THEOS Cybernova
THEOS CyberNova is a cutting-edge podcast that explores the dynamic world of cybersecurity, hosted by THEOS Cyber CEO Paul Jackson.
Each episode delves into the latest trends, challenges, and innovations shaping the cybersecurity landscape, featuring insights from industry experts, thought leaders, and technologists. Paul brings his expertise and passion for cyber security to engaging discussions on topics ranging from emerging threats and data privacy to the future of AI in cyber defense.
Whether you're a professional in the field or simply curious about staying safe in the digital age, THEOS CyberNova offers an invaluable insight into the world of cybersecurity.
THEOS Cybernova
Steve Santorelli: Trust, Community, and the Reality of Cybercrime Investigation
What really happens when a cyberattack becomes a criminal investigation?
In this episode of THEOS Cybernova, Paul Jackson speaks with Steve Santorelli, formerly of Scotland Yard, whose career spans Microsoft’s Internet Crimes Investigation Team and Team Cymru.
They explore how cybercrime investigations succeed in the real world: why trust and community matter as much as technical skill, how speed determines whether evidence survives, and why cyber threat intelligence only creates impact when it can be acted on. The conversation also looks at cross-border investigations, collaboration between law enforcement and industry, and the role of trusted forums like RISE in turning intelligence into outcomes.
A grounded discussion on cybercrime investigation and the human relationships behind effective action.
Production Credits:
Presented by: Paul Jackson
Studio Engineer & Editor: Manny Peñamora
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio
This week on the Theo Cybernova podcast.
SPEAKER_01:I agree. I think that it's like night and day in terms of the technical capabilities and the trust the community has in law enforcement that are working these cases. I think that it's very, very challenging that obviously the criminals have zero paperwork. They have instant collaboration and a huge financial motivation. Absolutely. No, it's as I said, it's very, very difficult to break in. One of the most fundamental things in this community is trust is very, very hard to gain and super easy to lose. All you've got to do is make one mistake, one bad decision, and then it becomes very difficult for the community to accept your presence for sensitive investigations. We've had some huge successes with uh commercial and community partners in the Asia Pacific region, and things are going very, very positively for the community and for Team Cymru in the Asia Pacific region as well. There is, and you know, it would be fantastic if we had the resources to come and bring a rise to the Asia Pacific region a couple of times a year, but it's just not practical. There's no easy way of uh generating funds to support this kind of a program. So I suspect that whilst there's incredible technical expertise in the Asia Pacific CTI community, I don't necessarily think that they've had those opportunities to break bread, to share a beer, to actually meet somebody over dinner face to face. And that's what's really important. So there's potentially an argument that the Asia Pacific region is a little bit further behind than the West in terms of building this community.
SPEAKER_00:The Theo Cybernova Podcast, hosted by Paul Jackson.
SPEAKER_02:Welcome to another episode of the Theos Cybernova Podcast. Today I'm in Kuala Lumpur with the amazing legend that is Steve Santarelli. Steve, thank you so much for joining me today.
SPEAKER_01:Thank you for the invitation, Paul. My pleasure.
SPEAKER_02:For those of you who don't know Steve, and there can't be many in the community that don't know Steve, Steve works for a very interesting group called Team Cymru, who we're going to hear a little bit about in this podcast. But he's also the man behind, or the main organizer, if I can call you that, Steve, of the underground economy events and the smaller rise events which are held throughout the regions. And as mentioned, we'll we'll talk more about these as we go through the podcast. But Steve, you become famous for building and growing this, you know, with under your the Team Cymri umbrella. And I think the audience needs to know the value that these events bring and what your objectives and goals are in terms of organizing these events.
