take over one of their divisions and things like that.
And, right. Then this happened. So I said, let me get back to you by end of day. I called an all hands meeting, including the criminals. but at the time I didn't know
AJ Nash: Didn't know they were the criminals, right?
Gary Berman: no. and, so we completely revalidated the work without even asking. I refunded 185, 000 to the client. It was a big automotive company.
Yep,
AJ Nash: What year was
Gary Berman: it. This was a long, would have been like 2000, 2001.
AJ Nash: Okay. I was just thinking for context. I mean, 180 grand's a lot every day of the week, every year, but even more so if you're talking, you know, 20 plus years ago now.
Gary Berman: That's right. and so, but this is relevant still I'll explain why. So, I took a deep breath, you know, did the responsible things [00:11:00] that I just mentioned and other things just to make the client whole and to, you know. kind of get the relationship on the right track. And then guess what happened?
AJ Nash: They still left you as a client and badmouthed you.
Gary Berman: No, I got a second call from a different client and verbatim, the exact same thing. And I said, you're kidding. Now these are significant companies. you know, this was a global consulting company and I was doing all the due diligence for their acquisitions.so the information I had was valuable, right?
You know, to individual companies or even not to sound arrogant, but maybe even to the country a tiny
AJ Nash: sure.
Gary Berman: and to national security a tiny bit. and so I went the same exercise and then a third client called and I said, WTF, you exponentially. And I said, this is just nuts anyways. To make a very long and difficult [00:12:00] era a little bit short, I literally caught one of the culprits red handed when I walked into his office and he happened to be downloading all this client data onto an external hard drive and he had no authorization to be there.
There was like zero rationale. I said, what are you doing? and he, I'll never forget, he just gave this like maniacal smile. And he laughed and he took his finger and he pointed it like right at my nose within about three inches. And he said, you have no idea what stocking is.
AJ Nash: my god. Wow.
Gary Berman: went, you need to leave now. Anyways, we got him out of the building and I'll pause because there's a lot more to why I just said that, to see what you think so far.
AJ Nash: Well, I mean, it's fascinating. I, and you don't have to pause even. We'll keep going because I think it's fascinating. Right, so, you know, we're in 2001. [00:13:00] You're running a successful business and it turns out that there are people in your company that are undermining you and damaging your business and your reputation with some of your biggest clients.
and this is, listen, I'm not an insider threat expert. I work with some folks in insider threat. I've had some on the show and we'll have more. I know the monitoring has improved a lot since 2001. Certainly. I know some of it at least existed, but again, some companies didn't have it, and some still don't have great monitoring of insider threats.
Cause it's just. It's not in the budget or whatever it might be, but what was, did you figure out, like, what was the motivation? Like why were these people doing this? What were they getting from this? You know, were they stealing the refunds? Like what was coming from this? Like, why was this happening?
Gary Berman: So the first motivation was financial. unbeknownst to me and my wife, they had actually set up a shadow company. Using a different name, but using all of our intellectual property and I found out about that just because one of our clients sent a PowerPoint deck with the capabilities presentation. It didn't have our name on it.
And it had [00:14:00] their name on it. We later learned there was an entire social engineering campaign. around, destroying us so they could steal our clients and our business. And so, for example, they went to our landlord and said that we were going to be declaring bankruptcy, you know, which was, not true at all.
Yes. yeah. and, I mentioned the word. Stalking, so that manifests in terms of cyber stalking. and a whole bunch of techniques that are now very well understood, but at the time, you know, we weren't really thinking about cyber security. It wasn't part of the country's zeitgeist, so to speak, or certainly mine, you know, and one of the things I really own up to is I was like Bambi.
You know, like, like really just, or, you know, sitting duck and hugging everyone and giving them raises and card while they work for me. And they were doing this right under my nose. And so it went on [00:15:00] for a long time, like maybe five years. I struggled. I ended up losing everything, had to sell my house and it wasn't just me in aggregate, I had to lay off about a hundred people, you know, that kind of thing, and it destroyed my life.
greed was the motive, it sounds like then from their standpoint, they worked for and they just wanted to steal it.
first of three motivations.
AJ Nash: Okay.
Gary Berman: Kind of fast forwarding to what I'll call modern times, which for me is about eight or nine years ago. during the intervening period of time, I worked on things like veterans causes and my wife and I started a tutoring program for children and things like that.
So, Fast forward to eight or nine years ago, literally just to put food on the table because, you know, I, I paid back money that I was not responsible for just to keep my name things like that. so asked my wife if [00:16:00] what she thought about me sort of re entering the ecosystem that I had left, 10 or so years prior.
AJ Nash: Wow.
Gary Berman: I took a deep breath and, you know, I put out a few, you know, calls or emails, you know, like less than five and I was really humbled to be invited to be a keynote speaker at a pretty big conference.
AJ Nash: You can name it if you want, or not, but just so you know, you're welcome to name anything you want.
Gary Berman: yeah, I mean, it was a big conference and so, it went very well and people came up to me, Hey Gary, are you still doing these, you know, big reports or, you know, are you still doing this and that? Can I get a proposal, you know, from you? Cause I had a great reputation. Really, you know, we work very hard to earn the respect a very important community of people.
AJ Nash: Anyways, so I had this big stack of business cards, you know, all these people came up to me and I'm thinking, yeah, you know, thank you God, you know, Phoenix rising from the ashes, [00:17:00] you know, easy peasy, you we're back. And so, you know, I had a great night's sleep, got up really early cause I'm pumped up, you know, like at four in the morning.
Gary Berman: And I decided to go to LinkedIn, which is not something that I'd really. had occasion to use, but I did, and day following my speech, not one, but two of the criminals checked my LinkedIn profile on the same day. So,
AJ Nash: And this is nine years later, you're saying? Ten years later?
Gary Berman: that's right.
AJ Nash: So
Gary Berman: And it gets even more,
AJ Nash: something like
Gary Berman: yeah,
AJ Nash: But they stayed persistent. They still kept track of you long after they had destroyed you and you'd moved on to other things.
