Michael F. D. Anaya is the Head of Cyber Risk at Expanse, one of the Forbes 25 fastest-growing venture-backed startups likely to reach a $1 billion valuation. Michael currently leads a large team of analysts who identify vulnerabilities in the vast online presence of large Fortune 500 companies and government agencies. Previously, he spent 14 years as an FBI Special Agent leading extensive investigations and overseeing countless arrests, search warrants, and dismantlements of cyber threat actor sets.
As a keynote speaker, Michael has spoken about cybersecurity topics over 500 times and is considered one of the FBI’s most talented presenters. He also serves on the Board of Advisors for the emerging cybersecurity startup, DEVCON.
Here’s a glimpse of what you’ll learn:
- Michael F. D. Anaya’s experience investigating cybercrime as a Special Agent for the FBI
- How Expanse helps organizations manage the vulnerabilities of their online presence
- The top three cybersecurity risks that companies face today
- Michael shares his insights into the future of cybersecurity
- How does information sharing work between the government and the private sector?
- The organizations that are most at risk for cybersecurity incidents
- Michael’s top privacy and security tips for both consumers and corporations
In this episode…
While having an online presence is an important part of running your business, it inevitably puts your company at risk for cyber attacks. Michael F. D. Anaya, the Head of Cyber Risk at Expanse, knows that as your organization grows, it becomes easier to lose track of your assets and more difficult to manage the vulnerabilities of your online presence.
According to Michael, organizations today face three main cybersecurity risks: business email compromise, ransomware, and data breaches. So, how do you ensure that your company is protected against these cyber threats?
Tune in to this episode of She Said Privacy, He Said Security as Jodi and Justin Daniels interview Michael F. D. Anaya, the Head of Cyber Risk at Expanse, about his experience investigating cybercrime as an FBI Special Agent. Michael also addresses the top three cybersecurity risks that companies face, explains how to keep your organization safe from vulnerabilities, and talks about his predictions for the future of cybersecurity.
Resources Mentioned in this episode
- Michael F. D. Anaya
- Michael F. D. Anaya on LinkedIn
- Michael F. D. Anaya on YouTube
- Michael F. D. Anaya on Twitter
- Jodi Daniels on LinkedIn
- Justin Daniels on LinkedIn
- Red Clover Advisors
- Red Clover Advisors on LinkedIn
- Red Clover Advisors on Facebook
- Red Clover Advisors’ email: email@example.com
Sponsor for this episode…
This episode is brought to you by Red Clover Advisors.
Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.
Founded by Jodi Daniels, Red Clover Advisors helps their clients comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional services, and financial services.
Their free guide, “How to Increase Customer Engagement in a Private World,” is available here.
Click For Full Transcript
Welcome to the, she said privacy. He said, security podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century. Hey everyone, I’m Jodi Daniels and I’m a certified information, privacy professional. I help provide practical privacy advice to overwhelmed companies. I’ve worked with companies like Deloitte, the Home Depot, Cox Enterprises, Bank of America, and so many more. And I’m joined today by my husband Justin Daniels. So Justin, who are you? Hi, I’m Jodi Daniels’ husband, Justin Daniels. I’m a cybersecurity subject matter expert and business attorney. I am the cyber quarterback, helping clients design and implement cyber plans as well as helping them manage and recover from the inevitable data breach. And additionally, I provide cyber business consulting services to companies. This episode is brought to you by Red Clover Advisors.
We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SaaS, e-commerce media agencies, professional and financial services. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers. To learn more visit RedCloverAdvisors.com.
I am so excited for our guest. I’m going to let Justin do the intro and then I have some additional fun info to add. Today, we have Michael, who is the head of cyber risk advance. One of the Forbes 25 fastest growing venture backed startups likely to reach a 1 billion evaluation. He leads a large team of analysts who identify vulnerabilities and large fortune 500 companies and government agencies’ vast online presence. He also has 14 years of FBI experience as a special agent leading extensive investigations and overseeing countless arrests, search warrants and dismantlements of cyber threat actor sets. He’s spoken on cyber security topics over 500 times around the world and was considered one of the FBI’s most talented presenters. He also serves on the board of advisors for an emerging cyber security startup Devcon. Welcome Michael. Hey everybody. Thanks for having me.
