Patrick Bass Show

The Patrick Bass Show - your gateway to uncovering the extraordinary. Join us live every weekday from 5 PM to 6 PM as we explore the mysteries that shape our world. Each episode features top guests from diverse backgrounds, engaging in thought-provoking discussions that challenge the status quo and push the boundaries of conventional thinking.

Whether we’re exploring the paranormal, questioning the frontiers of science, or probing the depths of human consciousness, every episode offers a captivating journey into the unknown. With an active toll-free line at 855-605-8255, you’re invited to participate, share your stories, theories, and experiences, and become part of the conversation.

Hosted by Patrick Bass—a veteran of talk radio and podcasting, and former host of the top 5% podcast Insight Radio—this show combines edgy, unapologetic insight with dynamic listener interaction. Patrick’s extensive expertise, backed by advanced degrees in computer science, business, strategy, and religious studies, brings a unique perspective that enriches every discussion.

Available on podcast networks everywhere, The Patrick Bass Show is more than just a podcast; it's a community for those who seek to explore the deeper truths of our world. Visit pwbass.com for more information and don’t miss out on the conversation—join us and become part of a movement that refuses to accept the ordinary.

All Episodes

Patrick Bass Show

Hackers to Heroes: Dr. Frankie’s Cybersecurity Odyssey and Military Triumphs on The Patrick Bass Show

August 26, 2024 • Vanguard Radio Network

Send us a text

What if you could turn a childhood hobby into a 23-year career protecting the digital frontier? Join us as we sit down with Frankie, better known as Dr. Frankie or Hacker Frankie, who takes us on an extraordinary journey from his early days tinkering with Windows 3.1 to becoming an Air Force cyber operations officer. Hear about his accidental start in cybersecurity—beginning with troubleshooting his father’s old IBM laptop—and how this led to a profession defending against the most sophisticated digital threats.

We dive into Frankie's fascinating transition from an underground hacker to an ethical hacker and Air Force officer. Discover how hacking payphones, scripting AOL bots, and reverse engineering games paved his way into a prestigious Airman’s commissioning program. Frankie shares the challenges and triumphs of moving from enlisted ranks to becoming an officer, offering a unique perspective on the intersection of cybersecurity and military service. His stories from the early days of the Internet, including phone freaking and collaborating on piracy scenes, provide a nostalgic yet insightful look into the underground world of hacking.

In the latter part of our episode, we explore the complexities and real-life stakes of cybersecurity careers. Frankie recounts gripping tales of dealing with logic bombs and ransomware attacks as an IT manager for a Department of Defense contractor. He also offers practical advice for those interested in entering the cybersecurity field, emphasizing the importance of certifications and hands-on experience. Whether you're a seasoned professional or a curious novice, Frankie's insights into the evolving landscape of cybersecurity will leave you both grounded and inspired. Don't miss this enlightening conversation that highlights the importance of staying alert and optimistic in the face of ever-evolving digital threats.

Support the show

Connect with the Patrick Bass Show:

🌐 Website: pwbass.com
📧 Email: info@pwbass.com
📸 Instagram: @therealpatrickbass
🎵 TikTok: @patrickbasstiktok
📺 YouTube: Real Patrick Bass
🎮 Twitch: Vanguard Radio
🐦 X: @realpatrickbass
📚 Amazon Author Page: Patrick Bass
🔗 LinkedIn: Patrick Bass
🎙️ Podcast: The Patrick Bass Show

Support the show and get a shoutout: Become a supporter

Interested in being a guest or recommending someone for the show? Visit pwbass.com/contact to reach out!

Speaker 1: 0:27

Okay, cue everybody. We're going live in 5, 4, 3, 2, 1. And now live from Fort Smith, arkansas. This is a Planet Wide Broadcast courtesy of the World Wide Web and affiliate radio stations across the globe. It's the Patrick Bass Show, with your host, Patrick Bass. Welcome back to the Patrick Bass show on the Vanguard Radio Network. This is Patrick Bass. We're so delighted that you joined us this afternoon for our magic carpet ride into the unknown. You know I've said before many times that our program has the very best guests of any podcast or radio network in the market. Today. This next guest is going to set that bar even higher than it's ever been before. His name is Frankie. We'll call him Dr Frankie or Hacker Frankie, but he's a cybersecurity professional who's just got an amazing story that I can't wait for you to hear. So stay tuned and check it out right here on the Patrick Bass Show, pwbasscom. Stay tuned, we'll be right back.

Speaker 3: 1:34

Don't forget to hit our website at wwwpwbasscom. More of the Patrick Bass Show coming up.

Speaker 4: 1:44

You took the first step and quit smoking, but even former smokers may still be at risk for lung cancer. That's why SavedByTheScanorg wants you to know about a new low-dose CT scan that can detect lung cancer early. It takes only 60 seconds and could save your life. You took the first step. Now take the next. Visit SavedByTheScanorg for a simple quiz to see if you're eligible, and talk to your doctor about screening. Savedbythescanorg is brought to you by the American Lung Association's Lung Force.

Speaker 3: 2:14

Initiative and the Ad Council Having the conversations everyone else in the media are scared to have. Welcome back to the Patrick Bass Show.

Speaker 1: 2:39

I'm so excited to bring out our next guest. Let's call him Frankie the Hacker, or just simply Dr Frankie, or even more simply Frankie, as he prefers to be called. He's going to dive as deep into the world of cybersecurity. He's an Air Force veteran cybersecurity expert. He's a man with, frankly, 23 years of experience defending us our nation, you and me against digital threats. He started out, believe it or not, as a hacker hobbyist, and that's taken him all the way to the top of his career field.

Speaker 2: 3:15

Welcome to the show, Frankie. How's it going, man? How are you doing? Hey, Patrick, it's going great today.

