The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.

Well, if the Mayans got it right this is gonna be the final episode of our three year run....but we're not holding our breath.

Andy and Martin talk about the Top 5 Stories of 2012 and share what they think 2013 will be "The Year of"...

Be sure to join Martin at Shmoocon in February for his talk on Bringing The Sexy Back to Defense In Depth...

Direct download: SFS_Podcast_-_Episode_94.mp3
Category:podcasts -- posted at: 8:55pm EDT

Join Martin, James (@myrcurial) Arlen, and Alex (@alexhutton) Hutton as they record the final microcast from SecZone 2012....

We promise that no hackers or podcasters were injured during the recording of this podcast.

Direct download: Microcast_3_from_SecZone.mp3
Category:microcasts -- posted at: 4:13pm EDT

Martin takes a few minutes to talk to Andy Ellis (known better to some as @csoandy), Chief Security Officer for Akamai and James Arlen (@myrcurial) to talk about their presentations coming up at SecZone 2012.  There's also a brief discussion of how the "Cabana Track" is working out here.

Direct download: SFS_Podcast_-_Cali_Microcast_2.mp3
Category:microcasts -- posted at: 7:13pm EDT

Welcome to Cali!

Martin is attending and speaking at SecZone 2012 in Cali, Colombia this week.  In this first microcast we talk with Ed Rojas who is the organizer, chief host, and Main Man of SecZone.

The audio quality is not quite what we'd like it to be...we'll try to find quieter locations for future microcasts.

Direct download: SFS_Podcast_-_SecZone_Microcast_1.mp3
Category:microcasts -- posted at: 7:25am EDT

This evening, Martin, Steve, Andy, and Joseph Tackled some stuff that just makes you say “duh.”

Starting off, we talked about the exciting Macy’s Thanksgiving Day Ticker Tape Parade, which unleashed confidential data upon unsuspecting parade watchers:

http://www.wpix.com/news/wpix-confidential-confetti-at-thanksgiving-parade,0,4718007.story

We went straight from there to a sticky topic that’s been making the rounds lately about AT&T:

http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/

To lighten the mood, we talked about some of Facebook’s recent decisions and how it’s affecting the greater Facebook population:

http://threatpost.com/en_us/blogs/facebook-proposes-eliminating-user-voting-system-privacy-changes-112112

http://www.wired.com/business/2012/11/facebook-copyright-hoax/

We also talked about good friend of the podcast Wendy Nather’s article on Threat Intelligence Hype:

http://www.darkreading.com/security-monitoring/blog/240142229/threat-intelligence-hype.html

And as a reference for those of you interested in the incident response report for South Carolina that we discusses a few weeks back, that’s available for public viewing now:

https://docs.google.com/viewer?url=http%3A%2F%2Fgovernor.sc.gov%2FDocuments%2FMANDIANT%2520Public%2520IR%2520Report%2520-%2520Department%2520of%2520Revenue%2520-%252011%252020%25202012.pdf

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_93.mp3
Category:podcasts -- posted at: 8:41pm EDT

Martin, Andy, and Steve get together to talk about....

3 Ways (with 2 of them being decent and one a complete FAIL) To Get Execs to Listen About Risk....  (Summary: There is no ROI for Security....)

http://www.darkreading.com/risk-management/167901115/security/news/240012747/3-ways-to-get-executives-to-listen-about-risk.html

A typical article on Anon....with some good comments from Steve on OpVendetta

http://www.csoonline.com/article/720734/anonymous-protests-planned-over-government-surveillance

3 smart people and one chucklehead talk to George V. Hulme about BCP/DR when you are using The Cloud

http://searchcloudsecurity.techtarget.com/news/2240170168/Sandy-put-business-continuity-planning-in-spotlight

Direct download: SFS_Podcast_-_Episode_92.mp3
Category:podcasts -- posted at: 8:54pm EDT

For the first time in who knows how long, we had the whole crew on the show this evening, and we hit some really fun stories.

