dnsUNFILTERED: Ryan Rambo, IXN Solutions

Podcast > Episode 43 | December 22, 2025

View Transcript ▼

Mikey Pruitt (00:01)
Welcome, everybody, to another episode of DNS Unfiltered. Today, I'm joined by the executive vice president of IXN Solutions, Ryan Rambo. Hello, Ryan. How are you?

Ryan Rambo (00:15)
I'm doing great. How are you doing today?

Mikey Pruitt (00:18)
I am pretty good. So Ryan has an interesting history. A long time in the armed services and the army, believe. You're currently in the IXN solutions, which does like counter intelligence for businesses. And you're even your army career is kind of about like espionage. So I want to start this with like, so I've been to the spy museum in DC. So I feel like I'm pretty knowledgeable about all this spy stuff.

Ryan Rambo (00:39)
It really is.

Mikey Pruitt (00:48)
Actually, that's a lie. I'm very novice. I know nothing. So I want you to start by educating me on what the heck does counterintelligence mean in the business world, in the modern.

Ryan Rambo (01:00)
I will tell you that don't watch the movies because that's not what counterintelligence has thought about. But we do. mean, our job is to focus in on espionage, which is the second oldest profession in the history of mankind. so, you know, espionage is, you know, through clandestine means or through surreptitious means gaining an advantage over an adversary by stealing their information, technologies, recruiting sources inside organizations. And that's really what I've focused on most of my professional career. So it's an interesting field. It's not jumping out of airplanes, which I've done that. So I even had to back up on that. So I have jumped out of airplanes when they're rising the army, but that's not what the job entails. The job entails.

You know, looking at organizations, intellectual property, their sensitive materials, and then developing strategies through security and other means to protect those from getting compromised by an adversary, a competitor, an insider threat. that's really what we focus on at iXN's solutions now.

Mikey Pruitt (02:07)
So it's less 007, more like, what is it, trading spaces or places with Dan Aykroyd and Eddie Murphy with the corn report. It's more like that?

Ryan Rambo (02:17)
It's more like Tinker Tailor Soldier Spy, and I would challenge you. It's a John LeCari movie. It's got ⁓ Gary Oldman in it. Just a fantastic movie. But most people, unless they're spies or counterintelligence professionals, will walk away from it going, have no idea what just happened. And some people will actually take like a good two hour nap while watching it because it's very subtle.

Mikey Pruitt (02:23)
I don't mind that.

Ryan Rambo (02:46)
Yeah - very slow, deliberate. It's fascinating to me, but I would highly recommend if you want to learn about counterintelligence, that's a great place to start.

Mikey Pruitt (02:57)
Making a note to myself to rent that movie later.

Ryan Rambo (03:01)
Yeah, it's worth your time. It's one of my favorite Gary Oldman shows, but you know, counterintelligence, what we do as professionals, you know, of course, we study all forms of espionage, you know, from the different ways that our counterparts, our opposition is basically the human intelligence collector. And the human intelligence collector is taught how to manipulate people into forming a relationship.

Where information can be passed back and forth through clandestine means. And on the counterintelligence side of that, we're always aware, we study our history of how these types of cases unfold over time. And then we try to spot that through the employees that we have access to. And what we call it, we call it the road to espionage or indicators of espionage. And that can take many different forms, but we know that people are people.

And if they have a significant life event or they're vulnerable to approach by one of these human intelligence collectors that they can be flipped and compromised from being a loyal person, a loyal employee to somebody that's actually committing disloyal acts. And that's what we're trying to prevent.

Mikey Pruitt (04:11)
How often is it someone from the inside that's kind of been, like you mentioned, life event, something happened, maybe someone comes to their rescue in exchange for some other information. How often is it that insider person versus like a professional who wiggles their way into a group?

Ryan Rambo (04:31)
I can't really put a percentage on it because it happens in so many different ways, but in many cases, in a lot of cases that you find, especially in the United States, and there's new espionage cases that break all the time, they commit espionage for four primary reasons. And the acronym for that is MICE, M-I-C-E, and the stands for money. A lot of people commit espionage for financial gain. The second one is I, ideology. They just don't believe in the system anymore, or they've given up, don't care, or prefer the other side's ideology. So they'll commit espionage for that reason. Coercion. Coercion is where the other side puts them in a difficult position. For example, a honeypot, if you've ever heard of that terminology before.

And put them in some kind of compromising position that forces them into this espionage relationship. And then the last one, the E is ego. And we see people that, for example, a great example in history is Aldrich Ames, and he thought he was the smartest guy in the room all the time. And because he was getting passed over for promotions and not getting the pay raises that he expected to get, and he thought everybody in his organizations were a bunch of dummies, especially his bosses, his ego led him to commit espionage, a very damaging espionage career too.

