Thursday, July 22, 2021

Episode #56 You Got Breached, Congratulations.

You Got Breached, Congratulations. 




You’re NOT a special snowflake
You can’t go round pouting
You don’t need to find anyone to blame
No, the Russians probably didn’t do it
No, I don’t need tagging in the post
Yes, likely you DO need to change some things
No, you probably couldn’t have stopped it
Yes, you could have likely detected it sooner
Yes, you could probably have remediated it faster
No, don’t you DARE blame the users!
No, your annual training for 30 mins isn’t effective (it sucks)
Yes, you can recover from it (hopefully)
No, it won’t kill you JUST yet, wait a few more years though…
More budget? Stop wining and spend what you have wisely
Yes, it means you have to roll up your sleeves
Yes, interns or apprentices can help remediate this
Yes, get off your ass, it got pwned, get over it
No, you’re still NOT a special snowflake.

Congratulations.
You’re JUST like all the other breaches
You can sit down and plan
You should go look in the mirror
You likely did it to yourself, we’ll get to that.
Yes, you can reach out for help and advice
NO, you don’t need to buy everyone’s cyber-crap
NO, everyone’s cyber-crap isn’t going to stop it either
YES, it would be good to know what you actually have
YES, it would be great to know WHERE your data IS
Yep, IF you can track it back, it probably starts on a users machine
Yes, ongoing education HELPS (doesn’t fix, but helps)
Yes, you can recover from it (get the basics in order)
Yes, we are working on hacking the chips in humans, fun eh?
Nope, don’t expect more money, so work smarter
Yes, it means you can now get your house in order, good!
Yes, you can probably justify headcount but save $$ and get folk TO train
Yea, it sucks, sorry, but it’s the way of the new world.
And no, you’re not special, you CAN however be a good example.

Get the basics sorted out BEFORE your ass is delivered TO you on a silver platter

* Assets, what do you have?
* Assets, where are they?
* Who’s got access to them, and why?
* What DO they do, what is their purpose?
* What’s on them?
* Which ones do you need to care about?

Got it? Good, now go get a cuppa tea or coffee and go deal with it…. I’m going to go make breakfast.

‘all for now

Chris

All this and more tonight on the Security Shit Show.
10 pm Central, 21:00 mountain  

https://www.youtube.com/watch?v=DrUpbCrXegw

Thursday, July 8, 2021

Episode #55 To Code Scan or Not to Code Scan That is the Question

 

This last year we have seen a huge uptick in attacks leveraging compromised software as the means of getting exploits to the end points. 



With more and more companies relaying on managed services to run their day-to-day operations, understanding the security of the management tools being used and the security practices of those who make the tools is more important than ever.

We have tried for years to close the gap between development, operations and security that journey has led us to what we now call DevSecOps or said the long way Development Security Operations, this has worked to a varying degree but is still not adequate for the increased threat we face.

Just like we preach all the time to focus on the fundamentals, we usually talk about the fundamentals in the context of network, end point and organizational risk, tonight we are going to take a deeper dive into a specific fundamental Development security practices.

How do you develop software that is secure by design? how do you test the software to insure the least possible chance for a vulnerability to slip through into the release? How do you ensure the security of your code base? And do not get me started on the use of 3rd party got from GitHub without understanding what it does beyond the narrow need for a handful of functions. How do you control and manage in a way that is non disruptive to the business, innovation and development velocity?

Is there a way to simplify securing code and ultimately the products that use that code to function?

All this and more tonight on the Security Shit Show with Chris Roberts Evan Francen and myself

10 pm central, 9pm mountain time

https://www.youtube.com/watch?v=xrV3Vn4gacw



Thursday, June 10, 2021

Episode #51 Honey! The Neighbors are Watching us Again!

 At least in years gone past we could at least spot the neighbors as they tried to hide behind the shrubs in the garden, the curtains in the house, or ducked down below the fence line that separated each of our little slices of the American Dream....




These days however things are a little more subtle (if the neighbors have been paying attention to the InfoSec world for more than 5 minutes...)

