Inside Cybersecurity: How Hackers Think and How To Stop Them

Intro 00:01

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage, we will debate, evaluate and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 00:21

Hi Jody Daniels here. I’m Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified information privacy professional providing practical privacy advice to overwhelmed companies.

Justin Daniels 00:34

Hi, I am Justin Daniels. I am a shareholder and corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk. And when needed, I lead the legal Cyber Data Breach Response Brigade.

Jodi Daniels 00:57

This episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers.

To learn more and to check out our best-selling book, Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com. Well, hello. They say that you learn something new every day, and I’m very excited to learn or to share that I learned how to find the original ratio setting in zoom today. And it’s just sometimes the really small things that make me happy.

Justin Daniels 01:45

I’m impressed. Why don’t you share? You should share that picture with the dog in his shades.

Jodi Daniels 01:49

Oh, yes. Yes. And then this morning, for those of you. Well, actually, we haven’t even shared on our podcast. Our dog had life saving surgery a couple of weeks ago, and as part of the recovery, has to have laser therapy, in which both the dog and the humans have to wear glasses.

And I snapped a picture of our dog Basil, wearing his special glasses, and he looks like a Hollywood dog. Dustin pointed out the good news for all of you listening is yes, our dog is recovering and doing well.

Justin Daniels 02:19

And my job in the next life is to come back as my wife’s pet instead of her husband. Much better treatment.

Jodi Daniels 02:25

All right. But we’re going to talk about privacy and security. Actually we’re going to talk about security today.

Justin Daniels 02:28

Yes, we are, because we’re going to talk to one of our fellow faculty members. So today we have David Kennedy, who is the CEO of Trustedsec. He is also the founder and CEO of Binary Defense at Trustedsec. He is considered an industry leader in cybersecurity. He is a former chief security officer of Diebold.

David has led global cybersecurity teams, testified before Congress, and shaped cybersecurity policy. He co-authored the Penetration Testing Execution standard and is renowned in offensive security. A marine with intelligence experience, he prioritizes family fitness and co-hosts the Hacking Your Health podcast. So the bottom line here is we are going to the real source of cybersecurity expertise. David, welcome.

How are you today?

David Kennedy 03:16

Doing great. Thanks so much for having me on today. It’s really a pleasure. And the dog story put a nice smile on my face. I have two boxers at home so I love animals, they’re the best.

Jodi Daniels 03:24

The animals are the best.

David Kennedy 03:27

And I would agree, my dog gets better treatment than me so I could agree with you.

Jodi Daniels 03:31

They go first just as much as they should. Okay, back to you David. So we always like to understand how people’s careers have evolved. If you can walk us through your journey, we would love to hear it.

David Kennedy 03:44

Yeah, absolutely. You know, I started my career off very early on. I was always interested in technology. I remember having a Teddy Ruxpin that I had that my parents got me. And I lived in a, you know, lower income family, household, inner city schools didn’t always have a lot of technology.

And I remember when I first got my Teddy Ruxpin, the first thing I did was completely tear the whole thing apart to figure out how it worked, and then I had to reassemble it again to get it all working again, because I always, always had that, wanting to have an understanding around how things actually work. And so I, you know, went from there, went into the military intelligence side of the house. I was in the United States Marine Corps. I did two deployments to Iraq for intelligence related missions. Spent a number of years in the Middle East and then got out and, you know, really honed in my craft on cybersecurity.

I was in a small consulting shop for a little while, then became the chief security officer at Diebold. And then the funny story behind that is I was I was at Diebold. I was the youngest VP and chief security officer in Diebold history and decided one day I came home and my wife had just had twins, and I said, hey, honey, I think we need to start a company. I want to start my own business and had no idea what I was doing, had no idea how to start an LLC or anything like that. As I’m sure you can probably relate.

