Chris Pierson, CEO of BlackCloak on DIY Cyber Guy

#94 – How to Reduce C-Level & Executive Targeting

About Dr. Chris Pierson

Dr. Chris Pierson is the Founder & CEO of BlackCloak.

Having served in various cybersecurity and privacy leadership roles over the past 25-years, Chris saw firsthand the emerging gap forming between enterprise security teams and the need to protect corporate executives, high-profile and high-net-worth individuals, and their families from financial fraud, cybercrime, hacking, reputational damage, privacy exposure, and identity theft. Chris’ search to find solutions to reduce risk to this burgeoning threat led him to launch BlackCloak and bring to market the first Digital Executive Protection Platform.

Prior to BlackCloak, Chris served for over a decade on the Department of Homeland Security’s Privacy Committee and Cybersecurity Subcommittee, and is a Distinguished Fellow of the Ponemon Institute. He has also held leadership roles as the Chief Privacy Officer for Royal Bank of Scotland, the world’s 3rd largest bank, leading its US privacy and data protection program; as the Chief Information Security Officer for two FinTechs, and as President of the Federal Bureau of Investigation’s Arizona InfraGard.

Previously, Chris was a founding executive of Viewpost, a FinTech payments company, serving as their CISO and General Counsel. Chris began his career as a corporate attorney for Lewis and Roca, where he established its CyberSecurity Practice representing companies who were hacked and fell victim to data breaches.

Chris is a globally recognized keynote speaker on digital executive protection, a cybersecurity thought leader, and board advisor for startups. He is frequently quoted by prominent trade and mainstream media such as WSJ, NYTimes, Forbes, Bloomberg, CNBC, Business Insider, and invited to speak at international events such as RSA, Black Hat, ISSA, and SecureWorld, among others.

Chris received his B.A. and M.A. from Boston College and his Ph.D. and J.D. from the University of Iowa.

Chris’s Links

Chris’s Company: https://blackcloak.io

SUMMARY:

Summary:

The meeting reviewed a podcast episode and related analysis examining the recent rise in targeting of C‑level executives and practical protections against those threats. Participants outlined drivers of the trend—activism, geopolitical tensions, and personal grievances—and described how cyber and physical threats converge: public disclosures, PR filings, data‑broker records, and breach‑derived data create digital breadcrumbs that enable both intrusions and physical attacks. The conversation covered remediation tactics for executives, including tightening social‑media and phone privacy settings, limiting real‑time location sharing, reducing third‑party data exposure, and using data‑broker removal options such as California’s CalPrivacy DROP program. They noted limits of remediation for deep‑ or dark‑web breach data, recommended breach‑monitoring tools like HaveIBeenPwned, and warned about the growing threat from AI‑enabled social engineering and deepfakes as attack surfaces expand via breached data and proliferating IoT devices.

Speakers emphasized the rising precision and impact of AI‑driven deepfake attacks and broader device proliferation in homes. On outreach and publication, Chris Pierson directed listeners to BlackCloak’s website and posted a HaveIBeenPwned link in chat.

SHOW NOTES:

#94 – How to Reduce C-Level & Executive Targeting

Hair of Fire 4 of 5

All C-Level and other Executives

There is a recent report written by Security Executive Council called The

*Executive Targeting Report: Analysis of Attacks on Corporate Executives from 2003–2025*

The report documents 424 targeted incidents against senior corporate leaders worldwide between 2003 and October 31, 2025. 

SOURCE: https://securityexecutivecouncil.com/insight/program-best-practices/executive-targeting-report-analysis-of-attacks-on-corporate-executives-from-2003-2025-2615

The report finds that attacks have surged sharply, especially since 2023, with CEOs most often targeted but non‑CEO executives increasingly at risk; threats are driven by activism, geopolitical tension, anti‑corporate sentiment, and personal grievances, and combine physical violence, stalking, protests, and cyber‑enabled tactics such as impersonation, swatting, and account compromise. 

