The Host Unknown Podcast - Lucky Number SLeven
Episode Date: May 21, 2020Professionalism is so last week. This week we start as we mean to go on... badly. This episode features Trump, EasyJet (an airline, who knew?), and the Verizon DBIR. Special guest star Shan Lee (@sec...waza). Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Hang on, I've just got to arrange my desk
so I can do all these jingles.
Actually, that's a good point.
I'd better open up this packet of Haribo
so I'm not rustling.
I'm not rustling when...
Oh, my God.
Damn, it's all green and black.
Did you open your 10 Amazon packages?
I haven't, but I will do.
Guys, it's the intro music.
Okay.
We'll catch up after.
You expect me to talk to you after this?
You're never supposed to crash the jingle.
That's the golden rule of podcasting.
Well, had you counted us in,
you obviously just got bored with us talking.
You're talking about Haribo,
for God's sake.
My favourite subject.
I thought, you know,
last week we were all
professional and everything
and this week we can't even
get through the opening jingle
without you crashing it.
Well, if you had timed
the jingle properly.
Hey, if you'd stopped talking.
Mind you, asking you to stop talking is like trying to stop the wind from blowing.
Or in your case, sucking.
Right, so what have we been up to this week?
That's my line.
So, welcome, gents.
Welcome, Andy.
Again, you catch me just as I'm swallowing that.
Okay, that didn't sound right.
Andy, stop swallowing.
No, no, that's right.
I had a mouthful.
This is not smashing security.
We're not doing that kind of podcast.
That type of smutty humour.
No, absolutely.
Talking of which,
Graeme's going to be coming on the podcast at some
point. Excellent. With his lawyers?
Yeah, once he's consulted his
lawyers, he's going to come on.
Why not get Carol on there? See, again,
there's you with your casual sexism.
Smashing Security
is just as much Carol's podcast as it
is Graham's. And yet,
your first instinct to invite
someone is Graham.
Well, you know what? I talked to Graham. He said, yes, he'd come on. You tried to phone
Carol, what, three times and ask her to do a segment for us? Silence. What can I say?
You know, we only get the people who are stupid enough to actually come on and answer us.
So, Andy, what have you been up to this week?
Besides eating, not too much, although I do have a correction.
Last week I did mistakenly get a mini rant going on about how I shouldn't be paying import duty
or customs tax on PPE, which I had ordered from Hong Kong.
And it turns out that you actually do have to pay it
unless you are a registered company,
which is registered to provide services to the health industry
or resell PPE to the health industry.
Well, you could do that,'t you i could but you have
to register prior to ordering uh unfortunately it's like they've closed all the loopholes i know
and it's going to sting because i've got another six orders coming
it's not just the uh like so be fair, the customs tax is pretty low.
What I don't like is Royal Mail add a handling fee to every single package.
Not cool, Royal Mail, not cool.
No, it's not like they're a private corporation
trying to make a profit, is it?
Well, I mean, just in this case, what are they doing?
So there's a customs fee.
Why do they pay it on my behalf and
then hold on to the package and charge me three times what that customs fee is um yeah not happy
about well there's there's bank fees for paying it there's storage fees there's labor enough with
the logic not interested it's like all these websites you go to and you want to make a payment
like ticketmaster for example and it's like here's
my credit card it's like well there and there's a two pound handling fee on top of it exactly and
the and the uh ticketing fee as well would you like to have your ticket sent to you for seven
pound fifty or would you like to print them at home for three pounds fifty and that seven pounds
fifty comes in a uh 3p envelope with uh you know, a pound worth of stamps on it.
Yeah.
So luckily it's not something we would ever do.
No, no, absolutely not.
So Jav, welcome to the show.
Thank you very much.
How are you?
How's your week gone?
My week's been fantastic.
The opposite of Andy.
I've not been eating.
It's the last week of Ramadan.
So by next week I should be a lot happier.
And you can hear me rustling through like opening packets of Haribo's or whatever.
You're going to be unrecognizable.
Exactly.
Exactly.
But other than that, I took on a consulting project to try and revamp the hosts on our website because it was extremely stale and um i made some
fantastic progress with it i'm sure you'd be pleased to know yeah you do ask a question at
this point um jeff is your home network bandwidth also fasting at the moment um or is it just my ears hearing that sort of fading voice that you've got.
I don't know.
Tom, do you hear something wrong with my...
Yeah, I think your gain's up too high and you're a bit echoey as well.
We can hear you.
Yeah.
Yeah.
