The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at

Well, if the Mayans got it right this is gonna be the final episode of our three year run....but we're not holding our breath.

Andy and Martin talk about the Top 5 Stories of 2012 and share what they think 2013 will be "The Year of"...

Be sure to join Martin at Shmoocon in February for his talk on Bringing The Sexy Back to Defense In Depth...

Direct download: SFS_Podcast_-_Episode_94.mp3
Category:podcasts -- posted at: 8:55pm EST

Join Martin, James (@myrcurial) Arlen, and Alex (@alexhutton) Hutton as they record the final microcast from SecZone 2012....

We promise that no hackers or podcasters were injured during the recording of this podcast.

Direct download: Microcast_3_from_SecZone.mp3
Category:microcasts -- posted at: 4:13pm EST

Martin takes a few minutes to talk to Andy Ellis (known better to some as @csoandy), Chief Security Officer for Akamai and James Arlen (@myrcurial) to talk about their presentations coming up at SecZone 2012.  There's also a brief discussion of how the "Cabana Track" is working out here.

Direct download: SFS_Podcast_-_Cali_Microcast_2.mp3
Category:microcasts -- posted at: 7:13pm EST

Welcome to Cali!

Martin is attending and speaking at SecZone 2012 in Cali, Colombia this week.  In this first microcast we talk with Ed Rojas who is the organizer, chief host, and Main Man of SecZone.

The audio quality is not quite what we'd like it to be...we'll try to find quieter locations for future microcasts.

Direct download: SFS_Podcast_-_SecZone_Microcast_1.mp3
Category:microcasts -- posted at: 7:25am EST

This evening, Martin, Steve, Andy, and Joseph Tackled some stuff that just makes you say “duh.”

Starting off, we talked about the exciting Macy’s Thanksgiving Day Ticker Tape Parade, which unleashed confidential data upon unsuspecting parade watchers:,0,4718007.story

We went straight from there to a sticky topic that’s been making the rounds lately about AT&T:

To lighten the mood, we talked about some of Facebook’s recent decisions and how it’s affecting the greater Facebook population:

We also talked about good friend of the podcast Wendy Nather’s article on Threat Intelligence Hype:

And as a reference for those of you interested in the incident response report for South Carolina that we discusses a few weeks back, that’s available for public viewing now:

As always, you can find the podcast here or on iTunes:
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_93.mp3
Category:podcasts -- posted at: 8:41pm EST

Martin, Andy, and Steve get together to talk about....

3 Ways (with 2 of them being decent and one a complete FAIL) To Get Execs to Listen About Risk....  (Summary: There is no ROI for Security....)

A typical article on Anon....with some good comments from Steve on OpVendetta

3 smart people and one chucklehead talk to George V. Hulme about BCP/DR when you are using The Cloud

Direct download: SFS_Podcast_-_Episode_92.mp3
Category:podcasts -- posted at: 8:54pm EST

For the first time in who knows how long, we had the whole crew on the show this evening, and we hit some really fun stories.

First, there are a few upcoming InfoSec events that you might want to be aware of. First, BSidesDFW is this upcoming weekend, November the 3rd: 

Next weekend are three different BSides events, BSidesDelaware, Portland, and Jackson:

Then we jumped into our first story for the evening, the recent breach in South Carolina:

Once our heads stopped spinning from some of those quotes, we went into a pretty cool, old style hack that Barnes and Noble recently disclosed:

From those, we transitioned into a discussion on Incident Response:

As well as Mike Rothman's great article on security tradeoffs:

After our MAD Security Minute for the week, we wrapped up with a discussion of IAM from Darkreading:

As always, you can find the podcast here or on iTunes:
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_91.mp3
Category:podcasts -- posted at: 9:26pm EST

Martin recorded an interview with Matt and Chris talking about an open source project sponsored by SecureState to bring a pragmatic and usable risk framework to "the masses".

You can get more information on iRisk at:

More MAD Security minutes coming starting next episode!

Direct download: SFS_Podcast_-_Episode_90.mp3
Category:podcasts -- posted at: 5:29pm EST

This evening we had a special guest, the always lovely @securityintern, along with our regular crowd of misfits.