Long gone are the days of just borrowing the neighbors wireless to launch an attack against the NSA through their cable provider (although it IS fun to see the black suburban roll up occasionally to their doorstep when you’re feeling mischievous..)

Today’s targets for neighborhood “watching” varies across an entire spectrum of fun and games...

I still feel slightly guilty about the 50-gallon barrel of lube my neighbors have, but “Hey Siri...” we just have to have some fun....

I DO enjoy making their microwave go off in the middle of the night, although they have replaced it a few times now, and the electrician doesn’t use Google Maps anymore to find them... amazing just how far away those WEMO plugs can be controlled from.

Now, thankfully Xfinity allows themselves to provide “free” WiFi to anyone with account credentials, so it IS still possible to get directly TO their router (you’d think folks would update the things.... but no) and given I’ve got around 1,335,000 Xfinity account ID/Passwords I’m set for a LONG time before I must leave my own fingerprints...

Oh, speaking of fingerprints, confession time... one of the neighbors has a RING doorbell, oh how we laughed when we changed out the screws during install and just last week got the doorbell to short circuit and burn ½ the place down... shame the fire alarms didn’t work, someone should REALLY unblock NEST’s fire alarms from the firewall and allow them to do their job... The video of the owners yelling “Hey Google FFS call the fire brigade” will be posted on YouTube later (thanks Arlo for the default account credentials...)

Oh, while we’re on the subject of the recently deceased, I guess playing Poltergeist on the other neighbors Roku device and having it display on all their nice Samsung IoT enabled TV’s is probably a mean thing to do... although it does make for entertainment as we might have also hooked up their Phillips Hue to pulse at the same frequency as the TV... I guess that’s why they seem a little nervous these days.

Oh, and we won’t mention the fun we had with the Tesla and some bright spark in the neighborhood thinking they could geofence the car into opening/closing the garage as they came home... Watching the garage door rapidly open and close AS the car tried to get in watching Grandma eat dinner with her falsies...

Speaking of that, I need to go mess with dear old Grandma’s IoT toothbrush, I think tonight we’ll set it for “killer mode” and see if it can chase her round the bathroom again...

We haven’t even gotten to the fun part watching the cute couple across the road react as their adult toys came to life in the middle of a webinar and started to inch across the desk... now THAT was fun to record… got to LOVE Bluetooth enabled things.

You get the idea; the neighborhood is SO much more fun these days....

Join us tonight as we talk though the evolution of the nosey neighbor :)

10 pm Central 2100 mountain time 

https://www.youtube.com/watch?v=TbT1DknqRw4

Tuesday, May 25, 2021

Episode #49 Sorry to Disturb You...

 

Sorry to Disturb You...

·      But your front doors open...

·      Your flies are undone...

·      I found your kid wandering on the street...

·      But I think you dropped your wallet...

All things many of us have said, done, acted upon OR been the recipient of over our years, and all of them taken in the spirit of the manner delivered, graciously, often with relief and a huge thanks to whomever delivered the news.

HOWEVER, in the digital realm...

·      I do say, you appear to have an open port on the Internet...

·      Um, your application has a hole in it...

·      We found your data lost and confused....

·      I think you might have a hole in your cloud...

SOME of us have tried to have these conversations with companies, individuals, and entities out in the digital realm and have been met with a variety of responses ranging from thanks AND relief, to accusation, lawyers, silence, or the FED’s arriving on the doorstep etc.

Somehow, in the physical realm when point out your mistakes, flaws and general numptiness you are happy to receive the feedback, yet in the digital realm when we do the same it’s as if we called your baby “robust with a face only a mother could love.”

What gives? How DO we give you YOUR data BACK in the digital realm without all this grief?

I mean, it’s NOT as if you realized it was gone, OR that chocolate fireguard you were sold would have slowed us down anyhow IF we did want it!

