Donations

An article I read from CyberScoop on cybersecurity jobs in the face of the Federal Government shutdown gets my Irish up. This leads me into a diatribe on personal accountability, growing your human capital and taking action. I also want to give a shout out to Chris Spangle at We Are Libertarians for inviting me to a WAL dinner last week. It was a great time, great food with great people. I also want to give a shout out to Books Over Beer which is a new project I am working on with my two best friends Mike and Jonathon. You can catch us over on Facebook and our blog. Look out for our podcast to come out soon!

Episode 38 – SoundCloud

Links:
Books Over Beer – Facebook
Books Over Beer – Blog
We Are Libertarians

This week I discuss about how the U.S. Federal Government shutdown is affecting or at least what the perceived effect is having on cybersecurity. I raise the question do we really need US DHS or CISA to operate above a baseline capability? Is the ability or lack thereof to operate above a baseline really having a noticeable affect on the private sector or to the general public. I do believe this goes to show we need to be self reliant. This is also a perfect case for ISAOs.


Links:
Fox News Video
CISA Feeling the affects of the shutdown
Most NIST Employees Furloughed in Government Shutdown

Show Summary:

This week I take a look back at the Vault7 where the CIA lost a bit portion of hits hacking arsenal. I also discuss free speech and hate crime laws and finish up talking about the anniversary of net neutrality being overturned.

Introduction:

Welcome from the racing capital of the world Speedway, IN, my name is Nick Sturgeon host and show creator. I am so very glad you are here with me this week as I am bringing you episode #34

I do want to thank our show sponsor Rofori Corp. for supporting this show it is because of their support and you guys listening to the show is a big part of why I am able to do this week in and week out.For those of you who are first time listeners thank you for tuning in. It is my goal to keep you around coming back week in and week out. If you are a returning listener, you continued support is very much appreciated. Outside of listening, I ask a couple of simple things, share the show with your network, subscribe, rate, review and go sign up for my mailing list at cyberdotnow.com for the latest news, insights and behind the scene information.

Thanks to the show sponsor Rofori Corp!

Show Exit

That’s it for this week’s show you guys. Thank you all for tuning in, I hope you enjoyed it. Again, if you want to join in on the conversation go to the show’s web page at http://www.cyberdotnow.com, Facebook and Twitter. If you want to get a hold of me directly you can find me on Twitter @The_Polititech or email me at cyberdotnow@outlook.com. And thanks again to Rofori Corp for sponsoring the show this week. Finally, please remember to go to iTunes, SoundCloud or your favorite podcasting platform to subscribe, rate, review and don’t forget to share the show. If you guys do all of that I promise I will be back again next week to do this once more. Until then have a great week, talk to you soon.

Links

https://video.foxnews.com/v/5978872847001/?#sp=show-clipshttps://reason.com/blog/2018/12/14/one-year-ago-today-the-fcc-killed-the-inhttps://www.recode.net/2018/12/12/18134899/internet-broafband-faster-ooklahttps://www.wired.com/story/encryption-backdoors-shadow-brokers-vault-7-wannacry/amphttps://medium.freecodecamp.org/the-cia-just-lost-control-of-its-hacking-arsenal-heres-what-you-need-to-know-ea69fc1ce38c

*Show notes may vary from published podcast

Welcome from the racing capital of the world Speedway, IN, my name is Nick Sturgeon host and show creator. I am glad to be back at it this week bringing you all episode #32. I hope everyone had a great Thanksgiving. Hopefully you guys didn’t stuff yourselves too much and that there wasn’t any drama. It was busy week for us. We took the kids to Disney World. This was the first Thanksgiving in eight or nine years that we have spent Thanksgiving away from home and that I haven’t made my family famous turkey. Again, I am excited to be back at this week. I have some exciting things that I am working on as it relates to the show. This week I am going to be discussing the creation of a new Federal Agency the Cybersecurity Infrastructure Security Agency. I discussed this possibility in a previous episode. My feelings on it have not really changed. But we will get in to the details of what this new agency has been authorized to do and discuss if this really will be as effective as the folks in DHS say it will be. I do want to take a quick second to thank the show’s exclusive cybersecurity sponsor Rofori Corporation for their support. It is because they believe in this show and those of you who listen that I am going to be taking this show to new heights next year. I also want to thank Terri Stacy of WIBC for having me on her show last Sunday. She brought me on to talk about Cyber Monday safety tips. Based on our conversation off air it looks like there will be more opportunities for me to come on her show!

