The Host Unknown Podcast - Episode 18 - The Tik Tok Free Episode
Episode Date: August 6, 2020The episode where Andy's redundant broadband connections both fail, mid podcast. Don't worry, we fixed it in post and you would never notice.Tweet of the WeekTik Tok doesn't do anything untoward with ...your data.https://twitter.com/fs0c131y/status/1290229777870159873?s=20http://appleinsider.com/articles/20/08/04/apple-allegedly-in-the-running-to-buy-tiktokBilly Big Balls of the WeekLow paid servitude in LAhttps://twitter.com/taylorlorenz/status/1289245991346925574?s=21Rant of the WeekAndy gets upset with a clients "problem statement"The Little PeopleJust kidding, not this week, although Thom retracts his statement that Lee Munson is "some nobody from my distant past" and that they regularly exchange Christmas cards. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Yeah, so I've got a Polish friend who's a sound engineer and I've got a Czech one too. Czech one too.
Oh.
You're listening to the Host Unknown Podcast.
Hello, hello, good morning, good afternoon, good evening and welcome to episode 18.
I was given some feedback just the other day that people have no idea which episode they're listening to. So for you latecomers, episode 18, the one where we don't talk about TikTok.
Allegedly.
That's going to be a tough one um so with episode 18
is the confusion caused by the missing files which have never been published
uh possibly you mean files or file episode two you mean episode two maybe a little bit of episode
three no we got episode three didn't we or well i think we got
confused with the labeling i have to say but we got pretty consistent after five okay cool yeah
so the the ill-fated um episode that we don't talk about anymore no no the one that we're
going to publish when jack daniel dies yes okay that's all he said he would promote it for us as well okay through a ouija board he's well he's a talented
man we know that you know he's he's um he's he's going to be in the ether isn't he so
he's going he's going to become one with our exactly
that's another reference for the kids born after after the 80s and they're not going to get it
Another reference for the kids born after the 80s.
They're not going to get it.
That reminds me of that time, Jeb.
You're doing that presentation and you threw in a Back to the Future reference.
Yes.
And it was a lot of students, wasn't it?
They had no idea what you were talking about.
That's right.
That's right.
This is at university.
I was asked to talk to some students.
And I threw in, I said, ah, that was a flux capacita moment for me.
I was just like, I see your blank faces.
And then the professor who invited me there,
she was like, you do realise none of them were born when the film came out.
And I was like, oh, damn, I'm old.
Oh, dear, that realisation that you're older than everyone you meet.
Exactly.
Yes, it's an experience that you two are having every day, really.
We try and keep you young, Tom.
I know.
We try and keep you in sync with what the kids are
up to these days indeed so anyway gents how are we how are we Jav how the devil are you
well speaking of childhood and um obscure references uh anyone that grew up in the
in the golden era of wrestling will remember the Rockers the tag team i hate it and marty genetti sean michaels and marty
genetti i have no idea who you're talking about well we just told you we're talking about sean
michaels and marty genetti you did just say you hated them don't tell me you were you a legion
of doom fan oh what a rush it sounds like a comic book. Who wasn't a Legion of Doom fan?
I was a big Rockers fan.
That's the thing.
What?
Yeah, I know lots of people.
No, what the hell are you talking about?
Not, oh my God, you were a Rockers fan.
What the hell are you talking about?
You had to be there, Tom.
I mean, you must have been in your, what, mid-30s by this point.
Yeah, exactly. You'd probably missed the, Tom. You must have been in your mid-30s by this point. Yeah, exactly.
You'd probably missed the golden era.
Of what?
Although of the heel tag teams, I did like Demolition.
Yeah, good thing.
This is an English-speaking podcast.
You do know that, don't you?
Anyway, Marty Gianetti posted a really obscure uh social media post i think on facebook
um the other day in which he kind of alluded to admitting to murder and he also
andy he also well he since deleted the post but he he also replied to in the series of of comments that were there like
where he got immense satisfaction about making this man disappear um so as a result um i think
the police in the area in in columbus or wherever they've opened a
so so jav when i ask you how are you and you talk about somebody from
somewhere famous at some point i don't know disappearing someone how are you i i'm in shock
that's all i can say i mean i've been on a 90s nostalgia trip since yesterday
i was gonna say are you feeling, you know, like
this Marty Gianetti
or whoever he is? I'm sure it's a
character from Back to the
Future, but
are you feeling an affinity
with him or something?