Things to ponder on and discuss this coming Thursday on the Shit Show with Evan, Ryan, and Chris

‘all for now

Chris

Thursday, May 20, 2021

Episode #48 - Jeopardy v2 (and other interesting things... Attempt #2)

 

Well we are going to try this again Episode #47 went a different direction, so tonight we are going to to try Jeopardy again

It's time to play some Security Shit Show Jeopardy again. Hell yeah!

I will be your host Ryan Trebek 

One game, one Cham Peon. Like v1, we'll pick three contestants from our live audience to play our version of Jeopardy. Winner gets some bragging rights and a Security Shit Show T-shirt (that I'll forget to send you).

YOU THINK YOU'VE GOT WHAT IT TAKES?! 
COME PROVE IT!

After the game, I want to talk to the guys about a beef I've got. We'll have time for this too.

In prepping for the v2 Security Shit Show Jeopardy game, I got to thinking about some of the classic SNL Jeopardy skits. Remember some of these lines?

 - Category: A PETIT DEJEUNER, Turd Ferguson "why don't you give me ape tit for $200."


 - Category: CATCH THESE MEN, Sean Connery "I'll take catch the semen for $800."

 - Category: JAPAN US RELATIONS, Sean Connery "I'll take Jap Anus relations for $200."


 - Category: LET IT SNOW, Sean Connery "I'll take le tits now for $800."

 - Category: AN ALBUM COVER, Sean Connery "I'll take anal bum cover for $7,000."

And the list goes on. Some funny shit. These won't be our categories tonight, DAMMIT!

After we crown our new Security Shit Show Jeopardy Cham Peon, we'll use the time we got left to talk about this quote I read recently:

"55% of C-Suites respondents had viewed data breaches as 'not a big deal' and 'blown out of proportion' with an overwhelming 86% of consumers believing that data breaches are in fact 'a big deal'."

Or, maybe we'll talk about this new Presidential Executive Order that just came out yesterday. No shortage of shit going on around this industry, is there?!

This will be another fun Shit Show!

-Ryan

Thursday, May 13, 2021

Episode #47 - Jeopardy v2 (and other interesting things...)

It's time to play some Security Shit Show Jeopardy again. Hell yeah!

One game, one Cham Peon. Like v1, we'll pick three contestants from our live audience to play our version of Jeopardy. Winner gets some bragging rights and a Security Shit Show T-shirt (that I'll forget to send you).

YOU THINK YOU'VE GOT WHAT IT TAKES?! 
COME PROVE IT!

After the game, I want to talk to the guys about a beef I've got. We'll have time for this too.

In prepping for the v2 Security Shit Show Jeopardy game, I got to thinking about some of the classic SNL Jeopardy skits. Remember some of these lines?

 - Category: A PETIT DEJEUNER, Turd Ferguson "why don't you give me ape tit for $200."


 - Category: CATCH THESE MEN, Sean Connery "I'll take catch the semen for $800."

 - Category: JAPAN US RELATIONS, Sean Connery "I'll take Jap Anus relations for $200."


 - Category: LET IT SNOW, Sean Connery "I'll take le tits now for $800."

 - Category: AN ALBUM COVER, Sean Connery "I'll take anal bum cover for $7,000."

And the list goes on. Some funny shit. These won't be our categories tonight, DAMMIT!

After we crown our new Security Shit Show Jeopardy Cham Peon, we'll use the time we got left to talk about this quote I read recently:

"55% of C-Suites respondents had viewed data breaches as 'not a big deal' and 'blown out of proportion' with an overwhelming 86% of consumers believing that data breaches are in fact 'a big deal'."

Or, maybe we'll talk about this new Presidential Executive Order that just came out yesterday. No shortage of shit going on around this industry, is there?!

This will be another fun Shit Show!

-Evan

Thursday, May 6, 2021

Episode #46 Lawnmower Man





My Retirement Plan:



Is to head to New Zealand

Somewhere nice and remote

With good power (Wind farm, etc.)

Good internet (Wire and Satellite)



AND a nice AS/400 to live in

If I have my way, and I think well get there before I go too much more senile given the work being done on untangling some of the innerworkings of the brain, I should be at a point where not only can my current intelligent system recognize when I want a cuppa tea, but it can also figure out why.

