True life CEO story on his company was hacked and the subsequent unbelievable long-term personal challenges.
Guest: Gary Berman, CEO of Cyberman Security
Website | https://www.cyberheroescomics.com/
On LinkedIn | https://www.linkedin.com/in/gary-berman
Host: Dr. Rebecca Wynn
On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/rebecca-wynn
________________________________
This Episode’s Sponsors
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
________________________________
Episode Description
Listen to this CEO's fascinating journey from a marketing and consumer research background to the world of technology. He recounts the pivotal moment when his company was hacked by insiders from a criminal organization, leading to immense challenges and a five-year struggle with the hackers. He emphasizes the importance of taking proactive measures to protect one's reputation and intellectual property in the face of cyber threats.
________________________________
Resources
________________________________
Support:
Buy Me a Coffee: https://www.buymeacoffee.com/soulfulcxo
________________________________
For more podcast stories from The Soluful CXO Podcast With Rebecca Wynn: https://www.itspmagazine.com/the-soulful-cxo-podcast
ITSPMagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
Dr. Rebecca Wynn: [00:00:00] Welcome to the Soulful CXO. I'm your host, Dr. Rebecca Wynn. We are pleased to have with us today, Gary Berman. Gary is the CEO of Cyberman Security and refers to himself as the "Forrest Gump of Cybersecurity". His 30 year career focused on marketing communications and consumer research. He began his career as the founder and CEO of Market Segment Research, a leading firm specializing in the demassification of American marketing.
Clients included AT& T, Best Buy, Ford, General Motors, P& G, and many other Fortune 500 firms. His research on multicultural marketing led him on an appointment to President Clinton's Commission on Race. He pivoted from victim to advocate to help others avoid the life altering consequences of hacking. His educational vehicle is a superhero comic series animated platform, The [00:01:00] Cyber Hero Adventures, Defenders of the Digital Universe.
Additionally, he hosts the Cyber Hero Adventure Show, where he shines a light on true cyber security heroes who toil in anonymity to keep all of us safe online. Gary, it is great to see you again. Welcome to the show.
Gary Berman: Thank you so much. What a privilege to be here with you.
Dr. Rebecca Wynn: Your background is fascinating.
You have a long background in marketing and then you went ahead and you decided to go ahead and make a complete career change to technology when you didn't have a big background in it. Can you walk us through that? Cause there was a lot of struggles, but it's a very inspirational story.
Gary Berman: Yeah, thanks for that.
And let me begin by saying thanks for who you are and what you do and most importantly, why you do it. I, didn't really make the decision. The decision was actually made for me. Because as you mentioned, I was the CEO [00:02:00] of a very successful marketing, communications, research and big data firm.
Things were going great. This is about 20 something years ago now. And one day we were hacked. And I had no idea what was happening, but I could see the impacts of it. And so it turns out, like layers of an onion, over time, we learned quite a bit about what had transpired at that time. And so what we had learned is that it was led by a group of insiders.
So commonly referred to as insider threats, and they were actually part of a criminal organization that I'm unable to identify in public. And like I said, like layers of an onion, we started seeing anomalies. In some of our data, and it became incredibly egregious [00:03:00] when one day I got a call from our joint venture partner who, by the way, we had sold 49 percent of the company to the largest marketing communications in the entire company in the entire world, called the WPP group based out of London, things were going really extraordinarily well.
And we got a call from our partner screaming at me. Actually, she said, What the blink is going on with your company and my jaw dropped I had a stellar reputation with the some of the clients and government agencies that you had previously mentioned, and I could not believe my ears. So I responded.
What are you talking about? He said you I just got a call from one of your people that there's rampant fraud in your data collection operation. We had about 100 call center stations at that time where we did market research and big data analysis and things like that. And I [00:04:00] go, what are you talking about?
Who called you? She said I'm not going to name who it is, but and here was the kicker. Wait for it. He said that we were under investigation by the FBI and that I should cease all communications with you. I almost fell off my chair. And so I responded rapidly. I said, okay, I'll call you by the end of the day with an update on what we understand to be the situation.
So I hung up. I had to catch my breath talk about soulful CEO or CXO. I, had that moment where I was searching for everything I had and I was hoping that God was watching out for me because I had no idea what was happening. I was terrible at technology as you mentioned.
