From Marine Corps Interrogator to Cyber Intelligence CEO: Jason Passwaters on Tracking Global Cybercrime
Listen to This Episode On
The cybersecurity landscape has evolved from isolated hacker attacks to a professionalized criminal ecosystem operating at global scale. Jason Passwaters has spent two decades on the front lines of this evolution—first as a Marine Corps counterintelligence specialist and FBI contractor tracking cyber criminals, then as co-founder and CEO of Intel 471, a company that monitors the cyber underground for Fortune-level enterprises.
In this conversation, Jason walks through his journey from tactical interrogation work in the Marines to building a $20 million ARR cyber threat intelligence company without outside funding. He offers practical guidance on personal cybersecurity for individuals with substantial assets, explains how ransomware crews operate like legitimate SaaS companies, and shares what keeps him up at night as AI lowers the barrier for bad actors to scale their operations.
Guest Name: Jason Passwaters
Titles: Co-founder and CEO, Intel 471
Credentials:
12-year U.S. Marine Corps veteran specializing in counterintelligence, human intelligence, and interrogation
Former FBI contractor focused on network forensics and tracking cyber criminals
Previously Senior Director of Global Research at iSIGHT Partners (acquired by FireEye/Google Mandiant)
Current focus: Leading Intel 471's growth and strategic acquisitions following the company's partnership with private equity firm Thoma Bravo
Additional areas of expertise: Ransomware economics, threat actor attribution, supply chain security, and operationalizing cyber threat intelligence for enterprise security teams
Practical Cybersecurity for High-Net-Worth Individuals
The conversation opened with a question many successful individuals face: at what point do you become a specific target versus just another opportunity for financially motivated cybercrime? Jason's answer was refreshingly practical.
"I think everybody's an opportunity, right? But a lot of it's opportunistic in financially motivated cyber crime in particular," Jason explained. "The bad guys are doing things at a scale that they can't really dig into individuals all the time. But once that becomes public knowledge to the bad guys, then you're now right on their radar and then you're going to be a target."
For someone who has built wealth through a business exit or holds $10-20 million in investable assets, the question isn't whether you're vulnerable—it's how you manage that vulnerability. Jason doesn't advocate for deleting all social media or going completely off the grid. Instead, he focuses on what he calls "managing your footprint."
Basic hygiene matters more than elaborate defenses:
Use a password manager: Create unique, complex passwords for every account. The most common vulnerability Jason still sees is people using variations of their kids' names and birthdays across multiple accounts.
Understand the breach cascade: When bad actors compromise one account with weak credentials, they immediately try those same credentials across other services. A single recycled password becomes the entry point to everything.
Extend awareness to your network: Your public presence includes your family's social media activity. High-profile executives need to think about what information close contacts are sharing.
Skip cyber insurance for most people: Unless you're an extremely high-profile individual with specific liability concerns, Jason doesn't see cyber insurance as a priority for personal protection.
The key insight here is that most financially motivated cybercrime is opportunistic rather than targeted. By maintaining good basic hygiene, you avoid becoming the easy opportunity that attracts attention in the first place.
The Professionalization of Cybercrime
Jason's career arc mirrors the evolution of cybercrime itself. When he started doing network forensics for the FBI in 2008, the world of cyber threats was still relatively unsophisticated. By the time he co-founded Intel 471 in 2014, everything had changed.
"There's been this professionalization of this space," Jason explained. "If you look at how these ransomware operations work, they have basically affiliates—kind of like an affiliate model that any SaaS company would have. So you have these initial access brokers that are specializing in getting into networks."
The modern ransomware operation looks like this:
Initial Access Brokers specialize in compromising networks through phishing, exploiting vulnerabilities, or buying stolen credentials. They sell this access to ransomware operators.
Ransomware Operators deploy the malware and handle encryption. They've built platforms with customer support desks, service level agreements, and professional negotiation teams.
Affiliate Programs create a revenue-sharing model. The access broker gets a cut, the ransomware operator gets a cut, and everyone specializes in what they do best.
Support Infrastructure includes money laundering services, hosting providers that won't shut them down, and even dispute resolution mechanisms when affiliates don't get paid.
