The Host Unknown Podcast - HU Podcast Episode 4b
Episode Date: April 16, 2020Episode 4(b) of the inimitable Host Unknown Podcast! Featuring Andy, Jav and Thom. In this episode we; Look for sponsors. Pine for British Airways Lounges. Talk about Carole Baskin. Try to be nice abo...ut infosec celebrities. Look for sponsors again. Get a little serious about a few things. HostUnknown.tv @HostUnknownTV Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
All right, so we're recording.
And it's episode four, is it, that we introduce?
Or the re-recorded episode four?
Episode four B.
Four B, yeah.
Four B or three B or something like that.
Take two.
Episode four, take two.
Yeah.
All right, we ready?
Yep.
So silence for a few seconds.
Cue us in.
Hit the music.
I'm going to do a clapboard so I can see it right.
You're listening to the Host Unknown Podcast.
Hello and welcome to episode 4, 3, 4, 4B actually, because this is the second time we've tried to record it.
Episode 4 of the Host Unknown podcast.
Welcome gents, we've got Javad and Andy as usual, as you might expect. Hello gents.
Hello, hello.
Afternoon, how are you doing Mr Langford?
All very good, thank you. All very good.
How about yourself, are you coping with living in the house permanently?
Yeah, I guess there's not, you know me, I can work anywhere.
I'm fully agile in terms of where I work.
I mean, agile would not be the word I'd use to describe you, but...
I am built for comfort, not for speed.
Built for British airways business
which uh which your points must be dwindling faster than um las vegas winnings
i'll admit i am concerned that i may lose status um certainly with the amount of business travel that has now been axed even when
this uh situation does blow over um you know and i'm just not quite sure i could ever go back to
life as it was before as no you know if i hadn't seen such riches i could uh live with being poor
i i'm totally with you on that because i'm due to lose my gold status in may
unless they decide like some other companies to extend it yeah to extend it for another year
uh which i think was fair play um but yeah those lounges i'm gonna i'm gonna miss those lounges
yeah it's like gen pop it's coming from a you know a minimum security prison and then ending
up in gen pop of a maximum security prison.
You just don't want to be there.
Folks, this episode is not sponsored by British Airways or their lounges.
But if you were to sponsor our podcast, this is the exact kind of casual sponsorship messaging that would be rolled into it.
Your audience would be none the
wiser let's just clarify we hadn't we haven't actually had a chance to catch up for a while
so you know we're just shooting the breeze here yeah i guess um do we care what jav feels like
at the moment should we ask how he's doing or should we just move on for the sake of time
well i mean you know jav hasn't got anything interesting to say about british airways lounges
i mean the weather spoons is about as far as he gets in the airport.
True story. True story.
True story, yeah.
So, Jav, how about you? Are you holed up in your little man cave at the moment?
Well, having been predominantly a home worker for the last few years,
I haven't even realised anything's different, to be honest.
I haven't even realised anything's different, to be honest.
You just wondered, you thought it was the summer holidays because the kids are at home all the time, right?
Yeah, I mean, I don't know.
The wife looks after the kids all the time.
She's responsible for their schedules.
Oh, dear.
So, as you gathered, folks, this has been recorded in, what,
week four of uh uk lockdown official
week four i think some people locked down a little bit earlier uh so the insanity hasn't
quite set in yet but i don't think we're we're far off it um we just i know i've just come back
from the shops to do an essentials shop of uh all of the cut price Easter chocolate.
Yeah, Easter Boxing Day, isn't it?
Yeah, yeah, exactly.
Little Kit Kat bunny chocolate bars for 12 pence.
Can't go wrong.
Nice.
So, yes.
This episode is not sponsored by Cadbury's, but if you would like to sponsor it,
this is the kind of casual advertising you'll receive.
And, Andyy this is why
we don't ask jav to do the sponsorship because kit kats are made by nestle yeah yeah details mere
details exactly he'll catch up soon he'll catch up soon so we've got a few things to talk about
we have got um our regular rant of the week i say regular given um this is only what
the the fourth podcast third podcast maybe in just a second i'm not sure that we've done so
irregular maybe rant of the week we've got the tweet of the week probably the fifth if you count
the uh ill-fated one that uh will probably never make the airways that we uh did last week
a lot what i was going to say i was
going to say which one there's the one that's waiting for jack daniel to die um before we
release the memorial podcast in memorial yeah he even said he'd help us release it excellent so uh
you know keep keep onto a winner is peeled yeah absolutely uh and then there's the one last week
that sounded terrible that we had a massive echo in there. We had a massive echo in there.
