Thanks to our listeners for joining us on this journey, and we look forward to providing you with more impactful cybersecurity content over the next year.
One Year of CyberSound
Listen to this episode on
This is CyberSound. Your simplified and fundamentals-focused source for all things cybersecurity, with your host, Jason Pufahl, Steven Maresca and Matt Fusaro.
Jason Pufahl 00:14
Welcome to CyberSound. I’m your host, Jason Pufahl, with Matt Fusaro and Steve Maresca, as always.
Steven Maresca 00:20
Matt Fusaro 00:21
Jason Pufahl 00:21
So it’s been a year, and a whole year. So today’s a variety of things, right, where I think we’re going to talk a little bit about what we learned about podcasting over the last year since, frankly, I think that’s gonna come up even in some of this. None of us had ever done a podcast prior to this. None of us has ever set up any of the technical stuff that is needed to produce it. This whole thing was new, right from the start. And it’s interesting. I think the first thing that I’ve learned is it takes a lot of time. And I think as evidenced by the fact that we still haven’t officially added Matt to the “Welcome to CyberSound” blurb at the beginning, because it feels like each time we sit down to record, we’re kind of run-in, we’ve got our scripts ready and things that we want to talk about, but it always feels like it’s the 11th hour, even getting all this stuff together.
Matt Fusaro 01:17
Once I’m in the intro, though, that means I gotta stay.
Jason Pufahl 01:20
You’re still on the fringe? You’re not committed officially? For me, I think it struck me over the year just how much work it actually is to put on a good podcast, it is a lot of technical effort, collecting the content, doing all of the editing, promoting it. You know, we’ve hit 2,000 downloads, which is cool. But then ultimately, that probably means we’re closer to you know, say 40 to 50 per episode, which is lower than I’d like, right. I don’t think that we’ve gotten the ears on this that I’d like and I think we need to do a lot more promotion. I mean, that’s certainly a takeaway for me.
Matt Fusaro 02:05
Yeah. This content is always hard to present to people, right? Yeah, a lot of the times we’re getting into the technical weeds of some stuff. So we’re doing our best to make it entertaining. Get it so people that they can consume what we’re talking about, this isn’t an easy topic, for sure.
Steven Maresca 02:22
You know, some of that is simply tuning to our particular audience, which has shifted a little bit as we’ve progressed. Certainly, we’re responding to some degree in terms of shares and viewership and you know, the episodes that actually perform better, but we’re still finding ourselves even today.
Jason Pufahl 02:42
Yeah, and no offense to Steve, adding Matt helped. Three people, it makes it more conversational. I think, really at the beginning, the first four episodes were pretty rough, I’d say from a production standpoint, because we really had some bush league equipment in here. I think you and I were kind of getting a voice a bit, and it wasn’t too far. I mean, you’ve probably been in what 40 of the 50 podcasts, I would guess, I mean, it really wasn’t long before you jumped in. Yeah, it was quick. But, it was better, that having three people really changes the conversation.
Steven Maresca 03:19
Yeah. It’s an improved dynamic by far.
Jason Pufahl 03:21
Yeah, no doubt. So I think that was definitely good. It actually gives me some real respect for the folks who do produce their own podcast and they’re their own person doing it. That’s a lot of work.
Steven Maresca 03:34
I’ve learned one specific thing; I detest the sound of my own voice.
Jason Pufahl 03:39
I love the sound of your voice.
Steven Maresca 03:40
Oh, thank you.
Jason Pufahl 03:44
I do, I don’t know that I necessarily prefer having guests, but I do like adding sort of that element as well. So I think the fact that we mixed guest speakers in with just stuff that we’ve done on our own, it’s actually been a nice mix. And most of those have gone, I mean, really well. People seem interested in doing the podcast, which is kind of fun, that’s unexpected. I didn’t expect pretty much every single person we ever asked to do it to say yes, I thought there’d be more resistance to it. But that, I think people they like the idea of getting on air.
