Gerald Auger, a Cyber Advisor, Speaker, Educator, and Author who is passionate about Cybersecurity. He shares, promotes, and curates cybersecurity resources to make it easy for people to make and take a cybersecurity career further, faster, and deliver peace of mind and empower leadership to confidently execute business safely. In this episode, Gerald shares his unique life journey in pursuit of his passion which includes being a comedian and eventually leading him to the cybersecurity world.
To know more about Gerald, Engage here:
🌐 Web: SimplyCyber simplycyber.io
Click To Read The Transcript
Cyber Security Expert Gerald Auger Shares His Unique Life Journey in Pursuit of His Passion
Hello, everyone. And welcome to the underdog show, today I have an incredible guest here with me. Gerald, how are you?
I’m doing good, super pumped to be here. Thanks.
It is such an honor to have you here, my friend. What a beautiful, beautiful trajectory that you have. I know, we’ve discussed quite a bit on our last call. And my biggest question to you, because you’ve had such a diverse range of things in life. What inspired you on your journey to where you are today?
Yeah, so there’s a couple answers to this question. And I knew this question was coming. So I’d really thought hard about it. I almost want to start like the way an action movie starts right with that. Like big scene to kind of kick off the movie. There was kind of a seminal moment in my life. And I hate to even give this individual praise because it was despicable. But like, effectively, when I was 24 years old. I was essentially exploited now, not sexually exploited or anything like that. But I was put in a position where I was knowing. Completely vulnerable in this individual had power over me and I was effectively exploited. He explained to me, as he was doing it. That he was going to do it and that I was going to accept it.
And it was really, really unfortunate. Because of my life, my circumstances and everything like that I had to, he was absolutely right. Which made it all the more you know, suck, if you will, to do that. But there is a silver lining, but so just to take you back for a minute. What’s the situation what’s going on. So I’m 24 years old at this point. But if you back up, I had gone to university of Massachusetts put myself through school. I had a good family, but we just didn’t have money to send me to school. So I put myself through college, computer science degree. Now here’s where you can tell that I’m young in this story. The years like, you know, it’s early 2000s. I mean, it was huge.
Like if it plugged into the internet, it was gonna be a multi-million dollar deal. And we even see this today. But like, Yahoo was coming out, Google, like all these things. If you had a computer science degree. Or you knew how to write code, you were basically like walking into 75 $85,000 jobs. Which was pretty good at the time. Like minimum wage is probably three times what it is. Or minimum wage today is three times, what it is that right. So I thought you just kind of walk out and they’re handing jobs out, like at the like with the diploma right. Maybe I hadn’t taken college as serious. I took advanced classes in high school, AP, some college credit stuff. So I was above average student, so I kind of just thought that college was an extension of that.
Well, long story short, I partied a little bit, I have some fun. Some of my friends are graduating and I’m not. I’m confused what’s going on and I end up getting my act together. And graduate a year late, no big deal. Well, I walk out of graduating and there’s this the perfect timing. Or the worst timing, if you will, where there was a massive. Massive shift in software development jobs at this time, to outsourcing to India. They were outsourced in other places. But a bulk of them were going to India. Because from capitalism and a business perspective, they were getting the same. These businesses are getting the same quality output at a cheaper labor rate. Which is what the free market dictates. So as I walk out to get handed this job, the jobs aren’t there anymore.
And I’m stunned, right, and maybe if I was like a top tier 4.0. Whatever maybe they would have handed me one. But I wasn’t, but I did have the degree, I knew how to engineer code. So I’m looking around, I’m looking around and I can’t find something. I ended up having to take a mason tender job. Which if you’re not familiar with that is it’s like. Literally carrying 50 pounds of bricks on either side to wherever the mason wants you to go and mixing cement. So very, very hard labour. Certainly don’t need a computer science degree in order to do that work. But very humbling and I did that for like maybe three or four months through the summer, right after graduating. May through the summer and I’m realising This is terrible.
I do not want to do this for a living and finally I’m applying to all these jobs. And just to point out a bit of adversity I want to point out. Because I have encountered some adversity, my support network. Which is mostly like aunts and uncles and stuff. And we can get into my personal family if this story goes there. But they’re telling me, hey, like, just take a job, take any job, you don’t want to do this. Like, apply work in finance, work as Secretary work as shipping sales. What all these things, that was not what I just spent four years and my own money. I mean, I’ve got student loans, I haven’t really paid the money. But it’s my money for a degree that I wanted.
And I’m being advised to take a job. That does not use that I was stubborn and obstinate, that I was not going to do that. So I finally find this job as a software developer. I do all the things you’re supposed to write suit and tie appropriate letter cover letter, get the meeting. And I go in, it’s a small business, like 3535 to 50 employees and the software that they’re developing, runs the business. It’s like an in house business solution. They only have one developer on staff. Who does the software and all that they wanted a second guy ultimately. I find out it’s because they’re going to fire this guy and they needed a succession plan. But that aside, they said, Alright, come on in here. So I do all my research, too.
