Oh, the planning, the planning process is over.
Well that's the big, that's the big dog as opposed to the little one.
Okay, well that's, that's the one that's famous for being on the show, though, is
No, the little one.
Oh, the littler one is the one who's, who's had many appearances.
Yes, yes indeed.
and the littler one's dog, what's the name of the littler one? Skier?
Skier.
Like a ski, like the dog is a skier, goes to the mountains, puts on
No, like the yogurt.
Okay, so the dog is a, is a yogurt
The Icelandic for yogurt.
Ah, interesting. Okay. Wow. And
did you get there?
Uh, we, we really likes, we really like skier yogurt. And, um, so the timing was good. Heh
Oh, okay, yeah.
heh.
need help naming something, I'm going to reach out to Matt and his wife from this point forward and say, please come up with a cool, cause that's really a cool name. Like it's, you know, do you have a, is there a domain name associated with the dog where
Not, not yet. Well, actually, there's a domain name for the yogurt, so we probably would be in conflict if we tried to get one, but
Well, that would be like a ic or something though for Iceland, so you
Mm hmm.
Alright,
Scear. com is an actual yogurt brand, but
See, I don't eat a lot of yogurt, because I think it's disgusting. And so, there's another category of people who will send hate mail. The lovers of yogurt. And
Well, I should go grab my Scear yogurt now, because I get, it's in key lime flavor, which is
Well, you know, this episode of the Security Table, brought to you by yogurt. You need to eat none of this per year. To be happy, successful, and wise.
It tastes good. Come on.
the,
Heh heh heh heh heh heh
came up. It tastes good. That would not be the tagline I would associate with it. It would be terrible consistency, but good for you. All right. Well, hey, welcome folks to, uh, what appeared to be just a random conversation, which
Soft serve.
A random conversation that, uh, turns into a discussion about something in the realm of cybersecurity. That's why we call this the security table. I'm Chris Romeo joined by Izar Tarandach, Matt Coles, uh, the Knights of the security table who, uh, fight the battles of, I can't even finish the metaphor. I'm sorry.
All of them.
killed DAST, so I don't know what we're fighting now. Heh heh heh heh heh heh heh.
we fight four letter acronyms for security products that don't add value to the world. If you're out there, we're coming for you.
Dun dun
of thing. So
Knee!
wrote it.
Uff. Tis
now we're going into a full Monty
Bring me a fuzzer!
These are, this is one of the knights at St. Knee. Was that, now, in the movie, was that, who was the, which movie is it where the guy is like, gets his arms cut off and then his legs cut off, and, come closer
for Holy Grail. That's Quest for the Holy Grail. Same, same one. Tisma Scratch!
yeah, come closer and I'll bite your ankle! That's how we fight with valor. That's how the knights of the security table, we fight with that same enthusiasm
But you have no arms!
and result more than likely. So, all right, but we should actually talk about something in regards to security. And so the topic that we have for this week is fear, uncertainty, and doubt when it comes to consumers. and their security consciousness.
So we got to this as a result of a post I wrote last week on just, just, uh, I guess, reflecting on the role I've seen fear take in the security industry throughout my career of 26 years and seeing how We went from the days of old where it was all about scaring people into doing the right thing, or people, or the consumer being scared as a result of, Ah, my data's going to be breached, or my credit card's going to be stolen, in the days where you had to go to the police station and fill out a
police report, because your, because your credit card was in a data breach. Um, so that, that's
by the way. You're still supposed to do that. Yeah.
don't think, I mean, right now, I mean, the card companies are so good at, like, they call you and they're like, hey, by the way, your card's been breached. There's a new one in the mail. We got this. It's all good. Like, but that's, that's kind of like the, the shift of what's happened in perception of those things. But I guess, what is the role of, is there a role for fear, uncertainty, and doubt or FUD in the realm of cybersecurity, if we just use the umbrella term?
Matt, what are your thoughts?