Steven Maresca 04:16
Certainly for me, those are the more interesting topics and interesting conversations, because we don’t really know where it’s gonna go and half of that is the fun.
Matt Fusaro 04:27
I think we need to fight more.
Jason Pufahl 04:29
We do need to, we do. Yeah, we don’t disagree.
Matt Fusaro 04:32
Yeah, we agree on everything all the time, it’s so boring.
Jason Pufahl 04:35
Trouble, we don’t agree when we’re off air. So I don’t know why.
Matt Fusaro 04:39
I know that’s true. We come on here and all of a sudden we have the same ideas.
Jason Pufahl 04:42
We’re all so pleasant. Yeah, so that was the dinette, the being sort of enthusiastic and dynamic sometimes is a little tough, especially when you are actively doing client work, and you’re like, I’ve got to get a podcast in the next hour and you’re shifting, so it’s not always easy. This isn’t our full time job.
Matt Fusaro 05:01
Yeah, I’d say that’s probably, believe it or not, the hardest part about this, right.
Steven Maresca 05:05
Absolutely. Getting in the right headspace is really difficult at times. We may prep a week prior, but that feels like a month and a half, depending upon what, you know, comes in between, man.
Matt Fusaro 05:18
Yeah, we’re jumping in and out of meetings in between recordings and whatnot. It’s interesting.
Jason Pufahl 05:24
But, it’s been fun. Personally, I’ve enjoyed it. I mean, I think it’s a neat thing to do. I really am committed this year to promoting it more. I think if we get, honestly, I know, for me, if we get more ears on it, it will feel like a better use of time. Because every once in a while, I’ll roll in thinking, alright, here we are again. But how do we get more people to listen to it? And I think that’s got to be a key thing coming into the next year.
Matt Fusaro 05:46
You know, hopefully, we’re making content that’s useful and going to make some waves, hopefully.
Jason Pufahl 05:52
So I would say, we did start this thing, we don’t want it to be a marketing heavy thing, right? We don’t want to promote ourselves, we don’t want to promote products. And I think we’ve really done a nice job staying true to that. We haven’t avoided it altogether, and I think that’s fair, too. But really, we have aired on the side of education and trying to produce content that you know, people might get some value out of, and I really think we’ve done that.
Matt Fusaro 06:14
Yeah. I mean, I know we try to avoid promoting products, but sometimes it’s good to let people know, hey, you know, these types of things are out here, here are the vendors. I think a lot of people are scared to like name a solution a lot of times and I think that just adds to confusion a lot. And I think it’s okay, that we bring it up every now and then.
Steven Maresca 06:34
I agree. But plus, it’s undeniable that we have some favorites, personal or organizational. You know, there are some key players in the market, it seems silly not to mention them at times, but you know, all the same. You know, if I mention one, I’m going to be careful to mention a competitor and say, hey, they’re both appropriate, perhaps for your org depends on each, you know, that sort of thing. That balance is important to me at least.
Jason Pufahl 06:58
So, we do have, and none of us have seen it, right, so Danielle, who is new to the Vancord team, who is assisting with all things marketing, has put together a list of what six or seven different podcasts snippets for us to hear, and then maybe sort of react to, so I don’t know what they are yet. And so she’s gonna play those and I think we’re gonna start with one now. From Episode Seven; the Silver Bullets vs. Snake Oil episode, which I don’t know that it included Matt, I think that was maybe just a Steve and me. So, let’s see what we got.
Steven Maresca 07:37
You’re saying a variant of what I did a moment ago.
Jason Pufahl 07:41
So I’ll touch on two things. So one, I love to regurgitate things that you say so. So I have no shame in that whatsoever. So listening to that, I think there remains a lot of truth in that content. I’m good at listening and digesting and maybe sometimes paroding something back. I’m okay with that, I have no pride.
Steven Maresca 08:03
We’ve done our share of co-speaking at presentations and so forth over the years, we have a tendency to sort of, I don’t know, ping-pong toward a point. Yeah, that’s part of the problem.