And you've got that sort of terribly sort of whiny pitch to your voice as well.
Oh, my God.
No, no, that's not a technical thing, Tom.
That's a jab.
Oh, okay.
Does this sound any better?
I've turned the game down.
Okay.
Well, why don't you say something without putting your face up to the microphone?
Can you fix this in post?
Yeah, yeah.
I can't fix anything when it comes to you in post.
Fix everything in post, man.
All good. You know, I want the morgan freeman filter this time
so you're saying jeff you took on a project to revamp the host online website and what does
that look like these days it looks fantastic um it does there's there's uh we we got rid of, we had a rant banner on there from 2014 that we finally got rid of.
There's links to all of our blogs on there.
There's links to our podcast there.
There's YouTube.
There's even a section for sponsorship.
So if you are an individual who wants to give us money, if you're an organisation
who wants to give us money, you can do so easily and conveniently online and we will not charge
you a £7.50 handling fee. No, we'll just charge you £10 if you go to the payment thing on the uh landing page that sounds excellent what value for money
it is it is and there's there's personalized payment options um it's uh you know one for
each of us so andy yours is all about haribo obviously excellent um yeah and we've got our
podcast pages so yeah we mentioned we were going to be doing some
re-architecting on the podcast so we've re-platformed that that seems to have gone
without incident and both our listeners didn't complain so we're good there we've got a youtube
site up on there and we're just going to be messing around with the insta as well over the next few
weeks um so yeah we will be entirely multi-channel folks
now we just need to start posting some content on it yeah i was gonna say the low yeah low number
of listeners was probably a good thing as uh you guys know that uh after i listened to the podcast
last week um it took us straight into a podcast that we were following the very first
thing they opened with was it's the podcast that's looking to bring slavery
back which is not something we were prepared to be associated with without
financial compensation exactly that's the algorithm that follows tom around
charming the best part was well a good thing was that was the old platform that we were using
and the fact that none of us had followed that podcast or any of the others there was something
like 22 other podcasts that we were following in inverted commas um so that's what you get for uh leaving the password is a password
one two three four well and and also that was when we were on the free plan so of course they
take liberties with um uh with your account don't they so uh so yeah here the lesson folks here is
if if it's free then you are the product product, and then you get associated with slavery. Speaking of podcasts, actually, I just saw this news article today that,
you know, the Joe Rogan podcast, hosted by Joe Rogan.
It's signed a multi-year $100 million deal with Spotify.
So by the end of the year, the podcast won't be available anywhere else other than Spotify. So by the end of the year... What? By the end of the year,
the podcast won't be available
anywhere else
other than Spotify.
Well, that's ridiculous.
That's like buying
a Disney Plus membership
just to watch The Mandalorian.
Who would do that?
Exactly.
But actually,
it's really interesting
because that values Joe Rogan higher than any other musician on the platform in history.
Wow.
And he's not even a musician.
He's not even a musician.
He just does a podcast where he talks to weird people.
I mean, he talks to some interesting people.
I only followed him initially because of the ufc and he's a
commentator on there but and but then he's invited like crazy conspiracy theorists on his podcast
right wingers he smoked a joint with elon musk um oh that fella right the joe rogan podcast
yeah i've never listened to it but i had heard about okay elon musk smoking yeah so i mean
every now and then it will show up on youtube recommendations and their video clips there
which are more interesting sometimes because you get to see the people who like he done one with
mike tyson that i thought was was amazing because mike tyson is just such a unique individual
but um yeah i think he's as mad as a box of frogs is what he is yeah which makes him
a unique individual
but I thought it was
just really interesting
I don't think it's got I think it's a bad
investment by Spotify to be honest
I don't think
I think he gets a lot of viewers and he's
well known and what have you but he's
not going to be able to translate
that into spotify subscriptions
i really don't think so but we'll see yeah yeah i i can't see that myself either i have to say
but we'll see i mean that yeah and the point is that spotify for less than 100 million
you can buy this podcast too
and that's your key for running the sponsorship jingle tom for less than 100 million, you can buy this podcast too.
And that's your key for running the sponsorship jingle, Tom.
Oh, sorry.
Yeah, sponsorship jingle.
Jeez, I can never find the damn thing.
Oh, here we go.
Host Unknown, sponsored by...
Joe Rogan Podcast.
Spotify. Oh, dear Spotify Andy's messaging
us to say put our phones on site
I feel like I'm the only grown up
here sometimes
I'm hearing these dings and like
bells going off in the background it's like guys
be professional here
a professional one was last week
just to wrap up Tom how are you doing this week?
