Behind the scenes of ransomware negotiation | Guest Tony Cook

Tony Cook of GuidePoint Security knows a lot about threat intelligence and incident response. But he’s also used these skills while working in ransomware negotiation! Cook has handled negotiations for all the big threat groups — REvil, Lockbit, Darkside, Conti and more — and he told me about what a ransomware negotiator can realistically accomplish, which threat groups are on the rise, and why negotiating with amateurs is sometimes worse and harder than dealing with elite cybercriminals.

– Get your FREE cybersecurity training resources:
– View Cyber Work Podcast transcripts and additional episodes:

0:00 – Ransomware negotiating
2:42 – How Tony Cook got into cybersecurity
4:00 – Cook’s work at GuidePoint
9:31 – Life as a ransomware negotiator
11:41 – Ransomware negotiation in 2022
13:52 – Stages of a successful ransomware negotiation
15:23 – How does ransomware negotiation work?
19:11 – The difference between threat-acting groups
20:43 – Bad ransomware negotiating
22:43 – Ransomware negotiator support staff
25:21 – Ransomware research
26:26 – Is cyber insurance worth it?
29:14 – How do I become a ransomware negotiator?
32:25 – Soft skills for a ransomware negotiator
33:46 – Threat research and intelligence work
37:45 – Learn more about Cook and GuidePoint
38:17 – Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at