For those of you who are first time listeners thank you for tuning in. It is my goal to keep you around coming back week in and week out. If you are a returning listener, you continued support is very much appreciated. Outside of listening, I ask a couple of simple things, share the show with your network, subscribe, rate, review and go sign up for my mailing list at cyberdotnow.com for the latest news, insights and behind the scene information.

Story 1 New Federal Cyber Agency

I know that this is news from a couple of weeks ago but it happened while I was on vacation. This story is important enough I do want to weigh in on it. Lets go back a bit to get some context. This agency is something that some cybersecurity folks in DC have been pushing for since Obama was in office. For various reasons it was not taken up by those congresses.

Here is the time line from this year:

October 3 the Senate passes the bill

November 13: The House passes the bill and sends it to Trump to sign.

November 16: Trump signs the bill into law.

Here is what the law says:

https://www.congress.gov/bill/115th-congress/house-bill/3359/text

So what did this law do:

This legislation elevates the mission of the former National Protection and Programs Directorate (NPPD) within DHS and establishes the Cybersecurity and Infrastructure Security Agency (CISA). The law also forms the agency into three branches: Cybersecurity, Infrastructure Security and Emergency Communications.

What is CISA’s mission:

“CISA leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow.” But does it really? As we have discussed DHS has been failing at their job. The Federal systems are not secure. Another issue I have is to leverage against their lack of staff DHS uses a ton of contractors to do make up for the lack of numbers.

I have a couple of articles I want to read from the various stages of this bill moving through congress over the past couple of months.

[Senate passes the bill] https://thehill.com/policy/cybersecurity/409804-senate-passes-key-cyber-bill-cementing-cybersecurity-agency-at-dhs

[House passes the bill]

https://thehill.com/policy/cybersecurity/416567-key-cyber-bill-cementing-cybersecurity-agency-at-dhs-heads-to-trumps

[Trump signs the bills]

https://www.zdnet.com/article/trump-signs-bill-that-creates-the-cybersecurity-and-infrastructure-security-agency/

Thanks to our Sponsor and exclusive cybersecurity partner Rofori Corp. To find out more check them out here!

Story 2: Why I am worried about the Federal Government being in charge of anything!

This last story really exemplifies why I am worried about the Fed running anything. This article comes from reason.com. The article titled “D.C. Agency Is Sorry Its Staff Didn’t Know New Mexico Is a State” https://reason.com/blog/2018/11/30/dc-agency-is-sorry-its-staff-didnt-know

That’s it for this week’s show you guys. Thank you all for tuning in, I hope you enjoyed it. Again, if you want to join in on the conversation go to the show’s web page at http://www.cyberdotnow.com, Facebook and Twitter. If you want to get a hold of me directly you can find me on Twitter @The_Polititech or email me at cyberdotnow@outlook.com. Finally, please remember to go to iTunes and/or SoundCloud to subscribe, rate, review and don’t forget to share the show. If you guys do all of that I will be back again next week to do this again. Until then have a great week, talk to you soon.

Before you start shopping on Cyber Monday

  • Make sure your anti-virus and security patches are up to date on your computer
  • Make a plan, get that list together
  • Don’t trust email.
    • Scammers do send out malicious and fraudulent emails. The links can lead to malicious software, the emails could contain malicious attachments.
  • Don’t use public WIFI. If you are shopping from your cell phone use your data plan or a secure WIFI connection.
  • Do use a trusted and secure computer\device.

