Scotch (and Tea) with Chris Roberts

Hello Adam, how are you doing today?

I'm incredible. Staten Island is beautiful.

It's a beautiful Sunday in Staten Island. I'm sure just like here in New Jersey too.

There's dolphins in the water, unicorns coming from the sky. It's all great.

It's a, it's a, it's a regular day in, in Staten Island. Okay. I'm sorry.

There really are dolphins, but there's no unicorns.

Dolphins I'll go with. In Staten Island, I can get without one. Unicorns? Yeah. I don't even think we got bloody unicorns in Colorado. Let's face it. That's true.

Well, well here in Jersey, we got, we got beached whales. We're getting a lot of those these days, which is kind of screwed up. Yeah. It's really nasty. Anyway, Adam, as you can see, we have a guest. Why don't you introduce our, our guest?

Well, we have Chris Roberts. I think he's known by many other names, and I'm sure he can introduce himself as well. But a big person, I think at least, in DEF CON and has done a lot of research in the cybersecurity field and privacy as well as along with other vulnerabilities.

Thank you. Pleasure to be hanging out here. Earlier Sunday morning for me, I'm based out of Colorado these days, so it is still cup of tea time for me. We haven't quite hit cocktail hour, unfortunately.

We're getting there. Well, like I said, for us, in honor of you, because we know you're a big whiskey drinker, as everyone knows, we are drinking scotch, because it is just past noon here on the East Coast, and we have the new official security cocktail hour flasks. which, as we said, you will be receiving one as our honored guest, as a thank you for spending time with us.

That'll be a ton of fun. That'll have to make the trip out to DEF CON with me this year.

Oh, excellent. Great.

Oh, hell yeah.

At least the flasks are getting there. I'm not, but the flasks are.

There you go. I think I'm going to road trip it again. It's every single bloody year I find myself doing this. It gets to about this time of the year and I'm like, oh, should I fly? Because flying is an hour from here to there.

Oh, ouch. Yeah, short flights are terrible these days.

And that's the problem. But the challenge is the drive is just on that cusp of, what is it, seven? It depends on how I drive. The shortest I've done it is seven hours and change. The normal driving time is about nine, 10 hours. Really?

Is that like an out west thing that a one-hour flight turns into seven hours like that? You've got mountains and everything?

760 miles. It's probably a bit more than an hour's flight, maybe an hour and change. It feels like it's an hour, maybe an hour and a half. it's not a bad, it's not a bad flight, but the drive is just freaking gorgeous. I mean, you leave down the east strip, head straight up into the hills, and then for 600 and up miles, you're bouncing around canyons and hills, and it just re-reminds you, this country's pretty freaking amazing. It's a nice reminder for that.

It's so embarrassing. I have never really been out there, and like, people like yourself, who are not native-born Americans, I've seen way more of this country than I have. It's the American thing, but I do go to Europe, but I kind of make it out there one of these days.

I know. I've done the East Coast trip as well a couple of times, from this neck of the woods out to New Jersey, New York, and Atlanta, and Texas, and all sorts of other things. I don't mind the road trip, and especially when you've got, goodness knows, because normally I take at least one or two of the suitcases worth of whiskey with me. There's a hell of a lot less questions when you turn up. We talk to the airport, like seven gallons of inflammable liquid that you want to put on that precious airplane. And all the weaponry as well, because I've done that obviously at the DEF CON 2 a couple of times. The best one is driving across Utah with gallons of alcohol, numerous armaments, and about 5, 10, 15,000 rounds of ammunition. I'm a little self-contained militia. It's kind of fun.

You know, I mean, it's kind of funny because, you know, Adam, You know, you and I have never met. I know Adam had met you at a senior talk at a conference and he was like, you know, describing you and everything. And I'm like, you mean he travels around with weapons and boxes of whiskey and he's doing this? I'm like, is this like the Hunter Thompson of security? This guy's great. We've got to have him on the show. You know?

Oh, man. Yeah. I mean, it is naturally the suitcase of whiskey and weaponry. And I'm pretty sure I threatened folks with tapes on a somewhat regular basis. Oh, I got banned from Twitter. Yeah, I saw that. That was good. Yes. Just threatening to spork somebody. Actually, I think over putting ice in their whiskey, I'm pretty sure it was. Sorry, I think this is Otis. Get out of my cup of tea.

Do you know what's funny? When I went to DEF CON, I started getting rid of all my social media. And I'll tell you a quick story why. I got a LinkedIn request and it was from a woman. And she said to me, you know, I know you're at DEF CON, I know where you are, blah, blah, blah. And I said, okay, great. I said, you don't even need to know where I am. I'm sitting on this chair at this resort, at this hotel, wearing this shirt, come see me. And she goes, you know, I can get into all your stuff, all your data. I said, go ahead. I said, she goes, you were really screwed up when you were in Afghanistan. I'm like, Oh, I was never in Afghanistan. I never told her that. And then I blocked her on LinkedIn and I haven't heard from her since, but I still keep LinkedIn, but I got rid of everything else. I got rid of Facebook. I got rid of Twitter. I got rid of, I got rid of everything. No, I keep my only fans page. No, I'm joking.

Oh, love it. Yeah. I don't have one of those. I've got, I don't know how many, I think about a dozen, half a dozen or a dozen Facebook profiles. None of them are in my bloody name. We use them as a... Oh, really?

Oh, wow. That's another thing I did. I created a fake LinkedIn. I have over 600 people, including, and God bless his soul, I mean, you've got rest his soul, Kevin Mitnick. So I added a lot of cybersecurity people and they did add me back. I was surprised.

Because I mean, I get, you know, you see my LinkedIn, it's pretty busy. I keep it pretty active. There are sometimes I will do a very cursory glance. I will just very quickly glance at everyone and go, okay, is this something legit? There's sometimes I wouldn't even do that. But there's other times it's like that trigger hits, you know, like, ah, especially, you know, I get a lot of, it seems to vary. I go through a very, every now and again, you get this plethora of very nice Asia Pacific ladies. I just got one.

