THEOS Cybernova: The Cybersecurity Podcast for APAC Leaders

Paul Jackson: Welcome to another episode of THEOS Cybernova podcast. Today I am in Kuala Lumpur at the Regional Information Security Events (RISE) Underground Economy event run by Team Cymru, and one of the speakers at the conference was the amazing Geert, and I am not even going to try and pronounce your surname. But Geert, as you are about to hear, has a very interesting angle on the whole cybercrime eco-system. Thank you very much for joining us today here in Kuala Lumpur

Geert Baudewijns: It is my pleasure

Paul Jackson: Yes, you are very far away from your home country of Belgium, right?

Geert Baudewijns: Indeed, I am from Belgium, Antwerp. The most beautiful city, better than the UK.

Paul Jackson: Well, I have lived out in Asia for 37 years, so I am not going to argue with you about that.

Geert Baudewijns: It is not better than Asia.

Paul Jackson: Well, I will try to convince you one of these days. But during your amazing presentation yesterday, you described your job as the most brilliant job in the world. Why did you say that?

Geert Baudewijns: Well, for me, it is the most satisfying job there is. In my case, I deal with 3 to 6 negotiations each week, and it means that being the bridge between the victim and a cybercriminal makes myself being in a unique position for the victim, and it is very addicting, and addicting is sometimes the wrong word, but here in my case, it is the real world. It is very addicting to see how companies with sometimes ten, fifteen, twenty thousand people, where the CEO has a lot of people listening to him, that he is following you every step that you mention that he has to do, that he is doing that.

At the end after a successful negotiation, you see that those people are so grateful about everything that you did and your expertise that changed their life or in many cases that is what they say. The fact that you were there and you were able to help us with your advice, we are still there as a company, and we survived and even in some cases we see man or women from 55 years old after an incident and when everything ends positive that they are crying. It is incredible to see, and that makes it the most beautiful job there is.

Paul Jackson: That is incredible. That is because you are also dealing with the dark side. Just to be clear to the audience, Geert is a negotiator, between the threat actor groups in the cybercrime world who are usually ransomware type incidents and the victims, helping them to understand what has happened and we will talk more about this obviously as we go through to understand what has happened during an incident and also try to get out of their predicament in the best possible position, they may have to pay, they may not. Your role is to understand what has happened, and we will unravel that as we go through this podcast. I am really looking forward to this, by the way, your presentation was fabulous, but before we kick off into the nitty gritty of dealing with the murky underground world of the criminals, how on earth did you get into this? What is your story?

Geert Baudewijns: I started my career working for, lets say, the most crazy man in cybersecurity. I worked for John McAfee.

Paul Jackson: Yes, he will take some beating.

Geert Baudewijns: Indeed, so it was a very long time ago, it was in the 90s. There I started my career, and in 2016, I had my first case with my uncle, who was ransomed. He had some ransomware on his PC, and at that time, it was just for normal people; they were not hacking companies with ransomware. They were just there to ransom your computer and all the pictures of you and your kids. The guy told me that I have to pay, I said that is the most stupid thing you can do, they will never give us anything even if we pay. He said, No, no, I don’t have any other opportunity or option. We need to pay. I said Rick, we are not going to do that, it is stupid. He said if you are not helping me, then somebody else is going to, but I am going to pay. That was my first Bitcoin wallet that I created at that moment.

Paul Jackson: I hope you bought quite a few bitcoins at that time.

Geert Baudewijns: Let’s say that today, I do around 4 to 8 million euros of bitcoin each year. You then have to know that those are just the official amounts that we do for amounts under 2 million USD. Everything above, we are doing that through another party. So, that was the first case, and we paid. Suddenly, 2 hours later, we received the keys. I was very surprised, and then a week later, I had a second case, it was pretty much the same, so I said we’re not going to pay. The second victim asked me if I had already done it. I said once last week, she said we’ll do it again, and I said no, we had a lot of luck the first time around, they will never do that. We then did it, and an hour later, we received the keys and were able to unlock the systems. That was 2016, today we are 2025, and I do around 3 to 6 negotiations each week. In my full career, I have done more than 550 negotiations.

