THEOS Cybernova
THEOS CyberNova is a cutting-edge podcast that explores the dynamic world of cybersecurity, hosted by THEOS Cyber CEO Paul Jackson.
Each episode delves into the latest trends, challenges, and innovations shaping the cybersecurity landscape, featuring insights from industry experts, thought leaders, and technologists. Paul brings his expertise and passion for cyber security to engaging discussions on topics ranging from emerging threats and data privacy to the future of AI in cyber defense.
Whether you're a professional in the field or simply curious about staying safe in the digital age, THEOS CyberNova offers an invaluable insight into the world of cybersecurity.
THEOS Cybernova
Neal Ysart: From Scotland Yard to Manila - Building a Cross-Border Cyber Investigations Practice
Neal Ysart: From Scotland Yard to Manila - Building a Cross-Border Cyber Investigations Practice
From vice squads to digital forensics, one investigator’s journey reveals how cybercrime and response, has changed.
In this episode of THEOS Cybernova, host Paul Jackson sits down with Neal Ysart, a veteran investigator whose journey spans Scotland Yard, Big Four consulting, global law firms and now his own digital forensics and OSINT practice in Manila.
Neal reflects on four decades of tackling everything from vice and organized crime to cyber fraud and corporate misconduct. He shares why digital forensics is no longer optional, how AI is accelerating investment scams, and why the region needs to develop deeper cyber investigations expertise to match its growing offensive security capabilities.
They also explore the role of mentorship, the value of certifications and how his Coalition of Cyber Investigators is helping shape global investigation standards.
Production Credits:
Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio
Welcome to Episode 2 of Season 2 of the Theos Cybernova podcast. As a long-term resident of Southeast Asia, I'm always intrigued by the stories of cybersecurity professionals who made the bold move to live and thrive in the diverse cultures that exist in our region and make a difference. That exist in our region and make a difference. My guest today exemplifies that, and more so. I'm honoured to be here in the home of Neil Izard in sunny Manila, so thanks for agreeing to join me on the podcast today, neil and for your hospitality in your beautiful home.
Neal Ysart:Thank you, I'm really pleased that you've been able to make the trip through the traffic. You brought some sunshine, so I'm looking forward to the discussion.
Paul Jackson:Yes, the traffic. That's a whole separate topic, isn't it now? But, yeah, the joys of Manila traffic. But I've got to say, once I got here, though, the views are sensational, so well worth the trip. And again, thank you for inviting me. So, anyway, on to the podcast episode. How about you tell us or start off by telling us a little bit about your career story, because it's fascinating and I do love your story and how you ended up here in Manila.
Neal Ysart:Yeah, it's a long story, so buckle yourself in. I started as a police officer. I joined the Metropolitan Police, which most people know as Scotland Yard, in 1984. People know as Scotland Yard in 1984 and I was posted to Paddington Green Police Station, which, for those that don't know the area, was the the heart of the red light district in in central London. So I kind of gravitated to that type of policing and very early in my career I find myself on a Scotland Yard squad called CO14 Clubs and Vice doing covert investigations into organised prostitution.
Neal Ysart:That continued for about six years and then there was a change in the law in the Obscene Publications Act so they were looking for experienced investigators to start to do more serious investigations into the people behind obscene publications in central London. So I started to do that and that led into the online pornography game and this was probably around about 1995. So as an early computer user I started to do a lot of the very early internet investigations. So a lot of the very early internet investigations. So a lot of the stated cases and legal precedents in my cases ran out Things like publication, things like jurisdiction, those type of issues. As a result of that, PwC came and asked me to leave the police and set up cybercrime services for them in the UK. What dragged you away from the police and set up cybercrime services for them in the UK?
Paul Jackson:What dragged you away from the police, though I mean, surely you know the police work was fascinating, interesting and rewarding that you're putting away bad guys right.
Neal Ysart:Yes, I mean it was really rewarding and I did probably more in my 16 years than many police officers do in their entire career. I was able to police overseas, do international cases, do a lot of cases that were instituted really just to kind of prove a legal point round about internet investigations, but there was actually no place really left for me to go and to move forward. So when PwC came with the offer, the challenge was too much and it was perfect timing for me personally and the opportunities that I was able to take advantage of in the private sector were phenomenal. So I stayed with PwC for 12 years and then left with another PwC director and set up my own, or our own business called first august, doing exactly the same type of thing investigations, digital forensics, cyber crime investigations, those type of issues. That led to to one of our clients offering both me and my business partner senior roles and that took me to the Middle East.
