Cover image of The Southern Fried Security Podcast
(29)
Technology

The Southern Fried Security Podcast

Updated 7 days ago

Technology
Read more

Read more

iTunes Ratings

29 Ratings
Average Ratings
23
3
3
0
0

Listen at work or on the road

By DevSec - Mar 08 2016
Read more
This is a great security podcast filled with lots of great commentary on the latest security news. Lots of great insight and enjoyable to listen to. Also, the intro song is awesome! :)

Indispensable security podcast

By EDinATL - Feb 06 2016
Read more
I enjoy these guys and gain valuable insights into a complex and exciting industry. Very well put together show every time. I’m not the biggest fan of the intro music, but it does remind me that we’re all southerners, which is a good thing.

iTunes Ratings

29 Ratings
Average Ratings
23
3
3
0
0

Listen at work or on the road

By DevSec - Mar 08 2016
Read more
This is a great security podcast filled with lots of great commentary on the latest security news. Lots of great insight and enjoyable to listen to. Also, the intro song is awesome! :)

Indispensable security podcast

By EDinATL - Feb 06 2016
Read more
I enjoy these guys and gain valuable insights into a complex and exciting industry. Very well put together show every time. I’m not the biggest fan of the intro music, but it does remind me that we’re all southerners, which is a good thing.

Listen to:

Cover image of The Southern Fried Security Podcast

The Southern Fried Security Podcast

Updated 7 days ago

Read more

Rank #1: Episode 58: Episode 168 - Passwords Passwords Passwords

Podcast cover
Read more

Oct 13 2015

30mins

Play

Rank #2: Episode 90: Episode 198 - Building a Security Strategy Part 1

Podcast cover
Read more

Episode 198 – Building a Security Strategy – Part 1

Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach…

  1. What is a Strategy?
    1. What’s the difference between a strategy and a policy?
      1. A policy is binding statements
      2. A strategy is thought out planning
      1. A list of tech you want to buy
      2. A remediation plan that follows an audit/assessment
      3. A continued justification for the way you’ve always done things
      4. The stuff your favorite vendor told you needs doing
    2. What a strategy isn’t…
      1. Based on the needs and desires of the org and its senior leaders
      2. Culturally relevant
      3. A guide to where investment (money and people) need to be made
      4. Balanced between boldness and reassurance
      5. Built on a set of capabilities that map to business success criteria
    3. A strategy is…
    1. Creates a consistent frame of reference for talking about the program
    2. Helps senior leaders understand the where/why of the investments
    3. Lays out a connected story for CFOrg to make budget less hard
    4. Provides a decision-making framework that enables effective choices
  2. Why do you want one?
    1. Understand the business of your Business
    2. Know who your stakeholders really are
    3. Capability = (Tech + Service) * Process
    4. Crawl, Walk, Run
    5. It Takes A Village
  3. How do I make one?

In our next episodes we’ll break down each of the steps and talk more about strategy…

Jun 24 2017

25mins

Play

Rank #3: Episode 78: Episode 187 - The Internet Is Down

Podcast cover
Read more

Martin, Steve, and Yvette discuss the recent DDoS of the DNS provider Dyn and what information security people should be considering in a world where terabit DDoS is a reality.

Oct 25 2016

21mins

Play

Rank #4: Episode 74: Episode 183 - Third Party Risk

Podcast cover
Read more

Martin, Andy, and Steve talk about third party risk programs in light of breaches at Target, Banner Health, and other unfortunate souls.

Aug 17 2016

25mins

Play

Rank #5: Episode 71: Episode 180 - Interview with Patrick Heim

Podcast cover
Read more

This evening, Martin sat down with Patrick Heim from Dropbox. Enjoy the interview, and the gang will be back next episode.

May 19 2016

24mins

Play

Rank #6: Episode 63: Episode 172 - Security Awareness Deep Dive

Podcast cover
Read more

Topic: Security Awareness

Some people think it's a waste of time:

Why you shouldn’t train employees for security awareness Schneier on Security Awareness Training Does security awareness training even work?

But, that said, it's a requirement for government agencies and regulated industries:

HHS Security Awareness and Training Requirements

Privacy and Security Training requirements for multiple regulations

DISCUSSION & OPINION: Is Security Awareness worth the time?

If you have to do it, make it better: Ten Recommendations for Security Awareness Programs

Find us on Twitter: @SFSPodcast @armorguy @jsokoly @andywillingham @SteveD3 @jetsetyvette

And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter.

Jan 19 2016

26mins

Play

Rank #7: Episode 83: Episode 191 - Gone Phishin'

Podcast cover
Read more

The Southern Fried Security Podcast - Episode 191 - Gone Phishin’

Phishing your employees - Does it make them aware or do they feel mistrusted?

