Cybercrime Meets Spycraft: How Zero Trust Levels the Playing Field
A dachshund, a park bench, and the Russian embassy.
That’s how the story started — not in a data center or a SOC but with a casual dog walk that turned into a potential counterintelligence operation. It’s also how former FBI Assistant Director Brian Boetig kicked off one of the most entertaining, and quietly sobering, conversations I’ve had on The Segment podcast.
What followed was a masterclass in just how much the spy game has evolved even as it still relies on some of its oldest tricks. Espionage hasn’t disappeared in the digital age. It’s just moved online, and it’s playing by different rules.
That’s why today’s cyber defenders must think like intelligence officers, not just technologists.
The digital evolution of spycraft
The classic image of espionage — trench coats, dead drops, coded messages — still exists. But it’s been joined by something new: threat actors who operate in cyberspace with the same long-game discipline and psychological manipulation as traditional spies.
Boetig explained how even malware carries a behavioral signature, much like handwriting.
“There's a signature in code,” he said. “The way that someone writes malware can be traced back to them, consciously or not.”
This is a key reminder that behind every exploit is a human. And humans have patterns.
There's a signature in code. The way that someone writes malware can be traced back to them, consciously or not.
In Zero Trust terms, this reinforces the need to observe behaviors continuously, not just authenticate once. It’s not enough to know who someone is. You have to know what normal looks like and spot the deviations fast.
Cybercrime is a business
One of Boetig’s most compelling points was how cybercrime has matured from prank-level website defacements to a full-fledged economy.
“These groups operate just like businesses,” he said. “You know their playbooks. They’ll ask for $10 million but settle for $5. They’ll follow up in 24 hours. You can almost run the numbers on it.”
This industrialization of cybercrime is part of what makes defending against it so complex. But it also presents an opportunity.
If attackers treat this like a business, so should defenders:
- Apply business discipline to cybersecurity.
- Identify the attackers’ profit centers and disrupt them.
- Understand the cost/benefit calculations and make them unfavorable to attackers.
Importantly, a Zero Trust approach, with microperimeters and least privilege, can increase attackers’ operational costs dramatically.
The myth of jurisdiction
Boetig was blunt about the enforcement gap.
“You can rob a convenience store for $50 and get a dozen cops,” he said. “Steal $500,000 in a cyberattack, and most police departments don’t know what to do.”
It’s not because law enforcement doesn’t care. It’s that jurisdiction is a limitation attackers don’t have. They don’t need to cross a border to breach your environment.
You can rob a convenience store for $50 and get a dozen cops. Steal $500,000 in a cyberattack, and most police departments don’t know what to do.
That’s why every organization needs a posture that assumes help isn’t coming in time. A Zero Trust model with strong segmentation, continuous monitoring, and breach containment is how you take accountability for your own risk.
You can’t rely on traditional borders when the battlefield is borderless.
“Don’t get breached” is the wrong goal
Too many organizations still cling to the idea that if they just do everything right, they won’t get breached.
But Brian emphasized that this isn’t how espionage — or cybercrime — works.
“It’s okay to be the victim of a cyberattack,” he said, “but it’s not okay to be unprepared to respond to one.”
This is where Brian said that Zero Trust truly shines. It doesn’t assume you can stop every breach. It assumes someone will get in and focuses on limiting what they can do next.
Preparedness is the new prevention.
It’s okay to be the victim of a cyberattack, but it’s not okay to be unprepared to respond to one.
Think like a spy. Act like a strategist.
What struck me most from this conversation was how much the world of cyber defense has to learn from the world of counterintelligence.
In both realms, the goal isn’t just to stop bad actors but to understand them, anticipate their moves, and limit their impact. It’s about protecting what matters, even when the attack comes from a direction you didn’t expect.
Zero Trust is a mindset. And the sooner we adopt it across the organization, not just in the SOC, the stronger and more resilient we become.
Let’s stop thinking of attackers as faceless bots and start treating them as adversaries with goals, strategies, and business models of their own. When we do that, we not only defend but disrupt the game of cybercrime.