No, well, you know,
he was in a tag team
The Rockers with Shawn Michaels
and Shawn Michaels betrayed him when they were in Brutus Beefcake's barbershop.
Yeah.
Lots of beef and marty back in the day.
Brutus Beefcake's barbershop.
Yeah.
The illiterism is just, well, I don't know.
So you do know that wrestling is made up, right?
So did he really betray him, or was it just part of the script?
Coming from a person that read comics growing up and even now,
I don't think you're in a position to tell me what's made up and not.
Thank you very much.
No, I am because I know what's made up. The comics are made up.
It's sports entertainment, Tom.
It's sports entertainment, Tom. Sports entertainment, right.
If you read the autopsy report
of Chris Benoit
and how the coroner said
that he's had a brain
of an 80-year-old with Alzheimer's,
you wouldn't say that
unprotected chair shots to the head
are fake.
If you saw...
I'm not saying it's fake.
If you'd seen The Undertaker
chokeslam Mick Foley
through the Hell in a Cell cage,
you wouldn't say that it was fake.
Yeah.
It must have been at least 50 feet
in the air.
He must have been.
He was busted wide open.
Oh, speaking of being busted wide open,
if you'd seen Stone Cold Steve Austin
at WrestleMania 13 not giving up
to the sharpshooter and passing out from loss of blood after being busted wide open you would not
be telling me it is fake okay so welcome to the host unknown podcast which we talk about all things
information security and entertainment uh specifically wrestling for some reason
i hesitate to move on to you andy because i know you you are a part of this
andy how are you today i know i did receive criticism last week for um obviously talking
about haribo and um anything unrelated to to infosec um So I'll just keep it brief.
Busy week, as usual.
But I did get a nice gift from work.
This is in relation to a recent acquisition that we completed.
Was it a P45?
Unfortunately not.
But no, a few people have had them. So yeah, that's a bit of a touchy subject.
You heard it here first, mate.
Depending on which business unit you work for.
However, this was related to an acquisition, you know, for which I was part of the due
diligence thing.
And typically, the US teams who run acquisitions by, we call them tombstones, which are like
these glass paperweights.
Oh, I know what you mean you
know really sort of really expensive complete waste of money um but uh it's not something that
the um sort of emir deal team has ever um believed in you know they'd rather take everyone out for a
celebration and uh you know let people eat and drink until they're married. The Brits would rather go out and get pissed.
Yeah, exactly.
But, yeah, this time I got a parcel yesterday.
Had no idea what it was.
Opened it up.
All in German.
Funny enough.
Useful.
Yeah, an acquisition in Germany.
And with the company logo, obviously,
so I knew what it was related to.
And it had two glasses in there and a big scented candle.
And it's very fancy.
You know, it's not cheap stuff.
This is really fancy stuff.
And I don't know the history behind it.
You know, I can't entirely translate it,
but as I believe anyone that followed Troy Hunt's story of, you know,
the M&A processes he went through,
you'll know that there was a code name given to the project.
And the code name for this acquisition was Project Spark.
So I'm thinking that the candle represents the name Spark and the glasses are to celebrate the completion of that project.
However, this is just me spitballing.
I've got no idea.
It wasn't one of those Gwyneth Paltrow scented candles, was it?
It wasn't branded that, but it wouldn't surprise me if it was, you know, white labelled.
Oh, dear me.
But how are you doing, Tom? Yeah, good work's picked up i got a big piece of work on at the moment which i'm i'm i'm trying to get around to doing um
yeah yeah pretty much moved into the the flat now um got moving more and more stuff in a little flat
and a lot of stuff so i don't know i think
i'm gonna make some furniture out of books or something like that just to have somewhere for
them to go so but yeah yeah all good all good actually um but quite otherwise to be honest with
you so yes anyway what have we got for you this week? We say that every week and we say the same thing every week.
So be no surprise to hear that we've got a tweet of the week,
Billy Big Balls, a rant of the week.
And well, will we have a little people today?
Only time will tell.
OK, well, since we spent nearly 10 minutes talking about wrestling, it would seem, then I think it's probably time we should move on, don't you?
Absolutely.