Mikey Pruitt (06:01)
Are you familiar with the, there's a leaked CIA document from maybe the 60s or 70s. It's called like the Maxims Deception Maxims. Are you familiar with this document?

Ryan Rambo (06:15)
I am not. Tell me more though. I'm about to write a note.

Mikey Pruitt (06:17)
Well, it kind of goes through like those not, I don't think it calls out mice specifically, but it does kind of outline some of those principles. Like people are vulnerable because of a very few number of reasons. and that is really interesting. ⁓ but if you're listening, you should check out that, that document it's on, what is it govern mint addict.org. Maybe I can drop it in the show notes or something.

It was very interesting. A very similar kind of strategy.

I don't think the CIA meant for this document to get out, but it is old, so I'm sure they're doing new stuff now. But I'm really curious. They're like, oopsie. Yeah, right? It could have been a plant. So things like, ⁓ they had blow up tanks in World War II, and they kind of go through some of that stuff.

Ryan Rambo (06:54)
Or maybe they're not. mean, they may not be, you know, if it works, it works, right? Well, I'd change it.

Mikey Pruitt (07:14)
It's kind of related like deception and just intelligence gathering. I'm curious, your military career, I think you were in the army for 27 years, is that right? Or about there?

Ryan Rambo (07:27)
Yeah, a little over 26 years total. Great career.

Mikey Pruitt (07:29)
Okay.

So you were kind of doing ⁓ counterintelligence in the army too, right?

Ryan Rambo (07:40)
So I started my career pretty humble beginnings. Actually, I started as a truck driver for the United States Army and I did that for about 10 years and I got lucky. was, I was driving trucks and then I got picked up to be a driver for a two star general and the two star general. I worked pretty hard for him late hours. You know, you can expect somebody at that level to, put in a lot of time.

And towards the end of my tour, I was getting ready to leave and he gave me, you know, one silver bullet and he said, Ryan, if there's anything in the army that you'd like to do other than be in a truck driver or a driver for a general, what would that be? And without hesitation, I told him, I want to be a counterintelligence specialization. It just sounds really cool. I have no idea what they're going to do, but that's the job for me. And within a few minutes he came back. He was like, okay, you're going to school in about six weeks. You know, good luck and thanks for doing all the hard.

So that started my counterintelligence career. from that point, that was in 2000, I think it was in May of 2000, I went to school in July.

And I served in army counterintelligence for 16 years after that. And it was the most fascinating role I've ever could imagine. And from being in the special operations community for four years, which was incredible deploying to Afghanistan with them. ⁓ Then coming out of that, becoming a warrant officer in the United States Army, which was never on the radar screen, by the way, it just kind of tripped and fell into it. And then, you know, doing counterintelligence running a field office in Heidelberg, Germany, which if anybody's ever been stationed or traveled to Germany, you know how awesome that is. And then from there, spending three years in Korea. So five years total overseas, you know, from 2008 to 2013, just doing counterintelligence in overseas environments.

And if it sounds cool and exciting, it absolutely is. And I encourage everybody to go do it. And then finally, from 2013 to 2016, I ended my career at Fort Leavenworth, Kansas, which not at the prison, know, Leavenworth is the big prison for the military. But I was, I fortunately avoided the prison, but I was stationed at Leavenworth running a counter-espionage team at Fort Leavenworth, so super exciting career. Every day I was doing something different and I wish I could tell you about it, but if I told you I'd have to kill you, ⁓ it was a lot of fun.

Mikey Pruitt (10:18)
Yeah, I don't want to, I don't want to probe too hard into your military career for many reasons. You know, my life being the top top one. ⁓ Right. The, the time you were stationed at Leavenworth. So you are near the prison. Is that right? I assume it's the same area.

Ryan Rambo (10:25)
I'm sure I completely understand.

Same area, actually we were further past the prison. So the prison probably had nicer accommodations than we had at the time. We'd lived in an old dilapidated, or well, we worked in an old dilapidated office building ⁓ that was so far on the back of post, nobody could find us. ⁓

Mikey Pruitt (10:50)
Which was probably good for the business.

Ryan Rambo (11:06)
Well, it's good and bad. I mean, we have a role as counterintelligence professionals to get out and talk to people. I mean, we're defending people. We're helping people protect against espionage. We're trying to catch spies. That's involving people. our role requires us to go out and meet people. And unfortunately, being on the back end of post, people would call us and go like, where in the hell are y'all at again?

Mikey Pruitt (11:30)
You see that building in the back you go past that one and we're a little further

Ryan Rambo (11:35)
Way past that one and eventually you'll find this old building on top of the hill in the woods. That's us. Just come on in and let's have a conversation.

