Steve Bongardt: An FBI Profiler Talks Cybersecurity

Steve Bongardt is a retired FBI agent, cyber and criminal profiler, and digital forensic examiner specializing in cybersecurity solutions as a Consulting Sales Director at Cylance.

Steve's experience as an FBI profiler gives him a different approach to cybersecurity. He talks about how the "victim mentality" affects reacting to and recovering from a data breach.

Whether it’s external cyber attackers, malware or trusted insiders, Steve’s unique blend of technical, behavioral and investigative knowledge, helps organizations—private and Government—defend endpoints and networks:

About Steve Bongardt

A United States Naval Academy graduate and former Naval Aviator, Steve is a C.I.S.S.P. and holds a Master’s degree in forensic psychology. Notably, highlights of his career include being with the first handpicked team of FBI agents that went into Afghanistan in December 2001 after 9/11, starting the Cyber Behavioral Analysis Program at the FBI's Behavioral Analysis Unit in Quantico, VA, and leading the digital forensics effort in the DC Navy Yard Shooting investigation in 2013. He was also a SWAT operator and sniper.

TRANSCRIPT:

How does your experience as an FBI profiler affect your approach?

"Hi, I'm Steve Bongardt. We're here at HIMSS 2019. I'm the Consulting Sales Director for the East Coast.

I was an FBI agent for 20 years, field agent for eight, and then I came down to Quantico, Virginia and was a profiler for eight years. While I was there, besides studying the traditional kind of serial killer, serial homicide, serial rape type cases, violent crimes that we do, I also focused on looking at insiders and hackers.

One of the things I really like about BlackBerry Cylance and services is the fact that we talk about human intelligence plus artificial intelligence is how we give you a prevention solution. It's part of the paradigm, the mindset, of prevention. It doesn't mean that we don't look at detection and response, but we look at everything through the lens of prevention, which in my experience, looking at human behaviors is very, very important.

But I finished up in the FBI after doing the profiling unit. I did digital forensics for three-and-a-half years, and then finished doing counterintelligence in digital forensics, which I thought was really a lot of fun. I retired about two-and-a-half years ago, and have been with Cylance for about eight months.

What is the victim mentality?

One of the biggest things, I think, is my job as Consulting Sales Director is coming with a solution for the customer. Often, these customers are victims. Either they're victims at the time through some type of incident response, or they're potential victims due to the plethora of attacks and vectors that are out there now.

One of the things I learned as an FBI agent, and especially a profiler, is a lot of times, you deal with victims after the fact, or even before the fact when you're trying to prevent something, and getting a handle on how they were selected or why they ended up being victims.

This does not mean that you are blaming the victim by any sense, but a lot of times, what happens is there's a victim mentality that happens and I see it a lot in the cybersecurity industry, is this detection and response versus a prevention mindset.

Now, if you have a prevention mindset, it doesn't mean that you're not thinking about detection and response. This deals with physical security as well in an FBI world. But when you see things through the lens of prevention, you have a tendency to not think like a victim. By that, I mean victims often think binary. It's either going to happen or it's not going to happen, whereas prevention makes you think in terms of probability.

So a difference in probability of even 52% versus 48% is very, very important, certainly when it comes to malware. 99.7% efficacy versus a 92% is worlds of difference. But sometimes when we look at things in a detection and response mindset, we have a tendency to think in that binary mode. It's either going to happen or it's not. So in that case, 7% means absolutely nothing. So that's often what I see.

The other thing is victims have a tendency to follow the crowd. When we all get scared, when we are all are threatened, we have a tendency to hunker down, maybe not be innovative, maybe not think outside the box, maybe not change our ways and change our patterns. I think that also has a big factor often in the cybersecurity community.

So when I deal with victims, when I deal with clients, when I deal with partners who are dealing with clients, one of the things that I try to do is just talk truth to them. Sometimes, it's very, very difficult to do because they're in a very, very difficult situation. They've been attacked, they're under breach, they're under siege. Their focus, which you learn as an agent, I think you learn in any kind of security industry, when you're under stressed, becomes very, very small. It's hard to see the big picture, it's hard to think in terms of probability. It's hard thinking in terms of the right steps logically to do.

So hopefully, one of the good things we do at BlackBerry Cylance as a whole, particularly with services, is use that combination of human intelligence, sometimes being able to deal with people, and also of course, our artificial intelligence to drive our services.

Is preventative security possible?

It absolutely is. There's a saying we had at the FBI. As a brand new agent, you learn, “Truth plus perception equals your reality.” Right? Though how I look at that is from the concept of prevention. That reality of prevention is possible. In truth, are you ever going to get to a hundred percent? Probably not. There's too many vectors, there's too many bad guys out there that are trying to get at your networks. There's too many insiders, people we've already given access to.

But if the truth is we can't get there, it doesn't mean our reality can't be striving to get there and can't really help us solve the problem, and especially with regards to what we're doing. If we can get rid of your tier one alerts, if we can get rid of the low hanging fruit or the people that are trying to attack you and grab that low hanging fruit, and let you focus on the higher tier, the better players, with a reduced attack surface, that reality, your reality of how you see the world in cybersecurity, of becoming prevention, a prevention mindset, developing it is a hundred percent possible. Absolutely."