Thursday, November 18, 2021

Episode #71 You talkin' to me? You talkin' to me? You talkin' to me? Then who the hell else are you talkin' to? You talkin' to me? Well, I'm the only one here. Who do the f*** do you think you're talking to? Oh, yeah? Ok.

Every time I encounter an ego in our industry, I immediately think they are channeling their inner Robert Denerio. Or when I run into a vendor who is in the protection racket, buy my tool or else. I remember We are here to protect people not to provide “protection”


Why do we feel the need to act like gangsters and thugs, bullying our way around, scaring the people we are supposed to be protecting. Our industry is rife with extortion tactics and borderline criminal business practices all in the name of helping, but the only thing we seem to be helping is our pockets to get fatter. When your sales strategy is a quote from Vito Corleone “I’m gonna make him an offer he can’t refuse.” Something is wrong.

 


You say you want to help, yet your help is behind a registration wall, your “help” comes with a constant barrage of unsolicited emails telling me how if I just buy more of your shit, I can stop the cybercriminals. Forget the fact your own security is probably in shambles and your marketing email is how your customer is going to get infected.

If you need to behave like a quote from a gangster, I suggest you quote Tony Montana

“All I have in this world is my balls and my word, and I don’t break them for no one.”

Remember this sage wisdom from Mario Puzo “The lawyer with the briefcase can steal more money than the man with the gun.”

“Listen to me very carefully. There are three ways of doing things around here: the right way, the wrong way, and the way that I do it. You understand?” – Ace Rothstein

 If we are going to keep acting like the criminals, we are trying to stop then we should have gangster names so at least there is some authenticity to our actions.

Join Spotted Dick Roberts, Mind Fuck Francen and Pretty Face Cloutier for a lively discussion tonight on the Security Shit Show.


Tonight at 9pm Mountain 10Pm Central 

https://www.youtube.com/watch?v=5jWQFK8cH7s

Thursday, November 11, 2021

Episode #70 Can I put that on my tab please

 

Remember those days?
Remember the scene?
Remember when that was semi-acceptable?

 


Yea… long time ago, in a country pub a LONG ways away.

 

You might still have the luxury OF doing that in your favorite restaurant, bar, pub, or location…. Heck when you go to a hotel or entertainment location you can put things on the tab, HOWEVER in those cases they’ve already charged you for the room, and they DO have your credit card on file.

 

Yet we think it’s ok to run up a tab with people in this industry?

 

We think it’s ok to have folks do work for us, then invoice us, and THEN maybe pay in 30 days?

 

We think it’s ok to get services for free while WE invoice our clients ahead of time?

 

We think it’s ok to take advantage of people’s kindness and then when it comes time to pay we throw roadblocks, request, and all sorts of ridiculous demands (can you send a canceled check, proof of a bank account, a letter from the financial institution, can you copy 4 people from accounting, and BTW one is on holiday for the next 2 weeks, etc.)

 

This is something that’s affecting me at a personal level, and I don’t think folks realize, understand, or simply want to acknowledge that we ALL have bills to pay, we ALL have folks depending upon us, and we ALL value our time, services, and work efforts to a point where you don’t get to take advantage of them for a month or two before paying at least something FOR those services.

 

Not only that, when was the last time you called out a plumber, electrician, or other professional trade, and when presented with the invoice explained that you’ll pay in 30 days IF they provide you with 3 references, their first born and a blood sample? They’d rip out your new shiny HVAC unit and walk off in disgust, same with any contractor coming into your home, they have expenses, costs, systems to purchase and don’t need your numpty ass defaulting on things. It’s risk management 101 and we ALL have to deal with it.

 

SO, next time someone send in an RFP, SOW, LOI, or document asking for some of the funds up front realize it’s because they’re also human, they rely upon income, and YOU are a risk to them. Treat them like a human and don’t be an ass about paying up front for a portion of the work effort, after all BOTH parties are risking something. 

 

Yes, you can get something for nothing, and yes many of us want to (and often DO) help, often putting mission before money, but that doesn’t put food on the table… that invoice you have DOES… remember that please.

 

And no, you can’t put it on your tab….

 

Chris

Thursday, October 21, 2021

Episode #68 What are you talking about, Confusing Communication, Causing Calamity.

Words matter, your choice of words can have a profound impact on the outcome.

 We love to speak OUR language the language of tech and engineering. Our language is complex and full of unique terms, it is a beautiful language that no one outside of tech understands.


We must ask ourselves why we would speak tech talk to non-technical people. This is like trying to speak Sanskrit to a person who doesn’t speak Sanskrit. We need subtitles or translators because our language is not helping to get the message across to our users. We bitch and moan they are not doing what we told them to do and that’s why we got breached, but we are failing to realize we told them in a language that to them sounds like Charlie Browns parents.

Our language is full of $50 dollar words, acronyms, negative and aggressive words, complex words that require a novels worth of information to put into context.