By the way, Pam, I’m like, all the things you’re supposed to do. What’s the average salary for this location. From my experience level for what they’re asking me to do? Also to the point where like, they said. Do you know this language? I said, No, I don’t know that one, I learned it over the weekend. We talked on Friday meeting on Monday, I learned it on the weekend. So I go in there and I’m just crushing it, crushing it. And they said, okay, like, I think you’re perfect for this job, so that’s good. They said, well, let’s talk about salary and this is where that moment happens. So I done the analysis and we’re talking $80,000 jobs, it’s like. The going rates everywhere, I did a market analysis. I come down to the lower half of the bell curve.
And I said, Listen, I think you know, based on everything $40,000 is completely fair. Okay, like it’s below market value. But you know, I understand that you’re a smaller business and all that. And the owner of the company leans over to me looks you right in the eye. There’s absolutely no way I’m going to give you $26,000. You’re going to take it, because you are lugging bricks right now. Which means you can’t find a job, which means you need this job. Because you don’t have any experience professionally. So that’s actually what your compensation is going to be the experience that you’re going to get here.
And I said, okay, okay, I’m gonna have to think about and all this. You know, the terrible, painful reality of it was what I said at the beginning. He was right and it really was a tough pill to swallow. But I wanted the field, I wanted that job. So I ended up taking it and I got one year of experience. Which is what you want and like, basically, on my one year, I quit. But as a silver lining, I do want to tell you that I started. Let’s say I started on Monday, November 1, or whatever. The following Monday, November 8, my wife starts at that company. They’re walking around,and I meet her, I am just struck by a lightning bolt. And it’s a really, really good story.
But anyway, so one year to the date. I give my notice, I leave take a job in DC. Which, again I’d already told my now wife at that time. That I was going away to DC and that I would be back and I would marry her. Which is incredibly creepy. If you’re not like dating or anything, which we kind of weren’t. But I was so certain and so enamored. And so strong about that feeling that you know, it’s exactly what I did. So that was to say that moment, that individual didn’t inspire me, that moment inspired me.
Because ultimately at that moment, as I was reflecting on the drive home. I decided and this actually drives all of the decisions that I’ve made since then, professionally. And personally, I decided at that moment that I would never be that vulnerable. Again, if I go get degrees, if I bust my butt if I put myself in a situation if I put my money away. So I got financial stability, then nobody can ever tell me. You’re going to like you’re going to take this exploitation and like it. And unfortunately, it built me up to what I am today.
That’s incredible. Thank you so much for sharing that story. I mean, I can’t think about ever taking advantage of a person like that. So hearing that I’m like, thinking just like Ah, yeah. Incredibly low EQ for sure. Oh, when you have the capability to lift someone’s life. And you do that, it’s like, oh my gosh, but it does drive you though. Doesn’t it when somebody just tells you like, Oh, this is what you’re worth. Here you go.
Yeah. Like, I mean, it’s a harsh reality. And it’s not something that you want. Your parents tell you that you’re worthless and that’s going to spur you to make something of yourself. But it was a cruel reality from a person I had never met until that day. And then I had to work with them for a year. But I basically poured myself into my work. I was probably one of the better employees because I would just bust my butt.
But the idea was that I was investing heavily into myself. Because every eight hours of work that I cranked out. I was getting better at programming in that language and understanding the software models that we were using. And I could market that right. He said it himself, he said, your experience is going to be your compensation. So I said, you know what, fine, let’s flip the script. Let me just milk this job for as much experience as I can possibly pull out. Because it wasn’t a paycheck, it was a means to an end.
Wow. I love that you split it into something positive, though. You know what I mean? Like, that’s huge. And you propel yourself forward because of that drive. Because they say that people are motivated in different ways. And then I didn’t realize that this was a motivation technique. But they say that aggravation actually does motivate some people.
Yeah, absolutely. I feel maybe my motivation technique is telling me I can’t do something. Yeah, that’s what I mean. Like, yeah.
Yeah, that’s what I mean. Like Oh, you can’t possibly do that. And I never realized that that was like a motivation tactic that actually. Some coaches and some people out there actually utilize to motivate people. I didn’t think you’d do it anyway. It makes me want to run through a wall. Let’s back up. Hold on a second. Oh, hold on a second. That’s nuts. Wow. When you were mentioning that it hit a chord because I was told one time. So when I was in the restaurants before I got into real estate.
I was told by a very close family friend to stick to ice cream. Because I owned an ice cream cafe at one point. And that, like made me just motivated me. So the next one was like, What? Are you doubting the fact that I can actually be successful in this field? And then it just makes you want to run through it even more. So that’s super interesting. Now, question for you. When you were growing up as a kid, what did you want to be when you grew up?
