The Host Unknown Podcast - Episode 91 - Shorter Than The Average Podcast
Episode Date: February 4, 2022This Week in InfoSec (05:24)With content liberated from the “today in infosec” Twitter account and further afield30th January 1982: The first computer virus was written. Richard Skrenta writes t...he first PC virus code, which is 400 lines long and disguised as an Apple II boot program called “Elk Cloner“.3rd February 1986: "Vaporware" Announced. Time magazine reports on frustrations with the slow development of software for use in the computer industry. Reporter Philip Elmer-DeWitt complained about delays in Microsoft Corporation's new Windows operating system, which had been delayed much longer than promised. Silicon Valley pundits had taken to calling such software "Vaporware," the magazine noted.30th January 2007: Six years after the launch of Windows XP, the infamous operating system, Windows Vista, was released to an unsuspecting public. For various reasons, the launch of Vista was marred by numerous incompatibility, stability, and otherwise onerous problems. While Microsoft actually made Vista much more palatable after 2 Service Pack upgrades, the damage was already done. Vista’s reputation never recovered. Many wonder if this is why Microsoft so quickly followed only two years later with Windows 7. Rant of the Week (10:45)Execs keep flinging money at us instead of understanding security, moan infosec prosFresh from years of complaining about underfunding and not having enough staff to deal with problems, infosec bods are now complaining that corporate execs merely firehose cash at them without getting their own hands dirty or engaging with the problem.That's one conclusion that could be drawn from a Trend Micro study published yesterday. Around half of businesses surveyed are spending more on "cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "cyber risk management" means – possibly something about ensuring monitors are firmly bolted to desks. Billy Big Balls of the Week (16:55)How a US hacker took down North Korea's internet in a revenge cyber-attackThe blame for North Korea's persistent internet failures does not lie with the United States Cyber Command or any other state-sponsored hacker organisation.In fact, it was the work of an American man, who sat in his living room night after night, watching Alien movies and munching on spicy corn snacks—and periodically walking over to his home office to check on the progress of the programmes he was running to disrupt the internet of an entire country.US Hacker Brings Down North Korea's Internet After Latter's Attack On Security ResearchersFacebook says Apple iOS privacy change will result in $10 billion revenue hit this year Industry News (23:55)Social Security Numbers Most Targeted Sensitive DataFBI: Olympic Athletes Should Leave Devices at HomeBritish Council Students' Data Exposed in Major BreachData Leak Exposes IDs of Airport Security WorkersScottish Agency Still Recovering from 2020 Ransomware AttackFake Influencer Flags Hacking TacticsOnline Thieves Steal $320m from Crypto Firm WormholeHome Improvement Firm Fined £200k for Nuisance CallsGrowing Number of Phish Kits Bypass MFA Tweet of the Week (30:23)https://twitter.com/1MrStoner/status/1488941503049261059 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
okay so we gotta make this a short episode right because we're all up against it well we say that
and now we're gonna have the most most things to talk about today because it's a short episode yeah
it's it's like have you ever guessed have you ever had guests like they're coming in they okay i'm
off now and then you stand at the doorway for the next half hour chatting about stuff before they
actually leave that's what this podcast is going to be like. Well, no, you two can leave. I've got plenty of time to finish this.
You're listening to the Host Unknown Podcast.
Hello, hello, hello.
Good morning, good afternoon, good evening
from wherever you are joining us.
And welcome to episode 91-ish of the Hostile Podcast.
I know. What are we going to do when we get near 100? Are we going to have like an official
and an unofficial?
It'll be like the Queen's birthday, right?
Yeah, exactly.
Yeah.
We'll have a three episode celebration.
A three episode celebration. My God, I think that sounds like a punishment for most people.
Anyway, gentlemen, how are we? Jav, how are you, sir?
Fantastic, thank you.
Very good.
I thought we were keeping it short.
I was going to say, thank you for your contribution to this audio-only podcast. Andy, how are you?
