Stagehand: S1 Episode 4
Keith and I left the scene like we found it: the two kidnappers dead on the floor, their shotgun up against the wall, and the rope used to tie up Carl Timmons sprawled out on the floor. We tipped off local law enforcement and were gone before they arrived, leaving no trace we were ever there. Of course, if they happen to stumble upon the missing CISO that was once tied up with the rope, and track it back to me, I’d happily answer their questions.
But right now, I’ve got questions of my own.
Did the kidnappers get into bed with someone they couldn’t handle? Or did someone find out about their asinine plan, and take advantage? Who else knew about Carl Timmons’ kidnapping? What did they have to gain? I run through every scenario in my head.
“Timmons did it,” Frenchie says, in our boardroom back at Stagehand. “He’s waxing poetic on how Carl Timmons killed the two hackers, or at the very least was in on his own kidnapping.” With Frenchie, most people are guilty until proven innocent, but I’m not convinced, and neither is John.
“Carl Timmons is a member of the Huntington Golf Club,” John counters. He’s been looking into Timmons since Palmer hired us. “He’s an avid sailor, when he has the time.” He shows us a picture of Timmons on his sailboat. Keith looks at the boat, then at me, “He named it Carl’s Boat.” I nod, doesn’t exactly yell “trained assassin.”
I’d be going in with one other Marine, a guy who called himself ‘D.’ He told us it stood for ‘death.’
John continues the slideshow through Carl’s various social clubs, his monthly visits to his lone aunt in Sunnyvale, and his donations to various causes that help orphans around the world. Then, he pulls up a video. “What fresh hell is this?” Frenchie asks right before John presses play on a YouTube tutorial entitled “PRIVACY HACKS WITH CARL!!”
The video is as nerdy as you’d suspect, and frankly, very helpful. John turns from the video featuring Carl enthusiastically walking viewers through a new privacy app, looks at Frenchie, and says,
“He wears a bowtie for Christ’s sake.”
Frenchie, without skipping a beat, responds, “so does Tucker Carlson.”
I look over at Keith. I can tell by his face we’re in agreement. Carl Timmons might be lonely, but he doesn’t look like any killer we’ve ever seen. He doesn’t have the eyes.
The Marines suspected a US Ambassador was being held in a Hezbollah holdout tucked away in the Northern Plains. After recon, we knew it was too big of a risk to send in a whole squad. I’d be going in with one other Marine, a guy who called himself “D.” He told us it stood for “death.” I know, a little on the nose, but it’s the Marines, not Broadway.
In war, cocky will get you killed fast, but fear, even quicker. Before we busted into the place, I could tell D thought he was better. Not just better than me, but better than all this: smarter, faster, more efficient with a gun, or a knife. He busted down the door. Shots fired from the corner behind me, and I sunk a bullet into whoever was shooting. D looked over at me and said, “Next one’s mine.”
It’s in the eyes.
Lincoln Palmer is waiting for me in my office, his lap-dog lawyer by his side. Next to him is the CEO of Illuminating Solutions, Laureen Hansen. She introduces herself. Her handshake’s firm, her eyes, steadfast. If she’s been shaken by the kidnapping of her Chief Information Security Officer, it doesn’t show.
“Mr. Sullivan.” I wince, “‘Sully,’ ma’am.” She looks back at me, “Fine, but don’t call me ‘ma’am.'”
“Deal.” Before she can speak further, Lincoln Palmer interjects with his agenda.
“Ms. Hansen came to me with some interesting information.” Hansen takes a seat on the leather couch, Palmer and his attorney follow, and so do I, behind my desk. “Since the situation’s become more…complicated,” yeah it has, I think to myself – two dead guys and a CISO who has seemingly vanished, “Laureen and I were discussing how to best mitigate a PR nightmare, and – ” Laureen could see where Palmer’s line of bullshit was heading so she stopped him before he could finish his thought.
“Before we move forward, I’d like to be crystal clear with you Sully, like I’ve been with our majority shareholder here. When Mr. Palmer told me he’d hired you to find Carl, I trusted that Carl’s safety was ensured by the safety of Illuminating Solutions. I’m beginning to think that might not be the case.”
Shots fired from the corner behind me, and I sunk a bullet into whoever was shooting. D looked over at me and said, ‘Next one’s mine.’
Palmer placed a comforting hand on Laureen’s shoulder and interjected, “Sully, I’ve assured her that as long as the company is secured, Carl’s life is still of value. Isn’t that the case?” Lincoln Palmer’s my client but clearly Hansen’s the one in charge right now. Again, it’s in the eyes.
“As a majority shareholder, Mr. Palmer’s concern is his investment in Illuminating Solutions, but as CEO, my primary concern right now, is for my employee. You have until Monday. That’s four days to bring Carl back. If you’re unable to find him and bring him back, I’m going to the FBI. I don’t care about the press, a PR nightmare, a financial catastrophe. Do you understand?”
“Yes, ma’am, I mean, yes, Ms. Hansen.” Then, also out of habit, and because I believe it to be true, I added, “we’ll find him.” I then look over at Lincoln Palmer and see a strange but familiar look in his eyes.
