Thursday, December 10, 2020

Episode #30 - What do you do when the security provider gets hacked?

Another day, another breach in the news, what's new? well..., this time the victim is one of the worlds leading information/cybersecurity providers. 


 The company has come forward to say that their offensive red team tools have been stolen, and most likely by a foreign nation.


What do we do when the very companies we trust to help protect our nation, become the target of military grade warfare? According to the company, this was not a run of the mill cyber attack, this was a highly sophisticated and targeted attack by a nation state.

This is not the first time a security company has been the target of a goverment sponsered attack, nor will it be the last. As an industry if the tools we produce to protect, can also harm what are the obligations to protect them? and how liable are we if they get stolen and used for naferious purposes? 

Knowing that our industry will continue to be a target of highly shopoistcated goverment attacks, what obligation if any, does the goverment have to help us protect ourselfs while protecting them? 

What if any rules need to apply to the production and manufacture of weaponized computer code (if it can kill, damage and disrupt) is it not then a weapon or destructive device?  

Who watches out for the watcher of the watchers? this and more on tonight's show. 
   

 Tune in tonight 9 pm Mountain 10 pm central  (12/10) LIVE to catch what the guys have to say about all this.

 Here's the link;https://www.youtube.com/watch?v=Z9uxeDQRb2s

Wednesday, December 9, 2020

Why we do the Security Shit Show

We love people, it's why we do our work. It's why we work crazy hours, get frustrated when things go wonky, fight like hell, and sellout.

Our job is to protect people.

It's what we do. We love people and we especially love our fans. So much love, you might be surprised to find out we don't do the Security Shit Show for others or our fans. We do the Security Shit Show for us (Chris, Evan, and Ryan).

Here are the reasons we do the Security Shit Show:

  • We do this for our health.
  • We do this for our sanity.
  • We do this for inspiration.
  • We do this for support
  • We do this for our enjoyment.
  • We do this for our encouragement.
  • We do this for our sanity.
  • We do this for our joy. 
  • We do this for whatever else we need at the time.
Here are some reasons we don't do the Security Shit Show:
  • We don’t do this to be unhealthy.
  • We don't do this to add more pressure to a pressure-filled life.
  • We don't do this for more work (God knows, we've got plenty as it is!). 
  • We don't do this if it’s a pain in the ass.
  • We don't do this if it’s discouraging.
  • We don't do this for more stress.
  • We don't do this to be popular.
  • We don't do this to be political.
  • We don't do this to sell shit. 
  • We don't do this for anything else we don’t need.

The three of us spend 50, 60, 70+ hours each week giving our all to help others. The Security Shit Show is a time for us to rest and be OK with taking and getting from each other.

We invite others to come listen to our conversations, share thoughts and participate, but we don’t do the Security Shit Show for our fans. Everyone is always welcome, as long as there's respect (and hopefully some love) for each other.

Having said this...

We do what we do when we do it.  We post shit when/if we get around to it. If we don’t get around to it, it’s 100% OK with us, and we hope it's OK with you too.

With much love and respect,
Chris, Evan, and Ryan (the Security Shit Show)

Thursday, December 3, 2020

Episode #29 - 'Tis the Season to be Ripped Off

The tech, the calls, and clicks of folly
Fa-la-la-la-la, la-la-la-la
‘Tis the season to rob Holly
Fa-la-la-la-la, la-la-la-la
Don, he shops online in peril 
Fa-la-la, la-la-la, la-la-la
Scammers have him over a barrel
Fa-la-la-la-la, la-la-la-la

You get the picture. Here's some straight up truth:

  •  'Tis the season for scammers to scam, and scam they will.
  • There's more opportunity than ever, with online shopping expecting to increase 38% over last year.
  • We're more distracted than ever, with COVID-19, social justice issues, election gibberish, etc.

The equation is simple for the scammers:

Opportunity + Distraction = Success

This shit won't happen on our watch! Sadly, your shit isn't under our watch. It's under yours. You gotta do better. It's your shit. Your shit is your responsibility.

We're not Scrooge here. We're not the Grinch either. We're trying to help you save yourself from these jack wagons!

Tune in tonight (12/3) LIVE to catch what the guys have to say about all this. Here's the link; https://youtu.be/gkjjG0l6Wwo

Excuses? Well, that's on you.

Wednesday, November 11, 2020

O Shit am I on FIRE?

What is that smell?..........  is that smoke I see?........  why am I hot?

 O SHIT, I'm ON FIRE!



Work in infosec long enough and you will see a fire or two, Oh hell let's be honest, work in infosec long enough and you will be the cause of a fire or two. It could be your flagship application leaking vast amounts of data, it could be the secretary clicking on a link, a misconfiguration, a failed patch, your most critical 3rd party has a data breach, and ransomware event all in one, then there is the tomfoolery of China, Russia, North Korea just to name a few.

 At some point, we have all gotten the "Shits on fire" call at some ungodly hour of the night, and this is assuming we were sleeping, instead of sitting up chewing our fingernails waiting for the phone to ring with a fire on the other end that we then have to deal with. This constant barrage of fires, day in and day out, takes a toll just like in a real fire-you get burnt.