Speaker 1: 3:18

Thanks so much for having me on the show and I appreciate the warm invitation to end the intro. Well, you know that I'm in cybersecurity. We know each other professionally in another life and I wanted to bring you on here because you have such a really a compelling story. That is so cool to me. You started out, probably like a lot of us, as a nerdy little kid in the basement hacking computers. Tell us what your journey is like iPhones didn't exist.

Speaker 2: 3:50

The fun days of what it looked like for original hacking used to be like how do I get Duke Nukem and a Wolfenstein 3D to run on my small, tandy computer? I say small with the fun joy that it's also the size of two giant legs put together. That was pretty much how this all started Trying to figure out what Windows 3.1 ran like and then editing bootini files because I thought it was a fun practical joke to play on people just to be able to say, hey, let's, uh, let's, adjust some system files and see if you're able to boot up your computer tomorrow. So, yeah, right, fun stuff like that. Um, but my journey, uh, it funnily enough started a little bit different than than most and also being in that windowless room trying to figure out what it's like to avoid the sun. Uh, I wasn't one of those kids like to go outside and play sports, so one of the one of the uniquenesses was um, my, uh, my pops, back in the day, bought a, an older ibm uh, laptop with one of those like motorballs in terms of being able to control with the mouse right and kind of work that stuff out.

Speaker 2: 4:53

And with that, uh, with that windows 95 computer set up. He had thought that this is, this is the grand new technology. There should be no problems with windows 95 at all running on a computer and being able to connect to America online. It's when I went. Whenever he wants to use those free minutes that we used to get by mail, um, so when he wants to use those free minutes that we used to get by mail. So when he started to get blue screens for no reason, for whatever he was visiting, he just assumed oh man, this must be my son doing some stuff on my computer, right, it's not me, can't, can't be anything that I'm doing. So, inadvertently, my dad got me into repair services and trying to figure out what what it's going to take to fix those blue screens. So I ended up becoming like the neighborhood tech kid who would go around people's houses and fix their old windows 98 computers and stuff like that.

Speaker 1: 5:40

So now let me ask you at this time, in in in technology and in your house, was your vcr flashing 12?

Speaker 2: 5:48

yes, it always did, because forget about trying to set that thing, man. It was possessed by the devil. Exactly, it's probably one of the worst things ever. As a matter of fact, we started to grow anti-technology after a while of experiencing so many Windows problems that we ended up just buying a web TV. Do you remember those Like the MSN TVs that used to exist from back in the day?

Speaker 1: 6:09

I had forgotten about them, but I do remember those. That's such a mind trip, yeah.

Speaker 2: 6:13

Yeah, it was. It was something that was extremely unique to where people didn't want to trust computers anymore because they kept breaking. So Microsoft, uh, back then, when they still had like MSN dial-up service, used to release this little set-top box that you put on your TV and hook it up with, uh, with RCA jacks, to be able to connect to the internet and explore things and then use email. So it was like a huge, a huge finding thing, and you did this all with a wireless infrared keyboard. So, uh, initially a lot of my hacking career was figuring out how to get that stuff to give me like free service opportunities ethically, of course.

Speaker 1: 6:50

Oh, absolutely. Yeah, we use our powers, only forget that that was high speed man. Hey, what is the oldest piece of like vintage electronics gear that you have that still works?

Speaker 2: 7:01

uh, in terms of the latest, earliest stuff, uh, that works. Let's see probably my windows 98 second edition, sony bio tower uh, that came with the latest and greatest stuff right before Windows Millennium came out. But I will tell you this what makes it so special is that it came with an instruction manual for Netscape Navigator.

Speaker 1: 7:23

Oh, I remember that. Yeah, yeah, that was the big war between Internet Explorer and Netscape Navigator. I guess we know who won.

Speaker 4: 7:32

I guess.

Speaker 2: 7:33

so that's a pretty solid talk, man. It's been something, and I heard the latest news about Google getting the antitrust stuff hit against them right for Chrome.

Speaker 1: 7:43

Well, do you remember Now, this was all conjecture and you know it was probably about as true as anything else on the Internet, but remember when everybody was claiming Google was started and run by the CIA?

Speaker 2: 7:57

Yeah, oh my gosh, you would think. You would think that that they were in bed with Apple when they released the iPhone.

Speaker 1: 8:07

So yeah, man, hey, did you see that? What is it Telegram? Their CEO just got arrested today.

Speaker 2: 8:12

Hey, did you see that? What is it? Telegram? Their CEO just got arrested today. Yeah, yeah, yeah, that's been. That's been on the US government's mind for quite a while, according to public records, right, right, I don't know, but, but yeah, considering what Telegram was responsible for and their very questionable encryption process for what it looks like when you're not running into end was interesting. Encryption process for what it looks like when you're not running into end was interesting. Not to say that everything was like that, but you know just the ones where people were actually trying to utilize them as a group, right when that was starting to expose things. That's why I've been a signal guy for a while. Don't let the DEF CON T-shirt fool you. I'm all about it.

Speaker 1: 8:46

So do you? Do you giggle when you hear these marketing phrases, like it has military strength encryption?

Speaker 2: 8:54

That's. That's my favorite man. As far as I'm concerned, I don't buy it unless it has military grade encryption that they tried dropping it from like a chopper A thousand feet in the you know a thousand miles, I should say in the air and then dropping stuff to see. But no, that plus military grade strength, anything they they definitely make me giggle.

Speaker 1: 10:09

Yeah, yeah, well, let's let's dive back in your story, because I don't want to get away from that. How did you go from you know, the neighborhood kid that everybody called on when they couldn't get on AOL, into their favorite chat room, to becoming this high speed, low drag military operator?

