The Southern Fried Security Podcast-logo

The Southern Fried Security Podcast

Technology Podcasts >

Join Andy Willingham, Martin Fisher, and Steve Ragan as they discuss information security, news, and interview interesting folks. They focus on the operational and leadership aspects of information security using a distinctly southern viewpoint.

Join Andy Willingham, Martin Fisher, and Steve Ragan as they discuss information security, news, and interview interesting folks. They focus on the operational and leadership aspects of information security using a distinctly southern viewpoint.
More Information

Location:

United States

Description:

Join Andy Willingham, Martin Fisher, and Steve Ragan as they discuss information security, news, and interview interesting folks. They focus on the operational and leadership aspects of information security using a distinctly southern viewpoint.

Language:

English


Episodes

Episode 207 - On the Front Porch with Yvette and Brandon

8/31/2018
More
It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released. "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here: https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.

Duration:00:34:56

Episode 206 - The Front Porch w/@wendynather @securityincite @jwgoerlich

6/24/2018
More
Episode 206 - The Front Porch…. Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security. In this inaugural episode you get to listen to dinner conversation between Wendy Nather, Mike Rothman, Wolfgang Goerlich, and Martin Fisher that happened in Atlanta at the Atlas Restaurant. We cover a lot of topics that I’m sure you’ll find interesting. And, for the record, the...

Duration:01:14:40

Episode 205 - LIve from BSides Atlanta!

5/8/2018
More
We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event. It was a great time and we hope to be there again next year.

Duration:00:59:54

Episode 204 - Evaluating Your Security Program: Communications Plan

3/12/2018
More
Episode 204 - Evaluating Your Security Program: Communications Plan Why Evaluate Your ProgramPart of annual policy reviewIf you don’t evaluate you will never improveContinual review will help protect your budgetAwareness and Education is how most people in your org know the programThreat Mapping maps the outside threats to your inside controls & techCommunications is that final turn from the inside outStart At The Outside and Move Your Way InIf Education & Awareness are how the...

Duration:00:42:29

Episode 203 - Evaluating Your Security Program: Threat Mapping

2/12/2018
More
Show Notes Episode 203 - Evaluating Your Security Program: Threat Mapping Why Evaluate Your ProgramPart of annual policy reviewIf you don’t evaluate you will never improveContinual review will help protect your budgetAwareness and Education is how most people in your org know the programThreat Mapping maps the outside threats to your inside controls & techCommunications is that final turn from the inside outStart At The Outside and Move Your Way InHow is this different from threat...

Duration:00:33:31

Episode 202: -Evaluating Your Security Program : Awareness & Education

1/29/2018
More
Episode 202 - Evaluating Your Security Program: Awareness & Education Why Evaluate Your ProgramPart of annual policy reviewIf you don’t evaluate you will never improveContinual review will help protect your budgetAwareness and Education is how most people in your org know the programThreat Mapping maps the outside threats to your inside controls & techCommunications is that final turn from the inside outStart At The Outside and Move Your Way InWhat do you think you do?Mandatory...

Duration:00:46:56

Episode 201 - Celebration

10/11/2017
More
We're going to use this episode to allow the cast to talk about reaching 200 episodes and you'll hear what *really* happened on the Lost Episode. We will be back in 2018 with more episodes. Until then be well and stay secure!

Duration:00:27:50

Episode 200 - Building a Security Strategy - Part III

9/12/2017
More
Episode 200 - Building A Security Strategy - Part III RecapStrategy vs PolicyUnderstand the business of your BusinessKnow who your stakeholders really areCapability = (Tech + Service) * ProcessCrawl, Walk, RunIt Takes A VillageThe Question is “How do I make one?”TechTech, by itself, only consumes electricity and turns cool air into warm airSo many choices….The tech selection is the *least* critical one for developing a capability...

Duration:00:26:13

Episode 199 - Building a Security Strategy - Part II

8/9/2017
More
Episode 199 - Building A Security Strategy - Part II RecapStrategy vs PolicyUnderstand the business of your BusinessKnow who your stakeholders really areCapability = (Tech + Service) * ProcessCrawl, Walk, RunIt Takes A VillageThe Question is “How do I make one?”Almost no business is in the business of information securityFollow The MoneyUnderstand The Decisioning Process“Culture Eats Strategy For Breakfast”Vocabulary MattersUnderstand the Business of Your BusinessKnow the Formal and...

Duration:00:28:04

Episode 198 - Building a Security Strategy Part 1

6/23/2017
More
Episode 198 – Building a Security Strategy – Part 1 Strategy is the hardest thing a CISO will do in their career...except if they have to explain a massive breach… What is a Strategy?What’s the difference between a strategy and a policy?A policy is binding statementsA strategy is thought out planningA list of tech you want to buyA remediation plan that follows an audit/assessmentA continued justification for the way you’ve always done thingsThe stuff your favorite vendor told you...