Yeah, so a comedian, I had actually considered going to like a theatrical High School for the arts to learn that technique. I did some stand-up comedy in my school during like talent shows and stuff like that, I mean, I thought I was a pretty funny guy, I was pretty extroverted, I was lifting a lot of my material from professional comedians. I’ll admit that now, I guess, in full disclosure, but yeah, I really enjoyed that I enjoyed, I guess, just being extroverted. And it was less about being the center of attention and more about social interaction. I’m very high on emotions, I love social interaction, I’m very open about how I feel about my emotions. And I share and just the social interaction has so much value and so much interaction.
I found by doing comedy, for lack of a better term. You’re able to get this one to many relations. Whereas if you’re doing theatre or something, I did some theatre. But you’re playing just a part of like a bigger thing of like a collective talking to a collective. Whereas the comedian, it’s like, you’re jiving with this whole group of people. So that went really well. But I was real with myself that if you look at how many people grind on the comedy circuit.
Not that I was doing, like deep financial analysis at this time. I was just a kid, you know, teenager, looking at how much the likelihood of a successful career in comedy. Versus a successful career in computers. I got a computer when I was 14 and really got into it. And began to understand and play games and stuff like that. So I felt it was probably in my best interest to kind of follow computers. Which is why I went to computer science and went that route is. Because I was naturally interested in them and had an affinity for understanding them.
That’s so cool, that’s so cool. What inspired you down the comedy route though, as a kid? Well, because it just seems so cool. It’s like two totally different worlds. The comedy and then the software and the computer science.
Yeah, no, I guess I was trying to lean into what I thought. I mean, people would enjoy him crack up around my comedy, I guess I was really just extroverted around classmates and stuff like that. So it just seemed like one of those things where like, oh. If you’re good at it, why not do it for a living. Probably the same way my kid is says he wants to be professional video game player. Because that’s all he likes to do is play video games. So I think it’s definitely wasn’t rooted in any long-term financial stability or lifestyle. I could only imagine how tough it was. Would be to live on the road and you know, it can be like that.
Oh, man does, do you have any jokes? Do you remember any of your best ones? The niece lappers.
Oh, my God. I don’t, I’m sorry. They’ve been pushed away and put into a trunk. Accompany addict with a bunch of mannequins around it and stuff like that. So I don’t have any of that content right now.
Gerald Biggest Source Of Inspiration
That’s all right. If you think of the joke throughout our interview, just say, hey, Pam, I got it. And you could just bring it out. That’s okay. Okay, perfect, I love that. I love it. And so who served as a role model for you growing up? Like, who was your biggest source of inspiration? It might be more than one person.
Yeah, that’s a really good question. So what’s interesting is and this isn’t to, elicit emotion. Or to elicit any type of sympathy, so when I was eight, my mom died kind of in a tragic accident. My dad remarried a couple years later to a woman who wasn’t really interested in kids. So that wasn’t really happening. My dad worked nights, so like he would think during the day, so there wasn’t a lot of interaction. And I just want to be crystal-like, my dad was a good person. Like, I had clothes, I had food, I had a home. I wasn’t like abused or putting any bad situations. But there wasn’t much going on there.
So my aunt’s kind of surrogate it kind of a maternal aspect. What one particular had a kid who’s like one of my best friends, now he’s my cousin, about my age. And I would spend a lot of time with them like sleep at their house, like all the time. Especially because my dad’s at work so wouldn’t always make sense to have me at home alone. So I had that on, but I do want to highlight one person. Who really was an external driver and influencer and even to this day still is although I’ve. But my Uncle Bill, very successful businessman. You’d love them pan, restaurant industry, real estate industry made a lot of money. And it’s like, the money is like nice, and he has a nice house and cars and stuff like that. But he’s more like business trip.
And we’re like, he’s interested in solving the problem of making a successful business. He’s married to my blood on right. So he’s not blood-related to me, although he’s, you know, my uncle. But as I was coming up, I’d be kind of making stupid decisions in college. We kind of talked about earlier and he would always introduce me as like. Oh, this is my wife’s nephew. Like, he would almost not even acknowledge that we were related. He was doing it to bust my chops not to be insensitive, you know, these. He’s a stupid college kid, he makes dumb decisions. This is my wife’s nephew. I would go live with them through the summers. And I would go there on holiday. Like Christmas breaks and stuff like that.
They live in North Carolina, I lived in Massachusetts, right? But for these long periods of no school, it would be easier on my dad to have me kind of cared for by them. So this guy was in my life all the time. And my aunt, his wife, Susan, wonderful person. A lot of love for me introduced me as her nephew. But my uncle would always kind of bust my chops and I found myself seeking his approval. I would do something really good or whatever. But it would be a minor thing, like something good and he’d be like, big deal. You were supposed to do that. So it kind of got into me a little bit. And you know, so he’s always driving. Always driving me like he’s been successful, I want to be successful.
