About
|
Our Team
The People Behind Rexxfield
Rexxfield is powered by a team of seasoned cybersecurity, investigators and intelligence experts working to detect threats, investigate breaches, and protect against cybercrime.
Stephen Dougherty
Chief Managing Member
As a former U.S. Secret Service investigator, Stephen Dougherty is a cybercrime and wire-fraud investigator with over 15 years of experience leading complex financial-crime, digital-forensics, and international cyber investigations. He helped pioneer the USSS Global Investigative Operations Center (GIOC) and founded the agency’s Business Email Compromise Mission Desk, contributing to the recovery of nearly $500 million in victim funds. He led rapid-response operations, advanced cryptocurrency-tracing techniques, and coordinated high-impact global cases with the Department of Justice, financial institutions, and foreign law-enforcement partners.
Stephen is a highly decorated investigator, earning DHS Secretary’s Gold Medals of Excellence, U.S. Secret Service Director’s Impact Awards, and the 2021 USSS Employee of the Year honor. A seasoned global speaker, he delivers insights on cyber-enabled fraud, asset recovery, and public-private collaboration.
Ronnie Tokazowski
Chief Technology Officer & Managing Member
Ronnie is a cybersecurity researcher and Chief Fraud Fighter with over 15 years of experience in threat intelligence, scam analysis, and fraud prevention. He investigates the people, infrastructure, and techniques behind cyber-enabled crime, including BEC attacks, romance scams, pig-butchering schemes, and crypto-related fraud. Throughout his career, he has led security operations teams, collaborated with law enforcement and financial institutions, and produced intelligence that helps organizations detect and disrupt fraudulent activity.
A regular speaker at industry events, Ronnie shares insights on scam evolution, social-engineering psychology, and cross-sector collaboration. Known for both technical depth and victim advocacy, he highlights the human impact of cybercrime and works to bridge the gap between analytical security work and real-world victim experiences.
Anna Hulst
Licensed Private Investigator & Managing Member
Anna is a cyber investigator specializing in social engineering and open-source intelligence (OSINT). She conducts pretext-based engagements with threat actors to unmask them. By blending psychological insight with digital forensics, she unmasks the people behind online crimes. Anna has provided extensive support to law enforcement and legal teams globally and works closely with attorneys and investigators to build strong, evidence-based cases. She is skilled in uncovering digital evidence, preparing subpoenas, and turning complex data trails into narratives that hold up in court.
Anna also uses advanced visualization and timeline tools to explain to judges and juries the relationships between actors, assets, and events. Her work bridges technical forensics and legal advocacy, providing the clarity needed to achieve justice.
Hieu Minh Ngo
Chief Threat Hunter & Shareholder
Hieu is a cybersecurity expert whose journey spans from convicted hacker to respected defender of cyberspace. Our very own Matt O’Neill arrested Hieu in the U.S. territory of Guam in 2013 for an identity-theft scheme impacting 200M+ Americans. They are now good friends and business partners. In prison, Hieu turned his life around and cooperated with authorities, resulting in his early release in 2019. He returned to Vietnam in 2020 and joined the National Cybersecurity Centre (NCSC) and co-founded ChongLuaDao, a leading anti-scam initiative protecting users nationwide.
Recognized by UNDOC, Apple and Verizon for his security contributions, he also serves part-time as a Cyber Threat Investigator at TRM Labs. A sought-after speaker, Hieu has presented at INTERPOL, GISEC, GITEX, TEDx, the World Police Summit, and major industry events. His story highlights redemption and commitment to building safer digital ecosystems.
Matt O’Neill
Supervisory Special Agent
US Secret Service (Ret.) & Shareholder
With more than 25 years in federal law enforcement, including launching and leading the U.S. Secret Service’s Global Investigative Operations Center, he has been at the forefront of combating transnational organized cybercrime. His leadership advanced innovative intelligence capabilities that supported field offices and public-private partners worldwide.