I was just talking about that. She's like, I want to, I love your background. I want to know more about you. I said, what about me? She hasn't answered me back yet. Meanwhile, her profile matched my profile somewhat. You know, I worked for a law firm. I worked for this. I'm like, really good. Yeah.

Yeah, they're, um, some of them are crafty. Some of them are just too easy though. Cause I mean, it's, you know, you'll spend two minutes talking with them and they're like, Hey, I don't really want to check this. How about we talk on WhatsApp? At which point I'm like, and delete block report block. I should say.

Yeah. I kind of feel bad though, you know, and it is like. you know you're being played and it's such a sad thing in the world because like they're the obvious ones the very pretty you know pictures of the asian ladies whatever but then i get some things that are like from students especially from overseas and i'm like you know it's so dodgy but then again it you know we're trying to help people you know you do want to get people engaged if someone really wants to learn it's you know so But I guess that's the point, you know?

I'll typically accept more students than I will pretty lazies from Asia Pac. Let's put it that way.

So insert rant here. Do you remember, Chris, when I sent you the email? I said to Joe also. that we're looking for a person that has entry-level in cybersecurity with five years of background and knows how to do podcasts. And I don't want to mention the name of the woman, and I said I wouldn't, and I won't mention the name of the company, and they want to pay 75K for somebody who's entry-level, that has five years of experience, that also knows how to do podcasts. These are the things I get on LinkedIn.

I just, I'm like, and that's, I mean, I shot that part, I'm like, cause I'm, I'm like, okay, part-time, that'd be a great little part-time gig for somebody. But it's just like full-time, I don't get it. I just, we, I mean, we see so much of that in this bloody industry. I think that's part of the problem as well is, you know, we're sitting there going, hey, we want students in, we want new people in, and then you run into folks who are like, well, you know, but they need to know how to do, and there's this laundry list of things. And I mean, that's it. It's like, all I want is the heart in the right place, the ability to learn and ask questions, the rest I can teach you.

I had a scary conversation this week with a guy who does like, you know, career training, counseling, whatever. And he's saying like, yeah, you know what? The whole recruiting thing is a complete mess. You know, they come up with these lists. They want the rainbow farting unicorn who, you know, who wants to.

Rainbow farting unicorn.

Who wants nothing. Yeah, exactly. Wants to work for nothing. And I asked him, I'm like, you know, I'm a little scared. for the future because it's like, okay, it's one thing for people who, you know, a little older, like us, have the experience and everything, but where are the kids going to come from? You're seeing these entry-level things. Yeah, they want stuff. And he's like, you know, you want to know the truth? The kids have got it bad because it's like they're coming out of school. And like, you know, if you don't have like these ridiculous numbers of internships and side things and, and whatever, you know, they're not going to be able to find the job. And I'm like, God, don't, don't wonder half of them are, you know, pissed off at the world over this stuff. I can't blame them.

I'm kind of with you on that one. It's what we ask is ridiculous. That's why, so from Boom, we brought a couple of folks. Our best recruiting avenue internally is actually the shipping desk. We're bringing folks to the shipping desk. Freaking awesome. Just love it. Again, logistics, the ability to think on your feet, all these other kind of things.

That's a good one. We like to poach from the help desk.

But yeah, I never thought about that. You know, this was good. You just brought two people in from the outside on the IT side of the world. One is a former air stewardess. And again, one of those people that's able to think under pressure, think on their feet, very articulate, very good with humans. And then the other one we brought in, she was Mac Genius Bar. So again, amazing experience on that side of the house. And then just the ability now to teach from the other side of the world. So it's kind of fun. And for me, again, it's just, okay, they're coming in with nothing. Brilliant. Now we get to teach them, you know, our way, the right way, the ability to ask questions, break shit, figure it out. And off we go from there.

I was gonna say, it's funny you brought up stress. One of our previous guests just recently was talking about stress from doing incident response. And that's a really crazy place to be. Incident response, under fire, you know, constantly worrying about the adversary. So stress is a really big part of cybersecurity, especially in IR.

I had my, although it doesn't fit anymore. I think it was like 3X and now I'm down to a size large. I had my mental health hackers t-shirt and I used to wear that pretty freaking proudly. I talk about that a lot on LinkedIn as well. you know, just the state of mind. It's the same thing, I mean I've struggled for years, I still struggle. This buddy down here is the one that's kept me on this bloody planet and is the only one that's kept me on this planet.

Yeah, because I wanted to ask you, I mean you've obviously had a lot of adventures and stuff, but you're also a seesaw and you've been one for a long time and rather than ask what keeps you up at night, you know, more like How do you stay calm? Because a lot of guys burn out. They say they've had enough, they just can't deal with it. But you've been doing this for quite a while. How do you keep it steady?

And this is only a recent learn, maybe the last X number of years, is the ability to just take that step back and say, fuck it, and separate. And I do that. I put something out a couple of years ago, because I wasn't good at it, and I was getting toasty. And I still do every now and again. But the ability to say no. 6 o'clock at night. So I work 8, 9 in the morning till, say, 6 at night. At 6 at night, I down tools. Unless the place is literally on fire, I down tools. I down tools until about 9, 10 o'clock at night. That's my time to eat, to go for a bike ride, to hang out with the wolf mutt, to look after my time, to go cook, to do some cooking and basically to hang out. 10 at night, I'll start back up again. I'll check up on email, I'll check up on Slack, I'll check up on, you know, I'll get LinkedIn posts ready for the following morning and I'll do research. I'll screw around online, I'll go see what I can break into, whether it's bloody, you know, anything transportation or His Excellency's camels over in Saudi Arabia. And then I work until 1, 2 in the morning, and then I'm kind of done. I'll pick up a book for an hour or something like that. Saturday's day off. Again, unless the building's on fire, it's a day off. You know, people know how to get a hold of me on my mobile phone, and that's about as much as they need. Sundays, I'll get back at it. I'll do stuff like this. I will get back at email. I'll make sure that I'm ready and prepped for Monday morning. That's been one of those, I need to take that step back. Plus, I think a lot of it, a lot of the help, honestly, has been this beautiful. I've had him, he was rescued from six months old, and he's now five. So for the last, I guess, four, four and a half years, I've had, I guess, the emotional, necessary emotional sponge, shall we say, where I can literally curl up with him, And the world goes away for a little while. He stopped me from walking outside a number of times. Really? Wow. Yeah. I owe him more than I could probably ever, more than he will ever probably realize.