SPEAKER_01:Well, luckily for your listeners, the my blushing doesn't come across very well in the podcast. We started doing these events a couple of decades ago, really, because we realized there was a massive chasm between law enforcement and industry. Back in the day, there was really very little interaction. Law enforcement at the time lacked a lot of the technical ability required to do investigations. And industry just didn't know, didn't trust, didn't have any confidence in law enforcement because they really hadn't met them, they hadn't interacted. So we decided to run some conferences just to break some bread, to build some bridges, and we decided to get everybody together to do some case studies. And we have this same format that we've run for many years now, where we have uh carefully selected people that are known and trusted, as well as some vouch-for new people. And we talk about the confidential cases, things that we've worked that we would perhaps do differently, things that we've worked that we would perhaps do slightly differently next time. Uh maybe there's some outstanding suspects, there's uh a new TTP that we haven't dealt with before, and sharing it in this kind of closed environment can really help to build trust in the community.
SPEAKER_02:No, I I really agree, Steve. Um, because uh what I see is so many cybersecurity conferences and events where which are great because we learn about the new tools, the new solutions that are there to protect us, but there's so very few that focus on the investigative side, you know, the response side and the threat intelligence side. And I don't know how we can change that. And you are doing great work in in providing at least one option, but it's really hard to get that community together talking, isn't it?
SPEAKER_01:It is. And you know, this is not a Team Cymru conference so much as a community conference. It really is the community that continually uh comes along and makes it greater every time. So we're very privileged to simply provide the mechanism, the vehicle, if you like, that people can start building trust and working together.
SPEAKER_02:Yeah. So when you started, I mean, obviously we've known each other now about 20 years, which uh scares me a little bit.
SPEAKER_01:Before I had such grey hair.
SPEAKER_02:Well, well, sadly, I've never had grey hair because not had hair for many years, as those who know me. But uh but look, you you started this as a very confidential, almost clandestine sort of event, and and understandably so, because we were talking about active investigations into the criminal groups, etc., and a lot of confidential information shared that had to be on a trust basis. And I know this is it's a double-edged sword, isn't it? Because of course you want that security and trust, but on the other hand, we want to get more people involved. So, how do you kind of balance that?
SPEAKER_01:A lot of it comes down to whether we can find somebody that can vouch for a new person. We're very proud that I believe we have 42% new delegates at the last big conference we ran with the Council of Europe in September this year. So we do our best to bring new people into the community, but of course, it's very difficult, it's notoriously difficult to break into the cybersecurity community as an outsider. If you don't know somebody that can refer you in and say this person is a legitimate cybersecurity or threat hunter, um, then it's it's very difficult.
SPEAKER_02:It really is. And uh you know, I I think that's sort of the quandaries, isn't it? But you know, I think your achievements today have been outstanding because whenever I come and I've been every single event except one, to my shame I missed one, but every single event in the Council of Europe. And each time I'm awed by the status and the level of knowledge and uh just capability of the attendees and the speakers.
SPEAKER_01:Yeah, and the Council of Europe are fantastic partners because they have funding that they make available to enable the travel of many law enforcement judges, prosecutors from around the world, not just the European Union. And that's incredibly valuable for us. One of the biggest problems we have as a community is the law enforcement churn is quite extreme. Um, you go and train up some law enforcement or they get some experience and they become very attractive in the private sector, and it's hard to keep them. You gained a certain number of skills, and in many police services around the world, you have to go back to a different job to give someone else the opportunity to come and acquire those skills. So as a community, we're having to reinvent these relationships every couple of years because unlike in industry, law enforcement generally don't stay in the in role for as long as we like.
SPEAKER_02:No, and that that's actually a great segue into the next part of the conversation because both you and I obviously are former police officers, albeit in different parts of the world. And I knew a lot of your former colleagues in Scotland Yard. We worked closely together on a number of investigations, cross-border investigations, back in the days when Hong Kong wasn't such a pariah. But uh we never knew each other in the in the in our law enforcement days, but obviously we got to know each other when you joined Microsoft after. So what could tell us a little bit about what made you jump to the private sector? Because obviously you were part of the elite unit, right, in in Scotland Yard and uh It was a lot of fun.