As I’m helping TO push the boundaries of integration, I’ve every confidence that a digital version of me will be coursing around the Interwebs before I’m pushing up daisies. Which brings a WHOLE heap of questions.

What makes us human?

Are we just quarks and binding energy?

Is there really something else to this?

Can we be broken down into pulses?

Where are the limits? (if any)

So, for now, I’m going to hang out in my AS/400 and watch things unfold AND if it looks really dodgy I’m going to work out a way to simply fire my digital self into space as a set of waves and see what the hell happens…

Lawnmower man, here we come!


Join Evan Francen Ryan Cloutier, CISSP Rachel Arnold and I this evening on the #shitshow to discuss.

‘all for now

Chris
#power #energy #hacker #technology #infosec #ai

Wednesday, April 21, 2021

Episode #45 Dolla Dolla Bill Y'all

 



Money!! it makes the world go round, we need it, we want it, and when it comes to money for our security program we fight for it, but are we spending it wisely?

  • Will it have the impact on our security program we hopped it would?
  • Did we spend too much or not enough?
  • How much money is enough?
  • What the hell should i be spending it on that will make the biggest impact?

Is it wiser to invest in your people and the fundamentals or to invest in state-of-the-art laser cats with predictive AI powers? What is the right level of budget for your organization and how will you show improvements to the organizational security posture against the spend on the security program.


Vendors love money, and the love of money is the root of all evil.


  • How do you know if your vendor is predatory?
  • Does the product or service do what they claim?
  • will you need to increase headcount to accommodate the tool or service?
  • Could you get a better deal on this tool or service?
  • Do I even need this tool in my portfolio or is there an existing tool that I can leverage better?
All this and more, on the Security Shit Show Join Chris Roberts, Evan Francen and myself for what should be a a very lively discussion. 



Ryan Cloutier


Thursday, April 15, 2021

Episode #44 - Am I Crazy?


What the hell is going on?! It feels like the world has lost it's mind. Everywhere I look (out there), it's chaos.

  • Hypocrisy running rampant.
  • Virtue signaling is a "thing", gotta score those popularity points.
  • Cancel culture? This is a thing now, maybe, maybe not?
  • Politicians preach nonsense, openly lying and manipulating.
  • Big societal problems left unsolved, with no (unbiased) solutions.
  • Black kids shot (accidental or not, the result is the same) on the streets.
  • Cities burning, and we're burning them.
  • People hurting (deeply), and we're not helping them.
  • Vaccinate! Wait, maybe not. If you do, maybe you'll die?
  • Accountability, what the hell is that?
  • On, and on.
The bath water is dirty. Who cares about the baby.

People spew shit out of their mouths that doesn't make any sense. Nobody speaks up. Worse yet, yahoos sell their souls to support bullshit, because it's better to be in the "in" crowd. Who the hell is the "in" crowd anyway?

This shit IS NOT computing. 

Not in this brain anyway. Everyone's lost their minds! Not "everyone" everyone, but everyone out there.

WAIT A SECOND. 

It clicks. Didn't my Day say something about this once?  

Son, if everyone's an asshole, you're the asshole.

So, does this mean, if everyone's crazy, I'm the one who's crazy?!

Dammit! Now, I have some reflection to do. The journey down the rabbit hole begins...

What does this have to do with information security?

Simple.

Everything. 

The hypocrites, the virtue signalers, the cancellers, the politicians, the "illegals", the Blacks, the Whites, the Hispanics, the people who live in our cities, the people who live in our suburbs, the people who are hurting, the people who vaccinate, the people who don't vaccinate, the Liberals, the Conservatives, and everyone in between, is ALSO my co-worker, my relative, my partner, my customer, my friend, my employee, and my fellow human being.

I may run in my circles, just like you run in yours, but my job is to protect EVERYONE, regardless of who you are, where you come from, what you believe, or what you're struggling with. Knowing that information security isn't about information or security as much as it is about people, makes people my focus. Not just the people I like and agree with.