Yeah. OK, so let's move on to the tweet of the week.
Oh, that's me.
You jab. Yeah, that's me. You jabbed, yeah, that's right.
So, you know at the top of the show how Tom said
that we're not going to talk about TikTok this episode?
He hopes that every episode, let's be honest.
What a twist.
Tom just got super kicked through the window.
Sorry, what?
The betrayal.
just got super kicked through the window.
Sorry, what?
The betrayal.
So this tweet is from Elliot Anderson,
who has the Twitter handle of F Society with a bunch of zeros and numbers in there.
What kind of idiot puts numbers and letters in their Twitter ID?
It makes it so
hard to ridiculous ridiculous yeah so um this is you have to explain it you've lost as you
once explained to me jeff yes yes um so the dude's name's baptiste robert or rubber he's a french
security researcher um he's done done in the past as well.
If you look through his work, he's done a lot in reverse engineering and trying to pick apart how mobile apps work.
So he's got a whole repository of his public work and what have you.
So he took a look at TikTok because, you know, there's a lot of stuff going around, a lot of speculation.
And he says, well, you know, we can get zilogs and we can find out what's true and what's not.
So he'd done a deep dive into it. And his conclusions were that if I read out from his blog, I decrypted the content of the request and analyzed it.
As far as we can see, in its current state,
TikTok doesn't have a suspicious behavior
and is not exaltrating unusual data.
So, plot twist, I think Andy was right all along.
We were getting a bit too...
No.
No.
No.
So, yeah, I think it's...
I know you don't want to admit it, but I know you want to find a bad guy.
I do want to find a bad guy.
I want to find a smoking gun.
I want to find...
But, um, but no, it's a really good post that it's worth reading through
because he compares it...
He's got like screenshots of the code
of what kind of data it grabs and everything.
So like, say, for example, your device,
your phone brand and model
and what version of Android or iOS it's's running and what have you but he goes
this is exactly the same kind of data that nearly every other mobile app takes it's not it's not
unique to tiktok and other than that there's nothing really um that that looks suspicious
so um i i thought that was that was really good. So it goes beyond the whole speculation.
It goes beyond rhetoric and political statements.
It's like, well, here are the logs.
This is what the app looks like.
Bring your own logs if you want to prove otherwise.
Yeah.
Yeah, it's interesting,
especially given the recent fines that have been leveled
against Facebook and potentially against Twitter,
you know, grand old American companies about how they're mistreating data.
Yeah, that's right.
They've been fined for using phone numbers to send more specific targeting advertising to users.
Well, it's not so much the phone numbers,
it's what the phone numbers were supplied for.
So they were supplied for 2FA effectively,
you know, for re-authentication,
but then they used them in a way that they said that they would not use them.
And yet, you know, the enemy is obviously a Chinese company that, you know, encourages sad middle aged men to watch, you know, teenagers jumping around and dancing.
I'm feeling attacked.
That's not just all.
And for the record, I'm not sad.
I'm very happy.
Yeah. But you know, it's also interesting that TikTok are actually going on the offensive.
And they posted a really interesting blog post on it.
Yeah.
In which they say, look, hey hey we believe that all companies should disclose their
algorithms uh what their moderation policies are and you know what their data flows are so you know
if if every organization has that transparency and accountability then you know that then it
puts everyone on on a level playing field and and i think it's it's it's great of course it's it's great. Of course, it could be all showmanship.
It could be, you know, a doink the clown coming out from under the ring,
landing a cheap shot while the ref's distracted and hiding again.
But, you know, it's great because I don't think any other social media company
would want to go down that path because it would expose them far more than I
think TikTok would be exposed. Exactly. Exactly. Yeah. So you two are agreeing with Andy?
Yeah, I think so. I think so. Did I disagree with him? I can't remember.
It was a long time ago. It was a long time ago. I don't think we actually disagreed with Andy.
We were just helping him flesh out his thoughts and ideas. Yeah, I mean, I think you definitely did
disagree with him.
Well...
Who knows?
Who knows? Anyway,
thank you very much for that
Tweet of the Week.