Paul Jackson: Wow

Geert Baudewijns: So that is why I said it’s the most beautiful job there is

Paul Jackson: Yeah, so tell us a bit about your company. How do I pronounce the right Secutec?

Geert Baudewijns: Yep, Secutec.

Paul Jackson: S e c u t e c for anybody that wants to, hopefully the audience isn’t in that predicament, but secure tech is the company to look for. Is this all you provide?

Geert Baudewijns: This is just my hobby that I do.

Paul Jackson: Negotiating with criminals is a hobby?

Geert Baudewijns: Yes, you cannot ask your staff to do this because there is a lot of money involved, and criminals try to manipulate you, so you are working for them. Due to the fact that there is so much money involved, I will never take the risk. This is something that I will do alone, and it’s me, myself and I. But Secutec is 20 years old and 110 people all over the world and what we do is we are a very atypical cybersecurity company, so most cybersecurity companies they are doing very well they are implementing cybersecurity solutions and they are installing, they are giving a piece of maintenance piece of support these are these are the things that we don’t do anymore, we did that in the past but today we are in the world of threat intel so we are every day on the red line or on the other side of the red line where we try to communicate with cybercriminals. Not only for ransomware but also to receive information from things that they were able to steal like passwords, cookies, credit cards for examples, so that is what we do we are the darknet we are looking for all the marketplaces that they’re able to find and which could be very interesting for our customers and then we contact the customers saying we have found this in that and then we go on the market to try to negotiate to buy those things or to steal some things.

Paul Jackson: That is really interesting, I’ll dig into that in a little bit later because obviously THEOS, the company that I work for, we get involved in investigations, we are a crisis management company, we deal with Incident Response, very sophisticated investigations. But we don’t do what you do right. And I think that’s very important when it comes to negotiations with threat actors; we distance ourselves when it comes to that component. We focus on finding out the root cause, understanding what’s happened. understanding what is the risk, what data has been exfiltrated, etc. Now I’ve seen that some other companies who also do incident response they realise they monetise the negotiation piece, and therefore they also include that component as part of their response services. What are your views on that?

Geert Baudewijns: Well, I don’t believe in that. You really need to be independent. First of all, as I said, this is something you cannot trust to an employee. Each week during my negotiations there is a certain point thats how I do it at a certain point I will say to the criminals that I work as a negotiator. Every time you see they try to manipulate yourself in going from official channels that they have created to communicate to a Tox channel. For those who don’t know, Tox is a WhatsApp for criminals. If you go into that Tox channel, you have a completely different voice than the one you receive from them; they are quiet, they try to be your best friend, and they try to manipulate you. What one of the things they always try to say is what is the maximum budget of your customer. For example, a customer says that you have 300,000 USD, that is what I said in the previous channels against the hackers. But they said if you are able to make 400,000, then we are willing to give 20% on the delta, so that means on the one hundred thousand extra, you will receive 20%. That is a lot of money. So, if you imagine that an employee who has a normal job in your company would be offered this proposition, I can imagine, and we have seen that in the past with other cybersecurity companies, that they came  in serious trouble because they did it.

And we had in France, we had examples of negotiators who were doing the same and had this issue, and they are in the jail for the moment. Even though it is the most beautiful job in the world, you had to do it on a serious base and keep it as one job and don’t try to combine 2 or 3 jobs together, if you know that you will do the incident response, it is very stressful job as you will have to work 12 to 14 hour at least in one go. This will never change. If you have on top the function of being the negotiator, you have to be very calm; those 2 things don’t go together. That is my opinion, but who am I to say, no?