First, there are a few upcoming InfoSec events that you might want to be aware of. First, BSidesDFW is this upcoming weekend, November the 3rd: http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012. 

Next weekend are three different BSides events, BSidesDelaware, Portland, and Jackson: http://www.securitybsides.com/w/page/28563447/BSidesDelaware http://www.securitybsides.com/w/page/40113672/BsidesPDX http://www.securitybsides.com/w/page/53447313/BSidesJackson

Then we jumped into our first story for the evening, the recent breach in South Carolina:

http://www.cbsnews.com/8301-505245_162-57542255/haley-taxpayer-info-didnt-need-to-be-encrypted/
http://www.reuters.com/article/2012/10/29/us-usa-cybersecurity-southcarolina-idUSBRE89S13T20121029

Once our heads stopped spinning from some of those quotes, we went into a pretty cool, old style hack that Barnes and Noble recently disclosed:

http://www.wired.com/threatlevel/2012/10/barnes-and-noble-pos-hack/

From those, we transitioned into a discussion on Incident Response:
http://www.infosecisland.com/blogview/22470-Have-You-Added-Personas-to-your-Incident-Response-Program.html

As well as Mike Rothman's great article on security tradeoffs:

http://www.darkreading.com/blog/240010015/making-security-trade-offs.html

After our MAD Security Minute for the week, we wrapped up with a discussion of IAM from Darkreading:

http://www.darkreading.com/identity-and-access-management/167901114/security/news/240009630/7-costly-iam-mistakes.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_91.mp3
Category:podcasts -- posted at: 9:26pm EDT

Martin recorded an interview with Matt and Chris talking about an open source project sponsored by SecureState to bring a pragmatic and usable risk framework to "the masses".

You can get more information on iRisk at:

http://community.securestate.com

More MAD Security minutes coming starting next episode!

Direct download: SFS_Podcast_-_Episode_90.mp3
Category:podcasts -- posted at: 5:29pm EDT

This evening we had a special guest, the always lovely @securityintern, along with our regular crowd of misfits.

We wasted no time jumping straight in to our stories tonight, led off by good friend of the podcast, Wendy Nather's story on When Monitoring becomes a liability:

http://www.darkreading.com/security-monitoring/blog/240008609/when-monitoring-becomes-a-liability.html

We followed that up with an interesting article from Microsoft, discussing malware and software piracy:

http://blogs.technet.com/b/mmpc/archive/2012/10/09/sirv13-be-careful-where-you-go-looking-for-software-and-media-files.aspx

And last but not least, we dove into an article the likes of which only comes around every now and then. An article so special and full of wisdom that we had to bring it up:

http://www.csoonline.com/article/718462/top-8-things-csos-wish-they-had-a-solution-for

We close tonight with a brief interview with Martin's co-presenter at HouSecCon, Michelle Klinger.

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_89.mp3
Category:podcasts -- posted at: 8:51pm EDT

Martin got invited to speak (with the always fantastic Michelle Klinger) at HouSecCon 2012 (www.houstonseccon.com).  We take a couple of minutes to talk with Michael Farnum (@m1a1vet) about the conference.

Direct download: HouSecCon_2012_MicroCast.mp3
Category:podcasts -- posted at: 2:53pm EDT

Martin, Andy, Steve, and Yvette are together to talk about...