Yeah, good.
Good.
I had a bit of a technology headache last night after having dealt with both the host unknown website and the podcast site and the DNS for both the podcast site and the domain and then the email so we set up a new
email service so um i've been a bit sort of trigger happy with the company credit card
and um good time to be doing it as well in the middle of the pandemic oh my god
tell me about it the sooner those sponsorship buttons start clicking the better and it's
certainly sounding like you stepped out of your microsoft front page comfort zone
and sort of getting a bit more involved do you know what if finally the i mean wordpress is
pretty friendly i mean it works but it's a little bit quirky in some ways. And as Jav rightly said, it was a bit stagnant.
I mean, it wasn't even delivering HTTPS for a start.
And the domain was managed outside of WordPress, et cetera.
So I had to brush off a few DNS skills and a few HTML skills here and there,
plus the podcasting and working out how the rss feeds work
across the diff all the different platforms so we're distributing the podcast into like seven
or eight different platforms i think um so yeah it was um my head hurt a little bit
distribution whether they want it or not right right? Oh, Christ, yes.
And then, of course,
there's Jav giving his advice in the
background.
You know, it was
challenging.
You know, I've worked
for some very difficult
clients in the past,
but yesterday was
probably one of the
toughest days.
But look at the output.
I think this has been
a good learning
experience for you.
Development opportunity.
You can bring it up in our annual review.
It looks awesome.
What can I say?
Very, very pleased with it.
Very pleased with it.
So yeah, that's that.
And released the first episode of season two
of The Lost CISO
and then released a blog today about it.
So my sort of social media marketing campaign is just kicking off.
Got some more, got another video in the can, which I need to edit.
So, yeah, it's all very busy at the moment.
And today I've spent most of the day on the phone.
Sorry, what?
What a productive week you're having.
Oh, my God, I'm on fire, I tell you.
Everything, you know, it's
good. If only
I had some work to put some of this energy
into.
You know. But
enough about me. Do you know what
I think we should talk about?
He scrolls up
to the show notes.
I know what we should talk about.
Show notes, I know.
Shut up, you.
Rant of the week.
So, Jav, I think you had a rant of the week.
Yes, I do have a rant of the week.
I thought I hadn't done a rant, so I might as well.
I'm usually the most level-headed one here.
Sorry, I thought I was on mute.
Thanks.
Anyway, so yesterday, and this is being recorded on Wednesday,
the 20th of May, 2020.
Yesterday, Verizon released their annual VDBIR.
And no, Andy, that's not an std that's the verizon data breach incident
report and sorry what was the what did the i stand for incident i'm guessing investigations report
i just quoted them up okay it's It's just the VDBIR.
That's what we know.
I'm glad you're going to rant about this
because nothing better than ranting about something you can't even pronounce.
Don't tell me you just saw a tweet from them
and didn't read the report and you've just decided to rant about it.
No, I've read the report,
and it's one of my favorite security reports every year.
Ever since Alex Hutton did it.
Yeah, they've had some great people
on the team
and even now the team is second to none.
And I think it's not a rant
about the report,
but it's a rant about how bad it makes everyone else look in the security industry.
And, you know, we see a lot of reports go out every week or so.
You go on and some vendor has or some consultancy or some individual has put out some form of report.
And it feels as if like people don't learn a lot from or anything from the Verizon report. And it feels as if people don't learn a lot from or anything from the Verizon report.
I mean, one thing is, I think there's a few things that I think they do really well. First of all,
they're consistent. I mean, this is the 13th year they've been publishing this report. That's longer
than a lot of Silicon Valley companies survive as private entities as well. So there's that to it.
But a lot of companies will just throw out one thing and it's decent and then you never hear
from them again. The second thing is they've really worked on and built up a circle of trust.
If you look at all the contributors there, there are like two, three dozen external contributors
to the report. and these are just
the ones they can publicly talk about a lot of them are vendors some of our government bodies
and what have you uh and they've shown they've demonstrated look we can take your data we'll
respect it we won't leak it we won't you know shame you what have you but here's the format give it to us and we will do some data sciencey stuff with it
also the fact that they don't put the report behind an info wall there is an optional part
where you can put in your details but you can download the report for free which nobody else
does i think that's a really important element and i cannot imagine how hard the Verizon team must fight internally with marketing to keep it open like that.
So thank you so much to the team that does it because, you know, it's good data and it needs to get out there into the hands of the people that actually need it.
