Thursday, September 9, 2021

Episode #62 Over the hill and through the woods we go to…. Where are we going, I can’t recall, I may be going senile.

 To grow old is one of life’s blessings, but it is not all roses, one day you wake up and find you have injured yourself while sleeping, maybe today is the day you discover you have knees, and they are very unhappy with the way you have treated them over the years. Or maybe it is the day you realize that you cannot keep up with all the new things and changes happen around you daily.




Sometimes as I reflect on growing older, and the older I grow the more I seem to reflect on that, not because I am fearful of the aging process, or that I am worried about my final outcome (hint I love Jesus). I reflect because I ask myself what I have done to set up the next generation for succuss, what can I be doing with the time I have left to help.

In my career I have watched the birth and growth on an entire industry, and have seen how the technology we have made has had a profound and lasting impact on what it means to be a human and how you interact with the world. Those who come after us do not have that luxury, they are lacking the background and understanding of the grey hairs.

Each year that goes by it becomes clearer I have forgotten more than I currently know, that with age and experience comes a price that must be paid. I don’t know all the latest and greatest things happening, new tech, new vulnerabilities, new exploits. The good news is how you deal with them has not changed much in the last 30 years.

Experienced professionals have stories to tell, advice to give and lessons they learned the hard way that they can share. Are we doing enough to mentor those coming up in the industry, before our minds leave us and we spend our days sitting in a chair reminiscing about the good old days and how you had to yell at the people in your house, “Hey I am on the internet, hang up the phone” or that one time we waited 4 hours for a jpeg to download? Or when you knew what was on your network and could explain what it was doing?

 

I find myself pondering this question as I grow older, I ask what legacy we are leaving the next generation that are following behind us, who are looking to us for guidance and leadership.

What lessons have we learned both technical and non-technical that we want to pass on. What scars have we earned that taught us how to avoid them in the first place? What are WE doing to pass that knowledge onto those who will be here after us?

 In an industry that is so competitive and based on secrecy, are we doing enough to pass down the hard-earned knowledge that no book or class can teach, only being in the battle and earning the scars are you able to pass on the learnings from that experience. If we do not share our knowledge, then the same mistakes will be made over and over again by those who come after us.

I like growing older because I value the experience I have gained, the scars I have earned, the joyous moments and the painful ones just like the title of one my favorite western films, the good the bad and the ugly, and with age you WILL see all the Good The bad and the Ugly life has to offer in your lifetime.

Although sometimes I feel like a lost shoe on the side of the highway, where did it come from, how in the F did it get here and does it still serve a purpose.

I used to wonder why all the “Old people seemed to be cranky and fed up with the world, and each day that point of view makes more and more since to me.

Join us tonight for a discussion on aging, the impact it has on us as humans and security professionals and most importantly, what are we doing to pass on the experience we have to the next generation.

https://www.youtube.com/watch?v=a2__8xIIa2A

Evan, Chris and Ryan 



Thursday, September 2, 2021

Episode #61 Say Something Nice...



I remember my Mother teaching me “if you don’t have anything nice to say, then don’t say anything at all” and there’s a LOT of merit in that statement for various situations.... However, when it comes to our industry, and some of the companies, folks, and players INSIDE of it I must admit I’ve broken that rule on several occasions.
 
Which brings me to the rather splendid Osthoff Resort, sandwiched between Milwaukee and Green Bay, Wisconsin.
 
I’m here...
 
Surrounded by a posse of FBI agents, InfraGard folks, and businesses...


THANKFULLY I’m not alone in this pickle. I’ve got Evan Francen and Ryan Cloutier, CISSP with me to even out the odds a little.
 
And we’ve just spent the day (I’m up on stage in a couple of hours to complete the trifecta of apocalyptic horsemen) beating the living snot out of the entire industry, LOTS of folks, companies, and agencies that are in it.
 
Which means we should probably end the day thinking/saying something nice. IF nothing else we need to give folks some hope (and ourselves some redeeming qualities beyond just binging the alcohol.)
 
SO, this evening the #shitshow IS going to be live FROM the FBI/InfraGard stage and IF we can, we’re going to find some good things to talk about. There might be some pauses, some moments of silence as we work out what IS good....
 
Come along, hang out, join in (we’re doing audience participation on this one)
 
AND let’s see if there ARE some good things inside InfoSec (aside from the availability of alcohol, tea, and caffeinated beverages)

Shout out to InfraGard for allowing us in!
AND to the Federal Bureau of Investigation (FBI) for being nice enough to not arrest me on sight again....
 
‘all for now, see folks late
 
Chris

https://www.youtube.com/watch?v=c75_iI3EJWo

Thursday, August 26, 2021

Episode 60 Are you driving (your computer) with a gun pointed at your head?