So, we may have lost Andy
through that actually
so quite interestingly
that's going to be interesting
Andy's suffering technical problems
so he's
this is a man that has two broadband connections
into his house
and still having connection problems
and these aren't running over the same fibre and connections
these are two separate companies
two separate companies two separate and as we know the gardener cut through one of them yeah yeah exactly it's i don't know
mind you i got some exciting news i had some um bt vans parked outside for three or four days
last week and on the on the last day i happened to be walking
past and i i chatted to the the engineers and i said are you guys here for maintenance or
installation and they said uh installation and i said what are you any fiber to the door and i went
yes in a month or two you will have the fastest connections available in the whole of the uk
so i'm going to be very very excited by by that. Although, obviously, I won't have two of them coming into my house,
but I'll probably still be able to stay connected to this recording,
unlike someone else who's just disconnected again.
Some MI5 agents are going to be like,
phew, we dodged a bullet there.
Yeah, that's right yeah
oh dear right um what are we so that was uh oh yes that was that's right thank you for
andy's show notes he's rapidly typing in the show notes something at the moment um but um um the um the other interesting thing about the tiktok story is that first of all
um first of all that microsoft is in talks to acquire tiktok and trump even said i've
effectively brokered this agreement. I should get commission or rather
the US government should get a commission for brokering this agreement if it goes through,
which is, as I understand it, not only outrageous, but also illegal. But then Apple said that they
are reportedly in the running for buying TikTok, which just basically seems to tell
me that, you know, two large American institutions are looking to really piss off Donald Trump at
some point in the near future. But also on the back of that, I would also say that host unknown
can neither confirm nor deny that we are in discussions to acquire TikTok.
And this would be where Andy says something, but obviously he can't.
So, yes.
I'm here. I can see Jeff.
You're listening to the Host Unknown Podcast.
More fun than a security vendor's briefing.
He is back now.
Marvellous.
Is he?
Can you not hear him? No. Can you see tom or can you hear tom i can't hear tom no i can
hear both of you okay i can't hear him at all so he's maybe and andy's saying he can't hear you
oh for fuck's sake let's play a tiny swissman what do you want to say to andy tom yeah well
how about we just carry on
and we'll work it out. He's saying you're...
Oh, man, I can't repeat that, Andy.
Okay. Anyway, I'm going to
move on right now. We're going to
power through these technical
issues.
I'm going to move on to...
Billy Big Balls
of the Week.
Now, Now this is a great well I think it was
was it on LinkedIn or a tweet
I can't remember now but
this
is an advert
that I saw
for a job
in Los Angeles, California for for a personal assistant to influencer.
And what's interesting, well, actually, I'll just explain a few things and I'll tell you
what's interesting. So this is a part time job. And I'm going to just read out just a few key
sentences here just to give you an idea.
So a well-known celebrity influencer with 10 plus million followers has got to cut it down somewhat.
It's seeking a well-organized, available, diligent personal assistant to join her team.
So that's halved it again. Right. This is a part time personal assistant position, but will eventually transition to full-time if properly qualified.
Blah, blah, blah.
Responsible for a lot of activities, planning, managing,
being on the property around eight hours a day,
cleaning, cooking, basically, you know, doing a whole bunch of stuff.
Must be able to handle hundreds of tasks at once.
You must also be able to be the bad guy, remove emotion.
Now, emotion is a term that we come across a number of times here,
et cetera, et cetera.
Manage all incoming and outgoing communications,
must have a car and be able to drive client.
Let's see.
Actual work hours, but will be flexible,
although you have to be on site eight hours a day,
but generally expect to be with clients all the time,
minimal days off.
Now, this is a part-time job.
Sorry, let me just clarify. You said in the beginning, this is a part-time job sorry let me just clarify you said in the beginning this
is a part-time job yes yes absolutely it's a part-time job it's now you have to be available
oh part-time job eight hours with the client but the a minimum of eight hours a day with the client
with minimal time off and your your hours have to be flexible.
You have to be available 24-7.
Now, you might think that something like this would, you know, you probably work really hard at this for two to three years
and you could probably move on and take, you know, take a fair amount of money out of this.
The pay is $25 per hour.
So without wishing to be overly dramatic, this is barely paid for servitude.
Although I believe that is above the minimum wage, not only must you be
there a minimum of eight hours a day with flexible hours, be with the client all the time,
be available 24 by seven. And this is the part-time job. What does the full-time job entail?
So this is amazing.
This really is a
Billy Big
Ball move.