Speaker 2: 10:28

becoming this high speed, low drag military operator. Okay, so because of that mentality of being able to try to look into other things, I started off my life figuring out why things were. I guess that was like my biggest question in terms of growing up and trying to figure out what what the internet really was supposed to be for. So I got into phone freaking pretty on learning how to hijack pay phones. I get going to make free phone calls by using my Sonic the Hedgehog Walkman to replay dial notes from stuff I would play on the internet.

Speaker 2: 10:54

And then, before Napster and Kazaa became a big thing and running through that, I used to be in IRC a lot.

Speaker 2: 11:00

I don't know if that's up to your world. When I got early into my years of asking why things are the way that they are, I inadvertently got into reverse engineering and ethical hacking pretty early on. So I recorded like dial tones, using the internet to be able to do some phone freaking back in the day. So I was using that to get into different payphones and make calls for free, as opposed to having to call 1-800-COLLECT and then saying what your message was really really fast. So, short of payphone hacking and running through that, I've also got into more of IRC channels and learning what that life was like in the underground before it was anything else. So back when news groups were so popular and IRC was a big deal with Dalnet, if you're familiar with them, they had a huge, huge piracy scene and I used to work with them on like reverse engineering, xbox games, dreamcast games and PS2 games to see what what we could do to kind of play them ethically. To make you know normal backups of games that I've already purchased because I'm for archival purposes.

Speaker 2: 11:56

Yeah, you know that.

Speaker 1: 11:58

So now let me, let me ask, let me interrupt you real quick, because before we get too far away from that phone freaking thing, because you know, some of some of our listeners are not as savvy as others. But we're talking about, like you know, the blue box and the red box and and, for those who don't know, that's where Wozniak and Jobs got their start too Right with that. But, frankie, you may have to admit this for the first time ever on this live program Is it true that your life is what they based the movie War Games on? Is that? I heard that rumor, I don't know. Are you in fact david lightman? I?

Speaker 2: 12:32

I don't know that I can confirm or deny. Whatever that is, I'm gonna.

Speaker 1: 12:36

I'm gonna leave it when it. Uh. How is the whopper doing uh?

Speaker 2: 12:41

again questions that you should probably ask burger king. Uh, no, that really fit upon my level. So all I can say is, um, I dabbled in a few things that have been in some popular, uh, hacker movies, but I'm not, I'm not like is it? Was it Hugh Jackman on on hackers? Was it stuff under 60 seconds? I was like that's, that's not, that can't happen.

Speaker 2: 13:03

So, yeah, getting back to a little bit of that phone breaking and rushing into PS2 games and all that other good stuff, I did that for a long time and trying to figure out why, and with that mentality, it brought me a lot closer to what other people were, I feel, afraid to kind of look into.

Speaker 2: 13:20

Maybe they didn't really want to get into computers, or maybe computers were just intimidating at the time. So I learned Java and I learned how to script my own stuff. So I was making a different AOL bots for hacking them and working through processes on how to better secure networks and things like that. And, short of all of those things, when I got my official notice from AOL that they were going to permanently ban my account, I knew I was on to something. I knew that I should turn this into some sort of career, and it really, really upset my father at the time. So I had to move out and do some other stuff in terms of what to look like there. Not that our family relationship was any greater, but at least that was another reason.

Speaker 2: 13:59

Wow, so jumping into the Air Force side so that you can get that answer that you're looking for they. You know the military has always been looking for people who kind of get what's going on with cyber um, and they didn't know really what to call it. They called it information assurance for a very long time and tried to figure out what that should look like. And by the time I got there umpteenth like 20 some odd years later, between having a stint in geek squad, uh, and doing a couple other really, really awesome stuff um, they, they were like we don't know what to do here. So if you can figure this out, that'd be great. And that's kind of how I got into offensive and defensive cyber ops.

Speaker 1: 14:31

So oh, that is so cool. And you went in. I mean, you went in at the very bottom level. You were what they call an e1 for sure. Yep, yeah, came in as an e1 and that that's like the, the minimal rank or whatever it is. They call it an enlisted man, the very bottom of the totem pole, you know. But you had some remarkable achievements and went through what's called an airman's commissioning program, which essentially allowed you the opportunity to transfer from that life as an enlisted airman into one of an officer in the US Air Force. Yeah, that's remarkable. I mean, that's a very, very selective program, is it not?

Speaker 2: 15:17

Yeah, it's extremely selective and it's even more so in the reserves. Wow, I've been in the Reserve Corps for a long time and what they say is true that typically for you to get selected for a position or be promoted you got to wait for someone to retire or die You're not to be too morbid there but to get selected to do this kind of program they have to create a special position and that need early on and that's already after active duty. Air force has already appropriated their number of congressional officers for the year. So, like the reserves, has a lot more paperwork and a lot more convincing in order to do this and a lot of the time they don't want to commission enlisted forces.

Speaker 2: 15:52

In my experience right, I'm not going to say that for everybody in the Air Force, but it's extremely competitive and if you don't really have the, I guess, the experience or the tenacity and the leadership qualities that they're looking for in officership, depending on who's interviewing you it can really turn bad really quick. I mean, I applied to four different jobs and even though I landed in finalist panels for all four, I didn't get selected for three of them, either because I didn't know what they were looking for or they had different opportunities for things, and that didn't take away from my skills or experience as a cyber operator. It was just, you know, something that was unique there.

Speaker 1: 16:29

Wow, what a story. Hey everybody, I'm chatting with a really remarkable individual. His name is Dr Frankie, We'll just leave it at that. He's a United States Air Force officer. He started his career early as a hacker and just became a cybersecurity professional. We're just having a delightful chat. Our calling, our open lines are open and our phone number is toll free 855-605-8255. If you'd like to get on the action, when we get back we're going to hear more about his story, but first we're going to take a quick break and pay a couple of bills. Stand by, We'll be right back.

Speaker 3: 17:07

Patriotism times 10. If you're liking the show, hit our Facebook page and chime in at Real Patrick Bass. More real and raw truth coming up on the Patrick Bass Show.