Neal Ysart:So I took a role with HSBC in the Middle East where I led their KYC operations team. It was a team of about 140 people, 45 of whom were based here in the Philippines, and that was my introduction to the Philippines. So I stayed with HSBC for three years before returning to consulting, where I took a role with EY in Dubai and I led their forensic technology practice across the Middle East and the. You know the main type of work there were mainly cyber crime investigations, a few financial crime investigations, but the the common thread was the leveraging of analytics and technology to help make the investigations more efficient, more accurate, faster and more cost-effective. So after three years with EY, I took a role with a law firm called Clyde Co, and Clyde Co are the biggest international law firm in the Middle East and that role was as their lead investigations and regulatory advisor, and the idea behind it was that Clyde Co would create their own kind of investigations consultancy. So rather than farming work out to other you know, to other consultancies, to, you know, to EY, to PWC and to FDI and to a lot of the other consultancies, they would do it internally themselves.
Neal Ysart:Then COVID hit and I decided that the opportunities in the Philippines which I'd been eyeing for a while were kind of too good to turn down and because my wife was from the Philippines, we'd always kind of promised that at some stage we would go and relocate to the Philippines. So I accepted a role with Deloitte to lead their forensics practice and I moved to the Philippines in 2022. I had some great investigations, some great work at Deloitte, but in August in 2024 I resigned and I set up my own company called McNeil LCB, and McNeil LCB is an investigations and open source intelligence consultancy. We do strategic risk focusing on the controversial things in businesses fraud, corruption, security, cyber attacks, those sort of issues and here I am today talking to you.
Paul Jackson:Indeed, and you know it's a fascinating story, by the way, and I love the folks that end up out here with a sense of adventure, willing to work in exotic locations etc. And the kind of work you do is fascinating, of course. But how do you see the elements of technology in the investigations? Because you know, obviously over the years you've become very adept at using computers for investigations. How important is it nowadays to have that kind of tech knowledge, you know, in order to successfully complete these kind of modern investigations?
Neal Ysart:It's absolutely essential. I cannot think of an investigation in the last 10, 50 years that hasn't involved, you know, digital forensics, hasn't involved technology, hasn't involved analytics, and nowadays I would add another domain to that list would be open source intelligence. So I use open source intelligence on every single investigation, alongside the other technology tools that I use.
Paul Jackson:Right. So I think it's quite a rarity to actually find somebody who's got that real solid investigation background plus the tech knowledge, because I see in many places that the forensics person you are all in one. How important do you think it is to have both skill sets all in one rather than relying on support from, say, a forensic person?
Neal Ysart:My view is that, whether it's all in one or whether it's spread across a number of individuals, as long as you have it, as long as you have that spread and that range of skills, I think that's okay. I don't believe everyone knows everything. I don't believe there's anyone that is an expert in all the various domains that you need to conduct a successful investigation. So, for me, as long as you have the aggregate total equals all the skills that you require, that's fine. Know equals all the skills that you require. That that's fine. Uh, I mean, I've been fortunate in my 40 year plus career to have had, you know, the opportunities to pick up some of these skills, but I do recognize that, particularly with things like ai and analytics, there are far brighter, younger, sharper people than me and I would seek to harness those, those skills on every, every single possible occasion makes sense and um prior to uh, you know I was recording this, you, you were telling sharper people than me and I would seek to harness those, those skills on every, every single possible occasion makes sense.
Paul Jackson:And um prior to uh, you know I was recording this, you you were telling me about a fairly recent case, a boiler room type fraud investigation. You know, I think that's a perfect example of the kind of work you're doing at the moment. Can you just tell us a little bit more? So a short summary, without giving away too many confidential information.
Neal Ysart:Yeah, I mean the whole idea of boiler room investment frauds.
Neal Ysart:It probably goes back to the 1920s and 1930s where you'd have People literally in the basements next to the boilers, in rooms, cold calling people trying to sell them penny shares or sell them investments in companies and stocks that didn't exist.
Neal Ysart:These days, technology has really, really turbocharged these type of criminals. So nowadays they can have proper LinkedIn profiles, they have a proper internet profiles, they publish press releases, they have trading platforms, they produce dashboards. So when you as an investor get approached by one of these fraudsters, they almost check out and experienced investors are targeted as well as inexperienced investors, and both experience levels will be victims. So they're very sophisticated, they're very clever, but they're using technology, produce realistic websites with realistic narratives, with realistic linkedin profiles and bios for for the so-called traders and brokers. And you know, if you cast your mind back even as recently as five, ten years ago, where you were getting really almost illiterate phishing emails with spelling mistakes and grammatical mistakes, we don't get those nowadays because people use ai right and so the you know the investment fraudsters are doing the same thing, except that you know the stakes are a lot higher and people are losing, you know, their life savings.
