Brian Jack is chief information security officer and data protection officer at KnowBe4, a security awareness training software vendor based in Clearwater, Florida. The company made headlines in July when it thwarted an attempt by a North Korean nation-state actor to infiltrate its software engineering staff. The company did hire the attacker, who used the stolen identity of a US citizen and deepfake images to get through the vetting process, but detected suspicious activity on his account and contained the threat before the attacker gained access to any company data.

In this episode, Jack shares the details of the incident, how the company's SOC detected and responded to the threat, advice for other companies on how to mitigate this increasingly common path of attack in the age of remote work and how he defines a good state of SecOps.