Speaker 6: 17:23

Hi, I'm Kelsey Grammer. Wounded Warrior Project supports injured veterans by connecting them with fellow warriors, by serving them through mental health and wellness programs and by empowering them to live on their own terms. No one should face a battle alone. Join us at WoundedWarriorProjectorg.

Speaker 3: 17:40

In your face, unfiltered and raw. We're back to it on the Patrick Bass Show.

Speaker 1: 17:58

Okay, thanks for hanging in there with us. Again, this is Patrick Bass on the Patrick Bass Show, and if you've been following the story, I'm talking to Frankie, who's a cybersecurity professional from the civilian and military side. He's just been telling us about his commissioning program, where he started as an E1 enlisted man and eventually became an officer. Frankly, is it true? I mean, I've never been in the military, so I don't know about this Only what. I've never been in the military, so I don't know about this, only what I've seen in movies. But at some point you had to go to school and obviously you have the doctor honorific. Tell us about that, sure, sure.

Speaker 2: 18:38

So I was initially in a combat search and rescue unit down at Florida at the Space Coast. So I did some really really cool stuff with them for about eight and a half years. Up until that point I was like most military men where I had a high school degree and a couple of associates to make things happen and I was doing computers on my civilian life and not really for the Air Force. And as the Air Force and other military branches started to see the importance of cyber and how that plays in their operational mission day-to-day good stuff, they were like hey, we see that we're going to have to start building up some great cyber assets to get some folks to protect our networks as we're forward deploying and we're doing some great things overseas, so we're looking for the opportunities for people to do that. And initially they weren't really taking people with experience. They kind of thought of cyber more as a um, like go build my network right, go run some cable, go do some some phone stuff. So even though if you were educated or or not, they just kind of didn't have that value in the beginning. And then you know, we started to see the effects of what happened post 9-11 um, where you get to see a lot of of where information really really dropped and then how that should have worked in between interagencies to help people do what they need to do to help keep our nation safe and as a result of that, I felt really, really partial to make that happen. So on one of my deployments I enrolled for my bachelor's and my master's at the same time. I did my bachelor's at UCF online, the University of Central Florida, and I did my graduate program at Excelsior College in New York and I had to get both program deans to be okay with me working through this process. So I enrolled in my graduate program as a non-matriculated student while I engaged in my bachelor's degree at the same time and while I was deployed doing air crew operations and working on a few things, I was able to complete both of them at the same time. I got the university for New York to enroll me into the degree program. Even though I completed all those classes as a non-matriculated student, they matriculated me and then provided me the degree at the same time. So it's weird when you look at my degrees to see them at the same conferral dates, because it's a little interesting.

Speaker 2: 20:47

And then from there. When I got the opportunity to commission, I realized that becoming a foreign area officer or working my cyber skills in what's important to me to speak to national security objectives and talking with other national partners in terms of what we can better do to secure our networks and work together to make the world a more secure place I wanted to try to pursue something that was not going to prevent me from either A getting promoted so that I can do the right thing and help take care of my folks, or, b allowing me the most opportunity to find any type of job that the Air Force will take me in, while they can utilize my skills to the best of their ability. And getting my doctorateate degree was that play. So the only program that I saw at the time that didn't have a mandatory residency during my high operations deployment tempo was University of Fairfax, where I got my doctorate degree in information assurance.

Speaker 2: 21:38

So it was really challenging. I had a hard, awful dissertation. It was going back and forth between folks, uh, but it was well worth it in the end. And, uh, and the staff and the chairs that I had at the time um for the school were just incredible. Uh, they, they really wanted to see me succeed and I was at it for about a year. I got. I finished the program in two and it took me one other year just to uh, to finish the dissertation because it was such a beast.

Speaker 1: 22:04

So so your doctorate in three years? Is that what you're saying? You did it in three years.

Speaker 2: 22:09

I finished the whole program in two and the dissertation program off and on took about three years.

Speaker 1: 22:14

Wow, I should say yeah. And I'll just admit something I was ABD status for my program and we had 10 years to finish. I timed out oh no, so and I thought to myself I'm never going through this again. So congrats to you. That's a. That's a very, very rigorous process and you know that dissertation process it is. It is grueling. It's grueling, yeah, for sure. Yeah, because I don't know. I don't know if your discipline is applied or or theoretical, um, but you know, it depends. I guess it depends if you're interpreting existing knowledge or creating new knowledge, um, but in either way, it is, they don't hand those out, you earn it, you earn them. That's absolutely remarkable achievement. Congrats to that. On that, yeah.

Speaker 2: 23:07

Thanks, thanks, patrick. I I couldn't. I couldn't have done it without viewers like you.

Speaker 1: 23:15

Well, and for that you're welcome. Awesome man, Thank you. Let me ask you a question, because I mean, I think you know I'm kind of a ham, I'm light-hearted, but uh, what, what do you think the biggest misconception about cyber security is that most people have about what it is that we do on a day in and day out basis I mean other than the fact that most of us just drink mountain dew, don't ever take showers and uh, work through this process of just hacking things all day long.

Speaker 2: 23:44

Um, yeah, yeah, let me, let me think through that. I feel that the best misconception is that everything is easy. That that I feel like is is the uniqueness in cyber. One of the things that I find myself talking about often, either when I'm working through teaching courses or helping to mentor folks, is that the idea of cyber is really more about just questioning why things are, or I feel like that's what I've been living by. Cyber is really more about just questioning why things are, or I feel like that's what I've been living by.

Speaker 2: 24:10

Just because we hear that something is the latest and greatest in tech or this is the best thing ever, it's all done by humans.

