A (11:42)

Maybe?

B (11:42)

Are my vendors secure? Or the one that really keeps you up at night? How do I get out from under these old tools and manual processes? That's where Vanta comes in. Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence, and filling out endless questionnaires. Their trust management platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. And it fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and finally get back to sleep. Get started@vanta.com cyber that's V A N T A dot com cyber. Hazel Serra is resident agent in charge of the Atlantic City office for the United States Secret Service. I recently sat down with her to discuss the evolution of the Secret Service's investigative mission. So before we get going here, I would love to get a quick description of the origin story for the U.S. secret Service.

A (13:04)

Oh, absolutely. This is kind of interesting. So the organization started in 1865, and the reason that it got started was because there was a very large problem with counterfeit. Over one third of the money being circulated was counterfeit. So after the Civil War, they said, well, you know, something needs to be done, and they created the Secret Service. So we were doing a great job investigating counterfeit currency.

B (13:31)

And.

A (13:31)

And then after the assassination of President McKinley in 1901 was when they designated our agency to protect the presidents. And that's why we have what we call the dual mission.

B (13:46)

So I want to start out with a little bit of level setting, because I think probably like a lot of folks in our audience, when I think Secret Service, the first thing I think is you all protect the President.

A (13:58)

And that is correct. We do. But that's not all we do.

B (14:01)

So educate me here. What else does the Secret Service provide our great nation?

A (14:07)

So we have what's called a dual mission. So not only do we protect the President and also their families and foreign heads of state, but we also investigate financial crimes. So where we started investigating counterfeit currency, that moved to credit card fraud, identity theft, and now most recently, cryptocurrency investigations.

B (14:29)

Yeah, I guess I was familiar that the Secret Service dealt with counterfeiting. So I guess that does tie into things like crypto these days.

A (14:37)

Correct? Yes.

B (14:39)

And so what has your part been in that in your office in New.

A (14:42)

Jersey, as far as the investigation goes.

B (14:45)

The investigations, and trying to track down People who are up to no good when it comes to these things.

A (14:50)

Well, I am responsible for four districts in my office. So anything that happens in any of those districts that any of those investigations we have to respond to. So in my district I have all the casinos in Atlantic City. So that requires a lot of relationships and having be able to talk to my partners and have my agents responsible to respond to those incidents. But not only that, we do get a lot of investigations that involved protective intelligence. So. So anytime that someone makes a threat against one of our protectees, we have to go out there and talk to that person and make sure that they're not going to carry that out.

B (15:33)

So I mean, talking about the casinos in particular, I would suspect that's a place where a lot of people are trying to do various things with money.

A (15:45)

Yes, yes, no, they are. And I am very friendly with most of the security directors in all the casinos. We meet on a regular basis and we do discuss any types of trending fraud attempts that go on in the casinos. And we also provide them with training so they're up to date with some of the latest and greatest trends in the financial crimes business.

B (16:11)

I know you've shared some parallels between the mission of protecting the President and this whole notion of zero trust in cybersecurity. Can you flesh that out for us?

A (16:23)

Yes. So I actually had been privy to a presentation by John Kinderbag. I'm not sure if you know who he is, but he's the godfather of the zero trust model. And when I heard him speak, I immediately made that connection of our zero fail mission because it's very similar. We don't trust anybody. And just cause you get into one layer of security in our perimeter, doesn't mean that we're gonna allow you into the next one. We don't trust anyone, anything. We have to verif continuously. And that's very similar to what the zero trust model is ours. You know, we have a zero fail mission. There's very little room for error. There's really no room for error. So we have to really stop and analyze and put layers upon layers of protection. Everywhere that the President goes. We don't just protect the White House, we protect him everywhere. That is done intentionally. So we have to protect him wherever he goes in the country. And when we do that, we basically apply the same standard that we have at the White House. With multiple, multiple teams, multiple people, lots of talents, lots of resources. It's a very large footprint.

B (17:36)

So you all are the OG defense in depth organization?

A (17:41)

Yes, absolutely. We have over 120 years of protection experience, and I dare to say that nobody does it better than we do.

B (17:49)

Tell me about digital reconnaissance and what part that plays these days in this. This digital world. Being able to keep track of folks who may be out there trying to do someone harm.