I’ve got this like situation now where like, I’m never going to be vulnerable again. What is success actually defined as I get my bachelor’s degree. So he’s finally introduced me as his nephew. But he introduces me as his nephew, who’s got a master’s degree. So I have to immediately tell the person. He just introduced me to that I don’t have a master’s degree. Like, that’s how I’m having to introduce myself by, almost cutting myself down. But to be accurate and he’d be like, oh, okay, yeah, that’s right. You don’t have a master’s degree, so I go get a master’s degree, okay of him. He introduces me as having two master’s degrees. Okay. Now, I’m not saying that I went and got a second Master’s.
Because of this, I went and got it for professional development and open some doors for me. But I get the second Master’s, he introduces me as having a Ph.D. And like, at this point, I’m so aware of what he’s doing like this. Over the course of years, obviously, but I’m so aware what he’s doing. But in some primal way, I’m still seeking this man’s approval. Even though I’m telling him whatever, just suck it. But I still seek for it and so finally, I get a Ph.D. and I told him, I’m done, you know? And he said, No, no, no, no, like, I’m proud of you like, good job. So it literally took decades to get this man’s approval.
But I almost wonder if he knows that. That is how he would drive me right. Working in the restaurant industry. You look, you work with a cross-cut of all different people that you need to operate in the same direction. And maybe he just realized that inspired me in that way. I love them and I still talk to him today. I’ve got some business dealings and stuff like that. And I always call him to, like, celebrate the wins, even if it’s like, you know, just like a client check. I’m cashing or something like that and he’ll be like, All right. I see you, so very inspiring.
That’s incredible. Joe, that’s incredible. Thank you so much for sharing that. I know this deeply personal, especially with your moms, I appreciate you sharing that. But I think what your uncle did was extremely intentional. I think that on purpose because he knew obviously he was counting, you know what I mean? Because there’s a reason why you went one right after the other? So he would introduce you with a Ph.D. from the very beginning. There’s this principle in NLP neuro-linguistic programming that I’m studying, it’s called chunking. Up or chunking, down.
And chugging down is like, kind of breaking it down more specifically, it’s like. Breaking down your goals so that they’re more achievable. Because if you were to introduce you straight with like a Ph.D. from day one. You probably be like, I’m never gonna get there. Right. But then with the masters and then the other masters, then Ph.D., you almost broke it down for you. For you to get there, which I think is so cool. Wow, that’s incredible. Now walk me through, so that first job that you explain that really kind of shook your world. And how you move on from it a year later, do you left after a year? So what was your career trajectory? Sort of like after that experience? You know, where did you go to?
Yeah, so you know one thing and I know your audiences across Qatar are individuals. But one thing in the cybersecurity world that I work in right now. And I tried to mentor at scale, we could talk about that later. But one of the things that I tell people is you have to network. So important to find a job is networking. Because in reality, if people know somebody that is qualified for the job, you know, in a good fit, they’re more likely to just go directly. Then open a rack and then get a bunch of applicants and have the person. They know get in because it’s just human nature. Like if I could solve my problem today, why would I solve my problem a month from now? So that’s so important for networking.
Well, this situation was kind of similar. I’m working in this business. And you know, my uncle, right, the same guy. He’s got friends who work in the government in DC is a contract that one of these government people is over. Now, this isn’t nepotism, this isn’t spoil system. I, you know, wasn’t given this opportunity. But the opportunity comes up on a software development team making a solution for the Marine Corps. They needed it actually, to developers, but they needed a developer, right? And my uncle said, Well, he knows I’m unhappy at this job and what they’ve done to me and understands. Why I’ve taken it, he says, Well, my nephew or my aunt’s nephew, he’s a developer. He could do this and they said, Well, alright, well just get us the resume.
And so I put the resume and didn’t even go through like a formal job posting type thing. I just got the resume to the friend. The friend gave it to the person who was actually leading the software team and said. Does this guy qualify? Could he help you solve the problem? And they said, Yeah, absolutely. Well, I flew down to DC, met with the team, we hit it off and you know, like. Maybe a week later, I gave my notice and split out of there.
And I went down to DC, again, told my wife, my not girlfriend at the time. That I would be back, I had to do this. Because it was super important for my career. To be able to get out of the small business and go to a large enterprise and get real-world experience. And get contacts and do more networking and this type of thing. I go and do that and I did that for about a year and a half. The project was kind of winding down at that point where you kind of built the solution that we were going to build. And I had an opportunity to move back to Massachusetts, which you know. My wife and I had been kind of long-distance dating. Which if you’ve ever done that, it’s kind of tough and it’s challenging.
And we just really started connecting. We had a strong attraction from the get-go. But right near the end, it started getting real. I made a decision that you know, like. It’s probably good for the long-term health of my relationship to this woman. Who I want to marry to move back. I was able to move back within the same company in start doing a system administration job. Which is not software development. But it’s still within the IT space and actually was taken advantage of some other aspects of my degree. So to me, I was diversifying my career experience. Because again, I don’t 0ever want to be vulnerable, so you can’t say I don’t have experience doing this. And this I have more job opportunities. Because I’m more, you know, marketable.