Then we have the political fires when someone is trying to burn us down, we have to deal with this on top of the security fires, and this only further contributes to the personal burning, (no not that kind of personal burning, get your mind out of the gutter) I am referring to the burning of our energy and passion, the kind of burning that if not managed leads to burn out. The old saying goes "be careful not to burn the candle at both ends for too long" this is because you will eventually burn out, but along the way, you will burn up first.   

Oh and don't forget, your doorbell, cell phone charger, smart oven, furnace, lightbulbs are all trying to burn down your house.

So what can be done? What is the digital equivalent of a fire extinguisher, smoke detector, or sprinkler? How do you tell when you or a colleague is getting burned up or is already burned out? What do you do when your doorbell is trying to kill you with FIRE! 

All this and SPICY Chips (or Crisps as Chris would say) on the Shit Show 

Tune in and feel the heat Thursday 11/12/ 2021 at 10 PM Central, 21:00 Mountian 

Thursday, November 5, 2020

Seven Ways Security Can Improve Your Sex Life

Let's talk about sex, baby (sing it)

Let's talk about you and me (sing it, sing it)

Let's talk about all the good things

And the bad things that may be

Wise words from Salt-N-Pepa. The "good things" and "the bad things". Because I want to end tonight's show on a positive note, I want to first address the bad things.

Sex is generally a good thing, but like most good things, humans make them into bad things. I don't EVER want to minimize the importance of recognizing the bad things:

  • Rape
  • Incest
  • Molestation
  • Sexual assault
  • Exploitation
  • Pornography (especially involving children)
  • Prostitution

These are all bad things with REAL victims. Our hearts go out to anyone and everyone who is or has been a victim of deviant sexual behavior. Some resources for all of us to know about:

OK. Sorry (but not really), to get us off on that foot. These are real issues facing people in our society. These people are our neighbors, our co-workers, and even our family members. Our lack of acknowledgement contributes to problem, it DOES NOT make it go away. Sadly, deviant sexual behavior in our society is getting worse. We'd be remiss if we didn't mention and acknowledge it.

Now, back to our regularly scheduled programming...

"Let's talk about all the good things", or at least some of them.

Almost universally, we like sex. Some (maybe most) of us want more sex. Some (maybe most) of us want better sex. Better and more frequent HEALTHY sex results in some amazing mental, physical, and physiological benefits. 

YAY, more better sexing!

Where does information security fit into the sex equation? Can we use information security to actually improve our sex life? I'll quote my co-host, Chris Roberts, "Oh hell yes!!" Just some ideas (some are ours, and some come from Security Shit Show fans):

Cameras (on or off, depending upon your preferences) with NO Internet vulnerabilities

  • Bluetooth or IoT sex aids with NO uninvited 3rd parties
  • Peace of mind, leading to more "in the moment" times
  • Better reporting so you actually GET to bed
  • Sleep in on Sat mornings and don’t have to worry about information security
  • Information security guys, gals, and others, are sorta bad ass. We like a little bad ass, don't we?
  • Ability to defend home/nest/etc. is an appealing trait for reproduction (even if subconscious)
  • Etc.

Myself, I'm convinced that there's something real here. 

Let's start a sexual information security revolution!

(that mighta been hormones, oops)

We're going to explore all this in tonight's Security Shit Show LIVE at 2200 CST. Join us! This can be your infosex little blue pill. LOL!

See you there!

-Evan

Thursday, October 29, 2020

Episode #25 - Kiss and Make Up?

So, lets face it, the decisions for the next president is probably already made despite everyone still running round the country stumping for more votes and hoping for a last minute turnout. We’ve seen record numbers of folks at the polls and the USPS folks have carried (successfully) more and more mail in ballots than we’ve seen in many years gone past.

Which means the dye is cast, we just have to wait to hear who’s won the next 4 years in the hot seat.

Which means the time for healing is upon us, or at least we should be planning for it.

OR CAN we?

Every 4 years it seems as if we up the ante in this fight for power, mud is slung, words are exchanged, wounds opened and then it’s over. We’re meant to move on, and try to get back to working together as ONE country as opposed to two divided ideologies or 50 individual states. To me this is like lawyers at the end of a trial who’ve insulted each other and their clients for days on end, they just shake hands and move on, while some of us STILL want to throw that Molotov cocktail across the courtroom.

HOW does this nation repair itself, how do families, communities and people come together, CAN WE?

How does one side not gloat? How does the other not lament what could/should have been? AND how DOES a house divided against itself actually work??

LOTS to talk about this evening, join us for a lengthy discussion on these topics and more. 

Join us LIVE tonight @ 2200 CST.


 

Thursday, October 22, 2020

Episode #24 Is My Vote Secure?



Will my vote count this year? 

What is the safest way to vote?

So many options, so many questions, and a shitload of confusion. 