Hakin9 gets trolled...HARD.

http://www.theregister.co.uk/2012/10/05/hakin9_silliness/

City of Tulsa CiO - A Cautionary Tale

http://blogs.csoonline.com/security-leadership/2394/what-happened-tulsas-cio-could-happen-you

Anatomy of A Complete IT Failure and Meltdown

http://www.informationweek.com/security/attacks/exclusive-anatomy-of-a-brokerage-it-melt/240008569

Word of Warcraft....Think Of The Avatars!

http://arstechnica.com/gaming/2012/10/hack-temporarily-turns-wow-towns-into-piles-of-corpses/

Of course we have our MAD Security Minute and information from Jamie Arlen on how you can help Doing It Right Security...

doinginfosecright.com

Ten IT Ops use cases that will make you cringe...because you've probably lived them.

http://www.securityweek.com/security-not-just-external-dont-forget-other-security

Direct download: SFS_Podcast_-_Episode_88.mp3
Category:podcasts -- posted at: 9:19pm EDT

Episode 87

Brought to by MAD Security and the support of viewers like you… 

This week, we started with our quick Moment of Shill, where we discussed the plethora of upcoming conferences:

DerbyCon - Sept 28-30
https://www.derbycon.com/
BruCon - Sept 26-27
http://2012.brucon.org/
HouSecCon - Oct 11
http://houstonseccon.com/
BSidesDFW - Nov 3
http://www.securitybsides.com/w/page/50488342/BSidesDFW%202012
BSidesATL - Oct 19
http://www.securitybsides.com/w/page/58266249/BSidesATL-2012
BSides - Jackson - Nov 10
http://www.securitybsides.com/w/page/53447313/BSidesJackson
SecZone - Cali, Colombia - Dec 3-7
http://www.securityzone.co/indexeng.html

For our stories this evening, we dove straight in to the hullabaloo surrounding this most recent Internet Explorer patch:

http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/240007691/multiple-targeted-ie-attacks-underway-microsoft-to-release-patch-tomorrow.html

We also tackled Sophos' joining of the big boys and their recent challenges with false positive signatures:

http://www.csoonline.com/article/716892/sophos-admits-bad-update-slamming-its-anti-virus-software-customers

And, finally, some great career building advice from Javvad and SpaceRogue

https://www.youtube.com/watch?v=am3TmXm3doA

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_87.mp3
Category:podcasts -- posted at: 8:51pm EDT

Go to www.southernfriedsecurity.com for complete show notes!

Direct download: SFS_Podcast_-_Episode_86.mp3
Category:podcasts -- posted at: 7:20pm EDT

Martin, Steve, Joseph, and Yvette gather for a quick discussion of a few news articles and we learn about Hacker Academy.  We also learn that Joseph and Skype don't mix and that while you can get 3 of us in the same city it doesn't mean we're going to meet up to record.

Direct download: SFS_Podcast_-_Episode_85.mp3
Category:podcasts -- posted at: 7:28pm EDT

This week, we have an exciting new announcement: MAD Security has come on as our first official sponsor, and we're glad to work with them. We're really excited about all the work that they do with the community, and you'll hear more content from them with us in the coming weeks.

For our stories tonight, Martin, Yvette, and Joseph reminisced a bit about their experiences in Vegas, then got right down to Dave Shackleford's article in response to Dave Aitel's article about security awareness:

http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness?page=1

http://www.infosecisland.com/blogview/22057-No-Infosec-Sacred-Cows.html

Then, to close things out, talked a bit about Iran and their  recent announcement that they will be separating themselves away from the rest of the Internet:

http://www.telegraph.co.uk/news/worldnews/middleeast/iran/9453905/Iranian-state-goes-offline-to-dodge-cyber-attacks.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_84.mp3
Category:podcasts -- posted at: 9:00pm EDT

We talk with Jennifer Jabbusch-Minella about Black Hat, BSides Las Vegas, and DefCon from the Barracuda Cabana at the Artisan Hotel during BSides Las Vegas....

Direct download: Las_Vegas_Microcast_5.mp3
Category:podcasts -- posted at: 7:33pm EDT

We're at four installments of discussions with speakers and other folks at BSides Las Vegas.  Recorded live in the Barracuda Cabana located poolside at the Artisan Hotel...

Direct download: SFS_Podcast_Microcast_4.mp3
Category:podcasts -- posted at: 7:11pm EDT

The third installment of talks with speakers and attendees at BSides Las Vegas.  Recorded poolside in the Barracuda cabana at the Artisan Hotel.