So that’s kind of how that went. I did that for a few years. So let me tell you before I leave that Marine Corps project in DC, and move back to Massachusetts doing sysadmin, my software got audited by a company. And I’m taking a lot of pride in my work. I’m making great software, it’s doing exactly what the requirements are. Which is how you do software back in the day. And I failed this audit and I said, Well, how can I possibly fail this on it? No. They’re like, Oh, no, you didn’t do this, this and this, and all of this, this was cybersecurity type controls.
And I said when I went through my undergrad and learned how to be a software engineer, none of this was here. Like cybersecurity, while it’s up in our faces today wasn’t really a thing like it existed. But it wasn’t as mainstream as it was today as it was in the 90s when I was going through my degree. So I’m flabbergasted about all this. But I’m like, how is this a thing? And they’re like, Oh, it’s a whole industry and I said, Okay, so like it sparks my interest. I end up going home and doing some research on this. This is actually where I find my passion. Because I understand now that cybersecurity is like this huge field. There’s all sorts of crazy cool things.
And I’m like, building this piece of software that’s going to be used everywhere in the world by all the Marine Corps bases. Yet I’m building it in such a way that anyone could log into it right with a couple advanced techniques and stuff. And I’m like, Oh, my God, like, this is amazing. I love this. I want to know more because it’s like a complicated puzzle. So that’s the moment that my passion for cybersecurity is birth. For the audience. You don’t know me like I am beyond passionate about cybersecurity. Everything cyber security, that’s what my Ph.D. is in cyber security operations. Like it’s just so good.
So I go back to sysadmin stuff, which is still in the same vein makes me marketable. But I’m also from a cybersecurity perspective, you’re more effective if you have kind of it experience. And I’ve got that in software engineering. I end up working in that space for a few years. I move over Sarbanes like Tyco and Enron blow up and do all their things. Sarbanes Oxley legislation comes out, which requires audit work, which people in my industry will call a trashy way to get into the industry. But I go that route, and I start doing audit work on its systems, which is effectively like a cybersecurity bend, but a great entry point. So I do that for a bit.
And then I just want to share this with you because I love this. This is my first cybersecurity job. I’m working at this place work at this place, they finally go bankrupt. The company that I went to, indeed in DC, finally go bankrupt. And I’m looking for a job. I’m walking my dog down the street. I’ve walked past like this repurposed mill, that’s like small businesses, kind of business to business, not storefront business. One of the sciences tbg security, is that a cybersecurity company? What is that? So I literally just walk in. It’s not a storefront. I just like knock on the door. They’re like, Hello. It’s two guys in there. One’s a business guy.
The other guy’s a cybersecurity pen tester guy. They’re like, Hello. I’m like, are you guys information security professionals? I want to work here. I’m like can you just tell me everything? They’re like, okay, so we sat there for like, an hour and a half. They told me everything that answered every question. I had a ferocious appetite because I don’t have a mentor or anything. I just have all these questions that I can’t get answers to. And they’re giving me everything. I’m just like drinking it up. It’s awesome. It’s like full-body massage of answers. Give it to me. And so I leave.
And they end up calling me like maybe a week later, and like looking for jobs on monster.com. They call me a week later, like, Hey, we just want a big contract. Like we could use a junior guy on the project. What do you think? And I’m like, okay. So like, there’s no benefits. Not that it’s like a 1099 cash-only, but I’m like, I’m in. I want it. So I did that for like, whatever the project, I think was maybe nine months long. Now I’m like, fully working cybersecurity, and I’m all in. Yeah, it was good. It was pretty good. And then just to round up the story.
Once that project ends, my wife and I were living together. At this point, were engaged to be married, and I decide it’s too cold in Boston. That’s where we’re living. It’s too cold. We just pick a map out, we’d get one requirement, we pull a map out. What’s your requirement, hers is lives on the East Coast. Hers is live on the beach. And mine is live where it doesn’t snow. And we both agreed that we would have kids so we’d want to stay on the East Coast timezone. So we literally run our fingers down a map until we get to where it stops snowing and the beach. So you just run it down the coast.
The first place we stopped was Wilmington, North Carolina. I spent one week looking for a job, didn’t find one. Move on to the next town, Charleston, South Carolina, spent one week looking for a job, get a job interview, hired, like maybe three weeks later, I move ahead of my wife. And maybe six weeks later, I got an apartment, I got landed, she comes down. And the rest is you know history. Like we’re here. This is what we did.
That’s amazing. I love the trajectory. And I love how you just want them to be like, Oh, this looks cool. Let me just walk in and say what’s up. It’s so underestimated to just be present to show up and be like, hey, ask questions. So a lot of people don’t.