Jason Pufahl 08:14
And I think that a lot of that comes from a long history of working together. I mean, we do it when we write, and we certainly do it when we speak, no doubt.
Steven Maresca 08:22
It can be a good thing.
Jason Pufahl 08:24
I hope so. Alright, so I think our next episode is Episode 21, which probably actually is my kind of my favorite, which is the How Does Santa Really Know What to Bring You? And actually, I think that remains our highest downloaded episode. So not just my favorite, I guess.
Steven Maresca 08:45
Yeah, when we hit more, more lighthearted tone, and it just makes things a little easier. More fun for everybody.
Jason Pufahl 08:53
So, Santa though, he’s jumped into the 21st century, we all know that. He clearly knows when you’re sleeping and when you’re awake. I mean, it’s something he’s been concerned about for a long time. He put a lot of effort into collecting that data. I’m curious to know how we actually get to that. Do you guys have any insight in that at all?
Steven Maresca 09:15
Well, you know, the elves have a health and wellness division now. They make the Sleep Number beds. So you know, they know exactly when you’re sleeping, whether you’re uncomfortable whether you’re hot, whether you’re cold, you know, makes sense. They know when you’re sleeping.
Jason Pufahl 09:28
So are they tracking that somewhere, though? Or where’s that data go?
Matt Fusaro 09:33
Well, that’s a good question. We’d like to think we know where that stuff goes. And that stays on your phone, or at least within that company, but we know that’s probably not 100% true. And, you know, I’m not a lawyer, so I haven’t read all the terms and conditions that all the elves have been writing. Yeah, that episode was fun.
Jason Pufahl 09:56
It was, but it was also a lot more to plan than some of the others in some ways, right? Because we really had to think about how to be a little bit creative to drag in technology and couple it was up like that. I think we should, we should try to find ways to do that more more often, I think every single time, right, takes away from the spirit of what we’re doing, but quarterly or something, tie it with a holiday,
Steven Maresca 10:19
Or just let out the inner goofball a little more.
Matt Fusaro 10:22
Yeah, I think we should qualify Jason’s planning. I’m pretty sure that was, we were pulled into a conference room for about 10 minutes, we gotta figure this episode out.
Steven Maresca 10:35
The usual line from Jason is, oh, I didn’t spend any time thinking about this. Let’s go! Okay.
Jason Pufahl 10:44
So that’s fair enough. So maybe we need to plan just that amount over the next year. Alright, so the next one, Episode 46: Revisiting Cybersecurity Fundamentals.
Steven Maresca 10:59
So, let’s take a step back. What do we mean by fundamentals? I mean, I hear that, and I think, steps that every single person or organization needs to take to fulfill their minimum defensive expectations for security.
Jason Pufahl 11:16
And, I would argue, if we go through this list, almost all of them can be done for free. You know, there’s a couple in here that I think that probably might have a cost, it might be a little bit more robust than your home user. But for the most part, cost isn’t a barrier to doing this. It’s just a matter of making sure that you’ve got the sort of operational maturity, or at least some routine built in to do these things,
Steven Maresca 11:41
Or just forethought, which is, you know, half the battle.
Matt Fusaro 11:45
Yeah, making sure you’ve got a process to do this. And next year spending time on it, someone following up and saying, hey, did we do these things this year, or this month or this quarter? Whatever it is.
Jason Pufahl 11:54
Right, and, you know, this year sounds long, but the reality is, in some cases is hey, at least you did that last year, right? Which is better than not doing it at all. Alright, so we’re all comfortable saying every single person who’s listening to this, it’s a valuable podcast, because it’s something that you can do, personally, at your workplace, whatever it is, but everybody needs to be doing this.
Steven Maresca 12:14
This is the preventative maintenance on your vehicle, or your health kind of conversation for security.
Jason Pufahl 12:20
I mean, let’s face it. We all agree with the things that we brought up the first time we did it, we weren’t happy with it when it was recorded. We wanted to run it back and every single thing in there remains true today.