Mikey Pruitt (11:46)
So in my line of work in DNS filtering, we noticed that students and prisoners are very good at getting around ⁓ safeguards that are put in place. Students particularly. We don't have as many prisons, but prisoners are notorious for getting around things that they're not supposed to be able to get around. And I'm curious, did you have any interactions with prisoners? Because it seems like they would make great counterintelligence folks.

Ryan Rambo (12:14)
Gotcha. Criminals teach you everything. And that's why we, you know, as counterintelligence professionals, we spend a lot of time reviewing case studies because criminals have learned how to defeat everything. Now, unfortunately, you know, we had some pretty high level prisoners at Fort Leavenworth while I was there. And but they they were pretty guarded and they really didn't let us go and interact with them too much. Now, you know.

Historically, they would have trustees on the base and they would come out of the prison and then the prisoners would do odd jobs. It helped them out, let them get some different type of professional job training and that sort of thing. And plus they broke up the monotony of being in prison all the time. But unfortunately, they even had to stop that practice. so no interaction, hardly whatsoever.

Mikey Pruitt (13:09)
One person escapes or something bad happens while they're outside the gate. Yeah, that ruins it for everybody.

Ryan Rambo (13:15)
It does.

And what a shame too, because they really did. I think they got a lot out of it, working in horse stables and doing different odd jobs. They had a great prison store, believe it or not, at Fort Leavenworth where they made all kinds of stuff. I have a barbecue pit right now in my backyard that was made by the prison staff. mean, they welded and that made some really incredible things that you could just purchase from the store and why not? I what else are going to do,

Mikey Pruitt (13:47)
Yeah, make it the best barbecue pit you could make. That exists.

Ryan Rambo (13:51)
That thing you couldn't destroy it with a stick of dynamite. I mean, it is built so much. 100%.

Mikey Pruitt (13:55)
I could sell it at Buc-ee's.

Was there any, was there ever any like recruitment in your job in the Army? Like recruitment of assets or that sort of thing?

Ryan Rambo (14:07)
Yeah, so we were responsible for doing some of that as well. You know, and we would go out and talk to people and people would, you know, be able to tell us things that we probably couldn't tell day to day. And so, yes, we ran our sources. you know, made sure that we took care of them, that we guided them through what it was that we were looking for, and then routinely met with them to just get a sense of potentially what an adversary is doing. It sounds really cool and it is, but at the same time, not so much too, because you're asking somebody to look for a needle in the haystack. And so you may meet with 10, 15, 20 times and really get nothing of intelligence or counterintelligence value. But the one time that they provide you the tidbit makes it all worth it.

Mikey Pruitt (14:39)
So your life now more on the corporate side. I don't know, do you guys do government work too?

Ryan Rambo (15:11)
We do, we kind of split our time or we split the company into two branches. We have a federal client base that we take care of. Most of that's training where we're helping the next generation of counterintelligence professionals, you know, get the skills that they need to go out and do the work. But then we also have a corporate side as well.

So we try to handle both sides. And now I found, you know, over the last 10 years working in corporate that I prefer corporate work. It moves faster, the bureaucracy is less, ⁓ and you have just as many people, insider threats, conducting espionage as you would find in government spaces with classified information.

Mikey Pruitt (15:57)
So I'm curious, going from the prisoners and the assets you cultivated overseas and now this corporate world, what are some of the personality traits that are kind of common between people that end up in the predicament of being a counterintelligence, like the bad guy? What are those personality traits?

Ryan Rambo (16:21)
It's still, to me, still ties a lot back into mice, money, ideology, coercion, and ego. You know, people are people, regardless of if they're working for government or corporate environments, they still have the same challenges. I've seen employees who ⁓ had sick relatives, significant... ⁓ you know, loved ones that were suffering through say cancer or they're losing a job or any of these different type of pressures that are put on all of us. You know, we all suffer through all of these different things. And it's interesting to watch how people react to that. You know, some people respond to the challenge and really, you know, buckle down and make things happen. And then you see other people that, you know, go a different direction and try to use unethical or immoral ways to try to remedy these types of situations. So I think the crossover between government corporate is very similar whenever we're talking about people. But I would say that in the corporate space, your general employee probably has more access to sensitive information than what you would find on the government side, just because of the way that we have data classifications, the way that we have systems segregated from top secret, secret, down to unclassified. You don't find that as much in the corporate space. And so again, I think it's easier in the corporate space for somebody to be a significant insider threat than in the government. But

But the government insider threats can cause a lot more damage because the information is classified and related to national security.