It was really bad.
Yeah. Wonder who thought that was.
Hey, hey, if you want quality jingles and stuff like that, then I'm your man.
You're listening to the Host Unknown podcast.
More fun than a security vendor's briefing see see just at the
touch of a button that was i honestly thought you were going in a different direction there
when you said if you want uh you know quality podcast with uh quality jingers i thought you're
gonna say download the smashing security podcast or follow them on twitter and that's smashing without the g because twitter
wouldn't let them have the g i'm just sorry i just sounded like graham clearly there for a minute
but um i just heard their latest podcast and apparently mr cluley has bought two facebook
portals so he is now a facebook customer. Wow. That's outrageous.
What's a Facebook portal?
It's
like a video conferencing thing that
allows you to drop in on family.
So his in-laws had it.
It was deemed to be by
obviously other people in the household
to be the right solution.
So he's had to install these
facebook portals um so they can uh video conference with um with the in-laws
and um you should listen to their podcast after you've listened to it well you would do after if
you know but anyway you should listen to the podcast because it's fascinating. And he does get ripped to shreds by Carol or Carole or whomever because of this.
Because obviously he is very, very anti-Facebook.
Indeed.
So, I mean, I spent last night on a Zoom cast.
Is that the right word?
You've got a Zoom conference with loads of people.
Yeah, yeah, yeah.
Watching our good friend Mr. Rice get drunk for his birthday.
That must have been, was that like a spectator sport?
It really was. It was a case of, you know, how many beers has he actually just downed in the last 20 minutes?
Oh my God. For those who don't know, Mr. Ice is the talented gentleman who writes all of the songs.
Not all of the songs, actually.
Two out of the three.
Two out of the three songs.
The two that scan really well are the ones that Mr. Ice has written for us.
The one that didn't scan very well was Mr. Malick's,
the one that didn't scan very well was Mr. Malik's,
but still has a huge number of more views than the last one,
I should point out.
The last one was the one that nearly destroyed the band.
It nearly did.
Well, no, I wouldn't say the video was the last,
the music video was the last one that nearly destroyed the band.
I'd say it was Andy.
Yeah, yeah, I think that's fair.
Yeah.
So, Andy.
Let's move swiftly on from this topic. Yeah, talking of Andy, let's go to Billy Big Balls.
Andy, so Andy's going to be doing a Billy Big Ball.
This is sort of like the part where we talk about somebody
who really is outdoing themselves currently on the internet
billy big balls of the week
and i think it's fair to say geez how long is that jingle that is a quality jingle so
how much should we pay for that it's well we haven't paid for it that's one of the samples right you get them
to the right samples exactly yeah we just uh we use those and say i've been struck off fiver as
a result oh well um so billy big balls of the week this week uh or this month let's be honest here we're not doing uh doing these every week this is um
absolute royalty and i'm sure you will agree if you have seen netflix's
biggest documentary of all time the tiger king which is an exploration of big cat breeding
and uh fair to say extremely bizarre underworld um with extremely eccentric characters
who uh you'd be forgiven for uh thinking we're all on meth um this incredulous documentary
features a character called joe exotic who is my biggie biggie biggie smalls. Billy Big Balls of the week. The Billy Big Smalls of the week.
I know, Tom, you have seen Tiger King.
I have.
Have you been on it yet, Jeff?
Have you seen it?
I have, yes.
I just finished it last night.
And your thoughts?
Apart from being late to the party
she did it didn't she
well yeah she did it
she definitely killed her husband and fed her to the tigers
there's no doubt in my mind
I actually
the good thing about the show
there aren't many redeeming qualities
was that I watched it and then I
finished it and then I came on to
InfoSec Twitter and they just seemed
like normal people after that.
Can you imagine what Tiger King Twitter is like or Tiger Breeding Twitter? That must be insane.
it's just i can't believe people and what's funny one of my colleagues um eric he he lives um only a few miles away from the carol baskin he lives in tampa or that area um and and honestly he he
says it's pretty much a that is what life is like in some of those parts.
Yeah.
There's no exaggeration.
Yeah.
Eric is actually kind of like our litmus test for how crazy Americans are.
If we think something's crazy, then Eric will tell us, yes, it is.
And here's a worst example.
Yeah.