This is so much fun for two really interesting reasons. So the first is, I remember when we first met, it was when Justin held the cyber con, which was a big conference here in Atlanta. And I was so excited that I got to sit next to an FBI agent at lunch. I didn’t really care what the content was that day I left and thought it was so cool that I got to sit and meet you. And then when we announced our launch of the podcast recently, I was talking with my mom and she said, really have someone who used to be at the FBI coming on? So Michael, my mom might even listen to this.
Michael F. D. Anaya (03:21):
That’s awesome. Hi, Jodi’s mom.
She’s going to love you. So with that, I think, you know, we do get so much interest because it’s such a fascinating background. We just don’t meet people all the time who have that type of experience. So I’d love if we could kind of backpedal and help understand who is Michael and how you, you know, what was your career journey? What interests you about the FBI and kind of what you’re doing today at expanse.
Michael F. D. Anaya (03:52):
That’s awesome. Yeah. Uh, let me see, who am I? I’m a guy who puts videos on YouTube. I’ve just started doing that recently, a case, anyone listening to this, your mom should subscribe to my channel. If your mom doesn’t subscribe, we’re going to problems. But anyway, now I recently started doing that. Um, but okay, so back up a little bit, I started back in Dallas, Texas as a software developer. Um, it’s interesting. I have a video. That’s going to be launching guidance for people in school currently about professional guidance, especially those interest in cybersecurity. And so, anyway, so I was back in college, I decided, Oh, I’ll major in business computer systems, which is kind of akin to MIS so, uh, managing information systems. So I did that. I got a job as a software developer and the first two weeks into the job, I’m like, this sucks.
Michael F. D. Anaya (04:44):
Like, why did I do this? Uh, I should’ve thought about this a little better. Like literally my first two weeks I was in training. I remember the sitting in the training thinking, Oh, wait, I got to do this forever. Like what? In college, I took coding classes. But I only did it for like an hour a day, maybe. Right? Because you have all these classes. I never thought, Oh, this is what they want me to do indefinitely. So fast forward, I decided I’m going to something different and decided, well, why not join that FBI? That sounds like fun. So I joined the FBI and it’s not that easy. It’s really, really hard to get into. Um, I’ll give you like a little story here. Uh, this is, I think, applies to the FBI or anything else about being, one being lucky, but then also being persistent.
Michael F. D. Anaya (05:34):
So I applied for the FBI process, which takes a long time, took me two years to get into the FBI. There’s multiple levels of interview, background check polygraph, just a lot of things you have to endure. Okay. So it was like probably the hardest job you would ever get. If you get it, this is the FBI agent role. So it it’s that in itself is a feat. So I applied there was phase, one I passed. And the big wait was between phase one and phase two phase two consists of an interview, a panel interview, and an absence to task or a written assignment is you have to test is phase one. So I’m waiting like years. And I kept, I called them once in a while, and this was in Dallas, Texas. I called the office like, Hey, how’s it going? Uh, what’s the status? Right.
Michael F. D. Anaya (06:18):
And I was super excited after I called and I had hung up and I just wait for a days, no one called me back. I forget about it. Right. Go back to coding. So I just kept doing this well about a year. I would call a call back and the lady remembered me. She was an applicant coordinator. And she’s like, Oh, you know what? Your name sounds familiar. And I’m like, Oh. And she was like, wait a minute. Did I talk to you six months ago? And I’m like, yes, you can tell it. She’s like, okay. Um, do me a favor, call me back next week and so I’m like, okay. Call her back next week. And then she goes, okay, you should be getting a call from us about scheduling phase two. And I’m like, Oh, um, cool.
Michael F. D. Anaya (07:09):
Well, what did, how did what happened? She’s like, Oh, I just put your application at the top of the pile. So when the recruiter reviews it, she saw it right away. And she decided that you’d be a good fit for phase two. And I’m like, thank you. I really appreciate that. So then it was all downhill. Right? Then I passed phase two. I passed all the other tasks that came after it. And so it was at Quantico through training and this applicant coordinator was there and I was able to thank her in person and be like, thank you for giving me this opportunity. And you know, this is just a Testament of being persistent the same time being lucky, like the fact that she remembers me and I’m her talking to her and I could do other people do what I did. And she’s like, no, honestly, most people don’t, they apply and they just that’s it.