You know, I really feel like I’m just looking for a job. I was super motivated, super interested. And I think it was very obvious to those guys. I’m still friends with those guys today. They went to my wedding. It’s your attitude. It’s the proactivity, it’s the initiative. And Pam, I want to pull back from what I mentioned earlier about having that computer science degree and not listening to my support network. When they’re telling me to just take any job move on with my life, like I wanted to work in cybersecurity, I knew it.
As soon as I started finding out about it, I wasn’t going to. I’m unemployed at this moment, I’m not going to take any job just to pay the bills like I’m going to find a cyber job. And fortunately, I had banked some money. going back to that never being vulnerable again. Now I’m getting to control my life instead of being forced to make concessions that I’m not comfortable with. And effectively being exploited by the system, if you will.
Right. So being in the cybersecurity field that I’m sure a lot of people misconstrue a lot of things about it. What are some of the most common myths and what’s your best advice?
Oh, well, I think the number of truth. Yeah, well, so there’s like two major myths, I guess. One of them is, incredibly popularised by Hollywood. Everybody seems to think that like the hoodie, darkroom, and all you do is like a keyboard. Like, you hit like five things, and you’re into whatever it is, you’re in. That doesn’t happen that way. And it certainly doesn’t look nearly as cool as they make it. Look on the screen. There’s definitely no like, animated Pac man eating the screen, or like access tonight. But I’ll tell you what if they made a Hollywood movie, and you tell it really looks boring, and no one would go look at it.
But it is cool when you do like break into something. So that’s one myth. And then the other myth is kind of tied to that same element of penetration testing. Which is that particular area of the field. A lot of people want to get into cyber security because they see penetration testing. Mr. Robot, for example, they’re like, Oh, my God, I can basically be like a criminal. Or do kind of like cool cloak and dagger, spy stuff, and get paid for it. And you can write, there’s a whole industry for it. But the reality is, that’s maybe like 10% of our industry, and the other 90% doesn’t do stuff like that.
So a lot of people misunderstand what the field is, and what really the depth and breadth of the field are. And once they get into it, they can almost get overwhelmed. I didn’t realize it was all this. And there’s getting to be more jobs of the penetration testing variety. But a lot of times there haven’t been that many jobs. So there’s a lot of people wanting to do it, because it is the coolest part of our industry. That’s really probably two of the misnomers or myth.
So cool. It’s so interesting to me, because when you’re not in the industry, and you just see it from the outside looking in, you’re just like, cybersecurity. It’s like, you think about anonymous, and how you can hack into all these things. And you know just like you said, in a dark room just going like this.
Yeah. Well, I mean, at this point it used to be like that, right? Like in the 80s and 90s. It is very much like that, which is part of the reason why the whole myth came to be. But at this point, the cyber criminal organizations are advanced. And they’re almost like businesses like you and I get dressed in the morning and go to the office, like they do, too. They have numbers that quarterly numbers they got to hit and recruiting and retention and attrition for staff and stuff like that. I mean, it’s really evolved into a multibillion-dollar criminal enterprise. So you have to imagine that they need to manage it a certain with certain expectations. And what
And what are some of the most practical things to know about cybersecurity just like the average person that they should know? Cuz I feel like there’s a lot to know about this world becoming more digital.
Yeah, it’s funny you say that. So I do go out in the community and offer like, basically pro bono talks to like, healthcare groups or Chamber of Commerce and stuff like that. And I’ll always share best steps. Usually, I walk them through, like, what is really going on. I know, it’s almost perverse like watching their faces just like shock and awe. And like usually there’s a couple who are just like, Oh, my God, No, I can’t wait, it’s fine. So really, the number one thing that really anyone should do is enable something called multi-factor authentication. It comes in various forms but just put simply, everybody uses username and password.
Like everything, you’ve login to probably has a password at this point. Well, multi-factor authentication or two-factor authentication is something that you can kind of toggle on. And it’s accounts specific. So you’d have to toggle it on at your bank account, on your email account. But it’s a second form of basically verifying that identity the person logging in, is in fact you versus a criminal, versus a threat actor of some sort. And it can come in different ways that can be a text message. It can be a six-digit number on an app that rotates which is pretty common. I implore people to put multifactor on the following things, definitely your bank accounts.
So your personal banking, your business banking, if you have that, also put it on your email. Because if you think about it, when you go to reset your password because you forgot your password, it typically sends an email with a hyperlink that you click on. And it allows you to change your password. So if you’ve put multifactor on your capital one bank account, and I get into your email, I’ll just go reset your capital one bank account password and turn off multi-factor.
And then walk right in, then change your password and lock you out of your account. I’ve already locked you out of your email also at this point. And if you’ve ever tried to convince Google. Like, call someone at Google right now, like you can’t. So you have to have all these mechanisms in place to kind of make sure that you’re protecting yourself from bad stuff happening. Because it does happen quite often, unfortunately.
Right. That’s our man. And like I said, as our world starts to go more and more digital, you got to protect yourself, right? You got to protect yourself.
