The Host Unknown Podcast - Episode 191 - This One's For The Boomers
Episode Date: April 29, 2024This week in InfoSec (07:04)With content liberated from the “today in infosec” twitter account and further afield23rd April 2005: The first video uploaded to YouTube, “Me at the zoo,” is pos...ted on April 23, 2005 at 8:27 PM by co-founder Jawed Karim. For now being a piece of history, the video is actually pretty dumb.Note to future entrepreneurs: what you do may be for posterity. Choose wisely.22nd April 1988: 1988: The VIRUS-L email mailing list was created and moderated by Ken van Wyk while he was working at Lehigh University. It was the first electronic forum dedicated to discussing computer viruses.https://twitter.com/todayininfosec/status/1782424224348446910 Rant of the Week (13:21)Ring dinged for $5.6M after, among other claims, rogue insider spied on 'pretty girls'The FTC today announced it would be sending refunds totaling $5.6 million to Ring customers, paid from the Amazon subsidiary's coffers.The windfall stems from allegations made by the US watchdog that folks could have been, and were, spied upon by cybercriminals and rogue Ring workers via their Ring home security cameras.The regulator last year accused Ring of sloppy privacy protections that allowed the aforementioned spying to occur or potentially occur.Specifically, the FTC formally charged Ring with "compromising its customers' privacy by allowing any employee or contractor to access consumers' private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers' accounts, cameras, and videos." Billy Big Balls of the Week (21:41)Cops cuff man for allegedly framing colleague with AI-generated hate speech clipBaltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks.Darien, of Baltimore, Maryland, was subsequently charged with witness retaliation, stalking, theft, and disrupting school operations. He was detained late at night trying to board a flight at BWI Thurgood Marshall Airport. Security personnel stopped him because the declared firearm he had with him was improperly packed and an ensuing background check revealed an open warrant for his arrest.He is quoted as saying “Arse cock pussy”. 😀"On January 17, 2024, the Baltimore County Police Department became aware of a voice recording being circulated on social media," said Robert McCullough, Chief of Baltimore County Police, at a streamed press conference today. "It was alleged the voice captured on the audio file belong to Mr Eric Eiswert, the Principal at the Pikesville High School. We now have conclusive evidence that the recording was not authentic. Industry News (30:51)Quishing Attacks Jump Tenfold, Attachment Payloads HalveAlarming Decline in Cybersecurity Job Postings in the USNCSC Announces PwC’s Richard Horne as New CEONSA Launches Guidance for Secure AI DeploymentEnd-to-End Encryption Sparks Concerns Among EU Law EnforcementFifth of CISOs Admit Staff Leaked Data Via GenAIUS Congress Passes Bill to Ban TikTokOnline Banking Security Still Not Up to Par, Says Which?Ring to Pay Out $5.6m in Refunds After Customer Privacy Breach Tweet of the Week (38:56)https://twitter.com/KimZetter/status/1783556843798671591 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
well we weren't here last week were we were we not here or did you just not publish the recording
well it could be either in fairness i mean on on recent uh okay recent history tells us i may not
have hit publish but no we we none of us made it none of us were available last week's podcast
will be available next week yes and this week's podcast will be available the week after. Something like
that. Yeah, exactly.
This is like Tenet.
Yeah, Tenet.
You can tell we're very topical.
Very topical.
You're listening to the Host Unknown
Podcast.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening and welcome to episode 100.
One hundred ninety five.
Of the Host Unknown Podcast. Welcome one and all from wherever you are joining us.
It is lovely to have you back. we had a little break last week uh i think uh jab
was in foreign climes and he was just a bit busy and uh well how could i fill in for two such
luminaries hey i mean it was it was pointless me trying to do it by myself so don't forget to say
your best mate cancelled on you oh yeah and, and Graham cancelled as well, because otherwise it would have been me and Graham.
And we've already got two old bald men on this show anyway, so we didn't need a third one.
Three of you include me.
Three of you include me.
Anyway, Jav, how have you been? How was your trip abroad?
It was very good. I was in trip abroad? It was very good.