Michael F. D. Anaya (07:56):
So the fact that you kept being persistent and would call us every so often caused her to remember me. Anyway, so I joined the FBI. I did that for about 14 years. I was in Los Angeles, California. My first office, I basically investigated, all types of cyber crime, mostly data breaches. That’s where my specialization was. Then I did, I went to headquarters where I focused on leadership development. I did that for about two years for the FBI. We’re finding the process, helping them figure out how to basically create better leaders in the organization. And that really kind of spoke to me. And I thought, you know what? I want to now be more of a leader in the organization. So I did that, um, became a supervisor of a relatively large squad. A squad is like a team and Atlanta, Georgia, which brought me here to Atlanta where I’m at today.
Michael F. D. Anaya (08:48):
And I led a team of about 15 people. So mostly agents. Then we had some analysts and scientists and collectively what we would do is address various threat sets, whether they’re nation, state, or a criminal, but we would investigate them. I did a lot of forward-leaning initiatives where I was bringing a lot of innovative solutions to the FBI, um, cross programmatic things that they’d haven’t done before. And I was really pushing the envelope. So did that. And then I decided, well in the Bureau, it’s interesting because at this point, there’s you either transcend up in the organization or what was, that was 10 years from retirement, or I can transition out to do something else. And there’s a startup at Devcon was working with as a way to sort of collaborate. And I was chatting with the CEO, Maggie Lilly, and I’m like, Hey, are you guys hiring?
Michael F. D. Anaya (09:39):
And she was like, actually we are, they just were about secure series a funding. And so they don’t want a job. She was like, why not? So I got a job at Devcon. So I did that basically headed up investigations for them. Um, and it was just a, it was a phenomenal opportunity, candidly, the pivot from the Bureau into back to the private sector. So I took it, I ran with it. I did that for about a year, a little over a year. Uh, I decided to also pivot again to another startup, which basically led me to expanse. And so I decided to pursue this or expanse. What I’m currently doing is I had there a cyber risk function. So I have a team of about 22 people who report to me and we are addressing the, where we focus on or specialization is attack surface management.
Michael F. D. Anaya (10:29):
So what does that mean? In summary? What it basically means is there’s a bunch of assets and major organizations, the US government has floating out there. And so what we do is we catalog them, itemize them, and we synthesize all that data into a digestible format. So companies now can see where all their assets are. They can essentially say asset inventory, and now they understand all of them. And then we expand as allow another level of analysis to identify potential exposures or vulnerabilities that may exist. So hence a tax service management. And that’s what we do. This is all focused on the surface web, uh, nothing in the deep web, just surface web analysis. So we do that. And my team is part of that analysis element that does that in-depth review and, uh, manage that function. And so we’re growing right now, we’re building and I say all this now, but, uh, it was just announced this morning, that expanse is being acquired by Palo Alto. So, which is exciting. So yeah, we’re, everyone’s looking forward to it. And so it’s interesting to see how things change, but from what I can and what I’m told that everything for my team’s function is going to stay the same. It’s just gonna be enhanced with Palo Altos in depth knowledge in cybersecurity. So we’re looking forward. That’s great. So, Hey Jodi, yes or no. Are you a shareholder of Palo Alto networks?
Michael F. D. Anaya (11:50):
Yes! Good answer.
Thanks Michael, for all the great work that you do,
Michael F. D. Anaya (11:59):
Your shares went up by 1%, by the way.
Fabulous. Thank you so much. I’ll go buy a coffee.
Michael F. D. Anaya (12:07):
Don’t retire just yet! But so Michael, when you talk about expands, is it fair to say, like if I get a phone call from a CEO of an e-commerce company saying, you know what, I’m kind of concerned about, uh, vulnerabilities that I might have because we’re a public facing system and probably the critical function in the e-commerce business. How does, how does expanse come in to play a role to help manage the vulnerability of say an e-commerce website?
New Speaker (12:38):
So it wouldn’t necessarily just be one website, right? Um, it would, most, most of our customers are very, very large. So like think Apple or think, um, like they’re not a customer, uh, but like best buy. So any massive organization with huge assets that are sitting out there across the globe, that is who the customer of expanses, the reason being it’s because they lose track of all their assets.