This is deep, but sometimes we have to dig deep to find out who we really are and what we're really doing here.

Looking forward to talking this shit out with my AWESOME friends, Ryan Cloutier and Chris Roberts! Catch us this week LIVE at 10pm/2200 CDT on the YouTube

(and yes, I am crazy, but a functional crazy)

Thursday, April 8, 2021

Episode #43 - Killed My Grandma (updated for primetime)...

 NOTE: #ShitShow topic NOT my Grandma in Real Life before anyone gets worried!

Annually, there are anywhere from 22,000 to 250,000 cases of death in the medical field that really should NOT have happened.

Firstly, I'm glad the medical field has as many problems as we do in counting how many people they've harmed. InfoSec has no REAL idea as to the implications of our actions beyond "Hey, Look! More data's out there..." At least in the medical field there's bodies to count.

The question then is how do you categorize death? IF they were sick before they came to the hospital does that count as malpractice, or "accelerated natural causes"? You get the idea. It's apparently rather subjective...

These two fields are coming together n something akin to a collision course of a plant sized scale.

Technology in/on/around the body (smart pills, nanotechnology, biotechnology, telemedicine, etc.) are all making serious inroads into "us" the human. Analog humans are becoming part OF the digital realm.

We need a LOT more forethought before medical malpractice add another tick box called "CAUSE OF DEATH... Kernel Panic".

So, join Ryan Cloutier, Evan Francen and the crew tonight on the Shit Show to discuss...

'all for now

Chris

Thursday, April 1, 2021

Episode #42 - The Joke's On You

 

The advertising in the InfoSec industry is laughable to say the least and may be breaking the law with the outlandish claims security vendors make.

We poke fun at those companies who have data breaches, but to the outside world our whole industry looks like a big joke.

Password less authentication sounds great, but wait is the joke on you?
 How about 100% secure this also sounds great but again is the joke is on you?

You just got rick rolled.. ok well that's just funny, but seriously we seems to be living in a bad joke when it comes to how we address information/cyber security

Then we have the end users who just treat the whole idea of security is a joke. But wait! This is no laughing matter we must start our journey of transparency and accountability before we laugh ourselves off a cliff.

Let’s talk about what we can do to avoid being the butt of the joke, and have a few laughs along the way.

Join us tonight LIVE at Join us tonight, LIVE at 2200 CDT.

Thursday, March 25, 2021

Episode #41 - Security Shit Show Jeopardy!

You think you know your shit?

Want to prove it? Now's your chance.

We're doing our first episode of  Security Shit Show Jeopardy! 

Here's what tonight's episode looks like:

  • I'm (Evan) going to be the Security Shit Show version of Alex Trebek, meaning I'll be the game show host. Nobody can do Alex Trebek justice because he was a truly unique, one of a kind, human being.
  • We're going to choose three contestants from our audience. We'll choose contestants by posting a question in the Security Shit Show chat. The first three people to answer correctly will become our contestants.
  • We'll invite the contestants to join us in our private web conference (where Chris, Ryan, and I do our shit) and ask themselves to tell us a little about them.
  • Then we'll play the first game of Security Shit Show Jeopardy (you know, the way they play it on the television).
  • While I'm playing host, Chris and Ryan will heckle. We might talk some smack about the clue and/or answer too.
  • The winner of the first game becomes our champion. The champion plays on, the losers sit.
  • Then we'll do it all over again, game number two.

Champions get a Security Shit Show shirt and their name listed on the Security Shit Show Jeopardy Cham Peons Board.

Why are we doing this?

Because it's Thursday fucking night, and I want to have fun. This WILL BE FUN dammit! If it's not fun, it's because YOU'RE not fun. Blame yourself.

If there are technical issues related to the game...

WTF am I talking about? There won't be any issues! 

Let's get on with it...

Join us tonight, LIVE at 2200 CDT. Bring your thinking cap if you intend to play. Bring your drink(s) if you plan to be entertained (or to play I guess). See you there!

