Security failures rarely come from cutting-edge attacks or sophisticated tools. They happen in ordinary moments when someone holds a door, follows an instruction without questioning it, or finds a workaround that makes their day easier. Those small, human decisions are often the real entry points, and they tend to compound over time. This episode picks up the second half of our conversation on exploiting trust with FC Barker, a veteran ethical hacker and physical security expert known for legally breaking into banks, government buildings, and high-security facilities around the world.
With more than 30 years of experience, FC explains why human behavior, not technology, is consistently the weakest link in security, and how his success in physical breaches almost always depends on people trying to be helpful rather than malicious. The stories he shares range from quietly unsettling to darkly funny, but they all point to the same pattern: security controls fail when they don’t account for how people actually work.
The discussion goes deeper into why trust, politeness, and unquestioned compliance undermine defenses, how workplace culture encourages risky shortcuts, and what actually helps reduce risk without fear, blame, or expensive overengineering.
“Almost every successful physical breach I’ve ever done involved someone helping me. Not because they were careless or malicious, but because they were trying to be nice.” - FC Barker Share on XShow Notes:
- [00:00] FC explains why most physical security breaches succeed because someone is trying to be helpful, not because of technical skill.
- [02:07] His background in cybersecurity and how physical security testing grew out of traditional penetration testing work.
- [04:26] Why trauma and hypervigilance can sharpen situational awareness in security professionals.
- [08:55] Early physical security failures are discussed, including poorly placed cameras and people casually sharing sensitive information.
- [11:06] FC explains how security controls that interfere with work often lead employees to find unsafe workarounds.
- [13:24] A story illustrates how even air-gapped systems fail when people move data for convenience.
- [15:32] Trust and rule-following culture are explored as major contributors to physical access failures.
- [16:40] FC shares how his near-perfect success rate comes from people helping him gain access without questioning authority.
- [17:08] He recounts an incident where employees helped him remove multiple computers from a secure building.
- [19:40] A failed engagement is described where internal resistance led to police being called unnecessarily.
- [24:00] FC tells the story of accessing a vault and removing a gold bar during a test unknown to senior executives.
- [26:53] The preparation required for high-risk physical tests, including staged kidnappings, is explained.
- [31:50] Practical advice begins with learning to think like an attacker when assessing your own home or workplace.
- [34:02] Situational awareness is discussed as a key deterrent against both physical crime and social engineering.
- [36:13] FC explains why security cameras are more useful for investigation than prevention, especially in offices.
- [37:41] Camera placement mistakes are covered, including mounting cameras within easy reach.
- [39:06] The importance of not advertising valuables or security measures is emphasized.
- [41:30] FC discusses personal vigilance and why monitoring finances and subscriptions matters.
- [44:00] His book How I Rob Banks is discussed, including the real stories and lessons it contains.
- [46:06] FC explains how his company chooses clients and why culture change is a major part of their work.
- [50:29] Security improves when systems are designed around real human behavior.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Cygenta
- Dr. Jessica Barker
- FC aka Freakyclown – LinkedIn
- How I Rob Banks: And Other Such Places
Transcript:
FC, thank you so much for coming on the podcast today.
Thank you very much for having me, Chris. It's a pleasure to be here.
I'm looking forward to this conversation. So can you give myself and the audience a little bit of background about who you are and what you do?
Yeah, sure. My name is FC. I'm probably better known by my hacker alias of Freakyclown. I've been in cybersecurity now for 30-plus years. During that time, I have been a pen tester, I've been a sysadmin, I've been head of physical security, head of physical assessments. I've also been the former head of cyber research for Raytheon before starting my own company called Cygenta with my wife, and we are now based here in Las Vegas.
Awesome. So 30 years ago, what got you into cybersecurity? I'm sure it was not the stellar cybersecurity programs that we had in colleges 30 years ago, which didn't exist. So what got you started?
So cybersecurity didn't exist back then, not really. We were still able to log into systems without a password, because why did you need them, right? You were sharing resources.
What got me into it was really, I grew up very alone in a very poor environment and computers started to come around. My first computer didn't have a keyboard or a mouse. It had toggle switches. I've been around for a while. I remember when the World Wide Web was invented and I saw my first HTML page and clicked the link and that blew my mind. And then things progressed from there. I became a sysadmin. And as part of that sysadmin work, I discovered that security was important to what I was trying to protect. And the best way to protect it was to learn how to attack it. And that's literally been my life since.