And a lot of people are just put off. But when when it's just turned into a cheap marketing grab for leads. And finally, I think the biggest thing is that they're very, very transparent in
their methodology. It's comprehensive. It stands up to scrutiny. It's not a, hey, I've done a
survey of like 200 people and 100 said that they're short of staff. Therefore, there's 50% skill
shortage across the globe. It's not one of those kinds of methodologies. Actually, backed by
science, they give a lot of the data there. And also within the commentary, which I know a lot
of people gloss over because the charts are so pretty, but there's also a lot of debate and
dialogue in there about why a certain chart might be wrong or why
there are some other considerations to consider, other factors to consider.
So it's not all is what it seems. So I think it's overall, there are so many strong points to it.
And the rant is that not enough other vendors or people doing research
actually take into account any of these things. And I think even if you just pick a few of these
things, not everyone's going to have the data or the resources to put together something like the
VDBIR. And that's not what I'm saying. I'm saying, try to be consistent, try to build up trust,
make it open, have a strong methodology and call out the bits where you think where maybe some of
the data is wrong. I know that takes some balls, but just do it. And collectively as an industry,
we should be bringing up the value of the reporting that we do and the data that we present.
I was going to say that was more of a Billy Big Balls than anything else, I thought,
than a rant, but I think you make some very than anything else, I thought, than a rant.
But I think you make some very good points there.
I mean, they're extremely well respected in the industry,
that's for sure.
Can you just change the...
In post, just change it so it's a Billy Big Balls,
not a...
No, I'm not going to do that
because we've got a great Billy Big Balls this week.
It involves a word that I can't pronounce.
It's sort of the V-D-B-I-R.
The V-D-B-I-R.
Yes.
Yeah.
So, well, very good.
That was almost a monologue, Jav, I have to say.
So, thank you very much.
Rant of the Week.
So after that rant of the week about the VD, whatever it is,
I think the most important point you brought up in that, Jav,
was the fact that they don't put it behind a paywall or a registration wall because
that puts me off downloading
90% of anything
that's available because I know
it's just going to result in
a bunch of emails asking
for phone calls and stuff
for a report that I haven't even seen
if it's even of any use to
me yet.
I mean, let's face it, half the stuff that's produced is just vapid nonsense,
you know, sort of very thinly veiled as a white paper
when it's just, you know, some marketing diatribe.
Yeah.
But would it generate as much spam as um a conference oh we're taking that out i'm
telling you now time to move on that's that's that's that's biting the hand that feeds me
bleep it out thanks jav thanks jav yeah on that bleeping out i think we can move on to
industry news Yeah, on that bleeping out, I think we can move on to...
Industry News.
Trust in data and metrics processes causes security headaches for financial services.
Industry News. Responsible cyber announces identity acquisition and new shareholders.
Industry news.
Remote workers often not provided secure tools.
Industry news.
Thanks, folks. That was fascinating. And that was this week's...
Industry news.
I think we got three new stories this week, didn't we?
I don't know.
That last one sounds familiar.
I do think we...
Always get deja vu.
Yeah, there's deja vu.
Yeah.
Although I think Jav forgot to put his glasses on this morning
because he's having trouble reading.
It's later in the day
than normally so my blood sugar level has dropped dangerously with all this fasting
i honestly was waiting for you to stumble over every single word in that as you were finishing it
i mean it took all the gravitas away from our, you know, really in-depth analysis of industry news.
See, folks, this is what casual harassment looks like.
It just starts off with making fun of people because of maybe a disability or maybe because they're fasting or, you know, not showing any empathy towards them.
Maybe I've got a speech impediment
that I've been overcoming since the age of 12.
We're helping you with your confidence to deal with it, Jev.
Yeah, you've got something impediment, that's for sure.
No, impotent, impotent was the word.
Oh, sorry, yeah, yeah, that's right, that's right.
I thought I gave you something for that, Jev.
Oh, well, it could be worse.
I could be laying claim to a whole day's worth of work that actually i didn't do but there you go oh he's gone quiet now andy
i think we've upset network connection it's uh it was sounding dodgy anyway he's gotten out yeah it
was yeah yeah that's true so i guess uh what do you want to do do you want to check out some tweets
of the week yeah have we have we got tweets of the week?
Yes, we have.
Who's doing a tweet?
Are you going to do the tweet of the week?
I mean, I'm happy to do the Billy Big Balls,
if you want to hear that one.
And then we can argue over text over who's going to do a tweet of the week.
Okay, I'll tell you what, I'll do tweets of the week,
even though I'm wholly unprepared for it, but here we go.