– – –
We reconvene in John’s office. Keith sits on the couch, silent and stoic. Frenchie leans against the back wall, spitting Skoal tobacco juice into a Red Bull can. I am sitting at John’s desk, looking at his computer screen, which he’s turned around for all of us to see. He’s been scouring video footage from the surrounding neighborhoods where Carl was kept, and pouring over emails, chats, and internet searches of our dead kidnappers. It was a call to an old Marine buddy who’s now piloting private planes out of San Jose that gave us what we needed. John pulls up the image on his computer.
The image shows three men, hats on and heads down like they knew where the CCTV cameras were positioned. Everyone in John’s office can see the face of the man walking in front of the three others. His face is clearly visible because he’s not trained to know where the cameras are. It’s Carl Timmons. Keith asks where the flight is headed.
Carl Timmons might be lonely, but he doesn’t look like any killer we’ve ever seen. He doesn’t have the eyes.
John turns around. “One way to St. Petersburg, Russia, Buddy. Left approximately one hour after our little hacker friends were taken out.”
I examine the photo more closely, focusing on Carl’s expression and body language. There’s only so much you can tell from a photo, but I had to ask the question, “Does he look to you like a guy that’s scared for his life?”
John, Frenchie, and Keith all look at the image of Carl Timmons. Frenchie is the first to reply,
“Told you he was in on it.”
Stagehand: S1 Episode 8
Carl Timmons was given 24 hours to decide what he wanted to do. This was a tactic. Twenty four hours to sit alone and think about all the money he could want and the price he’d pay for it. And 24 hours to also contemplate what Andre Savin might do to him before...
Stagehand: S1 Episode 7
Andre Savin and Lincoln Palmer had met on several occasions and had the type of relationship you’d expect between two men of their standings on the billionaire scale. Contemptuous but also understanding. They were both driven by the same desire—access to...
Stagehand: S1 Episode 6
Belfast, New York - 1889 They called him The Boston Strong Boy—arguably the first real boxing star and one of the highest paid athletes of his time. He’d always been good at school. He attended Boston College where his parents thought he might pursue...
What Is Zero Trust Anyway?
About three minutes into planning this post, I had one of those “god, I am old” moments. Here is why I had the moment. I have worked in cybersecurity since 1994. My first job was at a big 3 working for the U.S. government through one of the world’s...
Why Bots Are the Next Big Thing in Account Takeover Fraud
Account takeover fraud may sound like a familiar term in cybersecurity, yet its prevention methods in the e-commerce domain are still nuanced. Retailers are historically concerned with payment fraud systems related to chargebacks. This happens when a customer makes a...
Stagehand: S1 Episode 5
Kuwait, 1990 I’m launched out of a submarine a few miles off the coast of Kuwait City. When I swim to shore, I quickly change into my dry land clothes—a full burka. I was a six-foot-one Marine posing as a good Muslim woman. The catch, beneath the modest...
Ransomware: When Policy Matters Most
Most CISOs divide their approach to cyber defense into three pillars: people, technology, and processes. These pillars define a cybersecurity program’s defensive architecture and arsenal, available assets, and policies and procedures that together inform...
Selling to a CISO? Practice Empathy, Not Salesmanship
The cyber security marketplace is hot. Ask any candidate for a cybersecurity role. Better yet, ask any supplier to CISOs. The supplier audience is especially vast, and it’s continuing to grow. Just three years ago, there were estimated to be less than 2,000...
The Risk of Measuring Risk
Automated measuring of control effectiveness is a very good idea conceptually. When you can combine control gaps with relevant threat information, you get a very good picture about the actual technical cyber risks your business faces. If done correctly, it provides...
SecOps Needs More Democratization, Not Less SOC
An increasing complexity of technologies, as well as an increasing number of failures and attacks followed by an increasing dependency on business goals is changing the way we run Security Operations Centers. I previously discussed the concept of a Fusion Center as an...
Measuring a Cyber Awareness Culture
Until recently, cyber awareness metrics have been treated by many as a tick-box exercise driven by regulations. The regulator requires x number of hours of cyber awareness training per employee per year, and once that is done, the organisation ticks a box and waits...
Good Enough Isn’t Good Enough Anymore
The cyber risks we face today are more than we faced previously but also fundamentally different in several respects. Our adversaries are more adept and their tools and tactics more protean in capability. In light of these increasing challenges, our cyber defenses...
Data Classification: Building, and Pitching, a Rock Solid Program
In our final installment, we are going to discuss how you roll all the concepts previously covered into a plan of action. The difference between the success and failure of a data classification program is a lack of action. I have reviewed over 10 programs in my...
Stagehand: S1 Episode 3
Cyprus ~ 2006 Ali Hassan was a low-level operative in Hezbollah, but we had it on solid authority that he knew where three high-level leaders of the terrorist organization were hiding. Keith arrived fifty-seven hours into Hassan’s interrogation and by the looks of it,...
Data Classification – How to Categorize It, Where to Store It
Previously, we discussed the requirements of a mature data classification program. In this post, we are going to review the administrative mechanics of such a program. Data classification, you’ll recall, usually includes a three- or four-layer system akin to the...