SPEAKER_01:I retired in 2004 as a detective sergeant on the computer crime unit, and that was such a long time ago. It was before the days of uh the National High-Tech Crime Unit, the serious and organized crime agencies. So we had primacy as a unit for any cybercrime in the United Kingdom, uh, which was fantastic. I think anyone that tells you that they didn't jump uh for the paycheck would be lying. But I do think in my case it was generally uh an additional concern. I found it slightly frustrating that when you work for the Metropolitan Police in London, you really need to have a nexus to the UK. It's very difficult as a law enforcement officer to justify an investigation if you don't have a criminal in your jurisdiction or at least a victim in your jurisdiction. And so when we had these massive cybercrime cases, if there wasn't a nexus to the UK, it was very difficult. You basically had to give that investigation uh to somebody else, or it just wouldn't get properly resourced. And I found that frustrating. And when I left the police and went to Microsoft, we had a global remit and we were able to refer cases without having to have a victim in our jurisdiction.
SPEAKER_02:I mean, I I that resonates exactly with me because yeah, the big frustration was that transnational nature of cybercrime means that the crimsons are uh haven't committed an offence in your jurisdiction under your laws. And yeah, the cooperation I think is well, it could be a lot better, couldn't it, between law enforcement. Have having said that though, uh I know we can't really talk about them in this conversation, but the the case studies that we hear about at the underground economy are very inspiring because I think the public has this perception that law enforcement is perhaps a bit hapless and they you know they they the criminals always seem to win. But that's not the case, you know, and we hear some very inspiring stories where law enforcement has worked together and brought some significant uh crime groups to justice.
SPEAKER_01:I agree. I think that it's like night and day in terms of the technical capabilities and the trust that the community has in law enforcement that are working in these cases. I think that it's very, very challenging that obviously the criminals have zero paperwork. They have instant collaboration and a huge financial uh motivation. Law enforcement doesn't have any of that. We just have obstacles that society puts for very valid reasons in the way of law enforcement checks and balances, but it does slow things down. And in the age of fiber optics, any delay means that logs are going to start falling off at the end of servers, and it becomes very, very challenging, even a few hours after an attack, to actually do the investigation from a forensic perspective.
SPEAKER_02:Yeah, correct. Because back in our earlier law enforcement days, um there was uh I guess fewer technologies. It was a simpler time, the the capacity of storage was a lot smaller, so uh doing forensics was faster and more accessible. And it for anybody breaking into this this industry or trying to, they've got a mountain to climb in because there's still people using yesterday's technology, but so you have to understand yesterday's technology, but also modern technology, use of AI, etc., and various security systems, which all can provide evidence of wrongdoing and and lead us to the bad guys. So I I I feel a bit sorry for I guess those who are entering the field, certainly in law enforcement. It must be so intimidating to try and become expert in in this field.
SPEAKER_01:It is, and it's incredibly technically difficult, and there isn't really a class that you can take, certainly not a class that you can afford to take, that's going to give you the skills. My advice to anyone trying to break into this field is go to a B-Sides conference. Um they are all over the world and they are full of super enthusiastic, uh, relatively young people, and that is where you can acquire the experience in the networking, and that is how you can acquire the experience and build that network of folks that are going to usher you into this community.
SPEAKER_02:Yeah. And talking about that, because we we spoke earlier about the it sometimes can be a bit clicky, can't it, in our in our industry, because there's a lot of folks like ourselves who've been around since the year dot when it comes to cyber investigations, and a little bit intimidating, I guess, for the the younger generation to, you know, or they may feel left out of the clique, perhaps.
SPEAKER_01:Absolutely. No, it's as I said, it's very, very difficult to break in. It's very hard to trust an email address. So if you're actually able to go out and meet people, you build trust. You can judge somebody by their character by meeting them, first impressions count. And this is how you can start building your brand, for one of a better phrase, within the community. One of the most fundamental things in this community is trust is very, very hard to gain and super easy to lose. All you've got to do is make one mistake, one bad decision, and then it becomes very difficult for the community to accept your presence uh for sensitive investigations.