He's my token American friend
yes so any other Americans some of my very good friends are American
yeah any other Americans listening who are friends with Jav it's not you it's Eric
so so Andy why why the Billy Big Balls though so many people may not have seen this but uh
most people will have at least at least well both the listeners will have will have uh
heard about joe exotic but why the billy big balls and what the hell has this got to do with infosec
um do you know what i'm not even going to do the InfoSec link that I was going to do.
Why?
Just because, you know, litigation, people are bored at this time of year.
There's a lot of lawyers sitting around doing nothing.
So I'm just going to skip over that part.
But I mean, this is a guy who is, you know, people assumed was top of his game. know he had a big reputation he did a lot of stuff you know ran some very big operations and
seemed to be the go-to guy but you will realize what an absolute s show that he
actually runs there you know and that you know the truth behind the scenes
spaghetti show this stuff is and behind the scenes. Spaghetti show this stuff is.
And behind the scenes, he is probably not someone you want to be dealing with for a number of reasons.
And it's not in a business capacity.
No.
I can imagine he's the life and soul of a party.
Yeah, absolutely.
Don't get me wrong.
Lovely guy, I'm sure.
Not the person you want in charge of tigers put it that way
and so it turns out he's afraid of tigers yeah exactly so you know you take that to the infosec
industry you find someone like that that just shouldn't be in charge of infosec
but we can think of a few can't we
some might even be coming up later in the show oh who knows spoiler alert
excellent excellent so uh yeah uh so joe exotic is our
billy big balls of the week
Billy Big Balls of the Week. the eighth episode where they had caught up with a bunch of people. That was really good too. It was, but you know, I don't want to do a spoiler.
So we can come back to that one next time.
Yeah.
Yeah.
So, well, we're going to move on to Jav and rant of the week.
But before we do that, Jav, what have you been up to recently anyway?
What do you mean?
I feel like this is a trick question.
You know us too well. not at all no no no trick question at all i'm merely trying to fill space before we just churn through our the topics we've decided on in no way has your boss reached out to
tom and said what does he do all day yeah no no I I will neither
confirm nor deny that that's what's happened I saw how Joe Exotic got set up I can smell a set
up coming a mile away now so well all right I guess you know have you done any spring cleaning? Have you felt the need?
Have you disinfected your house?
Have you?
I have indeed. This weekend was Easter weekend.
So we had four days off as opposed to the three days off our American cousins get.
Aha.
Suck it.
And just out of interest, my obviously friend of different religious persuasion do you actually celebrate
easter in your household it's the law of the land mate i mean like if the government says
you get four days off who am i to argue
and if and if the law says you have to eat chocolate eggs and bunnies then hey
well on the day after when they're on on discount yes
you're still frugal right you're not because my personal beliefs
my personal beliefs actually forbid me from buying anything on full price
and that andy is why we have mortgages and he doesn't exactly
at least not in my name.
I didn't think you could own a business.
I was going to say, Geoff, you would all be making jokes about tax evasion
when it's recorded and going out.
Play the next jingle, Tom.
I can't find it.
I can't find it.
Hang on.
Oh, here we go.
Tweet of the Week.
So, the Tweet of the Week is a tweet we saw in this week
that we think deserves the dubious honour of being the Tweet of the Week.
And this week's one is actually two tweets.
It's a tweet thread.
But the first two tweets and it's from Chris Hoff, a.k.a. Beaker on Twitter.
And he says there are people in the infosec industry who are held up as idols and heroes within the community who have under their watch presided over multiple mega breaches and privacy debacles yet continue to be given airtime and lauded
for their expertise and leadership for failure at scale is the idea if they
talk a good game about ideal states of security and privacy whilst
providing an affable yet academic but likewise controversial stance on execution that they add
value because they've effed up and supposedly know how not to repeat. Data suggests otherwise.
not to repeat data suggests otherwise wow heavy stuff very heavy stuff but then the cherry on top is a reply by alex stamos and and who pray is alex stamos for for the uninitiated alex stamos was um
uh he's chief security officer at Yahoo,
the company famous for having a massive data breach.
Wow.
And then he moved over to Facebook.
Did they have any privacy issues at Facebook?
Well, you know, he was there when they had the biggest, like,
election sort of like, what is it,
the Cambridge Analytica and all that kind of stuff.
But I'm sure Chris wasn't talking about Alex, but Alex then replies to Chris saying,
Morning, Chris.
That's quite self-referential. That's quite self-aware.