You know about the massive Takata airbag recall story, right?

No?! Maybe?

Well, we've got one helluva story to tell you. 

Takata was (keyword "was", the company declared bankruptcy in 2018) a Japanese company founded in 1933, making lifelines for parachutes. In 1988, the company started making airbags for vehicles, lots of vehicles! At its height, Takata owned 20% of the airbag manufacturing market with production facilities on four continents and a market value exceeding 400 billion yen ($3.6 billion).

Things were good at Takata. At least we thought things were good.

The problem, Takata airbags "could rupture and send debris flying inside the vehicle".

The brief timeline of events:

  • In the early 2000s, some Takata managers become aware of inflator failures in their airbags (test report data was altered to hide the failures from carmakers).
  • In 2003, the company learned that an inflator had ruptured in a driver-side airbag. The company did not report the incident to U.S. authorities.
  • In 2004, another inflator ruptured and three more in 2007.
  • In 2008, Honda recalls 4,000 Accords and Civics. Honda knew about more than 100 injuries and 13 deaths related to Takata airbags, starting in about 1998.
  • Around 2009, senior Takata executives become aware of falsified test data that was provided to one or more carmakers.
  • In the Spring of 2013, recalls were issued affecting more than 3.5 million vehicles.
  • In June 2014, Takata admitted that their Mexican subsidiary mishandled "the manufacture of explosive propellants" used in their airbags.
  • Later in June 2014, BMW, Chrysler, Ford, Honda, Mazda, Nissan, and Toyota all announced recalls. The total recall now stood at 10.5 million vehicles.
  • In July 2014, a pregnant Malaysian woman was killed. A metal fragment sliced into her neck. (she was going 18 MPH).
  • In November 2014, Takata allegedly ordered technicians to destroy test results.
  • By May 2015, the global recall tops 31 million vehicles.
  • In January 2017, Takata pleads guilty to U.S. criminal charges and agrees to pay a $1 billion fine. Three Takata executives are indicted on wire fraud and conspiracy charges too.

Let's stop for a second... 

What do you call something that uses an explosive propellant to launch a projectile (or "debris")?

It's called a gun.

Today, millions of Takata guns (or ticking timebombs) are still on the road. Late last year, Janett Perez, a U.S. citizen in Mexico was killed when a Takata airbag shot a metallic fragment into her neck too.

Another car accidentally backed into her.

More than 30 car manufacturers have been affected, and the NHTSA ordered an (ongoing) US-wide recall of more than 42 million cars (the largest automotive recall in U.S. history). Worldwide, the estimated size of the recall is roughly 100 million cars.

So what does this have to do with information security? 

Lots actually! The parallels include consumer ignorance, manufacturer negligence, regulatory ineffectiveness, and more. As we integrate technology more and more into our physical world, the parallels become even more frightening.

Let's have a truthful (and downright scary) talk about this shit tonight!

Join us LIVE @10pm CDT, August 26th.

Evan, Ryan, and Chris are sure to have one helluva discussion about this!

Thursday, August 19, 2021

Episode #59 The times they are a-changing, but are we? Continued

  Last week we took some time away to do some of the things we love, Chris went to DefCon to taste whiskey with folks, Evan took his beard and bike to Sturgis to make memories, one of his most favorite things to do, and I took some time to visit with my wife and dog.



As I was reflecting on all the things that had happened in just a weeks’ time, it dawned on me we are at the beginning of a new era as a society and as an industry and even as I type this my news feed is full of new discoveries, new legislation, new science and change on a global scale that at times is hard to comprehend.  

The scope and scale of work in front of us is daunting, old thinking and old methods must go, we must get creative, we must innovate, we must simplify.

What used to work is no longer working, what used to be acceptable is no longer acceptable, what used to be enough is no longer enough. We now must embrace these changes head on and take a whole new approach to a new world, especially in our industry.

Tonight, we will discuss some of the changes that have happened that affect our industry, pontificate on what we need to change to adapt and adjust to this new world.

As Bob Dylan told us

Come gather 'round people, wherever you roam
And admit that the waters around you have grown
And accept it that soon you'll be drenched to the bone
If your time to you is worth saving
Then you better start swimmin' or you'll sink like a stone
For the times, they are a-changin'

 

Come senators, congressmen, please heed the call
Don't stand in the doorway, don't block up the hall

For he that gets hurt will be he who has stalled
The battle outside ragin'
Will soon shake your windows and rattle your walls
For the times, they are a-changin'

 

All this and more tonight on the Security Shit Show 10pm Central 21:00 mountain

https://www.youtube.com/watch?v=qowXaA56x9s 

Thursday, August 12, 2021

Episode #58 The times they are a-changing, but are we?

