James Morrison is the Senior Director of Security Programs at Intelisys, a hybrid technology distributor owned by ScanSource. For more than 20 years, he was a Computer Scientist for the FBI, where he served as a local tech expert to Special Agents and Task Force Officers, assisted in computer intrusion investigations, and reverse-engineered software to determine the source and purpose of malignant codes. James was also a UNIX/Database Administrator with the US Air Force. 

Available_Black copy
Available_Black copy
partner-share-lg
partner-share-lg
partner-share-lg
Available_Black copy
partner-share-lg

Here’s a glimpse of what you’ll learn: 

  • [0:00] Rolando Rosas welcomes James Morrison, an ex-FBI computer scientist 
  • [3:03] James talks about the cyber threats that plague the FBI — and how cyber attacks have evolved
  • [8:28] How AI accelerates cyber attacks on products
  • [10:59] Barriers to robust, company-wide cybersecurity programs
  • [17:25] The sophistication of modern cyber attacks
  • [23:24] Why you shouldn’t rely on insurance companies during a cyber attack
  • [27:45] Approaches to negotiating company security programs
  • [41:08] A rapid-fire segment with James

In this episode…

The internet’s rapid growth has fueled elaborate and sophisticated cyber attacks using AI, which can hack into company software systems at alarming speeds. With the rising rate of threats and attacks, companies struggle to identify vulnerabilities, and 71% of organizations lack knowledge of proper cybersecurity measures. How can you cross-collaborate with internal teams to build a robust cybersecurity program for your business?

Having successfully managed major cyber threats to the FBI, computer scientist James Morrison understands firsthand the dangers of relying solely on insurance companies to mitigate damage caused by attackers. The companies often don’t reimburse everything, and they can’t cover reputational damages or devastation resulting from individuals exploited by the attackers. Instead, companies must take a proactive approach by advocating for robust security measures. This involves separating IT from security efforts, aligning these efforts with organizational goals, obtaining external expertise, and communicating company threats in a universal language. 

Welcome back to What The Teck? with Rolando Rosas, who interviews James Morrison, the Senior Director of Security Programs at Intelisys, about the importance of security in protecting your company from growing cyber threats. James delves into the sophistication of modern attacks, the cyber threats that plague the FBI, and why companies struggle with cybersecurity.

Resources mentioned in this episode:

Quotable Moments:

  • “Hackers going after critical infrastructure is the monster that we’re talking about.”
  • “In the United States, just from your email address or phone number, I can find out where you live, your kids’ names, your pets’ names.”
  • “If it’s not memorable, it’s mediocre.”
  • “We’ve got to start realizing we’ve got to get allies across our corporation.”
  • “We’ve lost the gift of conversation; we’ve lost the gift of compromise.”

Action Steps:

  1. Separate IT and cybersecurity roles within your organization to ensure thorough security attention: This step is vital for maintaining dedicated security efforts and avoiding the dilution of focus when IT personnel are overburdened with dual roles.
  2. Keep abreast of cybersecurity trends and potential threats by regularly reviewing industry-specific reports and staying informed: Being proactive helps identify potential vulnerabilities before they are exploited.
  3. Develop communication skills tailored to understanding and influencing the decision-makers in your organization: Speaking the language of risk and aligning cybersecurity needs with the company’s mission are essential components of effective advocacy.
  4. Establish a cross-departmental security council within your company to discuss and address security challenges collectively: This action promotes collaboration, aligns security initiatives with organizational goals, and addresses the critical need for interdepartmental support in cybersecurity.
  5. Seek expert guidance when faced with challenges beyond your current capabilities: Asking for help enables you to address complex cybersecurity issues more effectively, leveraging specialized expertise rather than grappling with them in isolation.

Sponsor for this episode…

This episode is brought to you by Global Teck Worldwide

We are a full-service online retailer of professional headsets, webcams, and speaker phones from top manufacturers. 

Since 2002, Global Teck Worldwide has provided affordable, high-quality communications equipment and customized telecommunications services to organizations of all sizes.

Our specialists have invested hundreds of hours in technical training, certifications, and seminars to assist customers with purchasing decisions. 

We have served thousands of customers in a variety of industries with value-added services, including ergonomics, employee work accommodations, and hearing-impaired services. 

If you are a government agency, small business, or Fortune 500 company, contact us at https://circuitloops.com/contact-us/ to discover a solution that fits your communication needs.