Gary Berman: You don't know the half of it. So, Anyways, they, checked my LinkedIn profile and I documented this stuff because I thought it would be an interesting story, you know, and that no one would believe, including your listeners. If I unpack a little [00:18:00] bit more, I'm going to be judicious about sort of, how far we can go in, in public forum like this, but suffice it to say that, you know, I dealt with the FBI.
the Secret Service and other things. Anyways, so, the day after my speech, like I said, I was all excited and guess what happened? Boom,boom, the attack started again. And at the time, You know, I didn't know that I could see some effects of things just as a regular consumer, just a person using a laptop or a phone or GPS or.
You know, other things, other devices, just, you know, I can see it. Well, that's weird. Why is my screen wobbly, you know, and, you know, I'll just tell you one of hundreds of incidences that I can enumerate, but wobbly screen came to mind, which is, now everyone knows that you can track a [00:19:00] car either by an Apple Airplay or something more sophisticated.
Or GPS, you know, on your car or whatever. But at the time I had no idea. And so my GPS screen in my car was wobbly. So I said, Oh, okay, I'm just going to go to the car dealer and fix it. Like I wasn't hyper vigilant or anything yet. You know, I am now, but at the time I wasn't. And so I go to, you know, local General Motors dealer or whatever.
And I said, Oh, my screen is wobbly on a GPS. Can you fix it? So I'm in the waiting room. the guy that came out was the boss's boss of the guy that took, you know, that I met the service guy. If he takes his finger and he waves me over like this and I go like, Maybe he goes, yeah, I was in the waiting room
AJ Nash: mhmm mhm.
Gary Berman: and he was white like a ghost.
I [00:20:00] mean, really it was surreal. And I, and so you say he would follow me? I went, okay. So we go into the service bay, you know, with all the cars,
a really noisy, you know, car repair place. and I saw that my car was up, but now is down on the ground on a, you know, ramp. And he says, go around to the passenger side.
I said, me. I thought I was just going to drive my car home or
AJ Nash: Right. Mmhm.
Gary Berman: passenger side, I go in and then he gets in the driver's side and he says this out loud to no one is, man, I have the owner of the vehicle with me now. And I'm going, Oh, great. I'm having all this crazy shit happen.
And now I got a guy who's talking to no one, you know, what could possibly go wrong. And it turns out it was, OnStar. The operator from OnStar, if those are not familiar, that's a General Motors, customer service thing. And he, she said, how many vehicles do you own? And I said, one. [00:21:00] And he said, well, there are 36 cars attached to your account, and they can hear every word you say in your car.
AJ Nash: Wow. Wow.
Gary Berman: I said, what do you mean, 36 cars, 36 vehicles, do you own a, do you own a Yukon, whatever? I go, no. Do you own a GMC, whatever? I go, no. You know, I just had one, one car and I knew no one will believe me. You know, that's a recurring trope, just like Forrest Gump. I mean, you know, he just shows up like, I don't know, I play ping pong or I met another president,
AJ Nash: right, right.
Gary Berman: I'm telling you, that's me, or it was. Anyways, so I said, would you be kind enough to put this in writing? Because I might use this in some way. At the time, I knew nothing about what I'm telling you or what I'm about to tell you. I was completely naive and I didn't know who, I mean, I had an idea who the insiders were, but [00:22:00] that's different than proving it in court.
I have learned.and so they wrote it and I have a document with from the letterhead of the car dealer that this happened.and that's when my antenna started going off. And I started realizing all these other became known as attack vectors that seemed to happen but not forensics, you know, just experiential things and, you know, and I have, I created a slide deck, just to hold some of my images.
not with the intention of showing them to anyone.
AJ Nash: Yeah. I've done that
Gary Berman: but I just thought, you know, it was an interesting story, you know, and I don't know, I didn't know what I was going to do with it. So anyways, to go forward a little bit, there were actually 19 attack vectors, both through cyber rather, and [00:23:00] also some things in real life that happened.
AJ Nash: this is horrifying.
Gary Berman: I'll stop there.
AJ Nash: Well, I listen, so
Gary Berman: Stay tuned for more. You know, here's a commercial break.
AJ Nash: there's going to be people like, no, don't stop. I want to know more. So this is 10 years now. I mean, you've had insiders who you employed, who have destroyed your business, destroyed your life, financially speaking, like they stole your accounts, they destroyed your reputation, they bankrupted you.
You rebuilt, started over, had a whole different career, decided to come back into this industry. Do one keynote address. And they're still right there 10 years later, apparently. And they're everywhere from what you're saying. Like they're, you know, you said 17 vectors. So, you know, I have to assume like email and phones and, you know, your cars are obviously, you know, compromised and I'm sure there's others you're going to mention.
So, you know, at this point, like, I mean, you've got law enforcement involved. How, I mean,
Gary Berman: I tried.
AJ Nash: how did you feel? But I mean, the answer is going to be pretty obvious, but
Gary Berman: law enforcement
AJ Nash: you feel? Is one of the questions. And [00:24:00] the other one is, I know we talked about motives. Financial was one. I know you said there's a couple more I do want to get into like, what did you learn about the motives?
Gary Berman: Like somebody was this persistent for this long, it wasn't just about money. So, you know, how are you feeling at this point and what are you learning as you go through on this with, you know, whoever these people are? well, there's a lot
AJ Nash: that I can fill you in now, maybe a tiny bit, like, but to answer your question about what have I learned, you know, cybersecurity has this very, you know, common term, fear, uncertainty and doubt, FUD. And I was in that headspace for a long time, and I decided to pivot from FUD to FUND, just from a, you know, purely emotional and psychological, you know, and survival, you know, sort of technique for me, you know, and so many other cyber related things happened.
Gary Berman: I'll just skip for a moment. And then I want to go back to the other motivations to answer your question more thoroughly. so, I knew I had to learn about cybersecurity and like, where do you start? I was [00:25:00] 57 years of age at the time. so I bought a book called Cybersecurity for Dummies.
you ever seen those yellow books like with the black stripe on it?
AJ Nash: Yeah.
Gary Berman: perfect. I'm very self aware. So I got this book and page one, by only page 10, AJ, I was lost.