That's great. That's a dose of reality that people don't understand, everyone sees. any of us, but like you, like everyone knows you as like the tough guy and everything. At the end of the day, and this is not to dismiss or say something negative, but you have those weaknesses where we all try to, you know, we all try to live in this world that's so complicated and so, tedious and so frustrating sometimes.

Everyone's human too.

You know what I went through? I just went through something.

Yeah, I know.

You know, you got stuff to deal with. Life sucks.

I mean, it's, you know, I have a daughter I haven't talked with in probably a year and a half now. And I don't know why. I have no, I mean, I do to some degree. I called her on a lie and I called her on it and she didn't want to face consequences. So it was simpler for her to go back to her mothers. That's torn me up. And then February, I got nailed with diabetes, which is, you know, I've got the full-time patch on, and the system that goes into that. You know, I got nailed with that, and I'm still trying to figure that out. The nice thing about it is, as a hacker, I get to now hack my own body to try to figure out what works and what doesn't. So, you know, there's some upsides to that.

So I have diabetes, I have... my child is 18 years old and I've had it since they were born. But that's another whole story. But I'll tell you, you're talking about hacking? Let me bring up a quick thing. My father-in-law has a pacemaker and then one day he was having problems and we're wondering... and I'm also in EMT and I said to my father-in-law, you're going to the hospital. end up being somebody overclocked his pacemaker remotely through a portal and nobody knows who did it. And I said, B.S. it's going to be auditing. He said, believe it or not, they log into the portal. It doesn't necessarily log who did it. I'm not saying it was a hacker.

That's crazy.

I'm saying somebody made a mistake and no one. Thank God he's still alive. But yeah, this is the complicated world that we live in.

I worked with, I was working with technical services division and people can Google which agency that was with, I was TSD. And we got the call that our vice president from a number of years ago was running a pacemaker. And it was, we figured out the vulnerabilities in that one, same thing real fast. And I mean, the amount of hoo-ha and red tape that we had to go through to get that more efficiently controlled, shall we say, was ridiculous. And this was, 10, 15 years ago, something like that. Back then we were screwing around with Tempest and a whole bunch of other stuff that we were messing with, and we were realizing what we were doing. Yeah, there we go. We're coming back. Tempest, App Farm, and some of the early stuff that we were working with the agencies on building. And I mean, we were pulling all sorts of signal stuff out of all sorts of things. And Pacemaker came up back then. And, you know, and even in our own industry, we lost some absolutely amazing people because of medical device failures. And it sucks. Absolutely sucks.

You got me into another question, right?

Yeah.

So what are your feelings about you know, these messaging apps like WhatsApp and Signal. So we just had multiple conversations with multiple guests about this. Do you trust WhatsApp? Do you think it's edge to edge or end to end? Do you think Signal's better?

I'm Signal. If I've got anything that has to be said in outside of a script, but inside of a controlled environment, it's Signal. Now, saying that, signal sits on top of a telephone. This is about as secure as bucking Swiss cheese, let's be honest. And that's the challenge is I have a secure application signal in this case. I know that anything that is inside there is inside there. But if somebody's overlaid a keyboard, if somebody has any kind of logging, if somebody has any kind of 10 different ways of breaking that phone, then that's compromised from an endpoint standpoint, not an application standpoint. So I like Signal. I use it. WhatsApp, I don't trust. I know on the person-to-person, end-to-end is meant to be. I have a lack of trust of it for a variety of reasons. But Signal, I've got a lot more faith in. Let's put it that way.

Yeah, you see, I'm in that in that camp, too, you know, I mean, obviously, there's the inherent limitations of the operating system you're running on. But you know, when it comes from Signal to WhatsApp, it's like, you know, this, it's like, I've heard that WhatsApp has gotten much better, technically, that it really is end to end. Although, you know, I've said this on previous shows, it's like, It's still Facebook. I mean, not the best reputation in the world. And when I go to install, even when I travel, like, you know, when I do travel internationally, people say, oh, yeah, on WhatsApp, you have WhatsApp. It's like I go to install it, the first thing is like, you know, can it read all your contacts? Can it do all this stuff? And I'm like, I don't want to give that to Facebook. I'm just not comfortable with it.

I did an expose on TikTok several months ago on my LinkedIn post. It's probably one of my most read LinkedIn posts. I think it, last time I checked it, it was sitting at like 750, 800,000 eyeballs on it. And there's a good reason, because I took TikTok to pieces, literally to pieces. I decompiled it, I was running through Sniffers, I did a whole bunch of work on it. I had it running on a couple of virtual systems. I did the forensics before and after. I had my forensics image, installed it, gave it the permissions that most people give it, because I looked up online and all this kind of good stuff, and then did forensics on it. Yeah, shit. But to your point, I mean, I, when I got kicked off of Twitter, I'm like, Oh, I'll put whatever threads is on. I had threads for a week and a half, maybe two weeks. And then I did the same thing. And I'm like, that's coming off to Yeah, no, pretty just I mean, that's Instagram shenanigans. And that same thing. I mean, it's I put up with LinkedIn, because for me, LinkedIn is about as close as I can get to talking with as many people as possible around the globe without having emails and text messages. And it's kind of fun. And it's cathartic. I get to put fun posts up. I get to put, for me, and we talked about it briefly, this whole bringing new people into this industry. I don't want people making the same fucking mistakes I made. I want people if they're going to trip up and they're going to bash themselves and they're going to get scars. I want them to be new scars, not the same mistakes I made. So the more I put out there about Hey, look, this is the screw up I made. Don't sign documentation unless your lawyers looked at it. Don't do this. Do this. Think about this. You know, look before you leap kind of mentality. Then if I can put that out there, if people learn, that's all I can ask for.

That was the issue. But was that three years ago? I think that was when that happened. Was that three or four? was a longer lesson. Well, I know that you ran into an issue where you saw the aviation stuff.