If we hope to fix what is broken, to do more with less, to increase security, to reduce risk and make an ethical sale or two along the way, then we need to find a way to communicate that resonates with every person. Simple and understandable, easy to connect with and internalize, relatable and personal these are the corner stones of effective communication.

 

This and much more tonight on the Security Shit Show with Chris, Evan and me

10pm central, 9pm mountain

https://www.youtube.com/watch?v=xrLytU6NvAs

Thursday, October 7, 2021

Episode #66 O No Bro, don't be that guy

Repeat After Me:

 
I am NOT a neanderthal
(Even if I look like one)
 
I do NOT walk around with a permanent hard on
(IF you do, then you’re taking too many blue pills)
 
I do NOT need to treat every interaction with a female in InfoSec/IT/Cyber/Tech as an opportunity to peacock, and prove my manliness by dry humping the server rack.
 
I will NOT step away from chivalry, HOWEVER, I will not use it as a shield to hide bad behavior OR ulterior motives.
 
IF I don’t tell Chris that he looks pretty, then there is NO place to do the same to anyone else.
(And if you DO tell me I’m pretty you STILL don’t get a hallway pass to do the same to others…)
 
IF I cannot walk shoulder TO shoulder with my female counterparts, then I do NOT deserve a place in this industry
(…and I’m on shaky ground elsewhere in society!)
 
A meeting is NOT a date
 
A LACK of wedding ring is NOT an invitation to drool and act the fool
 
A wedding ring is NOT a challenge
 
I will NOT mansplain, and IF I’m going to argue, then I AM going to go and look at the awesome flowchart from Kim Goodwin
 
Done? Need to repeat it? Tattoo it on a body part?
 
SO:
 
If ANY of this is jogging a memory then y’all might want to go find that second voice and listen to it BEFORE engaging in a conversation with the opposite sex.
 
If YOU are offended by this, then go look in a mirror and ask WHY
 
If YOU laughed at this, then I hope it’s a laugh of clarity, and not of ignorance.
 
If YOU know anyone that NEEDS to read this, forward TO them, blame me, it’s simpler and I’ve been blamed for worse.
 
IF you are a narcissist you’ve likely recognized yourself and simply don’t care… for you I have tasers.
(Although you’d probably enjoy that too…)
 
If your regional, religious, back-arsed belief system has put “you” as superior, then please go boil your head, and GTFO of our industry, you have NO place here, none of us want you.
 
‘Enough said for now, a HUGE thanks to both Christy F. and Sky Kennedy for the inspiration!
 
Feel free to print, forward, blame, but FFS get the word out that this shit has got to stop.
 
‘all for now
 
Chris

Join us tonight on the Security Shit Show 10pm Central 9Pm Mountain

Thursday, September 30, 2021

Episode #65 - Hope Restored Lessons From GrrCON



 Hope in one hand and shit in the other! this is what I was told as a child about hope, this is because hope is commonly associated with expectations, and expectations lead to disappointment.

 It was not until later that I learned hope could also mean a want or desire for something to happen, that hope is about anticipation for positive outcomes.

Then I remembered I work in information security, an industry that at times appears to be a hopeless wasteland of soul sucking, ungrateful people, never-ending greed, over inflated egos, blaming and shaming and awful behavior. An industry were the vendors treat their customers like victims, while peddling rebranded anti-virus and packet inspection as next gen and don’t get me going on the “Rock stars” of the industry are high on their own farts.

Work in this industry long enough and you will start to lose hope, lost hope that anything will change, that we can get ahead of the criminals, that we can do the right thing, that we will become diverse and inclusive, that we will help and protect those we serve, that the next generation will know how a computer and network actually works.  

Feeling hopeless makes it hard to get up each day and keep fighting this fight, hopelessness is hard on mental health, passion and drive start to suffer and apathy starts to set in. It was in this spiral of negative feelings about our industry and its future that I found myself, when I arrived at my very first GrrCON.  

What unfolded over the next few days, surprised, renewed, refreshed, inspired, encouraged, empowered, energized and left me with a restored since of hope.

After spending an amazing time hanging with and learning from some of the kindest, nicest, humblest, smartest people in infosec. I could see we have a chance to do better, to be better and there are some of us in this industry who are in it for all the right reasons. From the amazing folks at ILF to the thoughtful sessions, the openness to share knowledge, and humbleness of some of the biggest names in the game. Every person I met from the newest in the industry to the dusty old dinosaurs (holding up a mirror) every single person was eager to help, excited to grow and learn from one another regardless of experience level.

We need to take what makes the attendees of GrrCON so special, put it in a bottle and sell it as a service.

All this and more tonight on the Security Shit Show with Chris, Evan and Ryan.

Tonight at 9pm Mountain 10pm Central 

https://www.youtube.com/watch?v=ALtZITNO2B4

Thursday, September 9, 2021

Episode #62 Over the hill and through the woods we go to…. Where are we going, I can’t recall, I may be going senile.