Here with me to discuss is Chris Pierson, CEO of BlackCloak

Q: What is the convergence of physical security and cybersecurity

Q: Can you talk about the different types of attacks

Q: What have u seen that is new since last time?

Who is doing it well?

DROP (https://privacy.ca.gov/drop/ )

Chris’ SHOUT OUT: Tom Kemp, Executive Director of the California Privacy Protection Agency

About Tom: https://cppa.ca.gov/announcements/2025/20250314.html

https://www.linkedin.com/in/tomkemp/

How to turn off location tracking in a iPhone: https://support.apple.com/guide/iphone/control-app-tracking-permissions-iph4f4cbd242/ios

How to turn off location tracking on a Android device? https://support.google.com/accounts/answer/3467281?hl=en

Website Chris Mentioned to check to see if you have been attacked or breached:

https://haveibeenpwned.com/

Roughly 85% of incidents are physical, 14% are cyber, and a growing share are “hybrid” attacks where online behavior feeds into real‑world targeting, often at homes, workplaces, or public events.

TRANSCRIPT

0:00 – David W. Schropfer
Welcome back everybody to DIY Cyber Guide. This is episode 94, how to reduce C-level and executive targeting. This is a hair on fire four out of five. It’s really for any C-level executive, any other type of executive, maybe EVP down to the VP level. Here is what’s happening: There is a recent report written by Security Executive Council called The
Executive Targeting Report: Analysis of Attacks on Corporate Executives from 2003–2025
The report documents 424 targeted incidents against senior corporate leaders worldwide between 2003 and October 31, 2025.

SOURCE: https://securityexecutivecouncil.com/insight/program-best-practices/executive-targeting-report-analysis-of-attacks-on-corporate-executives-from-2003-2025-2615

It finds that attacks have surged sharply, especially since 2023, with CEOs most often targeted but non‑CEO executives increasingly at risk; threats are driven by activism, geopolitical tension, anti‑corporate sentiment, and personal grievances, and combine physical violence, stalking, protests, and cyber‑enabled tactics such as impersonation, swatting, and account compromise.

4:14 – David W. Schropfer
So here with me to discuss all this today is Chris Pierson, CEO of Black Cloak. Welcome back, Chris.

4:45 – Chris Pierson
It’s great to be here. Good to see you again. Good to see you again.

4:48 – David W. Schropfer
Thanks for being back on the show.

4:50 – Chris Pierson
Yeah, I appreciate it.

4:52 – David W. Schropfer
So first question, what is this convergence between physical security and what we’ve always been talking about, which is cybersecurity?

5:01 – Chris Pierson
Yeah, so what’s really interesting is when you think about these things, a lot of times people think about them as two separate distinct items, which is just not where we are today, right? Your physical security, where you actually are, where your family is, where your surroundings are, where you go to school, where your homes are, where your travel is, where your board meetings are, where your office is, where you’re at a conference or something that’s published on social media. These types of items and issues, yes, it can result in a physical attack. And as you just saw, the Security Executive Council’s report that was just released shows a marked increase and incidents involving physical activity directed towards corporate executives. And we know, right, we’ve seen these. December of UnitedHealthcare attack against Brian Thompson, which resulted in the tragic murder. You have, in addition, a few months later, that summer, attacks in Park Ave off of, in New York City, of attacks on executives once again. You have several different assassination attempts, and we have continued targeting of judges, other high-profile persons. So when you take a look at this, it is resulting in some type of kinetic physical attack. But then you have to say, well, where are we getting this information from What are the digital breadcrumbs that allow for this to happen or foster or accelerate this? And they’re coming from a few places. Number one, we, us, ourselves, executives, are leaking this information. It might be on social media where we are, it might be our PR teams, it could be our other announcements of awards or events that we’re going to be attending. Second, data broker records. So data brokers, they amass this information, publicly available information, they amass it, and then they sell it. And it includes home telephone number, cell phone number, it includes physical addresses, both personal and work, and not just for the executive, but for their entire family, right? The entire, maybe it’s a four person family plus brothers, sisters, mom, dad. So kind of three generations of individuals all out there, right for the taking, which just accelerates the harm. And then if you take a look at deep web, dark web information, so information that’s been stolen and breaches, when you mix all this, right, all of this together, these digital breadcrumbs, the data that we’re actually leaking unnecessarily, as well as breach data, It allows for an attacker to attack, yes, via email and phishing and vishing. Yes, via a directed cyber attack. Yes, to know where the home is and try to penetrate the network. But it also leads to and can lead to an increased prevalence and an ease at committing physical acts of violence.