 Last week we took some time away to do some of the things we love, Chris went to DefCon to taste whiskey with folks, Evan took his beard and bike to Sturgis to make memories, one of his most favorite things to do, and I took some time to visit with my wife and dog.



As I was reflecting on all the things that had happened in just a weeks’ time, it dawned on me we are at the beginning of a new era as a society and as an industry and even as I type this my news feed is full of new discoveries, new legislation, new science and change on a global scale that at times is hard to comprehend.  

The scope and scale of work in front of us is daunting, old thinking and old methods must go, we must get creative, we must innovate, we must simplify.

What used to work is no longer working, what used to be acceptable is no longer acceptable, what used to be enough is no longer enough. We now must embrace these changes head on and take a whole new approach to a new world, especially in our industry.

Tonight, we will discuss some of the changes that have happened that affect our industry, pontificate on what we need to change to adapt and adjust to this new world.

As Bob Dylan told us

Come gather 'round people, wherever you roam
And admit that the waters around you have grown
And accept it that soon you'll be drenched to the bone
If your time to you is worth saving
Then you better start swimmin' or you'll sink like a stone
For the times, they are a-changin'

 

Come senators, congressmen, please heed the call
Don't stand in the doorway, don't block up the hall

For he that gets hurt will be he who has stalled
The battle outside ragin'
Will soon shake your windows and rattle your walls
For the times, they are a-changin'

 

All this and more tonight on the Security Shit Show 10pm Central 21:00 mountain

https://www.youtube.com/watch?v=qowXaA56x9s 

Thursday, August 5, 2021

No show tonight

There will be no show for tonight, with Chris and Evan both on the road and Ryan running on fumes we thought it best to postpone tonight's show until next week.



We are looking forward to chatting next week about some recent developments in the world of cybersecurity legislation and executive actions, there is a light at the end of the tunnel.... the question is, is it an exit or a train, tune in next week to find out.


Thank you from the Shit Show Crew Chris, Evan and Ryan

Thursday, July 22, 2021

Episode #56 You Got Breached, Congratulations.

You Got Breached, Congratulations. 




You’re NOT a special snowflake
You can’t go round pouting
You don’t need to find anyone to blame
No, the Russians probably didn’t do it
No, I don’t need tagging in the post
Yes, likely you DO need to change some things
No, you probably couldn’t have stopped it
Yes, you could have likely detected it sooner
Yes, you could probably have remediated it faster
No, don’t you DARE blame the users!
No, your annual training for 30 mins isn’t effective (it sucks)
Yes, you can recover from it (hopefully)
No, it won’t kill you JUST yet, wait a few more years though…
More budget? Stop wining and spend what you have wisely
Yes, it means you have to roll up your sleeves
Yes, interns or apprentices can help remediate this
Yes, get off your ass, it got pwned, get over it
No, you’re still NOT a special snowflake.

Congratulations.
You’re JUST like all the other breaches
You can sit down and plan
You should go look in the mirror
You likely did it to yourself, we’ll get to that.
Yes, you can reach out for help and advice
NO, you don’t need to buy everyone’s cyber-crap
NO, everyone’s cyber-crap isn’t going to stop it either
YES, it would be good to know what you actually have
YES, it would be great to know WHERE your data IS
Yep, IF you can track it back, it probably starts on a users machine
Yes, ongoing education HELPS (doesn’t fix, but helps)
Yes, you can recover from it (get the basics in order)
Yes, we are working on hacking the chips in humans, fun eh?
Nope, don’t expect more money, so work smarter
Yes, it means you can now get your house in order, good!
Yes, you can probably justify headcount but save $$ and get folk TO train
Yea, it sucks, sorry, but it’s the way of the new world.
And no, you’re not special, you CAN however be a good example.

Get the basics sorted out BEFORE your ass is delivered TO you on a silver platter

* Assets, what do you have?
* Assets, where are they?
* Who’s got access to them, and why?
* What DO they do, what is their purpose?
* What’s on them?
* Which ones do you need to care about?

Got it? Good, now go get a cuppa tea or coffee and go deal with it…. I’m going to go make breakfast.

‘all for now

Chris

All this and more tonight on the Security Shit Show.
10 pm Central, 21:00 mountain  

https://www.youtube.com/watch?v=DrUpbCrXegw

Episode #62 Over the hill and through the woods we go to…. Where are we going, I can’t recall, I may be going senile.

 To grow old is one of life’s blessings, but it is not all roses, one day you wake up and find you have injured yourself while sleeping, may...