Mikey Pruitt (18:09)
Yeah, that makes a whole lot of sense. The people, just, so like in business, we're kind of marching towards this zero trust place in cybersecurity where, you you don't have more access than necessary. But it's a, you know, it's a thing we're striving towards and everyone's kind of on a journey there. Maybe we'll get there one day, probably not. But the government kind of already has this outline. Like, no, sorry, you're a GS1 or like you have a classification and that is above your classification. But in business, we have a little bit more, a little ways to go.

Ryan Rambo (18:42)
You know, and it's interesting to me too, in the corporate environment, they haven't done a good job of classifying information. You know, historically, what is proprietary information? What is intellectual property? What are trade secrets? You what is, you know, something that we could release internally versus externally? What documentation do we need to have in place? When if we start, you know, having letting people access our information, is it a non-disclosure agreement, an enhanced non-disclosure agreement? Is it partial access, full access, I mean, all of these things, think corporate lags behind the government in that way. And from a cybersecurity perspective, know, the role-based access and identity access management. I think corporate is starting to catch on to these concepts and now they're starting to see how important they are, especially from a zero trust standpoint. ⁓ But I think I've only seen that within the last five to 10 years that that's starting to become a real topic of discussion in the corporate environment as opposed to government who's been looking at it for 50, 60 years.

Mikey Pruitt (19:54)
So it sounds like your work, while the cool spy stuff is fun, like finding the insider threat, like, ⁓ handcuffing them and marching them out, like, however that works. Let me just envision the way I want to, OK? Yeah, your 007 is great anyway.

Ryan Rambo (20:09)
Alright, go ahead. There's a movie like that.

Mikey Pruitt (20:22)
But a lot of your work is probably more focused on like, hey, what are the classifications? We'll help you develop them. What goes in which bucket? And then how do we put technological constraints on each of those categories?

Ryan Rambo (20:33)
100 % because, you know, we take a look at it. Counterintelligence, corporate counterintelligence professionals really have four channels of primary information flow back to us. And that's employee reporting, cybersecurity tooling and alerts.

Liaison that's external with our industry peers and partners, ⁓ government officials, whether they're in law enforcement or intelligence. And then the last one is open source intelligence. And so, you know, we approach it in that manner. We take a look at employees first, you know, what can you tell me? What do you have access to? Then we look at cybersecurity tooling and say, OK, cybersecurity tooling, how can we best utilize you to provide us information back that's of value to us?

Same way with open source intelligence. What are those social media platforms, news media outlets that are talking about our company and our intellectual property? And then that liaison, you would think that liaison would be easy, especially inside a corporate environment.

But because of the silos that we have, see in corporate, know, where cybersecurity just handle cybersecurity and there's no crosstalk over to legal or compliance or physical security and all everybody's working in their own areas. But I challenge you to to ask who sees all of it? Who's the person at the top of the food chain that everybody's reporting to and highlighting threats and risk where you can take a real holistic approach to eliminating those. And I will tell you that, you know, it's been my experience

Some people have tried it, but it's very hard. And I think that's where counterintelligence probably has the most value is bringing it all together and saying, hey, yeah, this thing happened on the physical security side, but there's gonna be an impact on the cyber side. It's gonna also have an impact on the data classification side. just what, you know, I had a CISO one time, somebody asked me, tell me about your counterintelligence program.

And the CISO looked at it, it's the glue that binds it all together. And the counterintelligence is the glue that brings it all data classification, cyber, physical, compliance, personnel security, operations security. It just binds it all together and then makes sense of it so that we can eliminate risk and threat.

Mikey Pruitt (22:56)
That is really interesting because, I work with a lot of MSPs in my lot of work and they're ⁓ dealing with compliance and ⁓ frameworks that kind of guide them on what type of technology needs to be in place. But I think that there's a bigger picture there that you're really pulling out that I don't, I don't think I've really realized until a few moments ago is that this it's like, what are you trying to protect? And how is it classified is really more important because it dictates the safeguards that are put in place.

Ryan Rambo (23:30)
And so I'll give you an example. You know, let's say that the framework says you need to build a 30 foot wall around your building and, you know, see, so look at it and say, yep, you know, I've got to this in control in place. Let me mark it down on my Excel spreadsheet and check, check. I'm good. I've got a NIST 3.0 or whatever. I'm good to go. Where a counterintelligence professional will come in and say, yeah, 30 foot wall will definitely prevent anybody from getting in.

But our adversary only has the capability to climb over a 10-foot wall.

And so if you built a 15 foot wall and saved yourself the additional expenses, you're still just as secure without expending the resources unnecessarily on a 30 foot wall. So I do like the NIST frameworks. I think it's a great guide. I've worked through it. It's been painful. I've spent hours and hours of my life going through spreadsheets on CSF and NIST and, you know,

They definitely have value, but I think we take it from a different perspective and say, yes, the controls are in place, but that's not going to protect you against everything. Maybe we should take a deeper look into it.