Plus, things like hacking were not part of the zeitgeist of the [00:05:00] world at that time. Facebook had just been launched and things like that. Anyways, I called an all hands meeting, and I explained precisely what I had just heard, and so we took some, two immediate actions. One was, we did a complete audit of the research project that we were working on, 100 percent validation, and we found literally zero anomalies, zero errors. And then the second thing is I, without even asking, refunded $185,000 USD to our client, which was a very big auto manufacturing company, without even asking. Which was a lot of money for us, but my reputation and our company's reputation was everything. That's all you have in a intellectual property oriented sort of business and stuff like that.
So anyways that happened and I went through about five years of unbelievable sort [00:06:00] of torment from the hackers. They had set up their own company without me knowing about it while we were paying them. And they were stealing our client information, they were stealing our intellectual property. They redirected the phones that were supposed to come into our office to their exchange that they set up, representing that they were us.
Another way of thinking about it, I have since learned, is it's like a massive identity theft, but it was also a corporate identity theft. Which is an unusual and so I had to close the company did the best we could with the resources that we had available at the time, and I lost everything and I even had to lose my home and the devastation for my wife and our family is rather impossible to calculate.
So I'll stop there and just say that's part [00:07:00] one. Of why I subsequently decided to pivot into learning about this stuff and then ultimately to try to help people avoid what happened to us.
Dr. Rebecca Wynn: That is just amazing. And I, even though you and I've spoken many times. I didn't know the gravity of that full situation.
So thank you so much for sharing that. How in the world did you pick yourself up from that and move back forward? Cause that was tough.
Gary Berman: I appreciate that question. There's a lot to this story, so I'll just give you a short answer. I'm still picking myself up. I think this is after 20 something years.
This is the kind of damage that is life altering and not just for me. I had to lay off a hundred people. Just to clarify. And about 10 years went by and I worked on other things. I [00:08:00] worked on veterans causes helping them reintegrate back into civil society after serving in theater.
My wife and I started a children's education, a tutoring company for kids and things like that. So 10 years go by, and finally, literally, just to put food on the table, because I ended up losing a lot I, my wife and I made the decision that I would see if I could re enter the marketing communications research ecosystem that I left 10 years prior.
And so I put out a few emails to old people from 10 years earlier, haven't talked to any of them. And I was incredibly humbled by the response and so soon I was invited to be a keynote speaker at a marketing conference. And so I did, and it went great. I had this big stack of business cards.
Gary, where have you been? Are you still doing these big reports or can we get a proposal from you? I couldn't believe it. I was so [00:09:00] grateful. Came home, almost like tears of gratitude. Woke up nice and early the following morning, ready to go. Phoenix, rising from the ashes. And I go to LinkedIn, which is not something I'd ever really used.
And I happen to notice that after 10 years of no communication with any of the alleged perpetrators, we knew who they were, which is different than proving it in the judicial system, which is another whole show. I'm a huge fan of law enforcement, but they are under resourced and they have to pick and choose what they can do.
Anyways. After 10 years of no communications I, affectionately referred to these people as goofballs. And the reason I named them that way is it just takes the sting out of it a little bit. And so not one, but two of them checked in my LinkedIn profile on the day after I gave my speech. So either that was random or they were at the conference.[00:10:00]
Or they heard that I was speaking at the conference and something like that. And guess what happened? boom boom, The attack started again. We subsequently identified 19 attack factors. And it wasn't just in the digital universe. It was also physical stalking. And a very comprehensive series of some people refer to what had happened as like being in a Truman Show.
It sounds nuts, and I'm the first one to say it. And throughout that journey, I said, okay this is my imagination. There's something wrong with me, which is a very typical thing that victims do. And I learned two things about being a victim. Number one is that there's so many victims of so many injustices in life, so it's not unique.
And the second thing, which is answering your question, how did I pivot is it's just exhausting. And I decided, okay, take a deep breath, muster the resources that I have at the moment, [00:11:00] which were de minimis. and get into cyber security. So I bought a book called Cyber Security for Dummies thinking, okay those yellow books, like with the black stripes on them.