Michael F. D. Anaya (13:05):
So like right now, Palo Alto is acquired expanse. So if you think about what that means, logistically when it comes to our asset profile, they’re now acquiring a bunch of assets that belong to expanse, expanse has stuff everywhere. And so they have to figure out where they all are located. And then if you think about Palo Alto, they then Apollo was a customer of expanse, but they have various functions in Palo Alto. They have marketing teams and the marketing teams might be pretty aggressive. Now want to start a marketing campaign, they’ll start like a domain. And now that’s a new asset that’s associated Palo Alto. Well, many times they lose track of them because they might spin up a domain, but no one tells IT because they forget they didn’t fill out that form or whatever reason that like I was supposed to tell IT. So they don’t know about it, where expanse comes in, as we identify all of that without being told.
Michael F. D. Anaya (13:53):
And we surface that up to innocence like Palo Alto and let them know, Hey, here’s now your new profile as it exists today. So now Paul also can come in and say with intelligence, now I know where everything’s located and they can begin to defend it. So you shadow the shadow IT exactly, exactly. That’s what we do. Go ahead. It’s great. It’s great. I love it. It’s a phenomenal environment expanse. That is a, I don’t know about pollo alto, to be determined, but expanse is phenomenal. I love the team. I have super smart. I’ve never worked a group of smarter people. Candidly don’t tell me that guy, friends, uh,
All those podcast listeners,
Michael F. D. Anaya (14:36):
Mom do not disseminate this Jodie’s mom. My mom probably would not business podcasts. You will not know how to make it work, but no, uh, uh, great people at expanse who were smart, um, very extremely capable of collectively across the board, my team, especially just really brilliant individuals. And so I’m lucky to work with them.
What are some of the big challenges that you see? So think about the different customers that you’re working with. People don’t, you know, you share an a example, is that sort of a predominant example, are there others where you kind of see the same challenges that companies keep facing?
Michael F. D. Anaya (15:12):
Huh? So they all face different challenges, but the majority of what we’re seeing, it’s just keeping track of that asset inventory. I mean, it’s a categorical problem. I, I recently read horizons report, um, surprise and puts out a report for listeners who may not be aware of this Jody’s mom. And essentially what the support shows is data breach report. And they highlight all these various data breaches and so buried in this was something that was quite interesting. I think this is a systemic problem, and this is a promise span solves in the report. It talks about that. There’s a number of major. They talk about a number of things. One, the focus is breaches. So the bathrooms where breaches occurred or a result of a hack, somebody coming in without authorization, most of these inverters are financially motivated and facilitate these compromises. And they’re targeting servers.
Michael F. D. Anaya (15:59):
These are assets out there. So you think about that. Hackers want money. They go after servers. This is the main profile. The report went on to say that when it did a little bit deeper Verizon, that is they realized that many of these organizations had multiple networks, which makes sense. You have their main core networking of sub sub subsidiaries or business units. And these are all sub networks. And they identified some servers that listed outside on the edge of that network. And it found that when they did an analysis of the vulnerabilities, that the vulnerabilities that exist today, if the machine had it, they also had vulnerabilities that exist that were already patched already. There were still present. So that old annual vulnerabilities, the report concludes they opined that wait, maybe what happened is that organization completely forgot that they even had that asset. And that’s essentially what the big problem is.
Michael F. D. Anaya (16:55):
So the report went on to say that this is an asset management problem. And so I found it very interesting because it explicitly States, this is what expanse is trying to do, trying to basically help organizations, track everything and address that problem that Verizon was talking about in the report. It’s funny that you mentioned that Michael, because when I was doing a webinar yesterday, one of my topics was cyber risk in an M and a deal. And one of the first questions you ask when you’re doing due diligence, which Palo Alto may ask is say, Hey, expanse, can you show us a schematic of your network and where all the assets are on your network and how data flows through it. And to your point, you know, further furthering what the Verizon data breach report says. Most companies don’t have anything close to an updated asset list because a lot of times people intruders get the network because they find an open port relating to an asset that the company doesn’t remember is open.