Paul Jackson: No, I entirely agree. As you know I am a former police officer, while there we had a negotiator carder, and they were separate from the investigation team. It makes perfect sense that you have people who were experts dealing with criminals obvious a different kind of negotiation, kidnap etc. But, the similarities are there.

Geert Baudewijns: And if you are involved in the negotiation and the investigation part, as an incident response, you really need to be clean and to be able to say that this is not my job because they are two separate jobs. One has nothing to see with another.

Paul Jackson: I love the ethics that you are talking about here. I can easily see how corruptible it could be when you are talking about such large sums of money. I can believe that the criminals will try and buy it off the negotiator to gain an advantage.

Geert Baudewijns: In many cases, I have received a question that people are saying. Why didn’t you go to the other side? It is very easy, I have a very beautiful life in Belgium, I have 6 kids, we have a company of 100 people, why would I risk doing this and lose everything? It makes no sense.

Paul Jackson: I can see why you are a good negotiator if you have 6 kids. Lets talk a little bit more about the criminals, because obviously we are seeing the rise certainly from our point of view of the threat actors trying to buy ransomware as a service, the major players the big organised crime groups, the sophisticated ones will sell the tools that they have been using to other criminals on the underground. How do you differentiate those sophisticated organised crime groups and those chances that pick up these ransomware ware tools, they buy and try their luck.

Geert Baudewijns: First of all, you have 2 kinds of criminals. The amateurs and the professionals, it is a totally different world. If you talk with an amateur, those talks go much further and is much longer, with professionals, it is always business talk, it is like a business. With an amateur, you can talk about the kids, and that is important, you have to know that once you are going into a negotiation, a good negotiation, you have to feel when you need to go faster and when you need to slow. This is what we try do and try to make bonds, you need to make a good bond between the type of criminal and yourself as a negotiator. You need to have a good understanding with the criminal, but it is important that you need to have both mutual respect, you are not able to make a good deal if there is not a good mutual respect between both parties.

Paul Jackson: That is fascinating, a respect between an ethical person and a criminal group, it exists, right?

Geert Baudewijns: It exists and if you as a negotiator are doing your job on a proper way by doing your checks and doing double checks and triple checks, that way you know that there will be no surprises, especially at a certain point you say that you are a negotiator and they will never take any risk with a negotiator because they know after 2-3 days that they say if you don’t pay we will do this and this and if you pay we will do what we promise. I say I know 2 weeks ago I was also negotiating with you and that they were asking at that point who was the victim and you need to be sure that 2 weeks ago that were negotiating otherwise you are losing everything that you said was the victim and you received a total different call and that moment, they say ok lets go through a Tox channel and then you have a total different talk with those criminals and then you are their best friend and that is when they try and manipulate you. They are offering you money and even afterwards if you made a deal, they are asking you to go back to the Tox channel to say we have 5-6 other victims but they are not responding. As you are an official negotiator are you able to contact them, saying that we are doing what promise to do and you have the proof that it is working. You are never doing that. I am never going to contact a victim saying that I had contact with the criminal and that he is willing to do a good deal. That is not my job; the only thing that we do is pass that information to law enforcement, and they have to contact the victim, but we will never do that.

Paul Jackson: I will pay the devil’s advocate here, because you keep mentioning about ethics and how the criminals will try to manipulate you, but how would we know because honestly all the clients sees is the end result that they have to pay. How do we know that any other cybersecurity company isn’t taking that 20%? At the end of the day, it is invisible.

Geert Baudewijns: First of all, it is not invisible. A lot of people think that, due to the fact that you are paying with Bitcoin, it is anonymous, but that is not the case. We are perfectly able to follow the money until they change the bitcoin against USD or Euros; we are perfectly able to follow them. The only problem is the exchange, where they are exchanging money again. Well, and if those are in countries where they are not exchanging anything, then you are screwed, and you never received the name that the money was exchanged into. Knowing what is happening if another cybersecurity company were to do that, you would never know if they would do that, so you can never take the risk.