SPEAKER_02:No, you're 100% right. I mean, trust, yeah, it's it's it's all about trust. And I was I was talking earlier to Heart, uh, who does the um uh negotiations, the ransomware groups, the threat actors. You know, that that's a great example of trust in our industry, isn't it? Because victims are trusting him to be ethical in negotiating with the uh the threat actors and not taking a slice of their uh ransom payments or doing things behind their backs. And I think you're right, once you break that trust, you're it's game over, really. And it's the same in law enforcement, it's the same in our industry, cybersecurity industry.
SPEAKER_01:A lot of the time it's the same with the bad guys as well. The miscreants have marketing budgets, they have reputation, they have brands, and they have the same issues that that we have in terms of maintaining trust in their community.
SPEAKER_02:Indeed. And you know, it always staggers me when I hear presentations at the underground economy when the the threat intelligence guys talk about the structure of these organized crime groups, and organized is really the word, isn't it?
SPEAKER_01:Very much. But one of the most uh gratifying things as somebody that organizes this community uh event is when somebody stands up at the end of the presentation and says, actually, I've got the missing piece of that puzzle, or this nickname, actually I can connect that to a real identity, or I can understand uh where you were struggling in this investigation, I've got the missing part of the puzzle. They go away, have a beer, work the case themselves, and then they'll come back at the next conference and tell us all about how they solve the case as a result of being at the first conference.
SPEAKER_02:That's really nice. I I love watching that. You know, when I'm in the room and I I clearly see that you know somebody raised their hand at the end of the presentation, and and to your point, exactly, they chime in and say, Well, yeah, I know about this. And it's that meeting of minds.
SPEAKER_01:Yeah. And as somebody that's part of this community, you do get the ability occasionally to make referrals and say, you should probably call this person because I think this person's working a very similar kind of case and it's probably the same actor.
SPEAKER_02:Right. And it's also geographical as well, because there's been times when you reached out to me saying, Hey, can you connect somebody in Asia with law enforcement in Asia, et cetera? And I think that sense of community and trust, again, that big word trust is super important uh if we're, you know, to be successful in our investigations against the crime groups. But that also is uh can be a thorny issue, right? Because sadly cyber is synonymous with geopolitics, right? Because of the media mainly flooding us with stories about nation-state activities. That's not to say it doesn't happen. Of course, we know it happens, right? And that creates with the borderless nature of cybercrime, that means that politics unfortunately comes into it. And yet our goal really is to get the bad guys. And yeah, you know, sometimes we're hampered by the the the constraints perhaps of geopolitics.
SPEAKER_01:We are, and I think that the CTI community is a reflection of society as a whole. And and you know, we have innate biases, we have innate prejudices, uh, and you can work as much as you can to try and counter those. But there's culture, there's language barriers, there's time zone differences, there's commercial interests, and of course there's geopolitics that come into it as well. But Paul, this thing has been going on f since the internet began. You know, I remember as a law enforcement officer finding a suspect was um located in an unfriendly country, for want of a better phrase, and basically been in the investigation because I knew it wasn't going to go anywhere. But I've also had successes working with uh individuals in some of these places over the over the years. They have criminals, they have victims, they have crime, and it isn't always about nation-state actors. Uh the reality is cybercrime is uh global and it comes in many, many different flavours. And I do think that there is some sense that the actual operational law enforcement officers in some of these less friendly countries would love to work with us. They just don't have the opportunity and the permission to work with us.
SPEAKER_02:You nailed it there because living in Hong Kong as I do, I have this kind of perspective where obviously I'm from Britain, yet I've worked in Asia for a long time, and part of my role previously was actually to help train Chinese police. They don't care about nation-state stuff. They're trying, just like us, they're trying to catch the criminals that are involved. And I do sense a lot of frustration from them that they can't be in many ways, they're hampered from being part of these conversations when all they're really trying to do is catch the bad guys. And yet the media just obviously focuses more on the nation-state that the uh the rather than the criminal activity. And yeah, it's I don't think there's any real easy solution to this, is there?