  1. Intro - Phishing - what is it typically?
    1. Example - Emails from a Prince in Nigeria, phished on Match.com, etc
    1. What is it? An email designed to get employees to click on suspicious links or give their credentials
    2. Discuss what I designed as part of my phishing campaign - Partnered with trusted vendor
    3. Designed an email, google doc, supplied AD user list, launch
    4. Stats from our phishing campaign
    5. How GMail caught it and started dumping the emails into spam but some employees even went into spam and clicked (RSA breach!)
    6. Employees used Slack to warn others. Can you avoid neighbors leaning over the cube telling each other? Is this when “see something, say something?” becomes a good thing? How to get employees to follow it?
  2. What about when you phish your employees to improve security?
    1. How often?
    2. Do you target specific areas you know are susceptible (Ex - Marketing, Finance)
    3. What about Engineering? How do you trick them?
  3. What are the benefits of a targeted phishing campaign?
    1. Start with education first. Then to sanctions.
    2. Use to teach - not ridicule.
    3. C-Levels *have* to be part of it.
  4. How do you prevent employees from feeling that Security doesn’t trust them?
  5. People are still the weak link! Solutions and hardware can’t prevent that one user from clicking on a link that creates havoc for the company.
    1. We blow holes in security to allow Phish email through.  What if vendor gets compromised?
  6. Downsides?

Mar 01 2017

29mins

Play

Rank #8: Episode 67: Episode 176 - Money Changes Everything

Podcast cover
Read more

InfoSec programs without money are like cereal but no milk, peanut butter but no jelly, Milli but no Vanilli… (Get over it, I’m old - Martin)

Martin is doing a talk on “The ABCs of Getting Your InfoSec Program Funded” and we’re going to discuss how this works in the real world at all of the different levels.

Find us on Twitter: @SFSPodcast @armorguy @jsokoly @andywillingham @SteveD3 @jetsetyvette

And if you have any feedback, questions, or comments, drop us a comment or find us at @SFSPodcast on Twitter. And if you’ve found our Facebook page, we’re sorry. We’re going to fix that up.

Mar 23 2016

28mins

Play

Rank #9: Episode 56: Episode 166 - Interview with Martin Fisher

Podcast cover
Read more

This week Martin and Joseph sat down and talked about stress, burnout, and why Martin took a break for a while. 

Sep 15 2015

23mins

Play

Rank #10: Episode 82: Episode 190 - Burnout

Podcast cover
Read more

Episode 190 - Burnout

  1. Intro
    1. Why the topic of burnout?
      1. Because it affects all of us, and yet it’s not talked about much in this field
      2. Disclaimer: We am not a doctor. Or a psychiatrist or psychologist. Nor did we stay in a holiday inn express...
    1. Reason for sabbatical
    2. Martin’s story
  2. Personal Connection
    1. Symptoms may mirror depression
      1. “The Creeping Malaise”
      1. Weight
      2. Panic Attacks, etc
      3. Isolation - even while in a crowd
    2. Physical symptoms
    3. It’s been around for a long time.  http://www.secburnout.org/ & http://www.slideshare.net/secburnout/burnout-in-information-security are from 2011/12
  3. Recognizing Burnout
    1. “It won’t happen to me”
    2. “I just have to make it through this busy season and this end of quarter and the end of FY and…”
    3. “Everybody else is exactly the same…”
    4. Conferences are not vacations and shouldn’t be seen that way.  Cons can be very hard work.
  4. Easy Traps
    1. Outdoor hobbies
      1. Just get outside and away from screens
    2. A physical, people you can talk to in person community
      1. http://www.newyorker.com/humor/daily-shouts/i-work-from-home
      2. http://theoatmeal.com/comics/running
    3. Exercise & diet
    4. Creating and enforcing boundaries (emotional and physical)
  5. Mitigation Strategies
    1. Not liking your job or employer  (that’s quite the opposite problem, actually)
    2. Just hard work for a little while
  6. What burnout isn’t…
    1. http://lisacongdon.com/blog/2016/12/on-burnout-and-the-slow-rebuilding/
  7. Resources
  8. Outro

Feb 14 2017

31mins

Play

Rank #11: Episode 41: Episode 154 - Open Source Architecture w/@mubix

Podcast cover
Read more

 Martin & Steve get a change to talk to Rob Fuller (@mubix) about his ideas on Open Source Architecture.  It's a great conversation where you can see the idea grow in front of your own ears!

The link to the Open Source Architecture group is:

https://groups.google.com/forum/#!forum/ossag

Remember BSidesATL and BSidesLV!