Direct download: SFS_Podcast_Microcast_3.mp3
Category:podcasts -- posted at: 5:25pm EDT

Yet another quick conversation at the Barracuda Cabana poolside at the Artisan during BSides Las Vegas...

Direct download: SFS_Podcast_-_Las_Vegas_Microcast_2.mp3
Category:podcasts -- posted at: 4:38pm EDT

Recorded live at the Barracuda Cabana poolside at BSides Las Vegas we bring you short chats with speakers and attendees at this years premiere un-conference....

Direct download: SFS_Podcast_-_Las_Vegas_Microcast_1.mp3
Category:podcasts -- posted at: 3:30pm EDT

This episode was a momentous occasion, as all five members of the podcast were in the same place, and we wasted no time in getting into some of the fun stories that have popped up in the past few weeks.

First, Cisco and their great Cloud debacle:
http://www.csoonline.com/article/710281/cisco-apologizes-for-privacy-confusion-makes-cloud-service-an-opt-in-feature

Then, we get into a lively discussion of PCI and the FBI’s recent credit card ring bust:

And finally, on a lighter note, a suburb of Chicago deals with what may or may not be hackers, which is where we get our picture for this episode:
http://www.chicagotribune.com/news/local/suburbs/lemont/chi-police-hacker-lemont-tornado-siren-20120703,0,1739228.story

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. And come out and say hi to us in Vegas during BH/DC/BSidesLV

Direct download: SFS_Podcast_-_Episode_82.mp3
Category:podcasts -- posted at: 8:53pm EDT

Dwayne and Cindy from Tripwire join Martin to discuss the latest Ponemon Institute study underwritten by TripWire which analyzes some important questions about how Risk Based Programs are faring.

While it's not the Ne Plus Ultra of reports and, to be fair, we have somewhat lampooned Ponemon in the past it is a decent start on seeing how Risk Based Ideology is impacting programs around the world.

The report itself can be found at

http://www.tripwire.com/ponemon2012/

See you next time!

Direct download: SFS_Podcast_-_Episode_81.mp3
Category:podcasts -- posted at: 8:09pm EDT

Episode 80 – Winners and Losers

Tonight, Martin, Steve, and Joseph announce the first winner of the Southern Fried Security Elevator Pitch contest: Evan Keiser! Congrats! We still have 3 BSidesLasVegas tickets to give out, so make sure you send in your entries.

We also discussed a few stories tonight.

First, we talked about Adobe, and their recent dealings with patching their flagship CS5 product:

http://www.securityweek.com/adobe-changes-tune-forcing-paid-upgrade-fix-security-flaw

Then, we talked about the newly proposed .secure TLD, and some of those ramifications:

http://www.wired.com/threatlevel/2012/05/dot-secure/

And lastly, we talk about a fantastic article about how to identify the real threats to your organization from DarkReading:

http://www.darkreading.com/threat-intelligence/167901121/security/security-management/240000308/4-ways-to-identify-the-real-threats-to-your-organization.html

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. And don’t forget to submit your entries to sfspodcastcontest@gmail.com

Direct download: SFS_Podcast_-_Episode_80.mp3
Category:podcasts -- posted at: 8:29pm EDT

Fresh from SOURCE Boston Josh, Bob, and Martin pick up a discussion that started at the conference...

We hope you enjoy!

Direct download: SFS_Podcast_-_Episode_78.mp3
Category:podcasts -- posted at: 7:03pm EDT

Martin and Yvette take a quick look at some news from this week, review SOURCE Boston (awesome con, by the way), and give major props to BSides Chicago...