Is there a role for it? Uh, if you, if you mean it fear drives people to take, take action? Probably. The problem is, does fear, uncertainty, and doubt cause people to a, take the wrong action, or at some point stop taking actions because there's this overload. And I'm fearing, I have some, I have some fears that, that overload happens. I mean, how many data breaches have there been? I mean, I mean, let's just jump it out there.
Out of, uh, out of the things that are in your home, which ones can get hacked? And which ones can't? And which ones can you do anything about? Short of not doing something, like not doing something or not buying those things,
Hmm.
right? So I think fear is a driving factor to a point, and then there's a cliff or a wall.
Yeah,
I am going to say that we are past that cliff. I think that people have been so and it's the second time in two days that I try to say that word and it will never work. The SENSITI
Desensitization. Desensitiz Wow, I can't, I can't say it. That
not an
been de census, I can't say it either now.
people are not sensitive to that stuff anymore. To the point that, you know what? Yeah, something else got breached. I got one more email from, you have been phoned, and Yeah, sure, whatever. I mean, we spoke about password managers, we spoke about compartmentalization, we spoke about what actually happens when somebody gets, gets breached, and when we bring all that together, I think that people are just like Passcaring.
Well, and we're talking about consumers here. We're not talking about security professionals, right?
even, we as security professionals don't really care about data breaches at the macro level, at least I don't. I don't track them anymore. I don't, I mean, there was a day in my time in my career where we got the morning briefing of some, anything big that happened the previous day or whatever in regards to giant incidents, but I can say I don't really pay that much attention to it anymore.
Well, I
more surprised than fear, I can say, and the surprise is not even that big. Sorry, man.
I, I was just gonna say, I guess I, I, I tend to revert to consumer mode and go look on and see if, you know, see if I'm in the latest round from have I been pwned. Right, uh, but yeah, I mean, so Marriott got popped, or MGM got popped, or, you know, whoever else. Oh well, I mean, that's what, that sucks, right? Uh, another round of credit monitoring, another round of what can I do, what can I do about this,
Does anybody ever sign up for that free credit monitoring by the way?
let me give you guys an example. Last Friday, I had a trip for the extended weekend, and of course, as one does, as I leave the house, I check that all the cameras are online and everything, blah, blah, blah, blah, blah. Uh, get to the airport, get into the plane, land, and as one does, you check on your phone to see that you have connectivity, right? To see that everything that you put in place, you can check. And I see that two of my cameras are offline.
Panic in the streets. Yep.
and three of them are fine. And yes, I have more than five if you're counting. But, uh, the point is that right then I, instead of like freaking out and saying, okay, my basement just got flooded as soon as I left the house, I went to my email and I looked for any email that I had from the provider. And that's where I see, oh, there's a security thing going on with my provider. Apparently people have been getting the wrong thumbnails when they open their web access to their cameras.
And part of the treatment of the thing was that cameras were taken offline. And no, I was not a victim of the thing. Nobody has thumbnails of me that I know of out there in a compromised situation. My reaction to the whole thing was, eh, turn around and get another pina colada. Because at the end of the day, what can I do about it as a consumer, right? They're going to go and do their security things.
And the only thing that I can worry about is not putting myself into compromising situations in front of a camera that at the end of the day I have absolutely no control of.
Hmm.
after the first or second pina colada, who cares, right? I mean,
There's that too.
Lucky they didn't have a camera on that view of you drinking so many Piña Coladas.
if the cameras that were offline got caught in the rain, they wouldn't work because they were not the offside ones. But yeah, I digress. But my point is that even the, the, the, as a consumer, I would agree that fear would be a factor if those very smart people in marketing would decide that that's something that they're going to use to sell.
But I can't put two home camera systems, one against the other, and say this one is selling because it's selling itself as more secure, or is it selling itself as we haven't had a breach in the last year. So fear as a motivator, as a buyer, I don't think we're there. I think that there is still a bit of fear of the technology in general,
we'll take it, take it a step back in that, in that example, you, or that, what you were just talking about fear. as a reason to go buy something versus fear of the thing you're buying, right? So you're talking about, you know, camera A versus camera B because of their data practices and their track record versus why are the, why are the buyer, why is the consumer buying those cameras in the first place?
Um, so I know it's, we're sort of, now we're expanding the view of security out to physical home security and not necessarily just, uh, you know, network and application security. But, but so there's different, there's different levels of fear. The home security slash protect, you know, physical protection thing hasn't yet hit that peak or that wall or that cliff, right, that we're, that we're talking about.
But from a breach standpoint, from a data security standpoint, from a, I have no control. Do I need to fear it still? We've already run off, off the edge. We're like the lemmings running off the edge of the, of the cliff. Right. Um, because reaches happen all the time. Products get hacked all the time.
And we've chosen to consume those products, right? Like,
because we have no option.
Yeah. Who, who needs a smart toothbrush as
What even does a smart toothbrush do?
gets
us your dumb teeth!
Apparently Apparently it gets hacked in a buttnet, right? Oh,
fear as a motivator in cybersecurity again, because yes, there was this report and it started to make its way through the media that smart toothbrushes were being assembled into botnets and we're going to, we're performing distributed denial of service. And then it turned out it was bunk. It was just a complete fabrication. I don't know if, uh, ChatGPT may have hallucinated in an article and
you mean like it did earlier Earlier this week when ShatGPT went completely off the rails?
I thought it was finally the dentists of the world taking over.
that is, uh, that is a possible, uh, possible scenario, but it just, that, that's, that's really what brought it back to the forefront for me is this, there was this kind of attempt to generate fear. By saying that the smart toothbrushes were going to assemble into botnets and
The uprising.
denial of service,
Every time that you say smart toothbrush assemble, I got this Voltron image in my head.
ha, you're like,
coming together into this, like, sort of master toothbrush. I'M GONNA SCRUB YOUR HUMAN!
all of a sudden it's going to make you floss. You're going to floss!
I TOLD YOU TO DO IT EVERY DAY! NOW SUBMIT!
So listen, the hygienist told you, the dentist told you, and now I'm here to make you pay. And then the floss pops out, and the smart toothbrush.
Or you suddenly get 18 cases of, of, uh, of fluoride toothpaste that you didn't know that you need
Now gargle! But, uh,
That's a different type of attack.
no, but, wait, wait, wait, wait, wait. So, okay, so, that one turned out to be, to be wrong. Turned out to be an hallucination by Izzy. Either a LLM or, or a writer. But let's think for a second here, is, is there an ulterior motive that somebody would put that online as a rumor or as a fact actually, would, would that lead to something like, would it make people consider buying smart tooth brushes or not?
Would it make one brand of smart tooth bridges be more valued than the other because there was no, no, no breach on that one.
Well, think about who's buying those things in the first place. I mean, a smart to smart toothbrush co. So a regular toothbrush costs what? Uh, two bucks, three
Well, they give you one at the dentist if you go.
Right. And if you go to, if you go to a local grocery store, you can pick up a two pack for, you know, for a couple of bucks. So the people who are looking for smart toothbrushes are either super health conscious.
or
Well, well they are, they are super health conscious. They are super health conscious and have a lot of disposable income. Right. And so the question of, so first off, do they even know that they may or may not have gotten hacked, right? Do they have the consciousness, the awareness that that's a thing? Number
Oh my god, I'm about to be so offensive.
uh, you're gonna, your sociopathic tendencies are about to show up. Is that what you're saying?
Yeah, you know what? Let's leave that one to the last episode. Yeah, yeah, yeah. No, no, no.
Yeah, I mean, outside of the, why would anybody need a smart toothbrush? I think that's a, that's a discussion for a different podcast by maybe people that are medically trained or something. Maybe there's a good reason. Like, I don't feel like we're qualified to answer that question. I mean, my initial answer is, I don't see why anybody would need this. But it's, if we circle back around towards more of the fear, uncertainty, and doubt. Angle of it. I like where you were going with that, Izar.
And could it be a competitive advantage for one company over another? Could, could secure, could we weaponize security?
Or lack of thereof.
or lack thereof,
Or, or, or private or privacy, by the way, it doesn't
privacy or security, but could we weaponize it based on a lack of rigor? that a competitor applies to a given type of product. If you have a company that has the same product, are we facing a future where security is weaponized by companies against each other?
I, uh, are there FTC rules against that? I mean, you're making, you're making outlandish claims, right?
wait. Wait,
Well, I'm not claiming, I'm, I'm, I'm, this is a thought experiment more
no, no, no, I'm not, I'm not saying you're, I'm not saying you, I'm saying the companies that would be making these comparisons might be making some fantastic claims, right?
Yeah. Like in
we didn't, yeah, we didn't get hacked. We didn't get hacked. And so you should buy our product, but that doesn't mean we're not susceptible to that.
if we go back to Sony, MGM, or any of the big companies, big breaches, and look at their stock price. I myself have been using that as FUD for a long time to tell people, Hey, if you get breached, you're going to have an impact on your But I think that somebody did a study and turned out that not to be so
Not
It dips for a very big, like for a bit, but it goes right back.
I mean, it used to be like, remember the Target breach that we all lived through? There was a big consumer. I remember people that I know that had no knowledge of cybersecurity saying, I'm not going to shop there or I'm bringing cash with me. So there was definitely a time period where that level of incident resulted in lower reputational damage and a lot, a loss of customers and sales. I think those days are
the same way. Yeah. TJX had
That was in the same vintage, though, right? It was in the same year or two. I don't think that happens anymore. I think that's, that's, we're so far away from that because people are just, this is the numbness. I heard somebody describe this as data breach numbness,
so it goes back to not being sensitive to it anymore. but not because people don't care about their data being out there. It's just that right now they are just assuming that at some point the people who hold their data are going to get bought. It became a fact of life.
pretty much. And, and by the way, we, it's probably that, that stock, you know, if they're publicly traded, those are, that's sort of baked in, you have SEC filings now that talk about this sort of stuff. Um, and I wonder if we need something like GDPR, right. Which has pretty sizable financial impact, you know, for, for an infraction. Right.
Uh, you know, multi, multi, millions, hundreds of millions, if not billions of dollars of potential impact that would have serious impact on, on a bottom line.
But,
That's, that's
don't want to go here, but I'm going to go here just for a second. And then we might have to put this on the shelf for a future debate discussion after more research, but. I'm going to say something that may not be that popular, but I don't think GDPR actually did very much at the end of the day. Yes, they sued Facebook. They went after Google in the early days, but did it really move the needle? Our companies is, is individual privacy better as a result in this, on this globe because of what
think the answer is, and I'm not, I'm not the expert. Uh, I'm still learning about these sort of things, but I think, I think the answer is yes, but not because of the financial impact. It's more of, it's now in people's minds, and you have, consumers minds,
products.
yeah, and you have, and you have not just GDPR, now you have, you know, uh, you know, the patchwork that is the United States, and you have other, other countries that are jumping on board, and so it's becoming more in the, in the common, common view that this is important, and not necessarily that the hundreds of millions of dollars of Facebook and Apple and Google, whoever get hit by, uh, you matter as much.
So, Chris,
naive view there. Okay,
more you just did. And I'm just going to say, if people are at that point in their lives where they are not sensitive to this anymore, I think that's and I'm looking at the mirror when I say that, I think that means that we suck. Yeah. We as security practitioners, we suck.
that.
Tell us more. Tell us more. Like, what do you, what do you mean? What do we?
if people are at a point where they actually expect things to be breached, then it's just because we haven't been done our work well enough, and breaches are so commonplace that not being breached We discussed if being breached is, uh, uh a disadvantage, and that leads me to not being breached being an advantage, and it's not anymore. So,
not a differentiator
it's not a differentiator
Well, it's expected to be a matter of time. It's not really, uh, it's sort of a foregone conclusion that it will happen.
Yeah. I guess as a society, we've, we've accepted this as normal. That,
There's nothing normal to this.
the things that we use are, are not infallible.
There's nothing normal to this stuff. It shouldn't be normal.
off the puppets already.
But it is, it is, that's, that's the reality that we live in. And I guess, have we failed as security professionals? Then that's kind of where you're going, Izar, as you're saying. Did we put, did we fail as a, as an industry? Like, we can't really, we won't, you know, we're not going to call ourselves out specifically as like, it was all our fault.
it's all the, it's all the ops people. It's not us. I mean,
Yeah, exactly.
Thank God it's Friday. Now I can have a whole weekend for an existential crisis.
Where's the piña, where's the piña colada now there, buddy?
Do you like pina coladas?
in the rain.
in bridges in the rain. Oh, we have to do something with those lyrics that we have.
Our new hit single, Breaches in the Rain. So, alright, well this, now that we've left Izar with an existential crisis for the weekend, I wanna, I wanna give, I just thought of another angle on this that I wanna get, I wanna get, uh, your take, both of your takes on this. Because I think this is still happening. What I'm about to describe is still happening, and it gets called out a lot more now. So you may know where I'm going with this. But there are still salespeople.
that use fear, uncertainty, and doubt, and the misfortune of competitors as a lead generation technique, or as a way to reach out to people. And so if a company has a breach that's like, say, a cloud, let's just say, and I don't even know if they've had breaches, I'm just going to say a cloud storage provider has some type of security incident in the news.
Account executives from the other, their, their nearest competitor will start emailing people, emailing prospects and say, well, hey, we, you know, you probably saw what happened with company A. Company B, we take security seriously. And we invest in it. And, and, and I'm not making this up. Like it used to happen all the time. Like I can remember a day, 10 years ago, 15 years ago, where this was the normal sales approach that would happen. It was the ambulance chasing of the world.
I don't think it happens as much now, but I, it still happens. Now we're better as an industry when people will call people out and start publishing their, uh, these types of approaches, but I mean, what, what, have you guys still seen this? Have you seen this happening in the marketplace?
I've seen a bit of what can we learn from XXX. And then the, uh, the answer part is, is that we are better, but, uh, that there is, uh, I have seen some hooks coming in as postmortems or let's see what went wrong there that would never happen with us.
So it's like more of a soft sell now. It's not as, it's not as confrontational, but it's still the same. They're going for the same outcome.
I think that they took the schadenfreude out of it and, uh, that they're not revealing so much into the failure of others. And it's taking a bit more of an educational tone of what can we learn from that. Which, by the way, I'm all for. I just don't think that that, um, that would make me buy something.
Now, are you talking about, you're talking about the corporate sales and, and sort of as, as a practitioner, does this translate, are you seeing this translate to out in the real world? Like, I mean, most people don't buy direct from security vendors. But they may buy, they may get pushed. I mean NordVPN and others, you know, push VPN software all the time. But they're using the general state of security as the, as a selling factor.
And the consumers, you know, they get, they get some fear and uncertainty and doubt. Are you sitting at your, at your local coffee shop? And are you gonna get popped because you're in, you know,
Which is the biggest bunch of bunk these days, right now. I wanted to unpack that, but I went to the enterprise, though, to answer your question. I kind of set this stage up. I, without telling anybody, I switched our focus from consumer, the consumer side of this, to the enterprise. Because obviously with consumers, you don't have account executives that are, that are reaching out to consumers and generating, using fear, uncertainty, and doubt as a sales tactic. So we've kind of, we've kind
actually
but they do.
it's what Matt just mentioned. But I think that the point there is that we got to a point again because of the, the The general state where the public's head is regarding security, that people are, people are at the point where they say, I need to have a toothbrush, might as well be a smart one, meaning I need to have this minimal amount of cyber hygiene, might as well get a toothbrush. the latest VPN that says that it's, I don't know, they have points of presence in 300 countries.
So I can move myself over there. Just, just off the top of my head. But I think the math is right, that there is still some FUD going around in terms of what do you need as a minimum practice of cyber hygiene. And while I totally, I think that everybody should be at least minimally educated in that. It's a survival trait today. I am not sure, again, that people have the enough understanding of the problem to say this one is better than this one. To
Yeah. And actually, you know, just on that, I guess, just to, to take that a little bit further and here's the general question for you. Would you, would you, do you think we, you need to buy something in order to be secure,
be or to feel.
be
Consumer or enterprise?
consumer, consumer, consumer, and, and, and is more, is more better.
Is your definition of you, Izar or I, or a
Put your consumer, put your general user, put your, put your parents, put your, your kids, put your whatever hat on and, and think about them. Do you have to buy something or do you have to pay more for something for it to be better
Or
when it comes to, when it comes to security? Yeah. So things, things like, like things like a VPN, right? You can pay two bucks a month or you can pay, pay 20 bucks a month.
I mean, I think that's the model that exists in the marketplace. Like, let me give you an example. So I use these Eero routers that are, it's now an Amazon company. I just,
And that's, that's a mesh router
Mesh router system. The simplicity of it is just brilliant. Like I used to be a network, uh, person and I used to love wiring my house and making connections. Now I just want the stupid thing to work. I just want to plug it in, just make it work, stop not working. And so, but in with Eero, I have to pay an additional fee for their advanced. Advanced security. We put that in air quotes and that gets me like threat, uh, intelligence blocking of things. It gets me ad blocking.
It gets me some things. It's just a software feature, but I recommend other people do it too because like, it's very seldom do ads get served up on my network here to any device that you're using because they just block it. But it's, so I think, but I don't know that maybe, maybe normal people don't take that step and pay that extra money because they don't see the value proposition. I know for me, I looked at it and looked at the list of features. I'm like, done.
Of course, I want that level of, you know, malware bots. They're doing all the threat intelligence stuff behind the scenes. And then the device just knows don't accept anything from this IP, these IP addresses or whatever, you know, but I don't know, maybe the, maybe normal, I call them normal people that don't have security superpowers. Maybe, maybe they don't. Maybe they look at that and they're like, eh, I don't want to pay the extra money. I just want the thing to connect me to the internet.
I mean, people are always annoyed at ads, but is it dangerous in their, in, you know? And do we have uncertainty or doubt about dangerousness that would drive fear? Right? Fear is a response to those other two things. And so you have fear, which is why you pay. But others maybe not, don't have that, that level of understanding yet.
Yeah. Yeah. I mean, where would they get it? Right?
Well, they get it from people, they get it from commercials saying, Hey, you know, you're going to, your home wifi is under threat. Go,
I don't want to get, I don't want to get, I don't want to ever, I don't want to ever get political on this podcast, but the media, like we're in an age where. It's challenging to, to, to know who you can trust that's
Oh yes,
because everybody has an agenda. Everybody has an opinion and it's not the days of old where the news broadcaster on TV was a trusted source of, of, and everybody just trusted whatever they said. Now they could have been lying through their teeth to us, who knows, right? But there was a trust that existed with that.
We don't have, that concept is gone, at least in how I perceive the world, and so there is no source of truth that can speak to the masses about security, and give them, and give, and let people know what the real threat is, like if any, and then we're back, we're circling back around to attack toothbrushes, right, that's what happens, is we just, people throw out all this crap, you know, somebody gets up with an idea that, oh, and then, you know, People have become so numbed because they've
been, they've been, it's been hyped up for so long that it's the chicken little problem, right? How many times do I have to hear the sky is falling where I'm just like, you're full of crap. The sky's not falling. It may actually fall and land on top of me, but I've heard it so many times that I don't, I don't, I'm, I'm numb to the concept that the sky is falling.
Well, and we see, we see, I mean, from us as security people, right. We, we know how to. Get cut through that because there's people we trust to talk about this sort of stuff, right? I mean, we've talked about Bob Lord and CISA in the past and, you know, Bob's had some pretty high profile posts about, you're not a danger at your, at your local, you know, cafe, internet cafe or coffee shop, right? It's, It's FUD. And, and, well, maybe, maybe not.
Uh, but, you know, but we, we have, we have the tools to help cut through the FUD. The consumer doesn't, right? They see that, oh my God, my, yeah, they, they see my smart tooth, my smart toothbrush is at risk.
Yeah. Yeah. And like,
what do I do?
I mean, Dan, Daniel Misler iss, the one who posted the, in the initial response to the toothbrush thing saying like, I don't think this thing is, I don't think this is right. And that's somebody that I've read a lot of his stuff, I followed him for a long time. I'm like, oh, now I'm, I'm all of a sudden looking at things closely going, like, if Daniel Misler said that's he did analysis and this is what he figured out, this isn't true.
But yeah, to your point, like Joe, consumer, Jane consumer doesn't have. The net, the, the insight that we're able to glean. And so that's why they're numb to these things. Cause there's just, there's nothing else they can do. They can't hear the sky is falling anymore.
And to your early point, the sources that they're getting the information from are not making those connections either. They're not following up. Oh, a prominent security researcher said this is bunk. That story we told you yesterday? Yeah, probably ignore it.
Yeah.
you know that it almost starts sounding like a way to DOS people, like we know that there's a lot that we see on the media and whatnot. that tries to divert attention. But if you really want to keep people busy, keep people occupied somewhere, not only like 15 minutes of them paying attention to something, but causing them to actually ask those questions that Chris asked in the beginning.
What in your house could be, or Matt, I don't remember, what could be hacked in your house and actually serve as something? You know what, it would give me pause, it would make me for one hour go around and say okay do I have the latest firmware and everything and is my router closed and this and that and the other one so yeah it's it's a great idea to get people's attention away from things.
Yeah. And as we're coming to the end of our time, it just makes me realize we don't have any single trusted source that has legitimized themselves to the masses about cybersecurity. Who? Oh,
crebs.
Yeah, but Krebs is dense reading, nobody's going to take the time to
yeah, it's not, he's not mass market. He's not somebody
No, his not. No, no, no.
that.
I mean, Hack 5 maybe, right, as a YouTube video, but you have to be on YouTube, you have to know what you're looking for, and they're
I'm just thinking about, it seems like in other parts of the, of society, there are people who stand up and kind of hold that, uh, responsibility for us for trying to educate in a certain area. And cybersecurity is just one of those things that no, but there is, there is no trusted source. If you, if we went to, uh, if we went to a mall, there'd be nobody there.
If we went to a shopping center that had various, uh, like, uh, you know, uh, a Target and a Home Depot and whatnot in it, and we asked 10 people just randomly, just walking out of their cars, presuming they would talk to us. Some of them would just run away, but presuming we could get 10 people to answer the question, what, who, who is a trusted cybersecurity source for you? I don't, I think we would get nobody. I don't think they would answer. I think they
You know, we, we need, we need the cyber, we need the cyber or application security equivalent to Neil deGrasse Tyson. You're a personal astrophysicist? Well, we need your personal cyber, cyber person, right?
No,
nobody's
missing something. No, there is, there is. We're missing someone.
who, I
Who?
I don't know, I got something, it's not Schneier, I got something in the back
the closest one is those guy, like Leo, the guy that does the pod, he's done the podcast for like 10, 20 years at this point. Leo Laporte, maybe, or something like that. I think he had a radio show at one point.