7:50 – David W. Schropfer
David, I mean, that’s what is so incredibly worrisome today, right?

7:54 – Chris Pierson
So incredibly worrisome.

7:57 – David W. Schropfer
on this podcast that we start talking about things that have to do with, frankly, the real world of actual human contact or physical contact, but that’s where we are now. And Chris, let me break that down, what you just said, because there are a number of different buckets of data that are out there in the world for these attackers to use. Bucket one, the information that a person leaves about themselves, their PR teams leave about them. Bucket two, the deep web, web, bucket three, data brokers, etc. So of all of that data, and all of those sources, break down for me, which are the easiest to fix? And where should people start when they want to remediate this problem?

8:38 – Chris Pierson
That’s a great question. So let’s give some practical tips here. So first, leak less information yourself. That means make sure you have the right privacy settings on let’s just say, Facebook and LinkedIn. In terms of your profiles, I know many people have many, many more, but whatever social media profiles are, make sure there’s less information about where you’re going to be, what exactly you’re going to be doing. So if you are doing the Habitat for Humanity or if you’re doing Cake for Kids and you’re joining in an event in California on it, but hey, post because these are great association, great events, wonderful things, right? Meaningful for society. But take the pictures and post when the event is done. Also, maybe don’t include the- Not what you’re doing, but what you did that’s right what you did and maybe don’t say every saturday I go down and I help out at habitat for humanity at this specific location doing this specific thing right mix it up a bit so that’s the first thing right leak less information there social media the kind of the one b is leak less information from your phone from different right digital breadcrumbs that you are putting out there in terms of gps location sharing with apps and other types of information out there this is also that you have and hold and can limit filling out warranty cards, giving all your information to your doctor. You don’t need to, right? Shrink that attack surface, start with yourself, but remember, yourself is not just you. It’s gonna be your husband, wife, spouse, kids, significant other, right? It’s gonna be them.

10:08 – David W. Schropfer
All right, and before you move on, I wanna comment on something you said in there. Making sure that your phone is not automatically, systematically leaving digital breadcrumbs by you giving your location to any number of apps on your on your mobile device is is a big one. So for my listeners, I’m going to have links, I’m going to look up some links and put them in the show notes for Apple and Android devices, how to check to see if you’re leaving those particular breadcrumbs. And of course, how to turn them off. So just search for episode 9494. And you’ll find those but Chris, I interrupted. So go ahead. What’s the next biggest category that people can remediate on their own?

10:49 – Chris Pierson
The second one that you can really remediate on your own is going to be data brokers. So there’s like 400 data brokers in the US, they include like a Zaba search, a 411.com, Spokeo, these types of search, you know, something called people find their sites. Look, it’s absolutely a 100% legal business in the United States, right? Privacy is not a fundamental human right. So they can buy and sell your data. You have the ability, the right to go to those sites and say, please don’t. You can do it by going to that one direct site. You can do it if you’re a California resident, the DROP system, D-R-O-P. Tom Kemp there, who’s the director of CalPrivacy, he actually helped author the DELETE Act. This is amazing. I’m so incredibly excited about this. You’re a California resident, head over there to CalPrivacy, look up the DROP system, and go ahead and ask the state, register your information there and ask the state to have your information removed from those data broker records. You can also do so through a number of different consumer grade types of applications out there, and they’ll hit your 70 to 80-ish percent in terms of that. But I mean, once again, if you limit the information that is being found, that helps, but you can go ahead and chase it on the back end as well. Good thing to do. Good thing to do.