Yeah, that was ironically. So that was crazy. That was 15 2015 2016. That was when it all blew up. We've been doing the research from like 2009 2010 to about 2015. Because I stood up at I stood up at Sky Talks. And I gave a Sky Talks talk on you know what you could do with avia. I gave a Sky Talks talk on how to take over and take your own Patriot missile as well. That went down. Well, yeah, Yeah.

Well, I wasn't talking about the sky talks. I know that you ran into an issue where you did some documentation or signed something. And you caught. Yeah. Yeah.

It's from hell. Yeah. Yeah, that's I'm. So this year is an interesting year for a bunch of reasons. Because this is actually the 10th anniversary of that document being signed. And the remainder of that note is due this November. So the back story of the OER. So when One World Labs got created, so with all the aviation stuff, the investors that we had pulled back. That on my part didn't choose the right investors. They were risk averse more so than I thought. And rather than making good out of a bad situation, they took a step back. They managed to, we had to cut half the development staff immediately. We had to do a bunch of other things. We ended up having to close One World Labs down. And ironies of all ironies, those investors that pulled back actually bought the assets from the bankruptcy call for 50,000, which is why we now have a company called Dark Owl. Meanwhile, I had signed a document at the behest of the company to take my ex-wife out of the company, and I was on the hook for that money. And it was 10 years of paying $2,500 a month for 10 years, every month for 10 years. And at the end of that 10 years, a note for $800,000 is due, as in this November, I have to write a check for $800,000. I don't have $800,000 sitting in the bank. Yes, I'm a CISO, yes, I've done okay, but I've also paid- That's a lot of money. CISOs don't make a fortune, except for a very, very small number. A very, very small amount. We've got to tell people, yeah. Yeah, so I don't know what's going to happen this November that notes due, so if I know her, it'll be, she'll have lawyers at the ready, so we'll be fighting in court over the holidays and New Year. I mean, there's nothing I can do. I'm going to hit a brick wall this November and I don't know what to do. Go fund me, Paige. Go fund me, Paige. I don't want anybody paying the money.

I remember that. I remember that.

Yeah. No, I'm very, very, very, very upfront. With everything that's going on with Boom, Boom is in good shape. I'm an amazing company. But like anything, we're in a funding situation and we'll see where that goes and see where the company goes and everything else. Between that and also this debt that's coming up and a few other things, there's a part of me that might just say, fuck it, stick a backpack on and just wander off somewhere in New Zealand and spend a couple of years doing laps around New Zealand. I just, I don't know, to be determined. Wow.

Yeah, it's, you know, I want to be playful and say there's a lot of sheep there, but I also realize that you're going through a lot and that's, What people don't realize is that some people try to get to that next level. You know, some people are complacent and they love doing cyber security and they go to work every day and they go home. Some people want to get to that next level, want to get to that enhance. They want to move up in the field. They want to polish their skills. They want to really intricate, a really good part of the community. And that's, that's how I understood you. when you threaten to break somebody's phone in half, they recorded it. And that's how I remembered you, right? I'm sitting there and let me tell you a funny story. I'm sitting in there and we're talking about, I couldn't believe it. It was a talk about how law firms are getting compromised. And I worked for the law firm. Not that law firm, another law firm, another law firm, another law firm that he was talking about. And how it looked like one of the attorneys was exfiltrating data. Not for my law firm, but I worked at another one. And somebody says, does anybody here have challenge coins? And I said, yeah, I have a challenge coin. Anybody want to trade? Anybody who raised their hand is a law enforcement agent. I'm like, no, I'm not. I work for a law firm. But I'm standing on the side, nothing to do with that. And like, if any of you pull out your cell phones, I'll break them in half. And then I'm like, oh, sorry.

Pretty much. Yeah, no, it was SkyTalks. SkyTalks, we were, because it was run by 303. So, I mean, that's family first and foremost. Clio 3 is one of the originating founding parts of the organization for Defcon. And it was run by that, and it was kind of an offshoot. Again, it was several reasons. You think that's why B-Sides turned up. I mean, B-Sides is now this global phenomenon. And it turned up because so many of us were getting rejected from Black Hat, and to some degree, Defcon. And so you're sitting there with some amazing talks, and SkyTalks is the same way. What I loved about SkyTalks was, you could come in and sit in front of a bunch of agents and a bunch of everybody and just pour your heart out. You could turn around and say, hey, look, this is how I took over, in my case, this is how I took over avionics systems, shipping systems, missile systems. This is how we broke into cows. This is how we took out the entire dairies. And NASA and stuff like that. So being able to actually have that safe space was pretty sacrilegious to us. We took it very, very seriously. So we were patrol. I mean, you're 100% great. We would patrol and make sure nobody was recording because there was, you know, there was no, it was safe.

Not only this, let's be honest, right? Not only are there more enforcement agents in there, there's also nation states sitting in those.

Oh, yeah. We were talking about cyber week off camera. I had a couple of years ago is that a cyber week? Yeah, I was out there and I'm sitting down. And I was, I think I'd gotten off stage. I was talking about something. I was talking about hacking the human body. It was a bio and nanotech hacking. And I'm sitting there in like backstage area and it's all open. I have the whiskey case out with me. And literally I get a number of individuals come and sit down all around me. And it's the entire Chinese delegation. And I'm like, this is going to be in trouble. Hi guys.

Hi.

How y'all doing? Yeah, yeah, that was an interesting 20 minutes. Definitely lesson.

So let's let's talk about your birthday. January.

Oh, 111. Was it 1171? I think is what I put up on the LinkedIn post. Yes. Although I think you know what, we have to validate this because I want to say let me look at Oh, you know what I think I've got on my LinkedIn. I'm actually looking at my LinkedIn profile. I think I say because only a few people have spotted it. There we go. Education, University of Oxford 1900 to 19. I saw that. Yeah. Yeah.

I saw that.