The Stories:

VMWare Source Code Doxed...but don't worry.

http://www.cio.com/article/705108/VMware_Source_Code_Stolen_Impact_Unclear?source=CIONLE_nlt_infosec_2012-04-27

Who's protecting your critical infrastructure?  Why Neo and Trinity are, dude!

http://www.newscientist.com/article/dn21756-bullet-time-to-stop-cyber-attacks-on-power-grids.html

Review of an awesome talk given at SOURCE Boston about making Blue Teams better...

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/232900905/security-teams-need-better-intel-more-offense.html

The Shout Outs:

SOURCE Boston - you should go.  Really.  It's awesome.

http://www.sourceconference.com/boston/

BSides Chicago....ya done good, folks.

http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/Missing-Opportunities-Making-things-worse-by-asking-all-the/bc-p/5640879#M932

http://securitymoey.com/bsideschicago-2012-career-panel/

http://www.jemurai.com/2012/04/bsides-chicago-2012/

Remember to send your contest entries to SFSPodcastContest@gmail.com!

Direct download: SFS_Podcast_-_Episode_77.mp3
Category:podcasts -- posted at: 8:25pm EDT

Andy Willingham makes his triumphant return to the Southern Fried Security Podcast after his sabbatical.

We're also joined by friend-of-the-podcast Jamie Arlen AKA @myrcurial to talk about these stories...

Mac Malware: Sign of the End Times?

http://threatpost.com/en_us/blogs/new-mac-malware-sabpub-used-targeted-attacks-041612

The Chinese done did the Cyber-APT!

http://www.thetechherald.com/articles/China-blamed-for-RSA-attack-during-Armed-Services-hearing/16455/

Monitoring, without responding, is simply Log Aggregation.

http://www.darkreading.com/security-monitoring/167901086/security/security-management/232900312/is-monitoring-the-new-must-have-of-security.html

As mentioned you can win one or more BSides-Las Vegas passes by answering, in 200 words or less, what you would say to your CEO if asked "What does your department do and what should we invest in to make things better?"

Send your entry to sfspodcastcontest@gmail.com!

Direct download: SFS_Podcast_-_Episode_76.mp3
Category:podcasts -- posted at: 8:39pm EDT

This evening, the gang is all here! Martin, Joseph, Steve, and Yvette all jump on to talk about some new and exciting breach type stories.

First, we talked about our first credit card payment processor breach since Heartland, Global Payment Systems.

http://krebsonsecurity.com/2012/04/global-payments-1-5mm-cards-exported/

http://www.darkreading.com/security/privacy/232800063/global-payment-systems-compromised-in-massive-breach.html

And if we're talking breaches, we had to talk about this year's Verizon DBIR:

http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_75.mp3
Category:podcasts -- posted at: 9:16pm EDT

Martin and Steve are joined by Michelle Klinger to talk about stories as well as the talk Martin and she are giving at SOURCE Boston...

The Stories...

An Anonymous OS...

    http://www.thetechherald.com/articles/Anonymous-announces-a-new-somewhat-official-OS/16427/

Microsoft exploit code gets released...and could go after millions of machines

    http://www.informationweek.com/news/security/app-security/232602800

    http://threatpost.com/en_us/blogs/researcher-says-5-million-machines-exposing-rdp-service-online-031912

The FBI can't unlock an Android phone....Oh, dear.

    http://www.wired.com/threatlevel/2012/03/fbi-android-phone-lock/

As always you can follow the podcast twitter feed at @SFSPodcast...

Direct download: SFS_Podcast_-_Episode_74.mp3
Category:podcasts -- posted at: 6:06pm EDT

Tonight, it's just Martin and Joseph, and they're hitting some of the breaking news of the evening. First, they talk about the Security Bloggers Meetup from RSA, and props to all the winners and nominees:

http://www.ashimmy.com/2012/03/social-security-blogger-award-winners.html

Then, we get in to the real meat of the show tonight: Sabu and the FBI arrests:

http://www.fbi.gov/newyork/press-releases/2012/six-hackers-in-the-united-states-and-abroad-charged-for-crimes-affecting-over-one-million-victims

http://erratasec.blogspot.com/2012/03/notes-on-sabu-arrest.html

To close out, we brought up some fun news for this summer: BSidesLasVegas2012 is offering mentorship for those who want to break in to the security speaking "circuit". Check that out here:

http://www.securitybsides.com/w/page/51614272/BSidesLV%202012

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_73.mp3
Category:podcasts -- posted at: 8:47pm EDT