AJ Nash: So rather than quitting, I looked on the back, it was put out by Palo Alto Networks, this book, and I found this CISO of Palo Alto Networks at the time, great guy,and I got him on the phone, and by the way, the only reason I got him on the phone is one of my redeeming qualities, if I have one, is I'm pretty relentless.
Gary Berman: So, of course, my name is Gary and I call this guy 17 times. And finally he answered the phone. He goes, Hey, John, how's it going? He picked up the wrong frigging line. That's the only reason I got him. And I went, Oh yeah, this is Gary Berman. He goes, Oh shit. You know, and, but we became friends and I told him that story that I was lost after 10 [00:26:00] pages and he started laughing.
So I'm like a funny guy, you know, having lost everything. And I asked Matt, why you're laughing so hard. And he essentially replied, Well, it's not really for beginners.
AJ Nash: A book. for Dummies,
Gary Berman: for dummies? You know, and that's when I realized there had to be a different, perhaps better way to distill the complexity of cybersecurity into something people could get their heads around.
And as you can see from my background here. I thought, you know, superhero comics, because I happened to see Spider Man, you mentioned Peter Parker, and the light bulb went off. However, there were some problems with that. Number one is I had no idea about the topic or what I was talking about. I knew no stories other than my own.
and I didn't know anyone to talk to about it. But other than that, I guess I was perfect. So, you know, I went on LinkedIn and I did a search by CSO and I got, you know, all these people and invited one at a time, to connect with me [00:27:00] to send me real life stories of cybercrime, answering the questions, you know, what happened?
What were the consequences? What were the lessons learned for possible inclusion into the community? You know, a comic or something. And last time I checked, I have 23, 24, 000 connections on LinkedIn with the most important people in the world. They're all high level people like you,
AJ Nash: Well, well hold on a second. You have one. Not very important person. 'cause I'm in that network and I, I appreciate the compliment, but I am not in that category, so I appreciate that. I've snuck in somehow.
Gary Berman: copy that. See, I just said, copy that. Like, why would I say those words? Do you understand?
AJ Nash: Very military or law enforcement thought
Gary Berman: or both,
AJ Nash: Yeah.
Gary Berman: and anyway, so it became a thing. I started doing these comics. I went to, 54 cyber security conferences and I'll show you the source of my
AJ Nash: it's gotta be the badge collection. Yep. We've all got one of these, right? These are the best. I love a good badge
Gary Berman: Conferences.
AJ Nash: They're good though. I love the good badge [00:28:00] collection. So this ends, I mean, you're getting into the next question, which is great. Cause my next question was why comic books, right? We've talked about the origin story and I know we'll get more in there, but now you're starting to explain the why comic books.
I personally, for anybody who hasn't, I will say, is It's humbling when you read a book that's for dummies and you realize you're too dumb and I've been there and I don't mean you, I mean me, when you realize you're too dumb for the book for dummies, you're like, wow, is there a book for imbeciles? Like what's next?
I, so it's interesting that you saw this at, for what I'm hearing. And we'll get back to your story on it as a, you know, an opportunity, right? Hey, there's a better way to communicate. There's a different way to communicate because a lot of these books that say they're for dummies will do nothing but make you feel dumber.
Gary Berman: I've had it happen. So this is interesting. So you saw comic books as a means, right? So yeah, keep going with that, please. right, but it had, and they have substantive information in them. So, you know, it was a very interesting series of experiences attempting to learn about storytelling and, you know, what, how to ideally strike a balance between the substance of what you're saying, which is, this is not for [00:29:00] children.
These were for the inner child of adults to be more precise. andthe, style of how you go about it. So it's like this balance of style and substance, you know, which is, I've learned, not easy to do, well. And anyway, so it became a thing. I started going to conferences. I occasionally wear a costume, the cyber hero costume.
My wife thinks I'm batshit, but that's a whole different story.
AJ Nash: Certainly a possibility, by the way. These are not mutually exclusive.
go with that. You know,you're crazy in a good way, though.
Gary Berman: just call me forest.
AJ Nash: there you go.
Gary Berman: and so became a thing. So I would autograph comics at DEF CON. I like 1 year, I autographed like, over 3000 copies of the comic. Yeah, it turns out people in cyber security technology like Marvel.
They like. DC, they like comics and video games and all that stuff and everything, but it was not intentional. And then, after going to a number of conferences, [00:30:00] I became a reporter for a cybersecurity magazine. So the whole ecosystem, you know, kind of turned towards me because they wanted me to write about whatever they were working on or whatever their solutions are and things like that.
and I've never been a vendor, you know, I essentially donate just about everything. I've had a few sponsors for our comics, but I've never really tried to make money, which is turns out to be. A really good strategy to earn trust in a zero trust ecosystem. So now I can pick up the phone or whatever and talk to the highest level people in government and, big
AJ Nash: Well, they know you're not going to pitch them, right? They don't
Gary Berman: Yeah, exactly.
AJ Nash: don't duck the phone call. Everybody's caller ID, right? Everybody knows somebody they're like, Oh, I can't talk to this person. And they don't have to worry about that with you because you're there to try to provide a service or counsel or something like that.
I happen to agree with this. I mean, there's money that Tends to be made from this eventually, but it isn't so overt and pushy. It does take a lot of faith that what you're providing is valuable and that people will see value in it. And there's a way [00:31:00] to generate some revenue later.
Cause obviously, I mean, unless I'm mistaken, your mortgage company is probably like mine. They don't take smiles. They actually like cash. so we all have some bills to pay, but I think it's great that, you know, people know, Hey, if Gary calls, I should pick up the phone and talk, it's probably going to be, you know, useful and valuable, and it's not just gonna be some hard pitch to
Gary Berman: That's right.
AJ Nash: me money, right?
Gary Berman: Yeah. It's taken me nine years to earn that. And the most common question I always get is, how do you make money? Or said a different way, are you non for profit? I go, I'm for profit, I just don't make any profit, you know. so, but it is cathartic, which is why I did it. You know, from the beginning and, so only now, you know, in the last couple of weeks, after all this time, Oh, by the way, I want to fill in one other quick thing you mentioned about the show.