You know, when you first go into this, you have no idea what you’re doing, but knew that I wanted to help other companies and organizations get better with cybersecurity and really kind of took it from there. And so it’s been great. You know, I mean between trust the second binary defense, we have close to 400 employees worldwide. And we continue to expand and do amazing things and helping people out. And that’s really been our mission, which is our motto in both companies, is to make the world a safer place.

And, you know, when you have a good mission statement like that, it’s kind of hard to not believe in that and move it forward and really try to help others.

Jodi Daniels 05:20

I love that mission. Mission statement. I can’t speak today.

Justin Daniels 05:25

So, David, one of the things that I find interesting about your background is, can you talk a little bit about how do you think your military background might influence your approach to cybersecurity?

David Kennedy 05:36

Yeah. You know, for me, I was kind of an — I was always an overweight kid growing up. And I think, you know, when I got into the military, it put a really amazing structure in place, ways that I can tackle complex situations and break it down to be more simple and to really leverage, you know, that mission, you know, you hear in the military a lot. You know, the mission, the mission, the mission. And that’s really kind of how I look at life as well, is, you know, it’s one big mission and I have to take different things and kind of execute on that.

And so for me, the military was really one of the more, more foundational pieces that I really attribute a lot of my success to, but also kind of my outlook on life. I had kind of a near-death experience when I was in Iraq. And, you know, that put things into perspective quite a bit. And so I try to live every day to its fullest, knowing that, you know, it might not be here every single day. And the military really gave me that, that backing a lot of the discipline, the ability to take complex problems.

And also, you know, one of the, I think, big superhero strengths that I have is that I don’t let small things really get to me. You know, it’s the big things that I’m trying to solve and work day to day to try to accomplish. You know, what we’re trying to accomplish here at, you know, binary and trust, but also in my life and my family, everything else, it’s all, you know, putting it into big picture and trying to execute on that.

Jodi Daniels 06:47

I think a lot of people could learn. Do you have maybe a tip or a hack of how you let those small things roll past and able to keep that big picture.

David Kennedy 06:58

I think it’s a learned trait. You have to practice it. You know, there have definitely been times where, you know, I’ve typed out an email that I know I’m going to regret, but I just type it out and I don’t hit the send button. You know, that’s one tactic that can get you kind of started, right? You know, at least, you know, vent a little bit.

But you know, for me it’s trying to put things into perspective like, you know, hey, you know, maybe one of my kids gets in a car accident, right? But he’s fine, and the car is fine. And, you know, it’s something that, you know, it sucks, but, you know, at the end of the day, it’s not going to be, you know, catastrophic to our family or things like that. So I always just try to put it into the yes, we have parts of our brain, you know, we have the kind of the, the animal part of our brain that responds to things very fast. And then we have a more logical brain.

And I try to let my logical brain take over as much as possible. Then kind of responding to immediate things that happen at a given time. And it’s just a practicing thing. You know, for me, I actually have something that I created called the Rule of Five. And in the morning, I type out five things before I look at email, before I see what’s going on for the day.

Five things that I need to accomplish every single day that are important to me to hit those objectives. And it could be small things like make sure I go and get a lift in, you know, at the gym or, you know, make sure that I follow up to this specific person or reach out to an employee that I haven’t talked to in a while. But that rule of five to me keeps me, you know, focused on the five things that are most important for that day before the fires come in the office, before certain things hit me. And that kind of lets me be, you know, very categorical of what I actually look for and what I actually execute on throughout the day. Those are the most important things, not the day to day fires that come through.

Justin Daniels 08:28

I guess. David, the other thing I wanted to ask you, given your military service and being in Iraq and I’ve met other people, is given that, how much can a data breach situation that’s highly pressurized, how much would that faze you, given the things that you’ve dealt with? I always feel like someone in the military who’s been in that situation, it’s like after that, it’s like, what in life can possibly faze you?

