title

The Southern Fried Security Podcast

Andy Willingham, Martin Fisher, Steve Ragan, Josep

7
Followers
0
Plays
The Southern Fried Security Podcast
The Southern Fried Security Podcast

The Southern Fried Security Podcast

Andy Willingham, Martin Fisher, Steve Ragan, Josep

7
Followers
0
Plays
OVERVIEWEPISODESYOU MAY ALSO LIKE

Details

About Us

Latest Episodes

Episode 100: Episode 208 - All Good Things...

It's been 9 years and over 210 different content items since we started this thing in January of 2010. As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content. We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to catch updates on where we are on that. All of us would like to thank all of you for your support over the last 9 years. This started as just something Andy, Steve, and Martin did because they 'had things to say and didn't even care if anybody listened' and it's grown into more than any of us could have imagined. Joseph and Yvette joined them for the ride and added so much color and sparkle in every episode. Thank you and we hope to be talking to you again.

34 MINJAN 12
Comments
Episode 100: Episode 208 - All Good Things...

Episode 99: Episode 207 - On the Front Porch with Yvette and Brandon

It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released. "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here: https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.

31 MIN2018 SEP 1
Comments
Episode 99: Episode 207 - On the Front Porch with Yvette and Brandon

Episode 98: Episode 206 - The Front Porch w/@wendynather @securityincite @jwgoerlich

Episode 206 - The Front Porch…. Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security. In this inaugural episode you get to listen to dinner conversation between Wendy Nather, Mike Rothman, Wolfgang Goerlich, and Martin Fisher that happened in Atlanta at the Atlas Restaurant. We cover a lot of topics that I’m sure you’ll find interesting. And, for the record, the “Aristocrat” cocktail at Atlas is something you must try. I appreciate Duo Security and CBI for helping to make this dinner possible.

60 MIN2018 JUN 25
Comments
Episode 98: Episode 206 - The Front Porch w/@wendynather @securityincite @jwgoerlich

Episode 97: Episode 205 - LIve from BSides Atlanta!

We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event. It was a great time and we hope to be there again next year.

58 MIN2018 MAY 9
Comments
Episode 97: Episode 205 - LIve from BSides Atlanta!

Episode 96: Episode 204 - Evaluating Your Security Program: Communications Plan

Episode 204 - Evaluating Your Security Program: Communications Plan Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In If Education & Awareness are how the employees engage the program then Communications is how the management team engage the program In business life, like everywhere else, if people don’t know who you are or what you do then they aren’t going to be willing or able to support you in times of crisis or need The higher up in the org you want to communicate the more deliberate your plan needs to be Why Even Consider Communications? Each sub-org needs to be considered CIO-org CFO-org COO-org CMO-org CCO-org Unless you report to the CEO the...

24 MIN2018 MAR 13
Comments
Episode 96: Episode 204 - Evaluating Your Security Program: Communications Plan

Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping

Show Notes Episode 203 - Evaluating Your Security Program: Threat Mapping Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In How is this different from threat modeling? Threat modeling is listing what could happen to you. Threat mapping is mapping the holes in your program. What is “Threat Mapping”? Must have a assessment management program you can’t protect what you don’t know about This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have Map assets to known threats industry entry points technology Online threat maps What are you doing to know this? What controls do you currently have in place to mitig...

24 MIN2018 FEB 13
Comments
Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping

Episode 94: Episode 202: -Evaluating Your Security Program : Awareness & Education

Episode 202 - Evaluating Your Security Program: Awareness & Education Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In What do you think you do? Mandatory CBLs CyberCyberCyberStuff (Posters, Email, Swag) Briefings and Classes Phishing Awareness $NOVEL_IDEA How many people is it designed to engage? Not how many people took the awareness, how many people were ENGAGED? How many people were actually engaged? How did they do? (CBL completions, % phished, reviews, etc) If CBL_Completion = 15(clicks) then you may want to rethink that 0% phished is not a sign of a great security program...more likely a sign of a bad phishing program If there is no way to allo...