SPEAKER_01:Yes, and I do think there's a lot of young people coming into the community now that can see the wood for the trees, but they are still going to be stymied by this fundamental issue, this fundamental dichotomy that you can't get investigations done without essentially some diplomatic assistance. If you have a mutual legal request or some kind of requirement to get evidence from another jurisdiction, you can't just pick up the phone and call your opposite number in a foreign police service. You have to go through diplomatic channels, and that's where it will get stopped because it's not considered to be appropriate to do that investigation. And that's very frustrating for everybody.
SPEAKER_02:Oh, absolutely, yeah. And I think there's also one of my big frustrations, and I know we're going to talk about it later on the panel discussion here at the uh the RICE conference in Malaysia, is around cooperation at a working level within the region. So when I was working in the States with JP Morgan, for example, I just noticed a different sort of world in a way that the actual technical guys would talk to each other, would share IOCs, indicators of compromise, would share um, you know, attack vectors and help even competitors, you know, in the in the in the banking world to be better prepared against similar attacks.
SPEAKER_01:Yeah. To communal defense. Yes.
SPEAKER_02:And and it and it works. But out here in Asia, it's it's there are pockets in in individual jurisdictions, but across the region, there is very limited conversations going on. And try as I might down the years, uh never been able to really bridge that. So there's definitely a cultural element to it.
SPEAKER_01:There is, and you know, it would be fantastic if we had the resources to come and bring a rise to the Asia Pacific region a couple of times a year, but it's just not practical. There's no easy way of uh generating funds to support this kind of a program. So I suspect that whilst there's incredible technic technical expertise in the Asia Pacific CTI community, I don't necessarily think that they've had those opportunities to break bread, to share a beer, to actually meet somebody over dinner face to face. And that's what's really important. So there's potentially an argument that the Asia Pacific region is a little bit further behind than the West in terms of building this community.
SPEAKER_02:Oh, 100%, yeah, without a doubt. Well, that brings me on to Team Cymru itself, because whilst you're very well known in the US, Europe, etc., the West, not so well known in our region. When I talk to folks, companies, clients, etc., in our region about availability of threat intelligence, good quality, they don't seem to have heard of you guys. So perhaps it would be helpful if you could just explain a little bit about what Team Cymru does and what you can bring to the table in terms of threat intelligence.
SPEAKER_01:As much as I can within the bounds of breaching confidentiality. We do a lot of processing of network telemetry. We do a bunch of work with honeypots, with malware samples, detonation of samples, looking at our data ocean and extracting X509 certificates, passive DNS and such, making that available to the community and to commercial partners means that people can do network forensics beyond the border. So obviously, if you are a bank, for example, you generally have good visibility up to your network border. But when an IP address departs your network, that's it. You you can't see it anymore. With Team Cymru, you can. And we spend a lot of time listening. To what the community actually needs. And we found that we're very good, just as with our conferences, we have a proponent of international law enforcement much more than other communities. We're very good at infrastructure and tracking, for example, botnet uh infrastructure as it migrates from one provider to another. We can actually see that happening virtually in real time. And that's something that no one else can do.
SPEAKER_02:Right, right. So I mean, you are open though to working with clients in Asia and helping them with their Oh absolutely.
SPEAKER_01:No, I mean we we've had some huge successes with uh commercial and community partners in the Asia Pacific region. And things are going very, very positively for the community and for Team Cymru in the Asia Pacific region as well.
SPEAKER_02:Right, got it, got it. Yeah, because it it's a question I do always get asked. I I think getting you know intimate knowledge, not uh not just to what you were talking about, about you know, the network traffic and understanding, you know, what what threats are existing beyond the borders, if you like, of their own IT infrastructure. The the challenge I think we've got is understanding what threat actors are operating in the region as well and their motivations and their targets. I don't see many companies doing very well at this, you know, whereas there's a lot of focus on the Western or or and the Russian, former Russian states, etc., the groups operating there. So uh, you know, uh uh are you seeing or yourselves providing any any good intel on the threat actors in our region?
