The Southern Fried Security Podcast
Join Andy Willingham, Martin Fisher,Steve Ragan, Yvette Johnson, and Joseph Sokoly as they discuss information security, news, and interview interesting people. Get in the discussion at www.southernfriedsecurity.com.

Well, we close out 2013 doing a fantastic interview with Mark Horstman of the Manager Tools podcast (www.manager-tools.com).  We highly recommend these folks to anyone who wants to learn effective ways of doing what managers are supposed to do.

Also - we'll be on hiatus until sometime in February 2014.

We wish you and yours a very Merry Christmas and a Blessed New Year.

Direct download: SFS_Podcast_-_Episode_120.mp3
Category:podcasts -- posted at: 8:23pm EDT

Episode 119 - All PCI All The Time

For the first time in a long, long time, the whole crew was back together, plus one! Branden Williams joined us while out on the road to discuss his opinions and answer questions about the new PCI DSS 3.0.

https://www.brandenwilliams.com/blog/2013/11/08/pci-dss-3-0-the-good-the-bad-the-confusing/

Direct download: SFS_Podcast_-_Episode_119.mp3
Category:podcasts -- posted at: 5:12pm EDT

Martin got the chance to interview Jennifer Minella (@JJX) to talk about her candidacy for the Board of Directors of (ISC)2, the challenges and opportunities that (ISC)2 has, and her drive to get a slate of write-in candidates elected.

http://securityuncorked.com/2013/11/jjs-complete-unofficial-isc2-voter-guidebook/

Direct download: SFS_Podcast_-_Episode_118.mp3
Category:podcasts -- posted at: 4:40pm EDT

Episode 117 – End Times

 

The end is coming when the podcast is put out 2 weeks in a row AND Andy Willingham is on…  J

 

Martin, Andy, and Yvette wax philosophic on these stories…

 

Automated Hacking Tools….94% of all web login attempts?

 

http://www.networkworld.com/news/2013/110713-automated-hacking-tools-swarm-web-275723.html

 

Also, as promised, here are the slides Matt Bing of Arbor Networks ASERT used during his talk on Fort Disco at this years University of Michigan SUMIT conference.  It was a GREAT talk.

 

http://safecomputing.umich.edu/events/sumit13/docs/Bing_FortDisco_SUMIT2013b.pdf

 

 

Can the new HIPAA rule cut down on ePHI breaches?  Ummmm….no?

 

http://www.networkworld.com/news/2013/110813-can-the-new-hipaa-rule-275790.html

 

 

And, finally, just realize leadership isn’t about you.  It’s about helping people solve their problems.’’

 

http://www.npr.org/2013/11/11/230841224/lessons-in-leadership-its-not-about-you-its-about-them

 

 

 

Direct download: SFS_Podcast_-_Episode_117.mp3
Category:podcasts -- posted at: 8:35pm EDT

Episode 116.5 - The NSA Ain't Gonna Stop Us

This week, Andy rejoined the gang! Alongside Martin, Joseph, and Yvette, they tackled Blackberry, enterprise defense, and turf battles:

http://www.nbcnews.com/business/blackberry-abandons-sale-plan-replaces-ceo-report-says-8C11519748

http://www.tuaw.com/2013/10/22/blackberry-announces-5-million-downloads-of-bbm-for-ios-and-andr/

http://www.csoonline.com/article/742317/the-emerging-turf-battle-between-information-and-physical-security-pros

http://www.csoonline.com/article/742486/enterprise-defenses-lag-despite-rising-cybersecurity-awareness

As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter
Direct download: SFS_Podcast_-_Episode_116.5.mp3
Category:podcasts -- posted at: 8:22pm EDT

Martin and Yvette discuss "I am the Cavalry" and other interesting ideas with Josh Corman (@joshcorman) and Nick Percoco (@c7five).

Direct download: SFS_Podcast_-_Episode_115.mp3
Category:podcasts -- posted at: 8:58pm EDT

Tonight Martin, Joseph, Yvette, and Steve hit a couple of stories.