Busy, really, really busy and completely caught off guard that
we are recording a day earlier than usual. Yeah, that's my fault entirely. I have to take the day
off tomorrow to attend a family matter, unfortunately. But yes, so we're recording a
little bit early and you two are up against the clock because you've got kids going to bed and
all that sort of thing, aren't you? And we've pulled it together at short notice as well.
I know.
I mean, it's literally, hey, you guys free now?
Sure, why not?
I know, absolutely.
So if the stories are a little less in-depth than they are ordinarily,
well, ask for your money back, I guess.
And would you even notice?
Well, yeah, that's right.
I think most people play it at three times speed anyway.
In fact, that's what you could do.
You know, we'll just speed this whole thing up.
That's it.
We'll record it faster.
Yeah.
Same amount of content as usual.
We're just going to record faster.
Problem solved.
We're just going to talk really bloody quickly.
Yeah.
You don't want those average podcasts.
You want the 7X podcast.
That's us.
7X.
Sponsored by Joe Rogan.
I thought it would be Red Bull.
I don't know.
Is Joe Rogan a 7X thing?
What's going on there?
Oh, I don't know.
He gets a lot of airtime, though,
so he's a good sponsor to have.
Oh, right.
Yeah, trust me on this one.
There's no such thing as bad publicity.
He needs to have us on his show.
That's what he needs to do.
The problem is, if we have us on his show. That's what he needs to do.
The problem is if we have him on the show, then your man, what's his, I forgot his name now,
is going to pull out from being our sponsor.
Paul, oh, the singer.
Gabriel?
No.
Peter Gabriel.
No.
Oh, the one that pulled his music from the old guy.
Yeah.
Oh, and the other one as well.
Well, at least both of them are sponsors
or even potential sponsors.
I don't know.
Have we got time, Tom?
How was your week?
Do we have time to go into it?
It was an emotional week, which I can't talk about.
I don't like to talk about it, mate.
But yeah, it was an emotional week.
But one high point was, so you know a few weeks ago
uh alabama um basically banned the book mouse by art spiegelman uh from school libraries
it's the it's the uh pulitzer prize winning a graphic novel about the second world war holocaust
where cats and nazis and mice are the jews and it's it's it's
a very good you know hard-hitting book very educational very accessible etc uh pulitzer
prize winning obviously and the state of alabama and the u.s banned it from the schools because of
its depictions of um violence and um hanging and things like that,
which tells everybody, you know, if that's what you're worried about,
you're banning it for all the wrong reasons, right?
And so I decided to buy a copy.
You know, I'd been aware of it for a long time. I just never got around to buying it.
And it took two weeks to arrive because it, funnily enough,
was number one on Amazon's best bestselling list all of a sudden.
So, yeah, that arrived today.
So that did, well, I say cheer me up until I started to read it.
But, you know, yeah, so that was, I was going to say, the high point of my week.
The low point, we'll just move swiftly on.
So, yes, let's see what we've got coming up today, shall we?
swiftly on. So yes, let's see what we've got coming up today, shall we?
This week in
InfoSec takes us back to the
origins of a phrase regularly used
to describe security
vendors' upcoming magic
products. Run to the week
is a story about InfoSec pros not understanding
how to talk to the board.
Who'd have thought it? Billy Big Balls
is the story of a man in pyjamas taking on
the Democratic People's Republic of Korea.
Industry News brings the latest and greatest security news stories from around the world.
And Tweet of the Week is a security career path advice.
So, without further ado, let's move on to...
This week in infosec
i should also say our favorite part of the show the part of show that we like to call
and why not i'm sure you can fix that in post, right? I haven't got time.
So it is that part of the show where we take a stroll down InfoSec memory lane with content curated from other people's hard work.
And our first story takes us back 40 years to the 30th of January 1982, which is before I was born, when the first or at least one of the first computer viruses was written.
A Richard Screnta wrote the virus code, which was 400 lines long and disguised as an Apple II boot program called Elk Cloner.
Now, Screnta already had a reputation for pranks amongst his friends. So in sharing computer games and software,
he would often alter floppy disks to shut down
or display taunting on-screen messages.