Tweet of the week.
Tweet of the week.
So this week it's definitely not something about Jav.
It's about something that's, well, I was going to say even larger
if that's possible.
In fact, I'd say this is tweets
of the week all about easyjet and there are nine million records being hacked that's a lot um
although as i understand always connections back although as i understand it um originally it was
2000 records back in what was it march or apr April, something like that. And 2000 records, but nobody
was being informed of it and things like that. And I think we're seeing a lot of the, well,
I think there's a couple of things here. One person was saying, don't hassle the security team.
You don't know what's going on inside the organization, etc. You know, just because millions of records have been hacked doesn't mean they're incompetent or anything like that.
Consider their mental health, etc. of basically minimising or trying to minimise the damage that's been done consistently
and putting out false statements that you're not entirely sure are true,
or rather putting out statements that you're not sure are true,
and then the situation just getting worse and worse and worse.
It's a little bit like the TalkTalk incident, for instance,
with advanced attacks
and stuff like that and in fact i think didn't they didn't they say it was uh it was the result
of a uh a sophisticated yeah okay yeah sophisticated attack yeah yeah my money's on sequel injection
um you know or something in the os top 10 um so it's going to be, you know, 40% chance it's SQL injection,
40% chance it's cross-site scripting,
and another 20% chance it's one of the other eight.
It could actually be an insecure,
just a public AWS S3 bucket or something like that.
Yeah, yeah, exactly.
Exactly.
You know, but I think it does smack a little bit of how not to handle an incident at all, you know, without transparency, you know, without, you know, without offering support. by EasyJet around how they can recover their losses,
what support EasyJet's giving, et cetera.
So, you know, have you heard or read anything else?
Well, I know that you're not familiar with EasyJet anyway.
I know it's not an airline you're familiar with.
Oh, it's an airline.
You probably see those people dressed in orange uniforms around the airport um you know as you go
into the lounge it's um that would be the airline they're not dutch people i thought the ones you
know no i thought the ones in orange were the ones on sort of prison release doing you know
picking litter from the runways and stuff like that yeah uh so no i mean i'll be honest i don't know much about
this i saw the alert when it came through um straight away i thought there's going to be
mention of a sophisticated hack at some point um but do you think the i know it uh did occur
earlier on and you know they've obviously handled it badly Do you think it's been made worse with the pandemic in terms of communications, how they access customer data,
who to communicate with?
It's probably made it harder for them to coordinate
their instant response.
But then again, it shouldn't do.
Instant response plans can be run over a you know a video you know a virtual
video conference or not virtual video conference like a virtual war room or you know virtual
conference room very easily and in fact that's probably the most effective way of doing it anyway
uh especially as these things are often you know 24 by 7 for a you know a number of days or weeks
so it probably has made it worse but i but I think what that actually does is underscore
actually how they're not prepared for managing an incident properly.
The security team may be on the ball, as it were,
but it's the overarching organisation that's probably not invested enough in PR communications, crisis communications, even running tabletop exercises and that sort of stuff.
They probably, you know, most companies don't because they're hard and they're difficult to schedule.
they're hard and they're difficult to schedule uh in fact i think i talk about that in one of my lost cso series but uh um you know i but i think yeah it's exacerbated by and really emphasizes
uh a lack of um proper crisis management yeah and i guess looking worse following the british
airways and previously cafe pacific breaches as well. Within the industry, you think, okay,
you've kind of heard this is the third go now.
You're still not quite getting it right.
Absolutely.
A bit of a cross
of a rant of the week there.
Yeah, well, there was a lot of tweets
that were ranting. Hey, we're just
blending this in. But do you know what?
I think this is going to
really emphasize services offered by the fintech industry.
Because, for instance, all my Revolut banks, bank accounts, they all offer virtual and disposable cards.
So, you know, rather than, you know, for all my online services, I can create a virtual card for every single online provider that I use.
And if something's, you know, if I suddenly get told that there's been a breach at Amazon, I only have to kill one card.
I don't have to get a replacement.
I don't have to, you know, be inconvenienced by not having that particular, you know, credit or debit card in my wallet because i just generate a brand new one or if i'm doing a big purchase but still want to have um you know protection offered by you know a regular credit card or whatever uh then create a disposable
card that's used once uh and so if they keep those records on file they're useless well well you see
that's not really the problem here because, I mean, card companies themselves are pretty good at spotting fraud.
And it's easy to cancel, like you said.
But there's the case of like the personal information that's been taken in this.
