Exploiting Trust (Part 1)

Most security failures don't start with a dramatic breach or a mysterious hacker sitting in a dark room. They usually start quietly. Someone assumes a system is locked down. Someone trusts that a door shouldn't open, or that a machine "just works," or that no one would ever think to look there. Over time, those small assumptions stack up, and that's where things tend to go wrong. Today's guest is FC Barker, a renowned ethical hacker, social engineer, and global keynote speaker with more than three decades of experience legally breaking into organizations to expose their blind spots. Formerly the head of offensive cybersecurity research at Raytheon and now co-founder of cybersecurity firm Cygenta, FC is also the author of How I Robbed Banks, a book packed with true stories from the field. In this conversation, FC shares what he's learned from decades of breaking into places he was hired to protect. The stories range from funny to unsettling, but they all point to the same pattern: technology usually isn't the weakest link. People are. From outdated systems that can't be replaced to everyday workplace habits that quietly invite risk, this episode offers a grounded look at how intrusions really happen and what actually makes environments safer. Show Notes: [03:06] FC grew up before cybersecurity existed and learned computers when manuals were thicker than the machines themselves. [05:27] How early internet culture shifted from curiosity-driven exploration to the rise of malicious actors. [07:15] Why inviting external testers to break into your systems was once an unthinkable idea and how that changed. [09:35] The danger of internal blind spots and why external validation is often more valuable than internal confidence. [10:46] Unexpected discoveries during penetration tests, including systems no one remembered were even running. [12:23] Choosing unusual, esoteric security projects and why unconventional systems often hide the biggest risks. [12:50] A real-world operation that involved reverse-engineering hardware to shut down power infrastructure in seconds. [16:29] One of the easiest break-ins ever happens accidentally, proving how fragile some systems really are. [17:21] The most common technical failure seen across organizations: poor network segmentation. [18:36] How a routine internal scan accidentally knocked an entire country's banking connection offline. [20:04] A bank unknowingly runs its internal network on an IP range owned by the U.S. Department of Defense. [21:43] A mysterious daily network outage turns out to be caused by a single employee's music collection. [23:07] Plugging into a forgotten network switch triggers a fire during a government penetration test. [25:15] Why penetration testers are often blamed first even when nothing has been touched yet. [26:25] Discovering malicious insider code planted by coordinated nation-state actors. [29:41] Why some outdated systems must remain untouched and why "just update everything" isn't realistic. [33:15] Implanting covert hardware inside everyday office devices to gain persistent network access. [35:01] How avoiding people altogether is often the most effective form of social engineering. [37:10] Why attackers move from the top floors down and how authority bias works without a single word spoken. [38:35] Clothing, context, and small visual cues that instantly make people assume you belong. [42:26] A penetration test derailed by an unexpected office costume day—and why randomness can be a defense. [44:33] A simple exercise anyone can use to start thinking like an attacker by examining their own home. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Cygenta Dr. Jessica Barker FC aka Freakyclown - LinkedIn How I Rob Banks: And Other Such Places