Thursday, February 25, 2021

Episode #37 - It's Time...

You got free time? Time?!

That resource we want more of, or less of, the one we want to slow down, speed up, thank, curse, monitor, measure, ignore and obey. All often within the span of the same day. 

The very resource we so often run our lives by, yet waste at every turn. It too, like our digital world is a more abstract concept than the tactile analog world we live in. It too can be captured and tamed for fleeting moments in devices, yet like it’s digital cousin we think we control it, but we are nothing more than custodians of the memories it leaves behind.

We are not good with time; we’ve had 6,000 years or so to get used to the idea of its passing and the consequences.  We used to track it by the moon, nowadays we are ruled by atoms that are accurate to a millisecond every decade.

So, why should we care?

We waste so much of it.

We allow others to dictate our use of it

Our very existence is tyrannized by it

We have watched the convergence of our digital world and that of time, and realized the very objects meant to save us are doing nothing more than sucking more and more time from us.

Like our digital world we need to be better custodians of time (not that it really cares as it marches on no matter what we do) but for our own sanity, stand up, be accountable to time itself.

Join us for a conversation around time…

Catch the Security Shit Show tonight, LIVE @ 10PM/2200 CST!

Thursday, February 11, 2021

Episode #36 Timmy is in the well... Nope that's Sodium Hydroxide

This week we saw an attack against a city water system, in an attempt to poison the drinking water.

Many of us have been warning about this for years.

How did this happen? 
It must have been the work of sophisticated nation state attackers, it has to be hard to hack a water treatment plant because you know, people could die if that happened. 
The people in charge must take extra precautions, and have really good security practices in place to keep our drinking water safe. They must have been unable to prevent or avoid this attack.

These are all things that we hope would be true, unfortunately the reality of what actually happened is far more disturbing.   

(Channeling my inner security Yoda) Sophisticated this attack was not, difficult to pull off was it not,  prevented could have been, security basics lacking they were, practice good they did not.

What happened was a multitude of failures in requiring and implementing the most basic and foundational of security controls. 

We have reached a point in our technology journey as a society, that we need to pause for one moment and take stock of the giant mess we have created. 

We need to figure out what minimum safety standards are needed for critical infrastructure. 

We need to ask ourselves should the things that can kill us be connected to the internet in the first place?

Knowing that the security posture of the affected water treatment plant, borders on gross and willful negligence, what should the legal and criminal consequences be for those who made these shit decisions in the first place.

It's 2021 and computers can kill you, so let's act accordingly.  

We will be discussing this and more tonight on the Security Shit Show, join us for what is guarantied to be a lively discussion, and you never know Chris may do some show and tell as well. 

Join us tonight on YouTube at 10PM Central 21:00 Mountain

Wednesday, February 3, 2021

Episode #35 - The root of all information security industry problems

Here's a question for you:

What is at the root of all information security industry problems?

Oh shit! Talk about an ambiguous question. Yes, but who said ambiguous questions are bad?

Alright, let's break this down then.

First, the question assumes there are "problems". Are there? We think so, but...

  • ~942,000 people in the U.S. are gainfully employed in this industry, and most of us are getting paid pretty well. Good paying jobs doesn't seem like a problem to me.
  • Worldwide, the cybersecurity market is valued at $173B. Seems the people selling shit are doing alright, no problem here.
  • Global "cybercrime" losses for 2020 were estimated to be $945B. The crooks DEFINITELY aren't experiencing any problems either!

So, where are the problems then?

Simple, look for the people who suffer, the victims. 

They're the ones who get the short end of the stick. They feel the brunt (or symptoms) of the problems. They lose money, they lose businesses, they lose income, they lose peace of mind, they lose time, they lose productivity, they lose their privacy, they lose their innocence (especially kids), and they lose life.

So, yeah. There are problems! 

One group clearly takes advantage of the other. We'll call them "Profiteers" and "Victims". There's one more group. There's a group of us who are trying to protect Victims from the Profiteers. We stand in the void.

  • Profiteers: Cybersecurity practitioners who don't serve (potential) victims, companies hocking products that don't serve the (potential) victims, and the crooks who steal outright.
  • Us: Practitioners who stand in between, serving (potential) victims.
  • Victims: Governments, companies, non-profits, schools, everyday people (grandparents, parents, kids, etc.) 

OK, so we've got problems. The masses become victims and feel the result(s) of the problems, the symptoms. Oh shit! The rabbit hole goes deeper.

We'll stop here, before things get too out of hand. 

We need to save some shit for the Shit Show. Chris, Ryan, and I will take it from here. Maybe we'll get far enough down the rabbit hole, and deep enough into the shit to find some semblance of the "root of all information security industry problems".

Regardless of how far we make it, it should be entertaining! 

Join the Security Shit Show LIVE, Thursday @ 10pm/2200 CST.

Episode #71 You talkin' to me? You talkin' to me? You talkin' to me? Then who the hell else are you talkin' to? You talkin' to me? Well, I'm the only one here. Who do the f*** do you think you're talking to? Oh, yeah? Ok.

Every time I encounter an ego in our industry, I immediately think they are channeling their inner Robert Denerio. Or when I run into a vend...