And you
know, it's
given me so
many ideas
of who I
want to
hire to
help me
out here
in London.
So if
any of our
listeners,
you think
that you
can meet
the minimum
of these
specs and
you'd like
to work
for an
influencer
with nearly
just short of 10 million subscribers
uh then uh drop me an email uh you would have to operate under u.s labor laws though
yeah whatever i don't not not not you them whoever they applies whoever applies you know
so they'd have to you'd have to operate under u US labor laws, which means that Jav could fire you at any point. Yeah, of course. By throwing a phone at your head,
like, uh, Tyra Banks, Naomi Campbell, whatever. Naomi Banks? No, it's Tyra. It was
Naomi Campbell, whatever. It was a supermodel. But anyway, this has got to be a Kardashian or someone, right?
It's got to be.
I don't know.
Well, mind you, I don't know any really celebrity influences or whatever.
But, you know, female, 10 million followers,
and who has an utter disregard for little people.
Which reminds me, have we got little people?
Doesn't matter if you have.
We'll answer that later.
Yeah.
So, yes, that was this week's...
Billy Big Balls of the Week.
Host unknown.
Sponsored by...
Andy's Broadband Provider.
So, welcome back, folks. This is, well well for the first time ever part two but
we can also introduce andy back to the recording what the hell man i do i have no idea something
to do with cloudflare's dns um because i switched dns and everything's working again
use quad nine I told you.
You did, but yeah, I've never had a problem before.
But yeah, obviously.
What's a DNS and what does it do?
What is this internet and how do I get onto it? Imagine like a phone directory, you know?
The thing is the interrogations, I get it, yeah.
The other thing you can do, Andy, is if you're using DHCP,
and if it's not resolving correctly,
is put the IP address of your router in as the DNS.
That's what's in there by default.
Oh, okay.
No issue with that.
Oh, bizarre.
So there might be a setting.
I don't know.
Anyway.
So you did the billy big balls right
because obviously jav could hear both of us but uh i couldn't hear you yeah but i could hear
commentary about uh your billy big balls yeah absolutely absolutely so um your comments were
entirely ignored excellent um but uh yeah we had fun anyway so So yes, we are back, all three of us.
I've got more work to do stitching this together,
which is going to be fun.
But hey-ho, especially as Andy changes his name
every time he connects,
which makes it even more difficult
to recognise the file names when they get downloaded.
You know, so we'll work it out.
Anyway, so why don't we move on uh what's next andy
industry news uh roving reporter the man on the street the uh the stig of infosec
indeed indeed okay so let's see what this week's industry... Shit. Industry news.
It reminds me of when they were filming the prequels to Star Wars
and there was a lightsaber scene
and they couldn't figure out
where this buzzing sound was coming from.
And it was Ewan McGregor.
It was Ewan McGregor.
That's right.
Oh, that's right.
Anyway, I'm going to try that again.
Let's move on to this week's...
Industry News.
What the hell is going on?
Did you just fall off your chair, Jack?
I nearly fell off my...
My phone was getting low on battery,
so I was reaching over to try and like plug it in and my
chair slid out from underneath
my god
if any sponsors are listening
unfortunately this is a
regular example
this is as good as it gets
exactly
this is as good as it gets
right third time's the charm
yeah
shall we do this
go for it
okay
we could deal with this in post
okay let's see what's going on in this week's
industry news
twitter confirms spear phishing attack caused account takeover
industry news future brights for cso's despite
budget and transformation challenges say security leaders industry news wasted locker ransomware
most sophisticated attack outside nation state use News. Tanium partners with
Google Cloud
to better battle
APTs. Industry News.
Almost half of
businesses hit by COVID
related business impact
impacting cyber attack.
Almost half of businesses hit by COVID
related business impacting cyber attack in 2020.
Industry news.
Red car and Cleveland attack recovery cost over £10 million.
What?
There's one extra that's just been snuck in.
I thought we were running short on stories, but I just double checked the InfoSec
newswire and
that one was just sitting there
brand new, hot off the press that one is
oh blimey, sorry, in which case
Industry News
there you go, and that was this week's
very professionally read
Industry News
yeah Andy, it's no good putting it in now professionally read. Industry News.
Yeah, and it's no good putting it in now into the show notes.
Literally, the moment I played that final closing jingle,
it goes into the show notes.