As part of that, I grew into, or kind of helped coax in, physical security testing. So how that happened was I was doing a lot of pen tests for clients, going on site with them, and essentially writing down on a small Post-It note physical security issues I saw, and that turned into half a page, a page. And then eventually one of our clients at the time came to us and said, “Hey, look, this thing that you did, this note that is separate to the pen test report, we've got another building somewhere. Can you go and just do this part? We don't need a pen test, we just need this part done.” And so that then became like the main focus. And that's what my sort of, I'm probably more well known for doing the physical stuff than I am the hacking stuff, even though it's like 1% of my job.
So when you were a kid, were you the kid that would go in to physically enter places you weren't supposed to go, jump fences, sneak into buildings?
There was some exploring, but where I grew up, there was nothing like that. It was mostly fields around where I grew up. So I would hop over a fence and steal an apple because I was hungry. But I never any sort of breaking in, in that sense, that sort of came along as part of doing this physical assessment thing.
People always ask me, like, how did I get good at that? How do I train to do that? The unfortunate thing is I have a lot of trauma in my childhood, which means you spot issues very quickly, even imperceptibly. And so, I'm diagnosed with complex PTSD, which is PTSD plus plus, right? It gives me a lot of advantages in my job, and I've done a lot of therapy to help me through a lot of that, but it does mean that I am very quick at picking up any security issues, any issues like that.
Is that the sort of thing, like, my wife will joke with me that when I go into restaurants, I always sit facing doors. I always am looking for it. Unless it's some hidden trauma that I don't know about, it's not like I have some trauma as a kid, but I just walk into places and I look for the security cameras. I look for the doors. I wonder, is there an exit out the back? Is it locked?
Yeah. So you probably do have some hidden trauma. What you're describing there for the audience is what's known as hypervigilance. And hypervigilance is that like you're always aware of something, like, how do I escape from the situation if something goes wrong? And you're thinking, what if someone walks in with a weapon or something? So your mind is always in this like hyper-focused security awareness state. And yeah, so you probably do have some trauma hidden in there. Sorry to say that, but that's where that comes from.
Interesting. For me, when I was a kid, I don't know if I've talked about this on the podcast before, we lived next to a large field that was undeveloped. And so my brothers or my friends, we would jump the fence over our backyard, cross the road, and there was a large storm drain outflow. So all the rainwater for the community would go to the storm drain and this is where it would outflow.
So as kids, we would grab our flashlights, grab our skateboards and a big stick, and we'd go into this tunnel and use the stick to clean out all the spider webs as we were walking, you know, spin the stick around. The goal was to see how far up this storm drain we can get. And so we got to the point where we had to, as kids, lay down on the skateboard and pull ourselves along on the skateboard. So we're talking two-foot diameter pipes.
And then we come up under the storm drain collection points on the streets and we'd be watching people walk by. I think at one point someone called the police because, oh my gosh, there's kids stuck in the sewer. That's the extent of my misspent, I don't know is that misspent, my exploratory youth in being places I wasn't supposed to be.
Wow. Yeah, the closest I ever had to that was I was about six, seven, something like that, and walking to school. I had to walk half a mile to the nearest school and there was a kind of a storm drain bridge, and my sister and I found a dead body under there. And it was like, oh, this is a poke it with a stick type thing and then call the police. So it's similar vein, but you sound like you lived in the movie It. Or you were the inspiration for it.
Okay, so one, I think one of Stephen King's books, and I won't say where on the podcast because I prefer not to, there is mention of the city that I grew up in. I don't know the part of the story comes through where I lived as a kid.
Dude, yeah, definitely. He saw you one day and was like, that's the book.
I'm part of his childhood trauma.
Imagine if you didn't know that was a thing. You're just driving along and you see some kids.
Some kid's face sticking out of the storm drain. Yeah, as an adult, I totally get why someone called 911.
Yeah, I walk past those types of grates now here in Vegas, and I'm like, oh, there could be people down there.
So instead of going down the drain, euphemism, going down and talking about drain people for our conversation, you talked about pen testing. In the early days when you were just jotting notes down, or when you're doing the pen testing and looking at the physical security things, what were some of the common themes of things that you noted in the early days?
So the biggest ones I remember from the early days is people relying on CCTV cameras that are poorly placed. Like, they would be in the most ridiculous, literally at handheld height. So you can just move them if you wanted to. No one was looking at them. They still don't, to be honest. It's very rare that you'll come across a company that will have someone staring at monitors because there's generally too many.