Paul Jackson: Yeah, you never know if they are taking a backhander. That is difficult for clients.

Geert Baudewijns: The most important thing is that when you are going into negotiation as a negotiator, you don’t have anything to lose; there is no emotion. If they are hard against you, then you are just as hard against them; it is the only way. A professional will never threaten me or say bad things about me. Amateurs, they are doing that. That’s very you know, an amateur is a person who has initial access to your network but these are also the same person that will hack your network, who are going to exfiltrate your data, and he is also going to do the negotiation. He is the same guy who is doing everything. That is an amateur. The problem is, in most cases, he is more technical than a good negotiator. In my case, it makes my job difficult, but again, if they threaten me, then I’ll just do the same. And again, there is only one way to have a good deal, and that is to have mutual respect. And if that’s not the case, then there will be no deal, and for me, emotions, there is one big rule: no emotions in these kinds of deals, because otherwise there is no deal. This is what we see in many cases, that they tried to manipulate me in emotional ways. I don’t care.

Paul Jackson: Okay, let’s talk about the negotiation side, as you are the author of the amazing book, although I haven’t read it yet, ‘Negotiating In The Dark. How Millions Are Lost Every Day To Cyber Criminals And Their Networks.’  This should be a best seller on Amazon. I am really looking forward to reading it, and thank you so much. Obviously, our listeners are enjoying listening, and we will put a link to the book in the release.

Let’s talk about the negotiating, because let’s say I am a victim client and I have just been hit by ransomware, why should I negotiate with the threat actors or the criminals?

Geert Baudewijns: Well, that’s already some sensible thing because in many cases, first of all, you need to know, it is not the victim that is going to call me. In 90% of cases, it is the insurance company that calls me. An insurance company will never take any risk. They will always involve a negotiator in that deal, just to know and be able to make an economical risk and analyse to see what the total damage would cost them. And that is for us as a negotiator much more easy. First of all, it is our daily job, and secondly, due to the fact that we have access to the criminals first, we will ask what they have. That is our first job, to do scouting and see what they want, and then we can do a negotiation. But a lot of customers are afraid of negotiating, because it means that they are going to pay, and in many cases, in the first 24 hours, we will not pay the criminals. With all respect, that is a good way. Every dollar you put in the criminal system is a bad dollar, which makes them more better and sophisticated.

Paul Jackson: It will incentivize them to do more.

Geert Baudewijns: Indeed, in most cases, there is no other way. Believe it or not, if there is another way, we will always choose the other way, not to pay. There is nothing more bad to explain to a customer who has lost everything, and he doesn’t have anything more for data to go to their end, but the ethics is to say that we won’t pay, and you won’t pay. If you are saying those things to a victim, those are not the things that they want to hear, they need to hear something from somebody with experience who is going to help him solve that situation. If it is by paying, then it will be by paying; if it is by doing another action, then it will be by doing another action. But the most important thing is to be there and support your customer and not to sell drama; this is also something that we see in a lot of cases. If you are hit by a ransomware, you will see that your general IT staff they are very surprised and they will be in shock. You will then see other people in your company who have nothing to do with cybercrime or with IT; they will profile themselves as the expert to the CEO and the board of directors. You will see that there will be a lot of information which they are going to send, because that’s the moment that they are going to promote themselves; it is really a big problem. Keep it in a simple way, keep it in a small group of people, and deal with the crisis in a small group, that will help you and will limit the drama, because you don’t need drama in that moment, clear advice and clear steps, you will help and there will be no problem.

Paul Jackson: As an investigator right, we often view the negotiation as an opportunity to delay things to give you more time to assess the impact and I know you’ve got a lot of different angles in your presentation yesterday that I haven’t really considered but I really do think that the beginning of negotiation is more of a conversation does help you to buy time.