Absolutely. You should. I know. It’s inconvenient. But like putting a pin on your phone, for example. Like that’s, I know, it’s inconvenient, because it’s just cooler to like, swipe your phone up. Like you leave that in an Uber. And if you don’t have the pin on there, the second you leave it in the Uber, you’re like, Oh my god, what was on there? What could they do? You have to think through everything? But like, you can just walk away like, there’s nothing there. The phone’s encrypted because the pins on there, no one’s gonna get the pin.
So an ounce of prevention. Unfortunately, in my industry, a lot of people don’t see the value in cybersecurity right now. I’m not saying they don’t see any value, they don’t see the true value of it. But when they get breached, or they get compromised, they get ransomware. They overcompensate because they see the value in it. It happens time and time again like you could pay me, pay me $200,000 for a year of work, and I could get you in a really great place, but you don’t pay me.
And then a year goes by nothing happens but a year in one day, and you’re like, Oh, we save 200 grand. Great for the bottom line, but a year in one day, you get ransomware for $4 million. You’re like maybe you could talk to the threat actors down to $2 million. You’re never going to talk them down to 200,000. So it’s always hindsight. It’s always crystal clear in the rearview mirror when you’re looking at what you could have paid versus what you end up paying retroactively.
I’m like, hold on. There’s questions here. Ransomware is what does that mean? Like they literally will attack all your stuff. And then you have to pay a ransom.
Like, oh, yeah, thanks. Great question. This is actually the number one. This is the number one malicious attack in the world today. And you could argue like the number one and number two because it’s that prevalent. So real quick, with the idea of cryptocurrency being anonymous. It’s very easy to transfer money or have money transferred to you and not have a trace to you. So the whole idea is like you can extort people or hold ransom, and they can’t get to you. Colonial pipeline just happened the other day. That was a pretty big major news story that was ransomware. Pretty much every major cyber story right now is ransomware. Here’s what ransomware is. We use encryption, you know, good people use encryption to protect files from them being accessed.
So I send you a file, Pam, I encrypt it, because it’s my tax returns or whatever. And if someone gets your phone, someone gets in your email, they can’t see it. Because it’s encrypted. So threat actors have figured out, well, this is super effective. What they do is they go, they break into the system. They either steal your username and password or the guests your username or password. There’s a million ways to get into your system, they get in, and then they deploy ransomware. Which basically runs through and encrypts every single file on your computer pictures, music, ledger, accounts payable, everything. It leaves your operating system intact because it needs to boot up for the following. All your data is encrypted. If it can find a file server, by the way, you’re really screwed.
So it’ll write a note to your desktop that says, open me. And when you open it, you’re going to crack up with this. When you open it, it says, Hi, all of your data has been encrypted. For a fee, we will give you the keys to decrypt it and go to this website to get more information. Now, this is where you’re going to crack up. You go to the website, the website will tell you how much the ransom is now. Oftentimes threat actors will do their research to understand how much your business can actually pay. They’re not going to ask my small business for a $4 million ransom. But they will ask cool and pipeline, which had a $1.5 billion revenue in 2020 that you can google on the internet for a $4 million ransom.
And they’ll pay that right but they might charge me $18,000. So they make realistic ransom amounts, you go there. I don’t know if you know how to open a bitcoin wallet, Pam. But if you don’t, this is the part that’s going to kill you. They literally have customer support live chat with a customer support rep from the criminal enterprise. Who will walk you through how to sign up and get a wallet. If you want to negotiate with them, they’ll have someone who represents a negotiator, come on from their criminal enterprise. And kind of talk through what kind of number you’re going to settle on. Because you always negotiate with the ransom actors at this point. Then you make the transfer, which like a wire transfer effectively, and they send you the keys and you hope the keys work.
Now granted, it’s in their best interest to the keys to work because word gets out that like Pam’s ransom group doesn’t give the keys. Then there’s no point in paying the ransom anymore. You just rebuild from scratch, which is another option. You could just not pay the ransom and rebuild from scratch. But what we’re beginning to find out or what we found out is businesses. There’s two things one, maybe they’re not even doing backups, or the backups haven’t been working. So you don’t even have anything to backup from. Or this is a real reality of it that a lot of people don’t comprehend. Let’s say I encrypt three sites, you got three business sites, and 1000 computers. It takes time to rebuild all those computers, like weeks, you need humans to rebuild them.
It’s not like you just it’s not a Disney movie, you don’t snap your fingers, and it’s just done. So how much time what’s the lost revenue? How much does it cost and labour to hire those people? How much reputational damage are you doing? By being out of business? Do you have any responsibilities to third parties that you’ve obligated yourself to that have financial penalties if you do not meet those SLA s? etc? You literally have to do calculus and figure out is this financially prudent for us to not pay the ransom or to or is it cheaper to pay the ransom. And again, the threat actors do their homework, they’re very sophisticated now. And they pick a value that is within your wheelhouse and they try to find that sweet spot where it’s more valuable to pay them than to not pay them.