As the last few weeks of this unprecedented year have unfolded the focus has been shifting to the upcoming election and the challenges the pandemic has created for our democratic process, specifically how in the actual F are we going to vote this year. some of the questions we have been pondering are:

  • If I vote by mail will it arrive and be counted?
  • Is 1234 actually an admin password for voting machines?
  • Are the Russians and Iranians or "others" setting up fake ballot boxes?
  • I want to wait in line for 19 hours to vote in person how safe is the voting machine?
  • Should I vote from my phone, is that safer than mail or in-person?
  • Will my vote be thrown out on a technicality?
  • Who is counting the votes and are they trustworthy?
  • How safe is my polling location?
  • How can I identify real poling security from someone pretending to be? 
The list of questions goes on and on, it is enough to make your head spin your stomach hurt and your confidence in our democratic process to be shaken to its core.

What can you do? who has the answers we seek? how can you ensure your vote is secure and counted?

But don't worry yet, all hope is not lost there are things that can be done, and lots we can learn to improve in the future, we will be discussing this and more on this episode of the ShitShow.


Thursday, October 15, 2020

Episode #23 - Disunited States of America

For episode 23 of the Security Shit Show – Watch it LIVEThursday night @ 2200 CST!

The "United" States of America has never been more disunited and divided, at least not in my lifetime. There's a hypothesis claiming a reason for our division is the disinformation that floods our inboxes, televisions, newsfeeds, and social media accounts every second of every day.

Is this true? Is disinformation dividing us? What is disinformation anyway? Is there someone or something behind it all?

Let’s break this down into component parts using as much logic and reason as we can muster. Logic and reason are beautiful things, but they fight against biases and emotions in our minds. The battle is in our heads.

Alright, let’s go down the rabbit hole. Trying to simplify what’s in my own head, but not oversimplify.

We need to define “disinformation”, and it helps to define “information” first. Yesterday I wrote a simple explanation of what information is, and how it differs from data.

Data is raw, unorganized representation of facts and/or statistics.

Information is organized data to provide meaning and relevance.

For our purposes, it’s safe to claim that data is fact and information is the interpretation of data; therefore, data is truth, and information is where lies can live.

A simple Google search of “disinformation” gives us:

false information which is intended to mislead, especially propaganda issued by a government organization to a rival power or the media.

So, disinformation then, is false interpretations of data intended to mislead.

Cool. Now, how does this apply to us, more specifically, the division of the United States of America?

Deeper into the rabbit hole we go…

330,449,838.

This is the U.S. population according to the United States Census Bureau as of 6:15am (10/15/2020). This is also the number of realities that exist in the United States. 

Yes, you read that right. There are 330 million+ REALITIES in the United States (at least).

There isn’t one single reality, unless there was nothing more than data without interpretation, and people don’t understand data without interpretation. A person's reality is their interpretation of data, and their interpretation will be heavily influenced by their perspective (with the bias, emotion, etc. that comes along).

Want to alter someone’s reality? Feed them a constant stream of information (your interpretation of data).

  • If your constant stream of information confirms their perspective, you’ll drive the nail deeper (maybe even create yourself a “radical”).
  • If your constant stream of information conflicts with their perspective, you might change their minds (assuming left brains prevail) or more likely evoke a slew of feelings that spill out the right side of their brain (where emotion lives), including anger, fear, confusion, depression, and maybe even violence.

A person’s perspective + the information they consume = their reality.

OK, this is simplified, but hopefully you smell what I’m steppin’ in here.

If you are na├»ve enough to think that (dis)information isn’t being used to manipulate people, then we you should spend some of your precious time to watch this episode of the Shit Show!

Examples of Disinformation Hot Topics

Just some topics that are used by disinformationists (a new word) to manipulate your vote and further divide us:

  • COVID-19
    • 217K deaths in the United States; cause of death versus had COVID-19 at time of death.
    • Trump should be held accountable for COVID-19 deaths in the United States
    • Masks stop the spread of COVID-19 versus limit the spread of COVID-19 versus do nothing to help.
    • “Superspreader” events; choir practices, Sturgis, birthday parties, political rallies, etc.
    • Lockdowns work versus lockdowns don’t work
    • Deaths from COVID-19 versus deaths from our response (failure to get preventative care, early detection of diseases, mental health/suicide, economic pressures, etc.)
  • Social Justice Issues
    • All cops are bad versus some cops are bad.
    • Minorities are being targeted versus minorities being more involved in crime leading to more encounters.
    • Law and order versus anarchy.
    • We should give back land to native Americans versus helping where people are currently at.
    • Reparations versus it not helping.
    • Systemic racism
    • All “patriots” are right-wing racists versus they’re just patriots who love their country.
    • Gun control versus gun control doesn’t work and it’s a right.
  • Immigration
  • The economy

There are many, many more examples of disinformation, but this is a good start. We could spend weeks talking about these alone.

How to Fight Disinformation

1. It starts with recognizing your own bias. Ask yourself:

  • Why do I believe what I believe?
  • Can I defend what I believe, using reason, without changing the subject or attacking/belittling someone who’s questioning me?
  • Are there facts to back what I believe, or do I use someone else’s interpretation of facts? If it’s someone else’s interpretation:
    • Are they biased?
    • Are they lying?
    • Do I truly trust them?
  • How much does my background influence my perspective at the expense of using data?