First, we talked about the shutdown of the Silk Road, and the arrest of the Dread Pirate Roberts:
http://www1.icsi.berkeley.edu/~nweaver/UlbrichtCriminalComplaint.pdf

Then, cybersecurity is an occupation, but not a profession?
http://www.fiercegovernmentit.com/story/cybersecurity-occupation-not-profession-says-report/2013-09-18

http://www.csoonline.com/article/740456/cybersecurity-should-be-seen-as-an-occupation-not-a-profession-report-says

As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter
Direct download: SFS_Podcast_-_Episode_114.mp3
Category:podcasts -- posted at: 8:23pm EDT

This evening, Martin turned over the keys to the kingdom and let Joseph run the podcast tonight. So Martin, Steve and Joseph got into the nitty gritty about how useful security awareness training really is:

http://www.csoonline.com/article/739753/social-engineering-and-phishing-attacks-are-getting-smarter-but-are-employers-

And of course, we had to talk about the new iPhone 5S and its crazy fingerprint sensor:

http://www.macworld.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html

As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter
Direct download: SFS_Podcast_-_Episode_113.mp3
Category:podcasts -- posted at: 8:13pm EDT

Episode 111 - Summer Blockbusters

This evening, Martin, Steve, Yvette, and Joseph discussed some of their blockbusters of the summer.

As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter
Direct download: SFS_Podcast_-_Episode_111.mp3
Category:podcasts -- posted at: 8:52pm EDT

This evening, we had a special guest interview: good friend of the podcast Nick Selby. He joined us to talk about a project that he is involved with called Code for America. If you're interested in more about Code for America, you can find more information here: http://codeforamerica.org/

We also briefly discussed the unfortunate passing of Barnaby Jack. Our hearts and prayers go out to the friends and family of Jack.

http://techland.time.com/2013/07/29/barnaby-jack-hacker-who-made-atms-spit-out-cash-dies-in-california/?iid=tl-main-lead

As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com
If you’d like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: Episode_110_-_Sheepdogs.mp3
Category:podcasts -- posted at: 8:46pm EDT

Andy, Joseph, and Yvette can't make it this time so Martin and Steve talk about the recent announcement that Feds should stay away from DefCon.

Oh, and Steve just joined CSO as a Staff Writer.  Here's his first byline:

http://www.csoonline.com/article/736383/sony-drops-psn-breach-appeal-after-risk-assessment

Direct download: Episode_109_-_No_Feds.mp3
Category:podcasts -- posted at: 7:58pm EDT

This evening Martin, Andy, Steve, and Joseph had a special guest on board: Nick Selby. Nick joined us to continue our discourse relating to the show last week, the NSA leak and Edward Snowden.

Once we beat that horse enough, we switched gears a bit to a discussion of a recent Bloomberg article discussing consultants with loose lips.

http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html

As always, you can find the direct link to the podcast here:http://sfspodcast.libsyn.com
If you'd like to subscribe, you can find the RSS feed here: http://sfspodcast.libsyn.com/rss or on iTunes.
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_108.mp3
Category:podcasts -- posted at: 8:57pm EDT

Martin, Steve, and Joseph try hard to find a topic to talk about and settle on the NSA/PRISM issues that have dominated the Echo Chamber for the last several weeks.

Direct download: SFS_Podcast_-_Episode_107.mp3
Category:podcasts -- posted at: 8:24pm EDT

Episode 106 - Shazam!!

Tonight, Martin, Andy, and Joseph hit some fun topics and some more serious ones as well.

First, could your phone be hacked via lights, sound, or magnets?!

http://www.theregister.co.uk/2013/05/28/light_sound_magnetic_malware_hidden_trigger/

Then, the French Police suggest replacing their missing person searches with Facebook:

http://www.networkworld.com/news/2013/052313-french-police-end-missing-persons-270071.html

On a more serious note, the US Department of Health and Human Services fined Idaho Statue University for a breach:

http://www.networkworld.com/news/2013/053013-university-fined-400000-after-disabled-270285.html

And finally, are IT pros masochists, suffering from Stockholm Syndrome, or both? 

http://www.cio.com.au/article/462571/despite_poor_work-life_balance_it_pros_like_their_jobs_survey/

If you're looking for something to do this weekend, make sure you head over to BSides Charlotte, where our own Martin Fisher will be speaking about halos or something. 

http://bsidesclt.org/

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_106.mp3
Category:podcasts -- posted at: 8:35pm EDT

Martin and Steve discuss the DHS plan to distribute cybersecurity (DRINK!) data through a small set of trusted defense/telecom vendors....who might end up charging users for the data...