Neal Ysart:It's a really, really cruel crime interesting, interesting.
Paul Jackson:So you know that you often hear right people talk, people talk about DFIR right which stands for, obviously, digital forensics and incident response, and they kind of lump it all together. Now you've already kind of given a glimpse into the kind of world that you live in, and it's more on the DF side, if you like, the digital forensics plus online intelligence, online investigations, etc. So very different skill sets from the incident response where you're dealing with ransomware or live hacking or data breach attacks. But a lot of people when I talk to them say well, df that's just for law enforcement, isn't it? That's where they catch the bad guys and find evidence that they've done something on the computer that provides motive or links them to a crime. But it's not, is it? It's really just as applicable in the corporate world.
Neal Ysart:Yeah, of course it is, and I mean there's regulatory drivers for a start. So organisations need to be on top of this sort of stuff, and one of the things that regulators will look for is are you prepared for these type of incidents? Have you considered all the risks to your business and is your business well controlled and not having an incident response capability or you know policy or procedure? If you don't have that, you won't be able to meet those tests. And that's just on the regulatory side. On the side, you're going to find yourself in a world of trouble if you can't respond effectively, and often it takes an incident or pain to really focus the mind of an organization and to start to put these things in place. So the you know, getting bitten once is often what's required, and you know, I think so. If you look at the regulatory side and the operational side, those two issues just demand that organizations are prepared.
Paul Jackson:But you can't really expect that organizations have these kind of niche skill sets in-house right. So what should they be looking? I mean, should they be getting retainers or should they just be having somebody on standby to call in emergencies the bat phone? How would you advise corporates to be more resilient or to be more prepared?
Neal Ysart:Yeah. So, as they're looking at their risk assessments and they're doing their scenario testing, et cetera, one of the things that they should take into consideration is how would we respond to these type of incidents if they do not have the capability and you make a great point. Of course, not all organizations will have an internal capability and it doesn't make sense for all organisations to have that, but they should be prepared, and being prepared means that at the time of an incident, you're not running around looking, trying to engage people, trying to to review proposals, etc. You need to have that retainer, you need to have access and you need to have a decision as to who it is that you're going to rely on and partner with in those times.
Paul Jackson:Absolutely great advice there. Unfortunately, to quote you, it's being bitten. Sometimes that actually makes companies realize this, rather than being ahead of the game and having that in place before the, the attack, so to speak yeah, and and and.
Neal Ysart:Often what I notice in this part of the world, and particularly in the philippines, is, even when organizations are bitten, once they get over the the crest of the crisis, they'll move on to the next crisis, and often the lessons are are forgotten, um, and actions aren't. You know, recommendations aren't, aren't actioned, things aren't completed and they'll find themselves in the same position again. That that's the kind of a mindset thing, and I think it's incumbent on people like like theos and and like mcneil l LCB to kind of spread the gospel and try and raise awareness within organizations that this just makes good business sense.
Paul Jackson:Absolutely Okay. All right, switching gears slightly. You've worked in the UK, the Middle East and now, obviously, asia. What are your observations about the sort of the differences in maturity and capability of um, of the investigation, sort of um, uh, you know, side of things?
Neal Ysart:yeah. So I think if you look at the, the uk middle east and and the philippines in that order I would say that's the, the levels of maturity, and the middle east was making huge strides when I left, but they, you know, there's still. There's still a way to go. The philippines, I would argue, is at the start of the journey Lots of good initiatives, but there's still many improvements that can be made, particularly around about training and creating a body of experts and a body of specialists that focus on digital forensics and investigations and understand the evidence side of things as well, because that's also important.
Paul Jackson:Absolutely.
Paul Jackson:Yeah.
Paul Jackson:So actually I was talking to a very good friend of mine who runs DFIR, digital Forensics, incident Response Training, and he's run several programmes and courses here in the Philippines and he told me that he feels that the level of talent in the Philippines and he told me that he feels that the level of talent in the Philippines is pretty small and he rarely sees anybody with advanced capabilities in this area.