We wasted no time jumping straight in to our stories tonight, led off by good friend of the podcast, Wendy Nather's story on When Monitoring becomes a liability:

We followed that up with an interesting article from Microsoft, discussing malware and software piracy:

And last but not least, we dove into an article the likes of which only comes around every now and then. An article so special and full of wisdom that we had to bring it up:

We close tonight with a brief interview with Martin's co-presenter at HouSecCon, Michelle Klinger.

As always, you can find the podcast here or on iTunes:
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_89.mp3
Category:podcasts -- posted at: 8:51pm EST

Martin got invited to speak (with the always fantastic Michelle Klinger) at HouSecCon 2012 (  We take a couple of minutes to talk with Michael Farnum (@m1a1vet) about the conference.

Direct download: HouSecCon_2012_MicroCast.mp3
Category:podcasts -- posted at: 2:53pm EST

Martin, Andy, Steve, and Yvette are together to talk about...

Hakin9 gets trolled...HARD.

City of Tulsa CiO - A Cautionary Tale

Anatomy of A Complete IT Failure and Meltdown

Word of Warcraft....Think Of The Avatars!

Of course we have our MAD Security Minute and information from Jamie Arlen on how you can help Doing It Right Security...

Ten IT Ops use cases that will make you cringe...because you've probably lived them.

Direct download: SFS_Podcast_-_Episode_88.mp3
Category:podcasts -- posted at: 9:19pm EST

Episode 87

Brought to by MAD Security and the support of viewers like you… 

This week, we started with our quick Moment of Shill, where we discussed the plethora of upcoming conferences:

DerbyCon - Sept 28-30
BruCon - Sept 26-27
HouSecCon - Oct 11
BSidesDFW - Nov 3
BSidesATL - Oct 19
BSides - Jackson - Nov 10
SecZone - Cali, Colombia - Dec 3-7

For our stories this evening, we dove straight in to the hullabaloo surrounding this most recent Internet Explorer patch:

We also tackled Sophos' joining of the big boys and their recent challenges with false positive signatures:

And, finally, some great career building advice from Javvad and SpaceRogue

As always, you can find the podcast here or on iTunes:
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_87.mp3
Category:podcasts -- posted at: 8:51pm EST

Go to for complete show notes!

Direct download: SFS_Podcast_-_Episode_86.mp3
Category:podcasts -- posted at: 7:20pm EST

Martin, Steve, Joseph, and Yvette gather for a quick discussion of a few news articles and we learn about Hacker Academy.  We also learn that Joseph and Skype don't mix and that while you can get 3 of us in the same city it doesn't mean we're going to meet up to record.

Direct download: SFS_Podcast_-_Episode_85.mp3
Category:podcasts -- posted at: 7:28pm EST

This week, we have an exciting new announcement: MAD Security has come on as our first official sponsor, and we're glad to work with them. We're really excited about all the work that they do with the community, and you'll hear more content from them with us in the coming weeks.

For our stories tonight, Martin, Yvette, and Joseph reminisced a bit about their experiences in Vegas, then got right down to Dave Shackleford's article in response to Dave Aitel's article about security awareness:

Then, to close things out, talked a bit about Iran and their  recent announcement that they will be separating themselves away from the rest of the Internet:

As always, you can find the podcast here or on iTunes:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.

Direct download: SFS_Podcast_-_Episode_84.mp3
Category:podcasts -- posted at: 9:00pm EST

We talk with Jennifer Jabbusch-Minella about Black Hat, BSides Las Vegas, and DefCon from the Barracuda Cabana at the Artisan Hotel during BSides Las Vegas....

Direct download: Las_Vegas_Microcast_5.mp3
Category:podcasts -- posted at: 7:33pm EST

We're at four installments of discussions with speakers and other folks at BSides Las Vegas.  Recorded live in the Barracuda Cabana located poolside at the Artisan Hotel...

Direct download: SFS_Podcast_Microcast_4.mp3
Category:podcasts -- posted at: 7:11pm EST

The third installment of talks with speakers and attendees at BSides Las Vegas.  Recorded poolside in the Barracuda cabana at the Artisan Hotel.