Other things were people shouting out PII across a room when there's consultants in the room and stuff like that. There's one of the stories in my book is of a woman that shouts the door code to a building down the street to someone else whilst I'm trying to break in and it's like, no, that's not how security works. So it's the simple foundational security things that we see even today, I think. So not much has changed in the last 30 years.
Is that one of the difficulties with physical security is that any amount of physical security is an inconvenience to people?
“People will find ways around it. They don't necessarily do it maliciously, but they do it because they want to get on with their job and they see it as a blocker.” -FC Barker Share on XYeah. It's the same with cybersecurity, to be honest. The more you put things in place to prevent people from doing their job, the more issues you're going to find that. And the best thing is people will find ways around it. They don't necessarily do it maliciously, but they do it because they want to get on with their job and they see it as a blocker. So if you've got some sort of block of sending out emails via your Office 365 or whatever, then they start using their Gmail to send stuff.
There was one instance I remember where we were working with a government defense company. And they had a very, very advanced sneakernet system. It's an air gap system. It's one of the very few that I've seen that actually works. Very, very well done. And I was in there late one night and I was speaking to one of the chaps working on this project. And he said that he would send me some stuff. And I was like, “All right, where is it?” And he's like, he opens a drawer and he hands me a USB key, which has his door keys on and his car keys. And I'm like, “You're taking this out of the building every night and it's got this data on it?” And he's like, “Yeah.” We need to have a conversation because this is not how it works. So yeah, it's weird stuff like that I find it hard to communicate sometimes.
Is it just because people aren't thinking about security, or is it that the security has gotten cumbersome and so they've found ways around it?
It's a bit of both, to be honest. If you put in something that doesn't work, then people will find a way around it. If you put in something that is just too onerous, people will find a way around it. And like I say, 99% of the time it's not malicious. They're just trying to do their job.
And we get this with like, don't click links on emails or whatever, right? If clicking a link in an email infects your entire network, you've had technical failures that have allowed someone to click that link and then for everything to happen afterwards. So the person clicking the link is not in any sense doing anything wrong. They're literally employed to click links in their email to do their job. So telling people that they shouldn't do something because it's a security thing … there's loads of other solutions out there that you should be looking at to prevent that from ever happening.
Yeah, and I suppose culture, company culture also has significant impacts.
“One of the biggest impacts I think you can have on any company is the culture.” - FC Barker Share on XHuge impact. So that's one of the biggest impacts I think you can have on any company is the culture.
The guest eludes me, but she was hired to do a physical access to a building. And they gave her a tour through stuff in advance. One of the guys as part of the tour was talking about how we're really confident because everybody follows the rules here. And so she slapped a sign on a door that said, “Under no circumstances, lock this door.” And so people saw it and went, “I better not lock the door.” And that was one of the ways that she got in was because she put a sign on it because everybody's really good at following directions.
Yeah, it's weird. People are very helpful, especially when you're doing physical stuff. People want to help you all the time because it's human nature. Not everyone's bad. Everyone's just trying to help each other and, you know, do their job. So yeah, that doesn't surprise me hearing something like that.
So is there a story in there where someone has helped you gain access when you're not supposed to?
Oh, a million of them. Yeah, I've been doing this for the physical stuff, probably 25 years, right? And I have broken into thousands of buildings, from banks to government sites to military sites. I've got a 100% success rate at doing that. And the biggest factor in all of that is someone helping me in because they are just trying to be a nice person. So yeah, almost every story involves at some point, someone helping me when they shouldn't, including removing stuff.
There's a story in the book actually, which is, I think I stole like 14 PCs that I found stacked up. They were supposed to be decommissioned. And I was like, “Right, I'm taking these.” And I wanted to remove one. So I started to remove one. And I was like struggling through the door. And then someone helped me with the door. And then I used that one to wedge open another door, went back for a second one, and they could see what I was doing. So a group from the team that was next to them helped me move all of them down an elevator into my car. And then I was like, “That's great. Thanks for helping.” It's amazing how many people will help. So yeah, don't help people.
The moral of this episode is, the title of this episode is don't help people.
Don't help people, don't trust people.
Although you've been successful, have you ever been caught?
So I've only had two incidents where the job has gone wrong, and both of those were not on me. It wasn't like I failed them. It was the failure of the people involved. So they're both in the book, I believe. But they basically come down to someone within the chain of command or in the very small circle of knowing that this is going on has some kind of beef with it. They don't want it to happen. They think it makes them look bad, et cetera. And then they do something that massively screws it up.
