March 17, 2026

How to Detect Malicious Remote Workers w/ James McQuiggan

1 hour

🧦 SOC Summit 2026
https://www.antisyphontraining.com/event/soc-summit/

Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?

🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf

Join us for a free one-hour training session with James McQuiggan, CISSP and Advisory CISO, as he teaches you the full lifecycle of North Korea’s AI-enabled IT worker operation, from AI-generated identities and U.S.-based laptop farms to the data theft and extortion that follow once they’re inside.

You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.

If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.

Chapters

(00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan

(01:29) - DPRK Solution – Did you Hire a North Korean?

(02:47) - But Really, Did We Just Hire a North Korean?

(04:43) - How comfortable are you to spot deepfakes?

(05:58) - Who is James R. McQuiggan

(07:54) - Webcast Agenda

(09:48) - Overview - North Korea Situation

(12:08) - DRPK Education

(14:43) - The Ultimate Inside Threat – DPRK Job Opps

(16:29) - Attacker's Playbook — Contagious Interview / WageMole Campaigns

(17:59) - Investigations – Crowdstrike / Okta / Unit 42

(19:26) - How Identities Are Built – AI Images

(21:17) - GenAI Resumes

(23:51) - Stateside Assistance

(25:35) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes

(26:01) - AI Face Swap Demo

(30:07) - Video Camera Real time Video Deepfake Face Swap Interview

(30:55) - KnowBe4 Use Case – July 2024

(34:30) - Legal Impact

(35:54) - Companies Infiltrated — The Numbers

(36:23) - North Korean Farmers Arrested

(40:35) - SOC Playbook – Deepfake Dashboard

(41:05) - 12 Best AI Deepfake Detector Tools

(42:06) - Detecting VOIP Numbers & Identity

(43:13) - SOC Telemetry

(45:29) - Hiring Flags

(46:20) - HR – Hiring Tips

(48:36) - Human Risk – AI First Ready Security Team

(50:38) - Wrap Up and Q&A

(54:51) - James' Survey QR Code

Credits
Creators & Guests

Deb Wigley - Host

Jason Blanchard - Host

James McQuiggan - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

...more

View all episodes

By Antisyphon Training

March 17, 2026

How to Detect Malicious Remote Workers w/ James McQuiggan

1 hour

🧦 SOC Summit 2026
https://www.antisyphontraining.com/event/soc-summit/

Summary
Could a nation-state threat actor get hired and stay invisible to your SOC?

🛝Webcast Slides-
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_2026-03-11-AntiSyphon-DPRK-Hiring.pdf

You’ll learn a practical detection and hunting playbook covering behavioral anomalies, identity red flags, and post-hire SOC indicators that catch what background checks miss.

If your SOC isn’t hunting for threats that were hired legitimately, this Antisyphon Anti-cast will change that.

Chapters

(00:00) - Intro – How to Detect Malicious Remote Workers - James McQuiggan

(01:29) - DPRK Solution – Did you Hire a North Korean?

(02:47) - But Really, Did We Just Hire a North Korean?

(04:43) - How comfortable are you to spot deepfakes?

(05:58) - Who is James R. McQuiggan

(07:54) - Webcast Agenda

(09:48) - Overview - North Korea Situation

(12:08) - DRPK Education

(14:43) - The Ultimate Inside Threat – DPRK Job Opps

(16:29) - Attacker's Playbook — Contagious Interview / WageMole Campaigns

(17:59) - Investigations – Crowdstrike / Okta / Unit 42

(19:26) - How Identities Are Built – AI Images

(21:17) - GenAI Resumes

(23:51) - Stateside Assistance

(25:35) - Face Swap / Voice Cloning & Webcams ➜ LIVE Deepfakes

(26:01) - AI Face Swap Demo

(30:07) - Video Camera Real time Video Deepfake Face Swap Interview

(30:55) - KnowBe4 Use Case – July 2024

(34:30) - Legal Impact

(35:54) - Companies Infiltrated — The Numbers

(36:23) - North Korean Farmers Arrested

(40:35) - SOC Playbook – Deepfake Dashboard

(41:05) - 12 Best AI Deepfake Detector Tools

(42:06) - Detecting VOIP Numbers & Identity

(43:13) - SOC Telemetry

(45:29) - Hiring Flags

(46:20) - HR – Hiring Tips

(48:36) - Human Risk – AI First Ready Security Team

(50:38) - Wrap Up and Q&A

(54:51) - James' Survey QR Code

Credits
Creators & Guests

Deb Wigley - Host

Jason Blanchard - Host

James McQuiggan - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

...more

Share How to Detect Malicious Remote Workers w/ James McQuiggan

Sign up to save your podcasts

How to Detect Malicious Remote Workers w/ James McQuiggan

How to Detect Malicious Remote Workers w/ James McQuiggan