David Kennedy 08:49

I think you had a really good point there. I think that’s also how I’m able to put, you know, smaller things that happen into perspective, right? When you’re in a wartime situation, you don’t know if you’re going to make it the next day. I remember when I was in Iraq and I don’t smoke cigarettes, but when I was in Iraq, I’m like, well, hey, I’m probably going to die anyway, so I’m going to smoke some cigarettes just so I can go outside and, you know, get a breath of fresh air and hang out. And I quit that as soon as I left, by the way.

But, you know, it’s the small things that that I think you can, you know, rationalize a little bit more because you have life experiences that have hit you that are much larger in nature. And so when I look at certain, you know, problems or issues, especially that you mentioned the data breach for me, it’s it’s, you know, I understand that the people that are going through the data breach are under an extreme amount of pressure. It’s impacting the organization, it’s impacting employees, it’s impacting, you know, profitability. It’s impacting a lot of aspects of their day to day lives. And I’m sympathetic to that.

So I can recognize, hey, you know, this person lashing out or being upset or mean isn’t really them. It’s the situation that has been created. And we’re there to help them out. And at the end of the day, you know, you know, once everything’s, you know, blown over and everything’s kind of restructured and everything’s good, you know, they’re going to come out, they’re in a much better place. And so I always look at the again, the long term objective of that of, you know, ten situations, you know, requires you to be on your game and to be, you know, fully committed to it, but at the same time recognizing that, hey, high stress situations create, you know, different dichotomies of people in different situations, and people handle stress in different ways.

And I’m very sympathetic to that.

Justin Daniels 10:10

It’s funny you say that because — try not to laugh, but I’ve actually been watching Ted Lasso, which Jodi watched a while back. And one of the things he says, and I think, David, this is what you’re really saying, is don’t judge somebody in their worst moment or their best moment, because it’s just a moment. Look at the bigger picture.

David Kennedy 10:26

Absolutely. And that’s a good lesson. Ted Lasso is awesome. And definitely funny. Funny guy.

Jodi Daniels 10:33

But you quoting Ted Lasso a couple years after I told you to watch it. But you know, better late than never.

Justin Daniels 10:39

Anyway. Well, well, David, now we kind of want to shift a little bit and talk about your businesses. So talk to us a little bit about what challenges does Trustedsec and Binary Defense solve in the cybersecurity marketplace. What is the claim to fame there?

David Kennedy 10:54

Yeah. So for us, you know, Trustedsec is a security consulting company. We pretty much focus on, you know, everything from penetration testing, application security, physical assessments all the way to GRC work, PCI compliance, you know, building security programs, things like that. And really, what I wanted to accomplish with Binary Defense is to have an amazing team where we are always doing amazing things for our customers to build their security programs. We recognize, you know, this industry is very difficult, right?

You have a high churn rate of people coming in and out. It’s very difficult to establish large security programs. And so for us, it was really trying to take a lot of the complexities out of building your security program and having the expertise here that, you know, you can actually rely off of us. And then at Binary Defense, one of the biggest challenges, I think, that most organizations face is understanding when a data breach occurs. If you look at a lot of the data statistics, what we call dwell time, how long an attacker has in their environment before they break out to other systems, and then before they’re actually detected, you can go weeks, months, longer than that.

And so for us, it was really to solve the monitoring and detection complexities in cybersecurity and really provide, you know, that detection engineering, threat hunting, threat intelligence all into one unified area where we’re always looking and got the customers back where we recognize maybe they don’t have a full blown security operations center, or maybe they’re a small to medium sized business and can’t afford that. Or they’re a larger enterprise and they want to augment us for our expertise. It’s really, you know, back to that mission of making the world a safer place, making it as easy as possible for companies, whether they’re in the healthcare space, protecting life, you know, water treatment facilities, the electrical grid, you know, corporations and banks. We service pretty much any industry vertical. We’re really trying to help them out.

And that’s one of the areas that I really enjoy is the teams that I get to work with, my team that I get to work with day in and day out. They’re just amazing folks, amazing individuals, you know, believe in that mission and really just put the best foot forward trying to help these companies and organizations as they struggle.

Jodi Daniels 12:47

Well, we have to talk privacy. And we are finding more and more CISOs are and security teams are being anointed or taking on some part of privacy, whether it’s the whole thing or privacy operations. And some of the privacy laws are also helping security teams because many of them have some flavor of you must make sure data is secure. In some places, there’s a private right of action. From your perspective, how is the privacy landscape impacting security professionals and security program?

David Kennedy 13:24

Yeah. Good question. Well, one thing you know, we don’t specifically specialize in any way, shape or form for privacy. So we would go to like your folks like Red Clover to do that type of work. And it’s very specialized in nature and niche.

That’s awesome. That’s an area that, you know, definitely needs a lot of expertise and specialty. You know what’s interesting? If you look at, you know, I think GDPR was kind of really the first ever type of compliance that — it really impacted privacy within, you know, an entire country. And then you look at, well, I guess more than just the country but all Europe.

And then you start to look at what we’re starting to trying to accomplish here in the United States. I think it’s been very privacy lacking in many cases around the consumer data, customer data, intellectual property, everything else that goes along with it. And we’re starting to get better at that, which, you know, when you start looking at the controls, you have to have in place to really protect that data that drastically impacts the security program. You know, organizations and companies have to do better at protecting consumer data, have to do better at protecting their own intellectual property, their employee data, everything else that comes along with that, and then how that type of information is sent, used in every single business process that the organization has. And I think, you know, we’re really starting to see the cusp of that take place here in the United States, where we’re seeing more and more organizations really have dedicated either privacy officers, you know, folks that are in charge of those roles to really try to build out those programs or leveraging folks like yourself to to come in and help build out those programs.

Absolutely critical for an information security program, period. And one that has been, you know, oftentimes, you know, I think a lot of people look at cybersecurity as a technical issue. In many cases, it while some of that is, of course, there’s a lot of other elements that make that security program successful the governance program, the privacy program, all of those play directly into that cyber security program to make it successful.

Jodi Daniels 15:14

Yeah, it’s very much, you know, I’m sure you would agree a business priority. And I’m glad you mentioned the governance piece because there’s technical but there’s policies, there’s process, there’s people. And I always say that privacy and security, they work best when they’re really working together.

David Kennedy 15:30

100%. Couldn’t agree more.

Jodi Daniels 15:31

Both sides. Yep.

David Kennedy 15:32

Absolutely.

Justin Daniels 15:34

Well, there’s another thread that I wanted to pull on with you a little bit because I think you are our first guest that has ever testified in front of Congress and wanted to just ask you, what’s it like to testify in front of Congress and security members? Do Members of Congress demonstrate even a basic understanding of security issues?

David Kennedy 15:53

Yeah, that’s a long rabbit hole. We’ll do the TL;DR type of version. One thing is I probably will never testify again. I did it twice. And this was around the release of healthcare.gov.

And when healthcare.gov got released, the thing that I noticed was that the website had a lot of trouble even staying operational, like running. And usually, you know, if you’re in security or in it, if you don’t have a good disaster recovery plan or load balancing or ways to actually keep that server up and running. Security probably was a second thought on that, right? If you don’t even have performance and stability. And so, you know, I started doing some, some open source intelligence gathering and found, you know, that the website was just riddled with old, you know, legacy applications and dependencies, and the site was just really vulnerable.

And my discussion to Congress was not not necessarily specific on healthcare.gov, but it was how the government approaches building these systems that contain a lot of personal data, and we’re not putting the right controls in place to really protect that data. And yes, we have NIST and we have, you know, 853 and a bunch of others that help, you know, structure a security program. But in many cases, you know, they’re farming these out to third party big development shops. There’s no security testing or coding into that. And so my first testimony was really about how the government really needs to look at security, instead of looking at it as a car part and going to the cheapest bidder.