I've interviewed over 300 thought leaders on the most important things. in the world, you know, geopolitics, you know, the role of, quantum cryptography, which I failed algebra, by the way, but don't tell anyone.
AJ Nash: Well, I think you just told [00:32:00] everyone that
Gary Berman: oh, well,and, you know, the role of AI and authors and luminaries and just scientists and super smart people about all this
AJ Nash: And for those who missed the opening. This is the cyber hero adventurous show you're talking about. This is your show. So yeah. it is worth checking out. you know, anyway, I just make sure people know, as you're saying this, the context. Oh, I should go look at that. So
Gary Berman: yeah, I just put it on LinkedIn. I don't even put it on YouTube or anything. I, you know, I've never tried to do anything with it. It was really more, you know, catharsis. and I guess maybe that's why I have, you know, like these 24, 000 followers and stuff like
AJ Nash: Yeah.
Gary Berman: but,It's very hard to do what you do at the level that you do it and I congratulate you, you know, for it.
Yeah, I think people may not understand it. So, even for me, you know, so, like, I have three sort of shows that I have to edit and, you know, I'm just like doing this on myself and, you know, it's a slog. [00:33:00] But hopefully worthwhile. So let me go back to the reasons like why did the attackers do this and for such a duration.
So the first one was money. That's easy to understand. So as I, you know, try to work with various law enforcement agencies over a long period of time, You know, I had, for example, two FBI agents looking over my shoulder in my laptop. And right when they were there, this giant cursor starts moving around my screen with my hands.
And I go like this. Look, do you see that? You got it there. We got it. We got it. They saw it with their own eyes, but I wasn't able to prove economic damages that rise to the level of, you know, You know, decision making, although they did present it to the district attorney, but at the time,they didn't take the case.
you know, and I, it's not for lack of trying, but I love law enforcement, by the way, and I love the cyber people in law enforcement. I've done many shows shining the light on what they do and why they do it. I think they're real [00:34:00] unsung cyber heroes. So anyways, so the first motivation was money. The second one was this.
I'll pull back the curtain a tiny bit by telling you that it, you know, I'm going to use the word apparently, apparently there's some connections to a criminal organization that, kind of represents itself as a religious cult.
AJ Nash: Okay. Yep. yep. For those who can put those together. I got
Gary Berman: say anything else about that, except, you know, my impression and what I've learned is I am not the only one this has happened to at all. And they're actually written policies, that talk about how to deal with, you know, sort of enemies of this organization, which I was designated one, I think.
you know, all those years ago, because inadvertently we hired someone who I'll just put allegedly, or, [00:35:00] you know, was a member of this organization and we didn't know. and so that's part of the approach that apparently this organization uses, you know, widespread and they really kind of. Their motivation around that is they happen to be, I have learned really fixated on statistics.and I owned a market research company that generated statistics. So, and there's one last sort of nexus. These are my hypotheses.and there's one of the nexus, which is whole idea of superheroes and comics. And it's found in. In their legacies and stuff. I mean, really just, not believable, you know?
AJ Nash: and I'm, I didn't believe it for the longest time. However, eventually something looks like a duck and walks like a duck. It's walked like a duck. probably a duck. and so [00:36:00] that's the contours of that may ans help, answer So you got
Gary Berman: of the motivations.
AJ Nash: You got greed and you got religious zealotry. I'll go with that. and I know why you're not naming the group. I think most people can probably tell. Figure out who we're talking about. But I also won't name them for respect because you haven't, if you choose to, I would, but I'm not going to put something in that obviously you're intentionally avoiding saying, but I think if
Gary Berman: Well, they're very litigious.
AJ Nash: exactly, yeah, if anybody wants to, you know, put the dots and connect the dots, they can, if they can't feel free to reach
Gary Berman: No, I'd rather don't. just treat this as a, you know, a, random thoughts of a cluttered mind.
AJ Nash: right. Hey, don't steal that. We had this discussion. I think I'm going to use that for something like, no, I guess you can't
Gary Berman: You can, go ahead.
AJ Nash: but I may steal that for something else. All right. So you got financial motivations. You got religious zealotry. Was there a third motivation tied to this too?
Or was it just it, was
Gary Berman: Well, they were, it was statistics, and then also the whole, the, I do superhero comics, and it's a thing evidently with
AJ Nash: All right, cool. Well, that explains it. I mean,
Gary Berman: Well, there's actually, there's another, I [00:37:00] forgive the interruption, but there's another thing. And this is totally Forrest Gump, but you know, I was, I think socially engineered on how my journey in cybersecurity has happened. And who, why, and who. That's all I can sort of say about that, but it's why I'm so interested in cybersecurity, specifically, and why I've stayed with it for the duration that I have, because this idea of, shining the light, I mean, Justice Brandeis, I think, to paraphrase, he said, sunlight is the best disinfectant.
You know, I mean, he said something much more elaborate than that, but you know, I don't know. I, I think it's sort of cool shining the light, you know, without, you know, identifying and that kind of thing.
AJ Nash: Yeah, no, it makes
Gary Berman: This is the first time I've ever spoken publicly about this.
AJ Nash: Oh, wow. Well, I appreciate it. I'm honored that this is a place you [00:38:00] felt comfortable enough to do that. Good news is, I have like nine listeners, so nobody's gonna know any more than they knew before, at least. But,
Gary Berman: It's quality, not quantity. You have to think about your metrics,
AJ Nash: And it also makes sense because I was, you know, in my own head as we were going through this, I'm like, all right, financial motivation. I get criminals do that all the time, but why would somebody stick with it? You know, 10 years later in the persistence and it's the zealotry then that makes sense. That makes people become fixated whenever that whatever that belief system is.
And I'm not interested in judging other people's belief systems, at least not today. But whether it's politics, whether it's religion, it's gonna be something so deeply ingrained that they feel A compulsion to continue. So it's a mixture. It's not, you know, the financial stuff, it's unlikely. Somebody would continue to keep tabs on somebody for a decade and then try to ruin them a second, go around over money.
They probably would've moved on. But this other piece, this fixation, which
Gary Berman: Well, it's actually codified.