Duration:00:25:38

Episode 197 - After the Penetration Test

6/7/2017
More
Episode 197 - After the Penetration Test We've kind of talked about how to choose your vendors, and we’ll get more into services soon, but we wanted to take some time to talk about penetration tests and especially what to do as they wrap up, how they affect the organization, and how you can manage your penetration tests to make sure they're actually effective. Receiving the reportFirst and foremost, you are the customer. The report is not done until you say it is done.That doesn't mean...

Duration:00:26:42

Episode 196 - WannaCry: Woulda, Coulda, Shoulda

5/24/2017
More
SFS Podcast - Episode 196 Wannacry: Woulda, Coulda, Shoulda First and foremost: Why was medical hit so hard by WannaCry? See Episode 189 - Medical Device Security and Risky Business 455 - https://risky.biz/RB455/ The Lead-UpThreat Intelligence is A ThingThreat Intelligence is HardThreat Intelligence Feeds are [REDACTED] for many/mostDoStay CalmYou have finite human resourcesYou have finite timePrioritize Your ResponsesEpisode 192 - Security WasteKnow what all your tools can do and be...

Duration:00:29:39

Episode 195 - Annual Policy Review - Making it Worthwhile

5/10/2017
More
Episode 195 - Annual Policy Review - Making It Worthwhile Define policy vs. standards vs. proceduresWhat is a Policy?It is a guiding principle to set the direction of an organization. High level, governing, statements. Do not include technical details.Example: Policy statement = Users must authenticate with a unique ID and passwordStandard: User passwords must be: # of characters, include one uppercase letter, one special character, be at least 10 characters in length. This type of...

Duration:00:34:53

Episode 194 - Evaluating Security Product Vendors

4/26/2017
More
Evaluating Security Product Vendors In light of recent news about “Vendors Behaving Badly” we want to talk about how a security professional should evaluate vendors and their products. Recent News: Tanium exposed hospital’s IT while using its network in sales demos: https://arstechnica.com/security/2017/04/security-vendor-uses-hospitals-network-for-unauthorized-sales-demos/ Lawyers, malware, and money: The antivirus market’s nasty fight over Cylance: ...

Duration:00:24:46

Episode 193 - Chief Information Security Oh-Crap

4/13/2017
More
Tonight's episode is all about those learning moments. CISOs and security orgs find new and interesting way to screw up all the time. Leaving that Any-Any rule in place on the new firewall… Disabling the CEOs account by accident… Not realizing that Shadow IT had just installed a new egress point… Here are our stories. The name have been changed to protect the culpable.

Duration:00:26:51

Episode 192 - Security Waste

3/15/2017
More
Today's Topic: Security Waste - Buying new tools without maximizing use of current tool set It’s not just a security problem but we often add to our arsenal without fully (or even mostly) utilizing the tools that we do have. Problems associated with this are: Have more complexity in your environmentNeeding more staff or requiring current staff to stretch themselves thin to support differing toolsIncreased cost (capital, operational, support)Information overload - even with a SIEM more...

Duration:00:27:49

Episode 191 - Gone Phishin'

3/1/2017
More
The Southern Fried Security Podcast - Episode 191 - Gone Phishin’ Phishing your employees - Does it make them aware or do they feel mistrusted? Intro - Phishing - what is it typically?Example - Emails from a Prince in Nigeria, phished on Match.com, etcWhat is it? An email designed to get employees to click on suspicious links or give their credentialsDiscuss what I designed as part of my phishing campaign - Partnered with trusted vendorDesigned an email, google doc, supplied AD user...

Duration:00:29:52

Episode 190 - Burnout

2/14/2017
More
Episode 190 - Burnout IntroWhy the topic of burnout?Because it affects all of us, and yet it’s not talked about much in this fieldDisclaimer: We am not a doctor. Or a psychiatrist or psychologist. Nor did we stay in a holiday inn express...Reason for sabbaticalMartin’s storyPersonal ConnectionSymptoms may mirror depression“The Creeping Malaise”WeightPanic Attacks, etcIsolation - even while in a crowdPhysical symptomsIt’s been around for a long time. http://www.secburnout.org/&...

Duration:00:31:10

Episode 189 - Bonus Track

2/8/2017
More
In this inaugural bonus track we release the interview we did with Nick Selby (@nselby) on his experience validating the work of MedSec on St. Medical devices.

Duration:00:33:40

Episode 189 - Medical Device Security

1/31/2017
More
SFS Podcast Episode: 189 Medical Device Security IntroHospital devices (infusion pumps, CT, MRI, etc)Personal devices (pacemaker, insulin pumps, etc)Medical Devices are a broad categoryDiscussion of Sentinel Events...This has some of the same threat landscape as the IoVCT, but the consequences can be much more serious.Lead times for device approvalFixed configurations / FDA complianceWorking life of devices“Well just replace them all!” Cost of devices (esp for small/struggling...

Duration:00:31:39