A (18:01)

Well, that's a layered approach as well, and a very challenging approach because of some of the anonymity that people can do online and basically hide behind the computer. So it is a very challenging crime. But we have had lots of success with it. We have some of the best tracers in the country. We have many analysts that will take a little bit of information and be able to build at a case from it. And a lot of it really works on working in a partnership with some of our other sister agencies, our other local and state partners, and really all of us just coming together in order to investigate these types of crimes. And like I said, we have had a lot of success, but it is very challenging. And we have been able to return many of the funds that we have been able to receive. We have been able to return it back to the victims, but that's very. It doesn't happen very often, unfortunately.

B (19:03)

Yeah. I mean, is it fair to say that you all focus a lot of your time and attention on being proactive so that you don't have to be reactive?

A (19:13)

Absolutely. That really is the best piece of advice, is to go out there, do some outreach. I spend a lot of time speaking to some of the organizations that have elderly populations because they're mostly targeted. And what I say to them is, the reason that you're being targeted is because you have acquired lots of wealth in your life. That's really the reason why. And by educating these groups, they go out and they start sending that message to their other friends and family. And that's really the best way to protect, you know, our people, because there's a lot of money that is leaving our country, unfortunately, because of these scams, and there's not a whole lot that they can do once it happens. Like I said, it's very challenging. So being proactive is the best thing that we could do. Education is a large piece of it. We have partnered with our local prosecutor's office in order to go out there and present to these groups. And, you know, we've done even lots of social media campaigns on cryptocurrency and how not to become a victim. We actually had an operation, we called it Operation Cryptoguard. And we had basically identified all the bitcoin ATM machines. In the area. And we now went out and put up warning signs that, hey, these are the red flags to look for if you're going to send some money out. Do you know the person on the other side that you're sending this money to? Because that alone is a red flag. How did you meet this person? And actually, you know, it's hard because we don't really know if it's really working right. Like, we just put them up and that's it. But I actually got a call from one of my federal partners and said that they had a friend that went to one of the Bitcoin ATM machines and they were about to put in their life savings and they saw the sign and it stopped. So it does work.

B (21:05)

Wow. Well, for the folks in our audience who are tasked with protecting executives, not quite the level of the President of the United States, but there are some lessons here that transfer.

A (21:18)

Yeah, no, absolutely, they do. With the Secret Service, you know, we don't just protect the White House, we protect the president. And why do we do that? We do that because he is well known, he represents our country. He is the most powerful person in the world. And, you know, what I've seen is that many of the private sector organizations are still just protecting the walls of their organization. They're not protecting you after you leave. Hopefully they have a secure phone that you're using. But once you go home, you're exposed again. So if you are an individual where you are the face of organization and the organization isn't protecting you at home, then you're leaving yourself completely open and vulnerable.

B (22:06)

Now, I understand that you're in the process of winding down your public service and taking a shift to the private sector. Can you share with us what your plans are?

A (22:17)

Yes. So I have been with the agency for 25 years and eight months, and I've loved every minute of it. It's really bittersweet leaving. I love the miss. You know, I think that the mission has a lot of synergy with the fact that we have investigations and protection. And I've seen the world and have made many relationships, but as with anything else, you know, it comes to an end. And I was just recently offered a position to work for an organization that has a very similar mission objective. And, you know, what I do best is our mission. So that came very natural to me. And I'm not going to stop doing protection. So that makes me very happy. And I accepted a position with Blackcloak and they do digital executive protection, which is really fascinating to me. Because I did what we call in the Secret Service, critical systems protection. And it's very similar where, you know, we've been doing this for years. I mean, I was a baby agent, and this was back in the. Yeah, it was like back in 2000s. I know you're like.

B (23:26)

You were a teenager, right?

A (23:28)

Teenager. But what I say by baby agent is just that, you know, I was young. It was my phase one. I was in the field. Cause we have three different phases. And when I was in the first phase of my career, we were already doing these kinds of things. Like, we were already monitoring the network. We were already, you know, very concerned that if the president was in an elevator, can somebody control it and trap us in there? Are we, you know, we were concerned that if the President is out there doing a speech and there is some digital screens in the back, can someone control that and put some kind of verbiage that would say fire, you know, evacuate or something that would create panic. Right. So all those things are, you know, were being thought of back then. We haven't really crossed that road here with the private sector. It seems like it's in discussions, but this organization really hit the, you know, the nail right on the head. I mean, it's amazing. I thought that, you know, the CEO is a genius for identifying this gap.

