Trust & Resilience  —  The New Frontlines of Cybersecurity 

RAGHU

Cybercriminals thrive on trust. Whether it’s deepfakes fooling executives, social engineering tricking employees, or ransomware negotiations exploiting fear. Yet, even as organizations invest in security, breaches are inevitable. The real question is: can you recover? True cybersecurity resilience isn’t just about preventing attacks…it’s about ensuring organizations can withstand and bounce back from them.

[Cold Open]

(SFX: Urgent news bulletin sound, typing on a keyboard, a tense phone call playing faintly in the background.)

RAGHU

Imagine this: You’re the CFO of a global enterprise. You get a call from your CEO  —  his voice, his urgency, unmistakable. There’s an urgent wire transfer that needs to be made. It’s routine, right? Except…your CEO never made that call. It was a deepfake. A perfectly replicated voice engineered to exploit trust, and just like that  —  millions vanish.  

(SFX: Click. Silence. A slow beat fades in.)

RAGHU

This is the new cyber battleground. Trust fuels our businesses, our relationships, our digital world  —  but it’s also our greatest vulnerability. And when that trust is exploited, resilience is the only thing standing between survival and catastrophe.

Welcome to Season 3 of The Segment: A Zero Trust Leadership Podcast. I’m your host, Raghu Nandakumara. This season, we’re exploring the intersection of trust, resilience, and human behavior  —  how cybercriminals weaponize trust, why resilience is about more than just prevention, and why human psychology remains the most exploited element in cybersecurity.  

(SFX: Shift in tone, upbeat but serious.)

[Segment 1: The Trust Exploit]

(SFX: A slight audio distortion, followed by a confident voice.)

RAGHU

Cybercrime isn’t always about sophisticated hacking  —  often, it’s about manipulation. And that starts with exploiting trust.

Brett Johnson

"It doesn’t matter what the truth is. It matters what I can convince you of. And we see that now more than ever."​

RAGHU

That statement right there is the foundation of cybercrime today. And no one understands this better than Brett Johnson. Once a notorious cybercriminal and the mastermind behind ShadowCrew, Brett helped shape modern cybercrime. Today, he works to stop the very schemes he once orchestrated.  

(SFX: Slow fade — in of a recorded conversation.)

Brett Johnson

"If you think about an online attack, there’s only really three motivations for why that happens. It’s status, cash, or ideology. Status — I’m trying to impress my criminal peers. Cash — I’m trying to make money. Or you’ve pissed me off, and I’m trying to get you."

RAGHU

This isn’t just about stealing money. Misinformation, deepfakes, cyber warfare — at their core, they all exploit one thing: trust.

(SFX: Keyboard typing, distant notification sound.)

RAGHU

And that’s the trick, isn’t it? Cybercriminals don’t need to break through security systems when they can simply convince people to let them in. Technology is part of the equation — but the real weakness is human behavior.

Dr. Erik Huffman is a cyberpsychologist who studies how human behavior influences cybersecurity. His research focuses on why people fall for scams, how attackers manipulate trust, and why organizations keep making the same security mistakes.

Dr. Erik Huffman

"I pulled a group of over 300 hackers, self-identified. 93% of them said they start with humans before they start with technology."​

[Segment 2: Trust Inside Organizations]

RAGHU

Trust isn’t just something attackers exploit externally — it can be misplaced internally as well. And when that happens, organizations leave themselves vulnerable from within.

Dr. Kelley Misata has spent years working with mission-driven organizations, helping them weave security into their very DNA. She is the founder and CEO of Sightline Security, a nonprofit dedicated to helping organizations build resilience against cyber threats.

Dr. Kelley Misata

"One of the most difficult things in security are the people. So, when we talk about security awareness training, we're not saying awareness training on the systems — we're saying the people."​

RAGHU

Security isn’t just about firewalls and threat detection — it’s about the culture within an organization. It’s about how employees understand and approach security in their everyday decisions. But building a security-conscious culture is challenging, especially when technology evolves faster than awareness can keep up.

Dr. Kelley Misata

“We are integrating, interacting with this technology every single day and even more so, right? Like, I think back to when we adopted technology with such abandonment around how do we stay safe. My dream state is that we are always thinking about, ‘Should I be doing this? What is the impact of my behavior? What is my impact of engaging with a new piece of software? What's my impact to my organization?’”