I was in sunny Florida.
It was very nice, you know, 30 plus degrees weather for the whole week.
Made it out alive, obviously.
I made it out alive.
Honestly, my soul, I've said this to you, I would be Florida man, easily.
That's not a problem for me. And that's not a good look either but there you go
as if i care florida man just don't care it just and also let you know never let you be accused of
being good looking no no i'm working on getting a couple of teeth knocked out, so I'll blend right in.
Yeah, I was also thinking every week you guys do what episode number it is, like it's 190 or 195.
And in my mind, I was just thinking, no, it's episode actually 93, because that's how many I've been on.
Yeah, your hit rate hasn't been great recently, in fairness.
No, no.
In fact, we've missed a couple of times.
You are our second highest guest.
Yes, yeah, honestly.
It's like the tail end of a cricket team,
just like the run rate just goes right down.
So, you know, living up to my Pakistani heritage, I suppose.
Well, yes, there you go there you go
and talking of foreign heritage Andy how are you oh good thank you very much I was actually in Berlin last week were you not enjoying the weather that uh that Jav had it was literally snowing
one of the days I was out there had all all the seasons in one day, absolutely freezing.
But I did get to do, I mean, I've been a couple of times to Berlin.
Last time I went, I did the cultural stuff.
The first two times was sort of more drinking.
Yeah.
But the East Side Gallery, the last time I went to check it out,
I didn't think it was all that.
And it wasn't until after I got back
I realised that we'd walked up the wrong side of the gallery.
You were on the west side gallery.
We'd walked up the wrong side of the wall.
Exactly, yeah.
We were looking at all the graffiti,
which is what we thought it was.
But it was actually the shit graffiti
that we were looking at.
We were literally on the wrong side of the wall.
I don't know why people...
Literally on the wrong side of the wall.
But this time, yeah, you got to see it from the other side so i was impressed um yeah i can see why people see that but um yeah i've been watching a show on netflix called
turning point and all about the cold war and the nuclear deterrent and all that and we've just
just done the berlin wall and how it came down down. And the reason it came down was basically because whoever was in...
David Hasselhoff.
Well, yeah, David Hasselhoff, but it was a press conference
and the guy who announced that they were going to ease travel restrictions
was not media trained, didn't have a clue,
basically stumbled his words and the media heard,
we're going to let people go where they want.
And then that was literally what happened and so people started walking up to the the gates saying let us through
let us through and eventually they did and and it was came down to someone not being media trained
and just fumbling their words wow what. Was his surname Langford by any chance?
Langfordski.
No relation.
But absolutely, it's a fascinating show.
But I tell you what, because it talks of the atomic bomb and all the way back to World War II and forwards,
you can only watch one episode a night.
Christ, it's depressing at times.
You're not going to bang this one out in a night you've got to pace yourself because it's really darking on
occasion but uh yes talking of depressing and dark on occasion how are you well yes well when i can
when i can yes uh not so bad not so bad we're going to be going out tonight to celebrate my son's birthday
Albeit a week late
Because he was busy on his birthday
This is the thing
He's 21 and he was working
He was on a film set, would you believe
So couldn't come home
So doing that tonight
So that's going to be nice
Yeah, so seeing him
And what else have i been
doing oh i'm sure i've been doing something else i've been rebuilding my magic mirror as well on
the raspberry pi so that's coming along nicely looking very good just need a bit of wood and
we'll be there which pretty much sums me up really just in need of a bit of wood. But talking about disappointed experiences,
let's see what
we've got coming up for you this
week. This week in InfoSec
takes us back to the foundations
of the modern influencer's
infrastructure. Rant of the week
is the age-old abuse of power.
Billy Big Balls asks,
why does this not happened more often?
Industry news is the latest and greatest security news stories from around the world,
and Tweet of the Week may be remembered as the modern equivalent of shouting at the moon.
