The Southern Fried Security Podcast

It's been 9 years and over 210 different content items since we started this thing in January of 2010. As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content. We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to...

It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released. "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here: https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.

Episode 206 - The Front Porch…. Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security. In this inaugural episode you get to listen to dinner conversation between Wendy Nather, Mike Rothman, Wolfgang Goerlich, and Martin Fisher that happened in Atlanta at the Atlas Restaurant. We cover a lot of topics that I’m sure you’ll find interesting. And, for the record, the...

We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event. It was a great time and we hope to be there again next year.

Episode 204 - Evaluating Your Security Program: Communications Plan

Show Notes Episode 203 - Evaluating Your Security Program: Threat Mapping

Episode 202 - Evaluating Your Security Program: Awareness & Education

We're going to use this episode to allow the cast to talk about reaching 200 episodes and you'll hear what *really* happened on the Lost Episode. We will be back in 2018 with more episodes. Until then be well and stay secure!

Episode 200 - Building A Security Strategy - Part III http://www.southernfriedsecurity.com/episode-192-security-waste/

Episode 199 - Building A Security Strategy - Part II

Episode 198 – Building a Security Strategy – Part 1 Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach… In our next episodes we’ll break down each of the steps and talk more about strategy…

Episode 197 - After the Penetration Test We've kind of talked about how to choose your vendors, and we’ll get more into services soon, but we wanted to take some time to talk about penetration tests and especially what to do as they wrap up, how they affect the organization, and how you can manage your penetration tests to make sure they're actually effective.

SFS Podcast - Episode 196 Wannacry: Woulda, Coulda, Shoulda First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/

Episode 195 - Annual Policy Review - Making It Worthwhile More Notes

Evaluating Security Product Vendors In light of recent news about “Vendors Behaving Badly” we want to talk about how a security professional should evaluate vendors and their products. Recent News: Tanium exposed hospital’s IT while using its network in sales demos: https://arstechnica.com/security/2017/04/security-vendor-uses-hospitals-network-for-unauthorized-sales-demos/ Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance: ...

Tonight's episode is all about those learning moments. CISOs and security orgs find new and interesting way to screw up all the time. Leaving that Any-Any rule in place on the new firewall… Disabling the CEOs account by accident… Not realizing that Shadow IT had just installed a new egress point… Here are our stories. The name have been changed to protect the culpable.

Today's Topic: Security Waste - Buying new tools without maximizing use of current tool set It’s not just a security problem but we often add to our arsenal without fully (or even mostly) utilizing the tools that we do have. Problems associated with this are: How do we work through this when you’re not the decision maker? How do we work with our vendors to ensure that we are leveraging their tools without over dependence on one tool or vendor?

The Southern Fried Security Podcast - Episode 191 - Gone Phishin’ Phishing your employees - Does it make them aware or do they feel mistrusted?

Episode 190 - Burnout http://www.secburnout.org/ http://www.slideshare.net/secburnout/burnout-in-information-security http://www.newyorker.com/humor/daily-shouts/i-work-from-homehttp://theoatmeal.com/comics/running http://lisacongdon.com/blog/2016/12/on-burnout-and-the-slow-rebuilding/

In this inaugural bonus track we release the interview we did with Nick Selby (@nselby) on his experience validating the work of MedSec on St. Medical devices.