That is the real concern.
And because there's all this focus on PCI and well, no payment information
has been taken. People just, you know, sometimes just forget that that's where the real danger is.
And especially in these days where the COVID-19 and you see an uptick in fraud. So, I mean,
if I was a bad guy that got hold of that data, the first thing I'd be doing is sending phishing
emails to everyone on that saying, sorry uh we're easy jet um
sorry for the loss um here sign on to this website click here and uh claim your refund
tell us which cards you uh suspect may have been yeah which would you worry at risk but i i read a
tweet that said oh i read a tweet i read a uh and a uh and a um a headline uh that said that it was personal information,
you're right, but it was credit card details, including the CVV,
the digits that they are not supposed to store.
No sympathy at all.
Exactly.
Exactly.
So you're absolutely right, Jeb.
There is a secondary threat from the, you know, the purse information that's been stolen.
But that has less of an immediate impact to basically someone having your credit card with all the details and then, you know, dropping a small car on it or whatever.
Yeah, it might have been like one of those major cart car on it or whatever. Yeah.
It might have been like one of those major cart, make cart, whatever. The thing that British Airways was on where they intercepted it
at the payment page.
But it doesn't sound like that.
I mean, over there is where they would capture the CVV.
Yeah.
Yeah, exactly. capture the the cvv yeah yeah exactly so so yes that was uh that was my um tweet of the week
yeah i felt it was getting a bit too technical there so thank you for that tom
yeah hey i've spent a couple of days being extremely technical. So, you know, I thought I would just sort of come down off that particular pedestal by talking about a technical subject.
Well, it's strange because, like, you know, you spent all of RSA arguing with me, debating with me how a CISO doesn't need to be technical.
Well, I suppose you weren't acting in a technical capacity here.
No, I was in a CISO capacity, sorry.
Indeed, indeed.
In fact, I believe
on our little people segment,
we've got somebody
talking about just that.
That's right.
So I got in touch
with our good friend
who no one probably
has heard of.
He's a friend of the show.
Friend of the show.
He used to be CISO at Just Eat
and now he's a CISO at TransferWise,
one of the start-up,
well, it's not really a start-up anymore,
but it's a bank.
It does lots of online payments,
and they could be the sponsor of this show,
if they wish to.
But I got in touch with Shan and asked him,
well, Shan, how technical should a CISO be?
The Little People.
So should a CISO be technical?
It's one of those questions, isn't depends on the role i guess um i mean
you've got ones like tom langford who is like not technical at all but has a small army of minions
to to do his bidding um so yeah that's one kind of see so then you've got um the slightly more
technical sees i mean take myself for instance i mean i've i've sort of worked both sides of the
fence because unlike some of these flyby nights i tend to hang around in a role for a long time.
So I start off being very technical and hands-on and quite possibly the only dedicated security person in an organization.
And then as time goes on, I build a team and necessarily have to become less technical. But I do think you have to be able to keep an eye on the technicalities enough,
at least not to have the wall pulled over your eyes by vendors or by engineers
or make sure that you can keep everyone honest.
So you've got to be able to understand enough.
But then you could go the complete other way.
I mean, there are some complete numpties out there that um are so technical and so buried in the tech that they're never going to actually
perform the role of a cso and they're not really a cso they're they're more like uh like a head of
security operations with the wrong label on like um hang on are you recording this
the little people Hang on. Are you recording this? The Little People.
And a good point well made by Shan.
I think, you know, very interesting to hear what he had to say.
Yeah, absolutely.
I'm looking forward to listening to it after the show when I insert it in.
Absolutely.
Yeah.
I thought his first point, I didn't agree with the very first comment he made,
but after that I thought it was all very valid.
I concur.
Oh, you concur?
Oh, that's good to know.
That's good to know.
So we had just experienced some real technical difficulties
and we lost Andy for a little while.
So we may even have missed him to be fair who knows I have been
lost before many times um yeah I always come back as my mum used to say if you ever get lost
meet me at the door we came in at um which you know it was a large house I was brought up in, but, you know, it was... Oh, man, it's kind of different to my growing up.
Every time I'd come home from school,
I'd find out my parents had moved.
It's a different childhood.
You think you had it tough.
I was in a shoebox in the middle of M1.
Oh, man, that's terrible that is terrible uh it's good it's always good to hear uh shan's dulcet
tones um when did uh when did you speak to him at the jav just now today it's alive oh what
oh was it was it bloody hell where is he no did you was it literally this morning
yeah yeah this afternoon, yeah.