The biggest one was I was doing a series of high street banks and I was breaking into about 8 high street banks a week. So I was doing a lot and the client had asked the impossible, which was for every bank, they wanted a different method. So I couldn't repeat the method because they wanted to check all of these different angles. I was like, “Fine.”
So I was going through this and we got down towards one area that was controlled by this one area manager who did not want the test to go through. He was very vocal about that. So what he did behind everyone's back was tell all of his banks that I was coming in. He gave them a vague description of what I looked like, even if I disguised myself, which I try not to do too much. But so he told them the rough few days that I would be in, told them what I looked like, told them some of the other ways that I had, because he was privy to that. So he told them how I was doing that.
When I walked into the bank, I gave them whatever story, I can't remember what it was. And I was ushered off to one side rather than being directed to the manager of that branch. I was directed off to reception, which is unusual for considering the pretext I had. And I sat there, and I sat next to this guy who was literally moaning about his mortgage at me. And I'm sitting there, hypervigilant as ever, worrying. This is unusual. Something's going on. Ten minutes pass, fifteen minutes pass, and I'm like, something's going on. This is not right. Even if I was a normal customer, I would have been seen by now.
All of a sudden, blue lights everywhere, police around the building, armed police come into the bank and I interrupt the guy moaning about his mortgage. I'm like, “Excuse me, these guys are here for me.” And he was like, “Okay.” So I had to then explain to the police officer what I was doing, why I was robbing a bank. And we went through this whole process. And it was all because this one guy didn't want the test to happen. But he actually messed it up so much that he got into trouble, because there's only so many times you can call the police out for a response into a building on a false pretense before they stopped showing up. And there was a whole set of policies and procedures that he was supposed to follow for someone coming in to do that, he just skipped over. So he got in way more trouble than he would have ever done if I'd have just broken in and got what I needed. So that's one of the two stories.
It's like the cover-up is always worse than the crime.
It is. It is. Watergate, right?
Do you find that there with many of your engagements that there is someone, whether it's on the cybersecurity side or the physical side, who doesn't want you there?
Oh, yeah. This happens more with the physical stuff than the digital. There was one time an ex-police officer who was in charge of a physical security team, he was right in my face, threatening to take me down and call the police. It's a long story. It's in the book. Go read it. It's fascinating how he reacts to some of the stuff that I end up doing.
Now, did he know in advance that you were coming, or was it afterwards?
He was in the meetings where we were setting up and he just did not want it to happen. But the CEO was very adamant that they wanted it to happen. So against his wishes, it went ahead. And yeah, he was very, I think the chapter is actually called “The Very Angry Man.”
That sounds like a good story in the book. Did you ever have it the opposite way where the people further down the chain were like, “Yes, we want this to happen,” but maybe the CEO was, “I don't think we should be doing this”?
It's interesting. We've had a lot of cases where the CISO or someone below some sort of security level where they've got some sort of autonomy have brought us in and we are actually testing upwards to see how the C-suite reacts. That's always much more fun.
Because now, in those sorts of situations, that means the CEO is not aware that the test is happening.
Yeah, exactly. Actually, one of the funniest stories on that – again, it's in the book, but I'll give you the Cliff Notes version of it. I was asked to break into an investment bank. So not average normal high street bank, but one that has gold bullion in the vault downstairs. And we joked that the final set of goals that we always have should include trying to get to the vault. And I was like, well, the vault's on the ground floor, like, it's in the basement, right? That's where they always are because they're super heavy. So towards the end of the test, I went down to the vault, found the vault open, I went in, stole a gold bar. This is much more detailed in the book. Stole a gold bar, took it out the building.
And then later on in a wash up, I get called into a boardroom and there's a very big, expensive mahogany table, huge thing. C-suite down one end. They're all like, “What the hell is going on? “And I'm like, “I just broke into your bank, dude.” And they don't believe me. And I pull out this gold bar and it falls out of this jacket that I'd wrapped it up in. Took a huge chunk out of their mahogany table. Honestly, I have never feared for my life quite so much. It was an impressive moment. I didn't know what to do. But after a small piece of silence, they just erupted because they didn't know this test was going on. They didn't know that anyone could get into their vault. They didn't know that anyone could steal a gold bar out there. It caused a lot of stress down the end of the table, which thankfully took away from the table damage.
My entire fee just went to replacing the table.