Michael F. D. Anaya (17:55):
Because think about as you become a bigger company, somebody has to manage that. And if you don’t have enough resources, which we’re going to talk about, well, it gets left open. And to your point that the hackers are like water. They matriculate to where the weakness isn’t, they get on it and just like watered. It exactly. There’s a situation that was privy to, uh, where, when I was with the FBI where a medical institution had a situation where a group of physicians decided to bring up their own server, which sounds like a great idea. Let’s have doctors manage a server, this horrible idea, by the way, Jodi’s moms don’t do this. So these medical professionals decided to spin up a database and they had it. That’s sitting out there completely unprotected with patient data. Uh, so sure enough, what happens data breach, they take all the data and then upon further review, the, IT associate with this medical institution had no idea this existed because they were like, we had completely outside what they were aware of, but this is the problem. And so, I mean, Justin, to kind of highlight your point, this happens a lot, and it’s not isolated to one industry, countless of industries to pay basis because you have people who, and this situation the doctors were saying, well, we’re frustrated that it wasn’t giving us what we need. So we decided to solve the problem on our own. I mean, I think we can, all, we all know people who have companies to do this and, uh, we ourselves find me guilty of that. Anyway, it’s hard to prevent all of that.
It is. So that’s obviously, you know, asset management is, and, and attacking servers are, are obviously an important issue and an a top issue. What are some of the other challenges that you’re seeing today? And what might you say is what concerns you the most about the future of cybersecurity?
Michael F. D. Anaya (19:47):
That’s a great question. Uh, so current challenges always had the big three, um, because these are the big three and they’re not really sexy per se. One, I guess, kind of sexy. Uh, but those were, they’re kind of boring. Um, the basically focused in three areas. So you’re looking at one, the biggest, most pervasive thing that companies deal with today is what’s called business, email compromise. Essentially.
It’s talked about so much here that our kids know about it too. That’s awesome because I have friends at the secret service and that’s what they call it. Yes, yes, yes. So my kids would say, it’s very boring, but please continue business email compromise
Michael F. D. Anaya (20:25):
There, it gets alive. Let’s mute this. Now go back to playing games. We were interested for a little bit, but now we’re bored. Uh, anyway, uh, basically in summary, what is social engineering? It’s tricking someone to do something that they’re not supposed to. So that’s the biggest, most pervasive element. The reason why it’s so big, it’s so easy for criminals to do. Uh, and it’s hard for law enforcement to stop. So it’s highly, highly lucrative. The other one after that is ransomware. And most people are aware of this ransomware, essentially what that is, is getting you to click on something you’re not supposed to with potentially injection machine with a malicious software, that encrypts key items of interest for you, such as databases or spreadsheets or something you find value in. And now you’re faced with the message that says, Hey, everything’s encrypted. If you want to decrypt this, you pass money and that’s ransomware, and this is highly popular news.
Michael F. D. Anaya (21:17):
I don’t see this going away anytime soon because it’s so lucrative. So that’s a problem. And then the final one is data breaches. Uh, someone comes into your network without authorization, takes something about you and then expos that and sells it or does something and fares with that. So those are the big three. Those will be with this, I think for the future like forever. Um, what I concerned by that to me is a problem. When we look at kind of where cybersecurity is going in the future, it really comes back to, there’s a few things. One, I feel like many organizations, aren’t sharing data with one another and they’re not sharing with law enforcement. So there’s potentially a vacuum that’s going to exist. Whereby you allow, if you think about that environment, things, bad things are happening. No one’s reporting it to each other or law enforcement.
Michael F. D. Anaya (22:10):
Well, it tends to happen more bad things. If you think about it as a burglary in your neighborhood, no one says anything, not even to each other, that burglar steal something, it’s like, wow, no one stopped me. I’ll just do this again. And again and again, and yet those are hackers, right? So couple that with the current landscape, which is you look at right now, a global economy, there’s this huge issue we’re doing, it’s called Cove. And I’m guys heard about it as a thank you. Is it talking about like a pandemic, whatever that is. But so this is going on right now, what’s causing the global calming to be depressed. If you think about this, this is a ripe ground breeding ground for threat actors, because these individuals now looking for other employment. And so those were the low moral compass will be like, well, why don’t I turn the hacky?
