Each Friday, I’m going to do my best to post the notes for the UNSECURITY Podcast episode that Brad Nigh and Evan Francen (me) will record on the following Monday morning. Each week, Brad and I alternate leading episodes, so I lead the odd episodes and Brad leads the even ones.
If you missed episode 17, you can still give it a listen.
Episode 18
These are the notes we use to guide the discussion. These notes were written by Brad.
Description
Show Recording: Monday, March 11th, 2019 @ 6:45am
Good morning, this is your host for the day Brad. Today’s show is going to be different. We kicked Evan out for a week and refused to give him a call in number so he could actually enjoy his vacation. So joining me today is a special guest host, say hello Host X (I’m not telling you, you have to tune in to see who we got!)
We’ve been talking a lot about all the incident responses we’ve been seeing and so we wanted to start talking a little bit more about preparing for when it happens to you. This will be the first in a series around a successful Incident Response program. Buckle up, it will be riveting.
Opening
[Brad] Alright, here we are again. This is the UNSECURITY Podcast, and this is episode 18. My name is Brad Nigh, and I’ll be your host for today’s show. Joining me is NOT Evan Francen, instead we have Host X. Host X, what’s up?
[Host X] Will introduce themselves and talk a little about their experience around Incident Response and Information Security
[Brad] Well thank you for helping out and saving the listeners from an hour of me talking to myself.
Discuss Last Week’s Show (Teaser Questions)
- Have you been listening to the podcast? (It’s always a great idea to put the person who is stepping in to help out on the spot right away)
- Explain to the listeners a bit about you and your role(s) at FRSecure, and previously. Do you have any experience in security incident response?
Week Recap
[Brad] Host X we like to start off with a recap of our week. Would you like to share anything about the last week that stood out to you?
[Host X] Probably says things that are deep and introspective, basically the opposite of Evan and my weekly shenanigans.
Discuss the important things about last week, including:
- More IRs. Why do you think we’re seeing such an increase? What are some of the commonalities between these incidents? Nope not a repeat.. More IRs
- Not a last week thing but an upcoming event. FRSecure has their next Hacks & Hops event coming up
- Thursday, March 28th, 2-5 p.m. at Day Block Event Center in Minneapolis
- You can go to hacksandhops.com to register/buy tickets
- Tickets include appetizers, beer, networking, and the keynote/panel discussion
- Evan will be there with books, and attendees can purchase signed copies
- Listen to the podcast for a special promo code that will get you 50% off
One more piece of housekeeping before we really get going. We want to remind everyone how to contact the show, and each of us. Send your suggestions, comments, or whatever else to unsecurity@protonmail.com. If you’d like to be a guest on our show, you can email us there too. The best, least intrusive way to keep up and/or contact either Evan or me is probably through Twitter. Evan is@EvanFrancen and I am @BradNigh
Easy, right?! Let’s move on.
Let’s talk about, at a high level, the phases of an IR plan, get Host X’s perspective on how these go, and if we have any time left we have some news stories as well. I think this will be a good conversation because Host X is a normal person, meaning not an information security professional, so we will be getting a more business perspective around this which is important.
[Brad] Okay Host X from a business perspective what do you think of when you hear IR plan?
[Host X] Business, business, business. Numbers. Is this working? Yaaaaaaay! (Okay it will probably be really good stuff and interesting to hear from the business perspective)
[Brad] Have you been through an IR before? Did your company have a good IR plan in place or was it more ad-hoc?
[Host X] Shares what happened and their take on the process.
[This will undoubtably lead to more Q&A that will be spontaneous, or will be painfully awkward with lots of silence… Tune in to find out!]
[Brad] Okay so now let’s talk about what we do when we put together an IR plan and the phases we go through. Obviously there is a lot more detail and work that will go into each of these but let’s start building the foundation of being prepared. Today we are just going to talk through these at a very high level with more detailed discussions into the phases and how to attack them in the weeks to come.
- Phase I – Preparation
- Phase II – Identification and Assessment
- Phase III – Containment
- Phase IV – Investigation
- Phase V – Eradication & Recovery
- Phase VI – Follow-Up
[Hopefully Host X is still awake, it is early and they are not an infosec professional.]
Okay some news
News
- Serious Chrome zero-day – Google says update “right this minute” – https://nakedsecurity.sophos.com/2019/03/06/serious-chrome-zero-day-google-says-update-right-this-minute/
- Companies are flying blind on cybersecurity – https://nakedsecurity.sophos.com/2019/03/05/companies-flying-blind-on-cybersecurity-says-sophos/
- Payroll Provider Gives Extortionists a Payday – https://krebsonsecurity.com/2019/02/payroll-provider-gives-extortionists-a-payday/
Closing
[Brad] This was fun, thank you Host X for filling in for Evan and providing your insights on Incident Response
[Host X] Hopefully something positive and about how much fun was had.
Well, that’s episode 18 of the Unsecurity Podcast. Evan will be back next week with stories about his trip to RSA and I’m sure more IR stories. Don’t forget to register for Hacks and Hops using the super-secret promo code.
Another quick reminder to send your questions and suggestions to us at unsecurity@protonmail.com
Thank you and see you next week!