Oh, that's brilliant.
That's brilliant.
Because, of course, we've been let down.
We've been let down.
We thought Wim Reams was a fan of the show.
Wait, what?
Last week, Billy Big Bulls?
He was a friend of the show, promised he'd send us a little people recording,
and didn't.
Wim, you should be ashamed of yourself.
I don't know.
But, Shan, you picked up the slack there.
Thank you, sir.
Wim, we'll be playing yours next week.
Don't worry.
So that was good.
I like that.
Although he did steal our topic, Jav, I believe.
I believe that is our topic.
It is our topic.
We trademarked it.
Anytime anyone mentions CISO Technical technical skills on twitter i jump in there
do you know what this is you know this is one of my bugbears where there are certain people
that need to be involved in every conversation on a particular topic and uh yeah yeah i know i do not
subscribe to um this uh theory that you know on Twitter in the echo chamber, there is always a particular person who needs to be notified on every topic of which they are an SME.
They're gatekeepers, effectively.
Exactly, yeah.
Which, you know, the rest of the industry panders to and just elevates them onto this platform.
Yeah.
Whereas, you know, there's a big world outside of Twitter
where you've got some very skilled people doing a lot of good stuff.
Yeah, that's right.
And if you don't particularly agree with what they're saying,
then engage with them, you know, politely and respectfully,
not from a don't- you know who i am exactly
wait that actually works well not on twitter obviously i think um you know wheaton's law
just needs to apply a little bit more on on twitter of you know just don't be a dick um
unfortunately twitter seems to have the complete opposite effect but there you go that
was an impromptu rant by andy who uh yeah hasn't even used twitter for like two years
but it was one of the things that bothered me a lot um and yeah i'm gonna end there because
otherwise you know my blood pressure's not too good. And, you know, I need to keep it low.
Yeah, have some more Haribo, Andy.
That'll calm you down.
Yeah, let me just wash it down with this beer.
Right, guys, I'm going to just pause here because my robot vacuum cleaner has just kicked off
and we're going to hear it in the background.
This is Tom going into the modern age.
He had to get rid of his house staff.
I know.
He replaced his house staff with robots.
This is a proper first world problem.
This is why COVID is such a big problem for him.
My robot vacuum cleaner needs attention.
Oh, dear.
Manuel!
Manuel!
Oh, dear.
I'm going to have to do some real editing on this one.
It's going to be kicking it soon.
Honey, give me my whip!
Damn robot, go back to where you came from oh dear i tell you what if you're listening to this you know this is this is uh you know
quality podcast entertainment you're listening to the host Unknown Podcast. More fun than a security vendor's briefing.
Well, I think that just leaves us with Billy Big Balls.
Billy Big Balls of the Week.
So, as you know, the Billy Big big balls is the segment of the show where we like to dedicate a little bit
of air time to someone who we think is really rocking those cojones and waving them in front
of everyone just to let them know how good they are um did did you write that bit down because
that sounded really good no i couldn't
repeat it i don't remember what i said um that is some good stuff i'm taking notes here this week's
uh billy big balls is dedicated to one of the most powerful men in the world
thank you friend of the show um mr donald trump believe it or not now this is a guy who has his critics and believe me
he knows his critics um you know it's fake news he's got everyone loves him but he has no critics
he's i think without a doubt one of the most popular presidents of all time he's seen the
stats you know i don't know where i heard that from but someone told him that um so this is the u.s president during a it wasn't even about
you know it wasn't even a coronavirus briefing um you know he was hosting some meeting uh with
the restaurant industry i think it was and just out of nowhere almost as if he has childlike
attention span um he just dropped this knowledge bomb that he is taking uh you know this drug that we shall
refer to as hydroxy um because i can't pronounce the full word hydroxychloroquine i think it
hydroxychloroquine yeah there you go yeah so or hydroxy that fixes the rona yeah exactly
yeah so he's taking roxy for the rona. And so, you know, he just dropped this knowledge bomb that he's been taking it for like a week and a half.
And, you know, he said, hey, I'm still here. You know, what more evidence do you need?
Like ignore all these people that, you know, go to medical school or these researchers, people who dedicate every hour of their waking day to researching uh you know drugs and their effects on people
it doesn't matter billy big balls has taken this and he is still here therefore coronavirus
it's the cure like why are we not rolling this out everywhere i do not understand
this man has spoken he's the proof that he's still here.
You know, he took that chance for us.
You know, the least we can do is, you know, follow him and also start taking it.