SPEAKER_01:It's excellent intelligence, but I'm not gonna talk about it in a podcast.
SPEAKER_02:A very good answer, Steve. So yeah, anybody listening to this from the from our region, as I know we've got a lot of listeners, and you want to understand more about uh what uh Team Cymru can provide in terms of that more specific threat intelligence to your organization, then obviously you'll have to have a one-on-one conversation with Steve.
SPEAKER_01:Absolutely. Yeah. Give me a call.
SPEAKER_02:Give a call, indeed, yeah. So digressing a little bit about your career, is there any particular investigation or or story that you could share that you're proud of? I know a lot of it's sensitive, right? But is there anything else?
SPEAKER_01:It is, and and also, you know, from a ethical perspective, it's not really ethical to talk about any of the details. But I do remember one case that has stuck in my mind. There was an individual who had written some malware and it had escaped and it had caused a little bit of damage, not a catastrophic attack, but this individual was very naive. They had committed the criminal offense, but in my opinion, in the totality of the circumstances, it wasn't appropriate to put that person through the court system. And so in the UK at the time we had the the caution system, which is when a senior police officer will authorize essentially a severe talking to. And this individual was relatively young, and it was quite apparent that he was gonna get a far worse punishment from his mother than he was ever gonna get from the judicial system. All he was gonna do is pick up a criminal conviction. Now, I put the case to bed. Fast forward 15, 20 years, I get a LinkedIn message from this individual, and uh he actually bought me a cup of coffee at Black Hat a few months later, and he told me that he was very grateful that we'd made that decision, and it was a very difficult decision to make because there's obviously victims of this crime. But because we made that decision, he was able to get a visa, come to the States, and he now works in the antivirus business. And he's completely trusted, and he the system actually worked in that his bad behavior was corrected, and now he's a member of this community. So that was one of those stories that sticks in my mind as one thing that went particularly well.
SPEAKER_02:Yeah, because obviously when you pick up a criminal record, getting those kind of jobs is virtually impossible. Yeah, that's sensible policing as it yeah. I'm not so sure it's quite so sensible these days, but back in the day.
SPEAKER_01:I think policing these days is a completely different realm. I don't think you or I would enjoy it.
SPEAKER_02:No, and perhaps that's the topic for another day over over a beer. But yes, uh, I I I don't know if I would join the police now. Um it's a different world. But obviously we need police, and I don't want to discourage anybody listening to this from what is a very rewarding career.
SPEAKER_01:I think it's it's a fantastic career. I had uh amazing adventures, loved meeting the people. It definitely made me the individual I am today.
SPEAKER_02:But yeah, but this brings me on to a uh quite an important point because when we're talking about career choices in law enforcement is obviously a way into the cyber world, isn't it? Because you get good training, uh, you get the exposure, you get leadership skills, and you get good communication skill training in the police force. But what other ways, you know, because I often guess we're elder statesmen, I guess I hope you don't mind me saying that, but we're elder statesmen in this uh in this realm. And I'm sure you get asked, and I get asked a lot, is how do you get a foot in the door as a young professional? You want to get involved in cyber on the investigation or threat intel side. How do you get a foot in the door these days, other than law enforcement, perhaps?
SPEAKER_01:A lot of the time you'll start as a junior SOC analyst. Um a lot of the time you'll be working in IT and you'll have an interest in cybercrime and you start going to B-Sides conferences and you start subscribing to certain mailing lists, you start um contributing to goodness, subreddits, for example, and you can start imbuing yourself with this community without having to have it as your full-time paid job. And you'll find that as you get a reputation and you start meeting people, a full-time job could be a very reasonable goal. Yeah.
SPEAKER_02:It's interesting you mentioned SOC analysts because I was having a chat with a couple of folks the other day who are uh in the CISO sort of world, and they were saying that one of their concerns is that AI is going to be taking over a lot of these junior SOC analyst roles. They're able to make decisions faster, more accurately, and obviously lower cost. And therefore, we're limiting the opportunities for young professionals to get a foothold or a start in the career. I don't know if you've had any thoughts about the AI implications of our industry.