So, without further ado, let's move on to our favourite part of the show,
the part of the show that we like to call…
part of the show the part so we like to call it is that part of the show where we take a trip down infosec memory lane with content liberated from the today in
infosec Twitter account and further afield. And our first story takes us further afield a mere 19 years ago to the 23rd
of April 2005 when the first video uploaded to YouTube, Me at the Zoo zoo was posted on april the 23rd at 8 27 by co-founder uh jawad kareem
now for a piece of history the video is actually pretty dumb so this is a note to future
entrepreneurs what you do maybe for posterity choose wisely but obviously we know youtube as this um well i say
we know it and i look at you know you guys sort of you know within 15 years of my age um as as this
this fantastic resource uh you know lots of uh educational videos on there but i understand it
is actually a resource used by a certain generation and the younger generations are not actually big on youtube they don't actually use it that much uh which is so
many adverts uh well i don't know i don't seem to have the same adverts on the mobile experience
oh okay um that people i use the app as well but um yeah it's actually i think jav i think you will
agree that you uh you launched your social media career uh through life on youtube with a tv series
or like a an educational series on information security whether that is still around the the
adventures of info sex cynic uh before you receive legal challenges and
you know sort of folded like a deck chair well you know rookie mistakes you know that you know
you you realize that when you get people to appear on a show it's a really good idea to have them
sign something that says yes you can use me for forever and not like you know a couple of years later they
look back and think this is really embarrassing so they like send you a please can you take it down
oh no especially when especially when they're a co-presenter yeah you didn't get any release
papers signed then no no i had no idea what they were back then i thought hey it's just like it's a you know you
pay someone to come and do a job yeah exactly you think right but it's an absolute minefield
the media copyright and stuff isn't it absolutely it is it is i mean and the thing is like it's with
so many things so many assets that you like like music and what have you sometimes it's free on
certain platforms but it's not on other.
I mean, TikTok recently had that huge issue
where they had a falling out with one of the record labels.
So all these historic videos ended up getting muted.
So it's a real shame.
Yeah.
Do you remember when we filmed,
which funny enough was actually posted 10 years ago
on the 16th of April.
CIWSP, that video.
Was it 10 years old?
It was actually 10 years ago, on the 16th of April.
Wow.
Yeah, I saw it earlier.
But do you remember Moo, who was directing at the time?
Yeah.
He was really paranoid about the music in the background.
Do you remember?
And he asked the venue to switch it off.
And it was because he was worried about it um you know causing copyright
issues on the actual video which was um yeah never thought about that and he dealt with all of the um
all the waivers and release forms and all that sort of thing didn't he yeah he did yeah and
that's why they say that if you if your partner ever convinces you to make a naughty tape with them, play a Disney soundtrack in the background.
That way, if they ever try to blackmail you or anything, Disney will have it taken down in a heartbeat.
Yeah.
Let it go.
Let it go.
You're squeezing it too hard.
Man, you've just ruined that for me now.
You're squeezing it too hard. Man, you've just ruined that for me now.
Alas, moving swiftly on, our second story takes us back a mere 36 years to the 22nd of April 1988,
when the Virus L email mailing list was created and moderated by Ken Van Wick while he was working at Lehigh University.
And it was the first electronic forum dedicated to discussing computer viruses.
So, yeah, this is quite simply, as it says, a mailing list originally started as a simple sort of mail exploder,
then became a moderated digest and then got mirrored
in the comp.virus
news group if anyone ever
remembers subscribing to news groups
and getting their daily digests
or more frequently through that
but yeah I know
so he was one of the computer support people at the
high university when a virus struck
so his interest in computer
viruses sort of peaked from there and as he moved employers support people at the high university uh when a virus struck so his interest in computer viruses
you know sort of peaked from there and as he moved employers um his day job took up more time
um so he was actually one of the first major players in the field of computer emergency response
um and so in nine between like 94 and 95 people were complaining that there's a long delay between
issues of virus l um and so he passed on that torch to a long delay between issues of virus L.
And so he passed on that torch to a different moderator called Nick Fitzgerald.
But, yeah, it's quite huge.
It sounds weird talking about mailing lists and newsgroups,
but, you know, 80s and 90s, this is what it was all about.