2. Entertain other perspectives. Other people might have valid points for you to consider. When doing this, ask yourself:

  • Are they using data to support their view?
  • Where did they get their data?
  • Can I research and review the data for myself?

3. Be respectful of others ALWAYS. It’s OK for other people to disagree with you and it’s OK to be unique. There’s nothing wrong with agreeing to disagree unless you disrespect someone else.

4. Do research. Find data.

5. Use your left brain (logic and reason) as much or more than using your right brain (emotion) when drawing conclusions. For some people, this comes more naturally than for others.

Closing

These are my thoughts for tonight’s Security Shit Show. Could be all bullshit or some good shit. You decide (hopefully with some data).

-Evan

Thursday, October 8, 2020

Episode #22 - Shit, We’re Breaking Down

This topic hits home (hard).


We, the pioneers, the forefathers, the originators of this bloody industry that we’re dissecting every week are breaking down. We’re past our sell by date, our warranty’s expired, and bugger all chance of getting one of those extended ones…heck we’re almost at a point where we can get Medicaid AND free bus rides.

We can’t be more than 20 yards from a toilet, our bodies are breaking…I just learned what the hell gout was (the painful way) and I’m fairly certain that my loving daughter (who called me old and moldy) IS buying me a walking cane for my birthday.

HOW do we pass the baton, what can we do to bring the next generation through with LESS mistakes than we made, how do we champion others AND will you please keep those bloody kids OFF my lawn!?!

This evening is going to be both groans and moans about falling apart AND a debate about what do we do with the younger generation, those that must take over AND hopefully do a better job than we did.

Join us LIVE at 2200 CST. This is certain to be entertaining and some good discussion!

Thursday, October 1, 2020

Shitty Co-Workers (Episode 21 )

 


We have all had to deal with Shitty co-workers in our careers 

You know the co-worker who just never seems to want to help, or worse yet actively gets in the way of work getting done, the Co-worker who works harder at avoiding the work than doing the work, the one with the constant bad attitude and excuses.

With COVID and remote work the Shitty Co-workers are getting worse and some of us who used to be good co-workers stuck in isolation are now turning into the shitty ones.

Our Co-workers get paid by the same company as us, they should be focused on the same business objectives as us, yet it seems as if they are working for someone else for some other purpose. 

When it comes to information security not only is this behaviour annoying, it is irresponsible and dangerous and could lead to someone's death.

What makes a Shitty Co-worker? 

  • Lack of commitmit to the team
  • Constant negative attuduite 
  • Not focusing on the issues at hand
  • Creating unessary polictal hurdles 
  • Avoiding responsibility or accountability 
  • Blaming others
  • Creating road blocks 
  • Causing delays and confusion 
  • Refusing to learn or grow
  • Never seems to be their issue to deal with
  • Generally being a shit person

Are you the shitty Co-worker? are you turning shitty from isolation? how can you help your shitty Co-workers to be less shitty?, all that and more tonight on the Security Shit Show

Thursday nights at 9 PM Mountian 10 PM Centeral 

https://www.youtube.com/watch?v=150wTRrsQ8Y

Evan, Chris and Ryan the Shitshow Crew 

Thursday, September 24, 2020

Episode #20 - Somebody's Got To Pay (for this)!

Alright, it’s my turn (Evan).



The issue is accountability, or (maybe) lack of accountability, in our industry.

Bad things happen and people either:

  • Sling mud.
  • Run and hide (hoping nobody will notice).
  • Defend why they didn't take accountability.
  • <INSERT RESPONSE HERE>

There are good examples out there too, so I don't want to paint a unnecessarily grim picture. I contend there are less good examples of accountability than there are bad examples.

This has been a topic that’s been dominating my thoughts again for the past couple weeks. I say “again” because this isn’t the first time we’ve talked about it.

During episode 18, a couple weeks ago, we were talking about ransomware. The talk was great, but the frustration felt by Chris, Ryan, and myself was obvious. Why do we keep doing the same things repeatedly? Why don’t people do the basics? 

My take was the lack of accountability. So, I drafted a Ransomware Recovery Contract to help.  

So, tonight I want to dig into the greater issue of accountability in general. 

  • The importance of accountability.
  • Repeating the same mistakes over and over.
  • Safe to assume people know?
  • People are dying.
  • When to define accountability.
  • Who’s ultimately accountable for what?
    • In tech – buggy software, social media (see the social dilemma), etc.
    • Big organizations.
    • Small organizations.
    • Public organizations.
    • School districts.
  • Examples of accountability disfunction.
  • Examples of good accountability.
  • What to do about it.
  • Get out ahead. Better now than never (or later).
  • Will CEOs be personally liable someday?

This discussion is sure to be good! Join us LIVE tonight at 10pm (2200) CDT for our thoughts (and some entertainment too).


Thursday, September 17, 2020

Episode #19 - How did we get here?

If you're wondering where our blog post for episode 18 went, well it didn't really go anywhere. It never existed!