AJ Nash: Okay. Oh, even worse. So it's actually part of the requirements, sort of like to use a different example. if you had an organization where it was built into their rules, right, their laws, the rules [00:39:00] that they must go out and convert, let's say we'll use that
Gary Berman: That's right.
AJ Nash: and so you have people that will then, you know, I mean, they're not doing it even by choice, so to speak. They're part of a religion. They're part of a group. They're part of an organization and they deeply believe in it. And it is compelled. They're compelled then. Like, this is part of the part and parcel of being in that organization.
So knowing that it's codified into the rule system, yeah, that means they're going to be very persistent, unfortunately. And as you said, they're
Gary Berman: Well, there's a simple reason for that to me. I mean, simple, that's not the correct adjective, but it's easy to understand why it works.
AJ Nash: yeah. Exactly. I mean, bullying is a successful tactic if you don't care about morals or ethics and you have a significant advantage over your targets, bullying's pretty successful. it will make people change their behavior or going into hiding or whatever. Bullying and stalking and, I mean, horrible things are successful tactics if left unchecked.
I mean, they just are.
Gary Berman: so yeah, so what tools does a victim have in this kind of setting. And there are many public court [00:40:00] cases and things like that documenting. There's nothing to do with me,
and, soI do something that I just sort of call it mirroring. I mean, actually that is a communication technique, but, you know, so if I see, if I, the first thing I do is like naming it, you know, so for me, I just refer to them as goofballs.
AJ Nash: because it's just less scary.you know, and, so I created characters, I anthropomorphize my characters.
that essentially are, you know, depending on how you look at them or think about them, can be real people. So I have, you know, Sunny, the social engineer, with each one has its own origin story, and, you know, Ivan, the identity thief, or Vernon, the virus, or Boris, the bug.
Or Phoebe the Fisher, you know, so I came up with these anthropomorphized [00:41:00] characters, you see a couple, Yeah, see behind you, Vernon's
Gary Berman: but yeah, I came up with 16 characters, 8 were villains, 8 were heroes, and some amazing stories about the heroes. These are based on real people. but they, but we don't draw them so they look like themselves unless they want it.
AJ Nash: Yeah. Okay.
Gary Berman: had some who want to be depicted just so they can show their families what they do at work, you know, but many people I deal with are in clandestine sorts of things,
AJ Nash: huh. huh.
Gary Berman: cybersecurity, whatever. And so,
AJ Nash: What, I mean, what a cool idea. You took a terrible circumstance. It's something, you know, a terrible event, survived it, and then actually were able to turn it into something positive because you found another,opportunity, right? the whole, you know, four dummies book series, not really working.
For dummies like me always and said the ability to do that. I mean, I got to be honest, the resilience, the courage, you know, to come back into the industry and the [00:42:00] creativity combining with the creativity. Listen, I've seen some of this and it's. It's good, you know, and it's beyond like, you know, it's not amateurish, you know, if I tomorrow said I'm going to do comics, nobody's going to want anything to do with those because even children would say this is garbage because I don't have that skill set, like I don't have that talent, to first overcome everything you have and then to be able to turn into something so positive and so productive.
is, I mean, it's just really remarkable to be honest with you. And it leads me to the next question, which is what now? Like, what are you working on next? You know, you had a career, you had a business, you had a very successful business, you had wealth, things you were victim. I mean, there's no other way to put it.
you were a victim and ended up in a very bad position that you didn't Deserve and had to rebuild. You've done that again. and you've got this very cool, platform. You know, I know, you know, I've seen pictures obviously of you in a cape and a mask and doing this real thing at the conferences.
Gary Berman: And you've built something very cool and very, you know, contributory to, to society and to, to our industry. What's next? Like, what are you working on now? What's the new cool thing? first of all, thank you for your kind words, you know, and to your listeners, you [00:43:00] know, something I say to you. Because I really mean it, you know, thanks for who you are and for what you do, and most importantly, why you do it.so what's next? I'm working on something, pretty cool, which is, it started, last November.
One of my many men, mentors, and that's one of the great things about my Forrest Gump journey. I have some unbelievable mentors. we meet every week and talk about different, cyber or national security things.and, so one of them in November of last year was not his usual self. You know, all my mentors are sort of bubbly and on the fun side, even though they're very credible,
AJ Nash: like you.
Gary Berman: And you realize you're being adopted now live.
AJ Nash: I get that. And I
Gary Berman: being socially engineered,
AJ Nash: Yeah.
Gary Berman: but not very good because I said it out loud, but
AJ Nash: yeah. You're not really sneaky about it, but I appreciate it.
Gary Berman: You have to be sneaky. So, anyways, was not his usual self. And I said, you know, is everything okay? And he goes, not really. I just got [00:44:00] unceremoniously fired from My company, along with 10 of my colleagues, and my jaw just dropped because he was a field CSO for education.
And from what I understand about this ecosystem, they're great to have because they have the technical chops, you know, to be able to Understand cyber security, but, you know, very effective communicators, you know, and thought leaders and things like that. And so, and he went on to tell me that it wasn't just him.
It was him and 10 other people. So the field CSO for financial services, telecommunications, so on and so forth. And my jaw just dropped and I started getting angry because he's such a great guy. And after a little while, I said, Bob, forgive the interruption, but I have an idea. And he goes, what's that? I said, let's start a company.
And he goes, what do you mean? I go, I don't know. But smart people get together, good things can happen. [00:45:00] And so we started just listening to the, my community, so to speak, and how's it going? and I started, hearing some, you know, very consistent themes, like, for the 1st time, there are layoffs in cybersecurity because of the macroeconomic conditions, this whole notion of working anywhere, you know, and, virtual and fractional employment.
The role of artificial intelligence in the future, you know, the nexus of cyber security and AI and its implications and all these other things. And so it started percolating and, you know, we basically are with some smart people are co creating a, in the beginning stages of, developing a platform that will. solve a number of problems that, that we just learned about. And, there are seven of them, but the first one and most important one is just, if you think that Gary, if I tell you that I'm a CISO and you think that I am, you know, there's no [00:46:00] CPA test. there's no bar exam. There are lots of certifications.