They need to incorporate budget and to be able to introduce good security practices and regular testing into those to ensure that our personal information is protected. But also, you know, government secrets and things like that. I mean, we’ve seen so many data breaches that we know that are public. You know, if you look at OPM, for example, I was impacted by that because I had a top secret clearance. You know, those types of things need to be restructured.

And the first testimony, I think went really well. The second one, it was perceived as a political statement because it was around the same time, you know, President Obama was dubbed Obamacare, right. And so it was looked at as an attack against healthcare.gov and the Obamacare as a whole. So it became kind of a — I became a wedge in the middle between two political parties. And I was there completely not not repping any political party whatsoever and just trying to help with the case of building security in the government.

And it was pretty, pretty fiery. If you ever get to, you can still download it. It was on C-SPAN as recorded and it got super, super fiery during those. I mean, I was getting yelled at and screamed at and, and a bunch of other things. And, you know, I was just there to help and try to, you know, make things better.

And it definitely didn’t go the way that I would have anticipated. I held my own, you know, I had a lot of data, a lot of facts, and I just stuck to the facts and stuck to the you know what? I know in this industry I kept away from any political area. But to your comment there, they have a kindergarten level of understanding of technology. And really where you know, they have strength is their staffers that may have some sort of technical prowess.

But the senators and congressmen and women, they really have no clue when it comes to understanding technology and how that fits into the broader picture around how to even secure that. And so that’s a big deficiency that we have currently today in our legislative branch, is really trying to get them to understand the importance of this. And so I’ve spent a lot of time not testifying in front of Congress, but meeting with various senators and congressmen and women to really try to help forge cybersecurity policy to help them out. So I’m on the backside of it now, you know, trying to work with them and giving them knowledge. And it’s great that they’re open to feedback, but they need a lot of work.

They need a lot of help, that’s for sure.

Justin Daniels 19:19

Well, I’m curious, David, given your particular background and you’re also a dad, you know, we’re watching this debate around TikTok. We now have DeepSeek come out. And one of the things that I worry about is, well, what if China has this in place and they say, yeah, we’re going to go across the the Taiwan Strait and invade Taiwan, and then we’re going to use this entire network plus the AI to be a huge mis- and disinformation program to basically get international acquiescence or support for what we’re doing. And I just would love to know, from your perspective as a dad, someone who knows security, also been in the military. What do we, you know, as a society or just people need to be thinking about when we’re hearing all this stuff around TikTok and deep tech and how it can be used in ways that are just pretty scary.

David Kennedy 20:07

Yeah. What’s interesting is if you actually went to deep seeks web UI, not their local language model, not their local LLM, but their actual website, the DeepSeek. Can you put in the, you know, the chat query and you say, you know, if China, if the Chinese government requests any of the information that I’m submitting, will you give it to them? And the answer was yes. Absolutely.

So, you know, I mean, you have to look at where this data is going. What everybody’s doing. And TikTok being one of the most prominent social media sites, you know, being, you know, predominantly owned by the Chinese government as well as, you know, ByteDance. Those are our major concerns because they control the server data. They control what they collect.

They control what goes to the government. They control the algorithms that go along with that. And so, you know, it’s a very powerful tool when, you know, if they tweak the algorithm just a little bit to show more pro-Chinese or more pro-misinformation, things like that, it can definitely sway public opinion one way or the other. And we’ve seen that being used across the board. You know, we saw it during the election processes with Russian influence.

It’s a very large tool that a lot of these countries have fully dedicated cyber divisions just for this type of, of, of impact, impact of the population here and its perceived use of certain things. So I see it as a major issue for me personally as a dad. I don’t allow any of my kids to have any social media. I finally broke down and let them have Snapchat because the teams like the volleyball team and the basketball team, they all communicate through Snapchat. I was very upset that I had to do it, but we did it.