"They have help desks. They have community management. They have all of this stuff and this is all underground," Jason said. "This is not mainstream stuff, but it's all hidden in plain sight if you know where to look."
This professionalization has created a resilient ecosystem that's difficult to disrupt. When law enforcement takes down one operation, the infrastructure and expertise simply migrate to the next platform.
The Transition from Government to Private Sector
Jason's path from the Marines to entrepreneurship wasn't linear. After spending nearly 12 years in the Marine Corps working in counterintelligence and interrogation, he made a calculated decision to build marketable skills for civilian life.
"I got married young and had my first kid in 2001," Jason recalled. "I needed to do something as far as getting some career skills that would work on the outside, not just infantry skills."
That led him to counterintelligence work—interrogation, low-level intelligence operations, and tactical collection. When he left the Marines in 2008, he landed at a small company doing network forensics under contract with the FBI. This became his entry point into the cyber world.
The work involved helping FBI agents across the country track cyber criminals by analyzing network data. Jason was largely self-taught on the technical side, but his intelligence background gave him a different lens than many practitioners in the field.
"We saw the world the same way," Jason said about connecting with his future co-founder from the Australian Federal Police. "We had this incident-centric mindset when it came to cyber threats where I have an incident, I'm going to respond and figure out what happened and then do the cleanup. And we said, hey, there's this underlying world that we're immersed in, we're tracking cyber criminals. There could be an opportunity to attack that and be more proactive."
That insight—that understanding the threat actor ecosystem could enable proactive defense rather than just incident response—became the foundation for Intel 471. They launched in 2014 and built the company to scale without outside funding, eventually reaching their first exit with Thoma Bravo.
Inside the Cyber Underground: A Case Study
One of Jason's most revealing stories came from his time working on a case involving roughly 100-150 of the top cyber criminals in Russia and Eastern Europe. They had all chosen to use a specific server for chat communications, and Jason specialized in the protocol behind that application.
Every 90 days, law enforcement would provide him with a cache of data from that server. His job was to programmatically process it all and piece together who was who.
"You start to see all the human aspect to it," Jason explained. "I just had a baby. I'm terrified. If I get extradited to the U.S., I'm doing 30, 40 year sentences for folks like me.' Or the political stuff. There was one threat actor who was really good friends with the president's son of an Eastern European country, who was the godfather to his daughter."
The team tracked these actors over several years, eventually attributing the entire crew operating out of Donetsk, Ukraine. They knew who they were, what role each person played, and their connections to political protection.
But the work highlighted a persistent challenge: corruption undermines enforcement even when attribution is clear. Jason recalled writing detailed reports for the FBI that were shared with Ukraine's SBU, the police unit handling cyber crime cases.
"I remember getting a refresh of data and I'm analyzing what the actors are talking about. And one actor is telling the main guy, 'The FBI are onto you. I've read the report.' And I had the realization that this guy is actually talking about the report that I wrote 60 or 90 days ago, because he has somebody that he's paying on the inside."
The report had come full circle—from Jason's analysis to the FBI agent to Ukrainian law enforcement to a corrupt insider back to the criminals themselves. These dynamics persist today, though Jason notes that Ukraine has improved somewhat with increased Western support.
How Intel 471 Works
Intel 471's approach combines human intelligence collection with automated monitoring of the cyber underground. The company maintains teams around the world who engage with threat actors, monitor forums and chat rooms, and produce original intelligence reporting.
"We've got teams around the world that are monitoring threat actors and engaging with threat actors," Jason explained. "And then we have automated collection capabilities that are also collecting all of that stuff—chat rooms, forums, that kind of stuff."
The platform serves three main use cases:
Exposure Monitoring: Organizations can monitor for their third-party vendors and suppliers, getting alerted immediately when a partner is compromised. This addresses one of the biggest blind spots in enterprise security—you might have strong defenses internally, but if your key vendor gets hit with ransomware, you face business impact anyway.
Threat Intelligence: When an alert comes in, security teams need context. Who are the threat actors? What have they done in the past? What are their capabilities? Intel 471 provides the actor-centric intelligence that makes the exposure information actionable.