Michael F. D. Anaya (22:56):
So the influx of hackers will increase. At the same time. You have organizations that are driving down costs because they have to stay in business. So they’re cutting back somewhere in many times, securities where they cut back. So you’re looking at a situation where you have people who aren’t sharing. You have a situation where now security is being minimized and your situation where there’s an increased number of attackers. It’s a perfect storm. And so to me, this is what concerns me most is that you’re going to have this breeding ground for more and more threat activity and become more pervasive. See companies are like our kids. They’re not sharing and not sharing, but Michael, I wanted to ask you a follow-up question. And it’s one that I encounter regularly when I talk two, um, companies and they have no pre-existing with law enforcement, because they’re concerned that if they come and ask for help from Michael, from his former FBI days or other FBI or secret service agent, it means they’re getting an immediate call from their regulator, which drains the blood from their face to even think about that.
Michael F. D. Anaya (24:02):
And I just see a real lack of sharing of information between law enforcement and the private sector. And most of the time, the private sector is concerned that the government wants information from the private sector. But won’t share what they’re seeing from a government perspective, and would love to get your take, because now you’ve worked in both government and the private sector and have that experience. How do you think that shifts? That’s a great question. So a few things I think I should probably educate listeners on about, uh, when it comes to the government. I think sometimes we oversimplify things like we’ll call it the government or the fed, right? There’s a common phrases that people utilize. The government is highly, highly compartmentalized, good or bad, right or wrong. Think of the way I described this thing by mall analogy. So the government’s akin to a mall.
Michael F. D. Anaya (24:54):
If you go to a mall, there’s a bunch of various stores under the same umbrella, which is the mall. That’s a kin to what you have in the U S government. You have a bunch of elements, such as regulatory, law, enforcement, intelligence, etc. Healthcare was a bunch of stuff. It all exists under this umbrella, but like a mall everything’s highly delineated. So if you go to a mall and we’ll say you go to smoothie King, and you’re like, I would like a mango smoothie and they give you a strawberry smoothie note until you’re in Tesla or you’re at, I dunn Lulu lemon. There you go.
Michael F. D. Anaya (25:27):
You’re buying your overprice, whatever they buy there, that’s the best property for right. Okay. You take a swig of your, what you thought was mango smoothie and it’s actually strawberry. Like what the heck, and now you’re frustrated you imagine giving that smoothie, to your Lulu lemon person. Yeah. I didn’t order this. I ordered, I ordered mango. She’d be like, I’m sorry. Sorry. Sorry to hear that. Uh, would you like some athleisure wear ? Okay. You can tell I’m a prime candidate for athleisure wear.
Michael F. D. Anaya (26:14):
Trust me, Michael. I have an entire investment strategy over my wife’s habits. Peloton, Lulu lemon. I can go on by the way. So ultimately it would happen like you would not have him do this. That’s the same with U S government. So the U S government, if you bring some in the FBI, the FBI does not seamlessly share and disseminate information to records for body. They purposely don’t for a number of reasons. They want to build trust. There’s also another component and Justin kind talked about his idea of sharing. Many times law enforcement or intelligence agents can’t share because legally they’re not authorized to do so because it might interfere with the investigation or put an investigation at risk. So I could get where companies are frustrated. They’re like, well, Hey, I’m giving you information. I’m to know what you know back, right? However, I will say this.
Michael F. D. Anaya (27:02):
If you develop a relationship now, not just a one time, call your FBI secret service agent and say, Hey, how’s it going? Not that you actually develop a relationship with them where you’re, you’re talking with them, you’re sharing information. They will share information back with you. Um, there’s a reciprocity element that kicks in that will be in play. But again, they won’t be able to openly share information. Then maybe we want to, because there’s so many different opponents behind the scenes. But anyways, I’ve talked about a lot of different things. So just think about the U S government, like you would a mall and that information you share with the FBI or secret service or department of energy is not seamless. You share with one another, because it’s highly compartmentalized from here on out to me, the FBI is smoothie King and every other department is lululemon.