So due to his reputation,
many of his friends just simply stopped accepting floppy disks from him.
So he thought of methods to alter floppy disks
without physically touching them.
Did they also just exclude that toxic mother hubbard from their lives as well?
Yeah.
Well, so they said it was actually during a winter break from Mount Lebanon High School
in Pennsylvania.
He discovered how to launch messages automatically on his Apple II computer.
And he developed what is now known as a boot sector virus which then began circulating in
1982 amongst high school friends and he just refers to it as a prank it was just a prank bro
all i can say is uh dick scrinter thanks a lot thanks a lot but you know it reminds me of when
i used to work with a really um i say he's a very religious guy at the time when we first met him.
And by the time, you know, he sort of left our employer, he was some may say corrupted, but I'd say more of a man of the world.
But he used to trade.
What did you do to him?
Various things.
There's many things we did.
But so he came from a monastery before he came to us wow you know yeah so he was like hardcore he's almost uh gonna take a life as a
priest but um so we used to trade like bearing in mind you know he'd already lost his morals
in the era of downloading uh torrents and stuff like that so we'd always have tv programs and you know stuff
like that and we would trade tv series and movies and um so one time you know he left his removable
drive with us so obviously you know we copied off what we wanted and we maybe uploaded some stuff
that you know we thought he may be interested in and And I remember he said that, you know, he gave it to another friend,
you know, from his parish who called him up and said,
Baz, what is cotton panties for?
In terms of in the recommended movies folder.
I thought you swapped Saving Private Ryan for Shaving Ryan's Privates.
Yeah. Well, it's Privates. Yeah.
Well, it was all things like that.
And then we got to the stage where we actually,
because he was then checking for changes in terms of file name changes.
So what we had to do is then actually rename other files for that.
But anyway, I digress.
But these kind of pranks, right, I can see how this happens.
It totally gets out of hand. I digress, but these kind of pranks, right? I can see how this happens, right?
It totally gets out of hand.
But the title story we had was the second story,
which takes us back a mere 36 years to the 3rd of February 1986.
And this is when the term vaporware was inserted into the tech vernacular.
So Time magazine reported on frustrations with the slow development of software
for use in the computer industry.
And one of the reporters specifically complained
about delays in Microsoft's new Windows operating system,
which had been delayed much longer than promised.
And Silicon Valley pundits had taken to calling
such software vaporware.
I had no idea it was so early.
I would have thought it was early 2000s.
Yeah, I would have thought dot-com era.
Yeah, exactly.
We get a lot of shelfware as well.
Yeah.
I think sort of came past that.
But yeah, vaporware I thought was after programs basically started to become so bloated
that it just took a long, long time to build.
Yeah.
Well, we went through bloatware and then just McAfee after that.
Yes, bloatware.
Yeah, exactly.
Exactly.
But I never knew that.
I never knew that.
Yeah.
Interesting.
Excellent.
Well, thank you very much, Andy, for...
This week in InfoServe.
We are officially the most entertaining content amongst our peers.
For the time being, anyway.
In your face.
No, wrong one.
Wrong one.
Right.
Let's move on to...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
And you've guessed it.
I'll be taking this one.
This is one where I'm going to pretty much read the headline
and tell you exactly what I think. Because I did actually I did scan through the article, I have to say.
But I did not see anything that didn't surprise me at all.
But the headline was execs keep flinging money at us instead of understanding security, moan InfoSec pros.
I mean, guys, guys, girls, come on. We've gone on and on and on about getting the board to take us seriously.
We never get funded, etc. And we've also done a really, really poor, poor job of actually educating them.
And the moment we seem to be making some headway, we're starting complaining again. Now, obviously, this could be the journalistic slant on things,
you know, the moaning of InfoSec pros, for instance.
But don't let the truth get in the way of a good story, though.
Never.
Or a good rant.
Never, never.
Although the link is in the show notes to the story.
You know, there isn't much difference to what I'm saying there.