Thursday, March 18, 2021

Episode #40 - Simplify, then add lightness…

The late Colin Chapman, founder of Lotus eschewed the pursuit of horsepower in favor of lightness combined with better handling across his road and race vehicles.



That courage to buck the trend resulted in numerous accolades on both sides of the Atlantic.

It is that ethos our industry should once again embrace.

Simplify:
The interfaces, the barriers to entry, the integration, deployment and overall management of the plethora of technology we eagerly buy, deploy, and then complain about.

Lightness:
Adding power is great if you are going in a straight line, however, leave the power alone, remove the complexity, and unnecessary features (the rule of 90%) and reduce the amount of time you have to fettle over the technology.

  • How well do your tools integrate?
  • How much unnecessary overlap do you have?
  • How much of that tool do you REALLY use?
  • How many hands does it take to run?
  • Do you maintain it?
  • Etc.
Start measuring vendors, technologies and PEOPLE by how well they help you simplify, then that should add some lightness across the board.

Join Evan Francen, Ryan Cloutier, Rachel Arnold and I as we unpack this tonight on the Shit Show

‘all for now
Chris

Thursday, March 4, 2021

Episode #38 - The Tool Fool

A fool is a person who acts unwisely or imprudently. A Tool Fool is someone who unwisely or imprudently loves tools. They don’t necessarily love the tools they have; they just love tools. The more tools, the better. 

Don’t be offended. We’re all fools from time to time. When it comes to our information security, we do the best we know how. We don’t intentionally act the fool, but when it comes to our tools, too many of us are the fool. 

Don’t be the Tool Fool!

Here’s the top 10 things about the Tool Fool:

  1. Brags about their tools, but they don’t know how to use them.
  2. Brags about a big budget, but they can’t justify it.
  3. Thinks “tool first” instead of a “needs first”.
  4. Thinks tools fix process.
  5. Thinks tools makes problems easier to solve.
  6. Likes easy but confuses “easy” with “simple”.
  7. Has tools they don’t know they have.
  8. Advocates for tools because fools like company.
  9. Oblivious to they’re most significant risks.
  10. Knows how to use some of their tools but won’t to use them well*.

The Tool Fool costs the organization more than they know. Tool Fools waste money on tools they don’t need, don’t understand, and/or can’t use. The Tool Fool can convince themselves that their tools will keep them secure when the opposite is true. Worst yet, the Tool Fool’s work has convinced management of the same.

The Tool Fool has a false sense of security. The Tool Fool makes security worse.

The Tool Fool will be the topic for this Thursday’s Security Shit Show with Chris, Evan, and Ryan. Be sure to catch the show LIVE on YouTube at 10pm/2200 CST!

*This is relevant to a dialog between Senator Wyden (D-OR) and witnesses (Kevin Mandia, Sudhakar Ramakrishna, Brad Smith, and George Kurtz) in the recent open hearing, “Hearing on the Hack of U.S. Networks by a Foreign Adversary” before the U.S. Senate Intelligence Committee (2/23). This particular exchange happens at 1:22:08 in the recording here, and has been transcribed here.

Thursday, February 25, 2021

Episode #37 - It's Time...

You got free time? Time?!

That resource we want more of, or less of, the one we want to slow down, speed up, thank, curse, monitor, measure, ignore and obey. All often within the span of the same day. 

The very resource we so often run our lives by, yet waste at every turn. It too, like our digital world is a more abstract concept than the tactile analog world we live in. It too can be captured and tamed for fleeting moments in devices, yet like it’s digital cousin we think we control it, but we are nothing more than custodians of the memories it leaves behind.

We are not good with time; we’ve had 6,000 years or so to get used to the idea of its passing and the consequences.  We used to track it by the moon, nowadays we are ruled by atoms that are accurate to a millisecond every decade.

So, why should we care?


We waste so much of it.

We allow others to dictate our use of it

Our very existence is tyrannized by it


We have watched the convergence of our digital world and that of time, and realized the very objects meant to save us are doing nothing more than sucking more and more time from us.