Yeah, and Chris replies saying, Morning, Alex.
that's quite self-aware yeah and chris replies saying morning alex and then alex does go on on a on a 20 part so it's basically a blog written out in tweets about uh you know defending his
situation and stuff but i got a good chuckle out of that it's joe what's what's interesting about
that well quite apart from the fact that these tweet threads are just so
annoying because half the time you can't even find
them or they disappear
after half way through or whatever but
and also write a damn blog
or get a Facebook account
but I think the fascinating thing there is
well one either Alex
was very coincidentally
saying
hello or it was very aware of the fact that that's
exactly what's happened to him but does that mean that we should be ignoring his um you know his
his thoughts and and expertise in inverted commas because breaches happen to everyone right indeed
you know what it's really hard to come to judgment or say anything definitive because i just don't
know alex damos i've never met him never conversed with him so everything i know is all second hand
which is useless information so then you look at the professional aspects and it's the things that
chris has mentioned um but that's not the entire story
there's there's far more to the story probably so um i i can't say either way whether he's
just unfortunate to be in those situations because he's at these high profile companies which are
historically they've been poorly managed anyway i don't think anyone say like you know i don't know whether anyone different
would have achieved any different outcome in that situation or maybe they were fantastic
companies and he just went and screwed it all up we'll just never really know yeah because i mean
we've all been in the driving seat when something's gone wrong and in fact i think
in your case jav you actually caused something big to go wrong.
But, you know, so part of the time it's completely out of our hands, as you say.
Sorry, Andy, you were going to say something.
I was, but then I ate a haribo and lost my train of thought.
You got lost in the sugar deliciousness.
It's actually called the Juicy Woosie one
Which
Yeah so I hit the cash and carry
Well this took a turn
Sorry
Wasn't that your first girlfriend you're talking about
No that was Juicy Lucy
Anyway
Back on track
So you know
You're the CEO of a big Corporation that a you're the ceo okay of a big uh corporation that is shooting
through the roof at the moment um and not the other zoom which uh you know the the sec had to
delist from the market um because people were accidentally investing in making money from it
thinking it was uh you know the the famous zoom collaboration uh tool but um you know presiding
over these uh you know massive incidents um you're gonna pick up a lot of experience a lot of lessons
learned um is that valuable to take into a company that's starting with no one I think you're also you're also under some
pretty severe gagging orders about what you can say and what you can't say you
know because it could wait are you trying to imply that Zuckerberg has got
a legal team that would do something like this I thought they were just a
friendly social network yeah well indeed indeed
but but we all know you know and myself included that actually sometimes it's made very clear you
do not say anything about you know subject xyz at all if you do you know we'll we're going to
sue your asses the ndas etc so it may be that you know in this particular instance using you know the examples you you gave
jab that alex was pushing and against facebook massively which is why he ended up leaving and
maybe he was actually just banging his head against a brick wall it could be and you're right
there's loads of companies especially in the u.s it's very common to have non-disparagement clauses where you can't say anything negative.
But I think going to your first point about whether it's wise for Zoom to bring on board Alex, given his history.
I think the two things that are important to understand is one is it's not he he's just being brought on as an advisor and there's a whole bunch of other people and companies being brought on at
the same time so it's not just Alex and secondly it's fantastic from a PR perspective yeah because
from from Zoom's perspective they've probably got people internally who now with the right resources
and budgets and with a bit of external
help they can actually put in place a plan but if but you need a face to show to the public as well
to say hey we're very serious here's someone who and let's be honest outside of the infosec bubble
no one will know who alex damos is but if you say the former head of security of facebook and
the the lecturer app where every lecture is at the moment,
it slips on Harvard or Stanford or something. And he was at, it brings a lot of credibility.
He keynoted Black Hat and everything. And so half the battle in a lot of situations, it's like
optics and how you're seen to be managing stuff. So I do think it's a clever,
it's a good move by Zoom
that they are getting on board a lot of experts.
And I think from an optics perspective,
it's absolutely great that they're getting Alex Deimos.
I mean, they could get you.
So for example, Tom,
but then people are like, who's that?
Why him?
Yeah, absolutely.
Why him?
That extremely successful and very effective CISO
and virtual CISO for hire.
You priced yourself out of the market.
Good work.
What, by saying I'm only available to work for people like Zoom?
I didn't say which Zoom, though.