Exactly. They never charged me. So I hope it's there as a reminder, a little like, that was when it all went wrong. So yeah, we do test upwards as well, and that's always nice.
In the end, are those individuals usually like, we get it, we understand why, or they still even kind of afterwards a little bit resentful of the whole thing?
Most people are very, very good afterwards. They see the value of those tests, whether it's physical or digital. I think the very angry man is about the only person who hasn't come round to it. And to be fair, I did bait him a little bit. And he got kicked out of the meeting before he got fired. I think he did end up getting fired like a few weeks later, but for something else, not for that. But yeah, generally most people do come round to it and they see the value of it.
So, how much prep work do you have to put in before you … on the physical side, cybersecurity is a very different thing.
It depends what you're trying to do. if you're just trying to get into a building and get a file or whatever, then 10-15 minutes prep. It's great now, you can just go on Google Maps or satellite imagery and see everything you need to see before you even get there. But in the day, like back in the day, it used to be I'd have to travel there like a week before and do some recon. The more recon you do, it's always better. And if you're picking a very hard target, you can have months of work.
You know, the very first time I kidnapped someone as part of my work, that took, I don't know, probably 2 1/2 months of planning. That was a lot of work. There was a lot of legal stuff we had to go through. There was a lot of logistical stuff we had to go through. And in the end, it came down to less than 5 minutes of actual in and out. And we did it. Very, very similar to the Venezuela stuff that we've just seen. You know, there's months of planning, there's lots of logistics. And then there's just a moment where it just all happens and then you're out.
So I have to ask you, when someone hires you to kind of real, sort of, but not quite kidnap someone, how many lawyers do you get involved in that? Because it's like, do they know they're getting kidnapped?
Again, it depends on the client and the situation and who it is. Yeah, there are certain people that it's part of their job that they have that sort of training against that sort of thing. You know, it's not in their contract that they will be, but they could be. And I'm not going in and grabbing Mary from reception in your building. That's not how this works. It's always an onerous process, and it's not something that happens every day. It's sometimes it's hard to get a client to agree that you can pick a lock, let alone do anything more than that.
I mean, they assume there's a certain, like… Do you have to do work with the local police department? Because chances are someone might call the police. And I don't think you want to be trying to explain, “No, really, I'm allowed to be here. They told me to break in.” I'm sure every cop has heard that story. “Yeah, actually, I'm supposed to be here.”
That is the story that I think starts the book. And it is the very, very first time I broke into a bank. And it is exactly that. So I'll try and picture the scene for you. It's in London. It's an investment type bank. It's huge. I've driven past it several times. I always chuckle when I see it. They got us in. They had invested over £1 million on security in this building. And they wanted me to come in and test it because I'd heard good things.
So I rock up, I'm doing some recon, it's the night before, it's like three in the morning, right, in London, and it's dead, right? It's pretty quiet there. It is raining always in London. So I'm wearing thick clothes, but here's a hint for you: If you're gonna do any sort of nighttime subversive stuff, don't wear black. Wear blue, like really dark blue, because black shows up a little bit too much in urban environments. I’m wearing dark blue, I've got balaclava on, people always assume I'm joking when I say I go to work dressed in a balaclava. Got a balaclava on, but it's rolled up like a beanie hat.
And I am in awe of this building. To me, it looks like Fort Knox. I've never broken into a bank before. And I'm staring at this building, and it's raining and it's dark and I'm tired. And I'm just trying to map out the building from outside. If you look at any building, and this is something any of the listeners can do, if you look at a building, you can tell. You won't know that you can know this, but you'll be able to tell what windows are the stairwells, what windows are the bathrooms, what windows are the offices. So you can build a mental picture. Nowadays, you need to get loads of blueprints, it's great, but you can kind of build this mental picture.
I'm in the process of doing this, and I'm looking at this building and I hear a cough behind me. That's it, just a cough. And they're like, “Excuse me, mate, what are you up to?” And without turning around, because I'm lost in thought, I go, “Trying to work out how to break into this bank.” To which I hear a gasp. I turn around and it is two police officers. That was an interesting night. They learned some stuff, I learned some stuff.
They probably weren't thinking you were serious when you said that.
They really weren't. Or they thought I was the stupidest criminal alive, I don't know which. But yeah, that took some hours out of the recon, definitely. So yes, it does happen.
Of your experience doing the physical entry, what are kind of some of the… If someone wanted to take away and say, okay, what are the couple of things that I could do for my home or for my business that would uplevel our security that doesn't require 15 padlocks and doesn't require a half a million dollar investment? What are some of the simpler things that people can do, the low-hanging fruit they need to watch out for?