Not helpful.
I'm sure our industry newswire Stig is deliberately causing tongue twisters in their titles now because they were a lot harder to read this week.
Do you know what? He's also probably sitting at his desk having just hit publish on that last story and saying, my God, i type it here and they say it out there huge if true huge if true yeah do we want to talk about one of the stories or are we worried we
might just screw that up as well well i will talk about uh just that uh twitter attack one
uh you know the whole spearfishing thing where they socially engineered.
Oh, yeah.
So something typically 2020 occurred in the court hearing, you know,
for the kid that's been responsible for that.
So the whole thing's been done via Zoom, as you can imagine,
with this current event around the world
and plenty of people appeared to uh zoom bomb it um sort of imitating uh cnn reporters and bbc news
employees um just attended this meeting uninvited and started playing like music down the line and dropping porn into the conversation.
But I think if there's one thing that could probably sum up 2020,
at the moment, it's trials by Zoom being Zoom bombed.
Okay, this is almost a rant of the week for me
because here is a trial of a juvenile. but he's been trialed as a an
adult though isn't he i understand oh is he 17 yeah um anyway i can't i couldn't offer judgment
but here is a trial of somebody i i um who carried out a cyber security attack and they decide to use Zoom.
Zoom, which has had many published,
how can I put it, vulnerabilities,
all of which, you know, Zoom have responded to,
but is, you know, they've even had a term entered into the information security vernacular,
Zoom bombing.
I mean, they could have used virtually anything else and not had a problem
this is the this is the equivalent of do you remember the tv show the a-team yeah yeah you
have a bunch of hardened military veterans and rocket and you capture them and then you lock
them into a tool shed full of like how powerful tools parts of a tank some rocket launcher parts
lying around and you're surprised that they managed to escape it's utterly bizarre i mean
which which country did this is this person in florida florida oh florida it's not a country
but it's a country in its own right but doesn't that just sum up Florida?
I mean, oh, my God.
I find that.
I mean, whoever is the CISO of Florida County,
if that's such a thing, or Florida State, I'm sure they have some.
You should be ashamed of yourself, or at the very least,
come out and say, I told them, you know you know Florida's
we joke about Florida man and everything
and my colleague Eric he lives in Florida
because obviously you know before
the world's largest provider of security awareness training
is based out of Florida
play those sponsor jingles
Clearwater but he sent a picture
yesterday so he lives in one of these housing
estates which is like a gated community
and he sent a picture of his car wedged between two houses it's like you know there's
and he goes what happened is that the guy came up to a t-junction and he dropped his phone and he
went to pick up his phone and his foot went on the accelerator and it shot over the grass verge and wedged itself in between two two houses
and he goes yep that's florida for you
well i thought you were going to say it was a sat nav incident no no no or as i heard jesse i heard
this term yesterday i've never heard it before and i'm probably way behind but so i went i went
into cex you know that high street store where you can buy and sell stuff.
And obviously I've moved a lot of kit recently and I'm thinking, oh my God, why have I still got, you know, this?
So I've been taking a lot of stuff there, you know, just to get rid of it.
I like it because it's recycling.
But this guy ahead of me in the queue, he rocks up to the guy at the counter and says, you got a cable for a twat nav?
he rocks up to the guy at the counter and says you've got a cable for a twat nav
I never heard that term
it's brilliant
oh dear, anyway
well according to the show notes we should have a
sponsor jingle but we've just had one but is there anyone
else? Oh, I know, here we go
how about the state of florida do you fancy
sponsoring us we could give you uh some some free uh free advice host unknown sponsored by
the state of florida
specifically the cso call us well i mean that tagline pretty much writes itself, doesn't it? I mean, it is the state of Florida.
Yeah, that's right.
It is.
It is. Oh, my goodness.
Right. Let's
move on, shall we? I'm very put off
by the fact that we're only 11 minutes into
this podcast, but actually, I think this
might be a little bit more. Andy,
I can never
find these buttons when I need them. Ah, here we go.
Right, let's move on this week to...
Rant of the Week.
Okay, so this one is, I guess for me, it was a slow burner.
And by that, I mean, you know, we obviously have clients.
You know, if you're in business, you've got clients, right?
And you want to make your clients happy.