Geert Baudewijns: indeed, and in many cases that is the first thing that a customer says because they’re all afraid that the hackers are still on your network. It’s incredible to see that those are always the first questions to see, but they may still be on your network, those are the fake experts who are saying that, those are the experts who have a theoretical background, but they don’t have the expertise. Believe it or not, and believe me, they will never take the risk as cybercriminals, they will never take the risk to still be on the network from the moment you are encrypted, they are gone. They will never come back to try to see how far you are into rebuilding part of your network, they don’t take any risk, that is also something in the midst. There are people are believing that they are still monitoring every step that you are doing, they don’t do that.

Paul Jackson: To play devil’s advocate again, obviously, we do come in and investigate, but I don’t think companies can take the risk that there won’t be someone within their network if there ever was a gap of vulnerability that was being exploited, then other groups may also do that. I do think that it has come upon us as investigators to ensure that the root causes are identified and fixed, and they have the correct security moving forward. I do agree with you, with all of the ransom groups, they just want to get your money. They have encrypted and stolen, the double whammy, extort you to unlock the data and secondly not expose the stolen data. How do you when you are negotiating, you mentioned yesterday, when a company has been hit by ransomware, they have been put on the naughty list, they are put on the wall of shame, which lists companies that they have hit, to try and incentivise them or push them to pay because nobody wants to be on that wall or shame. But then you mentioned yesterday that other criminal groups see that and then they start to contact the victims pretending that they were the ones the threat actor group, but actually hack them, and sometimes the victim will pay the wrong criminals.

Geert Baudewijns: Indeed, that is one of the first jobs we have, it is to see if you are talking to the right criminal. You need proof of that because once you are on the wall of shame, you have other criminals who are contacting you directly, and they are not afraid of taking a phone call. Real cybercriminals will never call you, that is first of all. They call you, and they say if you want it is now for 6-7 days, let’s make a quick good deal for 50 or 100 thousand US dollars, you pay it immediately by Bitcoin, and later on, today you are free, we will give you the keys, and you would be surprised how many victims are taking that risk. And they pay 50 or 100 thousand USD, and then they don’t hear anything anymore, it is logical because you are not paying the right criminals. So those are the stories you hear that people say that you are not sure that if you pay something, you will receive your information. Theoretically, you are correct. In practice, if you are using a good negotiator, you will never have this case. Never.

Paul Jackson: So you are telling me, in every single negotiation, you always got the keys?

Geert Baudewijns: Yes, until now, I have done more than 500 negotiations, we always receive everything.

Paul Jackson: That is interesting. That was the question that I always get asked: if we pay, what are the chances of getting the keys?

Geert Baudewijns: Well, first of all, every negotiator has their tactics, that is logic. For me, the fact of explaining at a certain point that I work as a negotiator, there is how I see it and how I feel it until now. There is no cybercriminal who will take the risk from the professionals to screw you up at that moment, as a negotiator, because they really know that in a week or 2 or 3 weeks, you will be negotiating again with them. They will never take the risk. That is my experience, that is how I do it. You need to know the moment that you are hit with ransomware, and a negotiator will take the call. The first thing he will do is go into a negotiation, and he will ask the file tree. The file tree is the list of all the stolen data. For insurance companies, that is the most important thing because that is where the claims will come, that is the big money that they will have to pay. The file tree, I receive, in most cases, 2-4 hours after the first contact. This is something the cybercriminals share with a lot of pleasure; this is the most important thing that they have. At that moment, I give it to the company, to the victim and say, can you give me 5 files on the list that I will ask. First of all, when we see the full list, we have a good idea if we have the right list (yes or no). Cybercriminals will never exfiltrate your emails; for example, they will never exfiltrate an Oracle or an SQL database. They only do Word documents, PDFs, Excel and PowerPoint. That is the only thing that they will exfiltrate. That is also a myth that a lot of people think, that they are taking my complete CRM, with everything in it.

Paul Jackson: So, no databases?

