Easy Prey Podcast By Chris Parker cover art

Easy Prey

Easy Prey

By: Chris Parker
Listen for free

Chris Parker, the founder of WhatIsMyIPAddress.com, interviews guests and tells real-life stories about topics to open your eyes to the danger and traps lurking in the real world, ranging from online scams and frauds to everyday situations where people are trying to take advantage of you—for their gain and your loss. Our goal is to educate and equip you, so you learn how to spot the warning signs of trouble, take quick action, and lower the risk of becoming a victim. Biographies & Memoirs Politics & Government True Crime
Episodes
  • Exploiting Trust (Part 2)

    Exploiting Trust (Part 2)
    Jan 28 2026
    Security failures rarely come from cutting-edge attacks or sophisticated tools. They happen in ordinary moments when someone holds a door, follows an instruction without questioning it, or finds a workaround that makes their day easier. Those small, human decisions are often the real entry points, and they tend to compound over time. This episode picks up the second half of our conversation on exploiting trust with FC Barker, a veteran ethical hacker and physical security expert known for legally breaking into banks, government buildings, and high-security facilities around the world. With more than 30 years of experience, FC explains why human behavior, not technology, is consistently the weakest link in security, and how his success in physical breaches almost always depends on people trying to be helpful rather than malicious. The stories he shares range from quietly unsettling to darkly funny, but they all point to the same pattern: security controls fail when they don't account for how people actually work. The discussion goes deeper into why trust, politeness, and unquestioned compliance undermine defenses, how workplace culture encourages risky shortcuts, and what actually helps reduce risk without fear, blame, or expensive overengineering. Show Notes: [00:00] FC explains why most physical security breaches succeed because someone is trying to be helpful, not because of technical skill.[02:07] His background in cybersecurity and how physical security testing grew out of traditional penetration testing work.[04:26] Why trauma and hypervigilance can sharpen situational awareness in security professionals.[08:55] Early physical security failures are discussed, including poorly placed cameras and people casually sharing sensitive information.[11:06] FC explains how security controls that interfere with work often lead employees to find unsafe workarounds.[13:24] A story illustrates how even air-gapped systems fail when people move data for convenience.[15:32] Trust and rule-following culture are explored as major contributors to physical access failures.[16:40] FC shares how his near-perfect success rate comes from people helping him gain access without questioning authority.[17:08] He recounts an incident where employees helped him remove multiple computers from a secure building.[19:40] A failed engagement is described where internal resistance led to police being called unnecessarily.[24:00] FC tells the story of accessing a vault and removing a gold bar during a test unknown to senior executives.[26:53] The preparation required for high-risk physical tests, including staged kidnappings, is explained.[31:50] Practical advice begins with learning to think like an attacker when assessing your own home or workplace.[34:02] Situational awareness is discussed as a key deterrent against both physical crime and social engineering.[36:13] FC explains why security cameras are more useful for investigation than prevention, especially in offices.[37:41] Camera placement mistakes are covered, including mounting cameras within easy reach.[39:06] The importance of not advertising valuables or security measures is emphasized.[41:30] FC discusses personal vigilance and why monitoring finances and subscriptions matters.[44:00] His book How I Rob Banks is discussed, including the real stories and lessons it contains.[46:06] FC explains how his company chooses clients and why culture change is a major part of their work.[50:29] Security improves when systems are designed around real human behavior. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedInEasy Prey on YouTubeEasy Prey on PinterestCygentaDr. Jessica BarkerFC aka Freakyclown - LinkedIn How I Rob Banks: And Other Such Places
    Show more Show less
    51 mins
  • Exploiting Trust (Part 1)