But really, what the moan is, is that actually all we're getting is money.
We're not getting buying.
And in fact, there's a really interesting statement in there that said,
back in the mid-2010s, wider IT industry thinking was that there needed to be
a C-suite champion for security rather than the CIO or CISO, both of which begin with the letter C.
Now they are not actually showing the value that they should be bringing to an organization and to the CISO and the CIO relationship just yet, but there should be so much more communication. And the
fact that if you are getting more money, then you can actually use that money to start working on
much, much better awareness internally, because you've got to show a return on investment on that money.
So if they're flinging money at you and then, you know, not talking to you, you're not doing a very
good job of reporting back up and showing where that money is being spent and why it's important,
et cetera. So I find this astounding, astounding that, you know, oh, we're getting loads more
money, but nobody's still, you know, but we're still not getting the respect we deserve sort of messaging here.
So, yeah, I find this absolutely, absolutely mind blowing.
You know, I, I, I, I hearing the words,
I still don't get what the rant is exactly, but, but, you know,
it reminds me though, you know, of, I believe it was Andy Andy Ellis who might have said this at RSA one year in a talk.
Yeah. And he goes, I never ask finance for budget for the security team.
I'll always borrow away or try to work with my peers across the industry because so.
So it's like, hey, if you can do this for me, I'll lend you a resource for half a day or something like that.
Because if you borrow money from finance, they will remember it,
they'll never forget it. And they'll ask for it back, or see some return on investment at some
point or another. So it's far better to barter with your peers, as opposed to that. So I think
that there's that element that you touched on as well, like, you know, you take the money,
and now you're held accountable for it. But you know i don't blame the execs necessarily you know people are going to
them saying the sky is falling the execs at all the sky is falling so they're like here's some
money make the problem go away yeah that's right what do you expect you know if you're if you're
fortunate enough to have a relationship with them then it's it's on you that they may not be understanding it exactly
exactly and maybe and this is a term that i know andy's very familiar with with with some of his
former execs plausible deniability take the money insulate them allegedly allegedly al it's allegedly but yeah exactly
it's like be careful what you wish for
oh we want to be listened to more
and get more money and more resources
oh we've got more money and they're not listening to us
you know
I find it very bizarre
the article is on El Reg
so it's obviously written
in a certain style as as you can imagine.
But I think I
just...
I don't know.
You know what really grinds my gears?
Oh dear.
Yes. Yeah.
So Andy, any thoughts?
No.
I actually thought the headline was a bit,
I thought maybe it was Jav at first saying,
oh, people keep giving me money instead of, you know.
Yes.
Yeah, before you came on the call, I asked Jav how his day was
and he said, oh, it's been really good.
I said, well, I've given you another pay rise.
Accidentally rolled out of bed, got a pay rise yeah it's wrong
such haters man just because i do a good job and i and i'm recognized and rewarded for it
yeah you know yeah i'm just like what you guys are getting paid yes right no that's my line
oh excellent thank you very much that was this week's Rant of the Week.
This is the Host Unknown podcast, the couch potato of InfoSec broadcasting.
Jav, it's over to you now for this week's Big Mails of the Week.
So North Korea last year was very aggressive in hunting down some security researchers and what have you. And, you know, so someone took it upon themselves to go all John Wick, except less cooler, more like a Homer Simpson by the description.
Is it like Kim John Wick?
cooler more like a homer simpson by the description uh is it like kim kim john wick yeah so uh so north korea's been having persistent internet failures and uh it was in fact the work of an
american man who sat in his living room night after night watching alien movies and munching
on spicy corn snacks and periodically walking over to his home office, checked the progress of the programs he was running
to disrupt the internet of an entire country.
Was he picking up the phone to North Korea?
And then Kim Jong-un is on the other end going,
Mom, put the phone down!
So apparently, North Korean hackers
talked to him just over a year ago
in an attempt to gain knowledge
of some undisclosed
software flaws. But this researcher, who we only know as P4X, began disrupting servers located in
the DPRK in retaliation. So he claimed to use unpatched vulnerabilities and launched some DDoS attacks and what have you.