But the unfortunate side effect of that is and and again this is this
is not aimed at alex at all but the unfortunate side effect of that is that people who are
um not relevant anymore but have made their names you know number of years ago creating i don't know
some kind of encryption algorithm in the 50s or something um they're they're maintaining their relevance
through this uh this this optics thing you know through being constantly being brought onto the
board of this or the advisory committee of that etc and yet they've had no real world experience
for the last you know 15 years uh i can i can think of quite a few people like that at the moment in our in our
industry and i'm wondering what exactly are you contributing except yet another book are you just
hating the game now or the players instead of the game because because that that pretty much is the
game in in most industries i'm only hating the game because i haven't quite worked
out how to get in it yet yeah so i think from a broad perspective it's very much an american game
by and large and a lot of that is because of the um the startup culture the investment culture
so that's why you see you know so many startups and. We only see the security side of it, but a lot of other tech startups are in the same position.
And when a VC goes in and they fund a company,
there's just a playbook that they follow a lot of the times.
It's like, oh, this hates.
Which is why every product looks the same.
Every website looks the same.
And their roadmap.
Their roadmap, their whole thing
and and it's just like a sausage factory and these people that's just in first set conferences in
general right yeah no no you're thinking of a sausage fest oh okay yeah there we go
so you know it's this is just a byproduct of the entire system that that we're in the ecosystem
so i i'd say fair play if people can get say director positions or advisor positions they
can get paid lots of money uh we might think they've not got the right experience but if the
company is paying them and they feel like they're getting value or they're opening up a list of contacts that can open doors for them
there's all these ancillary benefits other than the uh the specific thing that is um the technology
expertise yeah that's very fair that's very fair you are worth exactly what somebody is willing to
pay you yeah and i've not it's i'm not trying to defend myself
because i don't feel like i've slipped into that category at all says you on the advisory board
there we go what does an advocate do again so you don't actually do any real work day to day right
is that uh you're not actually operationally hands-on changing things, no?
Yeah, yeah.
It's funny because last time I phoned you,
you were like underneath the server trying to plug in some cables
and configuring a firewall in production on the fly.
That was just on my lunch break, dude.
That was for his personal server.
All right, Jav, that was...
Tweet of the Week.
Thank you very much for that.
So let's talk about sponsorships, shall we?
A little bit more seriously, because we spoke about it last time.
And sponsorship from you know companies like zoom maybe alex you'd like to come on to the host
unknown podcast and just to clarify do we want uh zoom uh as in the real video chat service or do
we want zoom technologies um who obviously a value is shot up through the roof over the last few weeks
as so many people invested in the wrong
company i think if they pay money we don't care absolutely i would prefer to get zoom technologies
on board to be honest because i want to first find out what they do and then i want to know
what the the execs have spent all their money on yeah and if they'd like any sort of security
advocates or maybe people who could help with the security strategy or even some of their you know
m&a activities right if they need to offload if they need to divest any of that business let me
know yeah yeah we we've got the expertise right here in this virtual room yes this room is the
three comma club we've each got one of the commas, but together.
I was going to say what we pause just before we say our names.
But yeah, we would take anybody's money, frankly.
And we would speak nice things about you.
And we would put you in a nice little jingle,
which might sound a little bit like this host unknown sponsored by insert name here
now when i say that we put you in a jingle like that what we would actually do is just talk over
the jingle at the point where it says insert name here and shout your name uh because these
these jingles are expensive you know we can't afford to make one every single time yeah oh my
god yeah it's gonna you know you know especially for the rates that we're charging um but uh we
are very open for sponsors as um smashing security says it allows us to give you this podcast for
free um not sure what the overheads are on
a particular podcast i think it's only about ten dollars a month so uh i'm not quite sure what uh
you know what graham and carol are spending their slush fund on they charge more for their time than
any of us do probably and let's face it they're probably worth it as well. Yeah. Well, Graham does have more hair to look after, so.
He does. It's very luscious as well, isn't it?
Although, what I was going to say, to be honest,
I actually truly believe that maintaining the dome takes longer
than actually maintaining a full bouffant of hair.
than actually maintaining a full bouffant of hair.
Well, yeah, so I obviously, you know me,
I've decided to take the whole lot off.
But then the hair grows back daily.
You know, I actually feel like I'm growing more hair since I've shaved it off than I ever could when I had hair.
Just wet shave it in the shower.