12:09 – David W. Schropfer
Once again, in California is ahead of the rest of the country in terms of data privacy. They came out with the CCPA first. This new draw product is, I’ve heard, I’m not a California resident, so I cannot and have not actually done the process, but I’ve heard interviews with people that have, and it’s pretty straightforward. So we’ll have that link for our California resident listeners on the podcast show notes as well.

12:34 – Chris Pierson
Once again, hats off to Tom at CalPrivacy and his whole team. It’s just phenomenal. Really changing the game, really changed the game.

14:17 – David W. Schropfer
I’ll link to Tom Kemp. I want to give him a proper shout out in the show notes. So, go ahead, Chris. So what’s the, what’s the next bucket that people can remediate on their own?

14:30 – Chris Pierson
The third one is, it’s a little bit of a tricky one. You can’t necessarily remediate it, right? You can’t remove information from the deep web, from the dark web, from the other reaches of post-breach areas. And some data brokers, right? There’s one data broker, NPD, National Public Data, that was breached two years ago. All this stuff is out there, and you can’t do anything to go ahead and remove it. Some people play games with this. It’s a little bit of a scummy tactic, which we decry, but I mean, you can’t show people that you can find everything online right around this because it is a data. It is a deep web dark web record. It’s there forever. What you can do is this. You can go ahead and become knowledgeable about what is out there about you. One website you could use is haveibeenpwned.com and we’ll make sure that it’s in the show notes. But you can go out and take a look at your email address. What breaches has it been associated with? And then Hey, you should change your password. You should maybe do a few other things there as well and take better precautions. If it’s something that’s concerning, like associated with a bank or a law firm or somewhere that has really sensitive PI, do some further questions. If it’s associated with, for example, a breach of a retail or clothing store, might not be as significant, something to certainly be aware of, but not as significant. Those are three things that can really, really be done by many people to go ahead and get better sense of privacy out there.

16:04 – David W. Schropfer
Thank you for that. That’s excellent advice for our listeners. So when we started talking, we were talking about attacks in general and the rise in those attacks. And we talked a little bit about it, but can you give a sense of the different types of attacks and the proportion of those attacks? What’s getting bigger? What’s increasing dramatically? And now we’re talking about how this data is being used by the threat actors. So what are those attacks look like other than what you already mentioned? Is it just spear phishing and phishing and smishing or is it growing beyond that?

16:40 – Chris Pierson
Yeah, it’s really tremendously growing for a few different reasons. The biggest one is artificial intelligence. We all can remember back to just say five years ago, where you’re still getting, you know, email messages, which would be phishing or SMS text messages, which would be smishing, you’re still getting those with broken language, broken pronunciation, things that don’t make sense, that are colloquialisms that we would not use in the United States or whatever local jurisdiction you’re in. And as a result, some of them were laughable. Many criminal rings did then employ individuals that would go ahead and kind view through things and create better English, but it was really kind of English as a second language, and they got better. Now with AI, you’re talking about pristine text, pristine images, really, really well-formed emails or SMS text messages that really form the basis of a good scam or scheme to go ahead and defraud you, get you to click, get malware on your device, lift money from you in any way, shape, or form. And so we’ve seen those massively, massively on the rise. We’ve seen a lot more in terms of directed attacks that are via phone. So there’s a great article about two years ago where an individual who was a financial reporter was called and contacted and actually a confidence game was played against them. And they ended up going to their bank, withdrawing approximately $75,000 in cash, different banks, putting it in a shoebox. Stuck typing it together and a car drove up, lowered the window and she put a shit in the car. Once again, those are social engineering attacks where the only method to go ahead and combat them is really to harden the human. That means harden your mind against an attack, a scheme, be able to say, huh, I should stop, I should slow down, I should reach out. So we’ve been seeing those with increasing complexity time, but one that’s been amazing really since end of 23, but beginning of 2024, there was a, a Hong Kong institution where the CFO was deep faked. Now that means that the image of the CFO from still images video was deep fake and tricked the company individuals into transferring $25 million US equivalency.