But, you know, if this isn't a Billy Big Balls move,
like, you know, someone just sitting at home saying,
I've heard it, I'm going to take down a country.
The country's internet is down.
Yeah, exactly.
I think it's just, it's just,
obviously there's probably some creative liberties taken with the descriptions and the way it's just uh obviously there's probably some some uh creative liberties taken with the descriptions
and and uh and the way it's written but you gotta apparently the snacks were not spicy
yeah they weren't spicy enough uh so that was that story and i do have a follow-up from a previous
billy big balls that we've done because we are that kind of show. If you go back to episode, I can't remember what number.
Tom, insert it in post, please.
I'll do it.
Episode 19, 20, 21, 22, 23, 25.
We'll get it.
We'll get it.
Okay.
If you remember when Apple changed their permissions on iOS
where it would ask you
whether you wanted the app to track you or not.
Yeah.
And Facebook was very vocal about it.
Other smaller players were,
but Facebook was the biggest one about it.
But, you know, at that time we said
that's a Billy Big Balls Moves by Apple.
They're really taking privacy seriously.
They're giving people the option.
Yesterday ornesday this week or wednesday the 2nd of february let's say that depending on whenever you're hearing it 2022 uh meta or facebook uh had their earnings call and uh there's a CFO, Dave Weiner, said that.
You said Weiner.
Weiner, W-E-H-N-E-R.
I don't know.
He was asked a question as like how much of an impact
has it's having?
And he goes, probably in 2022, we're looking at the order
of $10 billion.
2022, we're looking at the order of $10 billion.
So that just goes to show how much your personal data is worth.
Yes.
Well, it also goes to show that they're not just, you know, it's because of the lack of tracking that they can give back to the advertiser, isn't it?
They're still selling your data.
The user experience hasn't changed that much but because they can't give that that data they're all about
extorting money as much as they can from uh from from the advertisers but uh but what was but that
data is worth that amount of money which are now not allowed to to to give they're not allowed to
give that data therefore they can't get that money for it. Yep, yep.
Episode 63 it was, and I think, yeah,
I think we said at the time we broadly agreed with it
and it was the right thing and business practices
had to change.
But it's really interesting to see a financial figure on it.
Yeah.
Although it wouldn't surprise me if Facebook
overinflated it a little.
Well, it's not in their benefit to do that and they also have uh additional issues with uh so i
think this is a first month since they launched that their subscribers have actually they've lost
subscribers that's never lost subscribers before they've always grown um but yeah i'm saying this
month is the first month since launch i mean and
they're saying it's you know they're not not keeping up with younger people yeah yeah people
like me aren't attracted to so on the call they actually spoke a lot about how they're moving to
reels and stories yeah uh so they're trying to get those ideas yeah yeah and and also one of the
analysts asked a question and zuckerberg agreed that they're trying to.
A lot of this is aimed towards more general publishing as opposed to only sharing them with your friends.
So it's it's there's a lot of things changing there in that regard.
But what was actually a fun bit of trivia before I wrap this up and we move on.
what was actually a fun bit of trivia before I wrap this up and we move on.
Zuckerberg, when he was in high school,
his dad offered him two options.
And I haven't had time to fact check this,
but it's so good that I have to say it.
Just share it. We don't care.
So he goes, either he says,
I will pay your tuition for a Harvard degree
or I will give you the funds needed for a McDonald's
franchise. And he did neither. And he dropped out of Harvard to run Facebook. And after his call
yesterday, because of the share price drop, his net worth fell 29 billion. So the lesson is listen
to your parents, kids. That's a very Asian piece of advice there.
Yes, it is.
The thing there as well is that, you know,
oh, he's such a self-made man because he took neither of the,
you know, neither of the deals there.
The fact that his father had the kind of money behind him
to give him that amount of money in the first place
tells you that Zuckerberg knew he had a massive cushion
to fall back onto. Yeah, but it's just a small loan of a million dollars, right? It's not...
