During his five years as a special agent with the FBI, Ryan Castle, BE’03, MS’05, was exposed to the inner workings of criminal organizations, particularly the victimization of companies by computer intrusions. Since Castle left law enforcement, the problem has only gotten worse. In 2023, the FBI received a record 880,418 public complaints related to Internet crimes, with potential losses exceeding $12.5 billion, marking a rapid increase from previous years. The ever-increasing scope of the problem prompted Castle to start Conduit Security, an independent security firm that solves wire fraud for alternative investment managers. And while no longer with the FBI, Castle still enjoys the thrill of the chase in his current role. The School of Engineering alumnus, who is based in Baton Rouge, Louisiana, recently took time to talk more about what he does and the increasing problem of wire fraud.
Describe your role at Conduit Security.
At this stage, it’s a little of everything. At Conduit, we defend investment managers against wire fraud. Our clients are some of the biggest private equity and hedge funds in the world, so of course I’m most involved in the technical side of the product. But as the founder, I’m also doing business development, attending conferences, and talking with prospects. Most importantly, I try to stay on top of current trends in the world of fraud and cyber security along with best practices in finance to keep our product at the forefront.
Talk about your law enforcement career. What made you choose that field? Was there something you experienced there that made you want to start a company that specializes in wire fraud protection?
I vividly remember watching on TV as the second plane hit the WTC (World Trade Center) on 9/11 from my dorm suite in Carmichael Towers. That event absolutely shifted my plans for graduation; I wanted to do something in the military, law enforcement, or intel community. I always enjoyed coding and software development, but I wasn’t interested in only being a programmer. I really felt called to serve my country and community, so after grad school I applied and was accepted to the FBI.
My experience there absolutely drove me towards creating Conduit. For one, it exposed me to the scope of the problem. It also provided me with experience on how companies were victimized and shed light on the inner workings of criminal organizations. And I still love the thrill of catching the bad guy. While not the same as arresting and convicting someone, seeing our clients stop fraud attempts is very satisfying! Plus, my kids also think I’m cool because they say I “stop bank robbers.”
Have you found it challenging to stay on top of your game amid the hike in fraudulent activity?
It can be a challenge. For one, the frauds are always evolving. You have so many people who are attempting this crime, trying new tricks or tactics—at scale—every day. It’s important to understand that these are organized criminal enterprises attacking, not a kid in their parent’s basement. Secondly, the technology is improving. You have organizations dedicated to developing custom toolsets and selling them to criminals to pull off wire fraud. And you have AI, which is making attempts even more convincing and realistic. No matter what happens with technology, criminals are always agile, adapting much more quickly than their law-abiding targets.
Do you have some tips to possibly prevent wire fraud?
Lots! At a very basic level, you should verify payment instructions with the intended recipient, always outside of email. If you follow these two rules you will be safe:
- Call outbound to a known contact’s phone number (insurance companies and banks call this a “known good number”) and verify banking instructions. This is for every electronic payment (from buying a home to making a capital call).
- Lock those banking details down and most importantly, never update those instructions without running step one again, no matter how natural it feels.
It sounds almost too easy, and yet the FBI reported that nearly $3 billion was lost in 2023 due to wire fraud. The FBI will also tell you that number is grossly under-reported, possibly by a factor of three to five times, as many organizations choose not to report it to the FBI.
The real key is having a system in place to ensure that security policies are being followed across the organization—something that can provide an audit trail, and most importantly, can help the finance team through this perilous process by identifying risky indicators.
What would you tell your 21-year-old self in the thick of your engineering education?
Buy real estate in Nashville! Other than that, I’d say, stick with it. Make the most of your time at Vanderbilt—it’s a short few years that will determine so much of your future.
What advice would you give someone interested in the cyber security field?
For a student or someone starting out, I’d recommend going deep on technology and not just security. Whether it’s coding, a particular programming language, operating systems, networking, hardware, whatever it is—having a strong technical foundation will give you a huge leg up. If you understand the underlying technology, you’ll know its weaknesses, how it can break, and how someone might try to exploit it.
What do you look for in new hires?
Grit. At this early stage, we’re figuring a lot out. There isn’t a playbook; you will face adversity and get frustrated. Are you willing to keep going? Engineering set me up well for this. I know there’s a right answer to any problem, I just have to keep trying.