And I said, I'll start there. I'm very self aware. And this was at 57 years of age. So I don't know if you can teach an old dog, new tricks, but I was barking. Page 1, page 2, by page 10, Rebecca, I was lost. So rather than quitting, I found a company that put it out, Palo Alto Networks. I got the CISO on the phone and the only reason I got him is after 17 times calling my name's Gary.
I hear on the phone. Oh, hey, John, how you doing? He picked up the wrong line. There's no way I was going to quit. So I got him and I explained to him what happened, that I was lost after 10 pages and he busts out laughing and I'm a funny guy having [00:12:00] lost everything. Better laugh than cry. Or you I suppose you could do both.
And I said, may I ask why you're laughing so hard? And I'll never forget. He replied. It's not really for beginners. Then why do you call it Cyber Security for Dummies? And that's when I realized it would be a better way to distill complicated technology information into something people could get their heads around at least a little bit.
And I happen to see Spider Man light bulb goes off superhero comics. The only problem is there were three problems. I knew nothing about the subject. I knew no one in the industry and I knew nothing about comics. I wasn't even a fan but other than that, I thought I was perfect. My wife thought I was just crazy.
But I said, I'm on a mission and I'm going to just do this. So I went to linked in again and one at a time. I did a search by the title C. S. O. And I got all these people, and I invited them to connect with me on LinkedIn, send me real life stories of cybercrime, answering the [00:13:00] questions what happened?
What were the consequences? What were the lessons learned for possible inclusion into some kind of comic or something? And to date, I have 23,500 followers on LinkedIn of the most important people in the world. I went to 53 cybersecurity conferences in a period of just under five years at my own expense.
And I did start learning a little bit about many, things, but I didn't really know anything in that. I became a reporter for a magazine. And so the whole sort of cybersecurity ecosystem turned towards me because I could write stories about their solutions or whatever whatever it was and conferences were and continue to be my, my, my beat.
And then COVID hit. Oh, no more conferences bam, right down to the ground again. I said, okay, what do I do now? So I said, I'm going to do a show and I'll use air quotes. What is that? And [00:14:00] just started listening and learning from the smartest people in the world, such as yourself. And I've done over 300 interviews with these amazing people.
And I'm incredibly grateful for this opportunity in my life at this stage.
Dr. Rebecca Wynn: What did you learn by going to conferences? Because I find there's, a couple of conferences. There's conferences where you know that people are going there because they want to get out of the office and eat and stuff like that.
I see them on their phones. They're not really going to the sessions or listening. And sometimes I hear people give the same talk. I've heard them give for the last 20 years. And, then so you've hedged. Hodgepodge. I tell people, you're going to go to a conference, have objective, the reason why you're going lessons, you want to learn key people that you want to connect with. That's how I go to conferences. But what did you see during those 53 times and what were your objectives to learn a new field? As you said, you didn't know anything about.
Gary Berman: That's such a great question. [00:15:00] I'll tell you what I'm doing next week. I'm going to the M S P conference in Washington, DC and the process that I developed very early on was based precisely on your assessment.
And so what I do is I look at who the speakers are, and because I'm a jour journalist, I'll use air, quotes around that. I can set up interviews right after someone speaks. And so that's what I've always done. I always just went for the speakers, and I seldom went into the vendor booths because, for me, I don't really sell anything, per se.
I'm legitimately an advocate, and I've demonstrated now over seven years to earn some trust in the zero trust industry. And so I go I select the speakers and the kinds of topics that I think will be beneficial to where I was and am on the, on trajectory of the learning curve and I go to those events, but then I interview them afterwards [00:16:00] which, is great for them because it shines the light on them and, it's also symbiotic for me to learn and things like that.
So my whole time, I only spend time with thought leaders. Having said that, sometimes I'll do an interview with a vendor.
So that's my strategy. I stay out of, for the most part, stay out of the vendor. Ecosystem. First of all, I, you know this better than me. It's like sensory overload. When you go to a big conference oh my God and from a marketing communications standpoint, it's very hard to differentiate vendor one from vendor 400 maybe about 15 percentage points difference when you drill down to and stuff like that.