That's what I said to you and you still said no.
Jav, thank you for that and the Real Deal Insight on Facebook.
Billy Big Balls of the Week.
This is the Host Unknown Podcast, home of Billy Big Ball Energy.
So, Andy, the sun's getting real low we're gonna calm getting low big guy big guy exactly
we're gonna calm down we can't see exactly where we are in the world at the moment because we're
recording at a very odd time but uh you know do you know what time it is uh let me check the time
for you there tom oh it's that time me check the time for you there, Tom.
Oh, it's that time of the show where we head over to our news sources over the InfoSecPA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
Social Security Numbers' Most Targeted Sensitive Data.
Industry News. FBI.ic athletes should leave devices
at home industry news British council students data exposed in major breach industry news
data leak exposes ids of airport security workers. Industry news. Scottish agency still recovering from 2020 ransomware attack.
Industry news.
Fake influencer flags hacking tactics.
Industry news.
Online thieves steal $320 million from crypto firm Wormhole.
Industry news. million from crypto firm wormhole industry news home improvement firm fined 200 000 pounds for
nuisance calls industry news growing number of fish kits bypass mfa industry news wow huge if true
huge if true
I've never heard of the
firm wormhole I always thought
wormhole was what happened when you
fell over in the sand with an erection
oh dear
I thought you were going to go with the Star Trek
reference but hey
oh boy was I wrong was that the one from I thought you were going to go with the Star Trek reference, but hey, you know.
Satan's anus.
Was that the one from Thor Ragnarok?
Was it called Satan's anus?
Oh, dear.
There was one here.
Which Scottish agency is still recovering from a 2020 ransomware? I don't know.
You know how some people get long COVID?
This sounds like a long ransomware. I don't know. You know how some people get long COVID? This sounds like a long ransomware.
But you know what?
It's because the Scots are so tight,
they refuse to pay the ransomware.
They said they'd restore from backup,
and it's still going.
Oh, dear.
And the other one about, you know,
FBI Olympic athletes should leave devices at home.
This is old news, surely.
I think this has been around a while.
Or it's just not died out.
Yeah, yeah.
Yeah, because this was stated certainly in the UK press
about three-plus weeks ago, right?
So it's, I mean, don't get me wrong, Andy,
I am not questioning the validity of your industry news gathering there,
but it seems like this is a story that's just not going to die.
Yeah.
Well, I mean, you know, we're federating our news sources at the moment.
You know, we don't have an InfoSec dig.
No.
So it's gone out to, and you know what,
your mileage may vary in terms of quality.
So maybe this is a new angle on it if
only we were to click on the link and find out but let's not worry about that
so so if if the fbi are asking olympic athletes to leave their devices at home how are they going
to track them yeah because they'll give them they'll say and give us your number just so we know just so we don't have
to get hold of you well to be safe here's a device we've uh here's a clean device we've
prepared for you yes yeah here's one we prepared earlier take this bit so the one i was looking at
was this uh this story about a fake influencer flagging hacking tactics.
And it was a company called P Cloud basically set up a fake account
on Instagram and sort of like posting messages saying,
hey, it's my birthday today and sort of posting balloons
that spell out her age.
And then other people sort of gave away, you know, like these things,
you know, what's your porn star name, the street you grew up in
and, you know, your mother's maiden name.
Yeah.
And that's what it is.
It sort of really just captured people commenting on stuff like that.
Oh, and, yeah, doing things that they were doing,
like a fake one of dining in the restaurant with a credit card
on the table revealing her bank details.
So it was all just like an educational thing.
Educational, yeah.
Oh, right.
I might have to click on that and have a look.
Or maybe that's the deal.
That's the deal.
That's how they get you.
Yeah.
By listening to dodgy podcasts and recommending links.
Yeah.
That's fascinating.
That's a really good way of educating people, actually.
Although somebody can then, of course,
trawl that particular influence site
and get all the details of porn names and stuff.
Yeah, although, do you know, I will say they used the,
I think they may have inflated the influencer status.