It's a shame we haven't got our regular co-presenter on because he could tell us all about the good old days of antivirus
and all that sort of thing.
Probably picking out flaws in everything that was posted as well.
Yeah, yeah.
I mean, he was there, man.
He was there.
He saw the things he saw.
Excellent.
Thank you, Andy, for this week's...
This week in InfoSoul
Right, it's time for
Listen up!
Rent of the Week It's time for... Listen up! Rent of the Week.
It's time for Mother F***ing Rage.
All right, so I think this is the end of a story
that we covered possibly last year
about a ring from Amazon, the Ring Cameras folks,
of which I am a customer, I have to say,
but being had up because their employees had access to content that was being recorded on these cameras.
But today, the FTC announced that it would be sending refunds totaling $5.6 million to ring customers
paid from the Amazon subsidiaries' coffers, which, let's face it, $5.6 million is a rounding error for Amazon, unfortunately.
But, you know, people will be coming, will be getting a bit of money back, it would seem.
I doubt anyone would come my way.
Because I doubt they'd be looking at my stuff, let's face it.
Especially given what we're about to hear.
But this windfall stems from the allegations made by the US watchdog
that folks could have been and were spied upon by cyber criminals and perhaps more importantly rogue ring workers you
try saying that in a hurry via their ring home security cameras uh now and one of the worst cases
uh and i'm just struggling to find this oh here we go in the most egregious case, one employee, just underscore that, employee went out
of his way to view thousands of video recordings belonging to at least 81 unique female users,
according to the FTC. A co-worker reported this behavior to a supervisor who it's alleged
initially said this snooping wasn't that strange until he realized the rogue employee was only reviewing videos of pretty girls.
Hence why I don't think I would be included in this in this case. fact that they were allowed well not even not allowing but they there were no safeguards in
place that would stop uh employees from doing this or even no sort of monitoring for something like
this um and in fact you know some ring employees and contractors were viewing and retaining
private footage because there was simply nothing stopping them
just appalling um you know external people were able to for instance brute force or credential
stuff their way into victims ring accounts including those of 55 000 american customers
due to a lack of security defenses in place um and yeah i i'm pretty sure
there isn't any 2fa on ring at the moment uh or probably is now but i don't recall there being
when we first got it for instance so this is absolutely um shocking shocking behavior this
is a company that was bought by amazon um all built for all the right
reasons and in fact i think the the ring founder was originally on uh the u.s equivalent of the
dragon's den what's it called shark tank i think he was actually on shark tank oh really yeah and
he had his it was the doorbell initially and he had his idea they they were not interested in the
slightest and he went on to build the ring Empire and was bought out for no doubt billions.
So it's obviously come from a good place.
But it's, you know, this failure and this charge of compromising its customers' privacy
by allowing any employee or contractors to access consumers' private videos
and by failing to implement basic privacy and security protections,
ultimately allowing employees and hackers to take control of consumers' accounts, cameras and videos.
Wow. I mean, just shocking.
Just shocking quite how loose or loosey-goosey their internal structures are the
employees and contractors are able to just view videos without any kind of permission granted or
well if there was logging and certainly no uh pattern or recognition or any kind of monitoring
of what people were watching and who were, you know,
I'm sure the ones in question were watching thousands more videos
than the average employee, for instance.
It's just appalling.
It just goes to show how fleeting our privacy is,
ironically, when we're trying to protect our privacy
and protect our own security
at the same time but it must be i mean they're a small company so they probably just don't have
the resource to to employ you know governance professionals five or six of them i'm sure
that costs money it does yeah yeah don't let a couple of bad apples spoil it for everyone no no it reminds me of uh
back in the day early early on will i if you had admin right if you're an admin on windows
you could look up anyone's like directory and then for instance like the salary spreadsheet. I'm just saying, you know, as by example.
And then go straight into people's emails,
like log into the webmail client and just change the name on the end of it
whilst you're logged in as domain admin.
Apparently so.
Apparently so.
I read about this stuff.
Yeah, exactly.
I read about it, yeah.
But there was also...