Here are some story links:

http://www.networkworld.com/cgi-bin/mailto/x.cgi?pagetosend=/news/2013/051713-experts-ding-dhs-vulnerability-sharing-269889.html&pagename=/news/2013/051713-experts-ding-dhs-vulnerability-sharing-269889.html&pageurl=http://www.networkworld.com/news/2013/051713-experts-ding-dhs-vulnerability-sharing-269889.html&site=security&nsdr=n

http://mobile.reuters.com/article/article/idUSBRE94E11B20130515?irpc=932

And if you are anywhere near Charlotte on June 7 & 8 you need to attend BsidesCLT!

http://bsidesclt.org/

Direct download: SFS_Podcast_-_Episode_105.mp3
Category:podcasts -- posted at: 8:55pm EDT

Tonight Martin, Steve, and Joseph discussed one of Steve's recent experiences with open source products and services in a business environment.

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_104.mp3
Category:podcasts -- posted at: 8:23pm EDT

Three stories get the Southern Fried treatment from Martin, Andy, and Yvette.

Moving from "checkbox compliance" to "GRC"..... Good idea.

http://www.darkreading.com/compliance/can-we-cease-check-box-compliance/240153220

The Washington Post wants government action on all things "cyber".....  Maybe a Good Idea, Maybe a Bad Idea

http://www.washingtonpost.com/opinions/government-private-sector-must-team-up-to-fight-cyberthreats/2013/04/21/0b3b80fc-a913-11e2-a8e2-5b98cb59187f_story.html#

First thing you do when you've been breached?  Advise your customers!  A very, very Bad Idea.

http://www.infosecisland.com/blogview/23092-Into-the-Breach.html

Remember you can always follow our feed at @SFSPodcast or see our website at www.southernfriedsecurity.com

Direct download: SFS_Podcast_-_Episode_103.mp3
Category:podcasts -- posted at: 8:27pm EDT

This week was another deep dive topic for Martin, Steve, and Joseph. We chose to tackle some of the opinions on the oft-discussed topic of security awareness. Here are a couple of articles that we used to kind of establish a baseline:

http://www.schneier.com/blog/archives/2013/03/security_awaren_1.html

http://searchsecurity.techtarget.com/news/2240162630/Data-supports-need-for-awareness-training-despite-naysayers

http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness

Take a listen, let us know your thoughts!

As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Direct download: SFS_Podcast_-_Episode_102.mp3
Category:podcasts -- posted at: 8:28pm EDT

With Andy, Joseph, and Yvette not able to make it Martin and Steve take a deeper dive into the events around Weev....what does this mean for our community, what can we learn....

Direct download: Episode_101_-_Weev.mp3
Category:podcasts -- posted at: 8:43pm EDT

Here's a quick look behind the scenes here at Southern Fried...  Our Episode 100 Run Sheet...

SFS Podcast Ep100 Run List

 

Open1            -           Jack Daniel Opener

Open2                        -           New Theme

 

Martin Intro & Welcome

 

<Random Discussion>

 

Andy’s Favorite Interview:  Jack Daniel

 

Interview Clip of Jack and the 10 Questions

 

Andy’s Favorite Moment:  Ep9 – Crossing the Streams

 

Ep9 Clip –

 

Andy’s Favorite Show: Offensive Security: Pros and Cons w/ Paul and John Strand (43)

 

Andy – What has changed most in the industry since the start of the podcast?

 

<COMMERCIAL BREAK>

 

Bumper1        -           Liquid Matrix Bumper

Bumper2        -           Bella Security Justice Bumper

 

Steve’s Favorite Interview: ?????