We recorded our show last week without a blog post, and if you missed it live, you can watch it "Hands Up! Give Me All Your Money." here


This week is Chris' week. Chris has been busy as hell this week, so the fact he got this out is a miracle!

Here's his write up for this week's show:

Sometimes in order to keep moving forward, not only must you take one step at a time, but you must be willing to look back occasionally and evaluate your past, no matter how painful it is. Looking back lets you know whether or not you are headed in the right direction.” (G.K Adams)

Having just worked with the Semperis crew on delivering a lecture the other day on the historical tie-ins between how we ALL approach technology today and the influences ON those decisions from almost 12,000 years of documented history affect us it’s something I want to explore further.

So, this evening’s Shit Show we'll dig a little deeper with Evan Francen, Ryan Cloutier, CISSP and Rachel Arnold

We’ll go back to Jericho in 9600 BCE and work our way forward to see how we might better learn from some of the pitfalls that our ancestors found instead of simply continuing to jump into the bloody things each time they are presented.

For those of you who are brain diggers OR simply want to know why we continue to do the same daft things I encourage you to join in, for the rest, grab the popcorn and watch as we try to untangle the brain and humans in general.

This evening (Thur) 21:00 Mountain, links below:

‘all for now

Chris

This is going to a great discussion! Check in live here. If you are already asleep at 10pm CDT or if you have better things to do tonight, check back later for the recording.

Thursday, September 3, 2020

Episode #17 - Negativity is Bullshit

 


Ever met someone who’s seems negative all the time? The person who always has something negative to add to a conversation? 

These people are common, so common we have a nickname for them; “Negative Nelly”. 

You could be having the best day, then along comes Nelly. He/she shits on your parade and leaves you feeling gloomy. 

You don’t like Nelly, you don’t like talking to Nelly, and you certainly don’t like hanging out with Nelly.

We’re Nelly.

The information security industry is Nelly.

Don’t agree? How often do you read positive news about our industry versus negative news? Some recent headlines:

  • Online marketing company exposes 38+ million US citizen records.
  • Chinese professor on sensitive projects in US jailed for espionage.
  • Google removes Android app that was used to spy on protesters.
  • WordPress websites attacked via File Manager plugin vulnerability.
  • Vulcan Cyber study finds serious problems with vulnerability management.

We can’t help it, we're Nelly.

In our defense, this is the nature of our work. Information security is about managing risk and “risk” is always dependent on a negative outcome. What information security is and how we package it are two different things though.

How many times have we said things like these (or similar)?

  • “If the ^@&*! users would just stop clicking links!”
  • “People just don’t get it.”
  • “It’s a layer 8 problem. People are always the problem.”

The business doesn’t like Nelly.

Nobody invites Nelly to parties because dealing with Nelly is bullshit. The business doesn’t invite Nelly to their parties (meetings) because Nelly tells us why it’s not a good idea to do something or why we can’t do something.

  • No, we can’t do that.
  • It violates our security policy.
  • It’s too risky.
  • It violates regulatory requirements (GDPR, HIPAA, GLBA, etc.).
  • We can do that one thing but it’s gonna be a lot of work to secure it.

A business is in business to make money. Nelly is a cost center. Nelly is necessary evil, so we deal with him/her. Nelly is so damn negative though, so we're going to try avoiding him/her when we can.

Business users don’t like Nelly.

These people may be warming up to us, but that’s a helluva lot different than wanting to hang with us. Mandatory training, punitive reactions, etc. are common ways we engage. 

How do business users feel when we walk into a room?

Nelly doesn’t like Nelly.

Ever felt intimidated or dumb when asking someone a question or suggesting an idea or solution? Ever felt a little beaten up? 

It’s Nelly again. Nelly is a pain in the ass and he/she is bullshit.

So, what do we do about Nelly?

We’ll discuss this on tonight’s Security Shit Show! We’ve got some cool ideas, but here’s some to get you started:

  • Be intentionally positive even when delivering negative news.
  • Be aware of how your perceived by your audience.
  • Deliver value based on positive results not negative ones.
  • Make lives better, make businesses more money, and people will wanna hang with you (Nelly).

TUNE IN TONIGHT AT 10PM CDT FOR EPISODE 16 – “NEGATIVITY ISBULLSHIT”

Chris, Evan, and Ryan will have some good shit to share!

Monday, August 31, 2020

Episode #16 - Fried Brains Anyone?

Shit, we’re late posting this one! Imagine three guys all pointing fingers at each other. That’s sort of it… No, not really. 

This is the Shit Show for crying out loud!

 


Anyway, here’s Chris’ episode 16 LinkedIn post…

This evening on the Security Shit Show we’re going to open the Pandora’s box labeled 5G and see what’s what with the technology, implementations, countries involved AND all the conspiracy theories surrounding it.

With the ever-guiding lights provided by Evan Francen, Ryan Cloutier, CISSP and Rachel Arnold we’ll see what we can come up with to dispel the rumors of brain frying, Covid-19 inducing, plant and bird killing technology.