Dr. Rebecca Wynn: I usually spend time with vendors, but I can go very quickly. I look to see if it's the same or someone's got, Oh, that's a cool feature. Oh, wow. That's cool research that you just did. Tell me more about that. And then what I found out really quickly is, did they send the people? Who [00:17:00] really could do the deep dives with me along those lines.
And that's how I test them, but I always do the vendor walk, but I do it to look to see what is the upcoming cool things. I will be honest. If it's super cool swag, I'll grab it either for myself or I donate it to someone else, but I do go ahead and do the vendor quick.
Quick walk, but I won't name the vendors, but there are some thought leading vendors out there. Those are the ones that definitely, and they'll pull to the side. Like you said, they'll pull to the side and you're like, Hey, can you go ahead? And, can you explain to me more about that? And they'll go to the side and they'll do a deep dive with you.
I think. Those are the great ones. . Have a conversation with me. And then let's determine if we won't follow up conversations. I think there was a responsibility on both sides.
Gary Berman: There, there's It's, the same, but slightly different. I have tremendous respect for everyone in this ecosystem and there's a primary reason for it.
They know a lot more about it than I ever will. So when I'm, if I go through an event [00:18:00] space or something like that, I don't even know what I'm looking at, plus or minus so I can't ascertain the validity of someone's solution per se, but I can listen and learn to thought leaders who are already vetted, by the venues by the conferences.
They've already, through their own criteria, decided, okay, Susie or John are good speakers on these topics. So that's why I gravitate that way. Many of them are vendors, obviously I understand the economic incentives for these kinds of relationships and things like that. And I, do have a lot of respect for them.
It's just not my beat.
Dr. Rebecca Wynn: I think the important thing is, if you're going to a conference, if you're going to a webinar, what is your purpose for going there? What is it that you want to achieve? I do that for staff. If they go, I just want to go to this conference, I'm like, what are the reasons for the conference?
What are the reasons why you need to go to the conference? What lectures or whatever do you want to go to? Because what I asked them to do is then I [00:19:00] asked him to do a brown bag lunch to share with others. If it's just that I need to recharge, maybe that's still good for them to go because being around your peers where you can see that, that people are in this battle, this war all the time together is a good way to recharge.
But sometimes there's other ways to do it. As well, too, so I think having those clear objectives and what you want to obtain out of it is really important.
You learned a lot of things about resiliency as you ran a very successful company, you ran into a nightmare situation, picked yourself back up, had to go ahead and reach back out to people again, which is.
It's always tough, right? Because we have our ego and the same thing is we don't know how to, we're going to go ahead and be accepted by others. And then being able to go ahead and find a niche that you're doing really [00:20:00] well. And what key lessons have you learned going through that cycle that you can share with someone else who might be somewhere in that cycle and they need that encouragement?
Gary Berman: Yeah, for sure. I really appreciate that insightful question. So quick anecdote about what I learned was it's important to have psychological air to breathe and there are different tools for your quiver to do that. And one of, one of my most valuable tools was from a quote from Albert Einstein, when a reporter said, Mr. Einstein. On one hand, you have science, and physics, and mathematics, and all that. And on the other hand, you have people who believe in some universality, or God, or something like that. How do you reconcile those two worldviews, he was asked. And he said, after thinking about it coincidence is God's way of remaining anonymous.
And while I don't sit around in a yoga position [00:21:00] hoping for things to happen, I do have my antenna up for moments, such as when you and I first met. I could tell there was a spark there, but that's not enough. People can tell like when the hair on your neck stands up or something we, we have intuition, I guess you can call it, or many different words to describe it.
It does require some kind of action or insight. Which then requires some resources might be education, might be time, might be money it might be friendships it might be people I fill in the blank or for any of you and your listeners and then you have to have the courage to do it to actually take at least a baby step in the direction that you see.
So for me. My big moment in cybersecurity happened when I was invited to give a speech at the Gartner Security and Risk Management Conference in Washington six or seven years ago now. [00:22:00] And I've been a public speaker my whole life. That's my core competency. I'm really funny and I love making it about the audience.
And so I'm really good at it. And I don't never get nervous except for this speech. And I was literally shaking. I could feel my heart pumping, the adrenaline going fight or flight like what to do. And the reason is that I was going to share, I'll use air quotes, evidence of what happened to me to a cybersecurity offense excuse me, audience who could call.