However, they may not mean things to different people, you know, and this is especially true in the midsize market, you know, the small to medium business market, 80 percent of them don't have any, let alone something sophisticated. So this could be, you know, critical infrastructure, like water treatment facilities or electrical, although electric is pretty good, you know, transportation, so on and so forth.
And so I decided that I'd like to find a way to scale high level CISO talent. in a fractional way, to protect the hundreds of thousands, millions of small to medium businesses that reside in the United States. And, we're developing, you know, a way to, we hope, a pretty innovative way to do that.
AJ Nash: that's all I can say at the moment. you know, some of what you've mentioned was I've experienced it personally. I'm obviously [00:47:00] seeing some of this, We've all known for a long time in this industry that small and medium businesses. Struggle with security and with cyber security struggle with the budgeting.
You know, this is it's a hard things because cyber is everywhere. If you're connected, right? I talked about this being the cost of living in an interconnected world, but then not having the resources to keep up with the adversaries. and A lot of people think, well, you know, we're small, we can hide within the noise or really they just don't have a choice.
I mean, it's not that they don't underestimate the threat. They just don't have the resources for it. And every company I've been associated with, that's the flip side of company saying, how do we capture the small and medium market? Because there's so much potential there, but we can't get our pricing in a position where we can help.
Right. So it becomes a challenge. and I've seen that. And then the other thing that you mentioned, you know, fractional, you know, this big push towards that, you know, organizations not wanting to have full time Senior people in a lot of places, including security, you know, I've seen CISOs that aren't what a lot of people might consider a CISO.
I mean, they hold the role, maybe they don't hold the title. They have the responsibilities, but you look and you go, well, this person hasn't been doing it very long. And I'm not trying to denigrate anybody's [00:48:00] skillset or anything, but you're just looking, oh, this is not what the position used to be, but this is what they're willing to pay.
And then that person has those responsibilities and maybe didn't have that background. so I think this is great that you're saying, Hey, you know, we've identified these challenges and you're developing a platform with. I won't poke too much on this. I know it's something it's early stage and I'm not trying to get ahead of you on this, but it's something I'm definitely gonna want to follow and learn more about if I can help.
Obviously, I'd be interested in it because I think There's a market. There's an opportunity there. And frankly, you've shown, for those who are, you know, who are curious, in my opinion, why it would matter, you've shown all the things that I would want to be associated with somebody who's resilient, somebody who's smart, somebody who still has a positive attitude and wants to contribute.
Like that isn't, I don't think how everybody were to reacted. To what you've been through some. I think a lot of people would run away and hid and never done it again. I think people might have come back and addictive, and bitter, which would have been justifiable in my opinion. And in my opinion, and you're neither of those things.
From what I can tell, if you are, you're hiding it really well. You said, Hey, I'm going to, I'm going to do more to help people. and you're so creative that I have to assume this is going to be successful because you've identified a problem and you're a Good person who [00:49:00] wants to solve problems in a positive way.
So, I mean, from a business standpoint, you're not focused on profits, which is great as a customer, probably not great business math. I'm sure you'll figure out a way to do that as well. Cause you're going to make some money along the way, but I'm very interested to see it. Like I, you know, when we connected.
And I started reading through some of, you know, what you've done, and then you started telling me the story when we prepped for this, and I was just blown away. I was like, this guy's too good to be on my show, to be honest. So, I was like, this is a pretty amazing, you know, amazing person.
And I'm super excited, you know, that we've had the chance to meet and talk through this. I'm looking forward to doing stuff off camera and off microphone. And, like, I can't thank you enough for what you're contributing to the community. and just for continuing to do it, you know, for being, you Who you are, basically, like you're a big positive part of the community that started out in such a horrible place, that origin story, right, which, which brings us back to this.
I think you're the superhero. I don't know if you've drawn yourself. I don't know if you're one of the characters, but I mean, you're clearly one of the heroes. Like you have the origin story. you've come back and done positive things to make the world, you know, the cybersecurity world [00:50:00] better and safer.
And, to raise up the capabilities of people who, you know, struggled with. Things as simple as cybersecurity for dummies, which is, as we both agree, not simple that book, you're one of the heroes. Like, have you drawn yourself? I mean, you're pretty humble. So I think I know this, but have you drawn yourself?
Are you in the comic hero universe of your own making or not?
Gary Berman: I'll invite folks to go to cyberheroescomics.com and we have some of our comics up there. I'm not sure about the answer to your question, but maybe people can decide on their own.
AJ Nash: All right. Cool. I like that.
Gary Berman: Well, I'll tell you one thing, I'm not a villain, you know, so.
AJ Nash: I agree. Yeah. Oh,
Gary Berman: thank you so much for your kind words, and it's incredibly meaningful, and it serves as my fuel, just so you know.
you know, it's a privilege for me to do what I do, and I wake up every day, you know, excited and optimistic and incredibly grateful, based on, you know, the things you just said. and I don't know, I mean, I don't know how [00:51:00] this is going to end, you know, because if you think of.
And if I just sort of showed you what's on my desk right now and the people and the characters, you know, I'll just, I will show you my muse. So, this is my muse. And it is, it's Albert Einstein. And if you look real closely you see he has a logo there.
AJ Nash: Okay.
Gary Berman: from Sandia National Laboratories.
AJ Nash: Oh, yeah. All right. Very cool.
Gary Berman: Why, I would ask rhetorically, would I have one of those.
Stay tuned for more.
AJ Nash: Oh, it's a teaser. It's a teaser. All right.
Gary Berman: It is,
AJ Nash: Labs, Einstein. All right. Gary's got
Gary Berman: well, yeah, but the thing about Einstein, wait, just. I don't want to equate me with Einstein, other than in this way, which is, you know, one of the tools, the coping tools in my quiver through this whole experience was,I [00:52:00] read a quote that, about Albert Einstein. And a reporter asked him, he said, Mr.
Einstein, on one hand, you have science and physics and mathematics and all that. Then he said, on the other hand, you have many people who believe in some universality or God or karma or, you know, those kinds of things. How do you reconcile those two views? And to paraphrase, coincidence is God's way of remaining anonymous.