Speaker 2: 24:16

Even if you had AI, ai was built by humans. So there's going to be some inherent flaw to the situation and, as a result of that, there's always something that somebody didn't think about and that's like the beauty and the beast of it all right. So when we're talking about cyber, no one can just walk into the discipline tomorrow and just say oh yeah, I know what I'm doing sql injections. I got that down right like this is easy, I'll hack tomorrow. I'll hack a tesla tomorrow because it's possible. So when people do those kinds of things, or they say that stuff, or because they see it on a movie, um, it's nice to feel like that kind of stuff is great and that it's that simple. But it's not right. Being able to utilize tools in the right type of way and having a mindset to really get after what you're looking for is. It kind of speaks to the personalities, especially of those in the hacking community. So that's what it is.

Speaker 1: 25:02

Yeah, and you know. The other thing is, I don't know about you. Have you ever personally been affected by like identity theft or you know something? Because I have, and I often tell people listen, nobody is immune. You know, and we've had credit card numbers stolen and different things like that, and you know if anybody's doing all the right stuff, it's me or somebody like you, sure, and and sometimes bad stuff just happens. What's your take?

Speaker 2: 25:29

it's, it's always going to happen. It's a rite of passage. Nowadays, I think everyone needs their identity stolen at least once because, at the end of the day, um, nothing that we have is is that secure. I mean, we're not all running through crazy types of crypto mining stuff that that's going to work out in like a blockchain. That's super sick, right, or anything. So, like even us in the military, we've had our data breached like four times within the last 10 years. Between the department of VA losing stuff, there was OPM losing stuff. So I mean, I wouldn't be surprised if somebody listening right now was like Frankie, yeah, I got your social. I know what's going on with you. I got you, man, I got you I know what's going on with you.

Speaker 2: 26:06

I got you man, I got you. I got you, which is fine, right, and I appreciate that, but at the end of the day, all we can do is live in a more acceptable society to have it done. So I'm with you, Patrick. I feel like it's more a matter of when and then what your reaction is going to be. What does your planning look like? What have you done to prepare for? Like what was the last time that you've heard about anybody doing any under the desk drills in a public school? Like that used to be a thing that I had to do.

Speaker 1: 26:32

Right, oh yeah, and, and they had. You know, I, I grew up in San Antonio, which is, I'm sure you know, a big air force town. You went to BMT there. Yeah, we, we grew up knowing that if we were ever in a nuclear war, we wouldn't experience it, because we would be up to be among the first to go, cause we, you know, back then, before BRAC, there were, oh God, probably, I don't know maybe close to a dozen bases in and around San Antonio For sure. So if it wasn't the number one place to go, maybe DC and maybe Virginia and then San Antonio, yeah, no, I get it, I get it.

Speaker 5: 27:10

You know.

Speaker 1: 27:10

So I grew up with that realization and, to be honest, I had more than one nightmare about it as a child, I feel that. But yeah, you know, we had the, the duck and covers, we had, you know, all that stuff, and they also had us convinced that, convinced that we were entering an ice age. I don't know if you remember that.

Speaker 2: 27:31

That was probably. See, I grew up in Florida during that time frame and other than the best things, that probably didn't happen. But I did get told that if I didn't do the dare program or I didn't join the inner city games that I would be a hoodlum. So I, I do. I do think that we have quite some unique state cultures there. Um yeah, for what that would be like, I don't know if you remember those.

Speaker 1: 27:54

You'd be a street rat. Yeah, exactly, literally be 11. Oh, my god, exactly. Yeah, uh, I. I don't know how old you are, but I was. I'm assuming we're close in age. I was born in 69, so, uh, maybe a wee bit older than you, but we're certainly contemporaries, for sure I, if anything I still listen to the music of that era yeah, it was the best.

Speaker 1: 28:19

Hey, the 80s were the best music. I grew up, you know, of course, listening to the 60s and 70s and 80s and that's uh, that's where my heart is, frankie, that's where it is. I don't think it'll ever, ever, ever be any different, uh, and I think that's why people are so angry nowadays, because their music sucks. I really do think that I get that?

Speaker 2: 28:38

I can totally get that and if it helps any, whenever I go to a major hackathon type of event or we do some crazy operations, we're listening to the type of music that you're familiar with, where every band was named after a place or something boston yeah chicago. Uh, you know all kinds of europe, you know whatever, yeah, whatever now let's jump back into your story.

Speaker 1: 29:01

Actually, we got to take another break uh this is patrick Show. We'll be right back.

Speaker 3: 29:08

Patriotism times 10. If you're liking the show, hit our Facebook page and chime in at Real Patrick Bass More real and raw truth coming up on the Patrick Bass Show On the battlefield.

Speaker 5: 29:25

There's a saying America's military men and women live by Never leave a fallen warrior behind, Ever Off the battlefield. Wounded Warrior Project operates with the same goal. Wounded Warrior Project was created to help our men and women returning home with the scars of war, whether those scars are physical or mental. Wounded Warrior Project, we never leave a fallen warrior behind Ever. Learn more about what we do at WoundedWarriorProjectorg.

Speaker 3: 29:56

Warning the show you're listening to has been rated R by the Talk Radio Network Guild of America. Raw, real and relevant.

Speaker 5: 30:12

It's the Patrick Bass Show.

Speaker 1: 30:21

Hi, my name is my name is my name, is my name, is my name, is my name, is my name, is my name, is my name is my name, is my name, is my name, is my name, is my name, is my name, is my name, is my name, is my name, is my name, is my name, is my name, is my name.

Speaker 1: 30:27

All right, welcome back to the program. Excuse me, patrick Basho. I've been talking to Frankie. He's a cool dude, just an absolutely cool dude Cyber security professional, civilian turned enlisted man, turned military officer. And when he got his doctorate, I mean he's just done it all. He's just, and on top of that he's just a freaking cool. I don't know if you, I don't know if you can see him from where you're at, but I'm telling you, super cool dude. Uh, now you've got and I read in the show notes and I looked at your bio you have 34 certifications, holy cow yeah, way more than anybody ever should.