Tonight, we announce ourselves a new member: Yvette Johnson! (@jetsetyvette on twitter) She's going to bring a softer side to the podcast. So of course, we picked us two stories on opposite ends of the spectrum to get her started.

First, we had us a story of folks doing it right: Liquidmatrix. Read this entire article. Seriously. Now do it again. A fantastic article, we had nothing but good things to say about it.

http://www.liquidmatrix.org/blog/2012/02/21/we-are-losing/

On the very opposite end of the spectrum, an article from Forbes. A textbook example of FUD marketing. (For prior reading, check out this article for a little background: http://www.loglogic.com/blog/what-does-s-stand )

http://www.forbes.com/sites/petercohan/2012/02/17/loglogic-helps-ceos-sleep-at-night/

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_72.mp3
Category:podcasts -- posted at: 8:39pm EDT

Tonight it's just Martin and Joseph, so we decided to hit some of the hard hitting topics of the last week:

First, we talk about a fantastic article from Dark Reading about "Do you need a Security Operations Center":

http://www.darkreading.com/security-monitoring/167901086/security/perimeter-security/232500661/do-you-need-a-security-operations-center.html

Then, we get warmed up for our rants of the evening with Steve's article about the VeriSign disclosures, or lack thereof:

http://www.thetechherald.com/articles/VeriSign-left-executives-and-the-public-in-the-dark-about-breaches/16168/

And finally, we get to a nigh-impenetrable blog post from Trustwave, talking about why they issued a Certificate Authority to a private organization:

http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html

We wrap up with a nice wrap-up of Shmoocon from Martin, and announcements about SOURCE Conference.

As always, you can find the podcast here: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_71.mp3
Category:podcasts -- posted at: 8:48pm EDT

Nick Selby, of the Police Led Intelligence blog, takes some time from our future while he's in Singapore to talk with Martin about just converged security, incident response, APT (APT!!??), and who won the Super Bowl.

Direct download: SFS_Podcast_-_Episode_70.mp3
Category:podcasts -- posted at: 8:14pm EDT

Episode 69 - Offensive Security Redux

Tonight Martin, Joseph, and Steve touch on some fun topics tonight,

revisiting some of our conversations from about this time last year in

Episode 43. Without further ado - our stories for the evening:

It's the breaches of the week!

http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/

http://www.thetechherald.com/articles/24-million-customer-accounts-exposed-in-Zappos-hack/16025/

And for the second half of our podcast, we discussed a return to

Offensive Security, thanks to this article by George Hulme:

http://www.csoonline.com/article/698237/enough-defense-is-it-time-for-an-it-security-offensive-

And for your bonus image for the day, we may have dug up an image of

Alex Hutton during his college days:  

I'm not saying this is Alex, but it's probably Alex

As always, you can find the podcast here: http://sfspodcast.libsyn.com/rss

And if you have any feedback, drop us a comment or find us at

@SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_69.mp3
Category:podcasts -- posted at: 8:38pm EDT

Martin gets a super opportunity to talk with Alex Hutton (Yes, *THE* Alex Hutton) about what it takes to work towards implementing a risk based information security program.

Direct download: SFS_Podcast_-_Episode_68.mp3
Category:podcasts -- posted at: 9:05pm EDT

Martin, Steve, and Joseph gather to discuss the recent breach of STRATFOR passwords and the overall value of complex passwords in the age of easy to obtain high quality cracking tools.

Direct download: SFS_Podcast_-_Episode_67.mp3
Category:podcasts -- posted at: 8:31pm EDT