Mar 03 2015

32mins

Play

Rank #12: Episode 62: Episode 171 - 2015 in Review

Podcast cover
Read more

Tonight, Martin, Joseph, Steve, and Andy got together and went over how their 2015 predictions went, and laid out what their predictions were for 2016.

The gang is on break from now until the new year, happy holidays!

Nov 17 2015

32mins

Play

Rank #13: Episode 49: Apple and Privacy with Guillaume Ross

Podcast cover
Read more

The show notes for this episode have some screenshots, see the website for the full notes:

http://www.southernfriedsecurity.com/apple-and-privacy-with-guillaume-ross/

Find us on Twitter: @SFSPodcast @jsokoly @gepeto42

Jun 09 2015

26mins

Play

Rank #14: Episode 42: Episode 155 - Terrible Tactics

Podcast cover
Read more

The Show Notes

Opening Music

BSides Atlanta

  • SFS Podcast is a sponsor

  • Martin is presenting “The Art of Speaking with Muggles”

  • Sold out but sponsors have tix they are handing out. Also Eventbrite courtesy.

Stories:

It’s hard to find infosec folks…

http://www.csoonline.com/article/2894377/infosec-staffing/shortage-of-security-pros-worsens.html

http://www.zdnet.com/article/how-infosec-hiring-lost-its-way-harsh-findings-in-leviathan-report/

The number of things wrong with the editorial are immense…  We read it so you don’t have to….

http://www.darkreading.com/application-security/which-apps-should-you-secure-first--wrong-question/a/d-id/1319355

Anthem declines post-breach audit from regulators…

https://threatpost.com/anthem-refusing-oig-security-audit-following-breach/111476

Twitter: @SFSPodcast

www.SouthernFriedSecurity.com

Mar 10 2015

31mins

Play

Rank #15: Episode 91: Episode 199 - Building a Security Strategy - Part II

Podcast cover
Read more

Episode 199 - Building A Security Strategy - Part II

  1. Recap
    1. Strategy vs Policy
    1. Understand the business of your Business
    2. Know who your stakeholders really are
    3. Capability = (Tech + Service) * Process
    4. Crawl, Walk, Run
    5. It Takes A Village
  2. The Question is “How do I make one?”
    1. Almost no business is in the business of information security
    2. Follow The Money
    3. Understand The Decisioning Process
    4. “Culture Eats Strategy For Breakfast”
    5. Vocabulary Matters
  3. Understand the Business of Your Business
    1. Know the Formal and Informal Org Charts
    2. Influencers are as important as Deciders
    3. Beware the Spoiler
    4. “Culture Eats Strategy For Breakfast”
    5. Don’t Give a Vote or Veto Unnecessarily
  4. Know Who Your Stakeholders Really Are
    1. We will keep discussing this.
    2. Underestimating the power of culture WILL result in your plan faling
    3. That’s a majority of the reason that Strategy Is Hard
  5. Culture Is The Key

Aug 09 2017

28mins

Play

Rank #16: Episode 24: 2014 Security Summer Camp - Microcast 1

Podcast cover
Read more

It's Security Summer Camp time!

Join Martin and Jack Daniel over some breakfast and listen in.

Aug 04 2014

11mins

Play

Rank #17: Episode 76: Episode 185 - Mo' Money

Podcast cover
Read more

For the first time we can think of it's just Yvette and Martin on this episode.  The two of them talk about what to think about and what you might do if you run into some extra budget at the end of the year.  Do you invest in shiny? What about services? Some training might be nice?  Or so you score points with the team down the hall?

Sep 21 2016

20mins

Play

Rank #18: Episode 14: Episode 130 - Sweet Tea

May 13 2014

27mins

Play

Rank #19: Episode 48: Episode 160 - Canadian Invasion

Podcast cover
Read more

This week Steve and Joseph were joined by a guest from America's hat: Guillaume Ross. 

The IRS and PII as verification:

Security checks that rely on PII put businesses and consumers at risk | CSO Online http://www.csoonline.com/article/2927652/data-protection/security-checks-that-rely-on-pii-put-businesses-and-consumers-at-risk.html

If you're not paying for the service, you're probably the product:Adios, Hola! - Why you should immediately uninstall Hola http://adios-hola.org/

Hola VPN client vulnerabilities put millions of users at risk | CSO Online

http://www.csoonline.com/article/2928817/vulnerabilities/hola-vpn-client-vulnerabilities-put-millions-of-users-at-risk.html

Facebook Uses PGP

Official announcement:

https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302

https://threatpost.com/facebook-bolsters-message-security-adds-openpgp/113079

Find us on Twitter:

@SFSPodcast

@jsokoly

@SteveD3@gepeto42

Jun 02 2015

35mins

Play