But I’ve also really communicated with my kids the importance of that responsibility and what that actually means. Just the other day, my youngest son, Mason, 14 years old, came to me and he’s like, dad, I think I messed up. I think I got hacked and you know, I’m glad he came to me and said that because, you know, he could have hid it or, you know, you know, not told me about it, but it was completely, you know, a scam thing. It was like, hey, we compromised your computer and your phone, and we’ve been monitoring you for, you know, four months. And we have all of these things that you’ve done, and, you know, you need to pay us this money, or else we’re going to tell your family and all this other stuff.

And it was all bogus. You know, it’s one of those, you know, trying to get the lowest commodity thing. His computer wasn’t hacked. Trust me. I’m very good at that.

But, you know, but, you know, the fact that I’ve communicated to them enough that they feel comfortable to talk to me, I think is really important. But I can’t emphasize enough. I mean, if you look at the data studies on the impact that social media has on our youth, it’s alarming. And these, these, these sites, regardless if it’s TikTok or Instagram, Facebook or X or Twitter, they’re all designed to be highly addictive. They’re designed to really change our patterns of behavior, get that dopamine release very quickly.

And it really changes how kids actually perceive the world. And if you couple that with the threat of China, it’s an even larger of a threat to me personally.

Jodi Daniels 22:51

We are laughing because we also don’t want to offer social media, and we had to for the exact same reason that you talked about that. All the teams were talking and the youth groups are all connecting. And unfortunately they’ve moved off of text and she had nothing. And then there’s an entire other social piece that’s missing. And another problem there.

I’m curious for your thoughts. So we always ask someone what is your best security tip. And you can also answer that. But before that there are a lot of people who will say, so what if China has access to that information or it’s a Chinese owned company? What do I — what do I have that they’re going to have access to that really matters?

What do you say? I’m sure you might have even had those conversations with people in your circle. What do you say to that?

David Kennedy 23:42

That’s a great question. Well, one, I think we have to look at what has China done in the past that would consider us to have a warrant for concern? Right. They’re the largest country in the world that steals intellectual property in the United States. We’re talking trillions of dollars of intellectual property theft that they continue to to really have no rhyme or reason repercussions for.

And we deal with these data breaches every single day. I mean, our teams are booting China out of big corporations, stealing intellectual property. And then what China will do is they’ll take all of that R&D that we spend the billions of dollars of R&D to build a new product. They steal all that, and they build a competing product for half the price in the United States market. Right.

So there’s a whole bunch of unfair trade advantages that are happening. And they’re stealing all this data all the time, on top of all the stuff that’s going on from a cyber warfare capabilities perspective, where they’re continuously infiltrating our grid infrastructure, military preparedness, everything else. And a lot of the concerns, if you look at a lot of the folks that are in the know that also talk more on strategy, you know, the impact around Taiwan, specifically if they were to invade Taiwan. And we were to respond to that and actually get involved in that, they would make life here extremely difficult for us. You’re talking, you know, potentially shutting down electricity or trade routes.

You know, if you look from ransomware groups last year, our supply chain was a major part of attack. You know, where they were hitting distribution sites that, you know, send, you know, packages out to people and things like that. So, you know, they’re very methodical. And the thing that we have to understand about China is that, you know, in the United States, we have a four-year election cycle. So our politics, our strategy and everything that we look at is a four-year cycle, right?

And it’s a four year cycle of if I’m going to get reelected or not, or a four year cycle of if this is all I have and I have to promote the next, you know, political party, whereas China is looking at it from a 20, 30, 50, 100-year strategy perspective because they have full control over that government. And so they’re looking at this from a much longer term strategy perspective, which is much more damaging to us in the long run. So, you know, when you look at the big collections they can do off of US citizens. They can know everything about where we’re at at a given time, our spending habits, what is most influential to us, and then start to tweak that and change our entire perception around reality, around what’s actually occurring, what’s actually not. That has a devastating impact to society as a devastating impact to us personally, and also the amount of data that they’re able to collect on us and our personal information, you know, yes.

Is, you know, somebody that is working a manufacturing job, a prime target for China, know, you know, if you’re in DoD, yes. You know, if you’re a government contractor, yes. You have a top secret clearance. Yes. Right.