Speaker 1: 31:03

It's awful yeah, I do.

Speaker 2: 31:05

You have enough wall space is I don't know so so I'm one of those few people that don't actually hang anything on their walls or don't tag their email signature with anything other than what like organizations require me to do. Right, I'm not. I'm not looking for the alphabet soup or anything, because I just want to be a normal dude. I don't want people to think I'm out here flexing for certifications. That doesn't mean anything to me. So it is, yeah, this is a job requirement.

Speaker 1: 31:30

So, and at some level, you know, and, and I've got a bunch of certifications I don't think I had 34, maybe, maybe close at one time. But, um, you know, there's certain ones that you keep up. I call those professional. And then there's more technical ones that are based on like a version of a software or something like that. You can run out of time and money chasing those, for sure. A hundred percent yeah, cause I'm still an MCSE for NT4.

Speaker 2: 31:58

That's good. I'm an NCSC for uh for 2003, but I don't count that in my numbers right now.

Speaker 5: 32:06

Yeah.

Speaker 1: 32:07

Now let's, I wonder, wonder we. I don't, of course I don't want you to give away any secrets, and I'm sure you're well trained not to do that, but do you have any uh, you know, cyber gun kind of memorable stories that you can tell us about some of the real world challenges that you faced in cyber security?

Speaker 2: 32:21

yeah, I could tell you one that's a little more um, that happened while I was in the dod contract. That's a little bit better, that bit better. That's not anything relevant to any secrets. It was an interesting story because this is right about the turning point for most folks back in 2016. Back when somewhere in this range 2016-2020 is where we started to see the rise of ransomware.

Speaker 2: 32:46

In terms of what was getting done and built out, there are two specific situations that I worked with a specific uh department of defense contractor, um, where I was supporting them as an it manager. I wasn't really working um under the military for this and when I, when I got there, uh, I initially was a consult because they said that something was slowing down their networks and kind of making something that was really difficult for them to operate after their last IT manager had left. So I came in, I took a look at a few things and everything seemed pretty normal upfront. What ended up happening is they brought me on for a longer term contract to just kind of help manage assets and help them with what they need to do and hire new IT staff and within the first three months, I found some erratic behaviors happening on a particular server that they had for production. This was like their main operational server that had the proprietary software and all their good stuff in it, and it turns out the last IT manager was let go for spying on the owners's emails and trying to figure out better ways to sell their secrets. And, as a result of doing some forensics investigation which is still very new during this time in terms of what's what's something that you can bring into court, how that would work out I found a logic bomb that was going to explode if anything was tampered with it and or um with something else after a certain amount of time after that employee's termination. So that was a really, really interesting uh first introduction to malicious stuff from the home front.

Speaker 2: 34:19

Um, I I went ahead and uh, did as many backups as I could. Uh, I was probably within the span of a good 48 hour window to do something and, as a result of that, that server inadvertently blew up. Right, there was no prevention at the time, especially running on Windows Server 2008 and a bunch of other stuff, so it was pretty limited in terms of what could happen, because this guy really, really hosed it up, and that experience was probably one of the most stressful times in the world that I've ever had, to learn really quick of what kind of character I had. So I brought on a team of two other contractors to stay with me as we worked 24-7 operations. The reason why this was a unique experience for me is because you never know what pressure is like when you have a worldwide organization with over 250 employees that are counting on you to bring things back up before they can't eat anymore, right, because there's no software, there's no engineering, there's no operations going. Everyone is just trying to figure out what the next best step to do and they're all counting on you to do it.

Speaker 2: 35:23

And that experience brought me closer with my digital forensics partners down in Florida where I was working, and really really taught me a lot about how to kind of expect malicious behavior from other individuals. It really really set the stage and I said ransomware because not too soon after that that there's a potential link between that and a phishing email that came in for one of the other owners where they launched a ransomware attack. We had to pay that off in bitcoin before it became popular, so we had to buy it from a, an intern who was sitting there, in order to kind of like work towards the process of undoing ransomware, and that was before it became as well known as it is today. So, like those, that one company was like a strong target for just malicious users all day long uh, whether they were internal or external and that alone really gave me the best experience in terms of what to expect for the future, and I knew it was only going to get worse from there.

Speaker 1: 36:21

So Wow, yeah, uh, I mean this. You know this. This is stuff like it's right out of a movie script, really.

Speaker 2: 36:28

Yeah, you're telling me I had to live it. Yeah, it sucks, it sucks for sure. But these companies, they came back Right. We, we and myself found some, some opportunities to make things happen and in the traditional forms of officership, I had the best team ever. When they needed breaks, we would organize sleep schedules to get them to work out and I put my effort in front of them. I contributed the same amount, if not more, to make sure that we're able to support all these folks and, thankfully, every single situation that has ever happened like that in my life has always come back. Happened like that in my life has always come back. So, like we've never had a knock on wood, full-on meltdown at any potential location and trying to work on setting things up for people in the right, proper way. But, yeah, it's, it was traumatizing man like I've been, I've been to war, I've seen, I've seen some gunfire, I've done some stuff. Uh, within, within that playground, and uh, nothing scares me more than being responsible for someone's IT infrastructure. Oh, wow, isn't that the truth.

Speaker 2: 37:29

Yeah, that's a big deal when you affect people on that level, because it's them, their families, everybody else, and when you're, when you're worse, it's you and that other guy or gal or whatever.

Speaker 1: 37:41

So I would gladly take that any day. Yeah, Frankie, what do you think the most? Well, let's just call it. You know, cybersecurity is an evolving landscape. What do you think the most concerning trend is that you see today, and how should organizations prepare to counter them?