See, of course, of course, like, you know,
Big Pharma would like you to believe that all of these researchers
are trying to work on a cure.
And they're not.
When was the last time they cured anything?
It's all about how do you make
a customer for life i think sandbox was uh it was a pretty big one they cured yeah it was a long time
ago not in my lifetime maybe in tom's but you know but you know it's measles it's it's um this is um
this is proof like i think it's a really brave move by by any world leader to show that
homeopathy has it homeopathy has it sorry i can't homeopathy i can't say with a straight face
homeopathy homeopathy not homeopathy whatever it is. Alternative medicine has its place.
No, I can't say it with a serious face.
No, he's batshit crazy, so I'm sorry.
But hydroxy is not homeopathy either.
No.
It's proper medicine, but for something else.
Yeah, exactly.
But, you know, just taking something that you don't know what it's for
for something else and then claiming because you haven't had any ill effects is proof that it works.
Somebody should ask him what the pills look like and he'll probably answer, well, they come in all the primary colours and brown and blue and stuff.
And they're in a bowl on my desk.
They taste chocolatey.
Yeah.
And they have like a W and W on it.
Yeah. Exactly. yeah and they have like a w and w on it yeah
exactly exactly and for our american viewers we're talking about smarties of course
so much better than m&ms so much better yeah we've got better the e numbers in the uk do taste better
so much better yeah we've got better the e numbers in the uk do taste better yeah yeah they do they do well that was that was um an interesting billy big balls andy i must admit
normally it's for people that we sort of respect for for you know well just generally people that
we respect well like i said you got to admit the uh you know you've got to admire the balls on this guy
to basically go against the CDC
and say that whatever these guys say doesn't matter.
I know better.
That's one way of looking at it.
And not only am I that good,
I take the pills myself.
Yeah. I'll tell pills myself. Yeah.
I tell you what, this is the podcast.
I'm going to rename this podcast to number seven,
the one that crashed all the jingles.
I tell you what, it's, yeah,
all our professionalism came out last week.
So, yeah, we've reached the end of the show, I think.
I'm hoping that all the technical issues aside,
that we're going to be in a good enough shape to release this shortly.
Gents, any parting thoughts?
I've had thoughts that have departed my brain,
but in terms of for this show, I think it's been a struggle, hasn't it?
This one's been a struggle isn't it this one this one's been yeah see this is the problem with doing it at like 6 p.m on on a wednesday it's hump day and
it's like 6 p.m it's just and i'm fasting so i've just got no energy and i think that just proves
that when i'm low on energy the whole show, which goes to prove that I do carry the burden of you two.
Okay, so who needed this recording to be rescheduled?
I can't remember.
Andy.
Oh, no, it was Jeff.
It was Andy.
It was not.
It was you.
No, it was Andy.
Totally you, Jeff.
Totally you.
It was Friday morning.
No, sorry, it was tomorrow morning it was scheduled for.
Oh, no.
But from...
I'm thinking of taking a couple of days off.
Can we reschedule?
It was actually meant to be today morning,
and then Andy bumped it to the evening.
So it got to today morning because you had to reschedule it.
Because you bumped it.
Because of you.
I was still fine.
It was still in peak energy time.
What?
On hump day? Yes. It was still in peak energy time. What? What?
On hump day?
Yes.
It was still in the early,
it was before midday.
So it was still.
Hey, job done.
Let's just re-record it tomorrow, guys.
I'm all good with that.
Yeah.
Yeah.
If Jav can't make it,
we'll be fine.
Look, I'm one take Malik.
I just walk onto set,
I read my lines,
and I walk off.
You know, there's no reshoots.
There's no nothing.
There's no DVD commentary.
I think this podcast proves you're not one take Malik.
You're phoning in Malik.
I feel attacked.
I feel sad.
But if any of my fans want to contribute to me and my cause,
you can go on the website, hostunknown.tv,
select the sponsorship packages
for individuals,
and there is the Malik.
And you can pay with PayPal
and all major credit and debit cards.
Well, you pay with PayPal,
which accepts all major debit
and credit cards.
Whatever.
Subtle difference.
See, he's just not on his game at all.
Not on his game at all.
And on that note, folks.
Bullies.
Bye-bye.
Host Unknown, the podcast, was written, performed,
and produced by Andrew Agnes, Javad malik and tom langford
copyright 2015 or something like that insert legal agreement here as applicable and binding
in your country of residence we thank you I tell you what, it'd be a miracle if this makes it past post-production.
No, you only need to bleep out s***.
Shh! Shut up!