Geert Baudewijns: No databases, it is too big. They will always exfiltrate between 50 and 400-600 gigabytes of data, let’s say, a normal laptop. Nothing more, nothing less, even for companies with 20,000 people, we are talking about 500 gigabytes of data that they will steal. That is the reality: we are asking for five files. We received the five files from the threat actor, which prove that he has the data. It is as simple as that. But in some cases, we are asking for five files, and they are sharing six files. This is one of the most important tips that I can give to your audience. The 6th file is always a copy of the cybersecurity insurance policy that they have with their insurance company. It is very important that if you have a cybersecurity policy or an insurance, then never store that policy on your server, because it is the most important file that cybercriminals will look for. Once they have found it, for me as a negotiator, I can do whatever I want. If they know you are covered for 4-5 million dollars USD, I can try and say whatever I want, they are showing me the policy where it says, but you are insured for X amount of money.

Paul Jackson: The insurance company will bear the cost

Geert Baudewijns: Indeed, one of the most important tips that I can give. Never store this on your servers.

Paul Jackson: I never thought of that, but we often tell clients, don’t store your incident response plans on a server because the hacker will know what you will do in the event of a breach and all these kinds of obvious things that should be obvious. Don’t store your insurance policy on the server, I can see that clearly. Let’s talk about the threat actor groups. Where are they typically coming from?

Geert Baudewijns: I would say from Asia, but that is not the case. That would be stupid for me to say. My point of view is that if you have 100 people, you would have 5 or 6 criminals, and from those 5 or 6 criminals, you would have 1 or 2 cybercriminals. Whatever country you are, you would always have the same percentage of people who will be cybercriminals, whichever country you are. A lot of people think they are from Russia or China. No. I don’t believe that. When you are dealing with amateurs, that is one of the questions that I always ask. Professionals will never answer that; they will always say Please keep it professional. Amateurs will sometimes say that they are from India or from Venezuela or from the US, and then you can even ask where in that country/ province/ state, and they will share that, but they will never go further than that.

Paul Jackson: So it is not always country-specific.

Geert Baudewijns: No. Also, for me to make some bond cases, I am trying to make a bond with the criminal. At a certain point, I say sorry, I have to go to dinner. I need to go to eat. I will be back in two hours. That’s the way of winning sometimes. Then if 2-3 hours later, I’m coming back. Most of the first questions that they will ask would be How was your dinner? What have you been eating? You answer, and then try to make a bond, that is my job.

Paul Jackson: Wow, make you bonds with criminals. Does that not stick in your throat a little bit?

Geert Baudewijns: It is sometimes difficult, because you need to know what your goal is. And even there, I mean, it’s just a way of making a deal. They are not my friends, I don’t need to go to football with them or have drinks.

Paul Jackson: So you have never met them in person?

Geert Baudewijns: No, I would really like to do that. Just to have an idea of who they are, what is the typical age of a cyber criminal, for example, what was the moment in his life that he decided to go to the other side? That is the point that I really want to know. That is fascinating to know, at which moment they decide to say, and now I am going the right way, on the other way, and I’m becoming a criminal, right?

Paul Jackson: You mentioned that you provide threat intelligence services. ?What value does that bring to the client, What kinds of things are they looking for?

Geert Baudewijns: As a negotiator, they just need the experience, the way of feeling trust, that what you are saying that it will be how it is. This is something in many cases we see that companies are victims after the negotiations. At a certain point, we thought that you were the criminal. That is not so positive. They say that it was incredible to see that you were able to predict what the next steps were going to be and that they were true. That experience gives me 2 or 3 sentences of a criminal, and then I am able to explain to you the next 5 to 10 days what is going to happen based on 3 sentences. That is experience.

Paul Jackson: That is experience.

Geert Baudewijns: That is also the kind of intelligence that you can share

Paul Jackson: And the value that you bring. I see that a lot of companies that just started doing DF/IR investigations don’t have it, and when you have that experience, it is crucial. Experience is everything.