We’ll address some of the actual challenges WITH 5G, thanks to some great conversations the other week with Paul Ferrillo and Dr. Rob Spalding, Brig Gen, USAF (Ret)

We might even go down the rabbit hole of Body Area Networks, and how we can induce communication within the body… and NO that’s not a 5G thing, but it’s a reality we’re working on…

I’m sure our colleagues in China will come up in conversation given the bun fight between the US and that area of the world… we WILL address the technology giant that IS the Far East and what we can (or can’t) do about it.

Grab a drink and join us this evening for an engaging conversation about how we’re screwed and should accept the simple fact technology’s won and we’re merely prawns in the digital age (or is it pawns?)

Wednesday, August 19, 2020

SHHHHH They are listening




Think you're having a private conversation, think again your TV, toaster, thermostat, smart speakers and phones are all listening to you all the time. You're most embarrassing and mundane moments are being listened to by quality control agents all around the globe.

 

Cyber criminals are combing through your chat logs, so they can craft the perfect phishing attack. Smart cameras and webcams are allowing predators access to your home and children. 

Nation states are listening so they can learn how best to sway your thinking and manipulate you.

 

Why does this matter to you, 3rd party companies are monetizing your personal information and nation-states are weaponizing it against you and your children, grandchildren, nieces, and nephews.

 

Business are having confidential conversations around these spying devices potentially allowing trade secrets and sensitive information to leak.

 

We are sharing sensitive medical information with our doctors via iPads, laptops and smartphones, are you sure that the only person who knows about your embarrassing social disease is your doctor? 

 

Have you ever looked at the chat log to see what has been heard by these devices?

 

Do you know you can prevent this, that you can control how much of your life you expose to these in-home spying devices?
 
Tune in for a lively and honest discussion about who is listening and what you can do, to do to limit or prevent your most private conversations from becoming public. Thursday night at 10pm central 

Saturday, August 15, 2020

Episode 14 Follow-up - The Slides & Such

Thank you to everyone who tuned in for this past Thursday's (8/13) show! The title of the show was "Shut Up Brain! I'm Fine." It was an episode filled with real talk about a deep topic, mental health.

If you missed any of it, the episode blog post is here and the recorded show is here.

There were (at least) two follow-up items from the show:

  1. The slide deck. We had numerous people ask us for a copy. Ask and you shall receive! Download it here.
  2. The invitation to take the Mental Health First Aid class with us. During the show, Evan promised to pay for the first ten (10) people who were willing to take the class. We didn't expect people to take us up on the offer so quick, but the ten spaces are already filled. Don't let this stop you though! It's only $80 to take the class and it's 100% worth the money. We highly encourage you to check it out here.

We hope you enjoy our show. It's a place where people can discuss tough topics and challenges facing our information security industry with fear of being disrespected.

See you next week! It's Ryan's topic...

Thursday, August 13, 2020

Episode #14 - Shut Up Brain! I'm Fine.

 Really? Who’s got all their shit together all the time? Simple. Nobody does.


NOTE: Mental health is a topic that hits home with all three of us on the Shit Show, so this is gonna get personal.

Let’s get real. Mental health is a real and significant issue. We convince ourselves of the lie, nobody cares and you’re alone. This is bullshit. People do care and you are NOT alone! Some facts:

  • 19.1% of U.S. adults experienced mental illness in 2018 (47.6 million people). This represents 1 in 5 adults.
  • 4.6% of U.S. adults experienced serious mental illness in 2018 (11.4 million people). This represents 1 in 25 adults.
  • 16.5% of U.S. youth aged 6-17 experienced a mental health disorder in 2016 (7.7 million people)
  • 3.7% of U.S. adults experienced a co-occurring substance use disorder and mental illness in 2018 (9.2 million people)

It’s not a race or sexual-preference thing. The annual prevalence of mental illness among U.S. adults, by demographic group:

  • Non-Hispanic Asian: 14.7%
  • Non-Hispanic white: 20.4%
  • Non-Hispanic black or African-American: 16.2%
  • Non-Hispanic American Indian or Alaska Native: 22.1%
  • Non-Hispanic mixed/multiracial: 26.8%
  • Hispanic or Latino: 16.9%
  • Lesbian, Gay or Bisexual: 37.4%:

It’s a fucking human thing! Sadly, too many of us believe the lie and don’t get help. We must fight the stigma and make help more accessible to those who need it.

  • 11.3% of U.S. adults with mental illness had no insurance coverage in 2018
  • 13.4% of U.S. adults with serious mental illness had no insurance coverage in 2018
  • 60% of U.S. counties do not have a single practicing psychiatrist.

It’s OK to talk about mental health issues openly and it’s OK to face our mental challenges head on. It’s NOT OK to keep this shit under wraps and it’s NOT OK to face your mental challenges alone. The ultimate end for some who are suffering is suicide.