Steven Maresca 12:33
Yeah, that was a rerecorded?
Jason Pufahl 12:35
That was a rerecording.
Steven Maresca 12:36
Yeah. I mean, just for people’s awareness, we do that with some degree of frequency when we know we’ve fallen flat ourselves, it does produce a better outcome.
Jason Pufahl 12:44
Well, our first episode was the fundamentals, remember, that was the one that really sounded like we were in a tin can. Yeah, I mean, all that’s true. And, you know, listening to it, the one thing that jumped out to me is, we certainly all sound different, right? I think we have different inflections, we have real different tonal qualities, it should be easy to pick out who we are when when people are listening, I think. So now we’re going to turn to Episode 43, which actually had a guest star Lynn Friedman from Robinson+Cole, What Would You Do? The Value of Acting Out an Attack.
Lynn Freedman 13:20
Anytime a company is really talking about vulnerabilities, talking about paths that they would take in scenarios and in security incidents, talking about maybe some weaknesses in their plans and in their procedures, you want to protect that in the event that down the road, there’s an incident and a company gets sued, because all of the information, you know, discovery and litigation can be very, very broad. And part of that could encompass your preparation for a security incident, what policies and procedures did you have in place? Did you test, did you audit? Were there findings? All of these things, ultimately, may be discoverable in litigation. And usually, if you’re upfront and honest about and transparent about your weaknesses, if that’s in documentation, it can be used against you in you know, in the future, if you’re in litigation.
Steven Maresca 14:35
Yeah, she was a good example of a really valuable guest. It’s not often that, you know, that perspective comes into information security from true practitioners. So her being an actual legal counsel is very helpful. I think part of our function here is bringing in those outside perspectives because otherwise it’s too easy to be mired and not see the forest through the trees, even for people who are sufficiently skilled at this specialization.
Jason Pufahl 14:35
That was all Lynn.
Matt Fusaro 15:09
Yeah, I agree. And I think that kind of highlighted the value of bringing in those guests, right? I mean, we try to be experts in a lot of things. Being a security expert, you end up having to learn quite a few different disciplines, legal being one of them, but it’s nice to have someone with her perspective on those things.
Steven Maresca 15:28
Yeah, there’s a danger in being a hyper-specialized generalist.
Jason Pufahl 15:33
I mean, I’m just surprised how often we have to sort of move into that legal space or the, you know, interpretation space, and, you know, things that when we started this a long time ago, it wasn’t a thing you thought about, it was all about, you know, speeds and feeds and controlling data, and now, it’s, you know, a lot of our podcasts are regulatory compliance, assessments, legal, etc.
Steven Maresca 15:57
We are reflecting the maturation of our industry, you know, architects, they’re PE’s, they are certified engineers, that is nothing like the cybersecurity industry or computer industry in general. And that’s the path.
Jason Pufahl 16:15
So we’re going to segue into Episode 37, which was The Ins and Outs of Cyber Warfare. So I’m really curious to see what comes to this one because I remember we spent a lot of time talking about how we’d want to position this one.
Steven Maresca 16:26
Exactly. The speed of information travels, what’s the adage? Truth flies more slowly than falsehood or something to that effect. I’m butchering it. But the point remains, right.
Jason Pufahl 16:42
That sounded like a Steveism.
Steven Maresca 16:45
A poorly paraphrased idiom?
Matt Fusaro 16:47
Yeah, that’s about right. Typically from 1900.
Jason Pufahl 16:51
Something like that.
Steven Maresca 16:52
I think you’re a little too recent, 1830?
Matt Fusaro 16:55
1800’s? Is that your sweet spot?
Jason Pufahl 16:57
I mean, there’s been a couple of conversations in preparation for this, where I know Matt and I have looked at each other saying, we have no idea where Steve’s headed with this. Like, what is that idea?
Matt Fusaro 17:07
Yeah, sometimes it’s a good thing that these things are pre-recorded.