B (24:31)

Well, I know Chris Pearson and the CEO of Blackcloak. He's been a good friend of the Cyberwire show for many, many years. Now. I won't inflate his ego by calling him a genius, but he certainly is.

A (24:43)

He is to me. Well, good enough.

B (24:47)

He's not my boss.

A (24:50)

He's not my boss yet either.

B (24:51)

Okay, fair enough. Fair enough. Help me understand the relationship between the federal organizations, because I think in cyber. We certainly hear of the FBI being an active player here, probably more than the Secret Service. Is that fair?

A (25:11)

So I say it really depends on the district that you're in. Right? It depends on the relationships in that particular state or county. So, for example, they're in my district. My parent office is Philadelphia. There are certain cases that we know the FBI is working on, and we have a great relationship. We'll talk about it and say. And we'll know that we'll refer that to them. What I generally tell people, because the common question is, who do I call? Who do I call? If something's happening, who do I call? I always say we are like a giant switchboard. You call one of us, you call all of us. We will get you to the right person.

B (25:48)

The point is, call Any words of wisdom for the folks in our audience who are tasked with protecting their. Not only their executives, but their organizations? Based on your decades of experience with the Secret Service, what would you like to leave people with?

A (26:04)

Well, what I want to leave people with is that it is important to talk to your people and have them understand the threat. I think that what makes a Secret Service successful is that we truly believe in the threat and we believe that someone is going to get close. Mina, we see it all the time. We have people that call our office that are mentally disturbed. They'll show up. They have strange affinities to our protectees. Some of them think that they are related to them. So we believe it and we understand it, and we have this. This mindset that someone is going to cause us harm. And you have to train your people to understand it and believe that threat. And if they don't believe that there's a threat and they're just going, you know, doing their job, just helping people, then that's when they're gonna become targets because they're not thinking about that threat seriously. So having those conversations with your people, security awareness is really important. And especially the people that have access to the purse strings, we see those are continuously being targeted. So that they need a special kind of training. Not. Not your general one where, you know, don't click on the link thing. They need, like, their own. Like, hey, these are the types of. These are the types of scams that you could be presented to you. So those people need to be trained individually, not individually, but, you know, they need to be trained separately. And then the other thing that I would say is think that when you train your people, sometimes it's best to just train them on security, something that is personal to them. You know, again, not this whole click on a link thing. Something about maybe how to protect yourself online, how to protect yourself if you're dating online, you know, how to protect your home, how to protect your Internet at home. Because I really, truly believe that when you train people to have a security mindset, that is going to 100% trend into the workplace. So those people are gonna buy in to the fact that there's a threat. There's a threat everywhere. I should be a little bit more careful about what I do at work because I know that these threats exist. So when you make it personal to your employee, that's when it's actually gonna click with your people, because they're gonna know that you care about them and about their security and not just about the bottom line in the business.

B (28:41)

This that's Hazel Sarah, resident agent in charge of the Atlantic City office for the US Secret Service. The world moves fast. Your workday even faster Pitching products, drafting reports, analyzing data Microsoft 365 copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create, and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 Copilot this episode is.

A (29:32)

Brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed Indeed sponsored jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit at Indeed.com podcast terms and conditions appreciate and.

B (30:05)

Finally, Ring used its Super Bowl Spotlight to announce Search Party, an AI feature framed as a heartwarming way to find lost dogs by turning an entire neighborhood's doorbell cameras into a canine manhunt. Upload that photo of Rover, the ad suggests, and suddenly every Ring Cam is on patrol, scanning sidewalks with the enthusiasm of a TSA beagle. Privacy critics note the joke lands a little sideways. Technology built to find runaway Labradors could just as easily be repurposed to track people. After years of backlash over police partnerships, Ring briefly rebranded itself as a Porch Moment curator. But founder Jamie Simonoff's return has brought a renewed push for AI and law enforcement integration. The result is a system that promises to reunite pets while quietly expanding a networked surveillance Dragnet. Even the YouTube comments seem to wonder whether this was really about dogs or was just a very good boy serving as a fig leaf. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign. If you only attend one cyber security conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.