  • Suicide is the 2nd leading cause of death among people aged 10-34 in the U.S.
  • Suicide is the 10th leading cause of death in the U.S.
  • The overall suicide rate in the U.S. has increased by 31% since 2001
  • 46% of people who die by suicide had a diagnosed mental health condition
  • 90% of people who die by suicide had shown symptoms of a mental health condition, according to interviews with family, friends and medical professionals (also known as psychological autopsy)
  • Lesbian, gay and bisexual youth are 4x more likely to attempt suicide than straight youth
  • 75% of people who die by suicide are male
  • Transgender adults are nearly 12x more likely to attempt suicide than the general population
  • Annual prevalence of serious thoughts of suicide, by U.S. demographic group:
    • 4.3% of all adults
    • 11.0% of young adults aged 18-25
    • 17.2% of high school students
    • 47.7% of lesbian, gay, and bisexual high school students

Sadly, these numbers are likely worse now. All these statistics are pre-2020, pre-COVID, pre-riots, etc. Take these facts, sprinkle in the stress of working in our (information security) industry (marginalized, understaffed, misunderstood, etc.), and we have a potential recipe for disaster, at least for some of us.

This might not be an uplifting topic to discuss on the Shit Show, but it’s one we won’t back down from. We give a shit about people and we give a shit about you, so we’ll openly discuss all this tonight!

Be sure to tune in tonight (8/13) at 10pm CDT (2200 for those who prefer the 24hr clock) for our live show. If you can't catch us live, go watch the recording afterwards.

Thursday, August 6, 2020

Episode #13 - What if I Told You?

Your mother was a hamster, and your father smelt of elderberries….

Until recently, if I wanted to insult you I HAD to do it to your face, or from the parapet of the nearest castle and hope that you didn’t punch my lights out OR lay siege to my domain.

However…

These days, anyone with a phone, computer or Internet access can quickly become an armchair critic, troll or anonymous heckler in the digital crowd.

To the point where it moves from annoying TO personal and threatening etc.

And, as a society, as an industry and as humans we’re ill prepared to deal with this issue. It’s NOT going away, and it affects many of us, so what DO we do about it?

Alas, our topic for Episode 13, LIVE on Thursday night (8/6) @ 10pm EDT!

Thursday, July 30, 2020

Episode #12 Scammy Shit



Scams, scams, everywhere are scams and misinformation.

In the digital world, it is more important than ever to be able to recognize scams and misinformation. The cybercriminals continue to evolve their tactics, they are playing a longer game these days, making it harder to detect when scams are afoot. scams come in so many flavors, pet scams, romance scams, business scams, COVID scams, charity scams, product scams, and the list goes on and on.

 Scams include counterfeit goods and services not to mention the psychological warfare being waged against the world via social media and traditional media. if we continue to allow this to go unchecked we will find ourselves in a world we never wanted and can not escape. if we are going to live digital-first lives we must adopt the necessary skills to do so safely and step one is the ability to identify scams and misinformation.

tonight we will talk about what is a scam, how do you identify it, what are the right questions to ask, who do you tell if you think you're being scammed, how do you recover if you have been scammed. what do we as an industry need to do to help build better detection and protection against scams and misinformation?         

Tune in and join us in the conversation

Thursday, July 23, 2020

Episode #11 - Why?

Why do we do this shit, why do you do this shit, and why do they do this shit?


We’re all busy as hell. We rush off to do shit, in a rush to get shit done. The shit we do is critical and we’re all important to… Wait!

Why?

Why am I busy as hell? Why am I rushing off to do shit? Why is it so important I get shit done? Why is what I do critical to anyone?

I just assume I know. I get caught up in the whirlwind of shit like most people do. If I get too deep in the shit, I easily forget why I chose to be here in the first place. Did I just assume I knew my purpose without taking the time to reflect on it?

This is deeper than I thought.

Why did I want to get into this industry? Why am I here?

Reflection time.

OK, I think I got my shit figured out.

What about you? Do you think you’ve got your shit figured out too? Is it safe for me to assume you do?

What about them, you know, the business people, the everyday people, and the people who don’t do what we do? Think they got their shit figured out too?

Does any of this matter?

Hell yes, it all matters! If I don’t have my shit figured out, I have no purpose. If you don’t have your shit figured out, you don’t have purpose either. If my shit and your shit align, we can do good shit together. If they don’t align, we can’t. I’m in this shit, you’re in this shit, and they’re in this shit too. We’re all in this shit together. Some of us are aligned (with our purpose) and some of us aren’t. If and where we’re in alignment, meaning our purposes can serve each other’s purposes, we’re allies. Where there isn’t alignment, we’re adversaries.

Simple. Alignment = Ally. Misalignment = Adversary.

Find your purpose first, then look for common ground in others. Don’t assume, validate. Assuming I know my purpose or your purpose or their purpose without validation leads to aimless bullshit. Lord knows, we have too much aimless bullshit already.

Be sure to catch episode #11 LIVE tonight!

Episode #10 (“We Want You…”) is in the books…

We’re late posting this update. Our bad.


Episode #10 was recorded live last week (7/16) and it was our best one yet! It was Chris’ topic, and here’s his write-up:

On tonight’s Security Shit Show, Ryan Cloutier, CISSP Evan Francen and I are going to tackle the wonderful world of job descriptions, recruiting and the disaster that appears to be getting people INTO the industry!