Mikey Pruitt (24:43)
Yeah. And it also seems like, like the why the why a 30 foot wall instead of like just the checklist of things that equal your level two or level three or CMMC or NIST or whatever your framework you're going after the, the why really matters. And that, and like you said, the glue that keeps it together, like everyone has to understand that why. And I think we kind of skip that. Like the why is to be more secure.

But security for security's sake doesn't put you in the right mindset to actually accomplish the goal.

Ryan Rambo (25:21)
Yeah, yeah, and so we always had a saying in the army that intelligence drives operations. Yeah, so intelligence sets, you collecting and gather information on the adversary or competitor so that you can make informed decisions on what to do next. So, I mean, I think, again, the controls are very important. We should absolutely follow the controls. But I think understanding the why based on intelligence gathering. ⁓

Assessment analysis helps drive bigger and broader holistic decisions from leadership.

Mikey Pruitt (25:58)
That may be the reason that corporations are behind compared to federalists because their operations are driving the intelligence instead of vice versa. Interesting.

Ryan Rambo (26:12)
And I think that's definitely the case. I mean, and it's about revenue. It's about finances, you know. ⁓ And so budget drives a lot of it. And so with limited amount of resources, you have to make those decisions. Like, do we focus on building the intelligence into the system to drive smarter security and better operations? Or do we just go out and hammer away from an operational standpoint? I think a lot of companies say operational hammering is exactly what we need versus more security.

Mikey Pruitt (26:48)
So IXN has a piece of software platform called 351X. What is that? First of all, great name. We're actually really terrible at naming things at DNS filter. Like we're like, let's just name it DNS filter. Great idea. But within all of our software stuff, we're not great at naming things, but you guys are good. So tell me about 351X.

Ryan Rambo (26:56)
Yeah. ⁓I love it. What a great name.

Well, I'll first tell you it started off being called Cypress, C-I-P-R-E-S-S. It was going to be the counterintelligence, personnel risk, enterprise security solution. And we had little Cypress trees and logos, green coloring. It was going to be fantastic. It was beautiful. Until we actually did a Google search of Cypress and there's about 5 million applications on the market by the name of Cypress or some variation thereof.

Not wanting to get completely sued into oblivion, we quickly pivoted and came up with 351X. So 351 has some really strong ties back to Army Counterintelligence. The MOS designator for an Army Counterintelligence technician is 351LIMA. And so we took the 351 from that. And then

all of the founding members of our company were in a special program within Army Counterintelligence. And after you did three years of probation period, you got a member number and an X after your member number. And so we kind of smirked the two together and created 351X to pay homage back to our Army Counterintelligence roots. So what is the whole point behind 351X?

Well, again, I think I mentioned it earlier, there are four primary channels of information flow back to counterintelligence and security professionals in the corporate environment.

And that's employee reporting, cybersecurity tools, OSINT and liaison. Well, you can't throw a rock in the market today without hitting some AI generated cybersecurity tool or OSINT platform. So by God, we're five, 10, 15 years behind all of that. So there's no need playing around in that space. But with 351X, we really wanted to focus in on the employee reporting part and also the liaison part.

And we figured if we could get employee reporting right, that human centric sound reporting from our employee base, we could then take that information and use it to dig into our cybersecurity tools, our OSINT platforms, or drive our internal liaison. And so 351X and Current Shape is really focused on NISPOM and C3. ⁓

Reporting requirements from the government that all defense industrial base and critical infrastructure companies must report certain types of information like foreign travel, suspicious activity reports, foreign contacts, foreign travel, all of these different things that they're required to take, but they have intel value and they're always neglected. No see-saw on the planet. It's like, I can't wait for my employees to report back to me. You know, they got an unsolicited correspondence email on LinkedIn.

No, see, so thinks that way. Yeah, they're looking at ones and zeros. Exactly right. It does. And so if I take that information from an employee, and then I dig back into the cybersecurity tool and I say, how many people are in contact with this suspicious actor? And I found out that there's 30 that have been contacted by this, you know, suspicious actor on LinkedIn. Now we see a broader picture start to unfold in front of us.

Mikey Pruitt (30:02)
That happens four times a day at least to me.

Ryan Rambo (30:25)
And from a counterintelligence perspective, that's things that I really want to hone in on. It's not going to trigger a DLP alert. Yeah. It's not going to trigger any type of noise on any of the other systems, but you know, just on an employee saying, Hey, Ryan, I was contacted by this weird person with a, at abc.com email address. And I go into the DLP solution or purview and do a wild card search for this at abc.com. ⁓ you know, domain name. Now I'm starting to investigate. Now I'm starting to be proactive in my approach to identifying different threats and risks, which leads to broader questions, right? You know, like, okay, well, one employee reported it to me, but there's 20 other people in contact with this company. Why didn't they report it? Yeah. I mean, is it a training and awareness thing? Is it, are they actively working with the competitor, providing them information? Are they actively in the recruitment cycle to be a spy?