Episode Transcript:

James Morrison  0:00  

We saw it in Ukraine. Russia attacked the Ukrainian power grid prior to invading the country, we had hackers going after a critical infrastructure. So when the Ashley Madison breach happened, that hacking group released the entire list of people, and this is exactly what they did for MGM Grand, the United Healthcare CEO, went before Congress and got thrilled. I can’t tell you the number of companies that have gotten exploited from

Intro  0:24  

James Morrison is an ex-FBI computer scientist within the Cyber Crimes Task Force who specializes in investigating the hacking of computer systems and malicious software used by cyber criminals

James Morrison  0:36  

in the United States just from your email address or from your phone number, you’d be surprised the amount of information I can find where you live, your kids, names, your pets, names, all of these things. If you look at the data in a hospital, it is actually the perfect recipe for me to steal somebody’s identity. I can steal their name, social security number, addresses, financial information, and then I can even dig a little deeper. I can find

Rolando Rosas  0:59  

Hold up a second that that’s that’s serious business data security is

James Morrison  1:03  

really the monster that we’re talking about. Generally, it takes between 60 and 90 days to patch a vulnerability. Well, if the criminals able to exploit that in minutes, is that faster? But now with AI, especially AI that’s attached to the dark web,

Rolando Rosas  1:18  

what? Welcome to What The Teck? your gateway to business strategies and tech secrets shaping today’s workplace. Today, I have the pleasure of talking to a former computer scientist at the FBI. He’s going to share his experiences while at the FBI and working on government agencies that dealt in things, all things security. And one of the more important things is, how do you get learning lessons and apply those in the world that we all live in today, especially for those that have to manage it, systems, networks and so forth. And how do you get that sold to the C suite? How do you tell the story of a project that’s important to the organization, but put it in a way that the folks in the C suite or management are able to get it fast tracked? I want you to put your hands together and let’s welcome to the show. James Morrison, welcome James. Hey, thank you. Thank

James Morrison  2:20  

you. Thank you for the invite.

Rolando Rosas  2:22  

Hey, glad that you could join me. Where are you checking in from? Today,

James Morrison  2:27  

I’m still in Houston. We’re ready to dodge a little storm that’s coming in on the southern tip of Texas, but we’ll just get some rain from it. That’s pretty normal.

Rolando Rosas  2:34  

All right. Well, you know, let’s jump into it, because I want to dive into that experience that you had while you were at the FBI. You know, you spent decades at the FBI and looking at threats, having threats come through. What would you say were some of the threats that I wouldn’t kept you up awake at night, but what were some of the threats that consumed the agency while you were there that were of significance. Well,

James Morrison  3:03  

it’s interesting was, I think there was a changing mission. Right when they created the computer scientist program in 2012 they knew that they needed more technical bodies to help with the investigations. Investigations were becoming increasingly around malicious software. Malware was kind of on the rise. We saw very intense use of skill sets that most of our agents didn’t have. So back then it was, you know, it was that nation states, you know, Russia, China, Iran, a little bit at that level. But we started to see that change. I think, as we looked in 2013 we see the, you know, target attack, eBay, Yahoo, some of those attacks come. In 1314, 15, we started to see the rise of, really, the criminal elements. And they started to say, you know, they started to be much more financially motivated. And so that that, when you start seeing financial motivation now, you start saying, Okay, what are they what are they going after? What’s their target? And we really started to see the targeting of things like infrastructure, energy sector, power plants, we had, we had hackers going after a nuclear power plant here in Houston, here in Texas, South Texas, as well as up in New York. And they were, you know, they were trying to launch phishing attacks. And most of that, we thought, was reconnaissance based where they were trying to dive in, see what they could see, and see if they could cause any damage. But that’s that that started to really raise some questions in our mind, because critical infrastructure isn’t something you normally think about from a cyber security standpoint, we started to see that increase in water treatment plants. We’ve seen some water treatment plants get hit. We started to see waste treatment plants. People don’t always think about it, but waste treatment plants are very soft underbelly in particular and and so Homeland Security has really started to rise up and become much more interactive with those groups. So those are the things that really kept us up at night, was the use of of a cyber attack to take down that critical infrastructure. We we saw it in Ukraine, and Russia attacked the Ukraine. And Howard grid prior to invading the country. And so I think that’s some of those things that really kind of keep us up at night. Was, how far, how deep are some of these teaching states and these criminal enterprises into some of those critical infrastructure networks, and that that conversation is always been ongoing,

[Continue to Page 2]