Yeah. Okay, so the easiest things I think would be to have an awareness of this sort of stuff. Look at your house and your friends' houses as to how would you break into it. Everyone's had this situation where you've forgotten your key. And you go, oh, I forgot my key. How am I going to get into my house? And then you start to think like an attacker. That's what you should be looking at. I'll give you this lovely little quote, which is, “Locks only keep honest people out.” That's the truth of the matter, right? Doesn't matter how many awesome locks you've got on your front door, real criminals aren't going to be picking a lock. The CIA isn't coming to your house to pick a lock. They're going to smash a window. Not the CIA, the criminals, I mean. They're going to smash a window or just jimmy the door off the hinges because it's a crappy door.
Exploiting Trust (Part 2) Share on XUnderstanding how criminals look at your property and your situation is probably the biggest thing. Start taking an attacker's mind's view of everything around you. Have some situational awareness around you. That's probably a great way of avoiding being attacked on the street by pickpockets, et cetera. If you're wearing headphones and you're deep in your phone as you're walking along, now, that's a target, that is. But if you've got your hands in your pockets and you're scanning and you're looking around, no one's gonna come near you.
One of the coolest things I think anyone could do, and this is probably a little bit of out of pocket for some people, but go to Rome, sit at a fountain. Just sit there and watch all the pickpockets at work. ‘Cause after like 20 minutes, you'll see them, and they are world-class at what they do. And you'll see, who were the victims that they're picking on? And it's the people that are distracted, the people that look like tourists, the ones holding the maps or looking on their phones, being distracted, taking photos. Yeah, they're all red flags for a criminal to go, “Oh, that's who I'm gonna go after.” So having a bit of situational awareness, having a bit of awareness about how attacks might happen, how you would attack something is a great place to start, I'd say.
Are security cameras any value at all?
Yes, they are. In an office environment, less so, because you've got a bunch of cameras that are probably not being watched. Cameras are really good at going back in time. So after an incident occurs, you go back to the cameras and you see if you caught it. It is very, very rare that they are an active thing, where something happens and you're looking at the monitor and you see it happen in real time and you can prevent it.
Exploiting Trust (Part 2) Share on XHome defense cameras are very, very good now, right? You've got like Google Nest and ADT and I've forgotten some of the other names. You can buy these – Ring, that's another one. All of these cameras that turn on with motion and start recording and send it to the cloud is a godsend. I don't recommend that if you see someone breaking into your house when you're around, that you go and defend your house, like depending on Castle Doctrine, et cetera. But you can certainly call the police and hopefully they'll turn up. So yeah, cameras are very useful in a home environment. The more cameras the better.
So you talked about in the commercial space that people have the cameras pointed in the wrong places. Where should the cameras be and what should they be pointing at?
So for a home, put them on the corners. This is another experiment you can do: Figure out where you're gonna place a camera and then try and work out, could I get to that camera from another angle without it seeing me and knock it off? So put them onto corners where it covers the most things. Cover areas of approach. Now that may just be a path, but it may be over a wall. Anything that's small enough that someone could jump over, yeah, put a camera facing all of those. You know, camera placement is tricky and you do need some sort of mounts to kind of put them properly, but always put them beyond the height of reach. You don't want someone coming up and knocking it. So even if they could approach it, you need them to have a ladder to do it. So they're probably the biggest placement issues, I'd say.
I remember hearing one police officer talking once and he said, what he is almost kind of the opposite advice, but for a different reason. He said he always wanted eye level cameras opposite of the door on the far side of the room, because I want to be able to see the person's face. I don't want to see the top of their head.
Yes, that's good. For internal cameras, you want them at a height where you're going to capture stuff like that. And again, this isn't really going to be preventative. It's going to be an after action. You know, have you got enough to identify the person? Because if someone breaks in your house, it's very unlikely they're going to come along and do all the fingerprinting and DNA testing to find someone who stole your iPod.
But if you steal a bar of gold.
If you steal a bar of gold, then yeah, they might come after you. Don't keep gold in your house, obviously.
Well, more important, don't let people know that you keep gold in your house. If you do, never talk about it.
Yeah, never talk about anything. I never talk about my home defense systems, anything like that, because you don't even want your friends and neighbors to know what you've got, because if something happens, they're gonna come to you. So don't be a target.