SPEAKER_01:I think we're already seeing in the last couple of weeks some very smart uh usurping of the AI safeguards. And I think that criminal use of AI is definitely accelerating far more rapidly than legitimate CTI use of AI. I think that it's a hugely challenging situation. And you're right, how are the new people coming into our community gonna acquire the skills? There isn't really a de facto training class or certification that you can go to to become a threat analyst or a cybercrime investigator or part of this community. So you really there is no roadmap. Unfortunately, you have to make it up as you go along. And now the foundations are shifting right under your feet. Uh I'm just glad I'm already in the business.
SPEAKER_02:Yeah, 100%. It's yeah, as we just spoke about with law enforcement, um, you know, times have changed. And I guess those who are going to survive and be successful in this field are the ones who are smart to adapt, obviously leveraging AI as well, uh, rather than treating it as a threat, but using it as a uh as a weapon.
SPEAKER_01:The way it was explained to me when I started getting to this business is it's very difficult to train someone to be a police officer unless you're actually a police officer. The rules of evidence, the uh way of interacting with a suspect, following your nose, following your instrict, is something that you build up over years of working, burglary, robbery, racial crime, just as I did. And then you can start to acquire some of the technical tools. But if you come in with the technical tools initially and you try and learn how to do an investigation, that's where some of the problems come. In my experience, being able to do an a criminal investigation is a fundamental skill, and then you can become more technical as you go.
SPEAKER_02:So, Steve, uh something I get asked uh a lot is who makes a better cyber investigator? And when I was in law enforcement, I was asked who are the best cyber cops? Is it a police officer who you train to be a technical investigator, or is it an IT guy, a cyber guy who you train to have an investigative mindset? What what are your views on this?
SPEAKER_01:I'm obviously incredibly biased, but for me it's the former. I think it's very difficult to train somebody from a technical background and teach them about the technical law, but teach them about instinct, about how to interrogate people, about how to persuade people to explain a little bit more about a circumstance than they would rather do. So I think being able to prove that you can do an investigation into burglary, robbery, racial crime or whatever is much more important. And you can teach that experienced detective the technical skills they need to become a decent cybercrime investigator.
SPEAKER_02:Yeah, I I 100% agree. Although, you know, there are exceptions, of course, and we've had, you know, folks in the Hong Kong police that have just come from a computer science background and we pull them straight into uh the team and they've they've you know they have adapted and adapted well. But on the whole, 90% of the time I would agree it's it's the mindset that is critical and uh having the broad mind, the the way of thinking, thinking of all possibilities. Uh IT tends to be a binary subject, ones and zeros and much more precise, whereas investigation is more broad.
SPEAKER_01:Aaron Powell Yeah, but there's also some requirements to have decent communication ability to try and explain a case to a prosecutor or a judge when you're giving evidence can be very difficult if you don't understand how that part of the world actually thinks.
SPEAKER_02:No, I agree. I agree entirely. So let's talk a bit about the upcoming Underground Economy Conference in Strasbourg, if you're able to. Because again, you don't get as much participation perhaps from the Asia-Pacific region as you would like. Obviously, this is a try to be a global event. Can you just explain where it's at? I know we briefly spoke about the Council of Europe, but explain a bit more about the venue and who might be eligible to attend and what the dates are.