While you are shopping

  • Only shop at business that you know and trust
  • Search for the deals and discounts on the business’s site not on a search engine.
    • Scammers “poison” search results with malicious or deceptive links. Want that latest game console? Run a search on the Best Buy, Amazon or GameStop sites rather than on Google.
  • If it sounds too good to be true it probably is.
    • This is just good common sense. Do fall for deals or offers that seem to be too good. More than likely it is a scam.
  • If you see an email with a deal go directly to the site by typing in the address in the browser and search for the deal, discount or offer on that site.

Now that it is time to check out

  • Use a credit card not a debit card
    • There is more fraud protection on your credit card
  • Make sure you use a secured connection.
    • You can tell this by seeing if the web address is HTTPS.
  • Don’t give out any more personal information than is necessary.
  • When it comes to having the packages delivered
    • Last year there were several public accounts of packages being stolen from porches
    • Try to have you stuff arrive when you are going to be home
    • Have it shipped to the store
    • Or have it held at FedEx\UPS etc

Links

https://www.tomsguide.com/us/cyber-monday-safety-tips,review-1956.html

https://blog.malwarebytes.com/101/2017/11/10-tips-safe-online-shopping-cyber-monday/

https://www.bbb.org/council/holiday-helper/cyber-monday/

 

Note: Recorded show may vary from this posting

Summary:

This week I was able to record some interviews while attending the CyberTech Midwest Conference. At the beginning of the show I give a little recap and break some big news as it relates to the show. Thanks to Julia Kraut, Chetrice Mosley and Joel Rasmus for coming on the show!

Introduction:

Welcome from the racing capital of the world Speedway, IN, my name is Nick Sturgeon host and show creator. I am so very glad you are here with me this week with episode #27! This week was the inaugural of the CyberTech Midwest Conference. I want to thank the folks over at CyberTech and most especially Julia Kraut for letting me set up, record and for coming on as the show’s first two-time guest. I also want to thank my other guests Chetrice Mosley the Cybersecurity Program Director for the State of Indiana and Joel Rasmus the Managing Director of Purdue University’s CERIAS. Before I get to the interviews, I want to recap the event and give some of my thoughts about some of the things I thought were interesting.

Even before getting to all of that. This week the Cyber.Now Podcast made a major stride forward, we locked in our very first sponsor. I want to welcome Rofori Corp as the exclusive cybersecurity sponsor of the Cyber.Now Podcast. The partnership with Rofori will help push this show to the next level. I could not be more excited to make this announcement. I will talk more about Rofori here in a bit. I just wanted to thank Rofori for trusting and believing in this show. Second, I will be on the road again this week, heading to the Applied Cybersecurity Symposium at Purdue-Westgate near NSWC Crane. I am hoping to have a couple of exciting interviews while I am done there and I will be speaking on a panel on behalf of my employer. Part of next week’s show will include this symposium. I may wait to release the interviews until the week of Thanksgiving when I will be taking a much need break.

For those of you who are first time listeners thank you for tuning in. It is my goal to keep you around coming back week in and week out. If you are a returning listener, you continued support is very much appreciated. Outside of listening, I ask a couple of simple things, share the show with your network, subscribe, rate, review and go sign up for my mailing list at cyberdotnow.com for the latest news, insights and behind the scene information.