It's the same way as if you have a whole bunch of cryptocurrency, don't talk about the fact that you have a whole bunch of cryptocurrency.
Yeah, don't buy a Lamborghini and park.
You basically said, hey, I've gone from broad fishing to spear fishing.
Yeah, I mean, we're not trying to victim blame here, but there are things that you can do to reduce your likelihood.
Yeah, and that's a lot about the podcast. So we're not trying to blame the victim, but we're also trying to help people not be a victim. And one of those is don't go around announcing.
Yeah, it's that thing of like, if you're walking down a street at night, you choose the lighted, nice open area. You don't go like, “Oh, I'll just go down this dark back alley.” Because if you get robbed, like, yeah, it's not your fault, but there's something you could have done to have prevented going down that dark alley. You could have gone the longer route round. It's not a victim blaming. It's like, just be aware of where the bad stuff happens.
Yeah. So I didn't ask you this earlier, but I'll ask it to you now. Have you ever been a victim of like a scam, fraud, or cybersecurity incident?
Not that I'm aware of. I mean, they must have been very, very good, but no, I don't believe so. Except for paying too much for my house.
Any close calls?
Again, not that I'm aware of. Like I said, I've had hypervigilance since I was like a young kid, so I'm very much an arm's reach away from everyone.
Yeah, yeah.
And that's how I like it.
I get it. And I like your preface of “Not that I'm aware of.”
Yeah, 'cause I don't know. I'm fortunate that I have things around me that help me understand what's going on in my life and whether or not I have been scammed or not. It's not impacted my life, let's put it that way. And sometimes there's the trouble. Like, if someone took $5 out of my bank account, would I notice? Probably not. Thirty years ago, I'd have noticed. So yeah, it's hard to know if you actually have been scammed because someone could be out there using my name and my phone number for all sorts of things. And I don't know. So yeah, it's possible.
I mean, it was definitely one of the things that I've heard people talk about, and I don't know that it's ever necessarily been substantiated, but that criminals will test credit cards on Amazon.
I don't know if that has actually been substantiated. I don't know if it's been proven. I think that's a nice urban myth.
But in my opinion, because like, at least it makes sense, because if there was an extra, you know, $23.85 Amazon charge on my credit card, would you notice?
Yeah, actually, I would notice that. I keep a very good eye on what I'm subscribed to. And I go through, not monthly, but I go through it regularly enough to sort of see what I'm subscribed to, what I'm paying out. So yeah, that's the sort of vigilance you need sometimes. But yeah, I have heard it, but I've never known anyone to have it happen to them because generally criminals, they want to get as much as they can as quickly as they can and then bugger off. We're not doing like Superman III here where we're stealing two cents on everything.
The premise of testing kind of makes sense, but I've never known a criminal when, hey, there's a big pile of gold on the table. Why don't you take a few bucks off the counter instead?
Yeah, exactly. It's crazy. There was a story the other day. I live in Vegas, and there are some interesting characters. And so we have some interesting news. And one news item the other day was some guy got roofied, apparently, back in his hotel room, woke up the next morning, his $130,000 Rolex was missing and a bunch of fraudulent card charges. They didn't test anything. There's no need to get it all and run and then leave no trace. Like, that's the actual criminal way.
Yeah, that makes a whole lot more sense as to what is really going to happen as opposed to, Yes, I'm going to use a stolen card, credit card, and make a whole bunch of $20 charges on it for as long as I can.
No. Yeah, it's crazy. You might as well get as much as you can and then move on to the next person.
Not that we're trying to give any criminals any ideas of how they should run their operations.
Honestly, they're well ahead of everything. They're not getting advice from me.
They're listening to us and laughing, saying you don't know the half of what we're doing, which is unfortunate.
You've still not spotted that $23 Amazon?
Yes, you could go ahead and believe that. Yeah. That'll make everybody safer.
So as we kind of wrap up now, what sort of other things do you cover in your book, How I Rob Banks?
So it depends on which version you read, right? If you get the hardcover, you get the lovely hand-drawn maps and pictures of how to pick a lock and how to break into a safe and some other little teachable things. If you get the audiobook, you get a nice American professional reading the book, but with no pictures. And if you get the Kindle version, you just get the pictures and stuff, but it's not in there. I don't know if that's in color. The book is not in color. I was not told it was not going to be in color. So the maps are a little bit weird.
You did them all in color and they're printed in black and white.
