A short form (15-20 minute) weekly podcast hosted by SecurityStudio's Ryan Cloutier and Evan Francen. SIMPLE information security tips and tricks are discussed for experts and non-experts alike. Co-hosts Ryan Cloutier and Evan Francen share their real world experiences about what works and what doesn't in the world of cybersecurity.
Episode 15 is the 4th installment in the Security Simplified Incident Management Series. Over the course of dozens of years and 100s of incidents we've heard a lot of questions, and some are more common than others. When we're in the middle of an information security incident, just about every question is valid.Tune in to this episode to hear some of the most common questions incident response clients have asked us. We'll share our common responses too.At SecurityStudio, our mission is: "Simplify Information Security For ALL".#MissionBeforeMoney.
The 3rd installment in the Security Simplified Incident Management Series. In this episode, Ryan and Evan have a good discussion about the most common mistakes we've seen over the years with incident response/management. Maybe you're prone to one (or more) of these mistakes, or you've certainly heard about them. Regardless, these guys have already paid the "dumb tax". Learn how to avoid common mistakes and adopt the best plan for your organization!All this while staying true to our motto: "Simplify Information Security For ALL". It's our mission. #MissionBeforeMoney.
This is #2 of 9 in the Security Simplified Incident Management Series. In this episode (#13), Evan and Ryan bust the top incident response planning myths. This is a MUST LISTEN episode where the guys break it down using simple logic. Despite the fact that information security incidents are certain to happen, most organizations do NOT do proper planning.
The Security Simplified Podcast is back, and we're introducing the Incident Management Series! For the next nine episodes, Evan and Ryan will simplify Incident Management for the Security Simplified Podcast audience.We start the series with this episode (Episode 12), tackling how to build support for an Incident Management Program. Despite the fact that information security incidents are certain to happen, most organizations do NOT do proper planning. Maybe we (information security professionals) haven't done a good job communicating the importance of an incident management program. Maybe we don't know the importance ourselves. Whatever the reason, we MUST do better!#MissionBeforeMoney
The 5th installment in the Information Security Governance Simplified Series, "Guidelines, Standards, and Procedures".In case you haven't noticed yet, Evan and Ryan have taken you from top to bottom with governance. It's not nearly as complicated as we tend to make it! In episode 10, the topic of information security policies was covered, and our policies need some tactical support. This is where guidelines, standards, and procedures are used. - What is a "guideline"? - What is a "standard"? - What is a "procedure"? - The purpose for each document type. - Approvals for each document type.Next week, we wrap up the series with "Maintaining Effective Governance". Hope you enjoy!
The next installment in the Information Security Governance Simplified Series. After covering the definition of information security governance (Ep. 7), the importance of aligning governance with the organization's mission (Ep. 8), and information security roles and responsibilities (Ep. 9), Ryan and Evan tackle information security policies in this episode (Ep. 10). - What are policies used for? - Who approves policies and policy changes? - Who maintains policies? - Which policies are considered "standard" policies? - Policy status tracking.Information security policies are critical to the success of an information security program, BUT only if they're done and used properly.
Continuing the Information Security Governance Simplified series, Ryan and Evan discuss roles and responsibilities and their importance to effective information security governance.Without explicitly defined roles and responsibilities accountability suffers (or is completely non-existent).In this episode, the topics include:* The Board of Directors (if it exists). – FOUR THINGS* Executive management.* Who is “ultimately responsible” for information security?* Directors and managers.* Information security personnel.* All personnel.Formally defining roles and responsibilities is critical. Listen to this episode to learn simple tips and tricks that Ryan and Evan have learned over the years, saving you the headaches of repeating the same mistakes they did.
Evan and Ryan pick up the "Information Security Governance Simplified" series where they left off in Episode 7 - Define Information Security Governance. In this episode, they discuss: - The importance of aligning governance with the mission of the organization. - Defining the mission for the information program. - The importance of executive management buy-in, and how to get it. - Defining the information security charter document. - Determining initial communication protocols.Information security governance should NOT be painful, and when governance is in alignment with the organization's purpose, it's actually the opposite. Good, well thought-out governance, is harmonious and it is possible to get everyone on the same page.We hope you enjoy Episode 8 - Governance Alignment, and join us next week for Episode 9 - Roles and Responsibilities!
Ryan and Evan kick off a new series this week, "Information Security Governance Simplified".In the first installment in the series (Episode 7), the guys define information security governance and address some of VERY important fundamentals, such as: - What is information security governance? - Why does information security governance make people cringe? - Governance is not one size fits all. - A CISO (by title, or otherwise) has ONLY two jobs.Next week, Ryan and Evan will tackle Governance Alignment. Hope you enjoy!
The past few weeks, Evan and Ryan have been covering network basics. This week, the wrap up network basics (for now) by looking inside a network packet.For those who haven't capture packets before, DO NOT BE INTIMIDATED! It's much easier and simpler than it seems.In this episode, Evan and Ryan download Wireshark (https://wireshark.org), install it, capture some network traffic, and take a peak inside what they caught.Next week, we'll shift gears and begin a series covering information security governance. You won't want to miss it!
Building off the past few episodes, covering network basics, Evan and Ryan give a simple explanation of what an IP address is, what it's used for, and why it's important to know these things.Next week (Episode #6), the guys will explain what a packet capture is, how to capture packets, and take a look inside.
In this episode, Ryan and Evan discuss networking basics and why understanding them is important to effective information security. Ryan gives a quick breakdown of the OSI model and what happens at each layer.Understanding how things work, in this case how two computers speak to each other on a network, makes you safer. You can't protect the things you don't understand, at least not as well as you can when you DO understand.
In the previous episode (Episode #3 - Quick nmap Introduction), Ryan and Evan demonstrated why we use nmap, where to get nmap, and how to perform a basic nmap scan. In this episode, they do a quick explanation of the results.NSE - Network Scan EngineDNS - Domain Name SystemTCP - Transmission Control ProtocolIP - Internet ProtocolDon't be intimidated by all the new words and numbers. This is a different language, a language that computers speak on a TCP/IP network. In time, you can (and should) learn the language too!NOTE: Evan made an error in this episode, see if you can find it!
A quick introduction to nmap. Topics covered in this episode include: - Why would we use nmap? - How to get nmap. - Installation - nmap and Zenmap - Basic scansIntense Scannmap -T4 -A -v scanme.nmap.org (or 192.168.0.0/24, etc.)Intense Scan, all TCP Portsnmap -p 1-65535 -T -A -v scan.nmap.org (or 192.168.0.0/24, etc.)Stealth SYN Scannmap -sS -O scanme.nmap.org (or 192.168.0.0/24, etc.)Enumeration on specific ports (only)nmap -sV -p 22,53,110,143,4564 scanme.nmap.org (or 192.168.0.0/24, etc.)Try these scans at home!
This is the first episode of the Security Simplified Podcast! Ryan and Evan kick things off by discussing the importance of effective communication. Information security professionals must learn and apply good communication skills in order to effect real change in their organization and with those they interact with. Some good tips in this first episode, and we're looking forward to next week!