I reckon Amazon might have suspected this,
which is why they raised their prices so much a few months ago
to their subscription.
Do you know what?
Actually, a good point.
Because it went up, what, 30%?
It was quite a hike.
It was a hike.
Probably more than covers this 500 million or whatever it was.
5.6 million.
The square root of fuck all in Amazon's terms.
Yeah.
But yeah.
I can't disagree with you, Tom, unfortunately.
I know.
This is a pretty cast iron one, I have to say.
We're fast getting to the point where we're going to add Amazon to our Facebook shit list, right?
It's getting to that point where, you know, these companies are just not behaving.
But, you know, the only problem is the only company the US is actually taking any kind of sanctions against is TikTok.
Oh, no.
The one company that is prepared to be transparent let any order
to come in and do whatever they want every like complete transparency keep all of the data in one
location let let it be regularly checked and like you know employ only us nationals but um no they're the bad guys. Yeah, exactly. Exactly. Meanwhile, young...
Rant of the Week, sponsored by TikTok.
And TikTok, you're more than welcome to sponsor us.
Just saying.
Just saying.
All right, let's leave it there.
That was this week's...
Rant of the Week.
You're listening to the award-winning Host Unknown podcast.
Like a real security podcast, but lighter.
Right, let's see if I can grant you the same equanimity that you granted me, Jav, with this week's...
Bill Nagle's Of The Week. This week's... I sure hope not.
But anyway...
I'm looking at the wrong story.
Oh, yes. No, no, no, no.
It's the right document.
It's just the link has been updated, but the rest hasn't.
But anyway, cops arrest a man for allegedly, allegedly being the word here, but we all know it's true, framing a colleague with AI-generated hate speech clip.
Okay. with AI generated hate speech clip okay so this was like uh at Baltimore school the athletic boss
uh so there was a there's a guy who was the athletic director at a school and he had some
tiff with the principal the principal was like oh you're not really
you know doing your job and this at the other so what he done he uh used some software
to mimic the school principal's voice and make it seem as if he'd made racist and anti-semitic
remarks as if racism wasn't enough there's's the anti-Semitism there as well.
You're going for like a double whammy.
If they just added Islamophobia onto it, they would have got a full house.
But, you know, it's one of those things where you think about it and think like,
why haven't there been more stories like this?
But, you know, I think it's because most people are kind of aware that for the casual, like, just
gimmick or something, AI is cool. Or like, if it's only something that's flashed up on their
screen for a few seconds and then it's taken away, it's okay. but when it's actually content that is given to someone and they can
analyze it meticulously you can still tell it's ai or you have the tools to figure out that it's ai
so it's kind of like a really stupid billy big balls move by behind this well i suppose that's
why he's a athletics director he's probably one of those um he's the gym teacher chad's back in just a prank bro just a prank yeah yeah yeah so um you know he was charged
with witness retaliation stalking theft and disrupting school operations and he was detained
while trying to board an aeroplane.
What?
Security...
You couldn't make this up.
This gets better.
Security personnel stopped him because the declared firearm he had with him
was improperly packed and, in seeing background check,
revealed an open warrant for his arrest.
This was a teacher at a school had an open warrant for his arrest. This was a teacher at a school.
Had an open warrant for his arrest.
For his arrest.
Yeah.
Yeah.
Yeah.
And this is the guy you're saying is the Billy Big Boys.
I'm just.
I mean, you know, what's that?
What's that song?
If you're going to be.
If you're going to be dumb, you better be tough. Yes, that's the one... If you're going to be dumb, you better be tough.
Yes, that's the one.
If you're going to be dumb, you better be tough.
That's the one.
You know, the thing is, like,
the clip actually led to the temporary removal of the principal, and he had a wave of hate-filled message messages on social media
and numerous calls to the school and it significantly disrupted school operations
and it also led you know police to be concerned about his safety um you know he told the
investigators that the clip was fake. He never had those conversations.
And he believed that the athletics director was responsible
due to his technical familiarity with AI and had a possible motive.
Technical familiarity.