Well, the funny story, right, if anyone has a copy of the book, if you open up the book to any of the pictures you'll be like, “Oh my God, who did they get to draw this?” It was me. Because we had this agreement right at the very beginning that they would do all the drawings professionally. And I was like, great. So I think it's like 48 hours before printing started, they came to me and they're like, “Hey, FC, have you got all the drawings?” And I'm like, “You're doing the drawings,” and they're like, “You need to give us the drawings, but we don't have time, so you've now got to draw them yourself.” I was like, “How long have I got?” And they're like, “You've got maybe 12 hours.”
Oh no.
This is like 10, 11 o'clock at night. So I literally hung up the phone, I get out my iPad and I do everything on my iPad, with the little iPad pencil thing. And I draw everything in color and I send it off and it gets printed and it comes back. They haven't redrawn anything. They use my raw pictures. And it's all in black and white. Yeah. So that's the pictures in the book as they are. It gives a rustic quality to the book.
I hear something that could be updated for the 2nd edition.
I don't know. I don't know if I would. It's got a certain charm about it, you know?
And so your company, Cygenta, are you taking on new clients? What are the types of clients that you look for or that look for you guys? Clearly the guy who owns a small little house in suburbia is not your client, but who is your partner?
So we are very eclectic. When we started the company, we self-funded it. I think I put about thirty grand's worth of computers into it and we started. And then within a week, we had our first client and we made profit, and we've been in profit ever since. And we haven't taken any funding whatsoever, so we are very autonomous. We are very agnostic to any clients, any vendors or anything like this. So we can't be bought.
My wife and I started this as a kind of like a lifestyle business. So we have a great lifestyle, life work balance. And we are very, very, very fortunate that we get to pick and choose who we want to work with. So some people might come to us and they'll be like, “Can you do this?” And we'll be like, “We don't like you. We think you suck as humans. We don't like interacting with you, so no.” And over the years, we've turned down hundreds of clients because we just don't want to work with them. Sometimes it's not always that we just don't like them. And sometimes it's just, it doesn't logistically work out, or the budget isn't there or whatever.
But our target audience is whoever wants to work with us. Have a conversation with us about what you want to do. Do you want to test your physical security? Do you want us to come and speak at your event? A lot of our work is speaking events now, speaking about our experiences because we've got a lot. And we can teach a lot. And I'm doing stuff with clients now where I think we just did twenty-seven talks with this one client globally. I think we went to like nine or ten countries with them doing this speaking stuff. My wife's done similar. So we do speaking events, we do physical stuff, we do pen testing, we do cultural change. If you want us to come in and assess what the culture is in your company and how to effectively change that, then talk to my wife.
We only work on interesting things, right? We're very lucky that we get to do that. It's a very, very fortunate position we're in. So it could be Bob down the road with a single house saying, “Hey, how do I put in these security cameras? How do I sort out my personal security? What's some advice for that?” Or it could be a multi-global corporation that wants us to come and speak at their event. It could be anywhere in between. So we're very, very lucky around that. So if anyone wants to chat, then get in touch.
And how can they find you guys?
So the best way is via our website. Go to cygentasecurity.com, or if you want to speak to my wife or myself directly, then freakyclown.com or drjessicabarker.com and there's forms on there for you to gain touch, but otherwise we're on X – God, I feel so bad saying X – on Twitter still. LinkedIn is probably the easiest place to at least find my wife. If you type in FC on LinkedIn, you get all sorts of random things. So yeah, LinkedIn or YouTube, Instagram, I think, TikTok, you know, all of the platforms, you'll find us. We're kind of like the A team. If you want to find us and you want to work with us, you can find us, right? Yeah, we can be found. Otherwise, don't bother.
You go out and find your own clients. Hey, you need to hire us.
No, weirdly, we never do that. We don't really do a lot of marketing like that. We're very fortunate that people talk about us word of mouth and that gets us clients, which is nice. And we get invited onto wonderful podcasts like yours and we get to chat about ourselves. But I don't like marketing. It sucks. I hate talking about myself. I hate trying to sell anything. So if you don't want that sort of sales pitch, then probably the best one.
Did I just sales pitch my sales pitch?
I think so.
I'm going to have to go and have a shower now. I feel dirty for that.
FC, thank you so much for coming to the podcast today.
No problem. Thank you very much.
Click to tweet: “Doesn't matter how many awesome locks you've got on your front door, real criminals aren't going to be picking a lock. … They're going to smash a window.”
Click to tweet: “Cameras are really good at going back in time. So after an incident occurs, you go back to the cameras and you see if you caught it.”