19:13 – Chris Pierson
out of the company, completely duped them all. This is something that wasn’t an issue in 2015, wasn’t an issue in 2020, started to be talked about. You always had those, oh, let’s take Tom Cruise’s face off of Mission Impossible and put it on Brad Pitt or George Clooney’s face. But you know that this was something that was like, right, David, this is in a group of people from ILM that in their spare time were doing something as 30 folks for three months to generate a 15 second clip.

19:46 – Unidentified Speaker
And it was cool, but I mean, it didn’t have any.

19:49 – David W. Schropfer
It could be done, but if you didn’t have a blockbuster movie budget, you couldn’t do it.

19:53 – Chris Pierson
Yeah, you weren’t able to, but now a web browser, even on a Chromebook, you upload a picture, you upload a video and boom. We’ve seen a massive increase since really the end of 2023, beginning of 2024.

20:07 – Chris Pierson
and onward on voices that have been faked as well as videos that have been faked. And you’re getting to a point in time where they are really fooling everyone and capable of fooling everyone. That’s scary. That’s definitely scary. So once again, that’s a different level.

20:29 – David W. Schropfer
Oh, it is. And anybody can do it. Anybody in their basement can do it.

20:33 – Chris Pierson
I mean, anybody can do it. And the fact of the matter is, is that it can lead to both cyber threats, as well as unfortunately, right, physical threats as well.

20:46 – David W. Schropfer
Now, for my listeners, Black Cloak is not a sponsor. This is not a pay to play podcast, but I’m having Chris on the show because he’s an expert in this space. And I’m curious to know, Chris, if an executive of a Fortune 5000 company called you right after listening to this podcast, and said, OK, Chris, I don’t know what’s out there. I’ve done no remediation. I want to hire Black Cloak to help me out. What would Black Cloak do?

21:14 – Chris Pierson
So I mean, Black Cloak is digital executive protection. So we protect board members, C-suite, executive leadership teams for Fortune 500, 5,000 companies. Sometimes it might be 10 executives. Sometimes it might be 300 executives. Company pays. We work with their chief information security officer, their chief security officer, to go ahead and implement the Black Cloak solution, which is really going to, one, mitigate all their privacy concerns for them and their family members. I want to make sure we focus on that. It’s not just about the executive. The family members, the kids, unfortunately, they’re targets too. So we shrink that attack surface. Second, we’ll take care of all the cybersecurity, us, our team, a 100% US-based security operations center, all Black Cloak people, all Black Cloak technology. For the monitoring. Third, we’ll go ahead and penetration test their homes every week. We’re trying to break into the homes digitally, just like the bad guys do. And then the most important part, fourth, is the concierge. We wrap those clients together with our concierge team of experts. Once again, 100% Black Cloak employees in the US. We have some 55 individuals that are manning the walls and making sure that people are rock solid. The cool thing is we also do this for high net worth, ultra high net worth individuals. We call them high profile persons, so sports star, rock star, politician. We are not for the everybody in terms of our price point, in terms of who we are. You can’t buy us from the website. But I mean, look, these are some of the things that you have to do for this very special, very unique population. They have, unfortunately, unique jobs, right? And as a result, very, very unique threats, and those threats are- abnormal and you need and cybersecurity and privacy expertise and really defensive controls that rival any of the corporate controls.

