The Security Shit Show

The InfoSec Mission

Information security is mostly a shit show, so we made the Security Shit Show. This is the place where shit gets real. No filter. Straight talk about shit that ain’t right in the information security industry (or life in general). Three industry experts share their daily experiences and pick a topic to discuss each week. The Security Shit Show is LIVE on Thursday nights and the fans are ENCOURAGED to participate. If it’s not fun, it’s definitely good therapy! This is not a commercial podcast, meaning we won't be hocking product or taking sponsors. We suppose this could change sometime in the future, but probably not.

  1. 07/11/2022

    Episode #97 Head in the Clouds

    "Why going to the cloud means more work for security not less, shared responsiblity is 100% your problem - Am I going to treat this like a green field, or the next dumpster to throw the data, systems, and stuff we can’t deal with in real life? - What are my expectations? (planning, timing, longevity, migration, business, etc.) - Will we use it as an enclave to simply separate developers from anything else, or vice-versa, OR will we take a stance and work with ALL the teams to build it out successfully? - DOES my cloud governance align with the rest of my business and technology policies and goals? - AM I willing to implement the recommendations that most cloud providers offer TO make things safer and more secure? - Can I manage the audit and compliance of a new world, and HOW will I integrate it? - Speaking of integration, WILL my business and technology actually function IN/WITH the cloud? - The cloud is MUCH more than someone else’s computers OR a spare data centre, but it still has to live somewhere, so WHERE does it live, and HOW do you get to it? - Where’s YOUR staff, how do they talk with the cloud, what controls, management, etc. - How much control will I have over my data in YOUR cloud? - Who’s got access TO my little slice of the cloud, hardware, system, bare metal, data, etc. - How do I (OR who’s going to) monitor YOUR cloud infrastructure, and MY systems for access, etc. - And if it’s on your side, do I get to see the logs - What’s the charges FOR monitoring - SLA’s etc? - Who’s managing the encryption for my data, if it’s YOU then where’s my key’s if it’s me what help etc. - I don’t want to catch cooties from YOUR other clients, how to you maintain separation/segmentation? - What options exist to backup my data, my configs, and what happens if YOUR systems go down? - What areas of the technology, services, systems, and environments fall into shared responsibilities? - Who has to deal with what when it goes wrong - Who get’s to point fingers, and who has to fix things (AND what timeframe, etc.) - ALL my data belongs to YOU… what happens about uptime, distribution, redundancy, AND company stability. - Technology roadmap in here too - What dependencies, partnerships, and vendors do THEY rely upon? - Let’s talk security, compliance, regulatory stance, etc. What do you have, AND how do you maintain it? - When we fall OUT of love, what happens, how do I migrate, what options are out there (and costs, etc.)"

    1h 35m

  2. 07/07/2022

    Episode #96 Dude where is my data

    Information security tells us that the job it is all about protecting data, protecting the confidentiality, integrity, and availability of the data ultimately to protect the human(s) the data is about. On average each human creates 146,880 MB of data per day for a staggering total of 1.145 trillion MB a day or 2.5 Quintillion bytes WHOA that’s a lot of data, where is all this data coming from and more importantly where is it going, who has it and how is it being used? How do I know my data is safe? How do I know I can trust that it is accurate? How do I know where my data is, has been, and is going? How will my data be used to manipulate and or harm me? DUDE Where is my data? And what are you doing with it?

    1h 49m

  3. 07/05/2022

    Episode #95 So, what is it that you'd say you do here_

    "Lots of us say that information security is EVERYONE'S responsibility. While this is sort of true, we use this as a copout more than anything else. The truth is, everyone has information security responsibilities but information security is NOT everyone's responsibility. See what we did there? Everyone has information security responsibilities. So, let's start at the top and work our way down. The Board of Directors, the CEO, other C-Levels, etc. Hey, CISO, what is it that you'd say you do here? The quality of your answer might say everything we need to know. You either know or you don't. If you know, share the answer with us (simpler, shorter answers are usually an indication of mastery, just sayin'). If you don't know, that's OK, BUT ONLY IF you don't pretend you do and you seek out the answer. Now that we got that squared away, MAYBE we can figure out what everyone else's responsibilities are. If we don't get this right, how the hell are we going to hold anyone accountable. If we can't hold anyone accountable, how the hell are we going to get any better?"

    2h 11m

  4. 07/01/2022

    Episode #94 Top 10 Let's talk Baselines

    Let's talk intelligence, machine learning, quantum and ALL the various future technologies and things we should be asking OURSELVES and OTHERS (our vendors, partners, suppliers, etc.) As we go forth into this brave new world...