33 MIN2018 JAN 30
Comments
Episode 94: Episode 202: -Evaluating Your Security Program : Awareness & Education

Episode 93: Episode 201 - Celebration

We're going to use this episode to allow the cast to talk about reaching 200 episodes and you'll hear what *really* happened on the Lost Episode. We will be back in 2018 with more episodes. Until then be well and stay secure!

27 MIN2017 OCT 12
Comments
Episode 93: Episode 201 - Celebration

Episode 92: Episode 200 - Building a Security Strategy - Part III

Episode 200 - Building A Security Strategy - Part III Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “How do I make one?” Tech Tech, by itself, only consumes electricity and turns cool air into warm air So many choices…. The tech selection is the least critical one for developing a capability http://www.southernfriedsecurity.com/episode-192-security-waste/ This is the “Stuff You Have To Do” Usually determined by regulation, policy, or corporate edict Describes a desired outcome - not how to get there Examples include “Malware Detection”, “Email Security” Service How you do the crazy things you do Security is not a One-Off - things must be repeatable and consistent Process Describes value team brings to org While tech and service selection is important the biggest improvement usually comes from better process Capability Capabili...

26 MIN2017 SEP 13
Comments
Episode 92: Episode 200 - Building a Security Strategy - Part III

Episode 91: Episode 199 - Building a Security Strategy - Part II

Episode 199 - Building A Security Strategy - Part II Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “How do I make one?” Almost no business is in the business of information security Follow The Money Understand The Decisioning Process “Culture Eats Strategy For Breakfast” Vocabulary Matters Understand the Business of Your Business Know the Formal and Informal Org Charts Influencers are as important as Deciders Beware the Spoiler “Culture Eats Strategy For Breakfast” Don’t Give a Vote or Veto Unnecessarily Know Who Your Stakeholders Really Are We will keep discussing this. Underestimating the power of culture WILL result in your plan faling That’s a majority of the reason that Strategy Is Hard Culture Is The Key

28 MIN2017 AUG 10
Comments
Episode 91: Episode 199 - Building a Security Strategy - Part II

Latest Episodes

Episode 100: Episode 208 - All Good Things...

It's been 9 years and over 210 different content items since we started this thing in January of 2010. As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content. We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to catch updates on where we are on that. All of us would like to thank all of you for your support over the last 9 years. This started as just something Andy, Steve, and Martin did because they 'had things to say and didn't even care if anybody listened' and it's grown into more than any of us could have imagined. Joseph and Yvette joined them for the ride and added so much color and sparkle in every episode. Thank you and we hope to be talking to you again.

34 MINJAN 12
Comments
Episode 100: Episode 208 - All Good Things...

Episode 99: Episode 207 - On the Front Porch with Yvette and Brandon

It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released. "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here: https://www.amazon.com/gp/product/1732651108/ We will be back soon with more great new content.

31 MIN2018 SEP 1
Comments
Episode 99: Episode 207 - On the Front Porch with Yvette and Brandon

Episode 98: Episode 206 - The Front Porch w/@wendynather @securityincite @jwgoerlich

Episode 206 - The Front Porch…. Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security. In this inaugural episode you get to listen to dinner conversation between Wendy Nather, Mike Rothman, Wolfgang Goerlich, and Martin Fisher that happened in Atlanta at the Atlas Restaurant. We cover a lot of topics that I’m sure you’ll find interesting. And, for the record, the “Aristocrat” cocktail at Atlas is something you must try. I appreciate Duo Security and CBI for helping to make this dinner possible.

60 MIN2018 JUN 25
Comments
Episode 98: Episode 206 - The Front Porch w/@wendynather @securityincite @jwgoerlich

Episode 97: Episode 205 - LIve from BSides Atlanta!

We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event. It was a great time and we hope to be there again next year.