And, yeah, there had been conversations with the athletics director
about his contract not being renewed next semester
due to frequent work performance challenges.
And the open warrant for his arrest.
You can see...
Just saying.
We can overlook that.
You can see that, you know, this is like...
This could have turned out so bad for the principal.
Yes.
Had they not unpicked and uncovered that this was a deepfake.
And, you know, he could have been lynched.
He could have been like, you know, some vigilante mob could have like just rocked up and like petrol bombed his house or something.
I don't know.
But also, you know, they say, you know, nothing stays on your permanent record, as it were.
Yeah.
But this kind of does it's
on the internet and someone somewhere at least one person if not more are going well there's no smoke
without fire you know it's obviously just you know he might not have said that but he's probably said
something else and the thing is this guy's reputation is going to suffer as a result,
even though he did nothing wrong.
You know, the social media justice engine is dangerous.
Two things.
One, isn't this just like a modern day equivalent of like Photoshop, right?
Do you remember in the old days,
you could just like Photoshop someone's face into compromising positions?
Yeah, but it looked like it was Photoshoposhopped though it was an obvious photo no no you could get
some good ones like there's one like we did one of our college well i say we got i got one of the
graphic designers from a sister company to to superimpose one of uh my iraqi friend's faces
on saddam hussein uh sitting on his. He honestly couldn't tell the difference.
It was fantastic.
But secondly, can we find out what tool this guy was using?
Because obviously Jav himself has impersonated our voices with AI.
Yes, he has.
Sort of, you know, praising him and stuff, sending it around the group chat.
But you could tell, as he said, you could tell it was AI.
So what is this that this guy used that actually had people convinced?
So what the difference is, is that,
and one of my colleagues told me about this recently,
is like all of these text to voice ones, they'll get the voice pattern right,
but you can tell it's AI.
So he goes, what you need to use is a speech to speech ai and there's several products out there that do that so you can say
such as my name is tom langford or or whatever it is and then it picks up the intonations and
it transfers that into that particular voice and that's where you
get really smart ai is this is this you preparing for your next um performance review job
no no this isn't me this is me i'm so glad that this technology exists now i'm so glad
because now in the like you know how like how Kevin Hart last year or the year,
he got kicked out from hosting the Oscars because of something he tweeted previously.
15 years ago.
15 years ago.
I'm so glad this technology is here now.
Because now whenever anyone listens to my podcast or sees a video of me me or something like that where i've said something dumb
which is quite often to be honest but i can just say oh it's a deep fake it wasn't me
and i know two people with motive and technical familiarity with the matter well like that fellow
who fell for that uh teams chat teams meeting conversation to transfer money
was it Hong Kong
or Singapore
you know
that guy did not
fall for anything
he didn't
I'm not having that
yeah exactly
he's just using this
as an excuse
he's just
yeah
yeah exactly
precisely
anyway
excellent
thank you for once again
defending the indefensible
Jav
that was this week's
Billy Big
Balls of the
Week
This is the podcast
the King listens to
although he won't
admit it
Randomizer still doing a good
job there we haven't had the same jingle and we've so far
so good the right we've got the the right jingle in this case uh so without further ado and before
we run out of time speaking of time that was the worst segue ever andy what time is it it is that
time of the show where we head over to our new sources over the InfoSecPA
Newswire who have been very busy bringing us the latest and greatest security news from around the
globe. Industry news. Quishing attacks jump tenfold. Attachment payloads halve. Industry news.
loads halve. Industry News. Alarming decline in cyber security job postings in the US. Industry News. NCSE announces PWC's Richard Horne as new CEO. Industry News. NSA launches guidance for
secure AI deployment. Industry news.
End-to-end encryption sparks concerns among EU law enforcement.
Industry news.
Fifth CISOs admit staff leaked data via Gen AI.
Industry news.
US Congress passes bill to ban TikTok.
Industry news.
Online banking security still not up to par, says which. Industry news. Online banking security still not up to par, says which?
Industry news.
Ring to pay out $5.6 million in refunds after customer privacy breach.
Industry news.
And that was this week's... Industry news.
Huge if true.