And ever since I sort of came up You know, I came across that. He said that I went, Oh, that's cool. You know, so what it's enabled me to do is to be open, like to this conversation. You know, I take a deep breath and go, okay, here it goes. Let's see what happens and do the best we can with the resources we have available at the moment.
You know, which for me happened to be quite sparse, other than the tools that you pointed out about resilience and friends, I, and mentors, I have a lot of them. It's [00:53:00] really been my savior, for sure.
AJ Nash: Well, it's, I mean,
Gary Berman: It's a great community. Cybersecurity is a great community. You know, it's full of helpers. It's full of legitimate, you know, defenders of this country from a national security perspective.
AJ Nash: Critical infrastructure. education for children, you know, it's an amazingly wonderful community. It is, however, undergoing some really rapid stressors, you know, that have been well documented, like what I said earlier about, layoffs or fractional employment or AI, you know, a lot of people in cybersecurity are exhausted.Absolutely. Burnout is a huge problem. Yeah.
Gary Berman: yeah, no, I, and this is not my assessment. They tell me, you know, and I've done several shows on well being and mental health and, you know, things like that help a tiny bit and stuff. So, I, what I would like to leave the audience with is this notion of hope that, you know, when, as I said earlier, when smart people get together, good [00:54:00] things happen, you know, we're definitely.
stronger together. I think that was a theme of RSA this last year or a couple years ago.
AJ Nash: Yeah, it was one of these years. That was one of them. I don't know if it was this year. I'll have to look up, but yeah, RSA did have a theme one year of
Gary Berman: yeah, and just, you know, try to pivot from FUD to FUD,
AJ Nash: I love that.
Gary Berman: notwithstanding the seriousness, in some cases, life. Sorts of threatening things like in the case of a 400 bed hospital that gets hacked, you know, or whatever and we just found out recently that, you know, no surprise actually China is in our telecom networks,
AJ Nash: you know, from big ones and all this craziness.
Gary Berman: So, it's a legitimate battle for values.
AJ Nash: like that. So I want everyone to get pumped up and, feel that, there are a lot of people that are grateful.
Yeah, agreed. Just a note, Stronger Together is 2023's theme for anybody who wants to spot check us. 2024 is Art of the Possible. I have the advantage of the internet right here, so I'm [00:55:00] searching as we go. But, yeah, it was a good one. so, listen, we're gonna wrap up here, we're getting to the end. I wanna, I can't thank you enough, and I will in a minute again, but as you know, the name of the show is Unspoken Security, so there's always a question for every guest at the end, and nobody gets to duck it.
and with that in mind, I'm I'd like you to tell, you know, tell me, tell the audience, something that so far has gone unspoken, like something we don't talk much about.
Gary Berman: Well, I act brave because nobody can tell the difference.
AJ Nash: That's true.
Gary Berman: There you go.
AJ Nash: I mean, you're saying
Gary Berman: that's my unspoken secret.
AJ Nash: Yeah, it's, so you act brave. Okay, I think I hear what you're saying. and I think a lot of us do. and if you do it long enough, you convince yourself you are, right? Bravery is our actions, right? it's, you know.
I used to say, you know, it's not the absence of fear, it's the ability to overcome fear, which sometimes means acting and, you know, just kind of saying this is where, you know, most people I know that are really brave, there's a lot of, you know, scared going on there. They're no different than anybody else except they just [00:56:00] put it aside and act differently and kind of overcome it.
Gary Berman: Well, the thing about that from what I just said is it, you know, I'm acting, but that doesn't mean deceiving, you know, it just means, okay, you're confronted with X. So, okay, what are you going to do? You know, you can, you know, fight or flight. In the back of our neck.you know, so, so do you freeze, which is a legitimate response. Do you run? You know, which is a legitimate response.
AJ Nash: Yep. It's the right one. A lot of times. Yeah.
Gary Berman: you confront it? Which is a legitimate response. Or do you take the fight to them? Which is also a legitimate response. You know, and that's how we're all made. You know, this is deep brain survival, you know, stuff. And so basically, I lean towards, you know, the.
the latter, like acting brave and
AJ Nash: Got it. Got it. Well, I [00:57:00] and you may be underestimating yourself or I don't understand. You may be under crediting yourself, right? It's if you act brave, you are brave, in my opinion. I guess just how it works at some point, right? We are our actions. People who talk brave and don't do things. when needed are I was gonna say cowards.
I don't want to be cruel. Like it doesn't listen. Their survival skills are just different, right? But if you act brave, you are brave. I mean, there's that's just how it works. We are who we are. and I don't think there's any doubt in my opinion, at least based on your story, you are brave. I don't think most people would have would be where you are now based on what they went through.
based on what you went through, I don't think most people would be where they are where you are now, and I don't think they've done the things you did, and it takes courage. It takes bravery. It takes a generous heart as well. Like again, you continue to want to give, you know, even though giving and helping and being who you were, you know, led to somebody taking terrible advantage of it and turning things upside down for you.
And yet here you are again saying, Hey, I just want to keep doing good things. So, yeah, you can say you act brave. I'm gonna say you are brave and, you know, we can leave that one [00:58:00] on the
Gary Berman: I'll just say, no, I'll say thank you. But I want to, I'd like to leave your audience with a tool that I found very valuable to get through to this moment and these thoughts that you're so kindly saying, you know, which is, you know, This is something also I don't think I've ever said, but when I started realizing, you know, what I think was actually happening, I don't remember someone sent me a copy of the book or I bumped into it, but, there's a, a very seminal book.
It was called On Death and Dying,
AJ Nash: Oh yeah,
Gary Berman: by Elizabeth Kubler Ross, and she has like the steps of grieving.
AJ Nash: And it was based on her research of researching people who had just lost loved ones or were in the throes of it or after. And so she came up with, you know, these seemingly recurring stages that people go through.
Gary Berman: and, you know, so I went through that, you know, and I started with, I think the first one was denial. Like this is not happening.[00:59:00] and all that. and then, you know, I don't want to mangle the order, but,
AJ Nash: It's denial, anger, bargaining, depression, acceptance. Again, I have the advantage of the internet,
Gary Berman: That's right.
