Into the mind of the FBI

It’s the late 90s, and while drinking a beer at a pub in the US city of Omaha, salesman Miguel Clarke cracks a joke to his friends about applying for the FBI, the country’s national security organisation.

Two weeks later, back in his hometown in Kansas City, Clarke receives a call: “I heard you’re interested in joining the FBI.”

“True story,” laughs Clarke, adding that this is only the redacted version of his story.

In its hiring process, the US Federal Bureau of Investigation takes in employees from many backgrounds, “so, somebody who has never shot a gun, or somebody who’s never arrested someone,” and train them up to a “high level of proficiency,” in its academy, explains the former agent.

From there, “they develop a proficiency for you,” he adds. “The whole point of the academy is getting people up to a certain level of training where they can solve America’s most difficult and challenging problems.” While working with the cyber squad, “there was a lot of time in the classroom”.

Having left the FBI last year, Clarke works on GRC and cyber security at Armor Defense, deploying the skills he picked up as an agent to help businesses with their cyber resilience today.

When Clarke started in the field over two decades ago, “it was really about ports, protocols, firewalls, and access control”.

“Over time, it has gotten closer to the human being, and now we have to do all the things we did before, but then also have secure applications and try to limit behaviours in such a way to not introduce more vulnerabilities.”

The cyber expert says he has seen threats become more complicated. “They may be smaller, but they’re more diverse and they happen all the time, so it’s gotten a lot harder.”

Clarke expands: “You’ll probably hear a lot about threats and vulnerabilities,” but, “I think that’s a pretty saturated market and a pretty saturated conversation.”

Nowadays, the threat of an attack could come from various different angles in the cyber world, but truly the most common weakness for businesses is its people.

“In my experience in the FBI, you deal with human beings and you’re not trying to hack the technology,” Clarke fires.

“The technology is hard to hack. People are way easier to hack.”

During his time at the FBI, Clarke claims the way he looks was his “superpower” in getting suspects to talk, although likely it was his sales experience chat that helped too.

“When I’d go out and do interviews, people did not think I looked like a typical FBI agent,” he says. “Being able to talk to people and get them to tell you things they wouldn’t normally tell you, it’s a really important skill.”

To assert how critical cybercrime is to tackle, Clarke points out that cybercrime is a six trillion dollar problem: “To visualise how big six trillion is, it would be the world’s third-largest economy.”

Can artificial intelligence be stopped?

Last month, the likes of Tesla CEO Elon Musk, and Apple co-founder Steven Wozniak joined in on signing an open letter calling for a six-month halt to work on AI systems that are “now becoming human-competitive”.

The letter, signed by high-profile tech entrepreneurs over four weeks ago, hosts just over 22,000 signatures at the time of writing, and requests AI research and development to refocus on making AI more accurate, safe, and transparent.

In response to the letter, Microsoft, conversational AI ChatGPT’s biggest backer, co-founder Bill Gates, said to Reuters: “I don’t think asking one particular group to pause solves the challenges.”

“I don’t think you can stop it, right?” says Clarke. “You can be one of the last to adopt it or adjust to it.”

From a cyber security point of view, “AI is here. It’s not going anywhere and it will be more of a boom for the attacker than it ever will be for the defender, it’s just the simple,” says Clarke.

It is going to make the job a lot harder to do from a defence standpoint, he claims, meaning, to help tackle this, businesses need to start focusing on situational awareness.

Enterprises often need to arm themselves ready to take on threats. “[If] I can’t run, I better be a good fighter, right?”

Firms can’t avoid the threat of artificial intelligence-powered attacks, instead, they need to prepare by lining up “40 or 50 questions” such as ‘what is the worst thing that could happen to us’ or ‘what is a business ending event’ in preparation for building out protection against those outcomes, he advises.

On TikTok: “I don’t see how that data could ever be safe”

Not all threats are internal, however. Social media app TikTok has dominated news stories in the past few months as western politicians have grown increasingly concerned over the firm’s links to the Chinese government. Governments in the West have asked their own employees not to download the app for security purposes, and businesses are questioning whether they should do the same. TikTok has denied any wrongdoing.

Clarke hesitates, before adding “I don’t see how [user] data can ever be safe.”

TikTok acts as “an avenue” for the People’s Republic of China to “export its culture to the rest of the world”, he adds.

He concludes: “In the near term is this something to worry about? No. But is it absolutely a vehicle to prepare the rest of the world, or be a more advantageous target should the PRC decide to attack? Yes.”