Bug Sweeping and Beyond: Cyber Security with Jon and G

Jon sits down with G from security and investigations firm Valkyrie to pull back the curtain on the world of cyber and physical security and it's every bit as James Bond as it sounds. From a bugged extension plug discovered in a hedge fund COO's office, to operatives tailgating into buildings in three-piece suits, this episode is a fascinating look at how vulnerable most businesses really are and how much of it comes down to culture rather than technology.

G breaks down the threats facing small and medium-sized businesses today, explains why the shift to hybrid working has quietly made us all more exposed, and makes a compelling case for starting your security journey from the ground up rather than jumping straight to the expensive stuff. There's also a sharp conversation about AI and what it means for phishing attacks. Spoiler: the days of spotting a dodgy email by its bad grammar may be numbered.

Guest: Gurpreet Thathy (G), Valkyrie Security & Investigations 

Listen

Watch

Show Notes

What Valkyrie does:

• Cyber security and digital investigations
• Physical penetration testing and surveillance
• Human intelligence (HUMINT) and OSINT
• Bug sweeping (technical surveillance countermeasures)
• Crisis response and personal security

Key stories from the episode:

• A bugged extension plug found in a hedge fund COO's office containing a SIM card, microphone, and the ability to dial out anywhere in the world via GSM
• A physical pen test where an operative in a suit tailgated into a building by acting aggressively, the security guard backed down because he'd been shouted at by real executives before
• A desktop exercise where a client's entire incident response plan listed a contact who'd left 18 months earlier

The biggest threats to SMEs right now:

• Culture: the "it won't happen to me" mindset
• Hybrid working: home environments are far more relaxed and less controlled than offices
• Shared Wi-Fi, public networks, and co-working spaces
• Outdated systems that nobody wants to touch in case they break something

G's recommended first steps:

• Do a data audit, know where your data is before you try to protect it
• Start with the basics, look into the NCSC's Cyber Essentials certification (free to access, done annually)
• Build on that foundation gradually, think of it as a maturity curve, not a sprint
• Rehearse your incident response plan, and keep it up to date

Other topics covered:

• What VPNs actually do (and what they don't protect you from)
• Why MFA felt like a nuisance and is now just part of life
• The risks of patching and why some organisations stop doing it entirely after one bad experience
• AI and phishing, ChatGPT can write a flawless phishing email, removing one of the key ways people spot them
• Deep fakes, photo manipulation, and why G's wife and G couldn't be further apart on how they feel about AI photo editing
• The NHS still running Windows XP-era systems because updating them would break everything else

Key takeaway from G:

Lock your front door before you install an electric fence. Lay your foundations first, then build up. And once you get there, don't stop - the curve never ends.