There you go. Very, very well said. So if we think about all these different threats and we think about business, email compromise, when you think about data breaches, and we think about ransomware and we have growing threats, and we now have the, not as many people in companies, what is the overall impact? How does, what does that leave for cybersecurity professionals? Who, who are still in their companies trying feverously to protect their companies from these top three, as well as a myriad of other issues,
Michael F. D. Anaya (28:34):
A lot of work, right? So a lot of work and the day, a lot of work, lot of headaches, a lot of frustration and consternation. Um, that’s really what it comes down to. I do think there will be an, I think you guys can speak more about this. There’s a regulatory component that comes into play when things aren’t being protected. And, you know, for the end user, the people who are purchasing or utilizing the system, or, you know, giving their credit card information to a vendor or whatever those individuals are gonna be impacted because when the breach happens and data’s taken it’s those individuals that can be targeted. That’s the big issue for many corporations. You’d like, why don’t do any of that stuff, uh, with their focus or their threat potentially could be as loss of intellectual property. Um, you have a lot of nation state actors that are out there specifically targeting things that they find value in.
Michael F. D. Anaya (29:24):
Um, there’s no way for China specifically to grow at the rate they’re growing in without stealing ideas and intellectual property from other organizations or entities that are leading that space. And that’s something they’ve been doing prolifically for a long period of time, and it will continue that. So if you’re like, well, I’m not selling anything. And I don’t have a lot of customer information. If you have intellectual property and there’s something, there is something of value someone wants, that’s a concern. So it sounds to me like Mike Michael, if I’m the CSO for Pfizer, I’m on my game. Big time right now. Okay. Prime example, lovey mentioned that a lot of companies, or even right now, Palo Alto or expands anyone with announced anything big should be on the lookout. It’s a candidate, especially when startups, whenever startups announced funding rounds, we just got, you know, $800 million of funding.
Michael F. D. Anaya (30:14):
Any of those announcements, it’s akin to you walking down the street in an April, just yelling. I got $10,000 in my wallet, a thousand dollars in my wallet, please do this. And I’m like, nothing could happen. Like if you, Justin walked down the street, did it, maybe nothing happens. Now. Someone’s like has got $10,000 in his pocket, huh? Companies are putting themselves in alignment when they do these announcements. Now they’re not going to stop, but it’s important that they aware of it so they can prefer, they do major announcements. Make sure your it, your cyber security round is aware and they’re protecting against it. Or just to be fair. I think the person who has stays up the latest would have been the CSO for majors, the accounting firm, who does the tax returns for the president pasture. Right. You know that thing’s on an air gap computer and some hermetically sealed room. But anyway, I think we’re going to, we have our two last questions that we ask all of our guests and we’re Jodi, you want to take it? We’ve talked about so many golden nuggets here. If you had to think about privacy and security, Tip, it can be personal. What would you offer that for our listeners? So everyone listening here, what one single item would you recommend that they do? What should Iris, Jodi’s mom do?
Michael F. D. Anaya (31:41):
Oh, this is tough because I have a lot of advice for different people. Um, so if it’s a personal, like a personal level, you can have a personal and a professional only for you. Okay. Thank you. Appreciate it. I don’t get that treatment. A personal one. I think for an end consumer is just create awareness. Be aware of what you’re doing. My advice for you is before you download an application, take a moment, determine, Hey, where’s this at made and what is this doing? Right? Those are the things. And it’s just an everything in life. And it’s, it’s the unfortunate reality of careful and not to be victimized. A lot of threat actors will create applications that are put on your phone that you think are benign, but are not. So that’s one thing I would focus on if your end user, if you’re a corporation and you’re listening different, a lot more advice for corporations, candidly.
Michael F. D. Anaya (32:32):
Um, this one is one piece of advice. Hire strong leaders that empower your teams, especially when it comes to cyber security. I’ll talk about this a lot and watch any, maybe does a YouTube. I preach about this. I will talk about this all day long. The biggest reason here is because if you think about cyber safety professionals, these are smart, highly educated individuals. When you micromanage them, you minimize, if not nullify their ability to innovate, to do great work, to protect your networks, you need to have a leader in play who can motivate them to empower them, unlock their capabilities. This is one of the most critical things. I feel that when I look at data breaches that have happened, I’ve always wondered the leadership. Like, look, if you’re gonna bring a leader and you could find someone with a bunch of starts, that’s fine. But I would encourage you to bring someone who can motivate, build a team and scale it, manage that team because if a data breach happens, I much rather have somebody who has a fully empowered team dealing with it than someone who’s got a micromanage and I’ll try to motivate. And that situation just pure disaster, but that’s what I recommend corporations to do power their people, but you’ve got to bring the right leadership.