Yeah, so those are the types of things that we think provide that employees, if properly trained and aware of different threats and risk, can report back to us through 351X to guide us into other aspects of the security program for investigation.

Mikey Pruitt (31:39)
And you mentioned there's a liaison piece too. So this is like that. Would that be like the asset, ⁓ either good or bad, that is reporting back as well?

Ryan Rambo (31:49)
Now, so the liaison is really for the security professional. Yeah, so for the corporate counterintelligence or insider threat professional, the facility security officer, he's the person that should be going around and talking to the head of legal or the head of physical security, the CISO compliance team.

There's always nuggets of information like on this day, I met with the compliance officer who was concerned that we were falling behind on this or that or anything else. And oh, by the way, they also saw an employee that was, you know, had a sick family member. You know, it's just a data point. And so the security professional, you know, inputs that into 351X just as a point in time record. Well, over time,

You know, that liaison that you're doing internally to the organization by tearing down the silos helps you build a ⁓ stronger idea of the threats and risks that you're facing. Now, externally, I meet with industry peers all the time and we have discussions about, you know, threats and risks that they're facing. For example, this North Korean IT worker thing that just unfolded within the last six months. You know, we started getting indications of that back in March, April timeframe.

know, convenience were like, Whoa, you know, we found out that we had a North Korean working on our staff, you know, and he was hired remotely, had no idea this was happening. But by taking the information of how that all unfolded and adding it to three, five, one X now we can start going back into our systems to say, Hey, do we have the same problem? Is this something that we should be taking action on as well?

And so I think the liaison piece and the employee reporting pieces is highly overlooked and undervalued. And we're trying to emphasize it through, you know, the deployment of 351X.

Mikey Pruitt (33:39)
So you're surfacing data points and more importantly, their relationships that by themselves really are meaningless. Like just this morning, somebody was trying to get me to sell DNS filter to them on LinkedIn. I'm like, hey, you again. I don't know DNS filter. Just by the way, check your, I didn't respond, of course, because I never do. But I'm like, you need to check your lead generation algorithms are not working. But so like it, that's just, you know, a disparate piece of information. But what 351X is doing is taking all of that and then putting the relationships together and surfacing that to the CISO, the liaison that is kind of responsible for like, Ooh, Hey, this is a new potential emerging threat that I need to watch and whether they need to escalate it to other teams or not.

Ryan Rambo (34:34)
Yeah, 100%. And so for example, like that at abc.com domain. Maybe that's something that the CISO may want to go in and block. ⁓ Maybe they want to play it out and see what abc.com is all about. Maybe we do some OSINT to research them. Maybe we refer it to law enforcement and say, maybe these people aren't who they're supposed to be. But we have thousands of employees across our organizations. You may have 10 or 15 people on your own team, and a person's trying to buy a company or buy DNSFilter from you, they may be trying to buy it from other people too. Why aren't they telling you that? Now you got to go ask everybody like, are you being approached? And it happens to us all the time.

Mikey Pruitt (35:16)
That's true. Now I gotta go tell somebody.

Ryan Rambo (35:25)
And we have a separate channel internally to our own company, Accent Solutions. One is a nuisance file. Like, hey, this person just keeps pinging me. Everybody's seeing the same thing on LinkedIn. And you'd be surprised. They're like, yeah, that guy just hit me up too and sent me the same email. And he's trying to get us to provide information. So now we just identified a threat. ⁓

Mikey Pruitt (35:49)
Yeah, we share emails that we get ⁓ and text messages that we get. But I don't think we've ever shared LinkedIn, social media messages. But that's another good source of a data point that should be added to the collection.

Ryan Rambo (36:05)
And it unfolds over time. ⁓ so that's another unique thing about 351X. This is a database. And so we're collecting information from the time that we turn it on for a client until it's over. all of this, so you may get pinged today. Another employee might get pinged two weeks from now. Another employee may get pinged six months from now. But now you're starting to build a database of knowledge like, hey, this is a persistent thing.

And maybe it's a little bit deeper than just on the surface unsolicited correspondence. Maybe it's actually a collection attempt by an adversary, a competitor, or something like that.

Mikey Pruitt (36:48)
Well, first of all, it is clear to me after hearing you describe that tech that the cyber security community and the counterintelligence community need to collaborate a bit more. Because I know that we have data, like if we shared a customer and our data was also in there as data points, that would further give them that glue that connects everything together. So we need to work on that as a community, all of us.