 

Steve’s Favorite Show:   Ep17 – Steve in the Cage

 

Show Clip – Steve in the Cage

 

Steve – What has changed the most on the podcast since we started?

 

Joseph’s Favorite Interview:

 

Joseph’s Favorite Show:   Red Firewall…

 

Joseph – What’s the podcast done/meant for you?

 

<COMMERICAL BREAK>

 

Bumper 1       -           Becky Exotic Liability

Bumper 2       -           Dueling Banjo – Short

 

Yvette’s Favorite Interview

Yvette’s Favorite Show:  Manvirtex (Ep97)

 

Yvette:  As the FNG – how’s it been going?

 

Martin’s Favorite Interview – Shrdlu Ep2

Martin’s Favorite Show - ????

 

Discussion:  What’s changed the most in the world of enterprise infosec since we launched in January of 2010?

 

<Random Discussion & Final Thoughts>

 

Close out

 

Clip 1 – Old bumper plus Hoff’s Security Rock Star

 

Direct download: SFS_Podcast_-_Episode_100.mp3
Category:podcasts -- posted at: 9:27pm EDT

Episode 99: Making a Point or Making a Difference?

In our last episode before the big 100, Martin, Andy, and Joseph tackled one of the bigger stories recently, the Mandiant Report on "APT1":

http://intelreport.mandiant.com/

That segued nicely into a recent article on Threatpost about "Avoiding Attack Attribution Distraction":

http://threatpost.com/en_us/blogs/avoid-attack-attribution-distraction-022113

We wrapped up the night with a discussion of some of the more common failures that risk and security officers make:

http://blogs.gartner.com/paul-proctor/2013/02/24/risk-and-security-officer-failures/

Be sure to tune in next time for episode 100!

Direct download: SFS_Podcast_-_Episode_99.mp3
Category:podcasts -- posted at: 8:34pm EDT

Martin, Andy, and Steve get together and, after a brief reflection about ShmooCon, talk about...

13 IT Security Myths and some ranting about Richard Stiennon...

http://m.networkworld.com/news/2013/021514-security-myths-266773.html?page=1

Are we investing the the wrong tech....or is this just another vendor survey?

http://m.networkworld.com/news/2013/021313-security-pros-say-their-companies-266702.html

A new Presidential CyberSecurity Directive....will it change anything?

http://www.zdnet.com/obamas-cybersecurity-executive-order-what-you-need-to-know-7000011221/

As always you can follow the podcast as @SFSPodcast!

Direct download: SFS_Podcast_-_Episode_98.mp3
Category:podcasts -- posted at: 8:24pm EDT

Martin, Andy, and Yvette get together and discuss a little bit about these stories:

The Three Worst Words in the English Language....

http://www.darkreading.com/identity-and-access-management/blog/240147002/the-three-worst-words-in-the-english-language-can-t-we-just.html

Friend Of The Podcast Nick Selby of the Police Led Intelligence podcast rips Symantec a new one regarding how they treated the New York Times following the recent breach of the Times....

http://policeledintelligence.com/2013/02/04/we-dont-got-your-back-we-got-your-money/

And, finally, another Friend Of The Podcast, Wendy Nather, gives us a great training plan for RSA.  Yvette and Martin are *so* in on this training plan!

http://www.infosecisland.com/blogview/22902-Training-for-RSAC.html

Direct download: SFS_Podcast_-_Episode_97.mp3
Category:podcasts -- posted at: 8:30pm EDT

Andy and Martin get together to riff on Facebook Graph, Change Management, and 2013 predictions.

Direct download: SFS_Podcast_-_Episode_96.mp3
Category:podcasts -- posted at: 8:25pm EDT

Martin, Steve, and Joseph have the pleasure of talking with Gene Kim and Josh Corman about Gene's new book "The Phoenix Project".

You Need This Book!

http://itrevolution.com/books/phoenix-project-devops-novel/

Stay tuned for the fun announcements coming up for Episode 100!

Direct download: SFS_Podcast_-_Episode_95.mp3
Category:podcasts -- posted at: 7:23pm EDT