That would mean him having to have a shower every day
that's yeah let's not get silly man we're saving water here which in week four of of lockdown is
is challenging at best absolutely i mean i'm out here in africa so it's uh you know we look at
water a bit differently to you guys in your first world um you know fancy is that africa avenue in stepney exactly
and the africa scented lynx body spray
oh my god my house smells of that with my teenage boy
jeez it's it's like walking into a fug most uh most mornings especially when he was when he was
able to go when it was courting yeah courting yeah something like that oh dear so so yes sponsors if
you'd like more of this kind of really fantastic on point conversation then uh then do contact us and we will gladly take your money isn't that true
oh we'll always take money yeah and we'll absolutely debate you for it as well you know
if you want to you want to pull out some industry experts stick them in a room with us we will
gladly round table them and just dismiss everything they say yeah and you know comment on their hair yeah and the quality of their podcast
personal insults yeah absolutely absolutely everything goes here and mothers are not
if you're really clever you can sponsor us to invite one of your competitors onto the blog
and we'll round table them yeah it's it's kind of like, do you remember Celebrity Deathmatch? Yes! It's like the podcast equivalent of that.
Yeah.
Yeah, we'll do that.
We'll do that.
Although, you know, we have taken money from sponsors in the past.
We've got some very big-name sponsors.
Yo, what up, Anthony?
Yeah, thanks, mate.
I hope you like this podcast.
We did it for you.
Thanks for the money for big up big up
i'm gonna have to edit that out yeah but um
before they sue us that's probably their only revenue stream these days well actually technically
we took money from a company that is no longer a legal entity this is true excellent this is true yeah and they were
then told not to worry about it yes until they started to worry about it yeah that's right
that's right although i've yet to see a penny of it i have to say
well you know like putting it through all these offshore accounts it doesn't leave much
that's right. Oh, dear.
Yeah, those tax authorities in Switzerland are really hot.
Right, we're going to move on to the last part of the show.
This is the time of the week when we talk about...
Rant of the Week.
I picked a short one there.
So this is me talking about Rant of the Week.
And I'm going to be talking about, funnily enough,
this whole shift to working from home and working flexibly, etc.
So I've been involved with a number of companies who do events and do webinars,
who do talks, forums, roundtables, all that sort of stuff.
And I've seen, not necessarily the clients I've been working with,
but I have seen a number of companies out there
who are just struggling with this shift from in-person events to virtual.
So they fired most of their events teams.
They're struggling to think what to do next and
and how to reach their market when actually um you know uh even um have i got news for you on the bbc
the other week uh was um done just through zoom so all of the all of the contestants and the
and the uh the celebrity lead were uh, sorry, were zooming in from their homes and their kitchens, etc. for the show.
And it was a little weird and it was, you know, it had a different vibe to it, but it was still funny and still successful.
So if the BBC can adapt to, you know, this kind of working and actually doing shows and doing events, etc., then most companies should be able to as well it's just that they've
they they're not willing to stick their their toe in into that water and if you're if one of your
vendors is one of these people and they're struggling to to adapt to these times that's
going to really tell you something about you know who they are and how they operate as a company
they cannot adapt to you know changing environments and that that that uh
that really grounds my gears uh as uh as certain cartoon characters might say and i think it's it's
it's worth pointing out that when you see companies who are embracing this and still
continuing to push events those are the sorts of companies that are actually very very on point in these times and
can obviously adapt and improvise and overcome so that's my rant of the week and it sounds like
you're actually quite passionate about this here yes yes you know given that i could certainly
offer some services on this front but
but no in all seriousness it does annoy me because you know that it's not
that difficult it really isn't that difficult to jump on a zoom call i've seen you know shifting
some companies in fact some companies i used to work for now doing um linkedin events you know
round tables on linkedin and they're actually very effective uh just as effective as as you know round tables on linkedin and they're actually very effective uh just as effective as
as you know doing something in person and in fact you can do more of them and reach more people
and so i wonder why there aren't more companies doing this sort of thing
yeah so i guess if we uh so looking at the size of companies, so I guess there's different aspects to this.
And so I'm lucky enough to work for a large global entity, which is very well resourced and has very mature processes.
But, you know, even we, you know, in the in the in the beginning, we had that challenge of, you know, suddenly the entire workforce is connecting from VPN.
you know, suddenly the entire workforce is connecting from VPN.
Whereas, you know, historically we'd always have at least, you know,
40% of the workforce permanently office-based.