RAGHU

And that’s the shift organizations need to make. Security isn’t just an IT issue; it’s a mindset. It’s about embedding security into how we work, making it part of everyday decisions, not just an afterthought.

Dr. Kelley Misata

“I think it has to go down into the cultural level… If we take it outside of that special box of 'Let's do a training' and make it instead, 'Let's talk about how we're using these systems and these devices' — then we start to get somewhere. It’s about how employees understand and approach security in their everyday decisions.”

[Segment 3: Cybercrime as a Business]

(SFX: A muffled phone call, a distant voice speaking in a foreign language. Click. A distorted voice demanding payment.)

RAGHU

Cybercrime isn’t just a series of random attacks…it’s an industry. A multibillion-dollar one at that.  

Few people understand the structure of cybercrime better than Brian Boetig. As a former FBI Assistant Director, he spent years tracking cybercriminals at the highest levels.

Brian Boetig

"There's been a business model that's really been created out of cybercrime. You have to realize that it's still human beings behind here, and they're running a business. My first assignment in the FBI, we worked kidnappings for ransom. You knew exactly what the group wanted. They’d ask for 10 million, you knew you could settle for five. It’s the same with ransomware today. You know how they’ll operate, how much they’ll demand, and whether they'll follow through. It’s predictable — because it’s a business."

(SFX: Keyboard typing, audio of a recorded conversation fading in — a frustrated executive speaking in hushed tones, negotiating a ransomware payment.)

Brian Boetig

“Cybercrime is the ultimate work-from-home business. You can be very, very far away from your target and still make money every day. And because it’s safer than physical crime, you’re seeing groups that were in organized crime moving into cybercrime. They’re making more money with less risk.”

RAGHU
And that’s what makes cybercrime so hard to stop — it’s not one hacker, one crime, one country. It’s an ecosystem of criminal businesses, selling and trading data, ransomware kits, and hacking services.

Brett Johnson

“Most attacks are cash-based or status-based. If I'm attacking for cash, I'm looking for the easiest access that gives me the largest return on my criminal investment. The key to stopping cybercrime isn't trying to prevent every attack — it’s making sure it’s not worth the attacker's time.”

(SFX: A robotic voice from a dark web forum — "We guarantee your decryption key within 24 hours after payment." Click.)

RAGHU

And if cybercrime operates like a business, the question is — how do we disrupt it?

Brian Boetig

"You have to disrupt the model — make attacks more expensive, make recovery faster, and remove the financial incentive."​

[Segment 4: Rethinking Resilience]

(SFX: An old-school telephone ringing, followed by a news alert ping.)

RAGHU

If prevention alone isn’t enough, then what’s the number one thing organizations should focus on?

Dr. Larry Ponemon is one of the most respected experts in security, privacy, and risk research. As the founder of the Ponemon Institute, he has spent over two decades tracking breach data, the financial impact of cyberattacks, and the evolving security landscape.

Dr. Larry Ponemon

"For every one thing that we are able to prevent, potentially, like, 10 things have made their way onto the network. And that’s eye-opening and shocking."

RAGHU

So, if attacks are constantly slipping through, then the real challenge isn’t just stopping them, it’s making sure they don’t spiral into full-blown crises.

Dr. Larry Ponemon

"Prevention is probably the wrong thing to think of because it's not practical. A lot of organizations have given up on prevention, and they look at things like time to contain, time to restore, time to do the things that get out of the problem."

RAGHU

And that’s why resilience is the priority — because in cybersecurity, the question isn’t if an attack will happen, but when.

Dr. Erik Huffman

"If you’re a small-to-medium business and a nation-state wants to get you, most likely they’re going to get you. You may do everything right and still get it wrong."​

RAGHU

Panic makes things worse. Delayed decision-making, frozen employees — these are the moments that turn an incident into a disaster.

(SFX: A security alert pings. A phone rings in the background.)

RAGHU

This is why resilience isn’t built in the moment of attack — it’s built before it happens.  

[Conclusion]

(SFX: Reflective, hopeful music begins to play.)

RAGHU

So, here’s the takeaway: Trust is a battleground, but resilience is the shield. Cybercriminals will always find new ways to exploit trust, but organizations that build resilience through segmentation, containment, and a security-first culture will be the ones that survive.

Thank you for tuning in to The Segment. Be sure to subscribe so you don’t miss these full-length interviews.  

(SFX: Outro music fades out.)

‍