Paul Jackson:And I kind of agree with that because at Theos we have a large workforce here in the Philippines and I would say we excel in finding ethical hackers, you know, the offensive security, the pen testers, the red teamers, etc. And I think Philippines is a goldmine for this kind of talent. But I've got to say we struggle to find good talent with investigative experience, as you say, because there's a lot of rigor to investigations. There's a lot of requirements for needle in a haystack type work, documenting, ensuring that everything is legally admissible and that you have told a story at the end of the investigation. So does that mesh with your experience here? Do you feel that? I don't know, is it part of the culture or is it just because maybe the industry hasn't matured enough, because companies aren't leveraging, you know, dfi or incident response or forensics capabilities, very often here.
Neal Ysart:Yeah, I think you're right there. I don't think companies are leveraging it. If you look at or have conversations with lawyers and law firms here, their knowledge of digital forensics is probably limited to imaging laptops and maybe mobile phones.
Paul Jackson:Right.
Neal Ysart:Anything beyond that is alien to them. I kind of struggle to kind of put my finger on what the reason is, because there's a huge talent pool here in the Philippines. There's a huge e-discovery outsourcing sector, so you have people that have the understanding of data and they have the understanding of evidence, but what there isn't, as you quite rightly point out, is a community of digital forensics practitioners that's growing. I don't see that. Yeah.
Paul Jackson:And talking about communities, we see endless numbers of cybersecurity conferences, right? So anybody who's like a CISO or you know anybody in security operation centers or anything to do with cybersecurity engineering have a plethora of conferences that they can attend or societies that they can join. But you know, we're very limited, aren't we on the investigation side, that they can join. But we're very limited, aren't we on the investigation side? Yes, we have organizations like the ACFE, the HTCIA, which is a bit sporadic, and I know there's not really a chapter here in the Philippines. So where would an investigator or somebody who wanted to get into forensics go to if they wanted to learn from a community, if you like?
Neal Ysart:The beauty of where we are just now is that it doesn't matter whether someone's based in the philippines or whether they have a mentor that's based on the other side of the world, because technology just brings us all together. So, you know, if I was a young investigator in the philippines looking for you know, for experience and looking to to collaborate with other communities, I wouldn't restrict myself to the Philippines. I would go global, because there are so many people out there, so many experts out there that are willing to help, and collaboration is the key, and I think if you restrict yourself to a single geographical area, you're probably missing a trick.
Paul Jackson:Yeah, but you're absolutely right. I often get asked you know, how do I become a good forensic investigator, how do I get a start in life if I can't get experience? And it's a tough one, isn't it? Because, don't you feel as well? I've been in this game a long time, like yourself, and experience is everything, isn't it a? It's kind of a chicken and egg, isn't it? How do you get that experience in the first place?
Neal Ysart:yeah, so I mean there's probably two facets to answering that question that there are a number of businesses around that that don't know yet that they need they need a digital forensic capability, and sometimes making a case to those sort of companies might be a good idea.
Neal Ysart:However, I think the primary route that I would recommend is some of the well-renowned certifications. I mean, digital forensics is a mature domain now, unlike the open source intelligence domain, which doesn't have standardized, globally accepted or agreed methodologies or procedures or standards or certifications. Digital forensics does, and one of the things about this region is certifications matter when you're looking for jobs. Whether you agree with that or not, certifications matter. And, again, whether you have a certification or you don't, you're more likely to be employed if you have a certification. So, from a digital forensics perspective, my advice would be to look at some of the certifications that are globally accepted and try to be passionate about it and appeal to some of the companies that would employ you. There's lots of companies that have a need for digital forensics not just investigations companies, but wider technology companies, security companies. Even some of the global organizations that are based here have a need for those sort of skills locally, but, as you pointed out, they struggle to find the resource agreed, agreed and yeah, this is always a challenge.
Paul Jackson:Now you, we, you and me, we've got remarkably similar backgrounds.
Paul Jackson:Obviously, we've both done law enforcement, we've both been in big banks and we've both done consulting. But, harking back to my law enforcement days, I used to run a lot of training programs on behalf of Interpol as well as the Hong Kong police, and I was quite a public figure. I represented the police in media, et cetera and conferences, and one of the questions that kept cropping up again and again, bizarrely, was how do you recruit cyber investigators? Do you try to train police officers who have strong experience with investigations? You know the rigor around documenting and you know all the human aspects of investigations as well, because we mustn't forget, at the end of the day, there's hands behind a keyboard. Well, with AI, maybe not nowadays, but yeah, certainly back in the day, hands behind the keyboards. And they kept asking should you be hiring or should you be training your police officers to be better at the tech, or should you bring in a real tech expert and teach them enforcement, teach them investigations and the rigor around it? What's your view on that?
