Crap. I had a good streak going for a bit. I was getting show notes published on Friday, but now I’m back to being consistently late with this. Oh well, it is what it is.
Did you catch last week’s show? It was a really good one, where Christophe Foulon joined the show again. He gave us an update on what he’s been up to and reinforced his mission of helping people get into the information security field. Great guy, great mission, and a great talk. Listen to it here.
This week was tough, filled with tough decisions, but the outcome was incredible. I won’t go too much into the details, but I’ll give you a quick recap.
- My good friend Ryan Cloutier published his first article as a guest on my blog. Ryan’s a great advocate for helping “normal” people learn information security basics, and it’s a honor to have him write something for me/us to share.
- I was off to New Jersey this week, spending time with a global company’s information security team, building some great information security processes. The two days was filled with some amazing working sessions. We left things much better off than where we found them.
- Friday was filled with meetings, back to back to back to back. Each meeting was unique, and they all produced positive results. It’s sometimes crazy coming back to the office after a few days away. I love my team and I love being with them, even if it is in a meeting. 😉
OK, show notes. Here they are…
SHOW NOTES – Episode 43
Date: Monday, September 2nd, 2019
NOTE: We recorded this podcast on Friday, August 30th ahead of the Labor Day holiday.
Our topics this week:
- Incident Response (why not?)
- What’s a vCISO?
- Gaps between us and them
- Industry News
[Evan] – Some sort of non-standard opening… The standard one is:
“Welcome to the UNSECURITY Podcast, this is episode 43 and the date is sometime in late August. I’m Evan Francen and joining me is my partner in crime, Brad Nigh. Hello Brad.”
[Brad] Brad does Brad.
[Evan] We have a packed show in store again today. We’re recording this episode on Friday because Monday is Labor Day. Summer is over. What the ?!?! Got plans?
[Brad] Brad still does Brad because Brad is Brad.
[Evan] Hopefully our listeners all had an enjoyable Labor Day and an enjoyable summer. Back to school and back to the grind. Speaking of “back to the grind”, let’s talk about a topic that we always seem to be talking about, Incident Response. I’ll be damned if we don’t have more lessons to share with our listeners. Let’s keep it short though, if we can.
Incident response discussion
- Keep it sort of short.
- Mention some recent lessons.
- Mention the upcoming Hacks & Hops
[Evan] A topic came up this week when I was talking with an investor. He asked, “what is a vCISO?” The conversation got me thinking, do we just assume that people know what a vCISO is?
[Brad] Still doing the Brad thing.
[Evan] Let’s discuss this and be clear in our definition of a vCISO and what they do. I’d also like to discuss what makes a good vCISO and what makes a bad vCISO.
[Brad] Yep, still doing Brad. Life is good. 😊
- Define vCISO
- Why do we need vCISOs?
- What makes a good vCISO?
- If you’re looking for a vCISO, what should you demand from them?
- Whatever else seems pertinent to the conversation.
[Evan] Alright, last topic for the show is something that came up in a recent vCISO engagement with a customer. It demonstrates the gaps between what good guys can do when they test something and what the bad guys can do. There’s always a gap. There’s a line that we can’t or won’t cross. Here’s a recent example:
From: Marty Wikle <firstname.lastname@example.org>
Sent: Sunday, August 25, 2019 9:46:59 PM
To: REDACTEDNAME <email@example.com> Subject: Respond ASAP
Someone ask me to kill you. For your information I am not sending this message with my email address and internet service provider just in case you want to proof smart and stubborn..any ways I like someone like that!because I will be so happy to put a bullet on your skull..My boys have been watching your steps for few days.
I am giving you a chance to live simply because my oracle show me that you dont have a hand in what you were accused of
You are to pay me $10,000 and I shall terminate the operation,after that I will give you the info of the person that wants you dead
You can call the authority and have them do patrol in your area 24/7 that didn’t stop me from hunting you and your love ones down.We are invisible!!
Reply to this email addresse:
[Evan] This email demonstrates a gap between what we can test as the good guys and what the bad guys do. This gap will always exist because we play by rules and the bad guys don’t care.
[Brad] Still doing Brad…
[Evan] Alright, let’s wrap this thing up with some news.
Here’s our news for this week:
- Alleged Capital One hacker indicted for hacking 30 other companies – https://siliconangle.com/2019/08/29/alleged-capital-one-hacker-indicted-hacking-30-companies/
- Ransomware gang breach data backup software used by hundreds of US dental offices – https://thenextweb.com/security/2019/08/30/ransomware-gang-breach-data-backup-software-used-by-hundreds-of-us-dental-offices/
- The top reason businesses make a cyber insurance claim – Business Email Compromise – https://businessinsights.bitdefender.com/the-top-reason-businesses-make-a-cyber-insurance-claim-business-email-compromise
- This Google Play App’s Ticking Malware Time Bomb Just Exploded Leaving 100 Million At Risk – https://hothardware.com/news/this-google-play-apps-ticking-malware-time-bomb-just-exploded#KtGHGGLz8RrDYmdl.99
More great episodes to come.
Talk to you all again next week!