That’s what ransomware is and it’s so wildly popular right now. It’s even gotten to the point where these ransomware threat actors, the really sophisticated ones have actually built affiliate programs. Where they’ll host the entire infrastructure and do the financial transactions and everything. All I have to do is send Pam, malicious email and get Pam to open it and run it on her computer. And if I can take over Pam’s computer, business, and you pay the ransom, then I get a cut of like 85% of whatever the ransom was paid. And the threat actor group gets 15% as a kind of infrastructure management expense. That’s where we’re at at this point.
Oh my god. That’s insane. Because I’ve heard the term hate ransomware. And I never knew what that was. Oh, my gosh, important for anyone listening especially It was a business owner. You guys better protect because these people are not playing?
Yeah, it’s bad. I mean, it’s Atlanta got shut down a couple years ago, they take out municipalities. Because they have very little in the way of cybersecurity investment. It gets way worse to like, you might think I’m a small business, no big deal. But the threat actors have also realized that some people aren’t paying the ransom anymore. So they’ll exfiltrate your data, they’ll take a copy of it before they encrypt it. And then they’ll say, if you don’t pay the ransom, we’ll either release the data or your emails or something. Because maybe it’s embarrassing. We’ll sell it to your competition. Maybe you’ve got intellectual property or some business market advantage. We’ll sell it to your competition, or we’ll sell it on the dark web.
Maybe they get your username and passwords and stuff like that, we’ll sell it on the dark web. And we’ll tank your reputation with your customer base. Because we’ve basically breached all of their data on your behalf. So it sounds despicable and deplorable, you got to tip your hat. Like they’re very thorough and very thoughtful about how to force your hand into giving them money.
It is so nuts to me. I’m like taking this all and oh, my gosh, to back to your question. This is the last question to my favorite question. Which is what would your older self tell your younger self based on what you know, now? Aside from cyber security read somewhere?
Yeah. Oh, man. It’s so funny. Because when I was younger, I really thought I had it figured out I thought I was hot stuff. And I was just an idiot. I think if I could go back, I wouldn’t change your thing but I would go back and say, why are you being an idiot? Like, stop being in a like, I’d probably use the same kind of motivational technique that I have now. Or at least now that I’m aware of telling me that I can’t do it. It’s like, yeah, just keep doing what you’re doing. Because you’re obviously not going to be successful or something to that effect.
I certainly wouldn’t go back and say keep doing what you’re doing. Because it’s going to turn out all right. Yeah, I would go back and maybe I would tell myself to invest in Netflix instead of Fannie Mae. Because I did that where Netflix was like, like $5 a share and Fannie Mae was $5 a share and then the housing crisis happened. And I stole that money and Netflix turned into Netflix. But yeah, maybe a little like Back to the Future to kind of financial advice for the future.
I love it. And now what’s going on in the next six to 12 months in your world,
I really obviously love cybersecurity, I will work at nine to five but on the side or whatever. I have a YouTube channel of which really gives to the community called simply cyber. So if anyone listening is interested in cybersecurity or learning how to get into cybersecurity, check that out for sure. But through that vehicle, I’ve met tonnes of people and I’m continuing to grow the channel. I’m continuing to collaborate with people. But one individual that I met along my journey, very excited. She was a guest of yours, Jax Scott, that incredible story of Jax Scott Special Forces. And just you want to talk about blasting through adversity.
I’d recommend anyone listen to that particular episode. She and I and two other individuals actually wrote a book called cybersecurity masterplan. It really is kind of just complementing what I’m doing on the YouTube channel altogether. It’s literally a step-by-step blueprint on how you can go from figuring out if cybersecurity is a good fit for you. All the way into leveling up your career and mentoring people who are trying to get into the field. Like basically a full circle thing where you can have the whole package the whole career, that book is written to provide that knowledge.
I love that. Thank you so much for sharing that. And now we’ve got to know where to find you and your awesomeness, and we can keep up with all the amazing work that you’re doing.
Oh, yeah, I welcome anyone to reach out to me. So like going back to the comedian days, I love social interaction. You can get me on LinkedIn. I’m definitely there all the time. So I’m always on their kind of contributing and interacting with the community on YouTube. As I mentioned, simply cyber is my YouTube channel. I do have a Twitter account. It’s Gerald_Auger. They all kind of linked to each other. But I’m less active on Twitter.
I’m kind of one of the rare infosec people who’s less active on Twitter. That’s quite a popular platform for infosec people. That’s basically the best place to get me in. If you tell me mention that you heard me on this show. I’d love to connect and get your thoughts and help you if cybersecurity is your back. I think that’s how I’m best equipped to help people if they want to either get into cybersecurity or really understand how it could be a passion. And really like I don’t work like I live my passion and I get paid for it. It’s awesome.
I love that. Thank you so much for sharing all of that. It was such an honor to have you here today. Thank you so so much, my friend.
Tune in to the episode to hear the rest of my incredible interview with the amazing Gerald Auger.