Neal Ysart:So I'm sure that at Fios, you would advise your clients to have blended defenses and and I think that you know the answer is the same you need to have a blend of skills. I mean, I've always said that there is there's no secret to being an investigator. Yep, and the you know the skills around about evidence, understanding that you know the procedures, understanding the safeguards that you need to put in place. They can be taught, in the same way that technology skills can be taught. What you can't teach is attitude and passion and mindset and determination. So, like any resource, my view would be not to kind of pigeonhole them as an investigator that's got tech skills or a techie that's got investigative skills, but look at the entire skill set, including the soft skills. There's no point in having an investigator that can't speak to people for example.
Paul Jackson:Yeah, no, I think you nailed it there. Okay, so tell me a little bit about this coalition of cyber investigators that you, I believe you started. What's that all about? What triggered that and what are the goals?
Neal Ysart:Yeah, so the coalition of cyber investigators was set up by myself and a long term friend and really, really excellent investigator called Paul Wright, who's based in the UK, and we set it up as an open source intelligence, digital forensics and cybercrime think tank, but it kind of took on a life of its own. So we were drafting thought leadership and articles and guidance round about open source intelligence, round about the evidential aspects of it, round about the procedures, commenting on the fact that there wasn't standards and giving our view that there needed to be standards. However, it's become so successful that it developed into a kind of commercial organisation we now provide services. So, for example, the boiler room investment fraud investigation that we've just completed was a coalition of cyber investigators investigation.
Neal Ysart:Additionally, we've been working with a lot of open source intelligence solution providers who, to go back to the previous question, many of them are very bright technically and they've got great technical solutions, but their solution isn't appealing to investigators for a number of reasons. So you matches or something like that. You'd want to know who's behind it. You'd want to know where the data is. You'd want a certain level of transparency that you yourself could do your own due diligence and satisfy yourself that there's no red flags or that it's a bona fide company. Many of these companies don't have even that. So there's lots of ways that we've been helping these different solution providers, as well as offering OSINT open source intelligence advisory services, helping with training, helping organizations deploy open source intelligence into the risk operations as well, to manage risk also. Open source intelligence into the risk operations as well, to manage risk also.
Paul Jackson:Fantastic. So for those who are listeners that we have on now, if you're enjoying the podcast, please help us out by clicking the like and subscribe buttons. It really does help us to get these messages out to as many people as possible. So I hope you are enjoying this. I've got a couple of final questions for you, neil, but before I go on to that, I'd just like to say I think, honestly, I'm just getting to know you, right, we only met for the first time a few weeks ago and it is a small community here and I think the Philippines and Asia in general is pretty lucky to have someone with your experience out there, and I do hope any listeners who have needs in terms of understanding how to be more resilient with their investigation, world and compliance side of things would definitely reach out to you and learn more about.
Paul Jackson:You know the good work that you do in your company and with the coalition. So, but before we close off, I always ask my guests about music and, looking around your house, you've got guitars everywhere, so I'm guessing you're a music lover like myself, and I always ask this question of my guests because we work hard, we're stressful, so my way of releasing stress is very much to sit down and listen to good music with a good book and that's just me. But how about you? What music are you listening to at the moment?
Neal Ysart:At the moment I'm listening to a UK band called Big Special. Moment, uh, the moment I'm listening to a uk band called big special. Their first album was called post-industrial hometown blues and they've just released their second album, so I would recommend that big special go look them up fantastic.
Paul Jackson:I was expecting the proclaimers, but, uh, maybe not. Um, all right, you know. Thanks very much for joining me today, but I've got one very last question for you. Are you able to say purple burglar alarm? Shall I give it a go? Go for it.
Neal Ysart:Purple burglar alarm.
Paul Jackson:So much for your time and thank you for your hospitality. It's a beautiful sunset we're having. I could just see it out the window. So, um, thanks for joining me and, uh, I look forward to continuing the interactions and watching how your company develops and and seeing you around town here in manila yeah, thank you, and collaboration is the key, so I look forward to working with you again in the future dios cybernova was presented by myself, paul Jackson, the studio engineer and editor was Roy DeMonte, the executive producer was myself and Ian Carlos, and this podcast is a co-production between Theos Cyber and W4 Podcast Studio in Dubai.