Most security breaches don't begin with sophisticated code or elaborate technical exploits. They begin with a phone call, a convincing email, or someone at a help desk who just wanted to be helpful. The human layer is often the weakest link, and the criminals who understand that are the ones causing the most damage.

My guest today is May Chen-Contino. She's the CEO of Unit 221B, a threat disruption company that delivers actionable intelligence to enterprises, law enforcement, and government agencies. Her background spans cybersecurity, fintech, and SaaS leadership at companies like PayPal and eBay, and she brings a distinctly mission-driven lens to the work, shaped equally by a career in business and a background as a Krav Maga instructor.

Unit 221B operates less like a typical security vendor and more like a specialized investigative unit, with a team that includes tenured ransomware experts, incident responders, and former law enforcement, all focused on one outcome: criminal arrest. May has seen firsthand how ransomware gangs operate with their own codes of conduct, how a younger generation of cybercriminals is throwing those rules out entirely, and why paying a ransom is increasingly a bet that doesn't pay off.

We talk about why social engineering has overtaken technical hacking as the dominant attack vector, what organizations and individuals should never do in the aftermath of a breach, and how crimes against children online often go unreported for the worst possible reasons. May also shares a story from her own experience being scammed on eBay, and what she did about it, which tells you everything you need to know about how she approaches this work.

Show Notes:

• [1:28] May shares her background and how she came to lead Unit 221B, a threat disruption company serving enterprises, law enforcement, and government.
• [1:41] May traces her path into cybersecurity, explaining how a lifelong sense of justice and a friendship built through Krav Maga training led her to a team of investigators doing real criminal work.
• [5:55] May recounts being scammed while selling luxury shoes on eBay, describing how a fraudulent PayPal email convinced her the sale had failed after she had already shipped the item.
• [8:22] Rather than accepting the loss, May engaged the scammer directly, intercepted her own shipment through FedEx, and used a photoshopped payment screenshot to flip the situation on him.
• [11:36] The story ends with May recovering her shoes, followed by a candid note that this approach carries real risk and is not something she would recommend to others.
• [12:57] May outlines Unit 221B's core work, including criminal investigations, threat intelligence, pen testing, and incident response, all oriented toward federal prosecution and criminal arrest.
• [16:52] The evolving threat landscape, contrasting professional ransomware organizations that tend to honor agreements with a younger generation of cybercriminals who operate without limits.
• [18:44] May describes this younger criminal group in detail, noting members are predominantly 14 to 26 years old, English-speaking, and motivated as much by social status as financial gain.
• [21:49] May explains why wiping systems and restoring backups after a breach is one of the most damaging mistakes an organization can make, eliminating evidence and removing any path to prosecution.
• [23:04] She walks through Unit 221B's incident response process, covering digital forensics, insider threat identification, and determining who is behind an attack before advising on next steps.
• [26:32] May addresses the ransom payment question directly, recommending against paying as a default while acknowledging that knowing your adversary is essential to making the right call.
• [28:04] The discussion covers the legal and PR dimensions of a breach, including notification obligations and why some organizations choose to go public about what happened.
• [31:08] May pushes back on the perception that law enforcement doesn't help, explaining that federal agencies are understaffed and must prioritize cases, but are genuinely committed to the work.
• [34:08] The issue of victims deleting evidence before reporting, and how frequently this forecloses any possibility of investigation or prosecution.
• [34:55] The conversation turns to crimes targeting children, including sextortion, and why open dialogue between parents and kids is critical to getting victims to come forward before lasting harm is done.
• [37:18] May reflects on a keynote she gave at Harvard's Bold Conference for young women, describing the tension between advice to build an online presence and the real safety risks that come with it.
• [38:51] May shares practical security guidance for young people online, including being mindful of what appears in video backgrounds, using strong passwords, and enabling two-factor authentication.
• [40:35] May identifies AI-assisted attacks and social engineering as the two most significant forces reshaping the threat landscape, with technology now available to both attackers and defenders equally.
• [43:45] May describes Unit 221B's invite-only intelligence platform, which brings together top investigators, law enforcement, and private sector experts to collaborate and move cases forward.
• [45:10]Listeners can find Unit 221B at unit221b.com and on LinkedIn, and anyone facing a threat or needing guidance can reach out.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• May Chen-Contino - LinkedIn
• Unit 221B - LinkedIn
• Unit 221B