58 MIN2018 MAY 9
Comments
Episode 97: Episode 205 - LIve from BSides Atlanta!

Episode 96: Episode 204 - Evaluating Your Security Program: Communications Plan

Episode 204 - Evaluating Your Security Program: Communications Plan Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In If Education & Awareness are how the employees engage the program then Communications is how the management team engage the program In business life, like everywhere else, if people don’t know who you are or what you do then they aren’t going to be willing or able to support you in times of crisis or need The higher up in the org you want to communicate the more deliberate your plan needs to be Why Even Consider Communications? Each sub-org needs to be considered CIO-org CFO-org COO-org CMO-org CCO-org Unless you report to the CEO the...

24 MIN2018 MAR 13
Comments
Episode 96: Episode 204 - Evaluating Your Security Program: Communications Plan

Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping

Show Notes Episode 203 - Evaluating Your Security Program: Threat Mapping Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In How is this different from threat modeling? Threat modeling is listing what could happen to you. Threat mapping is mapping the holes in your program. What is “Threat Mapping”? Must have a assessment management program you can’t protect what you don’t know about This isn’t “I have a CMDB”. It’s actually taking actions based on what you know about what you have Map assets to known threats industry entry points technology Online threat maps What are you doing to know this? What controls do you currently have in place to mitig...

24 MIN2018 FEB 13
Comments
Episode 95: Episode 203 - Evaluating Your Security Program: Threat Mapping

Episode 94: Episode 202: -Evaluating Your Security Program : Awareness & Education

Episode 202 - Evaluating Your Security Program: Awareness & Education Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In What do you think you do? Mandatory CBLs CyberCyberCyberStuff (Posters, Email, Swag) Briefings and Classes Phishing Awareness $NOVEL_IDEA How many people is it designed to engage? Not how many people took the awareness, how many people were ENGAGED? How many people were actually engaged? How did they do? (CBL completions, % phished, reviews, etc) If CBL_Completion = 15(clicks) then you may want to rethink that 0% phished is not a sign of a great security program...more likely a sign of a bad phishing program If there is no way to allo...

33 MIN2018 JAN 30
Comments
Episode 94: Episode 202: -Evaluating Your Security Program : Awareness & Education

Episode 93: Episode 201 - Celebration

We're going to use this episode to allow the cast to talk about reaching 200 episodes and you'll hear what *really* happened on the Lost Episode. We will be back in 2018 with more episodes. Until then be well and stay secure!

27 MIN2017 OCT 12
Comments
Episode 93: Episode 201 - Celebration

Episode 92: Episode 200 - Building a Security Strategy - Part III

Episode 200 - Building A Security Strategy - Part III Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “How do I make one?” Tech Tech, by itself, only consumes electricity and turns cool air into warm air So many choices…. The tech selection is the least critical one for developing a capability http://www.southernfriedsecurity.com/episode-192-security-waste/ This is the “Stuff You Have To Do” Usually determined by regulation, policy, or corporate edict Describes a desired outcome - not how to get there Examples include “Malware Detection”, “Email Security” Service How you do the crazy things you do Security is not a One-Off - things must be repeatable and consistent Process Describes value team brings to org While tech and service selection is important the biggest improvement usually comes from better process Capability Capabili...

26 MIN2017 SEP 13
Comments
Episode 92: Episode 200 - Building a Security Strategy - Part III

Episode 91: Episode 199 - Building a Security Strategy - Part II

Episode 199 - Building A Security Strategy - Part II Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “How do I make one?” Almost no business is in the business of information security Follow The Money Understand The Decisioning Process “Culture Eats Strategy For Breakfast” Vocabulary Matters Understand the Business of Your Business Know the Formal and Informal Org Charts Influencers are as important as Deciders Beware the Spoiler “Culture Eats Strategy For Breakfast” Don’t Give a Vote or Veto Unnecessarily Know Who Your Stakeholders Really Are We will keep discussing this. Underestimating the power of culture WILL result in your plan faling That’s a majority of the reason that Strategy Is Hard Culture Is The Key

28 MIN2017 AUG 10
Comments
Episode 91: Episode 199 - Building a Security Strategy - Part II