SPEAKER_01:So we started running these conferences at Interpol headquarters in Lyon, in France, many, many years ago. And unfortunately, Interpol has a facility there that only holds about 200 people. We have a massive demand for people that want to come along to these conferences because they've proven to be very valuable. So we're talking about 600, 650 people coming out to Strasbourg, France, uh, with the Council of Europe, and they've got an amazing building, and they are fantastic partners, and they are very generous with their support to the community. But it's a long way away from the Asia Pacific region. This is why, when we can, we do things like coming out to Singapore, coming out to Malaysia. We did an event in Hong Kong. They were very successful. I wish we could do them, as I said, a couple of times a year, but resources such as they are. Um we do the big event early September in Strasbourg. And I thoroughly recommend if anyone from the Asia Pacific could come along, it definitely would be very valuable because it's essentially four days of back-to-back case studies. You're going to meet pretty much everybody who's anybody in this community, and they are, by virtue of the fact that they're there, able and willing to collaborate and cooperate with you. And the dates are, again, a reminder? We're actually still working on the dates. One of the great things about this community is there is a very vibrant conference circuit, and there's conferences popping up all the time. And of course, we don't want to clash with something else that's going to impinge on our delegate demographics. So we try and deconflict as much as we can. So watch this space for the formal announcement of when the date of UE26 is going to be.
SPEAKER_02:Right. Okay, good to know. And if anybody wants to keep abreast of this, then obviously, Steve, you're on LinkedIn. Absolutely. You can be found there, as am I.
SPEAKER_01:We've also got uh this Dragon Newsbytes newsletter, which has been running for about 20 years. It's a plain text newsletter. There's no HTML tracking. It comes out five or six times a day with some of the latest summaries of the latest news stories from the community. And if you subscribe to that, we will automatically tell you when we announce the registration site for UE26. So you can just Google Dragon News Bites, subscribe to it, and then you'll get notified automatically.
SPEAKER_02:And I am a consumer of this, and I can heartily advocate that this is a great source of intel because you do keep us abreast of what's going on. There's some great leads and some great information, very topical. And as you say, there's no malware uh well, I shouldn't say malware, no advertising.
SPEAKER_01:There's no advertising, uh it's not a sales and marketing thing. It's not run by the sales and marketing teams, it's run by us, people like us.
SPEAKER_02:Okay. All right, good. So look, it's a great honor. I know how busy you are here, but Steve, thank you so much for giving me half an hour of your time to chat with you today. Uh, but I always close uh because I'm a music lover by asking my guests uh what they're what they're currently listening to. And I'm always intrigued by what people, you know, when they switch off from their work, what they like to uh relax to. So Steve, I'm gonna ask the same question of you. What do you what do you what's currently on your playlist?
SPEAKER_01:It's interesting because I've just had my Spotify rap uh for the year and my Spotify age. Have you heard of this thing?
SPEAKER_02:They're yeah, well, I'm getting loads of really great feedback. People are messaging me saying you're my number one listed listed uh podcast to Excel. And I'm I'm going, wow, that's pretty cool. Uh we've got some great listeners. Thank you, everybody, by the way. And don't forget to hit the like and subscribe button if you are out there listening, because that gets us out to more people. But go ahead, Steve.
SPEAKER_01:But my Spotify age came back as 21. And the conclusion I've come to is that probably one of my kids has hacked my Spotify account and changed it all. Most of my listening is electronic dance music. A lot of my current playlist is actually an Australian rap group called the Hilltop Hoods. Fantastic people. Yeah. You're a rapper? No, just Australian rap. Interesting.
SPEAKER_02:Well, obviously, we listen to different music because my age came back as 55. So but uh it no, yeah, that Spotify thing was very interesting that end of year rap. That's how to do it, isn't it? I think a lot of people uh uh were talking about that. Look, Steve, it's it's another great event. Congratulations on all the work you do here at Team Cymru and these events, they are superb. They are the event that I make time to go to, and honestly, it's largely thanks to you and your tireless efforts and what you do for the community. So thank you, Steve, for all that you do for the community, and thank you very much for joining me here today.
SPEAKER_01:You're welcome. Thank you for your coming, lads. Bye-bye.
SPEAKER_02:Theos Cybernova was presented by myself, Paul Jackson. The studio engineer and editor was Manny Penny Mora. The executive producer was myself and Ian Carlos. And this podcast is a co-production between Theos Cyber and W4 Podcast Studio in Dubai.