As Deputy Special Agent in Charge – Cyber, he directed mission-critical cyber operations, digital forensics, incident response, and eCrime investigations. He also oversaw billions in asset-forfeiture operations and drove major organizational modernization initiatives. Today, he is a Co-Founder of 5OH Consulting and an Adjunct Professor, where he teaches the next generation of investigators about complex, global cybercrime threats.
Michael Roberts
Founder & Private Cybercrime Investigator (Retired)
NOTE: Michael exited Rexxfield in December 2025. He founded the agency in 2008 and, after nearly 18 years of fostering cooperation between government and private sectors in crime fighting, he transferred leadership of Rexxfield to his professional colleagues listed on this page. Michael’s work focused on complex cross-border cybercrime disruption and resolution.
Michael has retired from full-time crime-fighting and now concentrates on public-benefit projects. He is also cofounder of a new crime-fighting SaaS platform and public-private crime-fighting community. These projects will bring Justice at Scale by improving cooperation in cross-border cyber-enabled crime investigations.
Michael continues to provide part-time, boutique consulting services to law firms and prosecution teams, while also supporting NGO and charitable initiatives focused on cybercrime and assistance to vulnerable persons.
Rex
OSINT & DARKINT Investigator
Rex is a cybercrime investigator specializing in digital forensics, threat intelligence, and incident response. With deep experience analyzing Advanced Persistent Threat (APT) campaigns, he understands the vital link between cybersecurity and national security. He views every organization as a digital stronghold and believes protecting it is as essential as defending a nation. Recognizing how cybercrime fuels widespread economic damage, Rex is committed to uncovering the truth behind attacks and exposing those responsible.
His mission is to map criminal operations, help organizations understand digital risks, and strengthen global cyber resilience. Guided by the principle that every crime leaves a trace, he blends technical expertise with investigative discipline to ensure threat actors are held accountable.
Nam
OSINT & DARKINT Investigator
Nam is a cybersecurity specialist with deep expertise in blue-team operations, incident response, and digital forensics. Analytical and investigative by nature, he constantly asks why—examining every event, alert, and system interaction to uncover root causes and see the big picture behind each security incident.
He focuses on SIEM engineering and threat detection pipelines, designing dashboards, detection rules, and enrichment workflows that transform complex telemetry into actionable intelligence.
Nam also applies threat-hunting and OSINT investigation techniques to support fraud detection and uncover malicious infrastructures, combining data correlation, behavioral analysis, and automation to reveal subtle attack patterns and underlying intent.
Extended Network
Investigators & Analysts
In addition to our core team, Rexxfield works with a trusted network of on-call investigators, forensic analysts, and specialist consultants who expand our capabilities across borders and disciplines. This extended team includes experts in cryptocurrency tracing, blockchain forensics, OSINT, dark-web intelligence, malware and infrastructure analysis, social-engineering operations, and financial-crime investigations.
Their combined experience supports rapid response, complex casework, and global coordination with banks, exchanges, ISPs, and law enforcement. This network allows Rexxfield to scale quickly, deploy the right expertise for any case, and deliver comprehensive intelligence and evidence for clients and investigative partners worldwide.
Strategic Partnership Spotlight
Ed Gibbs
Strategic Advisor, Cyber Threat Intelligence (Rexxfield) ; Vice President Research (WhoisXML API)
In his role as Vice President of Research at WhoisXML API, he helps shape intelligence-driven approaches that turn DNS, WHOIS, and netflow telemetry into actionable insights used by law enforcement, government entities, and threat research teams worldwide.
Throughout his career, Ed has held senior technical and leadership roles across major technology and cybersecurity organizations, contributing to the evolution of enterprise and network security practices. His work focuses on identifying patterns in cybercriminal infrastructure, enabling organizations to better understand, attribute, and disrupt malicious activity at scale.
A recognized voice in the cybersecurity community, Ed has presented at major industry forums including RSA, Black Hat, DEF CON, and ICANN. He is also a contributing author to the Handbook of Computer Crime Investigation and a member of the Forbes Technology Council. Beyond his professional work, Ed supports initiatives focused on combating cybercrime and protecting vulnerable communities, contributing his expertise to real-world investigative and disruption efforts.