Your mother was a hamster, and your father smelt of elderberries….

Until recently, if I wanted to insult you I HAD to do it to your face, or from the parapet of the nearest castle and hope that you didn’t punch my lights out OR lay siege to my domain.

However…

These days, anyone with a phone, computer or Internet access can quickly become an armchair critic, troll or anonymous heckler in the digital crowd.

To the point where it moves from annoying TO personal and threatening etc.
And, as a society, as an industry and as humans we’re ill prepared to deal with this issue. It’s NOT going away, and it affects many of us, so what DO we do about it?

Scams, scams, everywhere are scams and misinformation.
In the digital world, it is more important than ever to be able to recognize scams and misinformation. The cybercriminals continue to evolve their tactics, they are playing a longer game these days, making it harder to detect when scams are afoot. scams come in so many flavors, pet scams, romance scams, business scams, COVID scams, charity scams, product scams, and the list goes on and on.

Scams include counterfeit goods and services not to mention the psychological warfare being waged against the world via social media and traditional media. if we continue to allow this to go unchecked we will find ourselves in a world we never wanted and can not escape. if we are going to live digital-first lives we must adopt the necessary skills to do so safely and step one is the ability to identify scams and misinformation.

tonight we will talk about what is a scam, how do you identify it, what are the right questions to ask, who do you tell if you think you're being scammed, how do you recover if you have been scammed. what do we as an industry need to do to help build better detection and protection against scams and misinformation?

Why do we do this shit, why do you do this shit, and why do they do this shit?

We’re all busy as hell. We rush off to do shit, in a rush to get shit done. The shit we do is critical and we’re all important to… Wait!

Why?

Why am I busy as hell? Why am I rushing off to do shit? Why is it so important I get shit done? Why is what I do critical to anyone?

I just assume I know. I get caught up in the whirlwind of shit like most people do. If I get too deep in the shit, I easily forget why I chose to be here in the first place. Did I just assume I knew my purpose without taking the time to reflect on it?

This is deeper than I thought.

Why did I want to get into this industry? Why am I here?

Reflection time.

OK, I think I got my shit figured out.

What about you? Do you think you’ve got your shit figured out too? Is it safe for me to assume you do?

What about them, you know, the business people, the everyday people, and the people who don’t do what we do? Think they got their shit figured out too?

Does any of this matter?

Hell yes, it all matters! If I don’t have my shit figured out, I have no purpose. If you don’t have your shit figured out, you don’t have purpose either. If my shit and your shit align, we can do good shit together. If they don’t align, we can’t. I’m in this shit, you’re in this shit, and they’re in this shit too. We’re all in this shit together. Some of us are aligned (with our purpose) and some of us aren’t. If and where we’re in alignment, meaning our purposes can serve each other’s purposes, we’re allies. Where there isn’t alignment, we’re adversaries.

Simple. Alignment = Ally. Miss-Alignment = Adversary.

Find your purpose first, then look for common ground in others. Don’t assume, validate. Assuming I know my purpose or your purpose or their purpose without validation leads to aimless bullshit. Lord knows, we have too much aimless bullshit already.

On tonight’s Security Shit Show, Ryan Cloutier, CISSP Evan Francen and I are going to tackle the wonderful world of job descriptions, recruiting and the disaster that appears to be getting people INTO the industry!

As a guide, the below should help frame the conversations!

Job descriptions (AND their meanings)
1) To be part of the team (you’re the first!)
2) To lead from the front (you’re the bullet shield)
3) To be THE voice (and get blamed)
4) To bridge DevSecOps (You’re buying coffee and donuts)
5) Drug free workplace (no coffee, tea, alcohol, weed, glue, or gluten)
6) To have the following (The tick-list from hell)
a) Degree (you know because that ALWAYS helps…)
b) CISSP (yea, it’s only an intern role, but we to keep up appearances)
c) 5 years of experience (ALL entry level people have that, right?!?)
d) CEH (we googled this, it sounded cool)
e) Knowledge of networking (WTF is the difference between 5, 5e, 6, etc.)
f) Experience with WiFi (A, B, G, F, E, 2.4, 2.5, 5 and many other numbers)
g) Fluent in acronym soup
h) Fluent in geek, an undergraduate in business, psychology, and PPTX

You get the idea; we’re going to dismantle this shit tonight!