Ryan Rambo (37:20)
Yeah. And I would tell you there's no espionage act. There's no insider act that happens today without touching both the physical and the cyber worlds. And so both of the corporate positions that I held, I work very closely with our cybersecurity teams. And in fact, in the second position I held, I had user level access to every cybersecurity tool that we had available to us. So I could pull my own reports, do my own investigations and use it from a counterintelligence perspective.

And so I'm very familiar. can't engineer it. You know, don't please don't ask me to code anything or please don't. I'm not that guy, but being able to look in the right places for information. I'm very solid on that. And also understanding what each role of cybersecurity tool set, what, they're meant to accomplish. And, you know, I think as three, five, one X grows and we start building out the employee reports.

I think we're going to be able to API into cybersecurity tools, HR information systems, badge reader systems, OSINT platforms, and then be able to consolidate all of that information into one dashboard so that you don't have to go through 15 different cybersecurity tools to pull one log for each one of them. Wouldn't that be amazing?

Mikey Pruitt (38:42)
Yeah, it's like a better sock in a way.

Ryan Rambo (38:46)
Yeah, especially for insider threat professionals. It's definitely people that are worried about insider threats.

It's a better way to go about it. And I will tell you, I have 10 years worth of scars to pull from on how bad insider threat incidents are. One, identified, but then investigated. And then the disposition of these cases is really interesting too, how it plays out.

Mikey Pruitt (39:03)
I imagine without a platform like 351X, it's very manual and time consuming and things fall through the cracks that way.

Ryan Rambo (39:26)
Yeah, I mean, your email inbox becomes your database. ⁓ And some respects, it's like, okay, well, this employee reported this to me via an email, I think, let me search my inbox and see if I could pull it up. Do you know how painful that process is? It's extremely not efficient or share drives or Excel spreadsheets. Yeah. And there are some platforms. I do have to give them some credit. There are some platforms that are moving very closely and assert in a good direction.

⁓ But it's still very manual, very, very, very challenging to, you know, I hate to say it, but bastardize them to meet specific needs for insider threat professionals or counterintelligence professionals.

Mikey Pruitt (40:11)
Yeah, there's no tooling out there for you guys. So the other thing I wanted to talk about is where the green Cypress branding went to, which is, which this only clicked when you were talking about that branding pivot, I guess you could say, is that IXN hosts a podcast and it's called CI Press or Cypress.

The logo is green with a tree. And it is. Yeah, you're like, you're like, wait, but we can still use it. Honestly, that's how this the name of this podcast is DNS unfiltered. So we like did this thing a long time ago, years ago. We're like, that was a really cool name. And they were like, let's do a podcast. Like, what should we name it? And I was like, I'm stealing that old name. That was really good that everybody liked.

Ryan Rambo (40:43)
Well, we didn't give up on it.

Yeah. Don't throw away a good idea. All right. So we did a search and found out that there were no CI press podcasts out there. So we just, you know, quickly adapted our one logo and, and aim for our podcast and super fun. Yeah. I never thought that I would be a podcaster. I never thought that I would have 55 episodes published in the last year. And it's, it's a lot of fun. You get the chance to meet some very interesting people in here; great stories by doing podcasts. I really applaud you for standing up dnsUnfiltered and having these conversations. What a great time.

Mikey Pruitt (41:46)
Yeah, exactly. And I've actually enjoyed a lot of the ⁓ episodes that you guys have for Cyprus podcast. And the last one I was you and your co-host were talking about the espionage in major league sports like the NFL and MLB. And we kind of hinted at this beforehand, but it's really just fascinating that espionage exists in our day-to-day lives and our sporting events and our work. It's everywhere

Ryan Rambo (42:16)
Second oldest profession. If people are going to be involved with it. And I know the big rage is AI and AI is going to replace everything that we do. It's not going to replace espionage because somewhere in there is a human. And if a human has access to something, chances are they could be coerced. You know, they could be given money. They can be made to believe what I believe, or they have an ego that I can stroke and get them to do bad things that they wouldn't normally do. And so I think, you know, we've seen it over the course of history, you know, manufacturing change didn't change espionage. You know, the internet came, it didn't change espionage. AIs here, it's not going to change espionage. Espionage will be alive and well way past Ryan Rambo's time. And so on the flip side of that, counterintelligence will also always be needed.

Mikey Pruitt (43:10)
Absolutely. What do you think the approach should be other than listening to ⁓ your podcast, Cypress podcast, getting some ⁓ info that way? What should businesses be doing to start thinking about this counterintelligence arena that I don't think they know much about?

