How to Detect Malicious Remote Workers w/ James McQuiggan
Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?
🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf
Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside.
You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.
If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.
Chapters
Credits
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #đź”´live-chat channel
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com
Click here to watch a video of this episode.
Brought to you by:
Could a nation-state threat actor get hired and stay invisible to your SOC?
🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf
Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside.
You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.
If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.
Chapters
- (00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan
- (01:17) - DPRK Solution – Did you Hire a North Korean?
- (02:35) - But Really, Did We Just Hire a North Korean?
- (04:31) - How comfortable are you to spot deepfakes?
- (05:46) - Who is James R. McQuiggan
- (07:42) - Webcast Agenda
- (09:36) - Overview - North Korea Situation
- (11:56) - DRPK Education
- (14:31) - The Ultimate Inside Threat – DPRK Job Opps
- (16:17) - Attacker's Playbook — Contagious Interview / WageMole Campaigns
- (17:47) - Investigations – Crowdstrike / Okta / Unit 42
- (19:14) - How Identities Are Built – AI Images
- (21:05) - GenAI Resumes
- (23:39) - Stateside Assistance
- (25:23) - Face Swap / Voice Cloning & Webcams âžś LIVE Deepfakes
- (25:49) - AI Face Swap Demo
- (29:55) - Video Camera Real time Video Deepfake Face Swap Interview
- (30:43) - KnowBe4 Use Case – July 2024
- (34:18) - Legal Impact
- (35:42) - Companies Infiltrated — The Numbers
- (36:11) - North Korean Farmers Arrested
- (40:23) - SOC Playbook – Deepfake Dashboard
- (40:53) - 12 Best AI Deepfake Detector Tools
- (41:54) - Detecting VOIP Numbers & Identity
- (43:01) - SOC Telemetry
- (45:17) - Hiring Flags
- (46:08) - HR – Hiring Tips
- (48:24) - Human Risk – AI First Ready Security Team
- (50:26) - Wrap Up and Q&A
- (54:39) - James' Survey QR Code
Credits
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #đź”´live-chat channel
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com
Click here to watch a video of this episode.
Brought to you by:
Black Hills Information Security
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
Creators and Guests
Host
Deb Wigley
Deb Wigley is the Director of Kindness and Generosity for Black Hills Information Security (BHIS). She joined the team in 2019 after celebrating 20 years of working in customer engagement and satisfaction in the Automotive Industry. She brings her passion for helping and serving people to the work she does at BHIS. The part of her role she enjoys the most is interacting with the community through our webcasts and educational content, our Discord servers, and conferences. She loves being a mom to her four kiddos and in her spare time, she enjoys reading, hiking, frequently entertaining a beach day, and being whisked away on rewilding adventures with her husband of 20+ years as much as possible.
Host
Jason Blanchard
Jason Blanchard has been happily adopted into the hacker community at Black Hills Information Security (BHIS) since 2019, even though he “works in marketing.” He’s had every dream job imaginable: teaching filmmaking, owning the world’s most famous comic book store, and fostering the infosec community efforts for SANS. While some at BHIS call him the “Director of Excitement,” he is formally known as the Excitement Co-Creator. In his day-to-day work of “sucking at capitalism,” Jason enjoys helping others, sharing his knowledge, and giving away lots of free stuff. When he’s not working, Jason spends time with his wife and daughter, hosts a semiweekly job-hunting Twitch stream, and enjoys writing short stories and performing stand-up comedy.
Guest
James McQuiggan
James McQuiggan brings over 20 years of cybersecurity expertise as Security Awareness Advocate at KnowBe4, where he specializes in Human Risk Management and strategic thought leadership. Through industry conferences, webinars, and media engagement, he translates complex security concepts into actionable insights for diverse audiences. His extensive background includes senior cybersecurity roles at Siemens Energy and Wind Divisions, with expertise spanning cybersecurity standards, incident response, and industrial control system security. McQuiggan also serves as part-time faculty at Full Sail University, teaching Cyber Threat Intelligence. A dedicated community leader, McQuiggan volunteers with ISC2 as Co-chair of the North American Region Advisory Council and Chair of the Southeast Chapter Regional Management Committee, following eight years as President of the (ISC)² Central Florida Chapter.