I think literally only like two or three or four people have ever questioned that. I did spend time at Oxford just to quantify things. I did spend time at Oxford. I lasted almost a year at Oxford before I got bored and I realized a bunch of things and then I got back into the workforce. So I'm the 1971 is actually a year off. It's actually 1970. And I think so many of us that have to put our birthdays in if it's not a, even if it is a legally binding document, let's face it, we still do it. But if it's not, I mean, if it's, if it's like, you know, LinkedIn or if it's any of the sites or if it's, you know, you go out to the alcohol sites, they're like, hi, are you over 21? When were you born? 1, 1, 70 or 1, 1, 71. That's like the default for us. I mean, so many in Infosec's birthday is January the 1st, 19 or 2000, whatever the heck it might be.

I actually didn't know that one until Adam told me about it.

Yeah. Oh yeah. I refuse. I, uh, well,

I mean, I can see that. And, you know, sometimes it is ridiculous. They're like, Oh, I need to know your, your age, like over 21, well over 21. That's really all you need to know.

Yeah. It's been shining through for a few years, people.

It was, you know, the ACLU attorney that we interviewed, we were talking about, you know, what information you need to give in the fourth amendment. Not everything is required.

Yeah, no, absolutely. For a variety of reasons, I hit the dating sites. I'm in that kind of limbo mode of, I'd be nice to have somebody to hang around, but at the other point, as much as Milo is good, he drools, and it'd be nice to have somebody around. And so I, and then same thing. It's like, Hey, you know, you can go take a look. And there's, you know, it's just like, okay, I want to look at, and you can't even look without putting in your own profile. So back onto proton mail, back at a burner phone numbers and stuff. And so, you know, you start putting in John Smith and this, and you're like, if anybody ever picks his profile, I have a shit ton load of explaining to do.

You're talking about burner phones. I had a burner phone. Joe gave it to me. I took it to a Defcon. It's in this bathroom stall somewhere. I left it there by mistake.

Oh no! Oh my gosh. You're making it easy, God. Yeah, I probably ended up on the wall of sheep or something. Somebody used it somewhere, let's face it. I do remember, speaking of wall of sheep, it was years and years and years ago. It was probably... 15, 12, 15 years ago, I will never forget the fact, so Lost used to do the challenges, and he still does every now and then, Lost used to do these bloody challenges, and you would turn up at DEF CON like the night before, and you would bring like cases of shit with you. Everything from all your wiring gear to physical gear, to all sorts of anti-tamper gear and everything else, because his challenges took you through hell and beyond. And it was like two and a half days of just sitting at this fucking table doing these challenges. I will never forget we were we were sitting there probably like day one and a half by this point and somebody walked through or one of those you know, the jawbones used to have that you would the Bluetooth ones.

Oh, yeah, I had one of those didn't work very well. Tables.

We were like prairie dogs were like I mean, the guy didn't get to the end of the room before he was up on the wall of sheep. It was freaking hell. And it was like stress relief. It was just hilarious. It wasn't pretty, but it was fun at the same time. Oh, Bluetooth snarfing.

Stuff like that.

Yeah. Yeah. A bunch of us built some of that stuff. So yeah, so much fun with that.

So I'm not a hacker. Right. But what I used to do was I used to take, um, whatever device I have, whether it was an HP iPad or whatever you want to call them. And I used to send, I'd be sitting on the subway. Then I would blast a text message to everybody that could receive it. I'm watching you. And everyone's like, looks up. And I'm like, I felt like a real hacker at that point.

Adam's a lot of trouble on the subway. I was tell you funny. So I was I was with them once we're like on our way to work We happen to get on the same the same train and I turn my head for like two seconds Somehow he's gotten into this fight with this with this small petite woman who looked like she was ready to kick his ass I'm like, what did you say to her?

I, that being said, I got punched in the face like six times yesterday by a woman. I boxed and I got hurt. And she, I was talking crap. Her name is Ariane. She's a beautiful woman. Very nice woman. Mom has three kids and she's been doing a lot of amateur fighting. And I was, meanwhile, I was just did a couple of rounds with an MMA fighter that could probably hurt me with this one pinky. He went to go hit me and I'm hitting him. He's punching me. And then she goes, You ready for me? I'm like, sure, I'm ready. She comes in, boom, boom, boom, boom, boom, boom. And I'm like, did you really just hit me like that? I'm like, I'm punching her, I'm punching her face. Oh, I'm hitting my glass. Punching her face, punching her face, punching her face. She's against the ring. And I'm like, I'm feeling like a man now. And she's like, boom. I'm like, I got my ass kicked. I got my ass kicked. I tell my wife, she goes, aren't you proud of yourself? I'm like, yeah.

You like to fight people young enough to be your kids. I don't know what your deal is.

I go out mountain biking and I've started back up again since the diabetes thing. I started back up again because I knew I was losing, I was dropping weight anyway because one, I'm getting older. Secondly, I'm not throwing logs across fields anymore or hammers across fields. So I'm like, I don't need to be carrying as much as I was. So I started at the beginning of the year at about 270-ish, 265, 270. And I'm down by 215 at the moment. Yeah, some of it came off properly, some of it didn't. And I'm back out on the mountain bike. And so what's pissing me off now is, Mentally, I'm the same thing. I'm doing the games to not chase those bastards that are like one third of my age that just go by me like this. I'm like, I hate you at this point. Or now I'm realizing all these crooked e-bikes that are out there. So you're sitting there, you're pedaling like a lunatic, and somebody goes skidding by at like 5, 10 miles an hour. And then you realize you're on a freaking e-bike.

It's like a plague in my town. I live in this nice suburban town in New Jersey, my kids are in high school, and I see these kids with bikes, and I'm like, they're bikes, and they're electric bikes. And I'm like, What kind of sissies are these kids? They're like 16 year old kids with an e-bike.

What the hell is that all about, you know? Those freaking things, I looked at them for shits and giggles. I took a Trek one out and it was the... What the heck was it? It was their Trek Fuel. It was like a 97 or 98 Trek Fuel one.

bloody expensive, like eight and a half, nine and a half thousand dollars for one of these two.

What? Yeah. Yes. I can get you a used motorcycle for half that.

I can get you one. Chris, I can get you one for $200, freshly used. Brooklyn, Staten Island, we'll get you one.

Yeah.