567 followers.
Right.
Okay.
Okay.
Yeah.
Yeah.
Not influencer, more a…
Marketing team justifying what they spent the last year doing.
Yeah, that's right.
We more than tripled our follower account based on doing this new activity.
Engagement increased 500%.
500%, yeah, that's right.
Oh, dear.
Excellent, excellent.
Thank you, gentlemen, for this week's Industry News.
The Host Unknown Podcast Orally delivering the warm and fuzzy feeling
you get when you pee yourself
And talking of peeing yourselves
I think I do that every week
It's time
It happened twice, right?
Twice for crying out loud
And talking of twice
Here's this week's...
Tweet of the Week.
Which we always play twice.
Tweet of the Week.
And this one's me.
And it's a bit of a doubler here.
All in one for the wrestling fans who listen to this podcast
because I know you're there.
There is a gif embedded in this tweet of Mr. Rick Flair,
the nature boy.
So as I read this, the tweet is from a mr stoner and it simply says there are no cyber security career paths it's a choose
your own career adventure take the reins take the wheel and take control of your career. Woo! That is one limo riding kiss stealing.
I don't get it.
Son of a gun right there.
Tweet reading son of a gun.
I don't get it, but I believe you two.
But I think the message here is good.
Because you often see these are the typical career paths.
You become a sock analyst or you know
pen tester or pen yeah yeah you work your way up to see so all of a sudden and i just don't think
that's true at all because that always focuses on these sort of technical jobs that go through a sock
yeah or you know this and security is so much more than that right it's a broad church it is like i
mean my own personal you know roles that
i mean you know i'm i'm client security right a dedicated role to talk to clients about how great
security is and um you know security on uh diligence on acquisitions and things like that
right it's you know sort of almost like consultancy but there's assessments on site and risk management.
It's just such a broad spectrum.
Would you say you're a bit of a client security advocate?
I would never use the word advocate because I actually do work.
I'm very aligned with the business and everyone understands what value I bring to the table.
what value I bring to the table.
But do you know what's funny is that, you know,
you were saying that about, you know,
you get to see so through all of these technology roles and all that sort of thing.
And yet we always hear that technology is not the answer
to your security problem.
And also, I don't know.
I don't necessarily know a lot of CISOs that have arrived
through a technology role.
No.
You know, it just seems to be on flow charts and things.
Well, yeah, exactly.
PowerPoint and politics, as I keep banging on about, right?
Yeah.
If you're good with PowerPoint, you'll make it.
Yeah, exactly.
Exactly.
Well, allegedly.
Allegedly.
Excellent.
Thank you, Andy.
Tweet of the Week.
We have crashed headlong into the very end of the show.
Gentlemen, I think this is a record.
I mean, we've still not even got 35 minutes on the clock
and I haven't even got my editing hands on this.
Wow.
So, yeah, for all of our listeners,
apologies for the slightly shorter show show you can apply for a refund at uh the very fine chaps at host unknown.tv
we reserve the right to read out your email next week uh but yes we're well two of us are very busy
people and i've got lives to lead so uh we need to get cracking but gentlemen thank you so much
for your time contributions contributions effort and uh well something else that you put into this
jav thank you have a lovely weekend thank you very much uh you too uh although tomorrow is a friday
it's still a working day for some of us yeah the weekend starts after that indeed indeed yeah but
when people listen to this,
when they listen to this,
it's like the power of TV, you know.
Graham Norton is recorded on a Thursday night
but released on a Friday.
So you're saying we're like the Graham Norton of podcasts?
Yeah, just without the success or money.
I'll take it.
Yeah, exactly.
Andy, thank you very much, sir.
Stay secure, my friends.
Stay secure. You've been listening to the Host Unknown podcast. If you enjoyed what you heard,
comment and subscribe. If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever. R slash smashing security.
So what is that thing that you really can't talk to us about, Tom?
What was that thing that you were saying that you can't talk to us?
Oh, yeah, yeah, yeah.
So just the other day.