Steven Maresca 17:11
It is worth kind of pointing out that we are thinking out loud when preparing to each other, and that can take many different forms.
Jason Pufahl 17:18
It’s fair, you do more thinking out loud, maybe than we do for some of these things. But yeah, but that’s a good one. I mean, truth does flow more slowly than,
Steven Maresca 17:28
I want to look that up now. Hold on a second.
Jason Pufahl 17:31
You better do it quick.
Matt Fusaro 17:33
It’s bothering you that much, huh?
Jason Pufahl 17:35
He wants to know, now we have to get in there.
Steven Maresca 17:38
That there are many variants of that one. I can’t find it easily. It doesn’t matter.
Jason Pufahl 17:43
That’s fine. Alright. And Episode 18; Automotive Hacking, Should You be Worried? Or Dude, Who Stole My Car? I think that was yours. You’re always a good one for coming up with a creative, alternate title. So how much do we have to think about that though? So I’ll speak for myself. I can’t wait for the truly autonomous vehicle where I can just sit there and be driven to work, right. And I think there’s so much good to come out of that space. I think about older people who might not want to have a license actually then just move forward with an autonomous vehicle so they can actually get driven around. There’s some real benefits of this stuff. I would argue that the risks far outweigh or sorry, the benefits far outweigh the risks. I hold true to all those statements. And I still can’t wait for the autonomous car.
Matt Fusaro 18:38
I don’t know if I want you as an old person being carted around everywhere.
Jason Pufahl 18:44
Do you want me as an old person driving?
Steven Maresca 18:45
He already can’t hear, it’ll be a little safer for everybody when he’s sure no longer able to see.
Jason Pufahl 18:48
It is true. There was a cricket in my garage last night. And I kept being told to go get it. Like I can’t, I can’t hear it. I have no idea where that cricket is. So a few of our favorites, I guess some items that maybe represent the way we speak, the way we prepare the different topics that we sort of convey, I think, you know, segwaying into things like autonomous vehicles and some of the security risks there. You know, we really did try to find intersections of modern IT or societalized IT and security, which I think it’s cool. I mean, 50 episodes, we’re getting better, I think at finding, you know, sort of the topics and figuring out what actually is relevant or resonates. We do plan to some degree, right? It’s just amazing how often we do roll into these just knowing it’s gonna be a conversation and trying to figure out where it goes.
Steven Maresca 19:48
I think I aim or we should aim to do a little more storytelling. Those are the more interesting conversations that we have when speaking in front of people and you know, there’s a real challenge in transforming that into something where you don’t have an audience that can react to you in that moment. But we have a lot of really interesting stories, whether we can share them or not is an open question, but you know, at least sometimes, it’d be worth doing.
Matt Fusaro 20:15
Yeah, that’s always a challenge is that sometimes we just can’t talk about some of the things that we do to protect the innocent, if you will.
Jason Pufahl 20:22
Yeah, it is true we’re not theoretical, we are practitioners. And we’re having conversations, sometimes crazy ones with clients all the time. And just experiences that are worth relaying. And I think the stories are typically more interesting, no doubt about that. So here’s to another year that’s upcoming. Get some more ears on this, maybe get a little bit more lighter, more lighthearted. And see what the next year brings. But it’s been fun for me. And I appreciate that both of you have been willing participants throughout the entire year. So thanks for that.
Matt Fusaro 20:55
Yeah, it’s been great.
Steven Maresca 20:56
The groaning has nothing to do with it.
Jason Pufahl 20:58
Nothing to do with it. Alright, guys, and on that, just intended roll back a little bit of what we did for the past year. We hope people enjoyed it. We appreciate all of you who have listened to for the last year. And if this is your first one, we’re looking forward to having you as listeners going forward. So thanks.
We’d love to hear your feedback. Feel free to get in touch at Vancord on LinkedIn or on Twitter at Vancordsecurity. And remember, stay vigilant, stay resilient. This has been CyberSound.