There you go. That's right. I'm just going to wait on the bloody side of the hillside one day and dunk somebody off of one of theirs. Clothesline them. half a tree trunk to the side of the head. I got one sorted out pretty quickly. No, it's um, yeah, I absolutely I mean, I took one out for a test drive, I can absolutely see the appeal of them. You know, when you're back when you've gone up a frickin hill, it's it's a nice little bit of assist, especially again, we're getting a little frickin older. But at the same time, it's it's cheating. There's a part of me that's contemplating one for going to places I would never go. You know, if I'm on a 20 mile ride on mountains, and I want to go that extra five or 10 miles, but I don't fancy doing another 2000 frickin foot of stupidity. It's useful for that. But for the rest of it, I'm like, No, get your ass off and make yourself work.

I've been doing work in another part of New York City. And I've seen families with it. Typically a mother has two or three kids on one of those e-bikes and they're bringing them to camp or whatever it is. And it's funny because when I was in Bermuda, they were doing the same thing with the scooters. It's very expensive to own a car and you have to be a resident of Bermuda to own it. And usually if you import a car, back then at least the tax was 100% of what the car was. So the car was 70,000. The tax on that was $70,000. You had to pay $140,000 for a car imported, not a car bought on the island. And most people can't afford cars, and the island's really small. I mean, I'd be venturing to guess that that island is smaller than Staten Island. But anyway, what the mothers were doing was... And not as beautiful. Of course. One kid was in the basket. One kid was on her back. One kid was hanging on to the other kid. And they're driving around the island, bringing the kids to the supermarket and everything else. So that's really how it works. What are you going to do?

No, my father was out in, while he was still alive, he was out in Thailand. He was on one of the islands in Thailand. And the same thing, there were no cars on the island. Everybody got around on these little 50cc scooters. And I mean, you could buy those on Alibaba for a couple of hundred bucks and get it shipped and put it together. And pretty much that's what he did. I mean, the pathways on the island were probably no wider than this fricking laptop I'm working on. But I mean, yeah, that was it. That was that was method. To your point, it was method of transport for the family and the groceries and everything in between. And it worked.

Wait till the scooters become more IoT devices. We can start hacking them and turn them on and then, you know, make them go forward and backwards. Do you believe in unicorns? Just curious.

Real life ones, no. Preferably ones that are actually sitting in a realm somewhere, kind of like dragons at some point. It'd be nice to think there is a universe.

There's one person I know that believes in unicorns, and I've been trying to get them on the show. And I've been trying to... Joe says I'm stalking, and I'm not stalking. I've been trying to get Ryan Reynolds on the show, and I wrote him a couple of emails.

Oh God, the Ryan Reynolds thing again.

So I wrote to Ryan Reynolds, I'm like, dear Mr. Reynolds, Yeah, we'd like to have you on the show. We know that you're, you know, you're somewhat of a business owner, you know, somewhat successful, somewhat successful. And we would like to get you on discuss, you know, small business. Looking forward to your response. Can you believe this guy has thought of every fake email that you might have? And then he says, Hi, this is Ryan Reynolds bot. you didn't get me type of thing. So, he has like R Reynolds. Oh, yeah. So, he has like 50 SMTP aliases and he sends it back and I just want to show up at his house and say, could you join my show?

A little bit of we can do this. We can do this one.

I I tried getting another person, another guest to help me get the email address

No, I know a few people who we could probably lean on to do that one pretty easily. It's Joe like, Oh my God, don't say that.

I just, I just got to stay out of it because you know, when, when Adam gets pinched for it, someone's going to have to continue the show for the two to three years he's in the can, you know.

You know what though? He seems from all reports and from all visuals, he seems like the kind of person who would actually take fun, would have fun with it and wouldn't take exception to it. Let's put it that way.

I, one of my favorite things about Ryan Reynolds is his matchme.com commercial with the devil and the woman. I don't know if you've seen it. It's an incredible, he has his own marketing company where these two meet online and one's really the devil and one's a woman. She calls me, call me 2020. and they go in and there's, the end of it, they're sitting with their hands around each other, looking at a bridge and there's missiles coming down and there's fire. I hope this year never ends. It's pretty clever.

I haven't, I don't know the last, I don't have a television, so I, yeah, not had one 15 years, something like that, I don't know whatever, as long as it's been. I did some stuff for a very well-known fruit company many, many years ago. And since that point, I don't have to pay for any of the movies or TV or music. So I get a stipend every year that covers everything. So I've always just had that stuff, which has been really, really nice. So that's their way of doing their bug bounty for me, which was rather civilized. Oh, nice.

Yeah, that is cool.

I got a soft spot for them, let's put it that way. I mean, there's still a pain in the ass that every big company and they gather everybody's data, but I've got a bigger soft spot for them than I have for a lot of others.

You know, and you're bringing up another good point. People have soft spots for certain companies, even though they don't necessarily agree with their policies and the way they handle things. And that's what the ACLU attorney said. She said, you know, I know that these companies gather my data. But I still want the technology.

Also, you've got to live your life, like you talk about LinkedIn. I mean, LinkedIn is the only social media I use. Really, it's because you don't have a choice.

Yeah.

I mean, these days, if you're going to be in any profession, it just is what it is.

I mean, perfect example, so the Tinkerers group, there's a couple of 100 of us now that are senior leadership CTO founders. But there were three or four of us to put it together. We're on, we got everything on Slack. I mean, it's, it's our way of, it's our way of coordinating everything. And then I was out with the Merlin group this last week. And, uh, they came into town and they did like the Merlin Safari. It's actually pretty awesome. They brought in a whole bunch of their portfolio companies and we did like speed date one evening. And then they, I'm just some cool stuff with, um, I hung out cause there were two or three companies actually wanted to talk with. But all of the coordination was done, ironically, over WhatsApp. So the pictures were there. I mean, there wasn't anything that I would consider privacy related, but all the coordination was done over WhatsApp. And LinkedIn, I mean, the amount of coordination I do on that platform for conferences and where I'm going to be, you're right. You almost have to pick your poison. And that's where to me the 1171 or 1170 comes into play because it's, I'll put enough of me out there to be dangerous, but it's using an email that I can manage and control. It's a throwaway email that I've had for donkey's years. It's, it's using address information. It's maybe not quite as accurate as everybody would like it to be and stuff like that. So it's, but that's because we're in this industry. Unfortunately, you know, I look at so many people like, yeah, I'm just going to put all of my personal information out there. I wish.

