Select Page
Stagehand-Episode-4

Stagehand: Episode 4

Keith and I left the scene like we found it: the two kidnappers dead on the floor, their shotgun up against the wall, and the rope used to tie up Carl Timmons sprawled out on the floor. We tipped off local law enforcement and were gone before they arrived, leaving no trace we were ever there. Of course, if they happen to stumble upon the missing CISO that was once tied up with the rope, and track it back to me, I’d happily answer their questions.

But right now, I’ve got questions of my own.

Did the kidnappers get into bed with someone they couldn’t handle? Or did someone find out about their asinine plan, and take advantage? Who else knew about Carl Timmons’ kidnapping? What did they have to gain? I run through every scenario in my head.

“Timmons did it,” Frenchie says, in our boardroom back at Stagehand. “He’s waxing poetic on how Carl Timmons killed the two hackers, or at the very least was in on his own kidnapping.” With Frenchie, most people are guilty until proven innocent, but I’m not convinced, and neither is John.

“Carl Timmons is a member of the Huntington Golf Club,” John counters. He’s been looking into Timmons since Palmer hired us. “He’s an avid sailor, when he has the time.” He shows us a picture of Timmons on his sailboat. Keith looks at the boat, then at me, “He named it Carl’s Boat.” I nod, doesn’t exactly yell “trained assassin.”

I’d be going in with one other Marine, a guy who called himself ‘D.’ He told us it stood for ‘death.’

John continues the slideshow through Carl’s various social clubs, his monthly visits to his lone aunt in Sunnyvale, and his donations to various causes that help orphans around the world. Then, he pulls up a video. “What fresh hell is this?” Frenchie asks right before John presses play on a YouTube tutorial entitled “PRIVACY HACKS WITH CARL!!”

The video is as nerdy as you’d suspect, and frankly, very helpful. John turns from the video featuring Carl enthusiastically walking viewers through a new privacy app, looks at Frenchie, and says,

“He wears a bowtie for Christ’s sake.”

Frenchie, without skipping a beat, responds, “so does Tucker Carlson.”

I look over at Keith. I can tell by his face we’re in agreement. Carl Timmons might be lonely, but he doesn’t look like any killer we’ve ever seen. He doesn’t have the eyes.

Afghanistan, early 80s

The Marines suspected a US Ambassador was being held in a Hezbollah holdout tucked away in the Northern Plains. After recon, we knew it was too big of a risk to send in a whole squad. I’d be going in with one other Marine, a guy who called himself “D.” He told us it stood for “death.” I know, a little on the nose, but it’s the Marines, not Broadway.

In war, cocky will get you killed fast, but fear, even quicker. Before we busted into the place, I could tell D thought he was better. Not just better than me, but better than all this: smarter, faster, more efficient with a gun, or a knife. He busted down the door. Shots fired from the corner behind me, and I sunk a bullet into whoever was shooting. D looked over at me and said, “Next one’s mine.”

It’s in the eyes.

Lincoln Palmer is waiting for me in my office, his lap-dog lawyer by his side. Next to him is the CEO of Illuminating Solutions, Laureen Hansen. She introduces herself. Her handshake’s firm, her eyes, steadfast. If she’s been shaken by the kidnapping of her Chief Information Security Officer, it doesn’t show.

“Mr. Sullivan.” I wince, “‘Sully,’ ma’am.” She looks back at me, “Fine, but don’t call me ‘ma’am.'”

“Deal.” Before she can speak further, Lincoln Palmer interjects with his agenda.

“Ms. Hansen came to me with some interesting information.” Hansen takes a seat on the leather couch, Palmer and his attorney follow, and so do I, behind my desk. “Since the situation’s become more…complicated,” yeah it has, I think to myself – two dead guys and a CISO who has seemingly vanished, “Laureen and I were discussing how to best mitigate a PR nightmare, and – ” Laureen could see where Palmer’s line of bullshit was heading so she stopped him before he could finish his thought.

“Before we move forward, I’d like to be crystal clear with you Sully, like I’ve been with our majority shareholder here. When Mr. Palmer told me he’d hired you to find Carl, I trusted that Carl’s safety was ensured by the safety of Illuminating Solutions. I’m beginning to think that might not be the case.”

Shots fired from the corner behind me, and I sunk a bullet into whoever was shooting. D looked over at me and said, ‘Next one’s mine.’

Palmer placed a comforting hand on Laureen’s shoulder and interjected, “Sully, I’ve assured her that as long as the company is secured, Carl’s life is still of value. Isn’t that the case?” Lincoln Palmer’s my client but clearly Hansen’s the one in charge right now. Again, it’s in the eyes.

“As a majority shareholder, Mr. Palmer’s concern is his investment in Illuminating Solutions, but as CEO, my primary concern right now, is for my employee. You have until Monday. That’s four days to bring Carl back. If you’re unable to find him and bring him back, I’m going to the FBI. I don’t care about the press, a PR nightmare, a financial catastrophe. Do you understand?”