Cybertech Recap

This past week was the inaugural CyberTech Midwest Conference. Overall, this was a fantastic conference. The quality level of speakers was great. There was a nice mix of academia, government and industry. The panels were great and the session tracks were standing room only. It was great to see Gov. Holcomb take a nice chunk of his morning to attend this event. There was even an Israeli diplomate from the Chicago Consulate who spoke. Even Congresswoman Susan Brooks came and spoke. Let me touch on that a bit. Here is a long time politician who is very well thought of. I have had an opportunity to meet her when I was running the Indiana – ISAC, very nice woman. There were a few things in her presentation that just had my head shaking. It started out kind of the typical introduction stuff, happy to be here, this conference is important to Indiana and the region (which I agree with) and on. So she got into her role in congress as it relates to cybersecurity. She talked about the fighting within Congress on various cybersecurity issues i.e. the national breach notification. But really got me going was in one breath she said we (congress) are not very well educated in cybersecurity and we need you guys (those in attendance) to help them and then in the next breath goes we (congress) are trying to pass common sense cybersecurity regulations. What the heck how can you not be educated and pass common sense regulation. Now I know this is 100% grade A political talk. This is the kind of thing that happens day in and day out in Congress and the Federal Government. If you are not educated on it and are reaching out to those in industry what do you think is going to happen? This is based on mountains of history, you get regulation that only helps those companies that help “educate” those in congress. This is why this show exists. Please share this show with you congress person and senator. Help me help them! Outside of that one of my only criticisms of the conference is during the opening planiery the conversation was a tad bit state government leaning. If I have one suggestion for my friends who helped organize this event is to level out the conversation a little bit. It was great to see so many people in attendance, there were around 1000 people who showed up. I got to see a lot of friends, colleague’s and former co-workers. I cannot wait until next year and maybe I will be able to get a booth, who knows we will have to wait and see.

Julia’s interview

Chetrice’s interview

Ad 1 Rofori Ad Read

Joel’s interview

Show Exit

That’s it for this week’s show you guys. Thank you all for tuning in, I hope you enjoyed it. I want to again thank Rofori Corp for their support of the show. Go check them out at Rofori.com. I am telling you guys if you work for or are a part of a small or midsized business\organization and you need help with cyber give them a call. Again, if you want to join in on the conversation go to the show’s web page at http://www.cyberdotnow.com, Facebook and twitter. If you want to get a hold of me directly you can find me on Twitter @The_Polititech or email me at cyberdotnow@outlook.com. Finally, please remember to go to iTunes, SoundCloud or your favorite podcasting platform: subscribe, rate, review and don’t forget to share the show. If you guys do all of that I will be back next week to do this thing again. Until then have a great week, talk to you soon.

 

Links
www.rofori.com

https://www.cybertechisrael.com/

Summary:

This week I cover what is perhaps the biggest facepalm moment in password history with Kanye West’s 000000 cell phone passcode being nationally televised. What happens when too many people freely give up their DNA info? How does this impact the privacy of their neighbors and family? Finally, was the recently reported Google+ data breach really a data breach at all?

 

Welcome from the racing capital of the world Speedway, IN, my name is Nick Sturgeon host and show creator. I am so very glad you are here with me this we get into episode #25. This week the news cycle has been a little slow though not completely void of things that I can talk about. I will get in to the shows break down here in a second.

For those of you who are first time listeners thank you for tuning in. It is my goal to keep you around coming back week in and week out. If you are a returning listener, you continued support is very much appreciated. Outside of listening, I ask a couple of simple things, share the show with your network, subscribe, rate, review and go sign up for my mailing list at cyberdotnow.com for the latest news, insights and behind the scene information.

Coming up on Monday I have an interview setup with what is probably this highest profile guest I have had on to date. Not only that I am taking the show on the road, so to speak, and recording at a studio located down town Indy. Very much looking forward to the interview. You will have to tune in to find out who the special guest is!

This week’s show may run a little shorter than the last couple of weeks. However, we will take as much time as we need to cover the news of this week. The first story I will get into is going to be what should come at no surprise to security professionals and will be one that is probably very common among most people. The second story is some what of a follow up to a story I covered a few shows ago and demonstrates a potential negative outcome of sharing too much personal data. Then finally we will talk about what a data breach actually consists of.