    1h 31m

  5. 06/29/2022

    Episode #93 All this quantum talk has me entangled

    Every day we inch closer to a new computing reality, the arrival of commercially stable quantum computing, we hear about this new disruptive technology, that when unleashed will break the worlds strongest encryption in nanoseconds, that is a very scary proposition for any info-sec professional. There is work being done today to make quantum resistant encryption or so we hope. It is already difficult enough to secure and keep up with the systems that make up our modern world. Systems that are overly complex and running trillions and trillions of lines of code just using 1’s and 0’s, systems we already fail to protect every day, in part due to the complexity of them. If you think current technology is complex and at times confusing, you haven’t seen anything yet, quantum introduces a whole new level of complexity and way of thinking about what is happening, and why. What does this mean for us in the information security industry, will future system admins need PHD’s in quantum physics and discreet mathematics? Will we all need to get our CQISSP? Can we secure quantum? How will our world change? What new things we will be able to do? How will quantum be abused and misused by criminals and nation states. So may questions so little answers, tune in for a fun discussion on the impact of quantum computing and what the grey hairs have to say about it. All this and more on the Security Shit Show with Evan Francen, Chris Roberts, and Ryan Cloutier Thursdays' at 10pm central / 9pm mountain

    1h 55m

  6. 06/27/2022

    Episode #92 Math's Don't Lie, Humans Do.

    Don't overthink this, human. Just take my word for it. Math is beautiful, math is your friend, and math is trustworthy. Math DOES NOT lie. Math can be used to figure out bank balances, areas of shapes, rates of acceleration, even the angle of the sun in Asunción Paraguay at 11:42am (local time) on May 7th, 2022. The list of useful things math can do is endless. You, human, you're a different story. You are also beautiful, and you might be my friend, but you are not trustworthy. Humans have emotions. Humans have bias. Worst of all, humans LIE! What do we do when the math doesn't match up with the story you've told? You mention risk, math (whom I trust) tells me one thing, but you tell me something different. Why?

    2h 4m

  7. 06/26/2022

    Episode #91 It takes a village to raise a geek

    I'm fortunate, I am surrounded by good people whom are NOT like me, they bring different experiences, lives, thoughts, deeds, and viewpoints to all of life's interactions. That pool of good people continues to ebb and flow, often going weeks, months, and years between conversations. Some are thankfully more regular, and like clockwork we sit, talk, share ideas and breath a sigh of relief that all IS good in the world, at least at the very table we're occupying... The key is to raising the geek right? Don't shelter them. Don't surround them with kin, and DO put them in a world that will challenge them, force them to reconsider their views, open their eyes, and look beyond what is presented simply with first sight. Why this? Because sometimes we loose sight of what is important, what keeps us grounded, and that the world around us IS different, and that IS a good thing, it's something that we should NOT label, not poke at, ridicule, attempt to redirect with humor, or discount.. OR something we should NOT let others do either. That village? It's family. My Family.

    58 min

  8. 06/26/2022

    Episode #90 Keeping up with change

    When I sit back and think about it so much has changed in the last 24 months almost every part of our life’s is in some way much different now then it was before, and in others it is very much the same old story, so how do we keep up with all this change while keeping our sanity intact. Even in the last couple of weeks the cybersecurity landscape has changed significantly. The world has gone from “not going to happen to me”, or “we are doing enough to be compliant” to I need all the security and I need it now. The rules have changed, the risk has changed, the pace has changed. We have changed as a society and as an industry. Many of us have new opportunities, new roles, and new responsibilities, and for those of us who care there is too much to do, to much to take on to meet our goals and God forbid find time to take care of ourselves to prevent burn out and dropping to many of the wrong things disappointing ourselves and those we care about.

    1h 41m
See All (83)

Ratings & Reviews

4.5
out of 5
6 Ratings

About

Information security is mostly a shit show, so we made the Security Shit Show. This is the place where shit gets real. No filter. Straight talk about shit that ain’t right in the information security industry (or life in general). Three industry experts share their daily experiences and pick a topic to discuss each week. The Security Shit Show is LIVE on Thursday nights and the fans are ENCOURAGED to participate. If it’s not fun, it’s definitely good therapy! This is not a commercial podcast, meaning we won't be hocking product or taking sponsors. We suppose this could change sometime in the future, but probably not.

Information

  • Creator
    The InfoSec Mission
  • Years Active
    2020 - 2022
  • Episodes
    83
  • Rating
    Explicit
  • Copyright
    © Copyright The InfoSec Mission
  • Show Website
    The Security Shit Show