Threat Hunting: The platform includes tools to distill intelligence into hunt packages that can be deployed across an enterprise. The question shifts from "What happened?" to "Am I susceptible to this?" or even "Have I already been compromised without knowing it?"
This layered approach reflects Jason's original insight from his FBI contractor days—that understanding the threat actor ecosystem enables proactive defense rather than just reactive incident response.
The AI Threat Multiplier
When asked what keeps him up at night, Jason didn't hesitate: AI lowering the barrier to entry for cyber attacks at scale.
"What keeps me up at night is probably, with AI making things easier, faster, lowering the barrier of entry, seeing a Colonial Pipeline or a SolarWinds type incident, but seeing many of them at the same time, because AI has helped folks scale out their operations," he said.
The concern isn't that AI creates fundamentally new attack vectors—it's that it enables less sophisticated actors to operate at a level that previously required specialized expertise. The playbooks, tools, and infrastructure already exist in the professionalized cybercrime ecosystem. AI simply makes them accessible to more people.
Combine that accessibility with the affiliate model structure of modern ransomware operations, and you have the potential for coordinated campaigns that overwhelm response capacity. It's not one Colonial Pipeline incident—it's dozens happening simultaneously because the barrier to launching such an attack has dropped significantly.
Jason noted he's "super desensitized" to the day-to-day exposure to the cyber underground. Some people coming into this field find it overwhelming, but for him it's just baseline reality. He loves the cat-and-mouse game of connecting dots within data, attributing bad actors, and figuring out how they operate.
But the AI-enabled scaling of attacks represents a different order of threat—one that could fundamentally change the balance between offense and defense.
Building Intel 471: From Bootstrap to PE Exit
The business journey behind Intel 471 is notable for what Jason and his co-founder achieved without outside funding. They bootstrapped the company from 2014 to their first exit with Thoma Bravo, reaching $20 million in annual recurring revenue along the way.
"We built it out through our first exit with Thoma Bravo on the private equity side," Jason said. Now he's focused on leading the company through strategic acquisitions and scaling the business with institutional backing.
The company has grown to more than 250 people globally, with a significant presence in Ukraine that Jason mentioned during the conversation. The ability to build a global cyber intelligence operation while remaining profitable speaks to both the market need and the team's execution.
Jason's transition from practitioner to CEO required shifting from hands-on threat analysis to strategic leadership. He still brings his intelligence background to the work—connecting dots, understanding adversary motivations, and thinking about resilience and purpose. But now those skills apply to building an organization rather than tracking individual threat actors.
For anyone interested in learning more about Intel 471 or connecting with Jason, he's accessible on LinkedIn and recommends a simple Google search to find the company's website.
Key Takeaways
On personal cybersecurity: The vast majority of financially motivated cybercrime is opportunistic. Focus on basic hygiene—unique passwords via a password manager, awareness of your digital footprint, and extending that awareness to your immediate network. You don't need to go off the grid.
On becoming a target: Having $10-20 million in assets doesn't automatically make you a specific target, but if that information becomes public knowledge or easily discoverable, you move from opportunity to target. The goal is managing visibility, not eliminating it entirely.
On the professionalization of cybercrime: Modern ransomware operations function like legitimate SaaS companies with affiliate programs, customer support, and revenue sharing. This structure has made the ecosystem resilient to law enforcement action.
On the value of threat intelligence: Understanding who the adversaries are, how they operate, and what they're capable of enables proactive defense rather than just reactive incident response. The most valuable intelligence isn't just about vulnerabilities—it's about the actors exploiting them.
On the AI threat: The bigger concern isn't that AI creates new attack methods, but that it lowers the barrier for executing existing playbooks at scale. Multiple sophisticated attacks happening simultaneously could overwhelm defensive capacity.
On career transitions: Jason's path from Marine Corps interrogator to network forensics to cyber intelligence CEO shows how skills transfer across domains. The core competency—understanding adversaries and their motivations—remained constant even as the technical context evolved.
Enjoying Navigating Wealth? Subscribe to our weekly newsletter to receive updates when new episodes release and other insights from inside Long Angle's community.