Huge if true. Huge if true.
Huge if true.
What the hell's quishing?
I mean, this is just getting...
It's QR code phishing.
You know, they get you to scan...
Quishing, phishing, smishing.
They just get...
It's too many.
I know.
But do you know what?
The attacks of Jump Ten tenfold i do not for
one second believe they're successful as successful as attachment payload yeah yeah
well there's there's more steps involved isn't it you've got to get your phone out you've got to hit
the link you know yeah so rather than just clicking on something that is you know right in front of
you with your cursor right there it goes wild in the background um so i'm looking at this alarming
decline in cyber security job postings in the us uh so apparently job post cyber security job
postings decreased 22 year on Wow. Between 2022 and 2023.
Obviously, they're saying that this decline is alarming,
could impact national security,
as some of these roles are essential for maintaining
organisation and national cyber defences.
Most significant decline is research roles,
which saw a 69% drop.
Job postings for engineer roles also dropped 21%.
Yeah, yeah.
I wasn't particularly worried about DevSecOps, 43% drop.
Oh, wow.
Interesting to see if that's going to go worldwide
or if it is just limited to the US.
Well, do you know what I'd love to see if that's going to go worldwide or if it is just limited to the US. Well, do you know what I'd love to see is the correlation between job postings and ISC Square's marketing budget
and whether or not they did enough marketing last year stating why people need SISPs in their jobs.
So actually, it's referred to to ic2 now they they dropped the
squared oh they actually oh okay my bad i yeah my bad i didn't get the memo sadly um i'm interested
to see if this is related you know last uh a couple of weeks ago we spoke at how um is it rbs are getting rid of 600 of their forwards yeah risk managers and they
they basically become a barrier to delivery so they are looking for people who are a bit more
um interested in the managing of risk you know keep going forward but let's just manage the
risks rather than saying no because it's too risky yeah um i'm just wondering if security is going that same way
right security is an expensive thing to maintain um yeah and and let's face it we have been you
know crying wolf an awful lot um but things do happen you know maybe it's more it's got to come more down to how we uh
how we talk about what we're doing and it should be less about the the fun yeah and the crying
wolf and it should be more about actually working with the business oh god that's kind of like
talking to the board 101 isn't it um yeah it is wow measly weasel see how easy he just slipped into that see it just
slipped out like it's muscle memory you know what this is like see so that would have earned me 500
quid as well no i think i think it's well in that article at the end, the second last paragraph, it does say that IC2 said that in October 23
that the global workforce gap had reached 4 million people.
So it's probably 4.2 million people now.
Yeah, yeah.
And, you know, whatever.
But, you know, it's also like how effective has security been?
Like ransomware, say, for example, is one of the biggest, you know, it's also like how effective has security been? Like ransomware, say, for example, is one of the biggest, you know, problems out there.
And I'm sure some companies must be looking at this saying like, OK, we spend about five million a year on our security budget or whatever.
And every three years, if we get hit by ransomware that might be a 10 million
yeah here so if we get rid of all the security people we're saving five million every three
years although they might get hit more often of course that's but but that's not what they're
thinking yeah yeah that's right yeah but it wouldn't take much and it is kind of like a
all it would take is a little bit of you know scraping from
linkedin or whatever to sort of see okay there's these companies with these head counts how many
people on linkedin are in security roles in those companies and to see if those numbers over time go
up or down and if they're consistently going down for certain companies, well, that's the company to attack then.
Cyber criminals out there, you're welcome.
Is that company reducing headcount because they've matured to, like,
level five on the capability model, so everything's automated?
Well, very good.
Well, they'd soon find out, wouldn't you know by by you know after their first attack and they
hang on we scored ourselves as a maturity level five why are we now still being attacked so much
and failing so much how is this working it's like dieting really hard for a year losing a ton of
weight and say oh i've hit my target weight now i can go back to my my bad habits again and then putting it back on again why are you looking at me i'm actually looking at myself
there so but i can see you following my footsteps in more way than one tell me about it i mean you
remember 2013 tom you're skinny tom remember? Now it's fat and happy Tom.
