Skip to main content

Episode #8 - Mirror, mirror on the wall...

HINT: You're probably NOT the fairest of them all (and neither am I).

The dreaded (by some) topic of information security roles and responsibilities.

When people don't know their role, or they’re not held accountable for it, what happens? Too often, nothing happens. Information security falters, breaches happen, people suffer, and everybody is left pointing fingers at everybody else.

The facts:

  • NOBODY is more responsible for your information security than you are.
  • NOBODY should give a shit about your excuses.
  • SOMEBODY suffers when you don't understand (or define) your role and play it as well as you can.
  • A CISO can only do what he/she is EMPOWERED to do. Does burying them within IT, empower them?

So much shit to talk about in this episode, and there's sure to be some sparks flying (and maybe a disagreement or two).

Questions we'll cover (and more):

  • Who the hell is responsible? You? Me? Them?
  • At your organization, who's ultimately responsible for information security?
  • At home, who's ultimately responsible for information security?
  • Who's to blame when shit goes wrong?
  • Where's accountability in all this?
  • Worried about the Russians, the Iranians, the hackers taking all your shit? Whose problem is that and what are you going to do?
  • You've got the CISO job! Yay! Are you empowered to do your shit? Why/why not?

So many angles to take on this and lots to discuss! Join us tonight (7/2) @ 10PM CDT to get the Shit Show Crew's take!


  1. GREAT Episode! A lot to unpack and a few tough conversations in my future discussing some of this with my leadership.

    I'd be curious to hear your opinions on a 2 followup items from in this show -
    In your opinions - where is the line between "Real world imperfect organization with issues" and "Shitty management, GTFO"?

    What are some ways to determine if you're failing as an information professional at communicating risk effectively, or if you're dealing with leadership just doesn't want to hear it?


Post a Comment

Popular posts from this blog

Episode One is On!

We're ready to roll! The first episode of the Security Shit Show is scheduled for this Thursday at 10pm CDT. It's sure to be good entertainment watching three information security "experts" shootin' the shit about some information security topic that's bound to get one (or all) of us riled up. We're live streaming our episodes on YouTube, so if you're looking for some Thursday night entertainment, grab a drink and listen in. The YouTube live stream show link is here; The recordings, both video and audio will be posted shortly after the live show, so look out for those too.

Killer Robots? Oh Shit.

If you missed last week’s episode, the Security Shit Show crew tackled the difficult discussion about morals and ethics. There are two ways to treat you ears and/or eyes (not likely) to Episode #5, "Moral and Ethical Shit in a Shitty World" : YouTube (video) Podcast (audio) It was an really good episode. A little bit of shit-slinging, but mostly just great discussion and opinion. If you like our shit, you should subscribe to our shit. Subscribe on YouTube or whatever your favorite podcast thingy is. Rumor has it, the shit will only get better and better! Episode #5 - Killer Robots? Oh Shit. Alright, we’re ready for the next episode of the Security Shit Show! Shout out to a helpful (and maybe even loyal) viewer Robert Hodges for calling our attention to a neat article titled “ Should 'Killer Robots' Be Banned? ”. Do killer robots sound like a good idea to you? Think about it... Certainly, Chris, Evan, and Ryan will have a few things to say about the topic.

What's the Security Shit Show?

If you don't want your life to stink, quit standing in shit. The Security Shit Show is a podcast that three friends put together; Ryan Cloutier, Chris Roberts, and Evan Francen. We're information security veterans (some call us "experts") with more than 70 years of combined experience who have a lot of shit to get off our chest. The information security industry isn't all hunky-dory; we're doing a lot of things wrong and people are suffering because of it. You can be the "fly on the wall" or you can interact with us. Ultimately, this is your call. Here's the lowdown for our show... Name The Security Shit Show You can take this name two ways; either we're calling security a shit show, or we're discussing security shit on the show. The answer is "yes". Purpose Provide people with the real shit going down in our industry, and always discuss ideas about what people can do to make things better. This is not a