Geert Baudewijns: You may not be afraid, and that is the most important thing. A negotiation would not be successful; it will not change my life, and that is the only way to go into those negotiations, no emotions.

Paul Jackson: Well, we could talk about this at all hours.

Geert Baudewijns: Well, I have time.

Paul Jackson: But typically, we keep the podcast to 30-40 minutes, so I am afraid we don’t have time. But I strongly urge our listeners to reach out to you if they want to learn more about your company, and I would suggest also because retainers are critical. In our world, the investigation world, we often urge companies to be prepared by doing tabletop exercises, to rehearse and have muscle memory dealing with a crisis. They should involve people like yourselves in these kind of exercises because you are a critical component of any incident especially a ransomware type incident and I think that too many companies they don’t involve other players that are important in the real incidents and certainly I would urge anybody listening in the corporate world if you are planning an exercise to do involve someone like Geert to understand what the process of negotiation will be and how you will approach it, how would you pay, how would you get the Bitcoins, right? There are so many things that we haven’t really touched on in this short conversation, but there is a lot more to this. You can also buy his book ‘Negotiation in the Dark’, I’m really looking forward to reading this. But I do have one thing that I have to mention, you have stolen your cybernova name, what is going on?

Geert Baudewijns: Yeah. That is true. Well, in Belgium, we are organizing on the 24th of March, Cyber Nova. And we looked for the name, and, it was in Europe. It was free. It was able to. We are organising Super Nova, which is an exposition (event) that you organise from M&A parters, investors, and on top of that, I know the organiser and I said to him “why aren’t we organising an extra day just for cyber and what we try to do is make a bridge against law enforcement and companies”, so you will see Europol, Interpol, you will see a lot of governmental institutions who will explain how they are working on a daily basis against those cybercriminals because I know that world, it’s our world.  But a lot of companies, that don’t have a clue about how it is. That was the start of Cyber Nova and the first edition this year, 24th March, in the most beautiful city, Antwerp.

Paul Jackson: The most beautiful city. Well, given what you have shared with me, you are welcome to share the name.

Geert Baudewijns: It is an honour, thank you.

Paul Jackson: Just tell the audience when and where

Geert Baudewijns: 24th March in Antwerp in Belgium.

Paul Jackson: Right, I will try my best to be there.

Geert Baudewijns: No, you will be there, you promised me yesterday that you would be there

Paul Jackson: Alright, If you’ve enjoyed this episode, everybody please hit the like or the subscribe button. That helps us to reach more folks with this important information that we share on this podcast. I have one final question for you, though here. And I always close because you talked about the stress and the emotions and taking the emotions out, well, in my job we also have to take the emotions out, but when you get home, you want to let the emotions back in, and I do that through music. I am an old-fashioned music lover, I have vinyl records, etc. But I am always curious what my guests listen to. I always have this impression of Belgians listening to accordion music, put me straight what do you listen to?

Geert Baudewijns: My wife is getting angry when she’s in my car because it is always the same. And I get it. I know, I don’t know why, but I love old movies right now. Old movies. We have the new movie. But I always listen to the full playlist of Top Gun.

Paul Jackson: The music of Top Gun, wow

Geert Baudewijns: Yes, it is so fascinating, and this is something that I love to hear because I don’t need to think about it; I can think about my job. I am driving, and I am listening to that, but I am an old-fashioned guy.

Paul Jackson: But you must drive your kids crazy, though, if they have to listen to that.

Geert Baudewijns: Always, always. The first thing that they do is change that music.

Paul Jackson: What a great way to close this episode. Geert, you are a legend,  so thank you so much for joining me at sunny Kuala Lumpur, at the RISE event. It is a fantastic event for those who are more interested in investigations and the dark side of cyber.

Geert Baudewijns: It is a unique event

Paul Jackson: It’s a very unique event. And, thank you so much for joining me today, Geert. And safe travels back to Belgium.

Geert Baudewijns: Thank you very much.