And so, you know, I guess the challenges with working remotely are far more than just,
hey, you know, we can't get a conference call together.
It is, you know, genuine access to systems, which can only be accessed via VPN.
You know, do you have bandwidth issues connecting via VPN VPN how long does it take you to upgrade that you know and these are real challenges that we saw you know certainly in those first couple
of days of the lockdown which were overcome you know it is that
improvised adapt overcome but I guess not every company's geared up to do that
um well i can i can understand you know and we're sort of slightly moving you know segueing on this
but it's still very valid in that you know you had probably pandemic protocols where
yeah um in place where okay this is what happens when the entire workforce of a country or whatever can't make it in.
And you followed those protocols in such a way that allowed you
to be flexible, et cetera.
You may be, I don't know, but you may be loosened some security requirements
for a short term in order to allow people in.
Of course, I wouldn't expect it, but I'm sure some companies did.
And other companies will follow suit
and that that's absolutely fine but i think i think the fact that is that when people can't
adapt and they can't overcome and they're they they've not uh either invested in some kind of
planning you know like may maybe like you know some countries at the moment who who disbanded
their organizations that looked
at pandemics and how to respond and all that sort of stuff you know the the sheer short-sightedness
of that for an organization well you're just hiring an expert when it comes up
surely yeah except all of those experts are in short supply right you know um but i i it just
really strikes me that this when when this is all said and done we i
think we're going to look back and we're going to see you know not just events that are going to
fall by the wayside because they haven't shown that they can adapt but also companies who are
who will you will really see their shortcomings um as a result of this and actually you'll start
to question,
are they the right company?
Are they the company I should be doing business with?
Because if they can't handle this themselves when things go wrong, how are they going to help me?
Man, you are so wrong on that take.
All right.
Yeah.
Okay.
That's all I've got to say about that.
No, no, no.
Tune in next time for the conclusion of that argument.
If he remembers.
The conclusion is available to Patreon members only.
That's another lesson from Smashing Security.
Smashing without the G.
Yeah.
No, I do think, well i i see where you're coming
from you're you're kind of like the beer grills improvise adapt overcome kind of mentality which
is fine and i i usually subscribe to that but what you're not taking into account is
this is very unprecedented so okay let let me tell you a story snuggle up
kids so there was a bank i believe it was in the u.s and they had fantastic dr processes in place
they had in case their main building was offline or something happened then you know they they had a
hot backup they had a standby they had know, other sites that had services set up.
And their main building caught fire one time.
And it was a massive thing.
They shut off several blocks.
They had, you know, the fire department there.
And it's like, OK, that's cool.
We prepared for this.
And they started shifting people over to the other locations.
And all the systems were there but um what they
didn't account for was the emotional trauma that most people had suffered some of them had received
word that some colleagues had perished uh some were unaccounted for some had actually seen people
die in front of them um some were like calling their families up and sobbing
and like, I nearly died today.
So, you know, having something methodically set up
and actually executing it
when you have the human element involved
and the emotions involved are two very different things.
And what we have nowadays is it's not just a case
of like improvise, adapt adapt overcome stop start being a remote
events company or something it's like oh all of our sponsors are pulled out because they're trying
to preserve their cash flow journalists are being furloughed because there's not no advertising
there's no money coming in so there's no one going to be covering your event uh professionals are
you know busy doing other things maybe you know people have got loved ones who have been, you know, impacted by COVID-19.
They're in hospital. There's all sorts of other things. So I think, you know, when you take a step
back out of that narrow lens of like, well, why don't you just do it online it the economics and the emotional toll and everything actually
pile on a lot so while while i admit you do have a point it's a i think it's a very small point that
is uh needs a bit more empathy to it well without wishing to agree with you, I agree with you entirely.
Worst hostage negotiator ever.
Exactly, exactly.
No, I agree that, you know,
when I was talking about protocols, et cetera,
I wasn't explicitly talking about, you know,
step one, do this, step two, do the other.
Those protocols themselves have to be flexible,
have to take into account a human element.
I mean, there's a whole, you know, we could do a whole talk
or a whole session or a whole, you know, virtual webinar
on just that subject itself.
I completely agree.
And that story you gave about the human elements
and the human suffering, completely.
And your, you know, your planning has to take that sort of thing into account.
Your point about, you know about losing sponsors, et cetera, yeah, totally agree, totally get that.