Direct download: SFS_Podcast_Microcast_3.mp3
Category:podcasts -- posted at: 5:25pm EST

Yet another quick conversation at the Barracuda Cabana poolside at the Artisan during BSides Las Vegas...

Direct download: SFS_Podcast_-_Las_Vegas_Microcast_2.mp3
Category:podcasts -- posted at: 4:38pm EST

Recorded live at the Barracuda Cabana poolside at BSides Las Vegas we bring you short chats with speakers and attendees at this years premiere un-conference....

Direct download: SFS_Podcast_-_Las_Vegas_Microcast_1.mp3
Category:podcasts -- posted at: 3:30pm EST

This episode was a momentous occasion, as all five members of the podcast were in the same place, and we wasted no time in getting into some of the fun stories that have popped up in the past few weeks.

First, Cisco and their great Cloud debacle:

Then, we get into a lively discussion of PCI and the FBI’s recent credit card ring bust:

And finally, on a lighter note, a suburb of Chicago deals with what may or may not be hackers, which is where we get our picture for this episode:,0,1739228.story

As always, you can find the podcast here or on iTunes:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. And come out and say hi to us in Vegas during BH/DC/BSidesLV

Direct download: SFS_Podcast_-_Episode_82.mp3
Category:podcasts -- posted at: 8:53pm EST

Dwayne and Cindy from Tripwire join Martin to discuss the latest Ponemon Institute study underwritten by TripWire which analyzes some important questions about how Risk Based Programs are faring.

While it's not the Ne Plus Ultra of reports and, to be fair, we have somewhat lampooned Ponemon in the past it is a decent start on seeing how Risk Based Ideology is impacting programs around the world.

The report itself can be found at

See you next time!

Direct download: SFS_Podcast_-_Episode_81.mp3
Category:podcasts -- posted at: 8:09pm EST

Episode 80 – Winners and Losers

Tonight, Martin, Steve, and Joseph announce the first winner of the Southern Fried Security Elevator Pitch contest: Evan Keiser! Congrats! We still have 3 BSidesLasVegas tickets to give out, so make sure you send in your entries.

We also discussed a few stories tonight.

First, we talked about Adobe, and their recent dealings with patching their flagship CS5 product:

Then, we talked about the newly proposed .secure TLD, and some of those ramifications:

And lastly, we talk about a fantastic article about how to identify the real threats to your organization from DarkReading:

As always, you can find the podcast here or on iTunes:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. And don’t forget to submit your entries to

Direct download: SFS_Podcast_-_Episode_80.mp3
Category:podcasts -- posted at: 8:29pm EST

Fresh from SOURCE Boston Josh, Bob, and Martin pick up a discussion that started at the conference...

We hope you enjoy!

Direct download: SFS_Podcast_-_Episode_78.mp3
Category:podcasts -- posted at: 7:03pm EST

Martin and Yvette take a quick look at some news from this week, review SOURCE Boston (awesome con, by the way), and give major props to BSides Chicago...

The Stories:

VMWare Source Code Doxed...but don't worry.

Who's protecting your critical infrastructure?  Why Neo and Trinity are, dude!

Review of an awesome talk given at SOURCE Boston about making Blue Teams better...

The Shout Outs:

SOURCE Boston - you should go.  Really.  It's awesome.

BSides Chicago....ya done good, folks.

Remember to send your contest entries to!

Direct download: SFS_Podcast_-_Episode_77.mp3
Category:podcasts -- posted at: 8:25pm EST

Andy Willingham makes his triumphant return to the Southern Fried Security Podcast after his sabbatical.

We're also joined by friend-of-the-podcast Jamie Arlen AKA @myrcurial to talk about these stories...

Mac Malware: Sign of the End Times?

The Chinese done did the Cyber-APT!

Monitoring, without responding, is simply Log Aggregation.

As mentioned you can win one or more BSides-Las Vegas passes by answering, in 200 words or less, what you would say to your CEO if asked "What does your department do and what should we invest in to make things better?"

Send your entry to!

Direct download: SFS_Podcast_-_Episode_76.mp3
Category:podcasts -- posted at: 8:39pm EST

This evening, the gang is all here! Martin, Joseph, Steve, and Yvette all jump on to talk about some new and exciting breach type stories.