As a guide, the below should help frame the conversations!

Job descriptions (AND their meanings)

1.       To be part of the team (you’re the first!)

2.       To lead from the front (you’re the bullet shield)

3.       To be THE voice (and get blamed)

4.       To bridge DevSecOps (You’re buying coffee and donuts)

5.       Drug free workplace (no coffee, tea, alcohol, weed, glue, or gluten)

6.       To have the following (The tick-list from hell)

a.       Degree (you know because that ALWAYS helps…)

b.       CISSP (yea, it’s only an intern role, but we to keep up appearances)

c.       5 years of experience (ALL entry level people have that, right?!?)

d.       CEH (we googled this, it sounded cool)

e.       Knowledge of networking (WTF is the difference between 5, 5e, 6, etc.)

f.        Experience with WiFi (A, B, G, F, E, 2.4, 2.5, 5 and many other numbers)

g.       Fluent in acronym soup

h.       Fluent in geek, an undergraduate in business, psychology, and PPTX

You get the idea; we’re going to dismantle this shit tonight!

A great episode with a ton of great discussion. Afterwards, arguably our biggest fan, Rachel Arnold ran off and created a working group to tackle our industry’s recruitment problem. The group was VERY chatty almost immediately. Kudos to her!

Catch the live recording of Episode #10 here on YouTube.

Catch the podcast of Episode #10 here on Apple Podcasts.

Stay tuned, the Episode #11 is coming later today…

Wednesday, July 8, 2020

Your shits broken! We want a recall!


This shit again…… Key pieces of technology that we rely on are broken and we have no recourse with the manufacture. Why is IT the only industry that when shit breaks, no one seems to be accountable or care to fix their faulty products, the majority of home routers are broken. In this time of COVID the security of our home routers is critical for our business, institutions, governments, and personal safety. It is a sad truth that I am not shocked when I hear this year’s newest home routers are all running out of date OS’s, out of date code with gaping holes and vulnerabilities.

 If this was a car, stove, toy, building material, TV etc. putting us at risk, we would have recourse with the consumer protection agency, with the manufacture through a recall but because it is the Blackbox of mystery known as IT there is nothing we can do to hold the vendor accountable for putting us at risk. So how do we change this, how do we the consumer take back the power to hold the manufactures accountable to fix and recall their products when those products are putting the world at risk, tune in this Thursday at 10pm central to find out.  

 


Thursday, July 2, 2020

Episode #8 - Mirror, mirror on the wall...

HINT: You're probably NOT the fairest of them all (and neither am I).


The dreaded (by some) topic of information security roles and responsibilities.

When people don't know their role, or they’re not held accountable for it, what happens? Too often, nothing happens. Information security falters, breaches happen, people suffer, and everybody is left pointing fingers at everybody else.

The facts:

  • NOBODY is more responsible for your information security than you are.
  • NOBODY should give a shit about your excuses.
  • SOMEBODY suffers when you don't understand (or define) your role and play it as well as you can.
  • A CISO can only do what he/she is EMPOWERED to do. Does burying them within IT, empower them?

So much shit to talk about in this episode, and there's sure to be some sparks flying (and maybe a disagreement or two).

Questions we'll cover (and more):

  • Who the hell is responsible? You? Me? Them?
  • At your organization, who's ultimately responsible for information security?
  • At home, who's ultimately responsible for information security?
  • Who's to blame when shit goes wrong?
  • Where's accountability in all this?
  • Worried about the Russians, the Iranians, the hackers taking all your shit? Whose problem is that and what are you going to do?
  • You've got the CISO job! Yay! Are you empowered to do your shit? Why/why not?

So many angles to take on this and lots to discuss! Join us tonight (7/2) @ 10PM CDT to get the Shit Show Crew's take!



Thursday, June 25, 2020

Shit Show Episode #7

IS it Navajo? Klingon? Esperanto? or heavens help us is it Qwghlmian?

No…it’s geek.

 

Seriously, what the hell is it with our industries ability to make words up, spew out acronyms and do our level best to flummox and alienate anyone NOT like us? WE have a communication problem and yet we keep on inventing more and more obscure words and phrases to describe what we’re doing.

So, this week we’re going to unpack that shit.

We’re going to get out the translators AND break down some of the stupidity that is geek speak and translate it TO plain and simple English that everyone can understand.

We’re NOT dumbing it down, because that implies the non-technical folks “won’t understand” but we WILL demystify, deconstruct and break down some of the language barriers

Oh, and along the way we’re going to help us build a compendium that I’m in the middle of doing!

Join us OR die in a sea of acronyms that rivals that of the Military!!

The Security Shit Show is LIVE tonight (6/25) @ 10pm CDT - https://youtu.be/fdtHk2DmW-0

 :)

-Security Shit Show Crew (Chris, Ryan, and Evan)

Episode #43 - Killed My Grandma (updated for primetime)...

 NOTE: #ShitShow topic NOT my Grandma in Real Life before anyone gets worried! Annually, there are anywhere from 22,000 to 250,000 cases of ...