Yeah.

wish we could help everybody, not just around us, but you know, seven or eight billion people on the planet, just to think a little bit more before they do put more of themselves online. It's one of my wishes.

You know, we all have these vices, we all do things that are stupid, and we know they're stupid when we do it. And then we don't worry about it until we actually get put into that precarious position. You know, I worked for a company and when I went to that company, I sent the password for a certain software as a service site via signal. And the person that I worked for actually reprimanded me and said, why didn't you send it via email? I said, I'm not even joking. I showed this to Joe. And Joe wasn't the guy, by the way. Joe has been probably, Joe was probably one of the best bosses I've ever worked for. So I said, what do you mean? They go, he goes, we're not the NSA. I go, exactly. So I'm like, you're reprimanding me for putting a password through Signal, which is hopefully a better, you know, a medium to communicate instead of email, clear text, basically, unless the server to server is encrypted and that email doesn't come yet. I mean, but we know it can be found.

But people don't get it. They don't understand the things to the depths that we do, or even at a much shallower depth. It's like half the people in the world think Facebook is the internet. It's their only thing. My father thinks Safari is the internet. They just don't get what's going on.

Well, I think, I think you, Chris, I think you and I share the same way to communicate. I think I saw you once talking about sending messages via carrier pigeon. Let's be honest. Let's be honest. That's one of the most secure ways to send things. As long as that pigeon identifies the recipient and the sender, nobody else is getting that. And back when the world cup was in, I think it was in Brazil. I think it was there. And they were talking about, they were joking that they were sending data on USB drives and the data was being sent faster by Carrier Pigeon than the internet in Brazil.

Not surprising. I made the newspapers in this neck of the woods, gosh, several years ago. I got brought into a breach situation. And it was at a liquor store, big, big, big, big box liquor store. And they got their ass handed to them. And in order to carry on, because they were like, we've got to keep doing business. I'm like, then plug the old system in, which was there. So the card swipe, the old card swipe system was the one we used to swipe it. It would dial up. validate and then come back. But it was completely separate. It was literally a card swipe with a phone line straight out to the PBX the way out to check two cards. Now it was the register. It was the regular. So the system got breached was their newer, you know, it was the standard shit that you see everywhere. They walk up and you swipe your card and it goes to the computer and then the computer does whatever it does. But what I did is I said, you want to continue to do business, put the old system back in place. And they're like, how do you mean? Go back to the modem, because it's more secure. Because their infrastructure had been breached. So we were playing chase down the systems and a bunch of other things. They obviously needed to keep doing business. So they were like, we can't use the card. We can take cash, but 50% of people don't know what cash is these days, 75%. I'm like, well, then put the modem back in. And they were like, I'm like, seriously, put the money because it is a standalone. It was a card swipe device that had a phone line and that phone line.

Oh, I get it. I get it. I get it. I mean, it was style point of sale.

So once when you basically swipe it, you wait 30 seconds. Well, it dial up gives you. And I put that back in. That actually made the newspapers because it was because basically downgrading your technology to an old man was safer than today's tech. there's something to be said for it. Same thing with that.

Yeah, I mean, I have to admit it, you know, it's true we have to live in the real world and as security people, we got to deal with this new stuff and do all of it. But I'll tell you, I mean, maybe you got the dogs. My little relaxing thing is, you know, it's Sunday afternoon here, later on, it's nice out. I'm going to take my old car that has, that's from the 80s, that has no black box, that has no electronics, and probably leave my, well, I won't leave my cell phone at home so the damn thing might break down, but I will turn it off. Just be free from most stuff for an hour or so.

What do you have? I'm also a petrolhead as well. What do you got? I have a 911 SC. Oh, there you go.

Yeah. As old school as it gets. No, that's not true. A lot of fun.

I got a better older car. I have a 2000 Toyota Corolla. Oh, there we go. With manual windows. That's one of my cars. A manual windows car. So my kids didn't know any better, because my grandmother gave me that car also, and we were using that car. And my kids were rolling down the window. What's that? And then my in-laws had a Rogue. And they go, Dad, you can hit this button, and the windows will open down. But let me tell you why my grandmother went out of her way And she's she's moved on. But let me tell you why my grandmother got the windows like that. She's like, if I ever end up in a lake, at least I can roll down the window.

So I'm like, that's actually Kind of true, yeah.

I'm like, wow, she was a little bit of a hacker kind of then, back then.

Smart move. Smart.

The question is, how often did you end up in the lake?

Hopefully not too often, because if you do... Was your grandmother a big drinker?

No, she wasn't. She never drank a day in her life. Maybe she needed it.

Smart move. My boss at the moment, he has two 356s. Not one, but two. He's got one in Texas and one in Colorado. Years ago, I took a break from this industry. I'm very fortunate. When I was back in the UK, I used to rally drive. I have an FCA, RAC and a bunch of other licenses. When I came to the US, I took a break from this industry early mid-2000s, and went climbing for six months, came back, worked in a climbing gym, and then also I taught racing, and I still keep that up, I still do stuff with Mercedes, AMG, the schools, but I actually taught at the Porsche driving schools for about six, seven months, and I have a soft spot for the 911s. It was, I mean, number one, they were the yuppie killers. Back in the UK, we called them yuppie killers. Because, I mean, you know what it was like. You get to the end of the year, it was the Christmas bonus. All the yuppies would go out from the Wall Street, buy themselves 911s. And then half of them would end up in the fucking scenery, like two weeks later, because they did not know how the hell to drive the bloody thing.

They're like, oh, look. Oh, yeah. Or the real high rollers, and they'd be like, oh, yeah, the expensive one, that 930, that turbo, yeah, give me that. Yeah, exactly. I love those things.

Let's sign up for Christmas school. Let's go do some racing.

