Andrew Rose (US)

I don't, I'm going to push back. You're a problem solver. I bet if you put your mind to it, you'd be the best scone baker we've seen.

I don't, I'm going to push back. You're a problem solver. I bet if you put your mind to it, you'd be the best scone baker we've seen.

All right. Well, thank you. Appreciate that. I am the other Andrew Rose, the US version of Andrew Rose. And fun fact, there is another Andrew Rose who does cyber, but we'll eventually get him into one of these podcasts. Yeah. So, I am an accidental cybersecurity advisor, expert, what have you.

All right. Well, thank you. Appreciate that. I am the other Andrew Rose, the US version of Andrew Rose. And fun fact, there is another Andrew Rose who does cyber, but we'll eventually get him into one of these podcasts. Yeah. So, I am an accidental cybersecurity advisor, expert, what have you.

I was working for a large bank that does agricultural financing and had just come off of helping stand up the Cybersecurity Association of Maryland as a favor to a friend of mine. It's not that I have any coding or cyber background, it's I know how to start nonprofits and write bylaws and put fiduciary responsibilities and governance in there and bringing sponsors.

I was working for a large bank that does agricultural financing and had just come off of helping stand up the Cybersecurity Association of Maryland as a favor to a friend of mine. It's not that I have any coding or cyber background, it's I know how to start nonprofits and write bylaws and put fiduciary responsibilities and governance in there and bringing sponsors.

And we hired an executive director, got an office location, got programming up and running. At about that time, I went over to the bank and I inherited a large team that was geographically dispersed. And I figured a great way to do a team building exercise was do a tabletop exercise.

And we hired an executive director, got an office location, got programming up and running. At about that time, I went over to the bank and I inherited a large team that was geographically dispersed. And I figured a great way to do a team building exercise was do a tabletop exercise.

And since I'd just come off cybersecurity, I figured, well, let's just do a nuclear internal disgruntled tech employee that bricks our machines, exfiltrates data, you know, the whole nine yards. And we ran through that exercise. And I won't really go into what our findings were, but it gave us 18 months of work to patch. over a few holes that were uncovered.

And since I'd just come off cybersecurity, I figured, well, let's just do a nuclear internal disgruntled tech employee that bricks our machines, exfiltrates data, you know, the whole nine yards. And we ran through that exercise. And I won't really go into what our findings were, but it gave us 18 months of work to patch. over a few holes that were uncovered.

One of the issues going into this, and for anyone out there listening, is we had assumed we had a playbook. We had assumed that whatever the crisis was, there was protocols and procedures in place to follow through that. And that was the pushback I got when I was pulling everyone together. And I said, well, we'll do this from muscle memory then.

One of the issues going into this, and for anyone out there listening, is we had assumed we had a playbook. We had assumed that whatever the crisis was, there was protocols and procedures in place to follow through that. And that was the pushback I got when I was pulling everyone together. And I said, well, we'll do this from muscle memory then.

We'll run through it just to understand what this looks like. And then we obviously identified some gaps and blind spots. What that that gave me a lot of pause. And I reached out to a friend of mine who was very high up in the U.S. Cybersecurity Command and said, hey, I'm in agriculture now and I just found something I'm a little little concerned.

We'll run through it just to understand what this looks like. And then we obviously identified some gaps and blind spots. What that that gave me a lot of pause. And I reached out to a friend of mine who was very high up in the U.S. Cybersecurity Command and said, hey, I'm in agriculture now and I just found something I'm a little little concerned.

Would you would you look around and just let me know what you see? And he got back to me about a month later with an OSSHIT type of email saying, hey, this is not good. And, you know, I'm just doing this as a volunteer. I'm a regular guys, but I know a lot of people. And at the same time, and I can share this publicly because there is a YouTube video.

Would you would you look around and just let me know what you see? And he got back to me about a month later with an OSSHIT type of email saying, hey, this is not good. And, you know, I'm just doing this as a volunteer. I'm a regular guys, but I know a lot of people. And at the same time, and I can share this publicly because there is a YouTube video.

One of our clients is a very large poultry integrator on the Eastern Shore, and their contract growers were getting hit by a variety of business email compromises and rerouting transaction numbers. And it was in the tens of millions of dollars were the hits. And no one knew what was going on. No one knew what to do. And I thought I'd be a superhero and I called the FBI.

One of our clients is a very large poultry integrator on the Eastern Shore, and their contract growers were getting hit by a variety of business email compromises and rerouting transaction numbers. And it was in the tens of millions of dollars were the hits. And no one knew what was going on. No one knew what to do. And I thought I'd be a superhero and I called the FBI.

and that they would do a YouTube video, a case counterpoint, here's what you do if this happens. And that was my first experience with dealing with the public facing information from the FBI. There is a process and procedure, it's very difficult, it's like threading a needle to get them to say anything in public, but there is a way to do that.

and that they would do a YouTube video, a case counterpoint, here's what you do if this happens. And that was my first experience with dealing with the public facing information from the FBI. There is a process and procedure, it's very difficult, it's like threading a needle to get them to say anything in public, but there is a way to do that.