23:12 – David W. Schropfer
I mean, because of the rise in AI, because of the rise in information available, because of the development of the different buckets that we talked about, and the proliferation of more and more data, these data sets growing at exponential faster rates over the last few years, put all that together, and a threat that, or an attack surface, I guess, to use the cybersecurity language, that was really not crossed, didn’t have the ability to cross over into the personal lives of an executive or the family, even five or 10 years ago, for sure, are now commonplace. If somebody wanted to issue, somebody wanted to protest some element that they thought that getting in your face as an executive would make that point somehow, of course, with the camera on record in the process. That’s trivial to do now. Finding that information is trivial now. So it’s just something that I highly recommend, and I’m glad you came on to tell our listeners about it. It’s been a couple of years since you’ve been on the show. I’m wondering what else you’ve seen about the space that’s different now versus the the last time you were on?

24:25 – Chris Pierson
Yeah, seeing a few different things. I mean, first and foremost, the attacks are much more precise, much clearer in terms of their meaning. And as a result, really, really, those scams and schemes are impacting people a lot more. Second, massive rise in AI, really propelling things forward, especially in the area of deepfake attacks. This is a really scary, really scary transition, really scary transition.

24:52 – David W. Schropfer
The amount of data that is out there just continues to grow.

24:54 – Chris Pierson
The breaches continue to grow. Really, the attack surface has become a lot more broad. And a lot of that is due to, yes, the information proliferation, but also the device proliferation, right? Everyone has the massive, massive power in their hands through their cell phone, their tablet, their computers, many more laptops on the market that are transiting all over the country. And then you have the homes being filled with way more IoT devices, Internet of Things devices, like the Alexis, like the Ring, like the cameras, the thermostat, the garage door opener, the lighting. These are not something that is a, I don’t have anything in my home, so to speak, anymore. The stove top is connected, the refrigerator is connected. All of these have some Internet component to them, and that, once again, has really, really changed a relationship. Change things. Plus, I mean, look, the bandwidth to be able to do and scan for these types of things is huge. We’re talking about people having gigabit homes, right? In terms of connectivity. This is what you used to have available only, right? T1 lines, right? Way back when, only available into companies and corporations. I mean, this allows for a lot more stuff to happen with a lot more speed. And so it is a very, very different world than a few years ago when we were chatting.

26:23 – David W. Schropfer
Well, it’s not a rosy picture we’re painting here, but it sounds like the key takeaway is that if you’re an executive and you have not thought about this issue, about your data and about the types of attacks that can be used for, then it’s time to start doing that. So, Chris, it’s been great having you on the show. Remind us, where can people find out more about what you do.

26:46 – Chris Pierson
So, I mean, the best place to go is going to be our website. So, that’s blackcloak.io. So, that’s B-L-A-C-K C-L-O-A-K dot I-O. Go to the website. You can learn more about us, get more information about us, and we’re always happy to help.

27:08 – David W. Schropfer
Thanks for that. It’s been great Thanks for having you. We’ll see you next time.

27:14 – Chris Pierson

Thanks, David

Published by

Unknown's avatar

David W. Schropfer

David W. Schropfer is a technology executive, author, and speaker with deep expertise in cybersecurity, artificial intelligence, and quantum computing. He currently serves as Executive Vice President of Operations at DomainSkate, where he leads growth for an AI-driven cybersecurity threat intelligence platform. As host of the DIY Cyber Guy podcast, David has conducted hundreds of interviews with global experts, making complex topics like ransomware, AI, and quantum risk accessible to business leaders and consumers. He has also moderated panels and delivered keynotes at major industry events, known for translating emerging technologies into actionable insights. David’s entrepreneurial track record includes founding AnchorID (SAFE), a patented zero-trust mobile security platform. He previously launched one of the first SaaS cloud products at SoftZoo.com, grew global telecom revenue at IDT, and advised Fortune 500 companies on mobile commerce and payments with The Luciano Group. He is the author of several books, including Digital Habits and The SmartPhone Wallet, which became an Amazon #1 bestseller in its category. David holds a Master of Business Administration from the University of Miami and a Bachelor of Arts from Boston College.