BS or maybe it's a misattribution or false positive or you didn't upgrade or update or whatever. All the millions of reasons that I could be wrong and I had to have the courage to do it. And so I did, I spoke for almost an hour and guess what happened when that was done?
Dr. Rebecca Wynn: Hopefully you didn't get picked on.
Hopefully that they appreciated what you had shared.
Gary Berman: Yes. I got a standing [00:23:00] ovation.
Dr. Rebecca Wynn: Nice.
Gary Berman: And then afterwards, like no exaggeration, 30 or 40 people were waiting in a line to talk to me. And they were asking me questions like how did that Bluetooth happen? That attack happened? I said, how am I supposed to know?
You're the one who's supposed to know this stuff. What are you asking me for? And it was like that. And it turns out I was an early sort of target of pretty sophisticated stuff that. Even to this day people wouldn't believe, and I found a home. So that's my long winded answer.
Find a home with a community of people that Are trying to do something good in the world that fulfills you as a person that gives you fuel and energy. And if you're as lucky as I am, try to have some fun doing it.
Dr. Rebecca Wynn: Yeah. I think one of the biggest challenge always is getting over our own fear, uncertainty and doubt.
And then finding at least just a couple [00:24:00] people who will support you no matter. What? So did you, I know you, you have a strong family. Did you have business partners who stayed with you or was it just on this journey that you started finding more like minded people like myself along the way?
Gary Berman: Yeah, it's a little bit of both.
God bless my wife. If I were her maybe I couldn't do it because this stuff. It was just so all encompassing and, just not believable. People have trouble believing victims of all kinds of things for all kinds of reasons. But she did and does, and I'm happy to say that we just visited our new granddaughter and now I have another advocate and my two daughters have been amazing for sure. But that's also an interesting thing, too. I keep a [00:25:00] firewall between this stuff and them. I do, because it can be incredibly scary, fear, uncertainty, doubt. These are real things. And there's some bad people in the world.
Having said that, I don't know, qualitatively, the ratio of good people to bad people is probably 10,000 to one. But the only time you hear about hacking or cybersecurity is when the goofballs win. You don't hear about all the good people and stuff like that. So that's the community that I've been able to become part of.
And it just keeps getting better and I love giving back. That's why I do my show and, other things that we're embarking on now.
Dr. Rebecca Wynn: I tell people we're all in a cyber war at all points in time. And we just have to, we have to join forces and really support each other instead of ripping people apart.
Because most of the time to be honest, it's like thank God, it was [00:26:00] them because it could have been me, but they actually got to them first.
Gary Berman: You're bringing up an interesting point because one of the things I learned is like the goofballs criminals, threat actors, nation states, things like that, which I've interacted with all levels of them now are horizontally structured.
They share information freely about best practices on how to do their evil deeds. And the, heroes are more vertically structured because of intellectual property or competition or the patchwork of local, state, federal, global regulatory, information sharing and analysis centers because I thought, okay, their intention is to work together. And that's the, what I wanted to, in a small way, help. Facilitate.
Dr. Rebecca Wynn: Another group is if you're in one of the critical sectors is [00:27:00] InfraGard. They are you, your advocates and they're there to help you. So reach out to them and you should have, you should know who your field FBI agents are in your local area and you should have them on speed dial.
Gary Berman: That's right.
Dr. Rebecca Wynn: Our time has run short, unfortunately. What is the best way for people to reach out to you for speaking engagements and to learn more about your company?
Gary Berman: Yeah, thanks for asking, and thanks again for your time and consideration. You can go to cyberheroescomics. com, H E R O E S comics. com, to see some of our stuff. And LinkedIn is the easiest way to do it, and one of the interesting things, since you mentioned CISOs if it's okay, I just want to let you know that...
Given the tumultuous disruptive sort of nature of the CISO sort of ecosystem at the moment we're exploring launching a vCISO platform. And that's something that maybe your [00:28:00] audience might have some interest in learning about.
Dr. Rebecca Wynn: Most definitely. Gary, thank you so much for being on the show. You are a Soulful CXO.
Gary Berman: Thank you so much. I appreciate it. I'll tell my wife.