Ryan Rambo (43:32)
Well, so we're doing everything we can to get the word out. And I've stood up to programs. You're starting to see it make its way through corporate environments. JP Morgan has a counterintelligence program. Salesforce has a counterintelligence program. Meta has a version of a counterintelligence program. They just call it something different. And Mark Zuckerberg actually talked about it in January during a podcast, I think with Joe Rogan, which is fascinating. But, you know, we just have to keep driving at home. And I think over the last, you know, especially during the Cold War in the last 30, 40 years, corporate America has kind of let the counterintelligence game be played by the government. And that was fine, especially during a Cold War, because it's you know, nation state on nation state collection type apparatus, we were trying to steal their government secrets, they were trying to steal our government secrets. Well, times have changed now. And we're facing a whole society collection effort where they're trying to steal from our government, our corporations, academia, anybody and everybody is now a target of nation state intelligence. But we're also seeing corporations attempting to commit espionage deal rippling. If you haven't seen that ⁓ saga play out, you should definitely read it. happened last March, but it's two corporations, two HR companies trying to commit espionage on each other. It's fascinating. And you'll see universities also, they're involved in the espionage game, ⁓ because there's a lot of money tied to it, know, getting those research grants and being first to market and all of these different things. So with a whole of society collection approach that we're faced with, I think that we're going to have to see counterintelligence dropped out for being a solely government function down to the corporate environment. Again, it's not 007. It's not, you know, airplanes and bombs and all that stuff.

It's smart people that understand how the adversary collects what their collection requirements are; how people are manipulated into espionage, and then what does that mean for your organization from a compliance cybersecurity, physical security standpoint?

And I think that's the value that counterintelligence professionals bring. I just see it growing over the next five to 10 years. Every company will, and not to throw shade on cybersecurity, but that's been a rage for the last 17 years since the CISO position was committed, created in 2008. But they're going to find out that that's not enough. We are all looking for something else. think counter insults, this is what they're actually looking for.

Mikey Pruitt (46:09)
Yeah, I agree. I think it's overlooked, oddly. So I'm curious what, so once the business types get past the fact that counterintelligence is not about Aston Martins and martinis, what are some like simple steps that they can actually take today that would like get them on this path?

Ryan Rambo (46:32)
I think they should have a conversation with a counterintelligence professional and not all counterintelligence professionals are created equal equally. I mean, obviously, but there are people that can have a really good conversation about counterintelligence. I think the first question that a counterintelligence professional should ask the leader of an organization is, who are your competitors? know, if they had an opportunity to, what information would they steal from you?

And that drives down into, well, if I lost this trade secret, if I lost this intellectual property, if they got inside into this merger or acquisition or any of these things, we would be dead in the water. Well, now we're starting to land on this is the most sensitive information. We have to protect that first above and beyond everything else. These are the keys to the kingdom.

And then we said, okay, let's map out your competitors, what efforts are there again? And then let's take a look at our defenses to make sure that we're protecting those keys to the kingdom. And if we don't start there, then I don't think that we were starting off on a good foot. But I think, if you take a look at a business leader, they need to get over the spy movies that they've watched and really have a conversation with somebody in counterintelligence and say, hey, this is the approach that we're going to take.

⁓ and come up with a plan and execute.

Mikey Pruitt (47:59)
you were saying that I was just thinking of our keys to the kingdom here at DNS filter and I there's a handful tubes particularly are ⁓ very nice pieces of software with ⁓ very proprietary apparatus is around that up and I was thinking like ⁓ I know how they work I'm a liability cut me loose yeah

Ryan Rambo (48:02)
Right. You should get paid more, right? mean, you should get a better evaluation this year. There you go.

Mikey Pruitt (48:29)
Absolutely. Well, I'm going to go get a raise Ryan. Where can where can people find you around the internet?

Ryan Rambo (48:35)
Yes, please. You can find me on LinkedIn. I have a great presence on LinkedIn. Please reach out to me. I can have this conversation a hundred times a day and it never gets old.

You can also just email me my email address is rambo@IXNsolutions.com. Now will add a caveat to that China Russia Iran North Korea, please don't bother Don't send me an email. I'm smart to fishing games and all of that stuff. So ⁓ But you could also visit our website I extend solutions calm and learn more about 351 X and our offerings that we we have at the company and you'll be surprised at how quickly we can incorporate counterintelligence into your daily operations and processes and start moving you towards a safer place.

Mikey Pruitt (49:23)
and check out the CIA Press Podcast.

Ryan Rambo (49:25)
100%.

Thank you so much. I forgot about that. ⁓

Mikey Pruitt (49:29)
Well, thank you, Ryan, for joining me today. I really appreciate it.

Ryan Rambo (49:34)
Yeah, thank you so much. What a great conversation.

Mikey Pruitt (49:37)
Bye.