Like our digital world we need to be better custodians of time (not that it really cares as it marches on no matter what we do) but for our own sanity, stand up, be accountable to time itself.

Join us for a conversation around time…

Catch the Security Shit Show tonight, LIVE @ 10PM/2200 CST!

Thursday, February 11, 2021

Episode #36 Timmy is in the well... Nope that's Sodium Hydroxide

This week we saw an attack against a city water system, in an attempt to poison the drinking water.

Many of us have been warning about this for years.


How did this happen? 
It must have been the work of sophisticated nation state attackers, it has to be hard to hack a water treatment plant because you know, people could die if that happened. 
The people in charge must take extra precautions, and have really good security practices in place to keep our drinking water safe. They must have been unable to prevent or avoid this attack.


These are all things that we hope would be true, unfortunately the reality of what actually happened is far more disturbing.   

(Channeling my inner security Yoda) Sophisticated this attack was not, difficult to pull off was it not,  prevented could have been, security basics lacking they were, practice good they did not.

What happened was a multitude of failures in requiring and implementing the most basic and foundational of security controls. 

We have reached a point in our technology journey as a society, that we need to pause for one moment and take stock of the giant mess we have created. 

We need to figure out what minimum safety standards are needed for critical infrastructure. 

We need to ask ourselves should the things that can kill us be connected to the internet in the first place?

Knowing that the security posture of the affected water treatment plant, borders on gross and willful negligence, what should the legal and criminal consequences be for those who made these shit decisions in the first place.

It's 2021 and computers can kill you, so let's act accordingly.  

We will be discussing this and more tonight on the Security Shit Show, join us for what is guarantied to be a lively discussion, and you never know Chris may do some show and tell as well. 

Join us tonight on YouTube at 10PM Central 21:00 Mountain  https://www.youtube.com/watch?v=iIbMHTxpkYE


Wednesday, February 3, 2021

Episode #35 - The root of all information security industry problems

Here's a question for you:

What is at the root of all information security industry problems?

Oh shit! Talk about an ambiguous question. Yes, but who said ambiguous questions are bad?

Alright, let's break this down then.

First, the question assumes there are "problems". Are there? We think so, but...

  • ~942,000 people in the U.S. are gainfully employed in this industry, and most of us are getting paid pretty well. Good paying jobs doesn't seem like a problem to me.
  • Worldwide, the cybersecurity market is valued at $173B. Seems the people selling shit are doing alright, no problem here.
  • Global "cybercrime" losses for 2020 were estimated to be $945B. The crooks DEFINITELY aren't experiencing any problems either!

So, where are the problems then?

Simple, look for the people who suffer, the victims. 

They're the ones who get the short end of the stick. They feel the brunt (or symptoms) of the problems. They lose money, they lose businesses, they lose income, they lose peace of mind, they lose time, they lose productivity, they lose their privacy, they lose their innocence (especially kids), and they lose life.

So, yeah. There are problems! 

One group clearly takes advantage of the other. We'll call them "Profiteers" and "Victims". There's one more group. There's a group of us who are trying to protect Victims from the Profiteers. We stand in the void.

  • Profiteers: Cybersecurity practitioners who don't serve (potential) victims, companies hocking products that don't serve the (potential) victims, and the crooks who steal outright.
  • Us: Practitioners who stand in between, serving (potential) victims.
  • Victims: Governments, companies, non-profits, schools, everyday people (grandparents, parents, kids, etc.) 

OK, so we've got problems. The masses become victims and feel the result(s) of the problems, the symptoms. Oh shit! The rabbit hole goes deeper.

We'll stop here, before things get too out of hand. 

We need to save some shit for the Shit Show. Chris, Ryan, and I will take it from here. Maybe we'll get far enough down the rabbit hole, and deep enough into the shit to find some semblance of the "root of all information security industry problems".

Regardless of how far we make it, it should be entertaining! 

Join the Security Shit Show LIVE, Thursday @ 10pm/2200 CST.