This shit again…

Key pieces of technology that we rely on are broken and we have no recourse with the manufacture. Why is IT the only industry that when shit breaks, no one seems to be accountable or care to fix their faulty products, the majority of home routers are broken. In this time of COVID the security of our home routers is critical for our business, institutions, governments, and personal safety. It is a sad truth that I am not shocked when I hear this year’s newest home routers are all running out of date OS’s, out of date code with gaping holes and vulnerabilities.

If this was a car, stove, toy, building material, TV etc. putting us at risk, we would have recourse with the consumer protection agency, with the manufacture through a recall but because it is the Blackbox of mystery known as IT there is nothing we can do to hold the vendor accountable for putting us at risk. So, how do we change this? How do we, the consumer, take back the power to hold the manufacturers accountable for fixing and/or recalling their products when the products are putting the world at risk?

HINT: You're probably NOT the fairest of them all (and neither am I).

The dreaded (by some) topic of information security roles and responsibilities.

When people don't know their role, or they’re not held accountable for it, what happens? Too often, nothing happens. Information security falters, breaches happen, people suffer, and everybody is left pointing fingers at everybody else.

The facts:
• NOBODY is more responsible for your information security than you are.
• NOBODY should give a shit about your excuses.
• SOMEBODY suffers when you don't understand (or define) your role and play it as well as you can.
• A CISO can only do what he/she is EMPOWERED to do. Does burying them within IT, empower them?

So much shit to talk about in this episode, and there's sure to be some sparks flying (and maybe a disagreement or two).

Questions we'll cover (and more):
• Who the hell is responsible? You? Me? Them?
• At your organization, who's ultimately responsible for information security?
• At home, who's ultimately responsible for information security?
• Who's to blame when shit goes wrong?
• Where's accountability in all this?
• Worried about the Russians, the Iranians, the hackers taking all your shit? Whose problem is that and what are you going to do?
• You've got the CISO job! Yay! Are you empowered to do your shit? Why/why not?
So many angles to take on this and lots to discuss! Join us tonight (7/2) @ 10PM CDT to get the Shit Show Crew's take!

No…it’s geek.

Seriously, what the hell is it with our industries ability to make words up, spew out acronyms and do our level best to flummox and alienate anyone NOT like us? WE have a communication problem and yet we keep on inventing more and more obscure words and phrases to describe what we’re doing.

So this week we’re going to unpack that shit.

We’re going to get out the translators AND break down some of the stupidity that is geek speak and translate it TO plain and simple English that everyone can understand.

We’re NOT dumbing it down, because that implies the non technical folks “won’t understand” but we WILL demystify, deconstruct and break down some of the language barriers

Oh, and along the way we’re going to help us build a compendium that I’m in the middle of doing!

Join us OR die in a sea of acronyms that rivals that of the Military!!

Ryan picked a doozy of a topic tonight. Great discussion between Chris, Evan, and Ryan about the challenges we're facing in the super fast adoption of technology in all facets of our lives.

There are mental challenges, safety challenges, and of course, information security challenges. When you come to think of it, mental health, safety, and information security may not be separable anymore in our society.

These are very difficult challenges to solve and it's going to take all of us working together, even Oprah Winfrey (inside joke)!

Shout out to a helpful (and maybe even loyal) viewer Robert Hodges for calling our attention to a neat article titled “Should 'Killer Robots' Be Banned?”.

Do killer robots sound like a good idea to you? Think about it...

Certainly, Chris, Evan, and Ryan will have a few things to say about the topic.

Turned out to be a great discussion with Chris playing the devil's advocate. He certainly held his own!

It’s Chris’ go this week and he’s a little (maybe a lot) torqued about all the shit going on in the world right now. Our topic this week is ethics and morals. So far, we’ve affectionately given the episode name “Moral and Ethical Shit in a Shitty World”.

Some deep talk about some touchy shit.