 To grow old is one of life’s blessings, but it is not all roses, one day you wake up and find you have injured yourself while sleeping, maybe today is the day you discover you have knees, and they are very unhappy with the way you have treated them over the years. Or maybe it is the day you realize that you cannot keep up with all the new things and changes happen around you daily.




Sometimes as I reflect on growing older, and the older I grow the more I seem to reflect on that, not because I am fearful of the aging process, or that I am worried about my final outcome (hint I love Jesus). I reflect because I ask myself what I have done to set up the next generation for succuss, what can I be doing with the time I have left to help.

In my career I have watched the birth and growth on an entire industry, and have seen how the technology we have made has had a profound and lasting impact on what it means to be a human and how you interact with the world. Those who come after us do not have that luxury, they are lacking the background and understanding of the grey hairs.

Each year that goes by it becomes clearer I have forgotten more than I currently know, that with age and experience comes a price that must be paid. I don’t know all the latest and greatest things happening, new tech, new vulnerabilities, new exploits. The good news is how you deal with them has not changed much in the last 30 years.

Experienced professionals have stories to tell, advice to give and lessons they learned the hard way that they can share. Are we doing enough to mentor those coming up in the industry, before our minds leave us and we spend our days sitting in a chair reminiscing about the good old days and how you had to yell at the people in your house, “Hey I am on the internet, hang up the phone” or that one time we waited 4 hours for a jpeg to download? Or when you knew what was on your network and could explain what it was doing?

 

I find myself pondering this question as I grow older, I ask what legacy we are leaving the next generation that are following behind us, who are looking to us for guidance and leadership.

What lessons have we learned both technical and non-technical that we want to pass on. What scars have we earned that taught us how to avoid them in the first place? What are WE doing to pass that knowledge onto those who will be here after us?

 In an industry that is so competitive and based on secrecy, are we doing enough to pass down the hard-earned knowledge that no book or class can teach, only being in the battle and earning the scars are you able to pass on the learnings from that experience. If we do not share our knowledge, then the same mistakes will be made over and over again by those who come after us.

I like growing older because I value the experience I have gained, the scars I have earned, the joyous moments and the painful ones just like the title of one my favorite western films, the good the bad and the ugly, and with age you WILL see all the Good The bad and the Ugly life has to offer in your lifetime.

Although sometimes I feel like a lost shoe on the side of the highway, where did it come from, how in the F did it get here and does it still serve a purpose.

I used to wonder why all the “Old people seemed to be cranky and fed up with the world, and each day that point of view makes more and more since to me.

Join us tonight for a discussion on aging, the impact it has on us as humans and security professionals and most importantly, what are we doing to pass on the experience we have to the next generation.

https://www.youtube.com/watch?v=a2__8xIIa2A

Evan, Chris and Ryan 



Thursday, September 2, 2021

Episode #61 Say Something Nice...



I remember my Mother teaching me “if you don’t have anything nice to say, then don’t say anything at all” and there’s a LOT of merit in that statement for various situations.... However, when it comes to our industry, and some of the companies, folks, and players INSIDE of it I must admit I’ve broken that rule on several occasions.
 
Which brings me to the rather splendid Osthoff Resort, sandwiched between Milwaukee and Green Bay, Wisconsin.
 
I’m here...
 
Surrounded by a posse of FBI agents, InfraGard folks, and businesses...


THANKFULLY I’m not alone in this pickle. I’ve got Evan Francen and Ryan Cloutier, CISSP with me to even out the odds a little.
 
And we’ve just spent the day (I’m up on stage in a couple of hours to complete the trifecta of apocalyptic horsemen) beating the living snot out of the entire industry, LOTS of folks, companies, and agencies that are in it.
 
Which means we should probably end the day thinking/saying something nice. IF nothing else we need to give folks some hope (and ourselves some redeeming qualities beyond just binging the alcohol.)
 
SO, this evening the #shitshow IS going to be live FROM the FBI/InfraGard stage and IF we can, we’re going to find some good things to talk about. There might be some pauses, some moments of silence as we work out what IS good....
 
Come along, hang out, join in (we’re doing audience participation on this one)
 
AND let’s see if there ARE some good things inside InfoSec (aside from the availability of alcohol, tea, and caffeinated beverages)

Shout out to InfraGard for allowing us in!
AND to the Federal Bureau of Investigation (FBI) for being nice enough to not arrest me on sight again....
 
‘all for now, see folks late
 
Chris

https://www.youtube.com/watch?v=c75_iI3EJWo

Episode #71 You talkin' to me? You talkin' to me? You talkin' to me? Then who the hell else are you talkin' to? You talkin' to me? Well, I'm the only one here. Who do the f*** do you think you're talking to? Oh, yeah? Ok.

Every time I encounter an ego in our industry, I immediately think they are channeling their inner Robert Denerio. Or when I run into a vend...