Countercastle Cybersecurity

In the Middle Ages, heavily fortified countercastles were built throughout a land to stop enemies from advancing too far into a kingdom. A layered defense dotting the landscape was best, since an enemy could appear at any time, from any direction.
Countercastle photo by Modris Putns Today, bad guys can materialize anywhere in cyberspace — or even in many places simultaneously — which means your defenses need to be interwoven everywhere throughout your network, systems, and human behavior.
Interweaving security requires tailoring it to the people, processes, and systems that are vulnerable, which means generic security isn't effective,1 as proven by the billions of dollars lost each year to cybercrime.2 When the federal government suffered the worst data breach in U.S. history,3 it was due to the dangerous misconception that generic security tools were working. But in truth, management had no idea where its gaps actually were.
Defending all fronts requires:

  • Knowing Your Terrain. Where does your most sensitive data live, who can access it, and where does it travel? If you're not sure, then how can you protect it? Amazingly, 43% of companies don't know where their own sensitive data is stored.4
  • Knowing Your Unique Threats. What are all the ways criminals and insiders could steal, profit, or disrupt — and how can these be stopped without overspending for security features you don't need?
  • Making Your People Experts. The best firewall in the world won't stop insecure behavior by insiders. Studies show that awareness is key: people who understand how attacks work become better defenders — but this requires training throughout the year.5
We can help. Headquartered in Los Angeles, Countercastle specializes in transforming businesses into strongholds where security extends to every corner.
Learn more about our services, contact us to get started, or follow us on Twitter.



Active in security since 1985, Scotch is a cybersecurity consultant, researcher, hacker, writer, and speaker.
Scotch Wichmann, Cybersecurity Researcher A sought-after expert in building security programs, risk and gap analysis, compliance and legal issues, penetration testing, security architecture, fraud prevention, counterintelligence, and security training, his past clients have included companies like MedMen, Cisco, Intuit, Sempra, Mitsubishi, and Viacom. A FBI Infrastructure Liason, Scotch currently serves as an on-demand Chief Information Security Officer (CISO) for a variety of Los Angeles area companies.
Career highlights include 9 years as a security architect and engineer at Wells Fargo, where he helped design the company's fraud detection, 2-factor authentication, E-vault, crypto acceleration, DMZ, cloud, and load balancing schemes, while innovating the use of honeypots to aid F.B.I. fraud investigations.
He also spent 5 years as a Security Principal at Sempra, where he managed the security architecture and penetration testing of over 90 projects, some with billion-dollar budgets, while following Homeland Security, Department of Energy, and NIST best practices.
Scotch studied English literature and computer science at the University of California, cryptography at Stanford, and Risk Management at Texas A&M. He is a member of the Upsilon Pi Epsilon (UPE) Honor Society for Computing Disciplines, and received his M.S. in Cybersecurity from the University of Maryland, a NSA Center of Excellence. He holds CISSP, CISM, Certified Data Privacy Solutions Engineer (CDPSE), and Certified Ethical Hacker (CEH) certifications.
Scotch remains an avid security researcher and critical theorist, with a strong focus on security's intersections with virtual spaces, artificial intelligence, espionage, psychology, popular culture, creativity, and the arts. A longtime performance artist himself, his paper "Kidnapping As Art" (MIT Press) explored the economics of "art kidnappings." He also authored the absurdist comedy novel, Two Performance Artists Kidnap Their Boss And Do Things With Him (Freakshow Books), which won the Silver Award for Best New Voice from the Independent Book Publisher's Association in 2015 — and of course, it features plenty of hacking.

  1. Siponen, M. (2003, July). Information Security Management Standards: Problems and Solutions. In 7th Pacific Asia Conference on Information Systems (pp. 1550-1561). Proc. in PACIS, Adelaide, South Australia. Retrieved from: 51f9a90cb27fc30041a98311504a15.pdf
  2. Nakashima, E. (2015, July 9). Hacks of OPM databases compromised 22.1 million people, federal authorities say. The Washington Post. Retrieved from:
  3. Nakashima, E., & Peterson, A. (2014, June 9). Report: Cybercrime and espionage costs $445 billion annually. The Washington Post. Retrieved from:
  4. Worth, D. (2016, March 4). Almost 50 percent of companies do not know where their data is stored. The Inquirer. Retrieved from:
  5. Chen, C. C., Shaw, R. S., & Yang, S. C. (2006). Mitigating information security risks by increasing user security awareness: A case study of an information security awareness system. Information Technology, Learning, and Performance Journal, 24(1), 1. Retrieved from: