The Southern Fried Security Podcast

It's been 9 years and over 210 different content items since we started this thing in January of 2010.  As much as we hate it we feel it's time to end this project and start thinking about What Comes Next. Don't worry - the episodes and website aren't going anywhere anytime soon so you'll still be able to download all the content.  We're also discussing some new ideas to stay engaged with the cybersecurity community so you'll want to keep this feed live on your podcast listening device to catch updates on where we are on that. All of us would like to thank all of you for your support...

The Southern Fried Security Podcast

It's another Front Porch episode! Yvette talks to her friend Brandon Clark as his first novel "Ransomware" is about to be released.  "Ransomware" is part of Brandon's "Killchain Chronicles" series that will be coming out over time. You can find the book here:   We will be back soon with more great new content.

The Southern Fried Security Podcast

Episode 206 - The Front Porch….   Welcome to the first of an occasional series of episodes featuring conversations with a variety of interesting people from both inside and outside of information security.   In this inaugural episode you get to listen to dinner conversation between Wendy Nather, Mike Rothman, Wolfgang Goerlich, and Martin Fisher that happened in Atlanta at the Atlas Restaurant. We cover a lot of topics that I’m sure you’ll find interesting.     And, for the record, the “Aristocrat” cocktail at Atlas is something you must try.   I appreciate...

The Southern Fried Security Podcast

We recorded this episode as the closing keynote at BSides Atlanta on May 5th, 2018. We want to give a big round of thanks to the organizers, volunteers, sponsors, and attendees of BSides Atlanta for a great venue and event.  It was a great time and we hope to be there again next year.

The Southern Fried Security Podcast

Episode 204 - Evaluating Your Security Program: Communications Plan   Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In If Education & Awareness are how the employees engage the program then Communications is how the management team engage...

The Southern Fried Security Podcast

Show Notes   Episode 203 - Evaluating Your Security Program: Threat Mapping   Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education is how most people in your org know the program Threat Mapping maps the outside threats to your inside controls & tech Communications is that final turn from the inside out Start At The Outside and Move Your Way In How is this different from threat modeling? Threat modeling is listing what could happen to you. Threat mapping...

The Southern Fried Security Podcast

Episode 202 - Evaluating Your Security Program: Awareness & Education

The Southern Fried Security Podcast

We're going to use this episode to allow the cast to talk about reaching 200 episodes and you'll hear what *really* happened on the Lost Episode.   We will be back in 2018 with more episodes.  Until then be well and stay secure!

The Southern Fried Security Podcast

Episode 200 - Building A Security Strategy - Part III Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “How do I make one?” Tech Tech, by itself, only consumes electricity and turns cool air into warm air So many choices…. The tech selection is the *least* critical one for developing a capability This is the “Stuff You Have To Do” Usually determined by regulation, policy, or corporate edict Describes a desired outcome - not...

The Southern Fried Security Podcast

Episode 199 - Building A Security Strategy - Part II Recap Strategy vs Policy Understand the business of your Business Know who your stakeholders really are Capability = (Tech + Service) * Process Crawl, Walk, Run It Takes A Village The Question is “How do I make one?” Almost no business is in the business of information security Follow The Money Understand The Decisioning Process “Culture Eats Strategy For Breakfast” Vocabulary Matters Understand the Business of Your Business Know the Formal and Informal Org Charts Influencers are as important as Deciders Beware the Spoiler...