Speaker 2: 38:03

The user is very much ill-trained and anybody that you trust to work in your environment more than likely is going to be a liability to some extent. So you have to be willing to have those hard conversations about risk management early on. If you're in leadership, if you're working in a position that can help to influence change in your organization, get with your security folks, get with your training folks and make sure you try to get everybody to be at least at a level playing field of understanding what basic cybersecurity should look like, because everyone needs it. And not only that, but they're targeting you outside of your organizations too, right, right Concepts of misinformation, disinformation campaigns. You see them happening with your social media networks and people at their home computers.

Speaker 2: 38:42

I mean, it gets down to the geographical area. So it doesn't matter where you are, as long as you're an employee of a particular organization, someone will find you and do what they need to do. So the expectation is the more training that we can give each other, the better that we're all going to be. And there's a lot of resources online and nonprofit agencies, especially folks that, like I, also volunteer with that, I think would gladly help anyone with either providing free advice or getting folks that are particularly underrepresented or underprivileged to be able to get some help. That includes our senior folks, our younger folks, anybody who could get that kind of training would be awesome and helping to spread that culture.

Speaker 1: 39:22

Yeah, and for the regular listeners of our program, then you should know that we have a guest resources page. So, frankie, you want to be sure to capture what those are and include them on our guest resources for folks who may listen to this at a later time and need that kind of help. Sure, now I know for a fact that both you and I are both actively engaged in, let's just say, preparing the next generation of cybersecurity professionals. If, if you were talking to somebody directly who was looking to enter this field, particularly maybe someone from a nontraditional background, you know, not IT focused, but they have a strong desire and just everything you know, just a strong interest and maybe even an inclination towards it, what advice would you offer to them to help navigate what is really the complexities of this industry? You know, case in point you have 34 certifications. I mean, where does somebody begin? If you're wanting to get into this field, where do you start?

Speaker 2: 40:22

Sure, sure that's a great question, patrick. Let me kind of work through this in the best way that I can with most of our recent folks that you and I have worked with in the past. The first thing is to probably dispel any sort of like pie-in-the-sky dream of what cyber is. Right, I like being a realistic person and overly optimistic if it's possible, right. So I want to say, hey, cyber is a real career field that anyone can do, 100%, anybody can do this. You just have to have the right mentality to kind of walk into it. But don't start walking in there like you're Mr Robot, right, like you're not going to come in here and all of a sudden start wrecking people's stuff and CTFing all over the place. Like it doesn't really work that way. So the hope is that, because it's an inch deep and a mile wide, um, what should that look like? So the first, first, first first piece of advice is to say don't shy away from it. I feel like if you're looking at a coin, um, it has two sides that make up its entirety. Right, the first, first part of the coin can just be the cyber end, where you're talking about the security or the understanding, the concepts of what it takes to protect something that's important to you and the other side being the it that makes it function, because just because it's uh, potentially on a computer doesn't mean you won't be exposed to cyber and it. In a different scenario, you might have embedded systems, you might have skater systems, you might have car systems, like with the tesla, or whatever like. If you're interested in something, find the thing that you already like and then find the cyber slash IT aspect to it. I mean it can be as easy as following video games or seeing what that looks like in terms of their discussion forums or how they're connecting the folks online using cloud services and things like that. And then after that, when you start considering what that interest becomes and you start feeling the drive for it and you really want to move towards that as your next step in your career, then we can get into certifications For the security side.

Speaker 2: 42:13

On the government end, usually people will say Security Plus is a good starter. Right, it's just foundational knowledge. I personally, like Certified Ethical Hacker, I feel like it's a little bit above the step of Security Plus to be able to get you where you want to go and then, as you start, to progress towards what you think your career is going to be. Then you start looking at other certifications like CISSP or whichever. But let's say you do IT and you do cyber and you really like the management side. Maybe you're not really into the techie stuff. There's other considerations for, like project management professional, you can always be a project manager of specialized IT teams because that's necessary. Not all of us can code and manage projects right. We have to find a way to do one or the other and then trying to figure out what might be the best avenue for you. So those are just some really quick examples in terms of what that looks like.

Speaker 2: 43:02

But let's also not sink away from your education, which I will personally say I did not find value in traditional schooling.

Speaker 2: 43:11

I don't know what that is for everyone else and I don't want to influence anybody in the wrong type of way because I'm sure it's value to some folks.

Speaker 2: 43:18

I find value in doing right. I love experience, I love internships, I love working through the process of seeing what that looks like, and there's plenty of conferences for people to go to to get this kind of experience and there's Black Hat, def, con and a bunch of other ones that exist besides where you can go and experience some of these things in real life and actually see what people do on a regular basis, whether they're hacking satellite imagery or working through generating false airplane tickets for boarding passes, like random stuff that people just figure out, um, and how they share with one another is is what makes this community, uh, both incredibly satisfying and super scary. So, um, at the end of the day, whatever you want out there is definitely possible for you to achieve, but you just got to get at it with the right mentality and being a realistic person, uh, while having that healthy sense of optimism to say you know what? I don't know this now, but I sure will know it later. So hopefully, that wasn't a good answer.

Speaker 1: 44:14

No, that's a great answer, frankie, and you know, one of the things that I was going to comment on is you know, we've both been in this a long time and when, 28 years ago, when I got into this field, I didn't get into cybersecurity, I got into IT, and cybersecurity was just a really narrow offshoot of IT, and for me the journey was network security. I was running a PIX firewall back before Cisco bought them, and, and back then you could know everything there was to know about security. You could know the body of knowledge was, you know, in the grand scheme of things, relatively small. And now the trend is that, as you said, there's specializations within security, which blows me away, because people are now entering the cybersecurity field without first having, let's just say, paid their dues in IT. Exactly, yeah, and for me that's a really bizarre concept because I don't view them as mutually exclusive, right, right?

Speaker 2: 45:16

No, I get it, I get it.