AJ Nash: but yeah. Denial, anger, bargaining, acceptance, or depression
Gary Berman: Yeah. So I was stuck in denial for a long time
and I was angry
AJ Nash: I
Gary Berman: for a real long period of time, 10 years
AJ Nash: Yeah. I believe it.
Gary Berman: at least, you know, and then, Fast forward to now. I mean, I'm not at acceptance. I, that I'm just not there because, you know, I'm motivated and I'm using to the best of my ability, what happened. And to turn it into something constructive as you were kind enough to point out. So I'm not an acceptance, but I'm not angry or in denial either. I don't know, somewhere in there.
AJ Nash: and if I'm not mistaken, not to speak out of turn about Elizabeth Kugler [01:00:00] Ross's work, but I don't think acceptance means you accept it. Like, it's okay. I think it's just accepting that it happened, right? 'cause denial was saying something didn't happen.
It's not
Gary Berman: Yeah,
AJ Nash: like in our mind we're saying this didn't happen. This isn't a real thing. Acceptance is just getting the point of saying, okay, this happened. This is real. I have to accept that. And I think you are there. You don't accept it in terms of I'm not gonna do anything about it. It's okay.
It's good, I think. But you certainly, it appears to me,
Gary Berman: Yeah. Thanks for the clarification. I, that is accurate. Yes, I've accepted that this. you know, was real.
happened. you know, I found, solace in a, community. I'm not talking about cybersecurity at the moment, in a different community of people who know a lot about this.
AJ Nash: Mm-Hmm.
Gary Berman: and they were victims manifest in all types of different ways.
And, you know, so I found some solace in knowing that I'm like, not alone. And then I'm not, you know, off my rocker because it's very easy. You, I'm sure you're familiar with the term gaslighting, [01:01:00] you know, it's very easy to doubt, you know, things, or, you know, if your antenna are like too high up, then you can see.
In fact, there's a very interesting book for our audience, if you want to learn about that, called Ghost in the Wire,
AJ Nash: in the Wire is a great book. Absolutely
Gary Berman: was one of the, one of the earlier books I read, about that. and, so you can see ghosts like in technology and all that. And you wonder, Oh, is someone tracking or listening to my call?
Whatever. I have actual evidence that these things actually happened,And I was one of the first, you know, sort of, I, an earlier thought, an earlier case, a use case of a Bluetooth vulnerabilities, you know, and just, well, there were 19
AJ Nash: So all this craziness. I gave a speech, which I just posted Thursday for the first time.
Gary Berman: I guess I'm sort of entering this sort of next stage of what am I going to do about all this [01:02:00] stuff, you know, of my speech. And I've been a public speaker my whole career, and I'm, you know, I love doing it because I, you know, I make it about the audience and I have a lighter touch, so it's funny, things like that.
But for this particular speech at the Gartner Security Risk Management Conference in Washington, I was nervous, and I remember sweating like a pig. And the reason I was nervous is because it'd be the first time I'd ever present, you know, some, I'll use air quotes, like evidence to people who could call BS.
So,
AJ Nash: And so I went and I'd taken some of these screenshots of different things like, you know, spoofed Google two factor authentication, spoofed, three different Wi Fi's, yeah, user interfaces that were spoofed, LinkedIn, live, you know, shows that were hacked and notes that said, we know it's live and we're watching you.
Gary Berman: and, you know, on my screen, you know, and, so it's very easy to get this stuff wrong, like, oh, you [01:03:00] didn't update your firmware, whatever, you know, and so I went up and I spoke for 45 minutes and guess what happened? I got a standing ovation.
AJ Nash: That's fantastic. Yeah,
Gary Berman: the cybersecurity community who were in attendance, and there were, I'm not exaggerating, 30 or 40 people waiting in line to talk to me.
They said, how did this Bluetooth thing happen? How the hell am I supposed to know? You're the one who's supposed to know this stuff, you know, and I developed friendships, you know, and now, you know, eight or nine years later, you know, some trust.
AJ Nash: Yeah Well, Ghost in the Wires, for those who don't know, and I'd be surprised if many listening don't, Ghost in the Wires by Kevin Mitnick. you know, he's world famous and we lost him last year, unfortunately. It's a fantastic book. It's held up over time.
It's brilliant and even dummies like me understand it. So, it's a good read. so, listen, we're running out of time, actually, we're a little over, which is fine because I'm always a little bit over when I have good guests, but I want to thank you,for being here, obviously, you know, thanks for being my friend and for joining the show, and for [01:04:00] sharing your story and thanks for everything you've Done and keep doing like, thanks.
Thanks. I'm glad you're came back to the community. I'm glad you're in the community. I appreciate your work and what you're doing. And I'm excited to see, you know, this next stage. so I'm just, you know, I wanted to say thank you. I'm grateful, for everything you do and for being here. I'm going to wrap it up.
I don't know if you have any last thoughts, and we, you know, you've already given some kind of ahead of time on what you want to leave the audience with. Is there anything else you want to say before we close out though?
Gary Berman: Just what I say very often, thanks for who you are and for what you do and most importantly, you know, why you do it and, you know, to the cybersecurity community and people in national security and law enforcement, the same thing, you know, your real life unsung heroes, and there are many people, especially me, who appreciate you very much.
Yeah, great message. and I agree. We have a lot of people working very hard every day that nobody knows about. Nobody talks about, they don't talk about themselves they can connect with me on LinkedIn also. is probably a good way to do it. Or cyberheroescomics.com if you want to read, see some of our comics. You know, that kind
AJ Nash: Yeah, 100 percent highly recommend it's our cyber hero comics. com or reach [01:05:00] out to Gary on LinkedIn And if for some reason neither of those work reach out to me and I'll help you get to Gary I can't imagine that happening. But again, thank you very much for being here Gary. Thanks for sharing your story and for everything you do That's gonna wrap it up here.
So for everybody listening and watching Thank you for being here. And if you like what we're doing, I appreciate if you could subscribe follow like Share the news with other people, please. so we can keep this show going. I appreciate everybody out there. you know, so we can keep having people like Gary out to tell stories about amazing things going on in the industry.
So thank you all. with that, we're gonna end it. And, it was great having you here. This has been another episode of Unspoken Security.