Thursday, January 28, 2021

Episode #34 - From the Sublime to the Ridiculous

Chris' turn to pick our topic...

There’s been a lot of hand wringing these last few weeks as ALL sorts of folks have woken up to, realized, or started to question their online presence. Their digital world has crumbled around them as they’ve realized not only don’t they own anything they commit to the keyboard, but whatever they do is, controlled by someone else.

Congratulations you are no longer the master (or mistress) of your own destiny, welcome to the digital world, please get in a queue like a good subservient population and tow the line or else.

No?

Then please leave. Leave the digital world behind, after all WE still have all that you were while you WERE here…

But, you can’t can you?

Someone somewhere HAS a digital record of you, it’s out of your control, welcome back peasant.

What IF you could be YOU on a digital medium? How DO you secure AND use it, yet ensure that nobody keeps nicking it? (Stealing for the colonials here)

THIS is the topic of this evenings Security Shit show with Rachel, Ryan, Evan and I

IS it possible?

Does it mandate lead lined boxes?

Will there be volcano’s?

IS Cerberus with us?

Will hiding it under the mattress work?

OR are we screwed and should simply give it all up as a bad job?

See you all later! Tonight LIVE at 10pm/2200 CST on the YouTubes.

Thursday, January 21, 2021

Episode #33 Can I end cyber risk? or it is all just a pipe dream?

Recently a well known cybersecurity company made a very bold claim that they can end cyber risk!

This begs the question can you end cyber risk? what would it take to end all cyber risk? Is it even possible to end cyber risk? what if you put the phone in the chipper shredder, throw the laptop into a cruciable and melt it to bits, will that help? How deep does the digtal rabbit hole go? is there any escape from cyber risk?  

Can you go off grid or will the grid follow you? if you do go off grid does that impact how much you care about your digtial life? does being off grid affect your cyber risk exposure?

Or is it all just a pipe dream? are vendors selling pipe dreams and not soulutions? or are they just smoking some funny stuff that makes them think this behaviour is ok.



Tonight on the Security Shit Show we will be discussing this and much more, trying to figure out what we can do about cyber risk, because we know as long as computers exsist so will cyber risk.

Catch this episode of the Shit Show Live @ 10pm/2200 CST on YouTube or watch it later 

-Ryan,Chris and Evan

Thursday, January 14, 2021

Episode #32 - Where's the plunger?!

We're back after three weeks off!


Seems the world didn't right itself while we were away. SUNUVA...! (or BUGGER for Chris)

2020's gone. YAY

2021's here. YAY!

...maybe?

The calendar flipped, but the script didn't. 2020 was a f*cked up year for sure. Like seriously f*cked up! There was no shortage of breaches, sh*tty security stuff, panic, fear, loathing, division, etc., etc., etc.

The new year brings hope, right? Hope for a fresh start. When the calendar flipped to 2021, there was a collective sigh of relief. 

Yes, 2020 is behind us! There's hope! We can see light at the end of the tunnel! Hope is GOOD!

Then reality hits (again).

The sh*t from 2020 didn't go away. It's like 2020s sh*t is still in the toilet bowl and the f*cking toilet is clogged. Will 2021 be a year we find the plunger or a year we eat a sh*tload of bad Mexican food while we ignore the clog? We don't want 2021s sh*t to pile on top of 2020s sh*t, do we?!

We've stumbled out of the gate (in 2021). If we don't do something soon, 2021s sh*t is gonna be bad.  We can't let 2021 become 2020 with more sh*t. The smell is terrible and it's unhealth as... Well, sh*t!

Can we flip the script? Sooner or later, we're gonna have to! Hell, isn't flipping the script something that motivates us in this industry? 

This will be a good episode for sure! Catch this episode of the Shit Show Live @ 10pm/2200 CST on YouTube, or watch it later.  We're HAPPY to be back!

-Ryan, Chris, and Evan

Episode #56 You Got Breached, Congratulations.

You Got Breached,  Congratulations.  You’re NOT a special snowflake You can’t go round pouting You don’t need to find anyone to blame No, th...