And, you know, we've got a service delivery team or, you know, service relationship team who are essentially like the face with the client, you know, they will take
client requests, they will go out to the right people and, you know, sort of figure out if it's
good for the client, is it good business for us. and so the service delivery manager came to me for one
particular client and he asked if I could participate in an exploratory meeting and I'm
like okay well you know where are we going with this and he said oh it's just an exploratory
meeting you know how you just don't get the detail I said well I'm going to need to understand a bit
more about what's actually needed because you know I might want to bring in other people, depending on what's going on here.
And so he said, you know, they basically just want to chat because, you know, they've got teams developing software and they want to brainstorm.
And they've got some problem statements that they want to talk through.
And I'm like, OK, well, let me know what the problem statements are, you know.
And so I guess the rant for me is that when I actually analyze what's going on here, they're literally looking for free market research.
You know, so I assume they've gone to all their vendors and they are asking these sort of same questions.
It's going to save them from doing the work themselves.
But, you know, when I was actually reading through the problem statement,
I fundamentally just disagreed with it from the start.
I started to type an email in my response saying, you know,
I don't have time for this.
It's non-revenue generating.
You know, other people can cover this. I don't need to for this. It's non-revenue generating. Other people can cover this.
I don't need to be involved in this.
And then I said, fundamentally, I disagree with the problem statement because,
and I was like, what am I doing?
I might as well just speak to them.
But I didn't.
I just deleted all that.
I just left it as it was.
So I will tell you the problem statement that is bothering me. So the problem is there are currently a substantial,
there is currently a substantial shortage
in cybersecurity professionals in the world.
And this is based on 4 million open positions.
So I don't know where they get these stats,
but this is the fundamental problem.
And this has had a knock-on
effect on them because what they are then saying is that because of this shortage of cyber security
professionals um it's led to an effort to shift security work to software developers
so uh because software developers now have to do this additional work, they are now having to take on automated securities testing tools
to support themselves.
And the problem with all these automated testing tools
is that they can generate false positives,
a large amount of false positives,
which means that developers have to waste time
to go through each false alert, verify, close each alert.
And this work is demotivating, slows down software product delivery,
and forces a trade-off between security and delivery.
And they're also saying, you know, in larger companies,
this cost can run into tens of millions.
What?
Not to impact the slower delivery or reduced security
on the customer experience and revenues.
And that's it. That's the problem statement that they want to talk through.
And, you know, I mean, fundamentally, you know, I don't agree that there's a shortage of cybersecurity professionals.
Not four million. No, no. Well, I mean, you know, advertiser position the other day, you know, got like 200 applications in the space of 48 hours.
You know, and that was in Germany.
Oh, not LA. It wasn't in Los Angeles.
Not Los Angeles, no.
Right, okay, just checking.
It wasn't roughly 25 euros an hour, was it?
No comment. What's that?
Yeah, legal department told me to say no comment.
A statement will be made at a later time.
But again, you know, the whole,
and I think the whole premise of, you know,
because this shortage of cybersecurity professionals,
that now developers have to pick up work as if it's not any,
you know, it shouldn't be something they should have to deal up work as if it's not any you know
it shouldn't be something they should have to deal with you know that kind of bothers me that sort of
attitude um that's like saying that you know the car production line oh well we don't do airbags
and seat belts they get fitted afterwards yeah by the security team. Yeah. Or even worse in this case, yeah, some of us know how to fit airbags and seatbelts.
And so some of our cars go out with them and some of them don't.
And then we have a team that checks to see which ones don't have seatbelts and airbags.
And then they refit them.
And that's our security team.
Yeah.
This is just a
self-serving problem statement it's it's not trying to solve any problem it's disingenuous
in in how it's positioned because it's not trying to solve anything it's trying to create more work
and more more opportunities for the cyber security industry i mean the thing is like if you look at
it if you do have developers taking on more security early in the lifecycle,
which we've been talking about as an industry for ages, it's like embed security early,
give people the right tools so that they can make their security checks even without a security professional on board.
And let's be honest, a lot of security quote-unquote professionals wouldn't know.
Yeah, like the developers are better equipped than those people at finding and fixing and coding.
Absolutely.
That's where we want to get to.
We don't want to throw more bodies at the problem.
We want to see, well, how can we leverage the entire ecosystem
and embed security within each aspect?