Speaker 1: 45:18

Yeah, but the fact is, you know, people can come in to the cybersecurity field and not really know a lot about IT. I mean, they're going to know the basics obviously, because you know, at the end of the day it's a computer oriented job, but not like an IT admin. Would you know what? You know what I mean? The difference Exactly, and for me that that's been a huge divergence. Do you, do you view that just as a good thing? And, just speaking as yourself, you view that as a good thing, a bad thing, or it's just, you know, not relevant, it's just the way it is.

Speaker 2: 45:50

I I personally hate the idea that it is not embedded into cyber at an earlier stage, because it's it's impossible for people to really grasp what that looks like. I know like, uh, we'll use the federal government as an example, right, this is, this is an obvious thing that people can put together. So if you have a cyber security manager who's writing policy right, they may have at one point really understood what it meant to be technically sound and secure. But, as we know, and in this field and every other article published every week of another organization having a data breach, clearly policy doesn't answer all of the problems that need to get done, whether it's a resourcing problem or a training problem or a tech problem. So if they have a limited understanding already when they get into writing policy, it gets exponentially worse when they're the ones being put in charge of people who are technically proficient or who know what's happening.

Speaker 2: 46:42

The long story short man is it should never be separated. There should be mandatory requirements to try to get some still hands-on keyboard for what it should be, and if there are going to be dedicated leadership positions with cyber teams, they should be rotated much like how it is in traditional organizations. That used to happen when you and I were still working on Novell networks right, and doing IPS and SPX, mandatory vacations and mandatory job rotations used to be like a no joke. You had to do this right. People had to know what you worked on so that way they know what's going on at your network and your organization. And then you have to be able to rotate that out Like you were told hey, you're on vacation for two months, go and come back later and we're going to see how everything worked out and if all the documentation and all the work that you've been doing is exactly what it is and it forces people to really have to learn what it's like to keep an organization and its data secure.

Speaker 2: 47:34

But that kind of stuff doesn't happen anymore. I mean, we all think that it's. You know, cybersecurity will work itself out. Let me just offload the risk to my insurance provider and hope that State Farm slash, hiscox, slash whatever is going to pay off my data breach when it happens, and give my customers one year of identity protection, because that's how long it takes hackers to hack people. Is one year right? So you know, I, I think, uh, I think I'm like you and the asset of you gotta know a little bit of both, um, at least to kind of work through or have some sort of ongoing plan to really, uh, grasp exactly what it is you're trying to protect.

Speaker 1: 48:11

Yeah, I guess some people are good and others are lucky. Fair enough, or nepotism is a real thing too. Well, yeah, oh boy, frank, it's been a great conversation and I know we're coming to the end of our time. I just want to make sure that you have the opportunity to just anything you'd like to share with our listener audience. And, by the way I just found out about a week ago, right now we're in the top 15 percent of all podcasts worldwide and we're growing Every show. So much to me and and I you know, please let us know how we're doing. By the way, you can always get ahold of us, go to pwbasscom or you can shoot an email. Info at pwbasscom, but we love hearing from our, from our listeners. So, with that in mind, frankie, anything else you'd like to share with our audience?

Speaker 2: 49:09

Sure, sure, patrick. I've known you for a long time so I'm so excited to see this thing growing and I can't endorse you guys enough. Please continue to tune in to the W passcom. Work that stuff out for this podcast.

Speaker 2: 49:21

The only other quick plug I guess I could say is one of the nonprofit organizations I work with is a level nine corporation, if you look them up at level nine, corg.

Speaker 2: 49:29

We'll make sure that goes into the guest resources. But yeah, they have a mission to help out folks nationally and provide services to the underprivileged and underserved communities across the US and they've worked on strategic partnerships with overseas partners to make sure well, I guess it's the same word, right? But overseas national states that are the best interests of the US to help secure cyber networks of our brothers and sisters overseas and make sure that we're taking care of our folks both militarily or not. So if you guys check those folks out, if you have an opportunity to say what's up, or if you have student interns or whichever that you want to work out, I'd say throw them out there. I usually help out with a lot of colleges that go through that organization to help mentor future cyber leaders and warriors, and happy to do it. Short of that, for those of you serving, thank you for what you do Legitimately. Sometimes I still feel like I suffer from imposter syndrome from being a reservist, so you guys know what that sounds like.

Speaker 1: 50:23

And otherwise I'm super proud to be here and I can't thank you very much for, or can't thank you enough for, this opportunity to come on here and start telling a little bit about my story. Well, frankie, thank you for everything that you've done on behalf of a very grateful nation. Guys like you who sacrifice so much deserve everything that you're able to get, and I really do appreciate you and I respect you as a cybersecurity person and professional, and it's just been an honor to chat with you. Again, we're going to make sure that all of the resources we've mentioned today on the Patrick Bass Show are available on the guest resource page, so please check that out. Also, we've got our second hour coming up, starting right at the top of the hour.

Speaker 1: 51:07

We're going to take a quick break and then we've got another great guest coming, so be sure to check that out. It is a different live stream, so, uh, you'll want to make sure to check social media for that link. Uh, again, uh, pwbasscom. And thank you so much for listening. We'll catch you next time. Until then, keep the blue side up.

Speaker 3: 51:27

Thanks for listening to the Patrick Bass show. The Patrick Bass show is copyright 2024. All rights reserved. Patrick Bass Show is copyright 2024. All rights reserved. Patrick's passion is to open up any and all conversations, because in this day and age, the snowflakes are scared to get real. We'll fly that flag till the very end. That we can promise you. Keep updated by liking our Facebook page at Real Patrick Bass. For more information, visit us on the web at wwwpwbasscom. Thanks for listening and tune in next time for more real talk on the Patrick Bass Show.

People on this episode

Patrick Bass

Host

Patrick Bass Show