Keith Wojcieszek | Cyber Risk

In Keith’s role as leader of the Cyber Threat Intelligence (CTI) program, he conceptualizes strategies and methodologies on how to translate diverse information sources, including social media and dark web channels, into intelligence that can be used to help clients more fully assess threats, vulnerabilities and trends. His team of elite analysts, supported by advanced technology, help refine Kroll’s analytical and investigative offerings firmwide. The CTI team regularly enhances cyber investigations by providing in-depth analysis on attack methods and actor groups, research on evolving indicators of compromise, and locating compromised data and/or credentials. Keith’s CTI team also develops statistical and behavioral models for predictive purposes as well as macro-environmental analyses.

In addition, Keith supervises multidisciplinary teams investigating cybercrime and data loss investigations, including but not limited to ransomware and malware, business email compromise, unauthorized access to cloud-based environments (e.g., Office 365), and vulnerabilities originating in third-party software and services. He has additionally provided consulting support on hundreds of engagements involving diverse business and legal issues, including intellectual property theft, defensible PII-PHI deletion, accounting fraud, money laundering, employee misconduct and forensic application development.

Keith joined the U.S. Secret Service in 2002, ultimately leading the USSS Cyber Intelligence Section, Criminal Investigation Division, where he managed the agency’s national response to attacks on the financial infrastructure of the U.S. that inflicted hundreds of millions of dollars of losses. In this role, he also coordinated complex international investigations that targeted transnational organized crime networks with an emphasis on cyber and information security. Under Keith’s leadership, a number of these cases resulted in the apprehension of highly sophisticated cybercriminals who collectively were responsible for causing over $1 billion in financial losses.

From 2012-2016, Keith was an integral member of protection details for the President, Vice President, Homeland Security Advisor to Terrorism and Presidential Chief of Staff. Earlier, from 2012-2015, Keith was with the Counter Assault Team in the Special Operations Division, which often involved coordinating security in varying international environments for the USSS protective mission and incorporated multiple U.S. federal agencies, local law enforcement and foreign government personnel.

Earlier in his career, Keith led several domestic and global investigations working with the U.S. Department of Justice Computer Crime and Intellectual Property Section (CCIPS) and Office of International Affairs (OIA). From 2004-2010, Keith managed the Electronic Crimes Task Force in support of all electronic crime investigations, computer forensic examinations and cell phone data extraction in the Louisville Field Office District. In this role, he also established the operation of a forensic laboratory; provided expert testimony in multiple state and federal cases; and coordinated training for USSS agents, local law enforcement and industry representatives.

A noted authority on cyber and intelligence-related topics, Keith has served as a certified expert witness in court proceedings and is frequently asked to speak at public and private conferences, webinars and panel discussions.

Representative Cyber Threat Intelligence (CTI) Matters

A client’s philanthropic day of action was threatened by a group of threat actors planning to hijack their social media campaign to spread messages of hate. Kroll CTI analysts conducted regular monitoring to identify negative activity and performed covert analysis to infiltrate the threat actor group and discover their operational plans. Kroll shared this information with the client and their counsel, which led to swift action by third-party providers to thwart the planned attack.
A client’s network was targeted with ransomware, and the attackers claimed they were going to post the client’s data on an actor-controlled website. Kroll’s CTI dark web experts were able to actively monitor the website in order to determine if files had actually been obtained and alert the client as to when and how many files had been published. Additionally, the CTI team was able to provide information on the attacker’s history of victims, ransom amount, and tactics, techniques and procedures related to the ransomware variant.

Representative Speaking Engagements

NetDiligence Cyber Risk Summit, “Cyber War and Terrorism”, June 2020
“Cyber Security Considerations for Class Action Attorneys in a COVID-19 World”, Heffler Claims Group Webinar, May 2020
National Center for Employee Ownership (NCEO) Annual Conference, April 2020
Cyber Deep Dive: COVID-19 and Other Threats to the Healthcare Sector, Webinar, April 2020
University of San Diego Cyber Law, Risk and Policy Symposium, “Calculating Cyber Risk and Insurance Perspectives”, November 2019
“Social Engineering and Human Error: The Weak Point in Your Cyber Security Strategy?”, Business France, October 2019
French American Cyber Security Conference, September 2019
University of San Diego Cyber Symposium, “Cyber Insurance: Soup to Nuts”, October 2018
“Delving into the Deep and Dark Web: What Are the Risks for Businesses”, Wan Chai (Hong Kong), June 2018
State of the Region Business Threats, “Making Disruptive Technology and Data Security Controls Work for Your Business, Not Against It”, Buffalo, NY, April 2018