So you need less security professionals.
Yeah.
Yeah, exactly.
It's, you know, the whole, you know,
the OS top 10 has had SQL injection and cross-site scripting in it
for the last 10 years, right?
Yeah.
But how, when it's an issue
that's been raised for the last 10 years
and development teams are still coding in
SQL injection and cross-site
scripting errors. I understand that, you know, the other rates are probably, you know, regularly
changing because vulnerabilities change and there are new attack vectors and new technologies and
all that sort of thing. But to have 10 plus year old vulnerability still being actively coded in really underpins exactly the problem you have with this
problem statement yeah it sounds like they need uh they need some more cyber security professionals
it it sounds to me like what they need is somebody to come in at that like strategic level
and to talk to their sort of business leadership about
effective use of security and, you know,
how we can actually embed it throughout an organization. Just saying,
you know, and there's, there's,
there's people on this podcast that could do that or person on this podcast
that could do that. Yeah. But I'm too busy.
Yeah. But you said you passed stuff on to me, mate.
Oh, dear.
Nice one.
Yeah, I'm not surprised that was a rant.
Thank you very much for that one, Andy.
Rant of the week.
That gets my favourite jingle of all.
Oh, dear. Right. that gets my favourite jingle of all oh dear right so
we move on to
the culmination
and the high point of the
show the little people
do we have time
because I'm unconsciously weak
I'm quite over time and this is a really
really good one but I don't think we're going to do it justice in the time we have left.
Okay, in which case...
The Little People.
Over to you, Geoff.
Good points, well made.
Are you saying we don't have a Little People this week?
You spent all your energy digging some nobody out of my professional
past for last week's and uh you know to just slag me off without any kind of um you know
opportunity for recourse that you don't have anybody this way you're on the podcast what more
opportunity for recourse do you want okay this week's little person is Tom Langford.
Off you go, Tom.
How very dare you.
And that was this week's...
The Little People.
OK, so maybe we won't have The Little People this week.
Excellent.
Well, thank you, gents.
Appreciate that.
An interesting episode this week.
We shall see how it sounds in the edit.
Andy, do let us know how your broadband situation changes
over the coming week.
We may need to send you one of those little
you know my five dongles for you to yeah to dial in with next week 5g1 or something
yeah it's right no no they they give the rona so it'll just be a regular 4g1
so on the way out this week are you guys going to be um attending any defcon
events oh yeah it's free this week, isn't it?
I thought it was cancelled.
Well, yeah, really, really
well, it kind of really, really was.
No, but they're
streaming them for free, which I
thought was quite a
good thing to do, actually.
But I never understood anything that went on
at DEF CON anyway. It's one of those weird
things. When you're there, you feel like you're involved in a lot of stuff
and you come back and you try to write a post-conference report.
Yeah, don't try to write one of those.
No idea what's going on.
Yeah, absolutely.
It's so good for free Wi-Fi when you're there, though.
It's amazing.
It is.
This is true.
This is very true. Although you do get some funny emails at the end of it yeah
oh dear so uh yes this week is defcon week was black hat doing anything
or did they just cancel the virtual event as well i I've seen some posts on LinkedIn and stuff, actually.
Yeah, I should know more about this, but I don't know.
But there is something happening, yes.
Yeah, yeah. I'm not entirely sure how or where, but that's what Google's for, folks.
Find it out for yourselves.
We're not here to screen feed you.
Yeah, this is not something we just give you information for free, you know.
We're just pointing you in the right direction.
We're not going to do it it yeah yeah exactly and and on that um on that note
uh thank you very much jav appreciate your uh time and effort today you're welcome
and thank you andy stay secure my friends stay secure Stay secure. like that. Insert legal agreements here as applicable and binding in your country of
residence. We thank you.
Thank God that's over.
That was a bit of a
disjointed one, wasn't it?
That was painful.
My bad. Mea painful. That was painful.
My bad.
Me and Culper.
Yeah, absolutely.
Well, you know, they'll never know.
We'll stitch it together.
They'll never know anything happened.
You know, I'm so tired right now.
I still feel like I've woken up and I just noticed like quarter past 11.
It's like nearly half the day's gone.
Not done any proper work either yet.
Well, not that anyone noticed because they're all in America
and they haven't woken up yet.
But they will once they listen to this recording.