But at the same time, if you look at all the data that they’re able to do and lump people into specific groups, especially with what we have with artificial intelligence and being able to comb all that, you can start to build campaigns against targeted groups to really sway opinion and sway their understanding around, you know, geopolitical issues that are occurring. And it can be really detrimental to our freedom here in the United States. It’s a major concern that I have both for our short term and our future.

Jodi Daniels 26:37

I really appreciate you articulating that. So thank you so much. Yeah. Nice to have other people’s perspectives.

Justin Daniels 26:42

So the part B of Jodi’s question, as we always like to ask and will be interested for what you have to say is, do you have a best security tip that you would give when you’re hanging out at dinner with other irons, faculty members or just friends?

David Kennedy 26:55

Well, my biggest thing is if you look at almost every single breach that occurs for people, it occurs because of some sort of misuse of passwords. Right? For me it’s it’s, you know, and I always, I always we have this thing called Bionic night at our local schools. And I also go and I travel to local high schools and speak to their — I just got done doing one for Louisville High School, which is not in Kentucky, believe it or not. It’s in Ohio, Louisville High school.

And I had 900 kids there. And, you know, they asked me, you know, the same, same question. And for me, it’s, you know, if you look at a lot of the issues, you know, one, having multifactor authentication in place everywhere reduces probably 95% of maybe, maybe even closer to 98% of all of the breaches that can happen for you personally. But second is, you know, the same password we use everywhere. So if you have, you know, five social media accounts using the same five social media passwords and one of those social media companies gets compromised when all they have access to all five of your social media accounts.

Right? I just got done talking to a good friend of mine, literally right before this call, whereas Facebook account and Instagram account was taken over because he clicked the link. Now they’re getting more crafty in what they do now. So the one that he got was it was a message from Facebook, and it looked legitimate. And they sent him an email saying, hey, your account, you know, detected unauthorized activity.

Click here to ensure that it’s not. And they basically were able to add an additional authentication mechanism, a number, onto that account just by clicking that link. So you got to be really careful and suspicious around things that are happening out there. I had one recently that almost got me, believe it or not, it actually came from the security team at GitHub.com. And you know, so it said security at github.com I checked, you know — I did my standard you know check the from check everything else, make sure it looks legit, checked and hovered over the link.

The link went to GitHub and what it was doing was they used one of my issues and one of my GitHub projects to generate an email. And when you generate a new ticket in GitHub, it sends the email to the person on record of that owner from security at GitHub. And they formatted the section that they’re, you know, pretending to modify as an issue. So when I clicked on it, it was actually trying to authorize that account to get access to my, my container of my, my GitHub project. And so really well, well thought out.

But you know, we’re seeing these more and more where a lot of these attackers are leveraging very, very crafty types of emails to get access to your account. And then from there, you know, spiraling out. So, you know, multi-factor authentication passwords are really good. And then being really cautious around the types of emails that you’re getting and you’re actually accepting because it can be a complete account takeover at that point.

Jodi Daniels 29:33

David, when you are not trying to make the world safer, What do you like to do for fun?

David Kennedy 29:39

Well, I you know, one of my big, big things in life and, you know, is, is I don’t go into something like just just a little bit when I find a hobby that I enjoy doing, I kind of go all in on it. Right. And so one of my, one of my favorite ones, I’m actually leaving tomorrow to go to Clarksburg, West Virginia for the weekend with my dad and my two kids. One of my son’s friends is we’re playing airsoft all weekend and I’m a huge airsoft fan. I play airsoft literally every weekend.

It kind of gets me back to the military days. But also, you know, with that is staying active and the health and fitness side, right? So for me it’s understanding my body. I for the longest time my entire life struggled with weight. At one point in time, I was up to 315 pounds, you know, very obese health issues.