Ah, yeah. I would love to do that. We had so much fun, because I mean, up until recently, I had a GT350. And same thing. I mean, that's like the 911. It wants to kill you. And for me, that analog feeling with a car that's just like, hey, you either pay attention to me, or we are both going in the scenery. There is something to be said about the purity of that. And I freaking love it.

and a little bit of difficulty too because i was talking about cars i mean i've driven like you know more more recent like 911 turbos like 991s and stuff and it's like the thing is so on rails it you can't make a mistake in it it's like it's too safe you know yeah exactly You can if you try really hard.

One of the funnest cars I ever owned, and I didn't own it for very long because I bought it by mistake. Long story short, basically I went out to buy a washer and dryer and I came back with a Fiat 500 Abarth.

Didn't buy the washer and dryer, bought the Abarth.

Probably the most fun car, fun recent like modern car you could ever buy. Never driven one, could fucking rent one, take one out for a test drive. You can do stupidly illegal things at legal speeds. This thing would go around corners at like 35, 40 miles an hour on two wheels. It's f****** crazy.

I'm just so much fun at stupid legal speeds. I want to do it almost watch a n***a did where in that movie, um, where he was, uh, like an agent. And then he goes, his wife was cheating on him. And then he goes to a dealer and he test drives a car.

Yeah, yeah, yeah, yeah, yeah. Was that an Aston? Was that an Aston or something like that?

He was, I don't know. He was like, he worked for an agency that didn't exist. It wasn't the CIA.

I think that was, I think that was True Lies.

Can you imagine just taking the car and then spinning it around with somebody in there?

I'm trying to remember what car that was. What the hell? I think that was an Aston. And Ashton Martin.

So I know, I know also they did that. Oh no, no, I'm wrong.

I'm totally wrong. It was a vet. It was an old vet.

And they did that in Bad Boys also. They, they stopped the car and it was, what's his name? The car, um, the football player. And he goes, Oh, we're going to take this car for a drive. We're going to beat the shit out of it.

Oh my gosh. Yeah. I forgot about that one.

Yeah. Hey Joe, you know what we need to do, Joe? We need to go out to California. No, no, I'm sorry. Las Vegas. We need to go to a DEF CON. We need to hang out with Chris and we got to stand in sky talks like this. You know, I, you know, it's funny. I, I, I, I, I was doing this and I'm still doing this answer. And I met a couple of people online and I was doing God, I'm having a hard time since 540. And I met this woman, her name is Serenity, and she's like, Adam, she goes, with your background, you should go do a talk at DEFCON. And I just did a master's degree, and I did a paper on ethical warfare. She goes, that's exactly what you should do. And I missed the deadline. on DEF CON, but she says, you know, you can always volunteer. And I reached out to people and nobody responded to me, but yeah, I don't know why I did the email addresses and everything else. But I'm not, I'm not, I'm going to reach out to you individually and then we're going to hang out at DEF CON and we're going to start drinking everywhere.

You know what you need to do? Honestly, as much as don't get me wrong, as much as I like DEF CON, it's besides. I would be sad. Actually, honestly, what I would do, try and get up to Grand Rapids, come up to Gircon up in Grand Rapids. It's smaller. There's 2,000 people up there. It's in Grand Rapids, so it's civilized. In other words, it's not in the middle of fucking summer heat at 120 degrees in the middle of Las Vegas. To be honest, I like the intimacy of the conference way, way more. I love DEF CON. It's good to see family, but it's just gotten too big, too crazy. I also don't like all the politics and all of the, some of the village selection stuff they've done. It's a little not quite where I'm not running it. I know the folks that are, and I knew they're doing the best, and no matter what they do, they will never please everybody. But there are a few things I'm like, hey, you probably could have done something a bit different. I love Ghercon. Ghercon is a great leveler and it's in September, October time frame and it's freaking awesome. Grand Rapids is a really nice place. We know all the bars there. We take over Zed's or Z's. Chris Payne runs it and it's just a freaking awesome place and you get so many of us that it's like home for a while. I mean, that's part of the reason I have their bloody symbol on my arm as well as among other things. Yeah, we'll definitely have to I if you can get up it's two days It's on like a Thursday Friday typically and it's I have so much love for that conference so much love for it Yeah, I'm actually out there I am out in that neck of the woods here we'll have to catch up when am I out there hang on I'm out there 20 seconds of the 24th of August. I'm actually gonna be in Times Square. I I got a conference, I'm giving a talk. Sorry to hear that. I know. You know, it's always an interesting human experience, shall we say.

What type of conference?

So Sempris is doing, they're doing like their annual user conference, and I know them behind the scenes. Mickey and the team over there are absolutely fantastic, just good people. And they hit me up, they're like, hey, if we pick up your airline ticket, you fancy coming out? I'm like, oh, hell yeah. So Alan Alford's going to be out there as well. So Alan will be there, I'll be there, a bunch of other folks. So yeah, if you're in that neck of the woods, it would actually be fantastic just to catch up one day, one evening and just grab drinks and go from there.

Yeah, for that, Adam might actually leave Staten Island and come into town.

I just left Staten Island for you. Meanwhile, you left your credit card at a bar.

Yeah, yeah, thanks. Yeah, I know. Well, there might have been a little bit of drinking involved.

What can I say? I will probably bring some stuff with me, but I mean, I was going to say it's New York. I know where to pick up all the good stuff, but I just don't know the New York prices. I'll bring stuff. Yeah, it's a little out of hand.

Cool. All right. Well, with that, I think it's time to kind of wrap it up. This has been a lot of fun.

Yeah. I really enjoyed it. Thank you. I really enjoyed it.

Thanks for coming on. Adam, any last thoughts on your part?

Let me just put a couple of string words together. Unicorns. Ethical warfare.

Conferences, that's going to be a talk that now you need to put a talk in at some conference somewhere. You've got to put a talk in about unicorns and ethical warfare. It's got to happen. Please. There you go.

Maybe I will help you in ethical warfare.

I will help you build the damn talk. I will put time aside. All right. Fricking hilarious.

Yes, sir.

Cool.

Okay. All right. That sounds like fun. All right. Hey, Chris, thanks a lot for joining us. Appreciate your time. Great meeting you and great talking to you.