“Yes, ma’am, I mean, yes, Ms. Hansen.” Then, also out of habit, and because I believe it to be true, I added, “we’ll find him.” I then look over at Lincoln Palmer and see a strange but familiar look in his eyes.

– – –

We reconvene in John’s office. Keith sits on the couch, silent and stoic. Frenchie leans against the back wall, spitting Skoal tobacco juice into a Red Bull can. I am sitting at John’s desk, looking at his computer screen, which he’s turned around for all of us to see. He’s been scouring video footage from the surrounding neighborhoods where Carl was kept, and pouring over emails, chats, and internet searches of our dead kidnappers. It was a call to an old Marine buddy who’s now piloting private planes out of San Jose that gave us what we needed. John pulls up the image on his computer.

The image shows three men, hats on and heads down like they knew where the CCTV cameras were positioned. Everyone in John’s office can see the face of the man walking in front of the three others. His face is clearly visible because he’s not trained to know where the cameras are. It’s Carl Timmons. Keith asks where the flight is headed.

Carl Timmons might be lonely, but he doesn’t look like any killer we’ve ever seen. He doesn’t have the eyes.

John turns around. “One way to St. Petersburg, Russia, Buddy. Left approximately one hour after our little hacker friends were taken out.”

I examine the photo more closely, focusing on Carl’s expression and body language. There’s only so much you can tell from a photo, but I had to ask the question, “Does he look to you like a guy that’s scared for his life?”

John, Frenchie, and Keith all look at the image of Carl Timmons. Frenchie is the first to reply,

“Told you he was in on it.”

RELATED POSTS

The Risk of Measuring Risk

The Risk of Measuring Risk

Automated measuring of control effectiveness is a very good idea conceptually. When you can combine control gaps with relevant threat information, you get a very good picture about the actual technical cyber risks your business faces. If done correctly, it provides...

SecOps Needs More Democratization, Not Less SOC

SecOps Needs More Democratization, Not Less SOC

An increasing complexity of technologies, as well as an increasing number of failures and attacks followed by an increasing dependency on business goals is changing the way we run Security Operations Centers. I previously discussed the concept of a Fusion Center as an...

Measuring a Cyber Awareness Culture

Measuring a Cyber Awareness Culture

Until recently, cyber awareness metrics have been treated by many as a tick-box exercise driven by regulations. The regulator requires x number of hours of cyber awareness training per employee per year, and once that is done, the organisation ticks a box and waits...

Good Enough Isn’t Good Enough Anymore

Good Enough Isn’t Good Enough Anymore

The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability.  In light of these increasing challenges, our cyber defenses...

Stagehand: Episode 3

Stagehand: Episode 3

Cyprus ~ 2006 Ali Hassan was a low-level operative in Hezbollah, but we had it on solid authority that he knew where three high-level leaders of the terrorist organization were hiding. Keith arrived fifty-seven hours into Hassan’s interrogation and by the looks of it,...

Five Best Practices to do Supply Chain Security Right

Five Best Practices to do Supply Chain Security Right

Supply chain attacks aren’t new. In fact, The National Institute of Standards and Technology (NIST) published their initial report on supply chain risk back in 2015. One of the most well-known supply chain attacks happened shortly after in 2017. NotPetya corrupted...

Stagehand: Episode 2

Stagehand: Episode 2

Carl Timmons: CISO of Illuminating Solutions, a data analytics firm, forty-seven years old, never been married. Last Thursday, Carl arrived in San Jose on business. He was picked up by a company car and driven to The Manifeld Hotel. He was last seen leaving the hotel...

The Dark at the Top of the Stairs

The Dark at the Top of the Stairs

Let’s say you need to apply a critical patch across the organization, and the patch requires a reboot. While forcing a reboot to apply a critical patch is important, it creates business disruption that ripples out to your customers. Sooner or later, someone in the...

The Risk of Banking

The Risk of Banking

I just came off a big Zoom call with traditional bankers where they discussed changes in client behaviors, and the impact which new technologies bring, that fundamentally challenge today’s traditional European banking models. At the end of 2019, Boston...

Effective Board Communication for CISOs

Effective Board Communication for CISOs

Know Your Board If you’re a CISO, your Board generally knows who you are and what you do. But do you know who they are? No Board is monolithic. Each Board member brings unique value to the Board. Each is selected for what they add to the Board’s perspective, vision,...

Cyber Ops Must Evolve Towards Fusion Centres. Here is Why.

Cyber Ops Must Evolve Towards Fusion Centres. Here is Why.

Since the advent of space exploration in the 1960s, every child understands that the success of the space mission is dependent not only on the astronauts, but also on the engineers in the mission operation center. All complex missions or operations are high risk and...

Mitre Disrupting Advanced Persistent Threats
Share This