I was half the man I was.
Half the man, I say.
Right, shall we...
No, there's nothing else here of any particular interest, is there?
Gen I, I, fifth of CISOs, blah, blah, blah.
All the same.
Anyway, that was this week's...
Industry News. fifth of CISOs, blah, blah, blah. All the same. Anyway, that was this week's...
Industry News.
People who rate other security podcasts
better than the Host Unknown podcast are statistically more likely to enjoy
the Harry and Meghan documentaries.
Read into that what you will.
Might have to update that one soon.
Yeah.
Right, let's go to the end of the show.
Andy, take us home, why don't you, with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
This week's Tweet of the Week is from friend of the show, Kim Zeta,
and she says, it used to be there
was integrity in doing your own work but now if you do your own work you're at a disadvantage
against people who use chat gpt and other algos to do the work for them even if it's just
foundational work chat gpt makes people seem smarter than they actually are.
Honestly, this is like Groundhog Day.
This just keeps on going and going.
It's like when I was a lad, we didn't have calculators.
We used to do maths in our brain.
We were so much smarter.
It's not like you're ever going to always have a calculator in your pocket,
Mr Malik, is it?
In the future. pulls out phone exactly it pulls out phone it's like it's bizarre isn't it
yeah i do have a calculator in my pocket here is my phone um but it's true i mean even some
foundational work surely that's taking the drudgery away.
And don't get me wrong,
I do understand where Kim is coming from in this instance,
but we've got to get ourselves away from the drudge work
so we can actually do some proper value-add work.
And that's where, hopefully, Gen AI is going to help.
Well, didn't our very own Mr Malik rent a quote?
Didn't he sort of outsource all of his work to Gen AI when it first came out?
When he was the first to respond to any media inquiries.
Practically.
No.
You look at my history over the years.
I did.
Your history in chat GPT.
Long before.
Yeah, long before you were messaging us on WhatsApp saying,
hey, what do you guys know about Meltdown?
What do you guys know about Spectre?
Next thing, we read an article.
We've all been there.
I remember in the cab on the way to my my first day of my job
and something happened and i texted you guys or messaged you guys and said uh what's this mean
what's going on it's like you two are my ai i can't afford the proper ai that's you too yeah
and honestly my new ai which is actually like the amazon stores ai which is actually like the Amazon Stores AI, which is actually a thousand kids in Bangalore somewhere responding.
Is it like a Slack channel?
It is, yeah.
You've got them on Slack, yeah.
It's so much better.
And they don't give me attitude later as well.
Like, oh, you didn't know this.
Well, not to your face anyway.
Oh, dear.
Yeah, I don't care what they say behind my back.
Yeah, exactly. Because they're saying it from over
there yes excellent thank you andy for the sweet of the week well we've barreled into the end of
the show this week um gentlemen thank you very much uh jav, thank you. Charm, wisdom, and now dressed like a hacker
with his baseball hat and hoodie.
I know, I know.
What's going on there?
I was feeling a bit cold, so I put my hoodie up.
Just the hoodie up on its own.
It just looks a bit flat,
but when you put the baseball cap on it,
it's sort of like...
Okay.
It's a nice profile.
I thought you might be going for, I don't know,
a photo shoot or something. I genuinely thought it was So like, okay. I just thought you might be going for a, I don't know, a photo shoot or something.
I generally thought he was going to break out his noisy keyboard and just get
hacking after he's finished with us.
I've got the green,
green text falling down my,
my vertical monitor here.
Oh dear.
Anyway,
thank you,
Jack.
But thank you for having me on your show,
gents.
Yeah,
that's a pleasure.
Thank you for having me on your show.
Always a pleasure to be your number one guest.
And Andy, thank you.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
r slash Smashing Security.
So wish the boy happy birthday from us, Tom.
Of course.
Of course.
I'll let you know how I get on.
And if you need some lingo translated, just ping it over.
Yeah, for the young kids, right?
Yeah.
Gen Z translator here.
Yeah.
Best I can do is Gen X translator for you, Boomer.