That would be the closest to a, but see, you guys don't even know who I'm talking about, so it's not, he didn't, he never reached a mass, I think he reached a technical audience, legitimization, if that's a word, and, but never a mass market type of thing where everybody, everybody was willing to say like, this person knows consumer security
We need a, we need a, we need a Neil deGrasse or we need a, a, a Bill Nye equivalent, right?
Yeah, I was thinking Bill Nye, yeah. But we should ask, we should ask Degrassi in here, so that he can explain to us how we get that.
I'm sure he
Okay, let's get on it.
He did Joe Rogan, so, I mean, if he'll do Rogan, he'll probably do our show. I mean, we're
If you're out there and you're listening to us and you have a connection to Neil deGrasse, let us know. We want him here.
Or if you know him, just text him. Tell him to
Yeah,
that too.
Anytime, we'll, we'll make it
I mean, you know, actually, there is one per there is one person, maybe, uh, there's two, actually, sorry, there are two, but again, they're not mass they're not mass market, I guess. Neil Stephenson, who talks a lot about sci fi, and then you have
Oh, he's up here. Both
Doctorow.
of them up here. Way up here.
they're not, they're not mass market, though, to you, like what you said. They're, they're known quantities, they're smart people. they don't, I'm thinking about, like, who should be on the Today show talking about public Wi Fi security. Like, there is no person, there's nobody that's filled that gap that's, that's bridging the gap between large and small technology companies that are putting out products and the consumer.
So we've got an opportunity for anybody listening out there who wants to become the cons, we'll help you with the branding, we'll come up with it, we'll make a podcast for you, we'll get a website, a Twitter.
but we, we, we are this. We are still, we are in this field where as soon as somebody raises their head to take that place, they're going to get bombarded from all sides with Oh, but you didn't mention this! Oh, but you forgot this edge case! Oh, but that doesn't work in this! Nobody's going to have the energy to deal with that.
It'll take a special person that would be able to do this, that would just be able to ignore
Yeah, Iron
nonsense. Yeah,
we, again, we need, we need Neil deGrasse Tyson to, to help us because he's, he's done it for astrophysicists. How, how bad can it be for cybersecurity?
how could you explain, how could you make it so that
Does he get pelted by astrophysicists all over the world saying I know better than you? I know that he does by people who have no clue, because that's a really fun read, but
Alright, well,
we need, or we need Cybersecurity Mythbusters edition or something, you know,
that could be an idea too, but I think
let's, let's, let's go there, let's go
done some of that, we've done some of it before on this show already, we've busted some myths and whatnot, but I think we're, uh, we're out of time for today. It's another one of those episodes where I feel like we maybe just made the problem bigger without solving anything. Like, yeah, so you'll be, now
9, 8,
you could schedule it for, you know, well, you know what, you don't really want to ruin your weekend, so you might want to start it now and maybe it'll end midday through Sunday, but you know, it's all good. But it's, this is good. This is the type of stuff that's, it's fun to explore. These various avenues and see where we land. So, Matt Coles for Cyber Security Czar. That's, and he just waved to accept it. So,
Yeah, because you can't have Izar for Izar. It's too confusing.
Oh, That's true. If we could use those two words together, your
I'm Matt. I'm your, I'm your personal cyber consultants. Yes,
I like that. That's good branding. All right,
Wait, no, no, no, no. Now it just reminded me. Who was it that was cyber consultant for the stars? It's somebody that we know.
is.
Yeah, somebody that we know had
Michael, Michael Lodenthal that, that spoke He, uh, he did a lot of work with famous people, politicians and stuff about personal security. But once again, it wasn't public. It was more from a one on
Yeah, yeah, but somebody had that moniker. Now this is going to drive me nuts.
Maybe it was you this whole
No, no, no, not me. Not me. No, no, no, no, no, no, no, no,
All right. Well, hey, hey folks, thanks for listening to another episode of the Security Table. We'll be back next week with more MADCAP fun.