Very good advice. So our
Michael F. D. Anaya (33:39):
Last question completely unrelated to cybersecurity is what hobby or what do you enjoy doing outside of your day job? Uh, well, let’s see. I have two kids that drive me crazy. Uh, so I’m a parent of two. I have a four year old and a six year old. They’re adorable, but they drive me nuts. So that’s not one, but I, as I
It’s a hobby, it’s a hobby.
Michael F. D. Anaya (34:07):
Uh, but for that I enjoy, um, I actually decided I do enjoy being a dad, it is pretty awesome. Right. I love it. And it actually, right now, it’s kind of nice. Uh, COBIT is clearly an issue. It’s a pandemic. Um, but it is nice for me personally, I’m able to spend more time with my kids. And there’s throughout this podcast, you might’ve heard one of the backgrounds yelping in at random periods of time. Uh, so I like to just go over there and give him a hug and just like chat with them and spend time with them. So that’s nice. Uh, but I also do videos. I do a bunch of videos. I mentioned earlier. I like doing that. I like creating content. Um, I love presenting. So prior to COVID hitting, I was slated to do a lot of presentations. I love being on stage. It’s fun for me. I have any of you have watched, which probably many of you haven’t, uh, Jodi’s mom I know is not seen me present. Uh, I like doing it’s fun for me. So anyway, those are some of the things that I enjoy doing.
So how can people keep up with you? Where can we watch your content and, and watch you present virtually for now?
Michael F. D. Anaya (35:03):
I know. Yeah. That’s why I searched the videos because, you know, I was one of the things where I’m like, well, if I can’t go on stage, I guess I can do videos. My videos are pretty good. I dunno. I’ll let you guys be the judge YouTube. So you basically just type in my name. I uplifted and YouTube or Jodie, I can send you a link to my page. And then also, um, I have a personal website and that’s MFDaNay.com it’s dot com.com final answer, show, note it. Um, but that, it also has a bunch of information about me. And then if you’re interested in basically talking to me about to you, you or your organization, there’s an inquiry form there. Um, but yeah, those how you get ahold of me or Twitter, I guess Twitter, I hate it. You find on Twitter, you’re like, that’s horrible. Cause I’m not good at Twitter or LinkedIn. LinkedIn is probably where my social media choices. That’s my put my pick my poison. That would be it. And I would encourage all your listeners, especially young ones who, it’s funny. I was chatting with the end of this real quick note. I was chatting with a young professional and asked them like, Oh, you have a LinkedIn profile. She goes, yeah, but I don’t really update it. I’m like, Oh, why not? I already have a job.
Michael F. D. Anaya (36:11):
Okay. But what’s one way to look at it. But that’s the wrong way to look at it. LinkedIn is phenomenal for just creating business relationships or relationships with people in general. So I really encourage people to sort of revisit LinkedIn, even though it’s boring or you already have a job anyway, that was it. No, that’s amazing advice. I mean, we’ve met people all around the world. I’ve made some amazing new friends all from LinkedIn and it’s, it’s really part of your personal brand. I learn a tremendous amount on LinkedIn. So I, I love LinkedIn and I I’ve been on it for, for a very long time. Michael, this was so much fun. We are so grateful that you shared your time with us this morning. So many amazing pieces of top three risks at the moment, uh, the funding rounds. I’m never going to think any other way.
Michael F. D. Anaya (36:59):
Now, when someone announces their funding round, it’s going to be like someone running down the street with a big sign of how much money they have in their wallet. Cause clearly you haven’t listened to what I do. M and a. And I said, what is the two thing a hacker does when he gets up in the morning patches and the announcements of MNA in the news, you know, you always have to listen to a third person to, to pay attention. When I ask you to do things, you don’t listen to me. It comes from me. It’s discounted immediately. Well, it’s been great to have you. And, um, obviously we look forward to keeping in touch as we always do. And thank you for listening to Jodi’s mom. Make sure you subscribe to my YouTube.
There you go. Thanks for listening to the, she said privacy. He said security podcast. If you haven’t already be sure to click, subscribe, to get future episodes and check us out on LinkedIn. See you next time.