    Exploiting Trust (Part 1)
    Jan 21 2026
    Most security failures don't start with a dramatic breach or a mysterious hacker sitting in a dark room. They usually start quietly. Someone assumes a system is locked down. Someone trusts that a door shouldn't open, or that a machine "just works," or that no one would ever think to look there. Over time, those small assumptions stack up, and that's where things tend to go wrong. Today's guest is FC Barker, a renowned ethical hacker, social engineer, and global keynote speaker with more than three decades of experience legally breaking into organizations to expose their blind spots. Formerly the head of offensive cybersecurity research at Raytheon and now co-founder of cybersecurity firm Cygenta, FC is also the author of How I Robbed Banks, a book packed with true stories from the field. In this conversation, FC shares what he's learned from decades of breaking into places he was hired to protect. The stories range from funny to unsettling, but they all point to the same pattern: technology usually isn't the weakest link. People are. From outdated systems that can't be replaced to everyday workplace habits that quietly invite risk, this episode offers a grounded look at how intrusions really happen and what actually makes environments safer. Show Notes: [03:06] FC grew up before cybersecurity existed and learned computers when manuals were thicker than the machines themselves.[05:27] How early internet culture shifted from curiosity-driven exploration to the rise of malicious actors.[07:15] Why inviting external testers to break into your systems was once an unthinkable idea and how that changed.[09:35] The danger of internal blind spots and why external validation is often more valuable than internal confidence.[10:46] Unexpected discoveries during penetration tests, including systems no one remembered were even running.[12:23] Choosing unusual, esoteric security projects and why unconventional systems often hide the biggest risks.[12:50] A real-world operation that involved reverse-engineering hardware to shut down power infrastructure in seconds.[16:29] One of the easiest break-ins ever happens accidentally, proving how fragile some systems really are.[17:21] The most common technical failure seen across organizations: poor network segmentation.[18:36] How a routine internal scan accidentally knocked an entire country's banking connection offline.[20:04] A bank unknowingly runs its internal network on an IP range owned by the U.S. Department of Defense.[21:43] A mysterious daily network outage turns out to be caused by a single employee's music collection.[23:07] Plugging into a forgotten network switch triggers a fire during a government penetration test.[25:15] Why penetration testers are often blamed first even when nothing has been touched yet.[26:25] Discovering malicious insider code planted by coordinated nation-state actors.[29:41] Why some outdated systems must remain untouched and why "just update everything" isn't realistic.[33:15] Implanting covert hardware inside everyday office devices to gain persistent network access.[35:01] How avoiding people altogether is often the most effective form of social engineering.[37:10] Why attackers move from the top floors down and how authority bias works without a single word spoken.[38:35] Clothing, context, and small visual cues that instantly make people assume you belong.[42:26] A penetration test derailed by an unexpected office costume day—and why randomness can be a defense.[44:33] A simple exercise anyone can use to start thinking like an attacker by examining their own home. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedInEasy Prey on YouTubeEasy Prey on PinterestCygentaDr. Jessica BarkerFC aka Freakyclown - LinkedIn How I Rob Banks: And Other Such Places
    Show more Show less
    48 mins
  • Surviving a Ransomware Attack

    Surviving a Ransomware Attack
    Jan 14 2026
    A ransomware attack doesn't always announce itself with flashing warnings and locked screens. Sometimes it starts with a quiet system outage, a few unavailable servers, and a sinking realization days later that the threat actors were already inside. This conversation pulls back the curtain on what really happens when an organization believes it's dealing with routine failures only to discover it's facing a full-scale cyber extortion event. My guest today is Zachary Lewis, CIO and CISO for a Midwest university, a 40 Under 40 Business Leader, and a former Nonprofit CISO of the Year. Zachary shares the inside story of a LockBit ransomware attack that unfolded while his team was still building foundational security controls, forcing real-time decisions about recovery, disclosure, negotiations, and whether paying a ransom was even an option. We talk about the shame that keeps many cyber incidents hidden, the emotional weight leaders carry during these moments, and the practical realities that don't show up in tabletop exercises from buying bitcoin to restoring systems when password managers are encrypted. It's an honest, grounded discussion about resilience, preparedness, and why sharing these stories openly may be one of the most important defenses organizations have. Show Notes: [04:05] Zachary Lewis explains why the absence of an immediate ransom note delayed suspicion of an attack.[06:00] The first technical indicators suggest something more serious is unfolding.[07:45] Discovering encrypted hypervisors and realizing recovery won't be straightforward.[09:30] Zachary outlines when data exfiltration became a real concern.[11:05] Receiving the LockBit ransomware note confirms the organization has been compromised.[12:55] The 4:30 a.m. phone call pushes leadership into full crisis mode.[14:40] Zachary reflects on managing fear, responsibility, and decision fatigue mid-incident.[16:20] Executive expectations collide with technical realities during the breach.[18:05] Why "doing most things right" still doesn't guarantee protection.[19:55] Cyber insurance begins shaping early response decisions.[21:35] Bringing in incident response teams and legal counsel under tight timelines.[23:20] Zachary describes working with the FBI and understanding jurisdictional limits.[25:10] What law enforcement can and cannot realistically provide during ransomware events.[26:50] Opening communication channels with the threat actors.[28:35] The psychological pressure behind ransomware negotiations.[30:10] Attacker-imposed timelines force rapid, high-stakes decisions.[31:55] Zachary walks through the practical challenges of acquiring cryptocurrency.[33:40] Why encrypted password managers created unexpected recovery barriers.[35:15] Determining which systems could be restored first—and which could not.[37:00] Lessons learned about backup integrity and offline recovery.[38:45] The importance of clear internal communication during uncertainty.[40:25] Balancing transparency with legal and reputational concerns.[42:10] How staff reactions differed from executive responses.[43:55] Zachary discusses the stigma that keeps many ransomware incidents quiet.[45:40] Why sharing breach stories can strengthen collective defenses.[47:20] MFA gaps and configuration issues exposed by the attack.[49:05] Why tabletop exercises fall short of real-world incidents.[50:50] Long-term security changes made after recovery.[52:30] Zachary offers advice for CISOs facing their first major incident.[54:10] What preparedness really means beyond compliance checklists.[56:00] Why resilience and recovery deserve equal priority.[58:30] Final reflections on leadership, accountability, and learning in public. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review. Links and Resources: Podcast Web PageFacebook Pagewhatismyipaddress.comEasy Prey on InstagramEasy Prey on TwitterEasy Prey on LinkedInEasy Prey on YouTubeEasy Prey on PinterestZachary Lewis - The Homesteading CISOZach Lewis - LinkedIn
    Show more Show less
    48 mins
No reviews yet