First, we talked about our first credit card payment processor breach since Heartland, Global Payment Systems.

And if we're talking breaches, we had to talk about this year's Verizon DBIR:

As always, you can find the podcast here or on iTunes:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_75.mp3
Category:podcasts -- posted at: 9:16pm EST

Martin and Steve are joined by Michelle Klinger to talk about stories as well as the talk Martin and she are giving at SOURCE Boston...

The Stories...

An Anonymous OS...

Microsoft exploit code gets released...and could go after millions of machines

The FBI can't unlock an Android phone....Oh, dear.

As always you can follow the podcast twitter feed at @SFSPodcast...

Direct download: SFS_Podcast_-_Episode_74.mp3
Category:podcasts -- posted at: 6:06pm EST

Tonight, it's just Martin and Joseph, and they're hitting some of the breaking news of the evening. First, they talk about the Security Bloggers Meetup from RSA, and props to all the winners and nominees:

Then, we get in to the real meat of the show tonight: Sabu and the FBI arrests:

To close out, we brought up some fun news for this summer: BSidesLasVegas2012 is offering mentorship for those who want to break in to the security speaking "circuit". Check that out here:

As always, you can find the podcast here or on iTunes:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_73.mp3
Category:podcasts -- posted at: 8:47pm EST

Tonight, we announce ourselves a new member: Yvette Johnson! (@jetsetyvette on twitter) She's going to bring a softer side to the podcast. So of course, we picked us two stories on opposite ends of the spectrum to get her started.

First, we had us a story of folks doing it right: Liquidmatrix. Read this entire article. Seriously. Now do it again. A fantastic article, we had nothing but good things to say about it.

On the very opposite end of the spectrum, an article from Forbes. A textbook example of FUD marketing. (For prior reading, check out this article for a little background: )

As always, you can find the podcast here or on iTunes:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_72.mp3
Category:podcasts -- posted at: 8:39pm EST

Tonight it's just Martin and Joseph, so we decided to hit some of the hard hitting topics of the last week:

First, we talk about a fantastic article from Dark Reading about "Do you need a Security Operations Center":

Then, we get warmed up for our rants of the evening with Steve's article about the VeriSign disclosures, or lack thereof:

And finally, we get to a nigh-impenetrable blog post from Trustwave, talking about why they issued a Certificate Authority to a private organization:

We wrap up with a nice wrap-up of Shmoocon from Martin, and announcements about SOURCE Conference.

As always, you can find the podcast here:

And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_71.mp3
Category:podcasts -- posted at: 8:48pm EST

Nick Selby, of the Police Led Intelligence blog, takes some time from our future while he's in Singapore to talk with Martin about just converged security, incident response, APT (APT!!??), and who won the Super Bowl.

Direct download: SFS_Podcast_-_Episode_70.mp3
Category:podcasts -- posted at: 8:14pm EST

Episode 69 - Offensive Security Redux

Tonight Martin, Joseph, and Steve touch on some fun topics tonight,

revisiting some of our conversations from about this time last year in

Episode 43. Without further ado - our stories for the evening:

It's the breaches of the week!

And for the second half of our podcast, we discussed a return to

Offensive Security, thanks to this article by George Hulme:

And for your bonus image for the day, we may have dug up an image of

Alex Hutton during his college days:  

I'm not saying this is Alex, but it's probably Alex

As always, you can find the podcast here:

And if you have any feedback, drop us a comment or find us at

@SFSPodcast on twitter.

Direct download: SFS_Podcast_-_Episode_69.mp3
Category:podcasts -- posted at: 8:38pm EST

Martin gets a super opportunity to talk with Alex Hutton (Yes, *THE* Alex Hutton) about what it takes to work towards implementing a risk based information security program.

Direct download: SFS_Podcast_-_Episode_68.mp3
Category:podcasts -- posted at: 9:05pm EST

Martin, Steve, and Joseph gather to discuss the recent breach of STRATFOR passwords and the overall value of complex passwords in the age of easy to obtain high quality cracking tools.

Direct download: SFS_Podcast_-_Episode_67.mp3
Category:podcasts -- posted at: 8:31pm EST