Well, I planned to post this on Friday. Good intentions will get you…
I have good reason, at least I think I do, for the delay. I was on vacation last week, and I promised my lovely wife that I wouldn’t work. It’s always a good idea to keep your word with the ones you love! You might remember episode 16 (notes and show). If we want a smooth episode like that again, we’d better behave.
On normal weeks, I do my best to post the notes for the upcoming UNSECURITY Podcast episode on Fridays. Brad Nigh and I record each podcast early on Monday morning, before the week has a chance to get out of control. Brad and I alternate leading episodes, he leads the even ones, and I lead the odd ones. There’s probably some hidden meaning in that.
Brad led last week, and I wasn’t around for episode 18. I don’t get any credit for what you liked about it. If you missed episode 18, you can still give it a listen.
Episode 19
These are the notes we use to guide the discussion. These notes were written by me (Evan).
Description
Show Recording: Monday, March 18th, 2019 @ 6:45am
Brad went solo (sort of) last week, as Evan was not allowed to join the podcast because of his vacation. Key words are “not” and “allowed”. Evan’s back from vacation (sort of), and we’ll pick up from there.
Opening
[Evan] Top of the mornin’ to ya Brad! I’m not Irish, but yesterday was St. Patrick’s Day. I can do that right?
This is the UNSECURITY Podcast episode 19, and I’m your host this morning, Evan Francen. Joining me as usual is my favorite security pal, Brad Nigh. Say “hi” Brad. Today is Monday, March 18th and I’m stuck in New Orleans. More about that later.
Man, we’ve got so much to catch up on Brad! You and I haven’t even talked really for what seems like forever. Where do we start? What’s new?
[Brad] Says all sorts of cool stuff probably.
[Evan] As you know, I was on a boat. A big boat. Internet service sucked, and I didn’t do any work. I had one call on Friday with some lawyers and read a few emails, but none of that counted really. Last work thing was leaving RSA like 10(ish) days ago. More about that later too. What about you Brad, tell me about your week.
[Brad] More cool stuff probably.
[Evan] How did last week’s podcast go? I know you and “Host X” were going to talk about some IR stuff, right? Where’d you go with that and where’d you leave off?
[Brad] More cool stuff probably, but it’ll get cooler even.
[Evan] Nice. Let’s come back to the IR talk later. As you know, I have a love/hate relationship with all things IR. Since it’s been a while, I want to share some RSA stuff with the audience quick.
RSA Thoughts
For those who don’t know, the RSA Conference is an annual information security conference held each year in San Francisco. It’s arguably the largest, most well-attended conference in our industry.
General discussion about RSA and why I went there in the first place.
- Been to RSA before?
- What’s to like/dislike about RSA? There are two things that I hate in our industry, and both can be found at RSA.
- Why I went:
- See my friend Roger Grimes give his talk, “12 Ways to Hack MFA”.
- Met up (briefly) with our team.
- Have lunch with Roger and his wife.
From RSA, I flew to New Orleans to meet up with my wife and start our vacation.
Vacationy Things
- Quick recap on the importance of vacations and taking a break.
- I wrote an article before I left about the importance of health for the information security professional.
- What I did on my vacation, and what Brad’s gonna be doing on his soon.
Incident Response (cont)
So, where did we leave off last week? I honestly don’t know as I write these notes because I haven’t listened to episode 18 yet. That’s OK though, you can listen to us wing it.
News
We read things in the news all the time. It’s so easy to tune things out because there seems to be so much noise nowadays. Have you ever tried personalizing the news you read? How often do we ask ourselves the question; What does this mean for me and the ones I love? Questions like this make news more meaningful.
- The FAA set to sign off on Boeing 737 Max software fix in 10 days, shares rise – https://www.cnbc.com/2019/03/15/boeing-shares-rise-on-report-that-company-will-roll-out-software-upgrade-for-737-max-in-10-days.html and https://www.nytimes.com/2019/03/15/business/boeing-ethiopian-crash.html – Two plane crashes, more than 300 people killed, FAA action to ground all 737 Max planes, and a software “fix”. There’s a lot to say here…
- Attackers are @55holes! (my headline) – Experts uncovered a malspam campaign using Boeing 737 Max crashes and US-CERT warns of New Zealand mosque shooting scams and malware campaigns
There’s a ton more news to talk about, but we’re out of time. There’s no shortage of breaches, bugs, and attack news. Stay alert and be careful! If you’re not keeping up with the news, or you feel a bit overwhelmed, you’re not alone. What are some of you’re favorite ways to stay up-to-date, but not get slammed?
Closing
[Evan] Any parting words of wisdom Mr. Nigh?
[Brad] Wisdomy things.
[Evan] What’d think? Good episode?
It’s good to be back. Thank you! That’s a wrap for episode 19. Follow me on Twitter @evanfrancen. Follow Brad on Twitter @BradNigh. Email us on the show at unsecurity@protonmail.com.
Oh yeah, one more thing. We have our upcoming Hacks & Hops event. We’ve got some good experts coming to share how they tackle third-party information security risk. Maybe not the most exciting topic ever, but a SUPER critical one that must be addressed better than it is.
Thanks again and see you next week!