But we're talking about companies who, if they don't have a presence, then they don't survive at all. And if they don't start to generate that presence, if they don't
start to generate that interest themselves with the few journalists that are left or the few people
or staff that they have left, etc., then they really are going to go. They haven't worked out
what their minimum viable product is in order to continue to survive because they're not supporting it so yes you're absolutely right but
i think um the the point i'm trying to make was that all of that being the case you still need to
adapt overcome you know or adapt improvise and overcome and will we start to see the uh the
advent of new startups uh where people figure out what that minimum viable product is you know
a whole launch of new companies who who come out of this this current pandemic filling in the gap
to other people couldn't I mean I know for you know myself I've been taking deliveries from you
know direct from Covent Garden market where food comes in fresh to the country um ahead of supermarkets because they've got a distributor in the area or you know the restaurants
around here weren't able to uh open um so they've been continuing their regular deliveries and then
reselling them and it could be you know an alternate revenue stream for them going forward
i mean that's just a small example, but something that did make
me think as Jav was telling that story about how, you know, people didn't account for things.
And this would just go back to, you know, previous company where I was working.
We had just spent a lot of money on this new data center, you know, backup site. And as,
you know, with all these things, you can't just, you know, buy it, switch it on and move to it.
So we were running three data centers for a while.
Obviously, a very big cost for a small company as we migrated our secondary backup site to another site.
Anyway, the usual thing, we're doing maintenance as a company with a high risk appetite.
We would shut down the primary site, move all traffic the secondary site whilst we uh upgraded a load of stuff um one time this was occurring during office hours uh the backup
site which was serving all the traffic went down and uh we couldn't get hold of anyone you know we
didn't know what was going on so uh you know one of the guys drove up there uh you know he called
from the car park he said utter chaos uh he said you know this place there is like fire engines everywhere there are people
everywhere and um you know there's me you know explaining to the md no no no it's a proper data
center you know nothing dodgy like full hvac systems fire suppression you know everything
sound backup generators can last for you know five days without contact with the outside world.
Contractors for more fuel.
But what had happened, you know, in this site that we had trusted could continue to run in all eventualities and any failings they may have.
there was one of the UPS devices caught alight which triggered the fire suppression system which automatically called the fire brigade and when the fire brigade came the commander-in-chief
you know whoever was responsible for all his people refused to enter the building
until all the power had been switched off and so even the data centers have this fireman
switch which literally kills all power to the data center there's no graceful shutdown there's no
continue running with ups it is a hard shutdown and you know despite all of the controls we had to
ensure that environment continued to run uh for the fire brigade just
turned up and switched it off and that's how we lost an entire site uh one afternoon
yeah wow yeah the the total unexpected the black swan event happens right yeah
so what was that provider uh well funnier this was, they were known as C4L,
Connections for London, back in the day.
I'm not sure if they're still known under that name.
But this was out in Maidenhead.
You know, you couldn't miss it.
It was great.
Most of them are in Maidenhead, aren't they?
Yeah, well, the owners had, one of the owners had a Ferrari
that he always used to park at the data centre
because it was safe and then leaving it outside his house so it wasn't that day he had a bit of a car collection
but um yeah as you say you know these are black swan events uh you know did anyone really plan
does anyone's pandemic plan really account for the entire organization globally not being able to attend the office it probably didn't but
their planning should ensure that they're they can continue to communicate and plan in a
in a managed and consistent way you know throughout the period rather than this is all you have to do
when you're done follow steps one through ten
it should be follow steps one through ad infinitum until until you all decide it's time to stop
yeah fair point well i think it's certainly a good discussion certainly yeah some different
one through to ad infinitum and you you can hire TL2 services.
Who can bill you from steps one through to ad infinitum?
We only bill per step, don't worry.
Rant of the week.
So, folks, I think we've prattled on for a long time. I think we originally aimed at 12 minutes, and we've hit something like 45.
So I think we're good to close our third, fourth, or 4B...
4B, podcast 4B done.
Podcast 4B done, yeah.
It's a wrap.
Yeah, so thank you very much, folks.
Thank you for listening.
Thank you, Jav. You're welcome for listening thank you jav you're welcome
thank you andy you're welcome always a pleasure never a chore indeed and thank you tom
host unknown the podcast was written performed and produced by andrewnes, Javad Malik and Tom Langford.
Copyright 2015.
Or something like that.
Insert legal agreement here as applicable and binding in your country of residence.
We thank you.
I think I might have to update that No definitely not
Keep it 2015
It costs too much