I had heart surgery and I remember the doctor and this is kind of like one of those like moments in life you look back at, and it was like a catalyst to where I’m at today. The doctor said to me, he’s like, listen, if you don’t change your habits, you’re not going to be around for your kids. And that hit me like a ton of bricks. I’m like, wow, I’m being selfish about myself. And, you know, the unhealthy lifestyles.

I would code till 2:00 or 3:00 or 4:00 in the morning, you know, drink beer or whatever, go out and party with my friends, you know, just, you know, living a sedentary lifestyle and not being active. And so at that point in time, I decided I need to understand how my body works, and I need to understand how I can course correct this for my future and then for the rest of my life. And so, you know, for me, for fun, I actually like last night I was up ‘till like — this is late for me, by the way. It’s like 11:00 at night. I’m usually in bed by like 10:00, 10:30, now.

But I was researching new data studies that came out around, you know, various research, like there was a new data set that came out yesterday around how the keto diet can help with bipolar disorder. And they did a 780 different participants and showed the chemical balances essentially being course corrected with the keto diet in brain activity. So, you know, it’s like to me understanding my body and understanding how I can improve all the time has been something that I consider one of my big hobbies. And then from there, I’ve made it into successful businesses. I have a supplement line called Hacking Your Health that we have a pre-workout that’s all science driven help to optimize your body.

We have whey isolate protein. We’re coming out to vegan protein here within the next few weeks. And then I have a testosterone slash hormone replacement therapy company that focuses on longevity. So we get your blood work done. We look at your biomarkers.

We have doctors on staff that specialize in longevity. And then, you know, you could be perfectly fine and nothing is needed. Or we can course correct and help, you know, whether it’s, you know, blood pressure, things like that. We look at the core symptoms of why that’s there in the first place, low testosterone levels. We can supplement with that.

For me, I found out when I was 38 that I had the testosterone levels of a 75-year-old, and I had all the symptoms. I had brain fog. I was tired all the time. I couldn’t put on muscle mass, you know, all of those things. And as soon as I went on, testosterone replacement, like all of those symptoms went completely away.

I had the energy. I can go out with my kids again. I enjoyed lifting, so it’s a matter of for me, it’s my hobbies become like what I go all in on. And then I usually start businesses with them. Like I have basketball training facilities for, for kids because my kids were in basketball and I’m like, well, there’s no good basketball training facilities here.

And plus I can augment with technology. So we have these shooting guns that integrates to an app. You can check your data stats on areas that you’re weak at. From a shooting percentage perspective, you can get 500 balls up every 30 minutes. And then we have, you know, AAU tournaments at these facilities are massive facilities.

We have like I think eight now across the Midwest. And so we continuously are expanding on things like that too. So for me, it’s it’s I mean, maybe I’m a serial entrepreneur, but I just invest and do things that I love doing that are my hobbies. And then from there they just turn out to be businesses.

Jodi Daniels 33:18

Sometimes every time I talk to you, I learn something new. Yeah, I did not know about the basketball facilities.

David Kennedy 33:24

And we have a baseball training facility as well too.

Jodi Daniels 33:26

So that’s piquing Justin’s interest indeed. Well, David, we’re so glad that you came to share all that you did today, if people would like to connect with you and learn more. Where should they go?

David Kennedy 33:38

Absolutely. Well, I’m always on social media. I try to stick to X because it’s easier. Hacking Dave on X I’m usually on there and I always respond to folks. You know, I try to keep an eye on that.

I have a protocol where I only look at it three times a day. So I stay away from the addiction side of the house. But I do respond back to folks three times a day. And then you can always find me at Trustedsec Binary Defense, and then I’m on Facebook as well. So, you know, reach out any time and, you know, happy to answer any questions or talk to you in any way.

Jodi Daniels 34:06

Amazing. Well, David, again, thank you so very much. We really appreciate it. Yeah. Thank you.

David Kennedy 34:11

Too. Appreciate it. Glad your dog’s doing better by the way.

Jodi Daniels 34:13

Thank you.

Outro 34:18

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.