Story 1

Let’s dive right in. Earlier this week Kanye West, which before I continue I cannot believe I am talking about Kanye. I am really not a fan of his music and not been a big fan of him in the social aspect of his life either. With that said I do respect what he has done politically to try to mend things versus what others in Hollywood are doing by driving the country apart. This is not to say I think what he is doing is working or that he is making any sense. But I give the guy a thumbs up for giving it the good ole college try and not being afraid to stand against his “peers” in Hollywood. Anyway, earlier this week Kanye was in the Oval Office with Trump where he goes on what is being described as an epic rant. Though we could probably have a field day with the rant itself that is not what I want to talk about. I want to discuss something that was captured on national television. While being filmed from behind, Kanye took out his phone entered in his password and then shows the phone to President Trump. Now for those of you who are not already in the know, can you guess what his passcode was? I will give you a couple of seconds to take a guess……. It was six 0s. Now this didn’t surprise me one bit. In fact I would take a guess and say most of you non-security minded people have similar simple passwords or passcodes. How can I be so certain will the numbers 123456, 000000, 111111 continue to be some of the most commonly used passcodes. Why is that, will we are lazy, that is most of you are. Let me jump to a article from the Washington Post [Read Story]

I have to say some of the tweets that the article has about Kanye’s password actually made me chuckle. Beyond the password security this is a good reminder to have good situational awareness. Kanye was oblivious to the camera being behind him as he was typing in his password. It is a great reminder we all need to be aware of who is around us and not be too caught up in the moment.

Ok, I am going to take a quick pause and be right back.

Story 2

Welcome back, so this next story is some what of a follow on to a story I covered a few episodes back. In that show I talked about a couple of data breaches that happened to the DNA sites 23andme and Ancestry.com. What happens when a large number of people have submitted their DNA to be tested? Well as this article from the LA Times points out it becomes easier to identify you with less data. I want you think about how your neighbors or even distant members of your family who have submitted their DNA to one of these companies puts your privacy at risk? From the article [Read Story]

Story 3

The last story for this week. What is a data breach and what actually does a data breach consist of? A data breach can be defined as the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Based on this definition, if a security team of a company who is going through a review of their code, systems, configurations or what have you and they discover a bug does that constitute a breach? If you said well that depends you would be right. The next step would be to verify if that bug had been exploited. If based on all possible data and information they collected, to include that no user information or other data sensitive or not was put at risk of being disclosed and that the bug had not been exploited, would it be a breach? In my opinion that does not fit the definition of being a breach. The big factors for me are was the data actually exposed to unauthorized users? The data doesn’t have to necessary leave a system to be considered a breach. If the data was forcefully taken from its rightful place that is a breach all day long. If a person whether or not they are a “bad guy” or an employee of a company has access to data they are not supposed to have access to can be considered a breach when you apply it to the strict definition. Now lets pivot to some news that came out this week about Google and the Google+ social media platform.

Show Exit

That’s it for this week’s show you guys. Thank you all for tuning in, I hope you enjoyed it. Again, if you want to join in on the conversation go to the show’s web page at http://www.cyberdotnow.com, Facebook and twitter. If you want to get a hold of me directly you can find me on Twitter @The_Polititech or email me at cyberdotnow@outlook.com. Finally, please remember to go to iTunes and/or SoundCloud to subscribe, rate, review and don’t forget to share the show. If you guys do all of that I will be back again next week to do this again. Until then have a great week, talk to you soon.

Links

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/10/12/the-cybersecurity-202-kanye-west-is-going-to-make-password-security-great-again/5bbf83471b326b7c8a8d1946/?utm_term=.2a1ec84ef4bc

http://www.latimes.com/science/sciencenow/la-sci-sn-dna-genealogy-privacy-20181012-story.html

https://www.experian.com/blogs/ask-experian/google-data-breach-what-you-need-to-know/

https://www.theguardian.com/technology/2018/oct/08/google-plus-security-breach-wall-street-journal