Thursday, July 30, 2020

Episode #12 Scammy Shit

Scams, scams, everywhere are scams and misinformation.

In the digital world, it is more important than ever to be able to recognize scams and misinformation. The cybercriminals continue to evolve their tactics, they are playing a longer game these days, making it harder to detect when scams are afoot. scams come in so many flavors, pet scams, romance scams, business scams, COVID scams, charity scams, product scams, and the list goes on and on.

 Scams include counterfeit goods and services not to mention the psychological warfare being waged against the world via social media and traditional media. if we continue to allow this to go unchecked we will find ourselves in a world we never wanted and can not escape. if we are going to live digital-first lives we must adopt the necessary skills to do so safely and step one is the ability to identify scams and misinformation.

tonight we will talk about what is a scam, how do you identify it, what are the right questions to ask, who do you tell if you think you're being scammed, how do you recover if you have been scammed. what do we as an industry need to do to help build better detection and protection against scams and misinformation?         

Tune in and join us in the conversation

Thursday, July 23, 2020

Episode #11 - Why?

Why do we do this shit, why do you do this shit, and why do they do this shit?

We’re all busy as hell. We rush off to do shit, in a rush to get shit done. The shit we do is critical and we’re all important to… Wait!


Why am I busy as hell? Why am I rushing off to do shit? Why is it so important I get shit done? Why is what I do critical to anyone?

I just assume I know. I get caught up in the whirlwind of shit like most people do. If I get too deep in the shit, I easily forget why I chose to be here in the first place. Did I just assume I knew my purpose without taking the time to reflect on it?

This is deeper than I thought.

Why did I want to get into this industry? Why am I here?

Reflection time.

OK, I think I got my shit figured out.

What about you? Do you think you’ve got your shit figured out too? Is it safe for me to assume you do?

What about them, you know, the business people, the everyday people, and the people who don’t do what we do? Think they got their shit figured out too?

Does any of this matter?

Hell yes, it all matters! If I don’t have my shit figured out, I have no purpose. If you don’t have your shit figured out, you don’t have purpose either. If my shit and your shit align, we can do good shit together. If they don’t align, we can’t. I’m in this shit, you’re in this shit, and they’re in this shit too. We’re all in this shit together. Some of us are aligned (with our purpose) and some of us aren’t. If and where we’re in alignment, meaning our purposes can serve each other’s purposes, we’re allies. Where there isn’t alignment, we’re adversaries.

Simple. Alignment = Ally. Misalignment = Adversary.

Find your purpose first, then look for common ground in others. Don’t assume, validate. Assuming I know my purpose or your purpose or their purpose without validation leads to aimless bullshit. Lord knows, we have too much aimless bullshit already.

Be sure to catch episode #11 LIVE tonight!

Episode #10 (“We Want You…”) is in the books…

We’re late posting this update. Our bad.

Episode #10 was recorded live last week (7/16) and it was our best one yet! It was Chris’ topic, and here’s his write-up:

On tonight’s Security Shit Show, Ryan Cloutier, CISSP Evan Francen and I are going to tackle the wonderful world of job descriptions, recruiting and the disaster that appears to be getting people INTO the industry!

As a guide, the below should help frame the conversations!

Job descriptions (AND their meanings)

1.       To be part of the team (you’re the first!)

2.       To lead from the front (you’re the bullet shield)

3.       To be THE voice (and get blamed)

4.       To bridge DevSecOps (You’re buying coffee and donuts)

5.       Drug free workplace (no coffee, tea, alcohol, weed, glue, or gluten)

6.       To have the following (The tick-list from hell)

a.       Degree (you know because that ALWAYS helps…)

b.       CISSP (yea, it’s only an intern role, but we to keep up appearances)

c.       5 years of experience (ALL entry level people have that, right?!?)

d.       CEH (we googled this, it sounded cool)

e.       Knowledge of networking (WTF is the difference between 5, 5e, 6, etc.)

f.        Experience with WiFi (A, B, G, F, E, 2.4, 2.5, 5 and many other numbers)

g.       Fluent in acronym soup

h.       Fluent in geek, an undergraduate in business, psychology, and PPTX

You get the idea; we’re going to dismantle this shit tonight!

A great episode with a ton of great discussion. Afterwards, arguably our biggest fan, Rachel Arnold ran off and created a working group to tackle our industry’s recruitment problem. The group was VERY chatty almost immediately. Kudos to her!

Catch the live recording of Episode #10 here on YouTube.

Catch the podcast of Episode #10 here on Apple Podcasts.

Stay tuned, the Episode #11 is coming later today…

Wednesday, July 8, 2020

Your shits broken! We want a recall!

This shit again…… Key pieces of technology that we rely on are broken and we have no recourse with the manufacture. Why is IT the only industry that when shit breaks, no one seems to be accountable or care to fix their faulty products, the majority of home routers are broken. In this time of COVID the security of our home routers is critical for our business, institutions, governments, and personal safety. It is a sad truth that I am not shocked when I hear this year’s newest home routers are all running out of date OS’s, out of date code with gaping holes and vulnerabilities.

 If this was a car, stove, toy, building material, TV etc. putting us at risk, we would have recourse with the consumer protection agency, with the manufacture through a recall but because it is the Blackbox of mystery known as IT there is nothing we can do to hold the vendor accountable for putting us at risk. So how do we change this, how do we the consumer take back the power to hold the manufactures accountable to fix and recall their products when those products are putting the world at risk, tune in this Thursday at 10pm central to find out.  


Thursday, July 2, 2020

Episode #8 - Mirror, mirror on the wall...

HINT: You're probably NOT the fairest of them all (and neither am I).

The dreaded (by some) topic of information security roles and responsibilities.

When people don't know their role, or they’re not held accountable for it, what happens? Too often, nothing happens. Information security falters, breaches happen, people suffer, and everybody is left pointing fingers at everybody else.

The facts:

  • NOBODY is more responsible for your information security than you are.
  • NOBODY should give a shit about your excuses.
  • SOMEBODY suffers when you don't understand (or define) your role and play it as well as you can.
  • A CISO can only do what he/she is EMPOWERED to do. Does burying them within IT, empower them?

So much shit to talk about in this episode, and there's sure to be some sparks flying (and maybe a disagreement or two).

Questions we'll cover (and more):

  • Who the hell is responsible? You? Me? Them?
  • At your organization, who's ultimately responsible for information security?
  • At home, who's ultimately responsible for information security?
  • Who's to blame when shit goes wrong?
  • Where's accountability in all this?
  • Worried about the Russians, the Iranians, the hackers taking all your shit? Whose problem is that and what are you going to do?
  • You've got the CISO job! Yay! Are you empowered to do your shit? Why/why not?

So many angles to take on this and lots to discuss! Join us tonight (7/2) @ 10PM CDT to get the Shit Show Crew's take!

Episode #71 You talkin' to me? You talkin' to me? You talkin' to me? Then who the hell else are you talkin' to? You talkin' to me? Well, I'm the only one here. Who do the f*** do you think you're talking to? Oh, yeah? Ok.

Every time I encounter an ego in our industry, I immediately think they are channeling their inner Robert Denerio. Or when I run into a vend...